If used with fopen(3)/fdopen(3)-ed FILEs, stdio accurately uses
non-cancellable internal versions of the functions, i.e. it seems to
be fine with regard to cancellation. But if the funopen(3) and
f{r,w}open(3) functions were used to open the FILE, and corresponding
user functions create cancellation points (they typically have no
other choice), then stdio code at least leaks FILE' lock.
The change installs cleanup handler which unlocks FILE. Some minimal
restructuring of the code was required to make it use common return
place to satisfy hand-rolled pthread_cleanup_pop() requirements.
Noted by: eugen
Reviewed by: eugen, vangyzen
Tested by: pho
Sponsored by: The FreeBSD Foundation
MFC after: 2 weeks
Differential revision: https://reviews.freebsd.org/D11246
reallocarray(3) is a non portable extension that originated in OpenBSD.
Given that it is already in FreeBSD's libc it is useful for the cases
where reallocation involves a multiplication.
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D9955
Renumber cluase 4 to 3, per what everybody else did when BSD granted
them permission to remove clause 3. My insistance on keeping the same
numbering for legal reasons is too pedantic, so give up on that point.
Submitted by: Jan Schaumann <jschauma@stevens.edu>
Pull Request: https://github.com/freebsd/freebsd/pull/96
Adding %b support to vfprintf for parity with kernel space requires
more discussion/review.
In particular, many parties were concerned over introducing a
non-standard format qualifier to *printf(3) which didn't already
exist in other OSes, e.g. Linux, thus making code which used %b
harder to port to other operating systems.
Requested by: many
This is a direct port of the kernel %b format.
I'm unclear on if (more) non-portable printf extensions will be a
problem. I think it's desirable to have userspace formats include all
kernel formats, but there may be competing goals I'm not aware of.
Reviewed by: no one, unfortunately
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D8426
when the first mb sequence is incomplete and there are not enougn chars in
the read buffer. ws[-1] may lead to memory faults or false results, in
case the memory here contains '\n'.
2) Fix EOF checking I mess in my previos r305406 commit.
MFC after: 3 days
sequence near EOF), so we can't just check for
(wc == WEOF && !__sfeof(fp)) and must relay on __sferror(fp) with
__SERR clearing/restoring.
MFC after: 7 days
i.e. partial line, but set __SERR and errno in the same time, which
is inconsistent.
Now both OpenBSD and NetBSD return failure, i.e. no line and set error
indicators for such case, so make our fgetln() and fgetwln()
(as its wide version) compatible with the rest of *BSD.
PR: 212033
MFC after: 7 days
functions.
__SERR is for user and the rest of stdio code do not check it
for error sensing internally, only set it.
In vf(w)printf.c here it is more easy to save __SERR, clear and restore it.
return partial line on any errors. See the comment in fgetln.c.
Add corresponding comment to fgetwln() too.
2) Rewrite r304607 case 1).
3) Remove "Fast path" from __fgetwc_mbs() since it can't detect encoding
errors and ignores them all.
PR: 212033
MFC after: 7 days
1) Don't forget to set __SERR on __slbexpand() error.
2) Check for __fgetwc() errors using errno. Don't check for __SERR
as PR suggested, it user-visible flag which can stick from previous
functions and stdio code don't check it for this purpose.
PR: 212033
MFC after: 3 days
When adding getline(3) and dprintf(3) into libc, those guards were added
to prevent breaking too many ports.
7 years later the ports tree have been fixed, it is time to remove this
FreeBSDism
While here remove the extra parenthesis surrounding dprintf(3)
locale (which cause core dump) by removing whole 'table' argument
by which it passed.
2) Restore __collate_range_cmp() in __sccl().
3) Collating [a-z] range in regcomp() only for single bytes locales
(we can't do it now for other ones). In previous state only first 256
wchars are considered and all others are just silently dropped from the
range.
Instead of changing whole course to another POSIX-permitted way
for consistency and uniformity I decide to completely ignore missing
regex fucntionality and concentrace on fixing bugs in what we have now,
too many small obstacles instead, counting ports.
Only first 256 wide chars are considered currently, all other are just
dropped from the range. Proper implementation require reverse tables
database lookup, since objects are really big as max UTF-8 (1114112
code points), so just the same scanning as it was for 256 chars will
slow things down.
POSIX does not require collation for [a-z] type ranges and does not
prohibit it for non-POSIX locales. POSIX require collation for ranges
only for POSIX (or C) locale which is equal to ASCII and binary for
other chars, so we already have it.
No other *BSD implements collation for [a-z] type ranges.
Restore ABI compatibility with unused now __collate_range_cmp() which
is visible from outside (will be removed later).
The fix to the __collate_range_cmp() ABI breakage missed some replacements
in libc's vfscanf(). Replace them with __wcollate_range_cmp() which
does what is expected.
This was breaking applications like xterm and pidgin when using wide
characters.
Reported by: Vitalij Satanivskij
Approved by: re
In such cases return ENOMEM. This is a limitation of our
implementation, alternatively you may consider getline(3).
Differential Revision: https://reviews.freebsd.org/D442 (Partial)
Obtained from: Apple Inc. (Libc 997.90.3)
Relnotes: yes
POSIX.1-2008 requires that successful completion simply return a
non-negative integer. We have regularly returned a constant value.
Another, equally valid, implementation convention implies returning
the number of bytes written.
Adopt this last convention to be in line with what Apple's libc
does. POSIX also explicitly notes:
Note that this implementation convention cannot be adhered to for strings
longer than {INT_MAX} bytes as the value would not be representable in the
return type of the function. For backwards-compatibility, implementations
can return the number of bytes for strings of up to {INT_MAX} bytes, and
return {INT_MAX} for all longer strings.
Developers shouldn't depend specifically on either convention but
the change may help port software from Apple.
Differential Revision: https://reviews.freebsd.org/D442 (Partial)
Obtained from: Apple Inc. (Libc 997.90.3 with changes)
Relnotes: yes
aligned on a int64_t boundary. However, when we allocate the array of
these structures, we use ALIGNBYTES which defaults to sizeof(int) on
arm, i386 and others. The i386 stuff can handle unaligned accesses
seemlessly. However, arm cannot. Take this into account when creating
the array of FILEs, and add some comments about why.
Differential Revision: https://reviews.freebsd.org/D4708
immediatelly as old code does, now for append modes too.
Real use case for such fallback is impossible (unless specially crafted).
2) Remove now unneded include I forgot to remove in prev. commits.
MFC after: 1 week
are aliases for the syscall stubs and are plt-interposed, to the
libc-private aliases of internally interposed sigprocmask() etc.
Since e.g. _sigaction is not interposed by libthr, calling signal()
removes thr_sighandler() from the handler slot etc. The result was
breaking signal semantic and rtld locking.
The added __libc_sigprocmask and other symbols are hidden, they are
not exported and cannot be called through PLT. The setjmp/longjmp
functions for x86 were changed to use direct calls, and since
PIC_PROLOGUE only needed for functional PLT indirection on i386, it is
removed as well.
The PowerPC bug of calling the syscall directly in the setjmp/longjmp
implementation is kept as is.
Reported by: Pete French <petefrench@ingresso.co.uk>
Tested by: Michiel Boland <boland37@xs4all.nl>
Reviewed by: jilles (previous version)
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
This function is equivalent to fclose(3) function except that it
does not close the underlying file descriptor.
fdclose(3) is step forward to make FILE structure private.
Reviewed by: wblock, jilles, jhb, pjd
Approved by: pjd (mentor)
Differential Revision: https://reviews.freebsd.org/D2697
* Add VCREAT flag to indicate when a new file is being created
* Add VVERIFY to indicate verification is required
* Both VCREAT and VVERIFY are only passed on the MAC method vnode_check_open
and are removed from the accmode after
* Add O_VERIFY flag to rtld open of objects
* Add 'v' flag to __sflags to set O_VERIFY flag.
Submitted by: Steve Kiernan <stevek@juniper.net>
Obtained from: Juniper Networks, Inc.
GitHub Pull Request: https://github.com/freebsd/freebsd/pull/27
Relnotes: yes
These were found by gcc 5.0 on Dragonfly BSD, however I
made no attempt to silence the false positives.
Obtained from: DragonFly (cf515c3a6f3a8964ad592e524442bc628f8ed63b)
_p and _w are adjusted to account for the partial write (if any).
However, _p and _w should not be unconditionally adjusted and should only
be changed when we actually wrote some bytes, or the accumulated accounting
error will eventually result in a heap buffer overflow.
Reported by: adrian and alfred (Norse Corporation)
Security: FreeBSD-SA-14:27.stdio
Security: CVE-2014-8611
For consistency with r268985 for fputs.c, assign iov_len
first, avoiding the cast to uio_resid (int in stdio)
from degrading the value.
We currently don't support lengths higher than INT_MAX so
this change is little more than cosmetic.
MFC after: 3 days
Check for __SAPP flag before calling sflush. This avoids
performance degradation compared to the previous approach.
Submitted by: ache
MFC after: 2 weeks
Use EBADF instead of EINVAL when working around incorrect O_ACCMODE.
Phabric: D442
Obtained from: Apple Inc. (Libc 997.90.3)
Reviewed by: jilles
MFC after: 1 week
This has small changes to what Apple uses for compliance
with SUSv3. The changes cause no secondary effects in the
gnulib tests (we pass them).
Obtained from: Apple Inc. (Libc 997.90.3 with changes)
Reviewed by: bde
Phabric: D440
Update the manpage to reflect this change.
- Always set the current position to the first null-byte when opening in append
mode. This makes the implementation compatible with glibc's. Update the test
suite.
Reported by: pho
Approved by: cognet
An execute-only fd (opened with O_EXEC) allows neither read() nor write()
and is therefore incompatible with all stdio modes. Therefore, the [EINVAL]
error applies.
Also adjust the similar check in freopen() with a NULL path, even though
this checks an fd which is already from a FILE.
if not already defined. This allows building libc from outside of
lib/libc using a reach-over makefile.
A typical use-case is to build a standard ILP32 version and a COMPAT32
version in a single iteration by building the COMPAT32 version using a
reach-over makefile.
Obtained from: Juniper Networks, Inc.
Austin Group issue #411 requires 'e' to be accepted before and after 'x',
and encourages accepting the characters in any order, except the initial
'r', 'w' or 'a'.
Given that glibc accepts the characters after r/w/a in any order and that
diagnosing this problem may be hard, change our libc to behave that way as
well.
This ensures strerror() and friends continue to work correctly even if a
(non-PIE) executable linked against an older libc imports sys_errlist (which
causes sys_errlist to refer to the executable's copy with a size fixed when
that executable was linked).
The executable's use of sys_errlist remains broken because it uses the
current value of sys_nerr and may access past the bounds of the array.
Different from the message "Using sys_errlist from executables is not
ABI-stable" on freebsd-arch, this change does not affect the static library.
There seems no reason to prevent overriding the error messages in the static
library.
mktemp(), mkstemp() and mkdtemp() are available in standard <stdlib.h> and
also in <unistd.h>. Encourage use of the former by listing it in the
synopsis.
routines provide write-only stdio FILE objects that store their data in a
dynamically allocated buffer. They are a string builder interface somewhat
akin to a completely dynamic sbuf.
Reviewed by: bde, jilles (earlier versions)
MFC after: 1 month
with the user's namespace.
- Correct size and position variables type from long to size_t.
- Do not set errno to ENOMEM on malloc failure, as malloc already does so.
- Implement the concept of "buffer data length", which mandates what SEEK_END
refers to and the allowed extent for a read.
- Use NULL as read-callback if the buffer is opened in write-only mode.
Conversely, use NULL as write-callback when opened in read-only mode.
- Implement the handling of the ``b'' character in the mode argument. A binary
buffer differs from a text buffer (default mode if ``b'' is omitted) in that
NULL bytes are never appended to writes and that the "buffer data length"
equals to the size of the buffer.
- Remove shall from the man page. Use indicative instead. Also, specify that
the ``b'' flag does not conform with POSIX but is supported by glibc.
- Update the regression test so that the ``b'' functionality and the "buffer
data length" concepts are tested.
- Minor style(9) corrections.
Suggested by: jilles
Reviewed by: cognet
Approved by: cognet
