Commit Graph

752 Commits

Author SHA1 Message Date
Pedro F. Giffuni
a333236e63 Revert r268984:
Check for __SAPP flag before calling sflush.   This avoids
performance degradation compared to the previous approach.

Submitted by:	ache
MFC after:	2 weeks
2014-07-22 18:37:59 +00:00
Pedro F. Giffuni
6393bfdac8 Mostly cosmetic cleanups.
In fputs() avoid implcit casting on iov.iov_len.

MFC after:	3 days
2014-07-22 16:39:11 +00:00
Pedro F. Giffuni
4a4e32a81d ftello: return 1 when seeking offset on an append stream.
Obtained from:	Apple Inc. (Libc 997.90.3)
Phabric:	D442
MFC after:	2 weeks
2014-07-22 16:19:01 +00:00
Pedro F. Giffuni
c03225695d rewind: always clear error indicator.
Required by POSIX:
http://pubs.opengroup.org/onlinepubs/009695399/functions/rewind.html

Obtained from:	Apple Inc. (Libc 997.90.3)
MFC after:	1 week
2014-07-22 16:10:56 +00:00
Pedro F. Giffuni
450ead8668 Adjust errno on failed prepwrite.
Obtained from:	Apple Inc. (Libc 997.90.3)
Phabric:	D442
MFC after:	1 week
2014-07-20 21:24:29 +00:00
Pedro F. Giffuni
7ebc2c26a2 Const-ify a character string.
Obtained from:	Apple Inc. (Libc 997.90.3)
MFC after:	3 days
2014-07-20 20:29:28 +00:00
Pedro F. Giffuni
120d6dd50d Use a correct errno in freopen.
Use EBADF instead of EINVAL when working around incorrect O_ACCMODE.

Phabric:	D442
Obtained from:	Apple Inc. (Libc 997.90.3)
Reviewed by:	jilles
MFC after:	1 week
2014-07-20 20:14:15 +00:00
Pedro F. Giffuni
05c9304f58 Update fflush(3) to return success on a read-only stream.
This has small changes to what Apple uses for compliance
with SUSv3. The changes cause no secondary effects in the
gnulib tests (we pass them).

Obtained from:	Apple Inc. (Libc 997.90.3 with changes)
Reviewed by:	bde
Phabric:	D440
2014-07-20 20:05:39 +00:00
Baptiste Daroussin
8fbf3d50e3 use .Mt to mark up email addresses consistently (part4)
PR:		191174
Submitted by:	Franco Fichtner  <franco at lastsummer.de>
2014-06-23 08:25:03 +00:00
Pietro Cerutti
4c524a4287 - Return NULL and set errno to EINVAL if size is 0 (as required by POSIX).
Update the manpage to reflect this change.
- Always set the current position to the first null-byte when opening in append
mode. This makes the implementation compatible with glibc's. Update the test
suite.

Reported by:	pho
Approved by:	cognet
2014-06-02 13:48:57 +00:00
Jilles Tjoelker
93a65e1b5f libc/stdio: Fail fdopen() on an execute-only fd.
An execute-only fd (opened with O_EXEC) allows neither read() nor write()
and is therefore incompatible with all stdio modes. Therefore, the [EINVAL]
error applies.

Also adjust the similar check in freopen() with a NULL path, even though
this checks an fd which is already from a FILE.
2014-04-21 17:40:23 +00:00
Eitan Adler
063aa3dfd2 libc man pages: Remove reference to non-existent FreeBSD Security
Architecture

MFC After:	3 days
2014-03-07 15:35:54 +00:00
Marcel Moolenaar
8876613dc5 Replace use of ${.CURDIR} by ${LIBC_SRCTOP} and define ${LIBC_SRCTOP}
if not already defined. This allows building libc from outside of
lib/libc using a reach-over makefile.

A typical use-case is to build a standard ILP32 version and a COMPAT32
version in a single iteration by building the COMPAT32 version using a
reach-over makefile.

Obtained from:	Juniper Networks, Inc.
2014-03-04 02:19:39 +00:00
Eitan Adler
f3ba5fc742 Add missing include files for the printf_l and scanf_l man pages.
Reported by:	swildner@dragonflybsd.org
2013-11-17 02:03:45 +00:00
Jilles Tjoelker
ef70de180c libc/stdio: Allow fopen/freopen modes in any order (except initial r/w/a).
Austin Group issue #411 requires 'e' to be accepted before and after 'x',
and encourages accepting the characters in any order, except the initial
'r', 'w' or 'a'.

Given that glibc accepts the characters after r/w/a in any order and that
diagnosing this problem may be hard, change our libc to behave that way as
well.
2013-09-06 13:47:16 +00:00
Jilles Tjoelker
e73151eb82 libc: Always use our own copy of sys_errlist and sys_nerr (.so only).
This ensures strerror() and friends continue to work correctly even if a
(non-PIE) executable linked against an older libc imports sys_errlist (which
causes sys_errlist to refer to the executable's copy with a size fixed when
that executable was linked).

The executable's use of sys_errlist remains broken because it uses the
current value of sys_nerr and may access past the bounds of the array.

Different from the message "Using sys_errlist from executables is not
ABI-stable" on freebsd-arch, this change does not affect the static library.
There seems no reason to prevent overriding the error messages in the static
library.
2013-08-31 22:32:42 +00:00
Jilles Tjoelker
65ba8dff5f Add mkostemp() and mkostemps().
These are like mkstemp() and mkstemps() but allow passing open(2) flags like
O_CLOEXEC.
2013-08-09 17:24:23 +00:00
Jens Schweikhardt
db081af109 Typo corrected. 2013-07-12 17:37:05 +00:00
Jilles Tjoelker
fc0bd00fb5 mktemp(3): Add standards section. Prefer standard header.
mktemp(), mkstemp() and mkdtemp() are available in standard <stdlib.h> and
also in <unistd.h>. Encourage use of the former by listing it in the
synopsis.
2013-07-05 20:24:50 +00:00
Ed Maste
5a6307cf42 Convert libc/stdio from K&R to ANSI C
And add '__restrict' where it appeared in the header prototypes
2013-04-23 14:36:44 +00:00
Ed Maste
1d8053c5c0 Renumber clauses to reduce diffs to other versions
NetBSD, OpenBSD, and Android's Bionic all number the clauses 1 through 3,
so follow suit to make comparison easier.

Acked-by: imp@
2013-04-23 13:33:13 +00:00
Ed Maste
b4c19408e9 Spelling correction 2013-04-11 20:15:37 +00:00
Ed Maste
b4fc4a4c72 Remove unused atomic header 2013-04-11 12:49:42 +00:00
Joel Dahl
1046c6427e mdoc: add missing El. 2013-02-27 20:09:25 +00:00
John Baldwin
9240031ac6 Add an implementation of open_memstream() and open_wmemstream(). These
routines provide write-only stdio FILE objects that store their data in a
dynamically allocated buffer.  They are a string builder interface somewhat
akin to a completely dynamic sbuf.

Reviewed by:	bde, jilles (earlier versions)
MFC after:	1 month
2013-02-27 19:50:46 +00:00
Jilles Tjoelker
5a9ecb5bb2 setbuf(3): Restore a BUGS section about setbuf().
The brokenness of setbuf() is not specific to 4.2BSD and 4.3BSD but inherent
in the API definition.

Reported by:	bde
2013-02-18 22:47:59 +00:00
Jilles Tjoelker
f108ef834e setbuf(3): Remove bugs section about ancient versions of BSD. 2013-02-15 10:44:07 +00:00
Joel Dahl
1848dd2aec mdoc: Remove EOL whitespace. 2013-02-09 07:01:05 +00:00
Pietro Cerutti
71796d333c - Fix more style(9)-related issues (copyright header, spaces after function
names, unnecessary casts)
- Change type of boolean variable from char to bool

Suggested by:	jhb, zont, jmallett
Reviewed by:	cognet
Approved by:	cognet
2013-02-01 13:04:06 +00:00
Pietro Cerutti
646b68f04d - Remove underscores from the internal structure name, as it doesn't collide
with the user's namespace.

- Correct size and position variables type from long to size_t.

- Do not set errno to ENOMEM on malloc failure, as malloc already does so.

- Implement the concept of "buffer data length", which mandates what SEEK_END
  refers to and the allowed extent for a read.

- Use NULL as read-callback if the buffer is opened in write-only mode.
  Conversely, use NULL as write-callback when opened in read-only mode.

- Implement the handling of the ``b'' character in the mode argument. A binary
  buffer differs from a text buffer (default mode if ``b'' is omitted) in that
  NULL bytes are never appended to writes and that the "buffer data length"
  equals to the size of the buffer.

- Remove shall from the man page. Use indicative instead. Also, specify that
  the ``b'' flag does not conform with POSIX but is supported by glibc.

- Update the regression test so that the ``b'' functionality and the "buffer
  data length" concepts are tested.

- Minor style(9) corrections.

Suggested by:	jilles
Reviewed by:	cognet
Approved by:	cognet
2013-01-31 16:39:50 +00:00
Pietro Cerutti
96c95412ca Add fmemopen(3), an interface to get a FILE * from a buffer in memory, along
with the respective regression test.
See http://pubs.opengroup.org/onlinepubs/9699919799/functions/fmemopen.html

Reviewed by:	cognet
Approved by:	cognet
2013-01-30 14:59:26 +00:00
Eitan Adler
8c039ae154 The getline function returns the number of characters read, not
written. Use clearer text for this.

PR:		docs/174023
Submitted by:	Paul Procacci <pprocacci@gmail.com>
Approved by:	bcr (mentor)
MFC after:	1 week
2012-12-01 15:25:41 +00:00
Jilles Tjoelker
5ba651f004 libc: Allow setting close-on-exec in fopen/freopen/fdopen.
This commit adds a new mode option 'e' that must follow any 'b', '+' and/or
'x' options. C11 is clear about the 'x' needing to follow 'b' and/or '+' and
that is what we implement; therefore, require a strict position for 'e' as
well.

For freopen() with a non-NULL path argument and fopen(), the close-on-exec
flag is set iff the 'e' mode option is specified. For freopen() with a NULL
path argument and fdopen(), the close-on-exec flag is turned on if the 'e'
mode option is specified and remains unchanged otherwise.

Although the same behaviour for fopen() can be obtained by open(O_CLOEXEC)
and fdopen(), this needlessly complicates the calling code.

Apart from the ordering requirement, the new option matches glibc.

PR:		kern/169320
2012-11-30 23:51:33 +00:00
Greg Lehey
a012e04865 Clarify that the ' flag is an apostrophe.
MFC after:	2 weeks
2012-11-08 02:01:04 +00:00
Jilles Tjoelker
cc32b2eda8 fopen(3): Mention that the "x" mode option is from C11.
MFC after:	1 week
2012-11-01 22:47:42 +00:00
Eitan Adler
96240c89f0 Correct double "the the"
Approved by:	cperciva
MFC after:	3 days
2012-09-14 21:28:56 +00:00
Pawel Jakub Dawidek
988a521bf0 The register_printf_render_std() function expects regular string.
Change argument type from 'const unsigned char *' to 'const char *'.

MFC after:	2 weeks
2012-07-04 17:35:07 +00:00
Eitan Adler
e5d9109aab Only set _w to 0 when the file stream is not currently reading. Without
this fflush may fail to write data in the buffer.

PR:		kern/137819
Submitted by:	Eric Blake <ebb9@byu.net>
Reviewed by:	theraven
Approved by:	cperciva
MFC after:	2 weeks
2012-05-30 04:06:38 +00:00
Isabell Long
af27459ace Add two new locale-specific man pages:
- libc/stdio/scanf_l.3
- libc/stdio/printf_l.3

Reviewed by:	theraven
Approved by:	gabor (mentor)
MFC after:	5 days
2012-05-23 17:13:30 +00:00
Joel Dahl
790752beb4 Minor mdoc nits. 2012-05-12 20:27:13 +00:00
Eitan Adler
9ff418da7f Remove reference to non-existent FreeBSD Security Architecture
Approved by:	cperciva
MFC after:	3 days
2012-05-09 17:27:49 +00:00
Jean-Sébastien Pédron
671c033623 Remove incorrect __restrict qualifier on several pointers
The typical case was:
static __inline int
convert_ccl(FILE *fp, char * __restrict p, [...])
{
        [...]

        if (p == SUPPRESS_PTR) {
		[...]
	} else {
		[...]
	}

	[...]
}

This qualifier says that the pointer is the only one at that time
pointing to the resource.

Here, clang considers that "p" will never match "SUPPRESS_PTR" and
optimize the if{} block out. This leads to segfaults in programs calling
vfscanf(3) and vfwscanf(3) with just the format string (no arguments
following it).

The following softwares were reported to abort with segmentation fault
and this patch fixes it:
    o  cmake
    o  smartd
    o  devel/ORBit2

dim@ opened an LLVM PR to discuss this clang optimization:
    http://llvm.org/bugs/show_bug.cgi?id=12656

Tested by:	bsam@
2012-04-30 11:28:17 +00:00
David Schultz
cbd3cbbae0 Fix a bug in *wscanf's handling of non-wide %s, %c, and %[
conversions.  Both the specification and the documentation say the
width is interpreted as the max number of wide characters to read, but
the implementation was interpreting it as the number of bytes to convert.
(See also r105317.)

This change has security implications for any applications that depend
on the buggy behavior, but the impact in practice is probably nil.
Any such application would already be buggy on other platforms that
get the semantics right.  Also, these conversions are rarely used;
%ls, %lc, and %l[ are more appropriate.
2012-04-30 01:08:18 +00:00
David Schultz
d7af8cf14b Previously, vfscanf()'s wide character processing functions were
reading wide characters manually.  With this change, they now use
fgetwc().  To make this work, we use an internal version of fgetwc()
with a few extensions: it takes an mbstate * because non-wide streams
don't have a built-in mbstate, and it indicates the number of bytes
read.

vfscanf() now resembles vfwscanf() more closely.  Minor functional
improvements include working xlocale support in vfscanf(), setting the
stream error indicator on encoding errors, and proper handling of
shift-based encodings.  (Actually, making shift-based encodings work
with non-wide streams is hopeless, but the implementation now matches
the broken specification.)
2012-04-29 16:28:39 +00:00
Jeremie Le Hen
5a239e7000 Fix small documentation mistakes.
Submitted by:	brueffer
Approved by:	kib (mentor)
2012-04-28 21:50:30 +00:00
Jeremie Le Hen
6486b015fc Import stdbuf(1) and the shared library it relies on.
This tool changes the default buffering behaviour of standard
stdio streams.

It only works on dynamic binaries.  To make it work for static
ones it would require cluttering stdio because there no single
entry point.

PR:		166660
Reviewed by:	current@, jhb
Approved by:	kib (mentor)
MFC after:	1 week
2012-04-28 20:52:20 +00:00
Konstantin Belousov
46ffdf3bbd Take the spinlock around clearing of the fp->_flags in fclose(3), which
indicates the avaliability of FILE, to prevent possible reordering of
the writes as seen by other CPUs.

Reported by:	Fengwei yin <yfw.bsd gmail com>
Reviewed by:	jhb
MFC after:	1 week
2012-04-24 17:51:36 +00:00
David Schultz
06b4e48852 Bugfix: Include whitespace characters in the count of the number of
characters read.
2012-04-22 21:28:33 +00:00
David Schultz
f010dc7dc4 Bugfix: Correctly count the number of characters read for %l[ conversions. 2012-04-22 21:28:14 +00:00
David Schultz
01d2a7858e Bugfix: %n doesn't count as a conversion, so
sscanf("abc", "ab%ncd", &i) returns EOF, not 0.
2012-04-22 21:22:14 +00:00
David Schultz
51300896cb Refactor scanf to improve modularity. Conversions are now performed
by separate conversion functions.  This will hopefully make bugs more
noticeable (I noticed several already) and provide opportunities to
reduce code duplication.
2012-04-22 21:18:41 +00:00
David Schultz
86dc3a9ae2 As noted by Peter Jeremy, r234528 only partially fixed the infinite
loop bug introduced in r187302.  This completes the fix.

PR:		167039
MFC after:	3 days
2012-04-21 07:31:27 +00:00
David Schultz
666d00d34a If the size passed to {,v}s{w,n}printf is larger than INT_MAX+1
(i.e., the return value would overflow), set errno to EOVERFLOW
and return an error.  This improves the chances that buggy
applications -- for instance, ones that pass in a negative integer
as the size due to a bogus calculation -- will fail in safe ways.
Returning an error in these situations is specified by POSIX, but
POSIX appears to have an off-by-one error that isn't duplicated in
this change.

Previously, some of these functions would silently cap the size at
INT_MAX+1, and others would exit with an error after writing more
than INT_MAX characters.

PR:		39256
MFC after:	2 weeks
2012-04-21 06:10:18 +00:00
David Schultz
31fe39edac - Fix the claim that the output is always null-terminated. This isn't
true if the size is zero.
- Fix a claim that sprintf() is the same as snprintf() with an
  infinite size.  It's equivalent to snprintf() with a size of
  INT_MAX + 1.
- Document the return values in the return values section.
- Document the possible errno value of EOVERFLOW.

MFC after:	2 weeks
2012-04-21 06:09:09 +00:00
David Schultz
04acf36509 Ensure that the {,v}swprintf functions always null-terminate the
output string, even if an encoding error or malloc failure occurs.
2012-04-21 06:08:29 +00:00
David Schultz
177628ce75 Fix a bug introduced in r187302 that was causing fputws() to enter an
infinite loop pretty much unconditionally.  It's remarkable that the
patch that introduced the bug was never tested, but even more
remarkable that nobody noticed for over two years.

PR:		167039
MFC after:	3 days
2012-04-21 06:08:02 +00:00
Eitan Adler
50d675f7a9 Remove trailing whitespace per mdoc lint warning
Disussed with:	gavin
No objection from:	doc
Approved by:	joel
MFC after:	3 days
2012-03-29 05:02:12 +00:00
Eitan Adler
a8448a8ce7 Remove outdated comment of seven years
PR:		docs/116116
Approved by:	cperciva
MFC after:	1 week
2012-03-04 16:44:04 +00:00
Eitan Adler
008474bbf1 Remove reference to gcc's non-standard -fwritable-strings, which
doesn't exist in recent releases (and is bad advice anyway)

PR:		docs/163119
Submitted by:	Yuri Pankov <yuri.pankov@gmail.com>
Approved by:	cperciva
MFC after:	1 week
2012-03-04 16:41:07 +00:00
David Chisnall
3c87aa1d3d Implement xlocale APIs from Darwin, mainly for use by libc++. This adds a
load of _l suffixed versions of various standard library functions that use
the global locale, making them take an explicit locale parameter.  Also
adds support for per-thread locales.  This work was funded by the FreeBSD
Foundation.

Please test any code you have that uses the C standard locale functions!

Reviewed by:    das (gdtoa changes)
Approved by:    dim (mentor)
2011-11-20 14:45:42 +00:00
David Schultz
bd26fb812d Add support for the 'x' mode option in fopen() as specified in the C1X
draft standard.  The option is equivalent to O_EXCL.

MFC after:	1 month
2011-10-21 06:35:58 +00:00
Pawel Jakub Dawidek
a9cf49ab39 Because we call __printf_out() with a on-stack buffer, also call
__printf_flush() so we are sure it won't be referenced after we return.

MFC after:	2 weeks
2011-03-06 19:47:46 +00:00
Pawel Jakub Dawidek
f03ca7241b Fix various issues in how %#T is handled:
- If precision is 0, don't print period followed by no digits.
- If precision is 0 stop printing units as soon as possible
  (eg. if we have three years and five days and precision is 0
   print only 3y5d).
- If precision is not 0, print all units (eg. 3y0d0h0m0s.00).

MFC after:	2 weeks
2011-03-06 17:43:32 +00:00
John Baldwin
cc3d85727d When reopening a stream backed by an open file descriptor, do not close
the existing file descriptor.  Instead, let dup2() atomically close the
old file descriptor when assigning the newly opened file to the same
descriptor.  This closes a race in a multithreaded application where a
concurrent open() could allocate the existing file descriptor in between
the calls to close() and dup2().

PR:		threads/79887
Submitted by:	Dmitrij Tejblum  tejblum of yandex-team.ru
Reviewed by:	davidxu
MFC after:	1 week
2010-12-09 20:28:30 +00:00
Gavin Atkinson
da1e775d12 Remove two unused variables, left over from the refactoring in r180104.
PR:		bin/152551
Submitted by:	Henning Petersen <henning.petersen t-online.de>
MFC after:	2 weeks
2010-12-02 13:40:21 +00:00
David Schultz
06127c9c2a Update the documentation to reflect changes to the implementation in
r197752, which is related to handling of null buffer pointers.  Also
make a few minor wording changes.

Reported by:	jh@
2010-11-30 21:26:21 +00:00
Rebecca Cran
5512804bb8 Revert changes of 'assure' to 'ensure' made in r211936.
Approved by: rrs (mentor)
2010-09-11 10:49:56 +00:00
Rebecca Cran
e7f8dd75b3 Fix incorrect usage of 'assure' and 'insure'.
Approved by: rrs (mentor)
2010-08-28 16:32:01 +00:00
Ulrich Spörlein
0afc94c17a mdoc: move CAVEATS, BUGS and SECURITY CONSIDERATIONS sections to the
bottom of the manpages and order them consistently.

GNU groff doesn't care about the ordering, and doesn't even mention
CAVEATS and SECURITY CONSIDERATIONS as common sections and where to put
them.

Found by:	mdocml lint run
Reviewed by:	ru
2010-05-13 12:07:55 +00:00
Ulrich Spörlein
2a10d6d199 mdoc: fix parenthesis
Reviewed by:	brueffer
2010-05-11 23:08:31 +00:00
Ulrich Spörlein
488704b28a mdoc: use macro for +- that is understood by mdocml
Reviewed by:	brueffer
2010-05-11 23:08:15 +00:00
David E. O'Brien
6a18a77221 I feel this wording of the history is more clear.
ANSIfy vasprintf() while I'm here.
2010-04-05 22:09:29 +00:00
John Baldwin
1b0181df2f - Use an initializer macro to initialize fields in 'fake' FILE objects used
by *sprintf(), etc.
- Explicitly initialize _fl_mutex to PTHREAD_MUTEX_INITIALIZER for all FILE
  objects.  This is currently a nop on FreeBSD, but is import for other
  platforms (or in the future) where PTHREAD_MUTEX_INITIALIZER is not simply
  zero.

PR:		threads/141198
Reported by:	Jeremy Huddleston @ Apple
MFC after:	2 weeks
2010-03-11 17:03:32 +00:00
Jaakko Heinonen
6ca7812a19 In _gettemp(), check that the length of the path doesn't exceed
MAXPATHLEN. Otherwise the path name (or part of it) may not fit to
carrybuf causing a buffer overflow.

PR:		bin/140228
Suggested by:	jilles
2010-02-28 13:31:29 +00:00
Ruslan Ermilov
e363756c8f %U was macroized in mdoc(7), escape. 2010-02-16 12:29:02 +00:00
Colin Percival
c6a96a8441 Give a less silly response to a silly request.
Prior to this commit, fread/fwrite calls with size * nmemb > SIZE_MAX
were handled by reading or writing (size_t)(size * nmemb) bytes; for
example, on 32-bit platforms, fread(ptr, 641, 6700417, f) would read 1
byte and indicate that the requested 6700417 blocks had been read.

This commit adds a check for such integer overflows, and treats them as
if an overly large request was passed to read/write; i.e., it sets errno
to EINVAL, sets the error indicator on the file, and returns a short
object count (0, to be specific).

The overflow check involves an integer division, so as a performance
optimization we check first to see if both size and nmemb are less than
2^16; if they are, no overflow is possible and we avoid the division.
We assume here that size_t is at least 32 bits; this appears to be true
on all platforms FreeBSD supports.

Although this commit fixes an integer overflow, it is not likely to have
any security implications, since any program which would be affected by
this bug fix is quite clearly already very confused.

Reviewed by:	kib
MFC after:	1 month
2010-01-10 14:30:30 +00:00
Christian Brueffer
37dc3d28cb Remove unnecessary quoting and markup, add missing punctuation.
PR:		140494
Submitted by:	Jeremy Huddleston <jeremyhu@apple.com>, bde
MFC after:	1 week
2010-01-08 22:02:42 +00:00
Xin LI
280101b76e Use vsprintf instead of rolling our own.
PR:		bin/140496
Submitted by:	Jeremy Huddleston <jeremyhu apple.com>
MFC after:	1 month
2009-12-21 19:59:38 +00:00
Xin LI
d22fecc5e6 Use vsscanf instead of rolling our own.
PR:		bin/140530
Submitted by:	Jeremy Huddleston <jeremyhu apple.com>
MFC after:	1 month
2009-12-21 19:56:03 +00:00
Xin LI
c19ee5a0fb K&R -> ANSI prototype.
MFC after:	1 month
2009-12-21 19:55:05 +00:00
Matteo Riondato
5d26f10fbb 2009-12-16 04:19:23 +00:00
Ed Schouten
2c201a9afe Fix many "function declaration isn't a prototype" warnings in libc.
I've only fixed code that seems to be written by `us'. There are still
many warnings like this present in resolv/, rpc/, stdtime/ and yp/.
2009-12-05 19:31:38 +00:00
Christian Brueffer
da6186437a Fix the dprintf() prototype.
PR:		141087
Submitted by:	Jeremy Huddleston <jeremyhu@apple.com>
MFC after:	3 days
2009-12-02 07:51:25 +00:00
Garrett Wollman
0c0349bfa4 Eliminate more dead stores.
Found by:	Clang static analyzer
MFC after:	7 days
2009-11-25 04:45:45 +00:00
Garrett Wollman
750a395ba6 Make all three if conditions look similar by always initializing nsec
and moving the default initialization of prec into the else clause.
The clang static analyzer erroneously thought that nsec can be used
uninitialized here; it was not actually possible, but better to make
the code clearer.  (Clang can't know that sprintf() won't modify *pi
behind the scenes.)
2009-11-25 04:35:54 +00:00
Garrett Wollman
ab5b2fafec In __mbsconv(), if prec was zero, nconv could have been used
uninitialized.  Initialize it to a safe value so that there's no
chance of returning an error if stack garbage happens to be equal to
(size_t)-1 or (size_t)-2.

Found by:	Clang static analyzer
MFC after:	7 days
2009-11-25 04:27:55 +00:00
Garrett Wollman
e40c32385d Eliminate dead store.
Found by:	Clang static analyzer
MFC after:	7 days
2009-11-25 04:21:42 +00:00
David Schultz
7e817e2a03 Better glibc compatibility for getline/getdelim:
- Tolerate applications that pass a NULL pointer for the buffer and
  claim that the capacity of the buffer is nonzero.

- If an application passes in a non-NULL buffer pointer and claims the
  buffer has zero capacity, we should free (well, realloc) it
  anyway. It could have been obtained from malloc(0), so failing to
  free it would be a small memory leak.

MFC After:	2 weeks
Reported by:	naddy
PR:		ports/138320
2009-10-04 19:43:36 +00:00
Ed Schouten
4522791bb4 Make the description of `b' a little better.
If you have a one-byte sequence, `w', `b' is the second character. Not
the third.

Submitted by:	Christoph Mallon
2009-09-09 19:38:19 +00:00
Ed Schouten
77822acff7 Fix fwrite() to return 0 when size or nmemb are zero.
Right now nmemb is returned when size is 0. In newer versions of the
standards, it is explicitly required that fwrite() should return 0.

Submitted by:	Christoph Mallon
Approved by:	re (kib)
2009-07-12 13:09:43 +00:00
David Schultz
6685ac34d9 Return -1 instead of 0 upon reaching EOF. This is somewhat ill-advised
because it means getdelim() returns -1 for both error and EOF, and
never returns 0. However, this is what the original GNU	implementation
does, and POSIX inherited the bug.

Reported by:	marcus@
2009-04-06 13:50:04 +00:00
David Schultz
ad760e6fc9 Add dprintf() and vdprintf() from POSIX.1-2008. Like getline(),
dprintf() is a simple wrapper around another function, so we may as
well implement it. But also like getline(), we can't prototype it by
default right now because it would break too many ports.
2009-03-04 03:38:51 +00:00
David Schultz
601b205e47 Rewrite asprintf() as a wrapper around vasprintf(), thus reducing the
number of functions that have an incestuous relationship with the
arcane innards of stdio.
2009-03-02 04:11:42 +00:00
David Schultz
88f919d683 The argument corresponding to %zn is supposed to be an ssize_t *, not
a size_t *, although the distinction is moot in practice.
2009-03-02 04:07:58 +00:00
David Schultz
9e462ed058 Use C99-style initializers. No functional change.
Reviewed by:	md5(1)
2009-03-01 19:25:40 +00:00
David Schultz
353ce11c8b Replace a dozen lines of code with a call to strnlen() / wcsnlen(). 2009-02-28 06:06:57 +00:00
David Schultz
69099ba2ec - Add getdelim(), getline(), stpncpy(), strnlen(), wcsnlen(),
wcscasecmp(), and wcsncasecmp().
- Make some previously non-standard extensions visible
  if POSIX_VISIBLE >= 200809.
- Use restrict qualifiers in stpcpy().
- Declare off_t and size_t in stdio.h.
- Bump __FreeBSD_version in case the new symbols (particularly
  getline()) cause issues with ports.

Reviewed by:	standards@
2009-02-28 06:00:58 +00:00
David Schultz
0881683b36 Make sure %zd treats negative arguments properly on 32-bit platforms.
Fix harmless but related bugs in %_$zd and %_$tu.

PR:		131880
MFC after:	1 week
2009-02-28 04:58:18 +00:00
Tom Rhodes
f53807d218 Better wording for clearing EOF indicator.
Submitted by:	keramida and jhb
2009-01-28 14:38:41 +00:00
Tom Rhodes
f3f496333d Remove another comment about clearing EOF indicator.
Noticed by:	bde
2009-01-28 11:25:22 +00:00
David Schultz
aa83f5fff9 Update the manpage to reflect r145172. 2009-01-28 04:37:27 +00:00
Tom Rhodes
d568fa54db Remove comment about clearerr() being the only method of clearing
the EOF indicator, fseek() may also be used for this.

Bump document date.

PR:		76333
Submitted by:	Yoshihiko Sarumaru <mistral@imasy.or.jp>
2009-01-28 01:11:20 +00:00
David Schultz
21ca178ece Add support for multibyte thousands_sep encodings, e.g., U+066C.
The integer thousands' separator code is rewritten in order to
avoid having to preallocate a buffer for the largest possible
digit string with the most possible instances of the longest
possible multibyte thousands' separator. The new version inserts
thousands' separators for integers using the same code as floating point.
2009-01-22 08:14:28 +00:00
David Schultz
f8f571931d - Add support for multibyte decimal_point encodings, e.g., U+066B.
A forthcoming gdtoa import is needed to make this fully work.
- Improve the way "nan(...)" is parsed.
2009-01-19 06:19:51 +00:00
David Schultz
5004a238c3 Add support for multibyte decimal_point encodings, e.g., U+066B. 2009-01-19 06:19:38 +00:00
David Schultz
a1805f7bb9 When f[w]printf() is called on an unbuffered file like stdout, it
sets up a fake buffered FILE and then effectively calls itself
recursively. Unfortunately, gcc doesn't know how to do tail call
elimination in this case, and actually makes things worse by
inlining __sbprintf(). This means that f[w]printf() to stderr was
allocating about 5k of stack on 64-bit platforms, much of which was
never used.

I've reorganized things to eliminate the waste. In addition to saving
some stack space, this improves performance in my tests by anywhere
from 5% to 17% (depending on the test) when -fstack-protector is
enabled. I found no statistically significant performance difference
when stack protection is turned off. (The tests redirected stderr to
/dev/null.)
2009-01-17 18:57:12 +00:00
David Schultz
6ec3512368 Simplify printf's inlined output buffering routines. On amd64, this
reduces the code size by about 10% and improves performance slightly.
2009-01-17 05:38:14 +00:00
Roman Divacky
f27b1c064c Introduce a local variable and use it instead of passed in parameter
to get rid of restrict qualifier discarding. This lets libc compile
cleanly in gnu99 mode.

Suggested by:	kib, christoph.mallon at gmx.de
Approved by:	kib (mentor)
2009-01-15 18:53:52 +00:00
David Schultz
0a4926406a Reduce code duplication by moving functions that are identical in both
vfprintf.c and vfwprintf.c (except for char/wchar_t differences) to a
common header file.
2009-01-15 04:49:43 +00:00
David Schultz
814d1bc906 Convert the insidious macros that handle printf()'s buffering into
slightly less evil inline functions, and move the buffering state into
a struct. This will make it possible for helper routines to produce
output for printf() directly, making it possible to untangle the code
somewhat.

In wprintf(), use the same buffering mechanism to reduce diffs to
printf(). This has the side-effect of causing wprintf() to catch write
errors that it previously ignored.
2009-01-15 04:29:02 +00:00
David Schultz
0cab1fd236 Set the error indicator on an attempt to write to a read-only stream.
PR:		127335
MFC after:	2 weeks
2009-01-08 06:38:06 +00:00
David Schultz
e18701f4ac Consolidate some variable initializations. No substantive change. 2008-12-11 02:39:27 +00:00
David Schultz
33bff5d3e4 Move the xprintf hook to where it belongs; it shouldn't be in the
middle of vfprintf's variable declarations.
2008-12-10 02:32:06 +00:00
Ruslan Ermilov
e95f37bb69 Fix fread() to return a correct value on platforms where sizeof(int) !=
sizeof(size_t), i.e. on all 64-bit platforms.

Reported by:	Andrey V. Elsukov
MFC after:	3 days
2008-12-01 14:33:34 +00:00
Colin Percival
22d725b5d7 Initialize "nconv" to a reasonable value in all code paths. Prior to
this commit, sprintf("%s", "") could fail depending on what happened
to be on the stack.

Found by:	LLVM/Clang Static Checker
2008-08-04 06:55:42 +00:00
John Baldwin
e68d07ff16 Fix a few bugs with the _gettemp() routine which implements mkstemp(),
mkstemps(), and mkdtemp().
- Add proper range checking for the 'slen' parameter passed to mkstemps().
- Try all possible permutations of a template if a collision is encountered.
  Previously, once a single template character reached 'z', it would not wrap
  around to '0' and keep going until it encountered the original starting
  letter.  In the edge case that the randomly generated starting name used
  all 'z' characters, only that single name would be tried before giving up.

PR:		standards/66531
Submitted by:	Jim Luther
Obtained from:	Apple
MFC after:	1 week
2008-07-28 21:18:59 +00:00
Andrey A. Chernov
bc8541b1d1 Use arc4random_uniform(3) since modulo size is not power of 2 2008-07-22 15:08:50 +00:00
David Schultz
c4014b5086 Fix a bogon in the previous commit and add some missing error checks. 2008-06-29 23:46:06 +00:00
David Schultz
e62e5ff93f Correctly handle malloc() failure. While here, reduce the code size a
bit by removing some calls to the inline function addtype().
2008-06-29 22:54:26 +00:00
David Schultz
07bed96bd3 Factor out the code that builds the argument table. We don't need separate
normal and wide character versions of it.

No functional change.
2008-06-29 22:04:25 +00:00
David Schultz
2591efccfa Reduce the level of duplication between vfprintf() and vfwprintf()
by moving the positional argument handling code to a new file,
printf-pos.c, and moving common definitions to printflocal.h.
No functional change intended.
2008-06-29 21:52:40 +00:00
David Schultz
e5abb5e698 Begin de-spaghettifying the code that handles positional arguments.
In particular, encapsulate the state of the type table in a struct,
and add inline functions to initialize, free, and manipulate that
state. This replaces some ugly macros that made proper error handling
impossible.

While here, remove an unneeded test for NULL and a variable that is
initialized (many times!) but never used. The compiler didn't catch
these because of rampant use of the same variable to mean different
things in different places.

This commit should not cause any changes in functionality.
2008-06-29 21:01:27 +00:00
Antoine Brodin
27522528ea Remove useless call to getdtablesize(2) in fdopen(3) and its useless
variable nofile.

PR:		123109
Submitted by:	Christoph Mallon
Approved by:	rwatson (mentor)
MFC after:	1 month
2008-05-10 18:39:20 +00:00
John Baldwin
143b946188 Retire the __fgetcookie(), __fgetpendout(), and __fsetfileno() accessors
as we aren't hiding FILE's internals anymore.
2008-05-05 16:14:02 +00:00
John Baldwin
19e03ca803 Expose FILE's internals to the world again in all their glory. Restore
all the previous inline optimizations as well.  FILE is back to using
__mbstate_t, struct pthread *, and struct pthread_mutex *.
2008-05-05 16:03:52 +00:00
Marcel Moolenaar
201e72e716 Add __fgetcookie(), __fgetpendout() and __fsetfileno() to the private
name space.
2008-05-04 04:11:01 +00:00
Marcel Moolenaar
0aca787a7b Unbreak build: gnu sort has been configured to grope inside struct
__sFILE. It's opaque now, so add a function that returns the pending
output bytes.

Pointy hat: jhb
2008-05-03 23:36:00 +00:00
Marcel Moolenaar
430f2c8721 Unbreak build: libftpio gropes inside struct __sFILE. Implement
accessor functions for its benefit now thaat FILE is opaque.
I'm sure there's a better way. I leave that for people to work
on in a src tree that isn't broken.

Pointy hat: jhb
2008-05-03 20:09:44 +00:00
John Baldwin
c17bf9a9a5 Next round of stdio changes: Remove all inlining of stdio operations and
move the definition of the type backing FILE (struct __sFILE) into an
internal header.
- Remove macros to inline certain operations from stdio.h.  Applications
  will now always call the functions instead.
- Move the various foo_unlocked() functions from unlocked.c into foo.c.
  This lets some of the inlining macros (e.g. __sfeof()) move into
  foo.c.
- Update a few comments.
- struct __sFILE can now go back to using mbstate_t, pthread_t, and
  pthread_mutex_t instead of knowing about their private, backing types.

MFC after:	1 month
Reviewed by:	kan
2008-05-02 15:25:07 +00:00
John Baldwin
bc669a8c33 Fix a leak in the recent fixes for file descriptors > SHRT_MAX. In the
case of a file descriptor we can't handle, clear the FILE structure's flags
so it can be reused.

MFC after:	1 week
Reported by:	otto @ OpenBSD
2008-04-22 17:03:32 +00:00
John Baldwin
1e98f88776 Next stage of stdio cleanup: Retire __sFILEX and merge the fields back into
__sFILE.  This was supposed to be done in 6.0.  Some notes:
- Where possible I restored the various lines to their pre-__sFILEX state.
- Retire INITEXTRA() and just initialize the wchar bits (orientation and
  mbstate) explicitly instead.  The various places that used INITEXTRA
  didn't need the locking fields or _up initialized.  (Some places needed
  _up to exist and not be off the end of a NULL or garbage pointer, but
  they didn't require it to be initialized to a specific value.)
- For now, stdio.h "knows" that pthread_t is a 'struct pthread *' to
  avoid namespace pollution of including all the pthread types in stdio.h.
  Once we remove all the inlines and make __sFILE private it can go back
  to using pthread_t, etc.
- This does not remove any of the inlines currently and does not change
  any of the public ABI of 'FILE'.

MFC after:	1 month
Reviewed by:	peter
2008-04-17 22:17:54 +00:00
David Schultz
e058c00c40 Updates for changes in the way printf() handles hex floating point
numbers.
2008-04-12 03:11:56 +00:00
John Baldwin
fc9ab4f6da Add <limits.h> for SHRT_MAX.
Pointy hat to:	jhb
2008-02-27 21:25:19 +00:00
John Baldwin
c55d7e868a File descriptors are an int, but our stdio FILE object uses a short to hold
them.  Thus, any fd whose value is greater than SHRT_MAX is handled
incorrectly (the short value is sign-extended when converted to an int).
An unpleasant side effect is that if fopen() opens a file and gets a
backing fd that is greater than SHRT_MAX, fclose() will fail and the file
descriptor will be leaked.  Better handle this by fixing fopen(), fdopen(),
and freopen() to fail attempts to use a fd greater than SHRT_MAX with
EMFILE.

At some point in the future we should look at expanding the file descriptor
in FILE to an int, but that is a bit complicated due to ABI issues.

MFC after:	1 week
Discussed on:	arch
Reviewed by:	wollman
2008-02-27 19:02:02 +00:00
David Schultz
7ff4930d73 Move all the xprintf-related symbols to FBSDprivate_1.0.
Discussed with:	deischen, kan, phk
2007-12-18 23:49:05 +00:00
David Schultz
8da510f8f5 Catch up with vfprintf.c,v 1.77. 2007-12-18 01:20:33 +00:00
David Schultz
1b12fbb195 Remove some test instrumentation. (The Symbol.map changes broke it anyway.) 2007-12-09 21:00:12 +00:00
Andrey A. Chernov
b490b13584 Add rewind() to the list of functions which may fail and set errno 2007-06-18 02:13:04 +00:00
Andrey A. Chernov
ef0fddb70d Add mbstate clear missed in one of the cases.
Move overflow check for fseek as early as needed.
2007-06-18 02:09:08 +00:00
David Schultz
970a466c40 We should never zero-pad INF or NaN (yielding silly strings like "00inf")
even if the programmer asks for zero padding.
2007-05-08 03:08:28 +00:00
Daniel Eischen
5f864214bb Use C comments since we now preprocess these files with CPP. 2007-04-29 14:05:22 +00:00
Poul-Henning Kamp
9436c1bf4b Grammer correction from: emaste 2007-04-19 14:01:04 +00:00
Poul-Henning Kamp
a0c079b341 Loosen return value spec for fputs to be standards compliant so people
don't program against our more restrictive behaviour.
2007-04-19 09:38:31 +00:00
Maxim Konovalov
a0490929c3 o Add ENVIRONMENT section and mention there that TMPDIR is ignored
when issetugid(3) is true.

PR:		docs/108346
Obtained from:	OpenBSD
MFC after:	1 week
2007-03-16 21:46:24 +00:00
Warner Losh
7dcf45c07b Remove 3rd clause, renumber, ok per email 2007-01-12 07:31:30 +00:00
Warner Losh
c879ae3536 Per Regents of the University of Calfornia letter, remove advertising
clause.

# If I've done so improperly on a file, please let me know.
2007-01-09 00:28:16 +00:00
David Schultz
ac9913a749 Fix rounding of 0xf for hex fp formats.
PR:	90333
2007-01-03 04:57:58 +00:00
Konstantin Belousov
525cd732f9 Revert the rev. 1.4, it causes breakage on most arches except i386.
Remove the const qualifier from ap argument for __v2printf, that induced
that breakage, and seems to be the real reason for bad code. ap is modified
inside the __v2printf body by va_arg macro.

Pointy hat to:	kib
Approved by:	pjd (mentor)
2006-10-23 07:25:25 +00:00
Konstantin Belousov
129ccff2fb Workaround for (what seems to be) compiler error for gcc 3.4.6. On
i386 with default optimization level (-O2), va_list pointer ap in the
__v2printf function is advanced before the use. That cause argument
shift and garbage instead last argument in printf-family when xprintf is
activated.

The nsswitch is easy victim of the bug.

Reviewed by:	kan
Approved by:	kan (mentor)
MFC after:	1 week
2006-10-21 11:49:07 +00:00
Andrey A. Chernov
b0bf75c83c file == NULL:
Issue __sflush() before possible setting O_APPEND mode or ftruncate(),
write to wrong place may occurse oserwise.
Use simplified _sseek() to the start, if no O_APPEND is set, instead
of _fseeko() (_sseek() to the end, if O_APPEND, occurse later, as for
file != NULL).
Don't check seek error return, as original fopen() and freopen() never
does.

file != NULL:
Add missing _sseek() to the end.
2006-10-16 14:31:56 +00:00