115 Commits

Author SHA1 Message Date
Peter Wemm
7f3dea244c $Id$ -> $FreeBSD$ 1999-08-28 00:22:10 +00:00
Warner Losh
028aace8e1 Add warnings, ala mktemp, to tempnam and tmpnam as a reminder that
these are inherently unsafe interfaces.

Do not allow TMPDIR to override path for setuid/setgid programs.
1999-08-21 17:56:44 +00:00
Robert Nordier
18e08df153 Treat an attempt to read from a write-only stream more consistently.
Submitted by: Anton Berezin <tobez@plab.ku.dk>
PR          : 12852
1999-08-10 21:36:51 +00:00
Bruce Evans
749a33625d Fixed missing "G" in the list item for the main description of %g and
%G formats.
1999-08-08 11:00:01 +00:00
Tim Vanderhoek
6a8e2895aa asprintf() does use realloc() internally, but saying so in the manpage can be
misinterpreted to mean that the pointer passed to asprintf() must be suitable
for passing to realloc() as-is (ie. either a NULL pointer or a valid pointer).
1999-07-25 17:38:59 +00:00
Nik Clayton
fbc400a67a Add $Id$, to make it simpler for members of the translation teams to
track.

The $Id$ line is normally at the bottom of the main comment block in the
man page, separated from the rest of the manpage by an empty comment,
like so;

     .\"    $Id$
     .\"

If the immediately preceding comment is a @(#) format ID marker than the
the $Id$ will line up underneath it with no intervening blank lines.
Otherwise, an additional blank line is inserted.

Approved by:            bde
1999-07-12 20:50:10 +00:00
Archie Cobbs
f24c2153d5 Add a note that when a stream opened via fdopen() is closed via fclose(),
the underlying file descriptor is also closed. To me at least this wasn't
immediately obvious.
1999-05-17 23:47:27 +00:00
Warner Losh
26ba999e7e Various language and style concerns fixed.
Noted by: bde
1999-04-09 18:26:46 +00:00
Warner Losh
2ee878400e Add mkstemps to the man page, and create a link for it.
Obtained from: OpenBSD
Poked in the eye about committing new functions without a manpage: obrien
1999-04-04 21:15:37 +00:00
Warner Losh
06b6a8ab98 Add mkstemps from OpenBSD. This has been in my tree for months and
hasn't caused any problems until the egcs import.  This fix breaks the
world build, but my very next commit will remove mkstemps from the
egcs build.
1999-04-04 20:28:04 +00:00
Doug Rabson
93263596ac Add support for long long modifier (e.g. %llx, %lld).
Reviewed by: bde
1999-03-11 22:44:02 +00:00
Bruce Evans
dcf01d60ba Fixed disordering and incoinsistent style in previous commit. 1999-03-05 13:01:22 +00:00
Bruce Evans
b300c1d8f9 The pseudocode in the synopsis didn't come close to actually
compiling, since <stdio.h> correctly doesn't declare off_t although
the pseudo-prototypes for the new fseeko() and ftello() functions
use it.  Handle this like the corresponding problem for va_list
versus the vprintf() family.

Fixed some English errors.
1999-03-05 12:56:37 +00:00
Tim Vanderhoek
654b249ced Decapitalize function name by prepending with word "The".
PR:		docs/10247
1999-02-26 01:28:06 +00:00
Dmitrij Tejblum
7307d07db6 Added functions fseeko() and ftello() (from susv2).
Fixed fgetpos() and fsetpos() for offsets > 2GB.

PR:		8637
Submitted by:	 Dan Nelson <dnelson@emsphone.com> (adjusted by me a little)
1999-02-08 21:32:38 +00:00
Eivind Eklund
70efdda93d Note that dying on NULL is an implementation detail. 1998-12-17 17:13:47 +00:00
Robert Nordier
e524a581b1 Check for a zero-length as well as a NULL string argument. 1998-10-29 14:40:20 +00:00
Peter Wemm
ed1bbda829 Revert last change. mkstemp() wasn't to blame, it's nvi. However,
mkstemp() is not behaving as documented.
1998-10-20 15:33:21 +00:00
Peter Wemm
eb356f9af0 Stop mk*temp() from being pathologically stupid in the face of a umask(0);
There are other ways to fix this than wrapping _gettemp(), but this was
the most convenient.

Discovered by: bde
1998-10-20 12:36:36 +00:00
Eivind Eklund
b41c848d46 Remove the description of EBADF (that's an implementation detail if I
ever saw one), and move the description of NULL behaviour out to a
'NOTES' section, with an extra note that programs should not rely up
on it.

Kinda-approve-by:	bde (by not replying to the mail with the diff)
1998-10-10 13:31:32 +00:00
Eivind Eklund
aef1f383cf program written under FreeBSD -> programs written under FreeBSD
Noticed by:	Alex Nash <nash@mcs.net>
1998-10-03 16:17:30 +00:00
Eivind Eklund
8bd4c21699 Document that we will core-dump on getting a NULL pointer. 1998-09-28 15:34:24 +00:00
David E. O'Brien
5846581c2e Apply patch to properly sscanf(3) when there is whitespace in the format
string.  From the submitted patch:

Credit for patch:	Chris Torek <torek@bsdi.com>
			Tod Miller  <millert@openbsd.org>

This makes us in line with SunOS 4.1.3_U1, Solaris 2.6, OpenBSD 2.3,
HP-UX 10.20, Irix 5.3.  The previous behavior was in line with Ultrix 4.4.

PR:		bin/7970
Submitted by:	Niall Smart nialls@euristix.ie
1998-09-25 12:20:27 +00:00
Warner Losh
e8420087b0 Replace memory leaking instances of realloc with non-leaking reallocf.
In some cases replace if (a == null) a = malloc(x); else a =
realloc(a, x); with simple reallocf(a, x).  Per ANSI-C, this is
guaranteed to be the same thing.

I've been running these on my system here w/o ill effects for some
time.  However, the CTM-express is at part 6 of 34 for the CAM
changes, so I've not been able to do a build world with the CAM in the
tree with these changes.  Shouldn't impact anything, but...
1998-09-16 04:17:47 +00:00
Peter Wemm
64a965e707 Replace my original asprintf() and vasprintf() hacks with something
more cleanly integrated with stdio.  This should be faster and cleaner
since it doesn't memcpy() the data into a seperate buffer.  This lets
stdio allocate and manage the buffer and then hand it over to the user.

Obtained from: Todd Miller <Todd.Miller@courtesan.com> via OpenBSD
1998-07-08 00:44:56 +00:00
Joseph Koshy
9c727d2ca9 Spelling corrections.
PR: 6868
Submitted by: Josh Gilliam <josh@quick.net>
1998-06-06 05:50:53 +00:00
John Birrell
f9a8e5fafb Remote the NetBSD kludge for vfprintf.c 1998-05-08 05:17:11 +00:00
John Birrell
77af5d1ac8 Don't assign the va_list variable 'ap' directly to the argtable because
va_list is not a pointer on alpha. Instead, use the va_arg() macro
to return the address that is stored in the argtable.
1998-05-08 05:10:32 +00:00
John Birrell
4c717fd74d Remove leading underscores for the functions (weak symbols here) that
POSIX defines.
1998-05-05 21:56:42 +00:00
Peter Wemm
4fea76f539 Fix a nasty flaw as a result of using the arc4random() pre-seeding of
leading XXX's.  It could wrap an uppercase character through chars
like:  [ \ ] ^ _ `  in between Z and a.  The backslash and back tick
might be particularly nasty in a shell script context.  Also, since
we've been using upper-case generated values for a while now, go with
the flow and use them in the pathname search rotation.
1998-04-14 07:25:05 +00:00
John Birrell
ec216c2634 Add FILE locking stubs for libc.
Change the FILE locking to support kernel threads when linked with
libpthread (which you haven't see yet). This requires that libc become
thread-safe and thread-aware, testing __isthreaded before attempting
to do lock/unlock calls. The impact on non-threaded programs is minor.
This change works with libc_r, so it's the best compromise.
1998-04-11 07:40:47 +00:00
Bruce Evans
034abff918 Fixed disordering and inconsistent style in previous commit. 1998-03-12 12:05:14 +00:00
John Birrell
e7b6782c39 Added #include <string.h> to get prototypes. 1998-03-09 06:51:23 +00:00
Stephen McKay
b8e5e42d0f Fixed a few ancient typos, added a little missing stuff, and updated
references to abort() in light of POSIX mandated behaviour.  I'm
still not 100% happy with much of the wording, but it's better
than it was.
1998-03-08 15:15:33 +00:00
Bruce Evans
87ad126763 Fixed uninitialized pointer in previous commit. mktemp() was broken.
I noticed cvs core dumps and uncleaned cvs temporary files in /tmp.

Fixed ANSIisms.
1998-03-03 14:38:36 +00:00
Warner Losh
2f253e75c8 Many security improvements from OpenBSD:
implement mkdtemp
	improve man page for mk*temp
	use arc4random to seed extra XXX's randomly
	Optionally warn of unsafe mktemp uses
From various commits by theo de raadt and Todd Miller.
Obtained from: OpenBSD

This should go into 2.2 after a testing period.
1998-02-13 02:13:24 +00:00
Andrey A. Chernov
b250f24856 size_t -> unsigned
in arguments length INT_MAX overflow check
Suggested-by: bde
1998-01-04 22:28:47 +00:00
Andrey A. Chernov
8c6d2f42e1 1. EOF was returned when the buffer size was larger than INT_MAX. This
case has very little to do with the output size being larger than
   INT_MAX.
2. The new #include of <limits.h> was disordered.
3. The new declaration of `on' was disordered (integer types go together).
4. Testing an unsigned value for > 0 was fishy.

Submitted by: bde
1998-01-01 20:15:58 +00:00
Andrey A. Chernov
92e88f87b9 Add overflow checks: if output size becomes bigger than INT_MAX,
just return EOF
1997-12-25 00:32:17 +00:00
Andrey A. Chernov
fb25537fb8 Correct type of stored argument place (from previous fix) 1997-12-24 23:54:19 +00:00
Andrey A. Chernov
947d101171 1) Restore back comment about snprintf()
2) Optimize string buffer copy to call memcpy() and update pointers
only for count > 0, it makes snprintf(NULL, 0, ...) more efficient
1997-12-24 23:23:18 +00:00
Andrey A. Chernov
6e690ad4ca Return back to BSD snprintf semantics which recent C9x standard adopts
instead of Singe Unix, thanx Bruce for explaining, I am not realize
standards war was there.

But now, fix n == 0 case to not return error and fix check for too
big n.

Things left to do: check for overflow in arguments.
1997-12-24 23:02:47 +00:00
Andrey A. Chernov
e0b123f6d0 1) Oops! Insert again if (n == 0) return 0.
Final word is Bruce's quote:

C9x specifies the BSD4.4-Lite behaviour:

       [#3] ...   Thus,  the
       null-terminated  output  has  been completely written if and
       only if the returned value is less than n.

It means that if we not have any null-terminated output as for n == 0
we can't return value less than n, so we forced to return value
equal to n i.e. 0

The next good thing is glibc compatibility, of course.

2) Do check for too big n in machine-independent way.
3) Minor optimization assuming EOF is < 0
1997-12-24 20:24:08 +00:00
Andrey A. Chernov
5ebfa8de69 Back out part related to "return 0 if n == 0" and return EOF as before.
The main argument is that it is impossible to determine if %n evaluated or not
when snprintf return 0, because it can happens for both n == 0 and n == 1.
Although EOF here is good indication of the end of process, if n is
decreased in the loop...
Since it is already supposed in many places that EOF *is* negative, f.e.
from Single Unix specs for snprintf
"return ... a negative value if an output error was encountered"
this not makes situation worse.
1997-12-24 14:32:40 +00:00
Andrey A. Chernov
97adcd5ba1 Fix snprintf(...%n...)
to pass not more than buffer size to %n agrument, old variant
always assume infinite buffer.
%n is for actually transmitted characters, not for planned ones.
1997-12-24 13:47:13 +00:00
Andrey A. Chernov
a65a537cb1 Remove wrong comment about snprintf:
"return the number of bytes needed, rather the number used"

According to Single Unix specs:

Upon successful completion, these functions return the number of bytes
transmitted excluding the terminating null
1997-12-24 13:17:13 +00:00
Andrey A. Chernov
4ecaf22055 snprintf return value fixes to conform Single Unix specs:
1) if buffer size is smaller than arguments size, return buffer
size, not arguments size as before.

2) if buffer size is 0, return 0, not EOF as before.
(now it is compatible with Linux and Apache implementations too).

NOTE: Single Unix specs says:

If the value of n {buffer size} is zero on a call to snprintf(), an
unspecified value less than 1 is returned.

It means we can't return EOF since EOF can take *any* value in general
not especially < 1. Better variant will be return -1 (it is less then
1 and different with n == 1 case) but -1 value is already occuped by
EOF in our implementation, so we can't distinguish true IO error
in that case. So 0 here is only possible case still conforming
to Single Unix specs.
1997-12-24 12:31:32 +00:00
Bruce Evans
6a93659f24 Comment that long double is poorly implemented, not that it is unimplemented. 1997-12-19 21:59:22 +00:00
Bruce Evans
8fddd06099 Fixed long double formats. They were mostly not implemented except
on systems where long doubles are just doubles.  FreeBSD hasn't
been such a system since it started using gcc-2.5 many years ago.
The fix is of low quality.  It loses precision.

scanf() of long doubles doesn't seem to be used much, but gdb-4.16
uses %Lg format in its expression parser if it thinks that the
system supports printf'ing of long doubles.  The symptom was that
floating point literals were usually interpreted to be 0.0.
1997-11-23 06:02:47 +00:00
Bruce Evans
b966cc2394 Sorted lists. 1997-10-21 08:41:15 +00:00