Commit Graph

713 Commits

Author SHA1 Message Date
Ruslan Bukin
130a08a362 Detect integer overflow and limit the number of positional
arguments in the string format.

Sponsored by:	DARPA, AFRL
Sponsored by:	HEIF5
Differential Revision:	https://reviews.freebsd.org/D8286
2016-10-31 18:38:58 +00:00
Andrey A. Chernov
031986c4f3 Fix error handling.
MFC after:      3 days
2016-09-05 06:46:04 +00:00
Andrey A. Chernov
0b51c11a0e Fix n == 1 case. Here should be no physical read (fill buffer) attempt
(we read n - 1 chars with the room for NUL, see fgets()),
and no NULL return.

MFC after:      3 days
2016-09-05 06:10:51 +00:00
Andrey A. Chernov
4a9921c601 1) Prevent out of bounds access to ws[-1] (passed buffer) which happens
when the first mb sequence is incomplete and there are not enougn chars in
the read buffer. ws[-1] may lead to memory faults or false results, in
case the memory here contains '\n'.

2) Fix EOF checking I mess in my previos r305406 commit.

MFC after:      3 days
2016-09-05 04:49:58 +00:00
Andrey A. Chernov
0c744b20b0 Fix errors handling.
MFC after:      3 days
2016-09-05 03:37:28 +00:00
Andrey A. Chernov
2fbab0097a fgetwc(3) may set both __SEOF and __SERR at once (in case of incomplete
sequence near EOF), so we can't just check for
(wc == WEOF && !__sfeof(fp)) and must relay on __sferror(fp) with
__SERR clearing/restoring.

MFC after:      7 days
2016-09-01 20:45:04 +00:00
Andrey A. Chernov
88eb1553b0 If error happens, don't overwrite original errno comes from __mbrtowc()
and __srefill().

MFC after:      3 days
2016-09-01 18:12:53 +00:00
Andrey A. Chernov
3e48993c7c Original fgetln() from 44lite return sucess for line tail errors,
i.e. partial line, but set __SERR and errno in the same time, which
is inconsistent.
Now both OpenBSD and NetBSD return failure, i.e. no line and set error
indicators for such case, so make our fgetln() and fgetwln()
(as its wide version) compatible with the rest of *BSD.

PR:     212033
MFC after:      7 days
2016-08-25 21:14:26 +00:00
Andrey A. Chernov
d64004f09e Remove "Fast path", it bypass __wcrtomb() and all its error checking.
One of affected encoding example: US-ASCII

MFC after:      7 days
2016-08-25 17:30:00 +00:00
Andrey A. Chernov
1bf6c5f18b Don't check for __SERR which may stick from one of any previous stdio
functions.
__SERR is for user and the rest of stdio code do not check it
for error sensing internally, only set it.
In vf(w)printf.c here it is more easy to save __SERR, clear and restore it.
2016-08-25 17:13:04 +00:00
Andrey A. Chernov
d34d90a89d 1) Back out r304607 case 2). fgetwln() as its pair fgetln() supposed to
return partial line on any errors. See the comment in fgetln.c.
Add corresponding comment to fgetwln() too.
2) Rewrite r304607 case 1).
3) Remove "Fast path" from __fgetwc_mbs() since it can't detect encoding
errors and ignores them all.

PR:     212033
MFC after:      7 days
2016-08-22 22:28:41 +00:00
Andrey A. Chernov
4ae83079a7 Fix error processing.
1) Don't forget to set __SERR on __slbexpand() error.
2) Check for __fgetwc() errors using errno. Don't check for __SERR
as PR suggested, it user-visible flag which can stick from previous
functions and stdio code don't check it for this purpose.

PR:     212033
MFC after:      3 days
2016-08-22 15:44:54 +00:00
Baptiste Daroussin
999c1fd64b Remove usage of _WITH_DPRINTF 2016-07-30 01:16:06 +00:00
Baptiste Daroussin
04f36dc654 Remove last traces of _WITH_GETLINE 2016-07-30 01:13:54 +00:00
Baptiste Daroussin
dd47921eac Remove _WITH_GETLINE and _WITH_DPRINTF guards
When adding getline(3) and dprintf(3) into libc, those guards were added
to prevent breaking too many ports.

7 years later the ports tree have been fixed, it is time to remove this
FreeBSDism

While here remove the extra parenthesis surrounding dprintf(3)
2016-07-30 01:00:16 +00:00
Andrey A. Chernov
12eae8c8f3 1) Eliminate possibility to call __*collate_range_cmp() with inclomplete
locale (which cause core dump) by removing whole 'table' argument
by which it passed.

2) Restore __collate_range_cmp() in __sccl().

3) Collating [a-z] range in regcomp() only for single bytes locales
(we can't do it now for other ones). In previous state only first 256
wchars are considered and all others are just silently dropped from the
range.
2016-07-14 09:07:25 +00:00
Andrey A. Chernov
1daad8f5ad Back out non-collating [a-z] ranges.
Instead of changing whole course to another POSIX-permitted way
for consistency and uniformity I decide to completely ignore missing
regex fucntionality and concentrace on fixing bugs in what we have now,
too many small obstacles instead, counting ports.
2016-07-14 08:18:12 +00:00
Andrey A. Chernov
5a5807dd4c Remove broken support for collation in [a-z] type ranges.
Only first 256 wide chars are considered currently, all other are just
dropped from the range. Proper implementation require reverse tables
database lookup, since objects are really big as max UTF-8 (1114112
code points), so just the same scanning as it was for 256 chars will
slow things down.

POSIX does not require collation for [a-z] type ranges and does not
prohibit it for non-POSIX locales. POSIX require collation for ranges
only for POSIX (or C) locale which is equal to ASCII and binary for
other chars, so we already have it.

No other *BSD implements collation for [a-z] type ranges.

Restore ABI compatibility with unused now __collate_range_cmp() which
is visible from outside (will be removed later).
2016-07-10 03:49:38 +00:00
Pedro F. Giffuni
b2f8f05c89 Fix regression from r301461.
The fix to the __collate_range_cmp() ABI breakage missed some replacements
in libc's vfscanf().  Replace them with __wcollate_range_cmp() which
does what is expected.

This was breaking applications like xterm and pidgin when using wide
characters.

Reported by:	Vitalij Satanivskij
Approved by:	re
2016-06-10 05:21:52 +00:00
Conrad Meyer
1deb20f631 libc: Actually export fopencookie(3)
A follow-up to r299456.

Sponsored by:	EMC / Isilon Storage Division
2016-05-12 21:30:22 +00:00
Conrad Meyer
877a840c08 libc: Add fopencookie(3) wrapper around funopen(3)
Reviewed by:	jhb, oshogbo
Sponsored by:	EMC / Isilon Storage Division
Differential Revision:	https://reviews.freebsd.org/D6282
2016-05-11 14:38:27 +00:00
Pedro F. Giffuni
32223c1b7d libc: spelling fixes.
Mostly on comments.
2016-04-30 01:24:24 +00:00
Pedro F. Giffuni
cc4cacc736 freopen(3): prevent uninitialized errno.
Revert completley r297408 (and r297407): this ends up touching errno,
which we are not allowed to do.

Pointed out by:	ache, bde
2016-03-30 13:26:35 +00:00
Pedro F. Giffuni
6a2a9844b0 freopen(3): prevent uninitialized errno.
Revert r297407 and redo it cleanly.

Pointed out by:	Jukka A. Ukkonen
CID:		1018720
MFC after:	1 week
2016-03-30 06:13:58 +00:00
Pedro F. Giffuni
36226c47ef freopen(3): prevent uninitialized errno.
The case doesn't look very likely but clean the possibility nevertheless

CID:		1018720
MFC after:	1 week
2016-03-30 01:32:08 +00:00
Edward Tomasz Napierala
225636dccb Fix bunch of .Xrs.
MFC after:	1 month
Sponsored by:	The FreeBSD Foundation
2016-03-28 16:48:28 +00:00
Pedro F. Giffuni
179a5a39a8 fputs: Return the number of bytes written.
Fix r295631: wrong value.

Pointy hat:	pfg (me)
Pointed out by:	bde
2016-02-15 21:18:52 +00:00
Pedro F. Giffuni
20055d7691 getln: We cannot expand the buffer beyond INT_MAX.
In such cases return ENOMEM. This is a limitation of our
implementation, alternatively you may consider getline(3).

Differential Revision:	https://reviews.freebsd.org/D442 (Partial)
Obtained from:	Apple Inc. (Libc 997.90.3)
Relnotes:	yes
2016-02-15 18:14:21 +00:00
Pedro F. Giffuni
2082bf26c8 fputs: Return the number of bytes written.
POSIX.1-2008 requires that successful completion simply return a
non-negative integer. We have regularly returned a constant value.
Another, equally valid, implementation convention implies returning
the number of bytes written.

Adopt this last convention to be in line with what Apple's libc
does. POSIX also explicitly notes:

Note that this implementation convention cannot be adhered to for strings
longer than {INT_MAX} bytes as the value would not be representable in the
return type of the function. For backwards-compatibility, implementations
can return the number of bytes for strings of up to {INT_MAX} bytes, and
return {INT_MAX} for all longer strings.

Developers shouldn't depend specifically on either convention but
the change may help port software from Apple.

Differential Revision:  https://reviews.freebsd.org/D442 (Partial)
Obtained from:  Apple Inc. (Libc 997.90.3 with changes)
Relnotes:	yes
2016-02-15 18:13:33 +00:00
Warner Losh
1cf827546a Use __alignof__ instead of assuming int64_t to get the right
alignment.

Differential Revision: https://reviews.freebsd.org/D4708
2015-12-30 03:36:22 +00:00
Warner Losh
267668803a The FILE structure has a mbstate_t in it. This structure needs to be
aligned on a int64_t boundary. However, when we allocate the array of
these structures, we use ALIGNBYTES which defaults to sizeof(int) on
arm, i386 and others. The i386 stuff can handle unaligned accesses
seemlessly. However, arm cannot. Take this into account when creating
the array of FILEs, and add some comments about why.

Differential Revision: https://reviews.freebsd.org/D4708
2015-12-27 23:04:11 +00:00
Enji Cooper
c6e615506b Use stdint.h instead of inttypes.h as the latter pollutes namespace more
MFC after: 3 days
X-MFC with: r292004
Submitted by: bde
Sponsored by: EMC / Isilon Storage Division
2015-12-09 09:14:57 +00:00
Enji Cooper
692a3987f2 Fix compilation when -DDEBUG is defined by adding inttypes.h #include
for intmax_t

MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D4434
Reported by: cppcheck
Reviewed by: jhb
Sponsored by: EMC / Isilon Storage Division
2015-12-08 22:47:54 +00:00
Enji Cooper
45d1fa1891 Link fclose(3) to fdclose(3)
X-MFC with: r285140
MFC after: 3 weeks (need to evaluate whether or not r285140 can be MFCed)
Sponsored by: EMC / Isilon Storage Division
2015-11-25 22:07:18 +00:00
Dag-Erling Smørgrav
2e59a758fd markup fixes 2015-11-23 12:47:08 +00:00
Andrey A. Chernov
0856628198 1) Remove my overcomplicated error fallback and just return error
immediatelly as old code does, now for append modes too.
Real use case for such fallback is impossible (unless specially crafted).

2) Remove now unneded include I forgot to remove in prev. commits.

MFC after:      1 week
2015-11-12 22:24:39 +00:00
Andrey A. Chernov
881e47bbb2 Reorganize code to elimitate one _sseek() call for append modes.
MFC after:      1 week
2015-11-08 18:00:44 +00:00
Andrey A. Chernov
190d73a757 Microoptimize. 2015-11-01 08:40:15 +00:00
Andrey A. Chernov
4fe4a788af Addition to prev. commit.
In some edge cases fp->_p can be changed in _sseek(), recalculate.

PR:     204156
MFC after:      1 week
2015-11-01 06:47:05 +00:00
Andrey A. Chernov
ec6cd152cb Don't seek to the end if write buffer is empty (in append modes).
PR:             204156
MFC after:      1 week
2015-11-01 06:15:14 +00:00
Andrey A. Chernov
8b63538d89 Add _flags2 per jhb@ suggestion since no room left in _flags.
Rewrite O_APPEND flag checking using new __S2OAP flag.

MFC after:      3 weeks
2015-10-28 14:40:02 +00:00
Andrey A. Chernov
f6d1992dc3 According to POSIX, a write operation shall start at the current size of
the stream (if mode had 'a' as the first character).

MFC after:      1 week
2015-10-25 12:09:28 +00:00
Andrey A. Chernov
b956b17696 Since no room left in the _flags, reuse __SALC for O_APPEND.
It helps to remove _fcntl() call from _ftello() and optimize seek position
calculation in _swrite().

MFC after:      3 weeks
2015-10-24 02:23:15 +00:00
Craig Rodrigues
25070501c6 Use ANSI C prototypes. Eliminates -Wold-style-definition warnings. 2015-09-20 20:28:49 +00:00
Craig Rodrigues
4178e4b070 Remove names from some prototypes 2015-09-20 20:27:57 +00:00
Craig Rodrigues
7dcedc7a74 Remove names from some prototypes 2015-09-20 20:26:46 +00:00
Craig Rodrigues
486828e8a3 Add declarations to eliminate -Wmissing-prototypes warnings 2015-09-20 03:55:03 +00:00
Konstantin Belousov
bd6060a1c6 Switch libc from using _sig{procmask,action,suspend} symbols, which
are aliases for the syscall stubs and are plt-interposed, to the
libc-private aliases of internally interposed sigprocmask() etc.

Since e.g. _sigaction is not interposed by libthr, calling signal()
removes thr_sighandler() from the handler slot etc.  The result was
breaking signal semantic and rtld locking.

The added __libc_sigprocmask and other symbols are hidden, they are
not exported and cannot be called through PLT.  The setjmp/longjmp
functions for x86 were changed to use direct calls, and since
PIC_PROLOGUE only needed for functional PLT indirection on i386, it is
removed as well.

The PowerPC bug of calling the syscall directly in the setjmp/longjmp
implementation is kept as is.

Reported by:	Pete French <petefrench@ingresso.co.uk>
Tested by:	Michiel Boland <boland37@xs4all.nl>
Reviewed by:	jilles (previous version)
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
2015-08-29 14:25:01 +00:00
John Baldwin
e7b2187928 Fix a couple of markup typos.
MFC after:	2 weeks
2015-08-02 02:00:20 +00:00
Mariusz Zaborski
fd10995478 Add fdclose(3) function.
This function is equivalent to fclose(3) function except that it
does not close the underlying file descriptor.
fdclose(3) is step forward to make FILE structure private.

Reviewed by:	wblock, jilles, jhb, pjd
Approved by:	pjd (mentor)
Differential Revision:	https://reviews.freebsd.org/D2697
2015-07-04 16:42:14 +00:00