Implement the memset_s(3) function as specified by the C11 ISO/IEC

9899:2011 Appendix K 3.7.4.1.

Other needed supporting types, defines and constraint_handler
infrastructure is added as specified in the C11 spec.

Submitted by:	Tom Rix <trix@juniper.net>
Sponsored by:	Juniper Networks
Discussed with:	ed
MFC after:	3 weeks
Differential revision:	https://reviews.freebsd.org/D9903
Differential revision:	https://reviews.freebsd.org/D10161
This commit is contained in:
kib 2017-03-30 04:57:26 +00:00
parent 14bba90a82
commit 4774ca6be0
17 changed files with 500 additions and 3 deletions

View File

@ -72,4 +72,12 @@ typedef __max_align_t max_align_t;
#define offsetof(type, member) __offsetof(type, member)
#if __EXT1_VISIBLE
/* ISO/IEC 9899:2011 K.3.3.2 */
#ifndef _RSIZE_T_DEFINED
#define _RSIZE_T_DEFINED
typedef size_t rsize_t;
#endif
#endif /* __EXT1_VISIBLE */
#endif /* _STDDEF_H_ */

View File

@ -323,6 +323,26 @@ __uint64_t
extern char *suboptarg; /* getsubopt(3) external variable */
#endif /* __BSD_VISIBLE */
#if __EXT1_VISIBLE
#ifndef _ERRNO_T_DEFINED
#define _ERRNO_T_DEFINED
typedef int errno_t;
#endif
/* K.3.6 */
typedef void (*constraint_handler_t)(const char * __restrict,
void * __restrict, errno_t);
/* K.3.6.1.1 */
constraint_handler_t set_constraint_handler_s(constraint_handler_t handler);
/* K.3.6.1.2 */
_Noreturn void abort_handler_s(const char * __restrict, void * __restrict,
errno_t);
/* K3.6.1.3 */
void ignore_handler_s(const char * __restrict, void * __restrict, errno_t);
#endif /* __EXT1_VISIBLE */
__END_DECLS
__NULLABILITY_PRAGMA_POP

View File

@ -141,6 +141,22 @@ int timingsafe_memcmp(const void *, const void *, size_t);
#if __POSIX_VISIBLE >= 200809 || defined(_XLOCALE_H_)
#include <xlocale/_string.h>
#endif
#if __EXT1_VISIBLE
#ifndef _RSIZE_T_DEFINED
#define _RSIZE_T_DEFINED
typedef size_t rsize_t;
#endif
#ifndef _ERRNO_T_DEFINED
#define _ERRNO_T_DEFINED
typedef int errno_t;
#endif
/* ISO/IEC 9899:2011 K.3.7.4.1.1 */
errno_t memset_s(void *, rsize_t, int, rsize_t);
#endif /* __EXT1_VISIBLE */
__END_DECLS
#endif /* _STRING_H_ */

View File

@ -404,4 +404,6 @@ void __libc_map_stacks_exec(void);
void _pthread_cancel_enter(int);
void _pthread_cancel_leave(int);
void __throw_constraint_handler_s(const char * restrict msg, int error);
#endif /* _LIBC_PRIVATE_H_ */

View File

@ -13,8 +13,8 @@ MISRCS+=C99_Exit.c a64l.c abort.c abs.c atexit.c atof.c atoi.c atol.c atoll.c \
insque.c l64a.c labs.c ldiv.c llabs.c lldiv.c lsearch.c \
merge.c mergesort_b.c ptsname.c qsort.c qsort_r.c quick_exit.c \
radixsort.c rand.c \
random.c reallocarray.c reallocf.c realpath.c remque.c strfmon.c \
strtoimax.c \
random.c reallocarray.c reallocf.c realpath.c remque.c \
set_constraint_handler_s.c strfmon.c strtoimax.c \
strtol.c strtoll.c strtoq.c strtoul.c strtonum.c strtoull.c \
strtoumax.c strtouq.c system.c tdelete.c tfind.c tsearch.c twalk.c

View File

@ -119,6 +119,9 @@ FBSD_1.4 {
FBSD_1.5 {
__cxa_thread_atexit;
__cxa_thread_atexit_impl;
abort_handler_s;
ignore_handler_s;
set_constraint_handler_s;
};
FBSDprivate_1.0 {

View File

@ -0,0 +1,95 @@
/*-
* Copyright (c) 2017 Juniper Networks. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");
#include "namespace.h"
#include <sys/types.h>
#include <machine/atomic.h>
#include <errno.h>
#include <pthread.h>
#include <stddef.h>
#include <stdlib.h>
#include "un-namespace.h"
#include "libc_private.h"
/*
* Rationale recommends allocating new memory each time.
*/
static constraint_handler_t *_ch = NULL;
static pthread_mutex_t ch_lock = PTHREAD_MUTEX_INITIALIZER;
constraint_handler_t
set_constraint_handler_s(constraint_handler_t handler)
{
constraint_handler_t *new, *old, ret;
new = malloc(sizeof(constraint_handler_t));
if (new == NULL)
return (NULL);
*new = handler;
if (__isthreaded)
_pthread_mutex_lock(&ch_lock);
old = _ch;
_ch = new;
if (__isthreaded)
_pthread_mutex_unlock(&ch_lock);
if (old == NULL) {
ret = NULL;
} else {
ret = *old;
free(old);
}
return (ret);
}
void
__throw_constraint_handler_s(const char * restrict msg, errno_t error)
{
constraint_handler_t ch;
if (__isthreaded)
_pthread_mutex_lock(&ch_lock);
ch = _ch != NULL ? *_ch : NULL;
if (__isthreaded)
_pthread_mutex_unlock(&ch_lock);
if (ch != NULL)
ch(msg, NULL, error);
}
void
abort_handler_s(const char * restrict msg __unused,
void * restrict ptr __unused, errno_t error __unused)
{
abort();
}
void
ignore_handler_s(const char * restrict msg __unused,
void * restrict ptr __unused, errno_t error __unused)
{
}

View File

@ -10,7 +10,7 @@ CFLAGS+= -I${LIBC_SRCTOP}/locale
MISRCS+=bcmp.c bcopy.c bzero.c explicit_bzero.c \
ffs.c ffsl.c ffsll.c fls.c flsl.c flsll.c \
memccpy.c memchr.c memrchr.c memcmp.c \
memcpy.c memmem.c memmove.c memset.c \
memcpy.c memmem.c memmove.c memset.c memset_s.c \
stpcpy.c stpncpy.c strcasecmp.c \
strcat.c strcasestr.c strchr.c strchrnul.c strcmp.c strcoll.c strcpy.c\
strcspn.c strdup.c strerror.c strlcat.c strlcpy.c strlen.c strmode.c \

View File

@ -105,6 +105,7 @@ FBSD_1.4 {
};
FBSD_1.5 {
memset_s;
timingsafe_bcmp;
timingsafe_memcmp;
};

View File

@ -0,0 +1,63 @@
/*-
* Copyright (c) 2017 Juniper Networks. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");
#include <errno.h>
#include <stddef.h>
#include <stdint.h>
#include <string.h>
#include "libc_private.h"
/* ISO/IEC 9899:2011 K.3.7.4.1 */
errno_t
memset_s(void *s, rsize_t smax, int c, rsize_t n)
{
errno_t ret;
rsize_t lim;
unsigned char v;
volatile unsigned char *dst;
ret = EINVAL;
lim = smax;
v = (unsigned char)c;
dst = (unsigned char *)s;
if (s == NULL) {
__throw_constraint_handler_s("memset_s : s is NULL", ret);
} else if (smax > RSIZE_MAX) {
__throw_constraint_handler_s("memset_s : smax > RSIZE_MAX",
ret);
} else if (n > RSIZE_MAX) {
__throw_constraint_handler_s("memset_s : n > RSIZE_MAX", ret);
} else {
if (n < smax)
lim = n;
while (lim > 0)
dst[--lim] = v;
ret = 0;
}
return (ret);
}

View File

@ -5,6 +5,7 @@
ATF_TESTS_C+= heapsort_test
ATF_TESTS_C+= mergesort_test
ATF_TESTS_C+= qsort_test
ATF_TESTS_C+= set_constraint_handler_s_test
ATF_TESTS_C+= tsearch_test
.if ${COMPILER_FEATURES:Mc++11}
ATF_TESTS_CXX+= cxa_thread_atexit_test

View File

@ -0,0 +1,63 @@
/*-
* Copyright (c) 2017 Juniper Networks. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");
#include <assert.h>
#include <stdlib.h>
#include <atf-c.h>
/* null */
ATF_TC_WITHOUT_HEAD(null_handler);
ATF_TC_BODY(null_handler, tc)
{
assert(set_constraint_handler_s(abort_handler_s) == NULL);
}
/* abort handler */
ATF_TC_WITHOUT_HEAD(abort_handler);
ATF_TC_BODY(abort_handler, tc)
{
set_constraint_handler_s(abort_handler_s);
assert(set_constraint_handler_s(ignore_handler_s) == abort_handler_s);
}
/* ignore handler */
ATF_TC_WITHOUT_HEAD(ignore_handler);
ATF_TC_BODY(ignore_handler, tc)
{
set_constraint_handler_s(ignore_handler_s);
assert(set_constraint_handler_s(abort_handler_s) == ignore_handler_s);
}
ATF_TP_ADD_TCS(tp)
{
ATF_TP_ADD_TC(tp, null_handler);
ATF_TP_ADD_TC(tp, abort_handler);
ATF_TP_ADD_TC(tp, ignore_handler);
return (atf_no_error());
}

View File

@ -1,6 +1,7 @@
# $FreeBSD$
ATF_TESTS_C+= memcmp_test
ATF_TESTS_C+= memset_s_test
ATF_TESTS_C+= stpncpy_test
ATF_TESTS_C+= strerror2_test
ATF_TESTS_C+= wcscasecmp_test

View File

@ -0,0 +1,195 @@
/*-
* Copyright (c) 2017 Juniper Networks. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");
#include <assert.h>
#include <stdint.h>
#include <stdlib.h>
#include <string.h>
#include <atf-c.h>
static errno_t e;
static const char * restrict m;
void
h(const char * restrict msg, void * restrict ptr __unused, errno_t error)
{
e = error;
m = msg;
}
/* null ptr */
ATF_TC_WITHOUT_HEAD(null_ptr);
ATF_TC_BODY(null_ptr, tc)
{
assert(memset_s(0, 1, 1, 1) != 0);
}
/* smax > rmax */
ATF_TC_WITHOUT_HEAD(smax_gt_rmax);
ATF_TC_BODY(smax_gt_rmax, tc)
{
char b;
assert(memset_s(&b, RSIZE_MAX + 1, 1, 1) != 0);
}
/* smax < 0 */
ATF_TC_WITHOUT_HEAD(smax_lt_zero);
ATF_TC_BODY(smax_lt_zero, tc)
{
char b;
assert(memset_s(&b, -1, 1, 1) != 0);
}
/* normal */
ATF_TC_WITHOUT_HEAD(normal);
ATF_TC_BODY(normal, tc)
{
char b;
b = 3;
assert(memset_s(&b, 1, 5, 1) == 0);
assert(b == 5);
}
/* n > rmax */
ATF_TC_WITHOUT_HEAD(n_gt_rmax);
ATF_TC_BODY(n_gt_rmax, tc)
{
char b;
assert(memset_s(&b, 1, 1, RSIZE_MAX + 1) != 0);
}
/* n < 0 */
ATF_TC_WITHOUT_HEAD(n_lt_zero);
ATF_TC_BODY(n_lt_zero, tc)
{
char b;
assert(memset_s(&b, 1, 1, -1) != 0);
}
/* n < smax */
ATF_TC_WITHOUT_HEAD(n_lt_smax);
ATF_TC_BODY(n_lt_smax, tc)
{
char b[3] = {1, 2, 3};
assert(memset_s(&b[0], 3, 9, 1) == 0);
assert(b[0] == 9);
assert(b[1] == 2);
assert(b[2] == 3);
}
/* n > smax */
ATF_TC_WITHOUT_HEAD(n_gt_smax);
ATF_TC_BODY(n_gt_smax, tc)
{
char b[3] = {1, 2, 3};
assert(memset_s(&b[0], 1, 9, 3) == 0);
assert(b[0] == 9);
assert(b[1] == 2);
assert(b[2] == 3);
}
/* smax > rmax, handler */
ATF_TC_WITHOUT_HEAD(smax_gt_rmax_handler);
ATF_TC_BODY(smax_gt_rmax_handler, tc)
{
char b;
e = 0;
m = NULL;
set_constraint_handler_s(h);
assert(memset_s(&b, RSIZE_MAX + 1, 1, 1) != 0);
assert(e > 0);
assert(strcmp(m, "memset_s : smax > RSIZE_MAX") == 0);
}
/* smax < 0, handler */
ATF_TC_WITHOUT_HEAD(smax_lt_zero_handler);
ATF_TC_BODY(smax_lt_zero_handler, tc)
{
char b;
e = 0;
m = NULL;
set_constraint_handler_s(h);
assert(memset_s(&b, -1, 1, 1) != 0);
assert(e > 0);
assert(strcmp(m, "memset_s : smax > RSIZE_MAX") == 0);
}
/* n > rmax, handler */
ATF_TC_WITHOUT_HEAD(n_gt_rmax_handler);
ATF_TC_BODY(n_gt_rmax_handler, tc)
{
char b;
e = 0;
m = NULL;
set_constraint_handler_s(h);
assert(memset_s(&b, 1, 1, RSIZE_MAX + 1) != 0);
assert(e > 0);
assert(strcmp(m, "memset_s : n > RSIZE_MAX") == 0);
}
/* n < 0, handler */
ATF_TC_WITHOUT_HEAD(n_lt_zero_handler);
ATF_TC_BODY(n_lt_zero_handler, tc)
{
char b;
e = 0;
m = NULL;
set_constraint_handler_s(h);
assert(memset_s(&b, 1, 1, -1) != 0);
assert(e > 0);
assert(strcmp(m, "memset_s : n > RSIZE_MAX") == 0);
}
ATF_TP_ADD_TCS(tp)
{
ATF_TP_ADD_TC(tp, null_ptr);
ATF_TP_ADD_TC(tp, smax_gt_rmax);
ATF_TP_ADD_TC(tp, smax_lt_zero);
ATF_TP_ADD_TC(tp, normal);
ATF_TP_ADD_TC(tp, n_gt_rmax);
ATF_TP_ADD_TC(tp, n_lt_zero);
ATF_TP_ADD_TC(tp, n_gt_smax);
ATF_TP_ADD_TC(tp, n_lt_smax);
ATF_TP_ADD_TC(tp, smax_gt_rmax_handler);
ATF_TP_ADD_TC(tp, smax_lt_zero_handler);
ATF_TP_ADD_TC(tp, n_gt_rmax_handler);
ATF_TP_ADD_TC(tp, n_lt_zero_handler);
return (atf_no_error());
}

View File

@ -750,24 +750,38 @@
#define __XSI_VISIBLE 0
#define __BSD_VISIBLE 0
#define __ISO_C_VISIBLE 1990
#define __EXT1_VISIBLE 0
#elif defined(_C99_SOURCE) /* Localism to specify strict C99 env. */
#define __POSIX_VISIBLE 0
#define __XSI_VISIBLE 0
#define __BSD_VISIBLE 0
#define __ISO_C_VISIBLE 1999
#define __EXT1_VISIBLE 0
#elif defined(_C11_SOURCE) /* Localism to specify strict C11 env. */
#define __POSIX_VISIBLE 0
#define __XSI_VISIBLE 0
#define __BSD_VISIBLE 0
#define __ISO_C_VISIBLE 2011
#define __EXT1_VISIBLE 0
#else /* Default environment: show everything. */
#define __POSIX_VISIBLE 200809
#define __XSI_VISIBLE 700
#define __BSD_VISIBLE 1
#define __ISO_C_VISIBLE 2011
#define __EXT1_VISIBLE 1
#endif
#endif
/* User override __EXT1_VISIBLE */
#if defined(__STDC_WANT_LIB_EXT1__)
#undef __EXT1_VISIBLE
#if __STDC_WANT_LIB_EXT1__
#define __EXT1_VISIBLE 1
#else
#define __EXT1_VISIBLE 0
#endif
#endif /* __STDC_WANT_LIB_EXT1__ */
#if defined(__mips) || defined(__powerpc64__) || defined(__riscv__)
#define __NO_TLS 1
#endif

View File

@ -193,4 +193,12 @@ __END_DECLS
#define ERELOOKUP (-5) /* retry the directory lookup */
#endif
#if __EXT1_VISIBLE
/* ISO/IEC 9899:2011 K.3.2.2 */
#ifndef _ERRNO_T_DEFINED
#define _ERRNO_T_DEFINED
typedef int errno_t;
#endif
#endif /* __EXT1_VISIBLE */
#endif

View File

@ -66,4 +66,11 @@ typedef __uint_fast64_t uint_fast64_t;
#define WCHAR_MIN __WCHAR_MIN
#define WCHAR_MAX __WCHAR_MAX
#if __EXT1_VISIBLE
/* ISO/IEC 9899:2011 K.3.4.4 */
#ifndef RSIZE_MAX
#define RSIZE_MAX (SIZE_MAX >> 1)
#endif
#endif /* __EXT1_VISIBLE */
#endif /* !_SYS_STDINT_H_ */