| Commit message (Expand) | Author | Age | Files | Lines |
|---|
| * | math: fix pow signed shift ub•••j is int32_t and thus j<<31 is undefined if j==1, so j is changed to
uint32_t locally as a quick fix, the generated code is not affected.
(this is a strict conformance fix, future c standard may allow 1<<31,
see DR 463. the bug was inherited from freebsd fdlibm, the proper fix
is to use uint32_t for all bit hacks, but that requires more intrusive
changes.)
reported by Daniel Sabogal
| Szabolcs Nagy | 2016-10-20 | 1 | -2/+2 |
| * | use dynamic buffer for getmntent•••overlayfs may have fairly long lines so we use getline to allocate a
buffer dynamically. The buffer will be allocated on first use, expand as
needed, but will never be free'ed.
Downstream bug: http://bugs.alpinelinux.org/issues/5703
Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
| Natanael Copa | 2016-10-20 | 1 | -4/+13 |
| * | fix integer overflows and uncaught EOVERFLOW in printf core•••this patch fixes a large number of missed internal signed-overflow
checks and errors in determining when the return value (output length)
would exceed INT_MAX, which should result in EOVERFLOW. some of the
issues fixed were reported by Alexander Cherepanov; others were found
in subsequent review of the code.
aside from the signed overflows being undefined behavior, the
following specific bugs were found to exist in practice:
- overflows computing length of floating point formats with huge
explicit precisions, integer formats with prefix characters and huge
explicit precisions, or string arguments or format strings longer
than INT_MAX, resulted in wrong return value and wrong %n results.
- literal width and precision values outside the range of int were
misinterpreted, yielding wrong behavior in at least one well-defined
case: string formats with precision greater than INT_MAX were
sometimes truncated.
- in cases where EOVERFLOW is produced, incorrect values could be
written for %n specifiers past the point of exceeding INT_MAX.
in addition to fixing these bugs, we now stop producing output
immediately when output length would exceed INT_MAX, rather than
continuing and returning an error only at the end.
| Rich Felker | 2016-10-20 | 2 | -46/+89 |
| * | fix integer overflow in float printf needed-precision computation•••if the requested precision is close to INT_MAX, adding
LDBL_MANT_DIG/3+8 overflows. in practice the resulting undefined
behavior manifests as a large negative result, which is then used to
compute the new end pointer (z) with a wildly out-of-bounds value
(more overflow, more undefined behavior). the end result is at least
incorrect output and character count (return value); worse things do
not seem to happen, but detailed analysis has not been done.
this patch fixes the overflow by performing the intermediate
computation as unsigned; after division by 9, the final result
necessarily fits in int.
| Rich Felker | 2016-10-19 | 1 | -1/+1 |
| * | fix regexec with haystack strings longer than INT_MAX•••we inherited from TRE regexec code that's utterly wrong with respect
to the integer types it's using. while it doesn't appear that
compilers are producing unsafe output, signed integer overflows seem
to happen, and regexec fails to find matches past offset INT_MAX.
this patch fixes the type of all variables/fields used to store
offsets in the string from int to regoff_t. after the changes, basic
testing showed that regexec can now find matches past 2GB (INT_MAX)
and past 4GB on x86_64, and code generation is unchanged on i386.
| Rich Felker | 2016-10-06 | 1 | -26/+28 |
| * | fix missing integer overflow checks in regexec buffer size computations•••most of the possible overflows were already ruled out in practice by
regcomp having already succeeded performing larger allocations.
however at least the num_states*num_tags multiplication can clearly
overflow in practice. for safety, check them all, and use the proper
type, size_t, rather than int.
also improve comments, use calloc in place of malloc+memset, and
remove bogus casts.
| Rich Felker | 2016-10-06 | 1 | -5/+18 |
| * | fix strftime %y for negative tm_year | Szabolcs Nagy | 2016-10-06 | 1 | -0/+1 |
| * | fix getservby*_r result pointer value on error•••this is a clone of the fix to the gethostby*_r functions in
commit fe82bb9b921be34370e6b71a1c6f062c20999ae0. the man pages
document that the getservby*_r functions set this pointer to
NULL if there was an error or if no record was found.
| Daniel Sabogal | 2016-09-24 | 2 | -0/+3 |
| * | remove dead case in gethostbyname2_r•••this case statement was accidently left behind when this function
was refactored in commit e8f39ca4898237cf71657500f0b11534c47a0521.
| Daniel Sabogal | 2016-09-24 | 1 | -2/+0 |
| * | simplify/refactor fflush and make fflush_unlocked an alias for fflush•••previously, fflush_unlocked was an alias for an internal backend that
was called by fflush, either for its argument or in a loop for each
file if a null pointer was passed. since the logic for the latter was
in the main fflush function, fflush_unlocked crashed when passed a
null pointer, rather than flushing all open files. since
fflush_unlocked is not a standard function and has no specification,
it's not clear whether it should be expected to accept null pointers
like fflush does, but a reasonable argument could be made that it
should.
this patch eliminates the helper function, simplifying fflush, and
makes fflush_unlocked an alias for fflush, which is valid because the
two functions agree in their behavior in all cases where their
behavior is defined (the unlocked version has undefined behavior if
another thread could hold locks).
| Rich Felker | 2016-09-18 | 1 | -30/+23 |
| * | fix if_indextoname error case•••posix requires errno to be set to ENXIO if the interface does not exist.
linux returns ENODEV instead so we handle this.
| Daniel Sabogal | 2016-09-16 | 1 | -1/+6 |
| * | fix printf regression with alt-form octal, zero flag, and field width•••commit b91cdbe2bc8b626aa04dc6e3e84345accf34e4b1, in fixing another
issue, changed the logic for how alt-form octal adds the leading zero
to adjust the precision rather than using a prefix character. this
wrongly suppressed the zero flag by mimicing an explicit precision
given by the format string. switch back to using a prefix character.
based on bug report and patch by Dmitry V. Levin, but simplified.
| Rich Felker | 2016-09-16 | 1 | -1/+1 |
| * | restore _Noreturn to __assert_fail•••this reverts commit 2c1f8fd5da3306fd7c8a2267467e44eb61f12dd4. without
the _Noreturn attribute, the compiler cannot use asserts to perform
reachability/range analysis. this leads to missed optimizations and
spurious warnings.
the original backtrace problem that prompted the removal of _Noreturn
was not clearly documented at the time, but it seems to happen only
when libc was built without -g, which also breaks many other
backtracing cases.
| Rich Felker | 2016-08-30 | 1 | -1/+1 |
| * | getdtablesize: fix returning hard instead of soft rlimit•••This makes the result consistent with sysconf(_SC_OPEN_MAX).
| Olivier Brunel | 2016-08-30 | 1 | -1/+1 |
| * | math: fix 128bit long double inverse trigonometric functions•••there was a copy paste error that could cause large ulp errors
in atan2l, atanl, asinl and acosl on aarch64, mips64 and mipsn32.
(the implementation is from freebsd fdlibm, but the tail end
of the polynomial was wrong. 128 bit long double functions
are not yet tested so this went undetected.)
| Szabolcs Nagy | 2016-08-30 | 1 | -1/+1 |
| * | verify that ttyname refers to the same file as the fd•••linux containers use separate mount namespace so the /proc
symlink might not point to the right device if the fd was
opened in the parent namespace, in this case return ENOENT.
| Szabolcs Nagy | 2016-08-30 | 1 | -4/+11 |
| * | fix pread/pwrite syscall calling convention on sh•••despite sh not generally using register-pair alignment for 64-bit
syscall arguments, there are arch-specific versions of the syscall
entry points for pread and pwrite which include a dummy argument for
alignment before the 64-bit offset argument.
| Rich Felker | 2016-08-11 | 3 | -2/+6 |
| * | revert unrelated change that slipped into last commit | Rich Felker | 2016-07-13 | 1 | -1/+1 |
| * | fix regression in tcsetattr on all mips archs•••revert commit 8c316e9e49d37ad92c2e7493e16166a2afca419f. it was wrong
and does not match how the kernel API works.
| Rich Felker | 2016-07-13 | 1 | -1/+1 |
| * | fix asctime day/month names not to vary by locale•••the FIXME comment here was overlooked at the time locale support was
added.
| Rich Felker | 2016-07-07 | 1 | -5/+4 |
| * | remove obsolete and unused gethostbyaddr implementation•••this code was already under #if 0, but could be confusing if a reader
didn't notice that, and it's almost surely full of bugs and/or
inconsistencies with the current code that uses the gethostbyname2_r
backend.
| Rich Felker | 2016-07-06 | 1 | -52/+0 |
| * | improve abort fallback behavior when raising SIGABRT fails to terminate•••these changes still do not yield a fully-conforming abort, but they
fix two known issues:
- per POSIX, termination via SIGKILL is not "abnormal", but both ISO C
and POSIX require abort to yield abnormal termination.
- raising SIGKILL fails to do anything to pid 1 in some containers.
now, the trapping instruction produced by a_crash() is expected to
produce abnormal termination, without the risk of invoking a signal
handler since SIGILL and SIGSEGV are blocked, and _Exit, which
contains an infinite loop analogous to the one being removed from
abort itself, is used as a last resort.
this implementation still fails to produce an exit status as if the
process terminated via SIGABRT in cases where SIGABRT is blocked or
ignored, but fixing that is not easy; the obvious pseudo-solutions all
have subtle race conditions where a concurrent fork or exec can expose
incorrect signal state.
| Rich Felker | 2016-07-03 | 1 | -1/+5 |
| * | define appropriate feature test macros to get CBAUD from termios.h | Rich Felker | 2016-07-03 | 2 | -0/+2 |
| * | fix posix_fadvise syscall args on powerpc, unify with arm fix•••commit 6d38c9cf80f47623e5e48190046673bbd0dc410b provided an
arm-specific version of posix_fadvise to address the alternate
argument order the kernel expects on arm, but neglected to address
that powerpc (32-bit) has the same issue. instead of having arch
variant files in duplicate, simply put the alternate version in the
top-level file under the control of a macro defined in syscall_arch.h.
| Rich Felker | 2016-07-01 | 2 | -12/+8 |
| * | pthread: implement try/timed join variants | Bobby Bingham | 2016-06-30 | 1 | -3/+17 |
| * | fix misordered syscall arguments for posix_fadvise on arm•••the arm version of the syscall has a custom argument ordering to avoid
needing a 7-argument syscall due to 64-bit argument alignment.
| Rich Felker | 2016-06-29 | 1 | -0/+12 |
| * | in posix_fadvise, don't bypass __syscall macro infrastructure•••when commit 0b6eb2dfb2e84a8a51906e7634f3d5edc230b058 added the
parentheses around __syscall to invoke the function directly, there
was no __syscall7 in the syscall macro infrastructure, so this hack
was needed. commit 9a3bbce447403d735282586786dc436ec1ffbad4 fixed that
but failed to remove the hack.
| Rich Felker | 2016-06-29 | 1 | -1/+1 |
| * | refactor name_from_dns in hostname lookup backend•••loop over an address family / resource record mapping to avoid
repetitive code.
| Natanael Copa | 2016-06-29 | 1 | -13/+12 |
| * | in performing dns lookups, check result from res_mkquery•••don't send a query that may be malformed.
| Natanael Copa | 2016-06-29 | 1 | -0/+4 |
| * | fix misaligned address buffers in gethostbyname[2][_r] results•••mistakenly ordering strings before addresses in the result buffer
broke the alignment that the preceding code had set up.
| Rich Felker | 2016-06-27 | 1 | -7/+7 |
| * | fix failure to obtain EOWNERDEAD status for process-shared robust mutexes•••Linux's documentation (robust-futex-ABI.txt) claims that, when a
process dies with a futex on the robust list, bit 30 (0x40000000) is
set to indicate the status. however, what actually happens is that
bits 0-30 are replaced with the value 0x40000000, i.e. bits 0-29
(containing the old owner tid) are cleared at the same time bit 30 is
set.
our userspace-side code for robust mutexes was written based on that
documentation, assuming that kernel would never produce a futex value
of 0x40000000, since the low (owner) bits would always be non-zero.
commit d338b506e39b1e2c68366b12be90704c635602ce introduced this
assumption explicitly while fixing another bug in how non-recoverable
status for robust mutexes was tracked. presumably the tests conducted
at that time only checked non-process-shared robust mutexes, which are
handled in pthread_exit (which implemented the documented kernel
protocol, not the actual one) rather than by the kernel.
change pthread_exit robust list processing to match the kernel
behavior, clearing bits 0-29 while setting bit 30, and use the value
0x7fffffff instead of 0x40000000 to encode non-recoverable status. the
choice of value here is arbitrary; any value with at least one of bits
0-29 set should work just as well,
| Rich Felker | 2016-06-27 | 3 | -3/+3 |
| * | remove comments on copyright status from UTF-8 implementation files•••despite clarifications made to the COPYRIGHT file in commit
f0a61399330bae42beeb27d6ecd05570b3382a60, there continues to be
confusion about whether the permissions granted actually apply to all
files. I am the sole author of these files and clearly intend, and
have always intended, for the grant of permission to apply to them.
| Rich Felker | 2016-06-21 | 13 | -78/+0 |
| * | fix a64l undefined behavior on ILP32 archs, wrong results on LP64 archs•••the difference of pointers is a signed type ptrdiff_t; if it is only
32-bit, left-shifting it by 30 bits produces undefined behavior. cast
the difference to an appropriate unsigned type, uint32_t, before
shifting to avoid this.
the a64l function is specified to return a signed 32-bit result in
type long. as noted in the bug report by Ed Schouten, converting
implicitly from uint32_t only produces the desired result when long is
a 32-bit type. since the computation has to be done in unsigned
arithmetic to avoid overflow, simply cast the result to int32_t.
further, POSIX leaves the behavior on invalid input unspecified but
not undefined, so we should not take the difference between the
potentially-null result of strchr and the base pointer without first
checking the result. the simplest behavior is just returning the
partial conversion already performed in this case, so do that.
| Rich Felker | 2016-05-23 | 1 | -3/+6 |
| * | fix the use of uninitialized value in regcomp•••the num_submatches field of some ast nodes was not initialized in
tre_add_tag_{left,right}, but was accessed later.
this was a benign bug since the uninitialized values were never used
(these values are created during tre_add_tags and copied around during
tre_expand_ast where they are also used in computations, but nothing
in the final tnfa depends on them).
| Szabolcs Nagy | 2016-05-22 | 1 | -0/+2 |
| * | add powerpc64 port | Bobby Bingham | 2016-05-08 | 11 | -0/+394 |
| * | fix incorrect protocol name and number for egp•••previously if you called getprotobyname("egp") you would get
NULL because \008 is invalid octal and so the protocol id was
interpreted as 0 and name as "8egp".
| Andrew Kelley | 2016-05-04 | 1 | -1/+1 |
| * | fix FILE buffer underflow in ungetwc•••commit 7e816a6487932cbb3cb71d94b609e50e81f4e5bf (version 1.1.11
release cycle) moved the code that performs wchar_t to multibyte
conversion across code that used the resulting length in bytes,
thereby breaking the unget buffer space check in ungetwc and
clobbering up to three bytes below the start of the buffer.
for allocated FILEs (all read-enabled FILEs except stdin), the
underflow clobbers at most the FILE-specific locale pointer. no stores
are performed through this pointer, but subsequent loads may result in
a crash or mismatching encoding rule (UTF-8 multibyte vs byte-based).
for stdin, the buffer lies in .bss and the underflow may clobber
another object. in practice, for libc.so the adjacent object seems to
be stderr's buffer, which is completely unused, but this could vary
with linking options, or when static linking.
applications which do not attempt to use more than one character of
ungetwc pushback, or which do not use ungetwc, are not affected.
| Rich Felker | 2016-04-26 | 1 | -3/+3 |
| * | fix thread structure/dtv-pointer corruption on powerpc•••per the powerpc psabi, offset 4 of the stack at call time belongs to
the callee and is used for spilling lr (return address). in addition,
offset 0 on the stack must contain a pointer to the previous stack
frame, or a null pointer for the initial stack frame of a thread.
__clone failed to setup any stack frame on the new thread's stack,
thereby allowing the start function it called to clobber offset 4 of
the new thread's struct __pthread, which contains the dtv pointer.
add code to setup a proper stack frame and align the stack pointer to
a multiple of 16 (also an abi requirement) if it was not already
aligned.
| Rich Felker | 2016-04-25 | 1 | -0/+5 |
| * | remove dead store in res_msend•••The variable nss is set to zero in following line.
| Petr Vaněk | 2016-04-18 | 1 | -1/+0 |
| * | add mips n32 port (ILP32 ABI for mips64)•••based on patch submitted by Jaydeep Patil, with minor changes.
| Rich Felker | 2016-04-18 | 12 | -0/+335 |
| * | fix read past end of haystack buffer for short needles in memmem•••the two/three/four byte memmem specializations are not prepared to
handle haystacks shorter than the needle; they unconditionally read at
least up to the needle length and subtract from the haystack length.
if the haystack is shorter, the remaining haystack length underflows
and produces an unbounded search which will eventually either crash or
find a spurious match.
the top-level memmem function attempted to avoid this case already by
checking for haystack shorter than needle, but it failed to re-check
after using memchr to remove the maximal prefix not containing the
first byte of the needle.
| Rich Felker | 2016-04-01 | 1 | -0/+1 |
| * | fix undefined pointer comparison in stdio-internal __toread•••the comparison f->wpos > f->buf has undefined behavior when f->wpos is
a null pointer, despite the intuition (and actual compiler behavior,
for all known compilers) being that NULL > ptr is false for all valid
pointers ptr.
the purpose of the comparison is to determine if the write buffer is
non-empty, and the idiom used elsewhere for that is comparison against
f->wbase, which is either a null pointer when not writing, or equal to
f->buf when writing. in the former case, both f->wpos and f->wbase are
null; in the latter they are both non-null and point into the same
array.
| Rich Felker | 2016-03-28 | 1 | -1/+1 |
| * | fix gethostbyaddr_r to fill struct hostent.h_length as appropriate | Timo Teräs | 2016-03-24 | 1 | -0/+1 |
| * | fix padding string formats to width in wide printf variants•••the idiom fprintf(f, "%.*s", n, "") was wrongly used in vfwprintf as a
means of producing n spaces; instead it produces no output. the
correct form is fprintf(f, "%*s", n, ""), using width instead of
precision, since for %s the later is a maximum rather than a minimum.
| Rich Felker | 2016-03-16 | 1 | -4/+4 |
| * | add powerpc soft-float support•••Some PowerPC CPUs (e.g. Freescale MPC85xx) have a completely different
instruction set for floating point operations (SPE).
Executing regular PowerPC floating point instructions results in
"Illegal instruction" errors.
Make it possible to run these devices in soft-float mode.
| Felix Fietkau | 2016-03-06 | 4 | -34/+49 |
| * | env: avoid leaving dangling pointers in __env_map•••This is the minimal fix for __putenv leaving a pointer to freed heap
storage in __env_map array, which could later on lead to errors such
as double-free.
| Alexander Monakov | 2016-03-06 | 1 | -0/+1 |
| * | add mips64 port•••patch by Mahesh Bodapati and Jaydeep Patil of Imagination
Technologies.
| Rich Felker | 2016-03-06 | 12 | -0/+338 |
| * | generalize mips-specific reloc code not to hard-code sym/type encoding•••this change is made in preparation for adding the mips64 port, which
needs a 64-bit (and mips64-specific) form of the R_INFO macro, but
it's a better abstraction anyway.
based on part of the mips64 port patch by Mahesh Bodapati and Jaydeep
Patil of Imagination Technologies.
| Rich Felker | 2016-03-06 | 1 | -0/+2 |
| * | math: fix expf(-NAN) and exp2f(-NAN) to return -NAN instead of 0•••expf(-NAN) was treated as expf(-large) which unconditionally
returns +0, so special case +-NAN.
reported by Petr Hosek.
| Szabolcs Nagy | 2016-03-04 | 2 | -0/+4 |
| * | add sched_getcpu vDSO support•••This brings the call to an actually usable speed.
Quick unscientific benchmark: 14ns : 102ns :: vDSO : syscall
| Nathan Zadoks | 2016-03-02 | 1 | -0/+31 |
