summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)AuthorFilesLines
2017-06-14getdate: correctly specify error numberA. Wilcox1-1/+2
POSIX defines getdate error #5 as: "An I/O error is encountered while reading the template file." POSIX defines getdate error #7 as: "There is no line in the template that matches the input." This change correctly disambiguates between the two error conditions.
2017-06-14catopen: set errno to EOPNOTSUPPA. Wilcox1-0/+2
Per 1003.1-2008 (2016 ed.), catopen must set errno on failure. We set errno to EOPNOTSUPP because musl does not currently support message catalogues.
2017-06-08fix glob failure to match plain "/" to root directoryRich Felker1-1/+1
the check to prevent matching empty string wrongly blocked matching of "/" due to checking emptiness after stripping leading slashes rather than checking the full original argument string. simplified from patch by Julien Ramseier.
2017-06-08use hard-coded sh4a atomic opcodes to avoid linker errors on shRich Felker1-4/+4
when using the sh4a opcodes, the assembler tags the resulting object file as requiring sh4a. the linker then refuses to (static) link it with object files marked as requiring j2, since there is no isa level that includes both sh4a and j2 instructions.
2017-05-31towupper/towlower: fast path for ascii charsNatanael Copa1-3/+3
Make a fast path for ascii chars which is assumed to be the most common case. This has significant performance benefit on xml json and similar
2017-05-27fix fchown fallback on arches without chown(2)Samuel Holland1-1/+1
The flags argument was missing, causing uninitalized data to be passed to fchownat(2). The correct value of flags should match the fallback for chown(3).
2017-05-27fix iconv conversions to legacy 8bit encodingsRich Felker1-9/+12
there was missing reverse-conversion logic for the case, handled specially in the character set tables, where a byte represents a unicode codepoint with the same value. this patch adds code to handle the case, and refactors the two-level 10-bit table lookup for legacy character sets into a function to avoid repeating it yet another time as part of the fix.
2017-04-22have posix_spawnattr_setflags check for supported flagsRich Felker1-0/+11
per POSIX, EINVAL is not a mandatory error, only an optional one. but reporting unsupported flags allows an application to fallback gracefully when a requested feature is not supported. this is not helpful now, but it may be in the future if additional flags are added. had this checking been present before, applications would have been able to check for the newly-added POSIX_SPAWN_SETSID feature (added in commit bb439bb17108b67f3df9c9af824d3a607b5b059d) at runtime.
2017-04-22implement new posix_spawn flag POSIX_SPAWN_SETSIDRich Felker1-0/+4
this functionality has been adopted for inclusion in the next issue of POSIX as the result of Austin Group issue #1044. based on patch by Daurnimator.
2017-04-22remove va_arg hacks in printf core with undefined behaviorRich Felker1-26/+1
the code being removed was written to optimize for size assuming the compiler cannot collapse code paths for different types with the same underlying representation. modern compilers sometimes succeed in making this optimization themselves, but either way it's a small size difference and not worth the source-level complexity or the UB involved in this hack. some incorrect use of va_arg still remains, particularly use of void * where the actual argument has a different pointer type. fixing this requires some actual code additions, rather than just removing cruft, so I'm leaving it to be done later as a separate commit.
2017-04-21make ttyname[_r] return ENODEV rather than ENOENTRich Felker1-1/+1
commit 0a950dcf15bb9f7274c804dca490e9e20e475f3e added checking that the pathname a tty device was opened with actually matches the device, which can fail to hold when a container inherits a tty from outside the container. the error code added at the time was ENOENT; however, discussions between affected applications and glibc developers resulted in glibc adopting ENODEV as the error for this condition, and this has now been documented in the man pages project as well. adopt the same error code for consistency. patch by Christian Brauner.
2017-04-21fix regression in support for resolv.conf attempts optionRich Felker1-2/+2
commit d6cb08bcaca4ff1f921375510ca72bccea969c75 moved the code and introduced an incorrect string offset for the new parsing, probably due to a copy-and-paste error. patch by Stefan Sedich.
2017-04-21fix scalbn when result is in the subnormal rangeSzabolcs Nagy3-12/+14
in nearest rounding mode scalbn could introduce double rounding error when an intermediate value and the final result were both in the subnormal range e.g. scalbn(0x1.7ffffffffffffp-1, -1073) returned 0x1p-1073 instead of 0x1p-1074, because the intermediate computation got rounded to 0x1.8p-1023. with the fix an intermediate value can only be in the subnormal range if the final result is 0 which is correct even after double rounding. (there still can be two roundings so signals may be raised twice, but that's only observable with trapping exceptions which is not supported.)
2017-04-21allow full-range file offsets to mmap on archs with 64-bit syscall argsRich Felker1-1/+1
normally 32-bit archs use the mmap2 syscall and are limited to an offset of 2^32 pages. however some 32-bit archs (mainly ILP32-on-64 ones like x32) have 64-bit syscall argument slots and thus can accept the full range. don't artifically limit them.
2017-04-11fix dl_iterate_phdr in static PIE binariesRich Felker1-0/+5
analogous to commit 5bf7eba213cacc4c1220627c91c28deff2ffecda, use of AT_PHDR/PT_PHDR does not actually work to find the program base, and the method with _DYNAMIC vs PT_DYNAMIC must be used as an alternative. patch by Shiz, along with testing to confirm that this fixes unwinding in static PIE.
2017-04-11fix read past end of buffer in getaddrinfo backendRich Felker1-2/+2
due to testing buf[i].family==AF_INET before checking i==cnt, it was possible to read past the end of the array, or past the valid part. in practice, without active bounds/indeterminate-value checking by the compiler, the worst that happened was failure to return early and optimize out the sorting that's unneeded for v4-only results. returning on i==cnt-1 rather than i==cnt would be an alternate fix, but the approach this patch takes is more idiomatic and less error-prone. patch by Timo Teräs.
2017-03-21aarch64: add single instruction math functionsSzabolcs Nagy34-24/+226
this should increase performance and reduce code size on aarch64. the compiled code was checked against using __builtin_* instead of inline asm with gcc-6.2.0. lrint is two instructions. c with inline asm is used because it is safer than a pure asm implementation, this prevents ll{rint,round} to be an alias of l{rint,round} (because the types don't match) and depends on gcc style inline asm support. ceil, floor, round, trunc can either raise inexact on finite non-integer inputs or not raise any exceptions. the new implementation does not raise exceptions while the generic c code does. on aarch64, the underflow exception is signaled before rounding (ieee 754 allows both before and after rounding, but it must be consistent), the generic fma c code signals it after rounding so using single instruction fixes a slight conformance issue too.
2017-03-21fix strptime output for %C without %yJulien Ramseier1-2/+3
in this case, a potentially-uninitialized or unrelated existing value in tm_year was being used. instead use 0 if %y was not present.
2017-03-21fix processing of strptime %p formatJulien Ramseier1-0/+2
string pointer was not advanced after matching.
2017-03-21fix off-by-one in strptime %jJulien Ramseier1-0/+1
tm_yday range is 0-365 while %j is 1-366
2017-03-21regex: fix newline matching with negated bracketsJulien Ramseier1-0/+14
With REG_NEWLINE, POSIX says: "A <newline> in string shall not be matched by a period outside a bracket expression or by any form of a non-matching list"
2017-03-21increase limit on locale name length from 15 to 23 bytesRich Felker1-1/+1
the old limit was one byte too short to support locale names of the form xx_XX.UTF-8@modifier where modifier is more than 3 bytes, a form which various real-world locale names take. the problem could be avoided by omitting the useless ".UTF-8" part, but users may need to have it present when operating on mixed-libc systems or when it will be carried over (e.g. across ssh) to other systems. the new limit is chosen sufficient for existing/reasonable locale names while still keeping the size of setlocale's static buffer small. also add locale_impl.h to the Makefile's list of headers which force rebuild of source files, to prevent dangerously inconsistent object files from getting used after this change.
2017-03-21search locale name variants for gettext translationsRich Felker1-32/+55
often translations will be named only by language, whereas locale names may also include a territory code, modifier, and codeset portion. previously, only translations exactly matching the locale name were loaded. this was a major usability issue, requiring workarounds like symlinks or tweaking of the locale name. with these changes, gettext now searches for translations by first removing the codeset portion of the locale name, then trying the remainder in full, with modifier (@mod) removed, with territory code (_XX) removed, and with both removed. part of the reason gettext lacked support for searching fallbacks before is that the candidate pathname for a translation file was constructed on each call and used as the key to lookup an already-mapped translation file. this was very costly/inefficient. we now use the tuple of textdomain binding pointer, locale map pointer, and integer category id as the key for looking up a translation file mapping. based on patch by He X.
2017-03-21make setlocale return a single name for LC_ALL if all categories matchRich Felker1-2/+5
when called for LC_ALL, setlocale has to return a string representing the state of all locale categories. the simplest way to do this was to always return a delimited list of values for each category, but that's not friendly in the fairly common case where all categories have the same setting. He X proposed a patch to check for this case and return a single name; this patch is a simplified approach to do the same.
2017-03-15fix POSIX-format TZ dst transition times for southern hemisphereRich Felker1-8/+4
the time of day at which daylight time switches over is specified in local time in the dst state prior to the transition. the code for handling this wrongly assumed it needed to switch whether dst or standard offset is applied to the transition time when the dst end date is before the dst start date (souther hemisphere summer), but in fact the end transition time should always be adjusted for dst, and the start transition time should always be adjusted for standard time.
2017-03-15fix threshold constants in j0f, y0f, j1f, y1fSzabolcs Nagy2-13/+12
partly following freebsd rev 279491 https://svnweb.freebsd.org/base?view=revision&revision=279491 (musl had some of the fixes before freebsd). the change should not matter much for j0f, y0f, but it improves j1f and y1f in [2.5,~3.75] (that is [0x40200000,~0x40700000]). near roots (e.g. around 3.8317 for j1f) there are still large ulp errors. dropped code that tried to raise inexact.
2017-03-14fix one-byte overflow in legacy getpass functionRich Felker1-1/+1
if the length of the input was equal to the buffer size (128), a fixed value of zero was written one byte past the end of the static buffer.
2017-03-14fix wide scanf's use of a compound literal past its lifetimeRich Felker1-1/+2
2017-03-14fix possible fd leak, unrestored cancellation state on dns socket failRich Felker1-1/+5
2017-03-14in static dl_iterate_phdr, fix use of possibly-uninitialized aux dataRich Felker1-1/+1
this could only happen if an incomplete auxv was passed into the program, but it's better to just initialize the data anyway.
2017-03-14fix free of uninitialized buffer pointer on error in regexecRich Felker1-3/+3
the fix in commit c3edc06d1e1360f3570db9155d6b318ae0d0f0f7 for CVE-2016-8859 used gotos to exit on overflow conditions, but the code in that error path assumed the buffer pointer was valid or null. thus, the conditions which previously led to under-allocation and buffer overflow could instead lead to an invalid pointer being passed to free.
2017-03-05fix lsearch and lfind to pass key as first arg to the compar callbackSzabolcs Nagy1-2/+2
this is not a conformance issue as posix does not specify the argument order, but the order is specified for bsearch and some systems document the order for lsearch consistently (openbsd). since there were two indpendent reports of this issue it's better to use the more widely expected argument order.
2017-02-15fix build regression in arm atomics asm with new binutilsRich Felker1-1/+1
binutils commit bada43421274615d0d5f629a61a60b7daa71bc15 tightened immediate fixup handling in gas in such a way that the final .arch of an object file must be compatible with the fixups used when the instruction was assembled; this in turn broke assembling of atomics.s, at least in thumb mode. it's not clear whether this should be considered a bug in gas, but .object_arch is preferable anyway for our purpose here of controlling the ISA level tag on the object file being produced, and it's the intended directive for use in object files with runtime code selection. research by Szabolcs Nagy confirmed that .object_arch is supported in all relevant versions of binutils and clang's integrated assembler. patch by Reiner Herrmann.
2017-02-15s390x: implement dlsymBobby Bingham1-0/+6
This was missed when writing the port initially.
2017-01-29avoid unbounded strlen in gettext functionsRich Felker1-3/+3
use the standard strnlen idiom for cases where lengths greater than an imposed limit are going to be rejected immediately anyway.
2017-01-29fix use of uninitialized pointer in gettext coreRich Felker1-2/+2
the plural_rule field of allocated msgcat structures was assumed to be initially-null but was never initialized. for future-proofing, the nplurals field which was left uninitialized should also be cleared. likewise, in the binding structure, the active field could be used uninitialized by a technicality: the a_store which stores the initial value of 0 may be implemented as a cas operation, which reads the old value. rather than fixing these issues individually, just use calloc for both allocations. this does result in wasteful clearing of name buffers (up to NAME_MAX+PATH_MAX) before filling them, but since the size if bounded and the time is dominated by filesystem operations, it really doesn't matter; simplicity and future-proofing have more value here. modified from patch submitted by He X.
2017-01-29fix bindtextdomain logic error deactivating other domainsRich Felker1-1/+1
this loop was only supposed to deactivate other bindings for the same text domain name, but due to copy-and-paste error, deactivated all other bindings. patch by He X.
2017-01-19fix spurious EINTR errors from multithreaded set*id, etc.Rich Felker1-1/+1
commit 78a8ef47c4d92b7680c52a85f80a81e29da86bb9 inadvertently removed the SA_RESTART flag from the sigaction for the internal signal handler used by __synccall for broadcasting. as a result, programs which did not use interrupting signals but which used set*id() in a multithreaded context could wrongly observe EINTR errors they're not prepared to handle.
2017-01-13fix crashes in x32 __tls_get_addrrofl0r2-2/+6
x32 has another gratuitous difference to all other archs: it passes an array of 64bit values to __tls_get_addr(). usually it is an array of size_t.
2017-01-04treat base 1 as an error in strtol-family functionsRich Felker1-1/+1
ISO C and POSIX only specify behavior for base arguments of 0 and 2-36; POSIX mandates an EINVAL error for unsupported bases. it's not clear that there's a requirement for implementations not to "support" additional bases as an extension, but "base 1" did not work in any meaningful way anyway, so it should be considered unsupported and thus an error.
2017-01-04fix getopt[_long] clobbering of optopt on successRich Felker2-2/+5
getopt is only specified to modify optopt on error, and some software apparently infers an error from optopt!=0. getopt_long is changed analogously. the resulting behavior differs slightly from the behavior of the GNU implementation of getopt_long, which keeps an internal shadow copy of optopt and copies it to the public one on return, but since the GNU implementation also exhibits this shadow-copy behavior for plain getopt where is is non-conforming, I think this can reasonably be considered a bug rather than an intentional behavior that merits mimicing.
2017-01-02make globfree safe after failed glob from over-length argumentRich Felker1-2/+2
commit 0dc99ac413d8bc054a2e95578475c7122455eee8 added input length checking to avoid unsafe VLA allocation, but put it in the wrong place, before the glob_t structure was zeroed out. while POSIX isn't clear on whether it's permitted to call globfree after glob failed with GLOB_NOSPACE, making it safe is clearly better than letting uninitialized pointers get passed to free in non-conforming callers. while we're fixing this, change strlen check to the idiomatic strnlen version to avoid unbounded input scanning before returning an error.
2017-01-02fix strftime %y for negative yearsRich Felker1-2/+2
commit 583ea83541dcc6481c7a1bd1a9b485526bad84a1 fixed the case where tm_year is negative but the resulting year (offset by 1900) was still positive, which is always the case for time_t values that fit in 32 bits, but not for arbitrary inputs. based on an earlier patch by Julien Ramseier which was overlooked at the time the previous fix was applied.
2016-12-20fix support for initialized TLS in static PIE binariesRich Felker1-0/+5
the static-linked version of __init_tls needs to locate the TLS initialization image via the ELF program headers, which requires determining the base address at which the program was loaded. the existing code attempted to do this by comparing the actual address of the program headers (obtained via auxv) with the virtual address for the PT_PHDR record in the program headers. however, the linker seems to produce a PT_PHDR record only when a program interpreter (dynamic linker) is used. thus the computation failed and used the default base address of 0, leading to a crash when trying to access the TLS image at the wrong address. the dynamic linker entry point and static-PIE rcrt1.o startup code compute the base address instead by taking the difference between the run-time address of _DYNAMIC and the virtual address in the PT_DYNAMIC record. this patch copies the approach they use, but with a weak symbolic reference to _DYNAMIC instead of obtaining the address from the crt_arch.h asm. this works because relocations have already been performed at the time __init_tls is called.
2016-12-19rework arm atomic/tp backends to be thumb-compatible and fdpic-readyRich Felker4-56/+69
three problems are addressed: - use of pc arithmetic, which was difficult if not impossible to make correct in thumb mode on all models, so that relative rather than absolute pointers to the backends could be used. this was designed back when there was no coherent model for the early stages of the dynamic linker before relocations, and is no longer necessary. - assumption that data (the relative pointers to the backends) can be accessed at a constant displacement from the code. this will not be possible on future fdpic subarchs (for cortex-m), so move responsibility for loading the backend code address to the caller. - hard-coded arm opcodes using the .word directive. instead, use the .arch directive to work around the assembler's refusal to assemble instructions not available (or in some cases, available but just considered deprecated) in the target isa level. the obscure v6t2 arch is used for v6 code so as to (1) allow generation of thumb2 output if -mthumb is active, and (2) avoid warnings/errors for mcr barriers that clang would produce if we just set arch to v7-a. in addition, the __aeabi_read_tp function is moved out of the inner workings and implemented as an asm wrapper around a C function, so that asm code does not need to read global data. the asm wrapper serves to satisfy the ABI calling convention requirements for this function.
2016-12-17disable use of arm memcpy asm if building as thumb codeRich Felker2-2/+2
the thumb incompatibilities in the asm are probably only minor and should be fixable, but for now just use the C version.
2016-12-17make arm setjmp/longjmp asm thumb2-compatibleRich Felker2-2/+6
sp cannot be used in the ldm/stm register set in thumb mode.
2016-12-17use lookup table for malloc bin index instead of float conversionSzabolcs Nagy1-2/+12
float conversion is slow and big on soft-float targets. The lookup table increases code size a bit on most hard float targets (and adds 60byte rodata), performance can be a bit slower because of position independent data access and cpu internal state dependence (cache, extra branches), but the overall effect should be minimal (common, small size allocations should be unaffected).
2016-12-16handle ^ and $ in BRE subexpression start and end as anchorsSzabolcs Nagy1-9/+12
In BRE, ^ is an anchor at the beginning of an expression, optionally it may be an anchor at the beginning of a subexpression and must be treated as a literal otherwise. Previously musl treated ^ in subexpressions as literal, but at least glibc and gnu sed treats it as an anchor and that's the more useful behaviour: it can always be escaped to get back the literal meaning. Same for $ at the end of a subexpression. Portable BRE should not rely on this, but there are sed commands in build scripts which do. This changes the meaning of the BREs: \(^a\) \(a\|^b\) \(a$\) \(a$\|b\)
2016-12-16fix mrand48/jrand48 return value on 64-bit archsRich Felker1-1/+1
POSIX specifies the result to have signed 32-bit range. on 32-bit archs, the implicit conversion to long achieved the desired range already, but when long is 64-bit, a cast is needed. patch by Ed Schouten.