summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)AuthorFilesLines
2016-10-20fix float formatting of some exact halfway casesSzabolcs Nagy1-1/+2
in nearest rounding mode exact halfway cases were not following the round to even rule if the rounding happened at a base 1000000000 digit boundary of the internal representation and the previous digit was odd. e.g. printf("%.0f", 1.5) printed 1 instead of 2.
2016-10-20add pthread_setname_npFelix Janda1-0/+26
the thread name is displayed by gdb's "info threads".
2016-10-20fix clock_nanosleep error caseDaniel Sabogal1-1/+3
posix requires that EINVAL be returned if the first parameter specifies the cpu-time clock of the calling thread (CLOCK_THREAD_CPUTIME_ID). linux returns ENOTSUP instead so we handle this.
2016-10-20math: fix pow signed shift ubSzabolcs Nagy1-2/+2
j is int32_t and thus j<<31 is undefined if j==1, so j is changed to uint32_t locally as a quick fix, the generated code is not affected. (this is a strict conformance fix, future c standard may allow 1<<31, see DR 463. the bug was inherited from freebsd fdlibm, the proper fix is to use uint32_t for all bit hacks, but that requires more intrusive changes.) reported by Daniel Sabogal
2016-10-20use dynamic buffer for getmntentNatanael Copa1-4/+13
overlayfs may have fairly long lines so we use getline to allocate a buffer dynamically. The buffer will be allocated on first use, expand as needed, but will never be free'ed. Downstream bug: http://bugs.alpinelinux.org/issues/5703 Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
2016-10-20fix integer overflows and uncaught EOVERFLOW in printf coreRich Felker2-46/+89
this patch fixes a large number of missed internal signed-overflow checks and errors in determining when the return value (output length) would exceed INT_MAX, which should result in EOVERFLOW. some of the issues fixed were reported by Alexander Cherepanov; others were found in subsequent review of the code. aside from the signed overflows being undefined behavior, the following specific bugs were found to exist in practice: - overflows computing length of floating point formats with huge explicit precisions, integer formats with prefix characters and huge explicit precisions, or string arguments or format strings longer than INT_MAX, resulted in wrong return value and wrong %n results. - literal width and precision values outside the range of int were misinterpreted, yielding wrong behavior in at least one well-defined case: string formats with precision greater than INT_MAX were sometimes truncated. - in cases where EOVERFLOW is produced, incorrect values could be written for %n specifiers past the point of exceeding INT_MAX. in addition to fixing these bugs, we now stop producing output immediately when output length would exceed INT_MAX, rather than continuing and returning an error only at the end.
2016-10-19fix integer overflow in float printf needed-precision computationRich Felker1-1/+1
if the requested precision is close to INT_MAX, adding LDBL_MANT_DIG/3+8 overflows. in practice the resulting undefined behavior manifests as a large negative result, which is then used to compute the new end pointer (z) with a wildly out-of-bounds value (more overflow, more undefined behavior). the end result is at least incorrect output and character count (return value); worse things do not seem to happen, but detailed analysis has not been done. this patch fixes the overflow by performing the intermediate computation as unsigned; after division by 9, the final result necessarily fits in int.
2016-10-06fix regexec with haystack strings longer than INT_MAXRich Felker1-26/+28
we inherited from TRE regexec code that's utterly wrong with respect to the integer types it's using. while it doesn't appear that compilers are producing unsafe output, signed integer overflows seem to happen, and regexec fails to find matches past offset INT_MAX. this patch fixes the type of all variables/fields used to store offsets in the string from int to regoff_t. after the changes, basic testing showed that regexec can now find matches past 2GB (INT_MAX) and past 4GB on x86_64, and code generation is unchanged on i386.
2016-10-06fix missing integer overflow checks in regexec buffer size computationsRich Felker1-5/+18
most of the possible overflows were already ruled out in practice by regcomp having already succeeded performing larger allocations. however at least the num_states*num_tags multiplication can clearly overflow in practice. for safety, check them all, and use the proper type, size_t, rather than int. also improve comments, use calloc in place of malloc+memset, and remove bogus casts.
2016-10-06fix strftime %y for negative tm_yearSzabolcs Nagy1-0/+1
2016-09-24fix getservby*_r result pointer value on errorDaniel Sabogal2-0/+3
this is a clone of the fix to the gethostby*_r functions in commit fe82bb9b921be34370e6b71a1c6f062c20999ae0. the man pages document that the getservby*_r functions set this pointer to NULL if there was an error or if no record was found.
2016-09-24remove dead case in gethostbyname2_rDaniel Sabogal1-2/+0
this case statement was accidently left behind when this function was refactored in commit e8f39ca4898237cf71657500f0b11534c47a0521.
2016-09-18simplify/refactor fflush and make fflush_unlocked an alias for fflushRich Felker1-30/+23
previously, fflush_unlocked was an alias for an internal backend that was called by fflush, either for its argument or in a loop for each file if a null pointer was passed. since the logic for the latter was in the main fflush function, fflush_unlocked crashed when passed a null pointer, rather than flushing all open files. since fflush_unlocked is not a standard function and has no specification, it's not clear whether it should be expected to accept null pointers like fflush does, but a reasonable argument could be made that it should. this patch eliminates the helper function, simplifying fflush, and makes fflush_unlocked an alias for fflush, which is valid because the two functions agree in their behavior in all cases where their behavior is defined (the unlocked version has undefined behavior if another thread could hold locks).
2016-09-16fix if_indextoname error caseDaniel Sabogal1-1/+6
posix requires errno to be set to ENXIO if the interface does not exist. linux returns ENODEV instead so we handle this.
2016-09-16fix printf regression with alt-form octal, zero flag, and field widthRich Felker1-1/+1
commit b91cdbe2bc8b626aa04dc6e3e84345accf34e4b1, in fixing another issue, changed the logic for how alt-form octal adds the leading zero to adjust the precision rather than using a prefix character. this wrongly suppressed the zero flag by mimicing an explicit precision given by the format string. switch back to using a prefix character. based on bug report and patch by Dmitry V. Levin, but simplified.
2016-08-30restore _Noreturn to __assert_failRich Felker1-1/+1
this reverts commit 2c1f8fd5da3306fd7c8a2267467e44eb61f12dd4. without the _Noreturn attribute, the compiler cannot use asserts to perform reachability/range analysis. this leads to missed optimizations and spurious warnings. the original backtrace problem that prompted the removal of _Noreturn was not clearly documented at the time, but it seems to happen only when libc was built without -g, which also breaks many other backtracing cases.
2016-08-30getdtablesize: fix returning hard instead of soft rlimitOlivier Brunel1-1/+1
This makes the result consistent with sysconf(_SC_OPEN_MAX).
2016-08-30math: fix 128bit long double inverse trigonometric functionsSzabolcs Nagy1-1/+1
there was a copy paste error that could cause large ulp errors in atan2l, atanl, asinl and acosl on aarch64, mips64 and mipsn32. (the implementation is from freebsd fdlibm, but the tail end of the polynomial was wrong. 128 bit long double functions are not yet tested so this went undetected.)
2016-08-30verify that ttyname refers to the same file as the fdSzabolcs Nagy1-4/+11
linux containers use separate mount namespace so the /proc symlink might not point to the right device if the fd was opened in the parent namespace, in this case return ENOENT.
2016-08-11fix pread/pwrite syscall calling convention on shRich Felker3-2/+6
despite sh not generally using register-pair alignment for 64-bit syscall arguments, there are arch-specific versions of the syscall entry points for pread and pwrite which include a dummy argument for alignment before the 64-bit offset argument.
2016-07-13revert unrelated change that slipped into last commitRich Felker1-1/+1
2016-07-13fix regression in tcsetattr on all mips archsRich Felker1-1/+1
revert commit 8c316e9e49d37ad92c2e7493e16166a2afca419f. it was wrong and does not match how the kernel API works.
2016-07-07fix asctime day/month names not to vary by localeRich Felker1-5/+4
the FIXME comment here was overlooked at the time locale support was added.
2016-07-06remove obsolete and unused gethostbyaddr implementationRich Felker1-52/+0
this code was already under #if 0, but could be confusing if a reader didn't notice that, and it's almost surely full of bugs and/or inconsistencies with the current code that uses the gethostbyname2_r backend.
2016-07-03improve abort fallback behavior when raising SIGABRT fails to terminateRich Felker1-1/+5
these changes still do not yield a fully-conforming abort, but they fix two known issues: - per POSIX, termination via SIGKILL is not "abnormal", but both ISO C and POSIX require abort to yield abnormal termination. - raising SIGKILL fails to do anything to pid 1 in some containers. now, the trapping instruction produced by a_crash() is expected to produce abnormal termination, without the risk of invoking a signal handler since SIGILL and SIGSEGV are blocked, and _Exit, which contains an infinite loop analogous to the one being removed from abort itself, is used as a last resort. this implementation still fails to produce an exit status as if the process terminated via SIGABRT in cases where SIGABRT is blocked or ignored, but fixing that is not easy; the obvious pseudo-solutions all have subtle race conditions where a concurrent fork or exec can expose incorrect signal state.
2016-07-03define appropriate feature test macros to get CBAUD from termios.hRich Felker2-0/+2
2016-07-01fix posix_fadvise syscall args on powerpc, unify with arm fixRich Felker2-12/+8
commit 6d38c9cf80f47623e5e48190046673bbd0dc410b provided an arm-specific version of posix_fadvise to address the alternate argument order the kernel expects on arm, but neglected to address that powerpc (32-bit) has the same issue. instead of having arch variant files in duplicate, simply put the alternate version in the top-level file under the control of a macro defined in syscall_arch.h.
2016-06-30pthread: implement try/timed join variantsBobby Bingham1-3/+17
2016-06-29fix misordered syscall arguments for posix_fadvise on armRich Felker1-0/+12
the arm version of the syscall has a custom argument ordering to avoid needing a 7-argument syscall due to 64-bit argument alignment.
2016-06-29in posix_fadvise, don't bypass __syscall macro infrastructureRich Felker1-1/+1
when commit 0b6eb2dfb2e84a8a51906e7634f3d5edc230b058 added the parentheses around __syscall to invoke the function directly, there was no __syscall7 in the syscall macro infrastructure, so this hack was needed. commit 9a3bbce447403d735282586786dc436ec1ffbad4 fixed that but failed to remove the hack.
2016-06-29refactor name_from_dns in hostname lookup backendNatanael Copa1-14/+13
loop over an address family / resource record mapping to avoid repetitive code.
2016-06-29in performing dns lookups, check result from res_mkqueryNatanael Copa1-0/+4
don't send a query that may be malformed.
2016-06-27fix misaligned address buffers in gethostbyname[2][_r] resultsRich Felker1-7/+7
mistakenly ordering strings before addresses in the result buffer broke the alignment that the preceding code had set up.
2016-06-27fix failure to obtain EOWNERDEAD status for process-shared robust mutexesRich Felker3-3/+3
Linux's documentation (robust-futex-ABI.txt) claims that, when a process dies with a futex on the robust list, bit 30 (0x40000000) is set to indicate the status. however, what actually happens is that bits 0-30 are replaced with the value 0x40000000, i.e. bits 0-29 (containing the old owner tid) are cleared at the same time bit 30 is set. our userspace-side code for robust mutexes was written based on that documentation, assuming that kernel would never produce a futex value of 0x40000000, since the low (owner) bits would always be non-zero. commit d338b506e39b1e2c68366b12be90704c635602ce introduced this assumption explicitly while fixing another bug in how non-recoverable status for robust mutexes was tracked. presumably the tests conducted at that time only checked non-process-shared robust mutexes, which are handled in pthread_exit (which implemented the documented kernel protocol, not the actual one) rather than by the kernel. change pthread_exit robust list processing to match the kernel behavior, clearing bits 0-29 while setting bit 30, and use the value 0x7fffffff instead of 0x40000000 to encode non-recoverable status. the choice of value here is arbitrary; any value with at least one of bits 0-29 set should work just as well,
2016-06-21remove comments on copyright status from UTF-8 implementation filesRich Felker13-78/+0
despite clarifications made to the COPYRIGHT file in commit f0a61399330bae42beeb27d6ecd05570b3382a60, there continues to be confusion about whether the permissions granted actually apply to all files. I am the sole author of these files and clearly intend, and have always intended, for the grant of permission to apply to them.
2016-05-23fix a64l undefined behavior on ILP32 archs, wrong results on LP64 archsRich Felker1-3/+6
the difference of pointers is a signed type ptrdiff_t; if it is only 32-bit, left-shifting it by 30 bits produces undefined behavior. cast the difference to an appropriate unsigned type, uint32_t, before shifting to avoid this. the a64l function is specified to return a signed 32-bit result in type long. as noted in the bug report by Ed Schouten, converting implicitly from uint32_t only produces the desired result when long is a 32-bit type. since the computation has to be done in unsigned arithmetic to avoid overflow, simply cast the result to int32_t. further, POSIX leaves the behavior on invalid input unspecified but not undefined, so we should not take the difference between the potentially-null result of strchr and the base pointer without first checking the result. the simplest behavior is just returning the partial conversion already performed in this case, so do that.
2016-05-22fix the use of uninitialized value in regcompSzabolcs Nagy1-0/+2
the num_submatches field of some ast nodes was not initialized in tre_add_tag_{left,right}, but was accessed later. this was a benign bug since the uninitialized values were never used (these values are created during tre_add_tags and copied around during tre_expand_ast where they are also used in computations, but nothing in the final tnfa depends on them).
2016-05-08add powerpc64 portBobby Bingham11-0/+394
2016-05-04fix incorrect protocol name and number for egpAndrew Kelley1-1/+1
previously if you called getprotobyname("egp") you would get NULL because \008 is invalid octal and so the protocol id was interpreted as 0 and name as "8egp".
2016-04-26fix FILE buffer underflow in ungetwcRich Felker1-3/+3
commit 7e816a6487932cbb3cb71d94b609e50e81f4e5bf (version 1.1.11 release cycle) moved the code that performs wchar_t to multibyte conversion across code that used the resulting length in bytes, thereby breaking the unget buffer space check in ungetwc and clobbering up to three bytes below the start of the buffer. for allocated FILEs (all read-enabled FILEs except stdin), the underflow clobbers at most the FILE-specific locale pointer. no stores are performed through this pointer, but subsequent loads may result in a crash or mismatching encoding rule (UTF-8 multibyte vs byte-based). for stdin, the buffer lies in .bss and the underflow may clobber another object. in practice, for libc.so the adjacent object seems to be stderr's buffer, which is completely unused, but this could vary with linking options, or when static linking. applications which do not attempt to use more than one character of ungetwc pushback, or which do not use ungetwc, are not affected.
2016-04-25fix thread structure/dtv-pointer corruption on powerpcRich Felker1-0/+5
per the powerpc psabi, offset 4 of the stack at call time belongs to the callee and is used for spilling lr (return address). in addition, offset 0 on the stack must contain a pointer to the previous stack frame, or a null pointer for the initial stack frame of a thread. __clone failed to setup any stack frame on the new thread's stack, thereby allowing the start function it called to clobber offset 4 of the new thread's struct __pthread, which contains the dtv pointer. add code to setup a proper stack frame and align the stack pointer to a multiple of 16 (also an abi requirement) if it was not already aligned.
2016-04-18remove dead store in res_msendPetr Vaněk1-1/+0
The variable nss is set to zero in following line.
2016-04-18add mips n32 port (ILP32 ABI for mips64)Rich Felker12-0/+335
based on patch submitted by Jaydeep Patil, with minor changes.
2016-04-01fix read past end of haystack buffer for short needles in memmemRich Felker1-0/+1
the two/three/four byte memmem specializations are not prepared to handle haystacks shorter than the needle; they unconditionally read at least up to the needle length and subtract from the haystack length. if the haystack is shorter, the remaining haystack length underflows and produces an unbounded search which will eventually either crash or find a spurious match. the top-level memmem function attempted to avoid this case already by checking for haystack shorter than needle, but it failed to re-check after using memchr to remove the maximal prefix not containing the first byte of the needle.
2016-03-28fix undefined pointer comparison in stdio-internal __toreadRich Felker1-1/+1
the comparison f->wpos > f->buf has undefined behavior when f->wpos is a null pointer, despite the intuition (and actual compiler behavior, for all known compilers) being that NULL > ptr is false for all valid pointers ptr. the purpose of the comparison is to determine if the write buffer is non-empty, and the idiom used elsewhere for that is comparison against f->wbase, which is either a null pointer when not writing, or equal to f->buf when writing. in the former case, both f->wpos and f->wbase are null; in the latter they are both non-null and point into the same array.
2016-03-24fix gethostbyaddr_r to fill struct hostent.h_length as appropriateTimo Teräs1-0/+1
2016-03-16fix padding string formats to width in wide printf variantsRich Felker1-4/+4
the idiom fprintf(f, "%.*s", n, "") was wrongly used in vfwprintf as a means of producing n spaces; instead it produces no output. the correct form is fprintf(f, "%*s", n, ""), using width instead of precision, since for %s the later is a maximum rather than a minimum.
2016-03-06add powerpc soft-float supportFelix Fietkau4-34/+49
Some PowerPC CPUs (e.g. Freescale MPC85xx) have a completely different instruction set for floating point operations (SPE). Executing regular PowerPC floating point instructions results in "Illegal instruction" errors. Make it possible to run these devices in soft-float mode.
2016-03-06env: avoid leaving dangling pointers in __env_mapAlexander Monakov1-0/+1
This is the minimal fix for __putenv leaving a pointer to freed heap storage in __env_map array, which could later on lead to errors such as double-free.
2016-03-06add mips64 portRich Felker12-0/+338
patch by Mahesh Bodapati and Jaydeep Patil of Imagination Technologies.