summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)AuthorFilesLines
2016-11-08add limited pthread_setattr_default_np API to set stack size defaultsRich Felker2-4/+43
based on patch by Timo Teräs: While generally this is a bad API, it is the only existing API to affect c++ (std::thread) and c11 (thrd_create) thread stack size. This patch allows applications only to increate stack and guard page sizes.
2016-11-08fix pthread_create regression from stack/guard size simplificationRich Felker1-1/+4
commit 33ce920857405d4f4b342c85b74588a15e2702e5 broke pthread_create in the case where a null attribute pointer is passed; rather than using the default sizes, sizes of 0 (plus the remainder of one page after TLS/TCB use) were used.
2016-11-07simplify pthread_attr_t stack/guard size representationRich Felker7-11/+13
previously, the pthread_attr_t object was always initialized all-zero, and stack/guard size were represented as differences versus their defaults. this required lots of confusing offset arithmetic everywhere they were used. instead, have pthread_attr_init fill in the default values, and work with absolute sizes everywhere.
2016-11-07fix swprintf internal buffer state and error handlingRich Felker1-1/+8
the swprintf write callback never reset its buffer pointers, so after its 256-byte buffer filled up, it would keep repeating those bytes over and over in the output until the destination buffer filled up. it also failed to set the error indicator for the stream on EILSEQ, potentially allowing output to continue after the error.
2016-11-07fix integer overflow of tm_year in __secs_to_tmDaniel Sabogal1-4/+5
the overflow check for years+100 did not account for the extra year computed from the remaining months. instead, perform this check after obtaining the final number of years.
2016-11-07fix parsing of quoted time zone namesHannu Nyman1-1/+1
Fix parsing of the < > quoted time zone names. Compare the correct character instead of repeatedly comparing the first character.
2016-10-21redesign snprintf without undefined behaviorRich Felker1-25/+38
the old snprintf design setup the FILE buffer pointers to point directly into the destination buffer; if n was actually larger than the buffer size, the pointer arithmetic to compute the buffer end pointer was undefined. this affected sprintf, which is implemented in terms of snprintf, as well as some unusual but valid direct uses of snprintf. instead, setup the FILE as unbuffered and have its write function memcpy to the destination. the printf core sets up its own temporary buffer for unbuffered streams.
2016-10-20add missing confstr constantsDaniel Sabogal1-1/+1
the _CS_V6_ENV and _CS_V7_ENV constants are required to be available for use with confstr. glibc defines these constants with values 1148 and 1149, respectively. the only missing (and required) confstr constants are _CS_POSIX_V7_THREADS_CFLAGS and _CS_POSIX_V7_THREADS_LDFLAGS which remain unavailable in glibc.
2016-10-20fix minor problem in previous strtod non-nearest rounding bug fixRich Felker1-1/+1
commit 6ffdc4579ffb34f4aab69ab4c081badabc7c0a9a set lnz in the code path for non-zero digits after a huge string of zeros, but the assignment of dc to lnz truncates if the value of dc does not fit in int; this is possible for some pathologically long inputs, either via strings on 64-bit systems or via scanf-family functions. instead, simply set lnz to match the point at which we add the artificial trailing 1 bit to simulate nonzero digits after a huge run of zeros.
2016-10-20fix strtod int optimization in non-nearest rounding modeSzabolcs Nagy1-1/+4
the mid-sized integer optimization relies on lnz set up properly to mark the last non-zero decimal digit, but this was not done if the non-zero digit lied outside the KMAX digits of the base 10^9 number representation. so if the fractional part was a very long list of zeros (>2048*9 on x86) followed by non-zero digits then the integer optimization could kick in discarding the tiny non-zero fraction which can mean wrong result on non-nearest rounding mode. strtof, strtod and strtold were all affected.
2016-10-20fix strtod and strtof rounding with many trailing zerosSzabolcs Nagy1-0/+3
in certain cases excessive trailing zeros could cause incorrect rounding from long double to double or float in decfloat. e.g. in strtof("9444733528689243848704.000000", 0) the argument is 0x1.000001p+73, exactly halfway between two representible floats, this incorrectly got rounded to 0x1.000002p+73 instead of 0x1p+73, but with less trailing 0 the rounding was fine. the fix makes sure that the z index always points one past the last non-zero digit in the base 10^9 representation, this way trailing zeros don't affect the rounding logic.
2016-10-20fix gratuitous undefined behavior in strptimeRich Felker1-2/+7
accessing an object of type const char *restrict as if it had type char * is not defined.
2016-10-20fix getopt_long_only misinterpreting "--" as an optionRich Felker1-1/+1
2016-10-20fix float formatting of some exact halfway casesSzabolcs Nagy1-1/+2
in nearest rounding mode exact halfway cases were not following the round to even rule if the rounding happened at a base 1000000000 digit boundary of the internal representation and the previous digit was odd. e.g. printf("%.0f", 1.5) printed 1 instead of 2.
2016-10-20add pthread_setname_npFelix Janda1-0/+26
the thread name is displayed by gdb's "info threads".
2016-10-20fix clock_nanosleep error caseDaniel Sabogal1-1/+3
posix requires that EINVAL be returned if the first parameter specifies the cpu-time clock of the calling thread (CLOCK_THREAD_CPUTIME_ID). linux returns ENOTSUP instead so we handle this.
2016-10-20math: fix pow signed shift ubSzabolcs Nagy1-2/+2
j is int32_t and thus j<<31 is undefined if j==1, so j is changed to uint32_t locally as a quick fix, the generated code is not affected. (this is a strict conformance fix, future c standard may allow 1<<31, see DR 463. the bug was inherited from freebsd fdlibm, the proper fix is to use uint32_t for all bit hacks, but that requires more intrusive changes.) reported by Daniel Sabogal
2016-10-20use dynamic buffer for getmntentNatanael Copa1-4/+13
overlayfs may have fairly long lines so we use getline to allocate a buffer dynamically. The buffer will be allocated on first use, expand as needed, but will never be free'ed. Downstream bug: http://bugs.alpinelinux.org/issues/5703 Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
2016-10-20fix integer overflows and uncaught EOVERFLOW in printf coreRich Felker2-46/+89
this patch fixes a large number of missed internal signed-overflow checks and errors in determining when the return value (output length) would exceed INT_MAX, which should result in EOVERFLOW. some of the issues fixed were reported by Alexander Cherepanov; others were found in subsequent review of the code. aside from the signed overflows being undefined behavior, the following specific bugs were found to exist in practice: - overflows computing length of floating point formats with huge explicit precisions, integer formats with prefix characters and huge explicit precisions, or string arguments or format strings longer than INT_MAX, resulted in wrong return value and wrong %n results. - literal width and precision values outside the range of int were misinterpreted, yielding wrong behavior in at least one well-defined case: string formats with precision greater than INT_MAX were sometimes truncated. - in cases where EOVERFLOW is produced, incorrect values could be written for %n specifiers past the point of exceeding INT_MAX. in addition to fixing these bugs, we now stop producing output immediately when output length would exceed INT_MAX, rather than continuing and returning an error only at the end.
2016-10-19fix integer overflow in float printf needed-precision computationRich Felker1-1/+1
if the requested precision is close to INT_MAX, adding LDBL_MANT_DIG/3+8 overflows. in practice the resulting undefined behavior manifests as a large negative result, which is then used to compute the new end pointer (z) with a wildly out-of-bounds value (more overflow, more undefined behavior). the end result is at least incorrect output and character count (return value); worse things do not seem to happen, but detailed analysis has not been done. this patch fixes the overflow by performing the intermediate computation as unsigned; after division by 9, the final result necessarily fits in int.
2016-10-06fix regexec with haystack strings longer than INT_MAXRich Felker1-26/+28
we inherited from TRE regexec code that's utterly wrong with respect to the integer types it's using. while it doesn't appear that compilers are producing unsafe output, signed integer overflows seem to happen, and regexec fails to find matches past offset INT_MAX. this patch fixes the type of all variables/fields used to store offsets in the string from int to regoff_t. after the changes, basic testing showed that regexec can now find matches past 2GB (INT_MAX) and past 4GB on x86_64, and code generation is unchanged on i386.
2016-10-06fix missing integer overflow checks in regexec buffer size computationsRich Felker1-5/+18
most of the possible overflows were already ruled out in practice by regcomp having already succeeded performing larger allocations. however at least the num_states*num_tags multiplication can clearly overflow in practice. for safety, check them all, and use the proper type, size_t, rather than int. also improve comments, use calloc in place of malloc+memset, and remove bogus casts.
2016-10-06fix strftime %y for negative tm_yearSzabolcs Nagy1-0/+1
2016-09-24fix getservby*_r result pointer value on errorDaniel Sabogal2-0/+3
this is a clone of the fix to the gethostby*_r functions in commit fe82bb9b921be34370e6b71a1c6f062c20999ae0. the man pages document that the getservby*_r functions set this pointer to NULL if there was an error or if no record was found.
2016-09-24remove dead case in gethostbyname2_rDaniel Sabogal1-2/+0
this case statement was accidently left behind when this function was refactored in commit e8f39ca4898237cf71657500f0b11534c47a0521.
2016-09-18simplify/refactor fflush and make fflush_unlocked an alias for fflushRich Felker1-30/+23
previously, fflush_unlocked was an alias for an internal backend that was called by fflush, either for its argument or in a loop for each file if a null pointer was passed. since the logic for the latter was in the main fflush function, fflush_unlocked crashed when passed a null pointer, rather than flushing all open files. since fflush_unlocked is not a standard function and has no specification, it's not clear whether it should be expected to accept null pointers like fflush does, but a reasonable argument could be made that it should. this patch eliminates the helper function, simplifying fflush, and makes fflush_unlocked an alias for fflush, which is valid because the two functions agree in their behavior in all cases where their behavior is defined (the unlocked version has undefined behavior if another thread could hold locks).
2016-09-16fix if_indextoname error caseDaniel Sabogal1-1/+6
posix requires errno to be set to ENXIO if the interface does not exist. linux returns ENODEV instead so we handle this.
2016-09-16fix printf regression with alt-form octal, zero flag, and field widthRich Felker1-1/+1
commit b91cdbe2bc8b626aa04dc6e3e84345accf34e4b1, in fixing another issue, changed the logic for how alt-form octal adds the leading zero to adjust the precision rather than using a prefix character. this wrongly suppressed the zero flag by mimicing an explicit precision given by the format string. switch back to using a prefix character. based on bug report and patch by Dmitry V. Levin, but simplified.
2016-08-30restore _Noreturn to __assert_failRich Felker1-1/+1
this reverts commit 2c1f8fd5da3306fd7c8a2267467e44eb61f12dd4. without the _Noreturn attribute, the compiler cannot use asserts to perform reachability/range analysis. this leads to missed optimizations and spurious warnings. the original backtrace problem that prompted the removal of _Noreturn was not clearly documented at the time, but it seems to happen only when libc was built without -g, which also breaks many other backtracing cases.
2016-08-30getdtablesize: fix returning hard instead of soft rlimitOlivier Brunel1-1/+1
This makes the result consistent with sysconf(_SC_OPEN_MAX).
2016-08-30math: fix 128bit long double inverse trigonometric functionsSzabolcs Nagy1-1/+1
there was a copy paste error that could cause large ulp errors in atan2l, atanl, asinl and acosl on aarch64, mips64 and mipsn32. (the implementation is from freebsd fdlibm, but the tail end of the polynomial was wrong. 128 bit long double functions are not yet tested so this went undetected.)
2016-08-30verify that ttyname refers to the same file as the fdSzabolcs Nagy1-4/+11
linux containers use separate mount namespace so the /proc symlink might not point to the right device if the fd was opened in the parent namespace, in this case return ENOENT.
2016-08-11fix pread/pwrite syscall calling convention on shRich Felker3-2/+6
despite sh not generally using register-pair alignment for 64-bit syscall arguments, there are arch-specific versions of the syscall entry points for pread and pwrite which include a dummy argument for alignment before the 64-bit offset argument.
2016-07-13revert unrelated change that slipped into last commitRich Felker1-1/+1
2016-07-13fix regression in tcsetattr on all mips archsRich Felker1-1/+1
revert commit 8c316e9e49d37ad92c2e7493e16166a2afca419f. it was wrong and does not match how the kernel API works.
2016-07-07fix asctime day/month names not to vary by localeRich Felker1-5/+4
the FIXME comment here was overlooked at the time locale support was added.
2016-07-06remove obsolete and unused gethostbyaddr implementationRich Felker1-52/+0
this code was already under #if 0, but could be confusing if a reader didn't notice that, and it's almost surely full of bugs and/or inconsistencies with the current code that uses the gethostbyname2_r backend.
2016-07-03improve abort fallback behavior when raising SIGABRT fails to terminateRich Felker1-1/+5
these changes still do not yield a fully-conforming abort, but they fix two known issues: - per POSIX, termination via SIGKILL is not "abnormal", but both ISO C and POSIX require abort to yield abnormal termination. - raising SIGKILL fails to do anything to pid 1 in some containers. now, the trapping instruction produced by a_crash() is expected to produce abnormal termination, without the risk of invoking a signal handler since SIGILL and SIGSEGV are blocked, and _Exit, which contains an infinite loop analogous to the one being removed from abort itself, is used as a last resort. this implementation still fails to produce an exit status as if the process terminated via SIGABRT in cases where SIGABRT is blocked or ignored, but fixing that is not easy; the obvious pseudo-solutions all have subtle race conditions where a concurrent fork or exec can expose incorrect signal state.
2016-07-03define appropriate feature test macros to get CBAUD from termios.hRich Felker2-0/+2
2016-07-01fix posix_fadvise syscall args on powerpc, unify with arm fixRich Felker2-12/+8
commit 6d38c9cf80f47623e5e48190046673bbd0dc410b provided an arm-specific version of posix_fadvise to address the alternate argument order the kernel expects on arm, but neglected to address that powerpc (32-bit) has the same issue. instead of having arch variant files in duplicate, simply put the alternate version in the top-level file under the control of a macro defined in syscall_arch.h.
2016-06-30pthread: implement try/timed join variantsBobby Bingham1-3/+17
2016-06-29fix misordered syscall arguments for posix_fadvise on armRich Felker1-0/+12
the arm version of the syscall has a custom argument ordering to avoid needing a 7-argument syscall due to 64-bit argument alignment.
2016-06-29in posix_fadvise, don't bypass __syscall macro infrastructureRich Felker1-1/+1
when commit 0b6eb2dfb2e84a8a51906e7634f3d5edc230b058 added the parentheses around __syscall to invoke the function directly, there was no __syscall7 in the syscall macro infrastructure, so this hack was needed. commit 9a3bbce447403d735282586786dc436ec1ffbad4 fixed that but failed to remove the hack.
2016-06-29refactor name_from_dns in hostname lookup backendNatanael Copa1-14/+13
loop over an address family / resource record mapping to avoid repetitive code.
2016-06-29in performing dns lookups, check result from res_mkqueryNatanael Copa1-0/+4
don't send a query that may be malformed.
2016-06-27fix misaligned address buffers in gethostbyname[2][_r] resultsRich Felker1-7/+7
mistakenly ordering strings before addresses in the result buffer broke the alignment that the preceding code had set up.
2016-06-27fix failure to obtain EOWNERDEAD status for process-shared robust mutexesRich Felker3-3/+3
Linux's documentation (robust-futex-ABI.txt) claims that, when a process dies with a futex on the robust list, bit 30 (0x40000000) is set to indicate the status. however, what actually happens is that bits 0-30 are replaced with the value 0x40000000, i.e. bits 0-29 (containing the old owner tid) are cleared at the same time bit 30 is set. our userspace-side code for robust mutexes was written based on that documentation, assuming that kernel would never produce a futex value of 0x40000000, since the low (owner) bits would always be non-zero. commit d338b506e39b1e2c68366b12be90704c635602ce introduced this assumption explicitly while fixing another bug in how non-recoverable status for robust mutexes was tracked. presumably the tests conducted at that time only checked non-process-shared robust mutexes, which are handled in pthread_exit (which implemented the documented kernel protocol, not the actual one) rather than by the kernel. change pthread_exit robust list processing to match the kernel behavior, clearing bits 0-29 while setting bit 30, and use the value 0x7fffffff instead of 0x40000000 to encode non-recoverable status. the choice of value here is arbitrary; any value with at least one of bits 0-29 set should work just as well,
2016-06-21remove comments on copyright status from UTF-8 implementation filesRich Felker13-78/+0
despite clarifications made to the COPYRIGHT file in commit f0a61399330bae42beeb27d6ecd05570b3382a60, there continues to be confusion about whether the permissions granted actually apply to all files. I am the sole author of these files and clearly intend, and have always intended, for the grant of permission to apply to them.
2016-05-23fix a64l undefined behavior on ILP32 archs, wrong results on LP64 archsRich Felker1-3/+6
the difference of pointers is a signed type ptrdiff_t; if it is only 32-bit, left-shifting it by 30 bits produces undefined behavior. cast the difference to an appropriate unsigned type, uint32_t, before shifting to avoid this. the a64l function is specified to return a signed 32-bit result in type long. as noted in the bug report by Ed Schouten, converting implicitly from uint32_t only produces the desired result when long is a 32-bit type. since the computation has to be done in unsigned arithmetic to avoid overflow, simply cast the result to int32_t. further, POSIX leaves the behavior on invalid input unspecified but not undefined, so we should not take the difference between the potentially-null result of strchr and the base pointer without first checking the result. the simplest behavior is just returning the partial conversion already performed in this case, so do that.
2016-05-22fix the use of uninitialized value in regcompSzabolcs Nagy1-0/+2
the num_submatches field of some ast nodes was not initialized in tre_add_tag_{left,right}, but was accessed later. this was a benign bug since the uninitialized values were never used (these values are created during tre_add_tags and copied around during tre_expand_ast where they are also used in computations, but nothing in the final tnfa depends on them).