Rich Felker [Thu, 15 Dec 2016 17:18:24 +0000 (12:18 -0500)]
remove legacy i386 fallback stdarg implementation and framework
this has been slated for removal for a long time. there is
fundamentally no way to implement stdarg without compiler assistance;
any attempt to do so has serious undefined behavior; its working
depends not just (as a common misconception goes) on ABI, but also on
assumptions about compiler code generation internal to a translation
unit, which is not subject to external ABI constraints.
Rich Felker [Sun, 13 Nov 2016 00:43:37 +0000 (19:43 -0500)]
work around gdb issues recognizing sigreturn trampoline on x86_64
gdb can only backtrace/unwind across signal handlers if it recognizes
the sa_restorer trampoline. for x86_64, gdb first attempts to
determine the symbol name for the function in which the program
counter resides and match it against "__restore_rt". if no name can be
found (e.g. in the case of a stripped binary), the exact instruction
sequence is matched instead.
when matching the function name, however, gdb's unwind code wrongly
considers the interval [sym,sym+size] rather than [sym,sym+size).
thus, if __restore_rt begins immediately after another function, gdb
wrongly identifies pc as lying within the previous adjacent function.
this patch adds a nop before __restore_rt to preclude that
possibility. it also removes the symbol name __restore and replaces it
with a macro since the stability of whether gdb identifies the
function as __restore_rt or __restore is not clear.
for the no-symbols case, the instruction sequence is changed to use
%rax rather than %eax to match what gdb expects.
based on patch by Szabolcs Nagy, with extended description and
corresponding x32 changes added.
Bobby Bingham [Tue, 26 Jul 2016 03:52:58 +0000 (22:52 -0500)]
treat null vdso base same as missing
On s390x, the kernel provides AT_SYSINFO_EHDR, but sets it to zero, if the
program being run does not have a program interpreter. This causes
problems when running the dynamic linker directly.
Rich Felker [Fri, 11 Nov 2016 17:30:24 +0000 (12:30 -0500)]
generalize ELF hash table types not to assume 32-bit entries
alpha and s390x gratuitously use 64-bit entries (wasting 2x space and
cache utilization) despite the values always being 32-bit.
based on patch by Bobby Bingham, with changes suggested by Alexander
Monakov to use the public Elf_Symndx type from link.h (and make it
properly variable by arch) rather than adding new internal
infrastructure for handling the type.
Rich Felker [Tue, 8 Nov 2016 23:03:42 +0000 (18:03 -0500)]
fix build regression on archs with variable page size
commit 31fb174dd295e50f7c5cf18d31fcfd5fe5a063b7 used
DEFAULT_GUARD_SIZE from pthread_impl.h in a static initializer,
breaking build on archs where its definition, PAGE_SIZE, is not a
constant. instead, just define DEFAULT_GUARD_SIZE as 4096, the minimal
page size on any arch we support. pthread_create rounds up to whole
pages anyway, so defining it to 1 would also work, but a moderately
meaningful value is nicer to programs that use
pthread_attr_getguardsize on default-initialized attribute objects.
Rich Felker [Tue, 8 Nov 2016 17:09:05 +0000 (12:09 -0500)]
add limited pthread_setattr_default_np API to set stack size defaults
based on patch by Timo Teräs:
While generally this is a bad API, it is the only existing API to
affect c++ (std::thread) and c11 (thrd_create) thread stack size.
This patch allows applications only to increate stack and guard
page sizes.
Rich Felker [Tue, 8 Nov 2016 16:51:57 +0000 (11:51 -0500)]
fix pthread_create regression from stack/guard size simplification
commit 33ce920857405d4f4b342c85b74588a15e2702e5 broke pthread_create
in the case where a null attribute pointer is passed; rather than
using the default sizes, sizes of 0 (plus the remainder of one page
after TLS/TCB use) were used.
Rich Felker [Tue, 8 Nov 2016 04:19:19 +0000 (23:19 -0500)]
make netinet/in.h suppress clashing definitions from kernel headers
the linux kernel uapi headers provide their own definitions of the
structures from netinet/in.h, resulting in errors when a program
includes both the standard libc header and one or more of the
networking-related kernel headers that pull in the kernel definitions.
as before, we do not attempt to support the case where kernel headers
are included before the libc ones, since the kernel definitions may
have subtly incorrect types, namespace violations, etc. however, we
can easily support the inclusion of the kernel headers after the libc
ones, since the kernel headers provide a public interface for
suppressing their definitions. this patch adds the necessary macro
definitions for such suppression.
previously, the pthread_attr_t object was always initialized all-zero,
and stack/guard size were represented as differences versus their
defaults. this required lots of confusing offset arithmetic everywhere
they were used. instead, have pthread_attr_init fill in the default
values, and work with absolute sizes everywhere.
Rich Felker [Tue, 8 Nov 2016 01:39:59 +0000 (20:39 -0500)]
fix swprintf internal buffer state and error handling
the swprintf write callback never reset its buffer pointers, so after
its 256-byte buffer filled up, it would keep repeating those bytes
over and over in the output until the destination buffer filled up. it
also failed to set the error indicator for the stream on EILSEQ,
potentially allowing output to continue after the error.
Daniel Sabogal [Thu, 3 Nov 2016 02:29:36 +0000 (22:29 -0400)]
fix integer overflow of tm_year in __secs_to_tm
the overflow check for years+100 did not account for the extra
year computed from the remaining months. instead, perform this
check after obtaining the final number of years.
Rich Felker [Mon, 7 Nov 2016 16:55:53 +0000 (11:55 -0500)]
don't claim support for resolv.h APIs that aren't supported
the value 19991006 for __RES implies availability of res_ninit and
related functions that take a resolver state argument; these are not
supported since our resolver is stateless. instead claim support for
just the older API by defining __RES to 19960801.
Rich Felker [Sat, 22 Oct 2016 00:57:15 +0000 (20:57 -0400)]
redesign snprintf without undefined behavior
the old snprintf design setup the FILE buffer pointers to point
directly into the destination buffer; if n was actually larger than
the buffer size, the pointer arithmetic to compute the buffer end
pointer was undefined. this affected sprintf, which is implemented in
terms of snprintf, as well as some unusual but valid direct uses of
snprintf.
instead, setup the FILE as unbuffered and have its write function
memcpy to the destination. the printf core sets up its own temporary
buffer for unbuffered streams.
Daniel Sabogal [Sun, 4 Sep 2016 14:42:47 +0000 (10:42 -0400)]
add missing confstr constants
the _CS_V6_ENV and _CS_V7_ENV constants are required to be available for use
with confstr. glibc defines these constants with values 1148 and 1149,
respectively.
the only missing (and required) confstr constants are
_CS_POSIX_V7_THREADS_CFLAGS and _CS_POSIX_V7_THREADS_LDFLAGS which remain
unavailable in glibc.
Rich Felker [Thu, 20 Oct 2016 18:40:59 +0000 (14:40 -0400)]
fix minor problem in previous strtod non-nearest rounding bug fix
commit 6ffdc4579ffb34f4aab69ab4c081badabc7c0a9a set lnz in the code
path for non-zero digits after a huge string of zeros, but the
assignment of dc to lnz truncates if the value of dc does not fit in
int; this is possible for some pathologically long inputs, either via
strings on 64-bit systems or via scanf-family functions.
instead, simply set lnz to match the point at which we add the
artificial trailing 1 bit to simulate nonzero digits after a huge
run of zeros.
Szabolcs Nagy [Sun, 4 Sep 2016 02:51:03 +0000 (04:51 +0200)]
fix strtod int optimization in non-nearest rounding mode
the mid-sized integer optimization relies on lnz set up properly
to mark the last non-zero decimal digit, but this was not done
if the non-zero digit lied outside the KMAX digits of the base
10^9 number representation.
so if the fractional part was a very long list of zeros (>2048*9 on
x86) followed by non-zero digits then the integer optimization could
kick in discarding the tiny non-zero fraction which can mean wrong
result on non-nearest rounding mode.
Szabolcs Nagy [Sun, 4 Sep 2016 02:46:00 +0000 (04:46 +0200)]
fix strtod and strtof rounding with many trailing zeros
in certain cases excessive trailing zeros could cause incorrect
rounding from long double to double or float in decfloat.
e.g. in strtof("9444733528689243848704.000000", 0) the argument
is 0x1.000001p+73, exactly halfway between two representible floats,
this incorrectly got rounded to 0x1.000002p+73 instead of 0x1p+73,
but with less trailing 0 the rounding was fine.
the fix makes sure that the z index always points one past the last
non-zero digit in the base 10^9 representation, this way trailing
zeros don't affect the rounding logic.
Szabolcs Nagy [Tue, 11 Oct 2016 22:49:59 +0000 (00:49 +0200)]
fix float formatting of some exact halfway cases
in nearest rounding mode exact halfway cases were not following the
round to even rule if the rounding happened at a base 1000000000 digit
boundary of the internal representation and the previous digit was odd.
Daniel Sabogal [Sat, 17 Sep 2016 16:05:45 +0000 (12:05 -0400)]
fix clock_nanosleep error case
posix requires that EINVAL be returned if the first parameter specifies
the cpu-time clock of the calling thread (CLOCK_THREAD_CPUTIME_ID).
linux returns ENOTSUP instead so we handle this.
Szabolcs Nagy [Tue, 4 Oct 2016 01:58:56 +0000 (03:58 +0200)]
math: fix pow signed shift ub
j is int32_t and thus j<<31 is undefined if j==1, so j is changed to
uint32_t locally as a quick fix, the generated code is not affected.
(this is a strict conformance fix, future c standard may allow 1<<31,
see DR 463. the bug was inherited from freebsd fdlibm, the proper fix
is to use uint32_t for all bit hacks, but that requires more intrusive
changes.)
Szabolcs Nagy [Sun, 9 Oct 2016 18:42:02 +0000 (20:42 +0200)]
add bits/hwcap.h and include it in sys/auxv.h
aarch64, arm, mips, mips64, mipsn32, powerpc, powerpc64 and sh have
cpu feature bits defined in linux for AT_HWCAP auxv entry, so expose
those in sys/auxv.h
it seems the mips hwcaps were never exposed to userspace neither
by linux nor by glibc, but that's most likely an oversight.
Natanael Copa [Thu, 8 Sep 2016 17:07:31 +0000 (19:07 +0200)]
use dynamic buffer for getmntent
overlayfs may have fairly long lines so we use getline to allocate a
buffer dynamically. The buffer will be allocated on first use, expand as
needed, but will never be free'ed.
Rich Felker [Thu, 20 Oct 2016 04:22:09 +0000 (00:22 -0400)]
fix integer overflows and uncaught EOVERFLOW in printf core
this patch fixes a large number of missed internal signed-overflow
checks and errors in determining when the return value (output length)
would exceed INT_MAX, which should result in EOVERFLOW. some of the
issues fixed were reported by Alexander Cherepanov; others were found
in subsequent review of the code.
aside from the signed overflows being undefined behavior, the
following specific bugs were found to exist in practice:
- overflows computing length of floating point formats with huge
explicit precisions, integer formats with prefix characters and huge
explicit precisions, or string arguments or format strings longer
than INT_MAX, resulted in wrong return value and wrong %n results.
- literal width and precision values outside the range of int were
misinterpreted, yielding wrong behavior in at least one well-defined
case: string formats with precision greater than INT_MAX were
sometimes truncated.
- in cases where EOVERFLOW is produced, incorrect values could be
written for %n specifiers past the point of exceeding INT_MAX.
in addition to fixing these bugs, we now stop producing output
immediately when output length would exceed INT_MAX, rather than
continuing and returning an error only at the end.
Rich Felker [Thu, 20 Oct 2016 00:17:16 +0000 (20:17 -0400)]
fix integer overflow in float printf needed-precision computation
if the requested precision is close to INT_MAX, adding
LDBL_MANT_DIG/3+8 overflows. in practice the resulting undefined
behavior manifests as a large negative result, which is then used to
compute the new end pointer (z) with a wildly out-of-bounds value
(more overflow, more undefined behavior). the end result is at least
incorrect output and character count (return value); worse things do
not seem to happen, but detailed analysis has not been done.
this patch fixes the overflow by performing the intermediate
computation as unsigned; after division by 9, the final result
necessarily fits in int.
Rich Felker [Thu, 6 Oct 2016 16:15:47 +0000 (12:15 -0400)]
fix regexec with haystack strings longer than INT_MAX
we inherited from TRE regexec code that's utterly wrong with respect
to the integer types it's using. while it doesn't appear that
compilers are producing unsafe output, signed integer overflows seem
to happen, and regexec fails to find matches past offset INT_MAX.
this patch fixes the type of all variables/fields used to store
offsets in the string from int to regoff_t. after the changes, basic
testing showed that regexec can now find matches past 2GB (INT_MAX)
and past 4GB on x86_64, and code generation is unchanged on i386.
Rich Felker [Thu, 6 Oct 2016 22:34:58 +0000 (18:34 -0400)]
fix missing integer overflow checks in regexec buffer size computations
most of the possible overflows were already ruled out in practice by
regcomp having already succeeded performing larger allocations.
however at least the num_states*num_tags multiplication can clearly
overflow in practice. for safety, check them all, and use the proper
type, size_t, rather than int.
also improve comments, use calloc in place of malloc+memset, and
remove bogus casts.
Daniel Sabogal [Sat, 24 Sep 2016 01:10:07 +0000 (21:10 -0400)]
fix getservby*_r result pointer value on error
this is a clone of the fix to the gethostby*_r functions in
commit fe82bb9b921be34370e6b71a1c6f062c20999ae0. the man pages
document that the getservby*_r functions set this pointer to
NULL if there was an error or if no record was found.
since cpu sets can be dynamically allocated and have variable size,
accessing their contents via ->__bits is not valid; performing pointer
arithmetic outside the range of the size of the declared __bits array
results in undefined beahavior. instead, only use cpu_set_t for
fixed-size cpu set objects (instantiated by the caller) and as an
abstract pointer type for dynamically allocated ones. perform all
accesses simply by casting the abstract pointer type cpuset_t * back
to unsigned long *.
simplify/refactor fflush and make fflush_unlocked an alias for fflush
previously, fflush_unlocked was an alias for an internal backend that
was called by fflush, either for its argument or in a loop for each
file if a null pointer was passed. since the logic for the latter was
in the main fflush function, fflush_unlocked crashed when passed a
null pointer, rather than flushing all open files. since
fflush_unlocked is not a standard function and has no specification,
it's not clear whether it should be expected to accept null pointers
like fflush does, but a reasonable argument could be made that it
should.
this patch eliminates the helper function, simplifying fflush, and
makes fflush_unlocked an alias for fflush, which is valid because the
two functions agree in their behavior in all cases where their
behavior is defined (the unlocked version has undefined behavior if
another thread could hold locks).
fix printf regression with alt-form octal, zero flag, and field width
commit b91cdbe2bc8b626aa04dc6e3e84345accf34e4b1, in fixing another
issue, changed the logic for how alt-form octal adds the leading zero
to adjust the precision rather than using a prefix character. this
wrongly suppressed the zero flag by mimicing an explicit precision
given by the format string. switch back to using a prefix character.
based on bug report and patch by Dmitry V. Levin, but simplified.
Rich Felker [Tue, 30 Aug 2016 20:39:54 +0000 (16:39 -0400)]
restore _Noreturn to __assert_fail
this reverts commit 2c1f8fd5da3306fd7c8a2267467e44eb61f12dd4. without
the _Noreturn attribute, the compiler cannot use asserts to perform
reachability/range analysis. this leads to missed optimizations and
spurious warnings.
the original backtrace problem that prompted the removal of _Noreturn
was not clearly documented at the time, but it seems to happen only
when libc was built without -g, which also breaks many other
backtracing cases.
Szabolcs Nagy [Tue, 23 Aug 2016 19:47:53 +0000 (21:47 +0200)]
math: fix 128bit long double inverse trigonometric functions
there was a copy paste error that could cause large ulp errors
in atan2l, atanl, asinl and acosl on aarch64, mips64 and mipsn32.
(the implementation is from freebsd fdlibm, but the tail end
of the polynomial was wrong. 128 bit long double functions
are not yet tested so this went undetected.)
Szabolcs Nagy [Sat, 20 Aug 2016 19:04:31 +0000 (21:04 +0200)]
verify that ttyname refers to the same file as the fd
linux containers use separate mount namespace so the /proc
symlink might not point to the right device if the fd was
opened in the parent namespace, in this case return ENOENT.
Rich Felker [Thu, 11 Aug 2016 22:36:46 +0000 (18:36 -0400)]
fix pread/pwrite syscall calling convention on sh
despite sh not generally using register-pair alignment for 64-bit
syscall arguments, there are arch-specific versions of the syscall
entry points for pread and pwrite which include a dummy argument for
alignment before the 64-bit offset argument.
remove obsolete and unused gethostbyaddr implementation
this code was already under #if 0, but could be confusing if a reader
didn't notice that, and it's almost surely full of bugs and/or
inconsistencies with the current code that uses the gethostbyname2_r
backend.
add stdc-predef.h for library-level predefined macros
modern compilers (for gcc, versions 4.8 and later) automatically
pre-include <stdc-predef.h> to obtain the values of certain predefined
macros specified by ISO C but which reflect properties of the library
implementation, not just the compiler. provide values indicating that
wchar_t is Unicode-encoded and that Annex F (IEEE floating point) is
supported unless the compiler indicates otherwise.
improve abort fallback behavior when raising SIGABRT fails to terminate
these changes still do not yield a fully-conforming abort, but they
fix two known issues:
- per POSIX, termination via SIGKILL is not "abnormal", but both ISO C
and POSIX require abort to yield abnormal termination.
- raising SIGKILL fails to do anything to pid 1 in some containers.
now, the trapping instruction produced by a_crash() is expected to
produce abnormal termination, without the risk of invoking a signal
handler since SIGILL and SIGSEGV are blocked, and _Exit, which
contains an infinite loop analogous to the one being removed from
abort itself, is used as a last resort.
this implementation still fails to produce an exit status as if the
process terminated via SIGABRT in cases where SIGABRT is blocked or
ignored, but fixing that is not easy; the obvious pseudo-solutions all
have subtle race conditions where a concurrent fork or exec can expose
incorrect signal state.
Szabolcs Nagy [Wed, 20 Apr 2016 11:14:13 +0000 (13:14 +0200)]
add EM_OPENRISC again to elf.h
it was changed to EM_OR1K in 200d15479c0bc48471ee7b8e538ce33af990f82e
as that was meant to be the official name, but glibc and the latest
gabi spec still uses the EM_OPENRISC name:
http://www.sco.com/developers/gabi/latest/ch4.eheader.html
binutils defines both macros so we should do the same for backward
compatibility.
make brace placement in public header struct definitions consistent
placing the opening brace on the same line as the struct keyword/tag
is the style I prefer and seems to be the prevailing practice in more
recent additions.
add EXTA, EXTB, CIBAUD, CMSPAR, XCASE macros and hide them as well as
CBAUD, ECHOCTL, ECHOPRT, ECHOKE, FLUSHO, PENDIN in standard mode.
the new macros are both in glibc termios.h and in linux asm/termbits.h,
the later also contains IBSHIFT and BOTHER, those were not added.
these are not standard macros, but some of them are in the reserved
namespace so could be exposed, the ones which are not reserved are
CIBAUD, CMSPAR and XCASE (which was removed in issue 6), the rest
got hidden to be consistent with glibc.