Commit Graph

944 Commits

Author SHA1 Message Date
Frederic Berat
427dbaee86 stdio-common: tests: Incorrect maxlen parameter for swprintf
Few tests using swprintf are passing incorrect maxlen parameter.
This triggers an abort when _FORTIFY_SOURCE is enabled.

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
2023-06-22 00:20:55 -04:00
Joseph Myers
2d88df5411 C2x scanf %b support
ISO C2x defines scanf %b for input of binary integers (with an
optional 0b or 0B prefix).  Implement such support, along with the
corresponding SCNb* macros in <inttypes.h>.  Unlike the support for
binary integers with 0b or 0B prefix with scanf %i, this is supported
in all versions of scanf (independent of the standards mode used for
compilation), because there are no backwards compatibility concerns
(%b wasn't previously a supported format) the way there were for %i.

Tested for x86_64 and x86.
2023-06-19 19:40:34 +00:00
Joseph Myers
5f83b2674e C2x printf %wN, %wfN support (bug 24466)
ISO C2x defines printf length modifiers wN (for intN_t / int_leastN_t
/ uintN_t / uint_leastN_t) and wfN (for int_fastN_t / uint_fastN_t).
Add support for those length modifiers (such a feature was previously
requested in bug 24466).  scanf support is to be added separately.
GCC 13 has format checking support for these modifiers.

When used with the support for registering format specifiers, these
modifiers are translated to existing flags in struct printf_info,
rather than trying to add some way of distinguishing them without
breaking the printf_info ABI.  C2x requires an error to be returned
for unsupported values of N; this is implemented for printf-family
functions, but the parse_printf_format interface doesn't support error
returns, so such an error gets discarded by that function.

Tested for x86_64 and x86.
2023-06-19 18:52:12 +00:00
Frederic Berat
7ba426a111 tests: replace fgets by xfgets
With fortification enabled, fgets calls return result needs to be checked,
has it gets the __wur macro enabled.
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
2023-06-13 19:59:08 -04:00
Frederic Berat
a84dcb4bdf tests: replace fread by xfread
With fortification enabled, fread calls return result needs to be checked,
has it gets the __wur macro enabled.
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
2023-06-13 19:59:08 -04:00
Frédéric Bérat
8c4f69d711 tests: fix warn unused result on asprintf calls
When enabling _FORTIFY_SOURCE, some functions now lead to warnings when
their result is not checked.

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
2023-06-06 08:23:53 -04:00
Paul Pluzhnikov
2cbeda847b Fix a few more typos I missed in previous round -- BZ 25337 2023-06-02 23:46:32 +00:00
Paul Pluzhnikov
7f0d9e61f4 Fix all the remaining misspellings -- BZ 25337 2023-06-02 01:39:48 +00:00
Frédéric Bérat
29e25f6f13 tests: fix warn unused results
With fortification enabled, few function calls return result need to be
checked, has they get the __wur macro enabled.
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
2023-06-01 13:01:32 -04:00
Frédéric Bérat
32043daaaf tests: replace ftruncate by xftruncate
With fortification enabled, ftruncate calls return result needs to be
checked, has it gets the __wur macro enabled.

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
2023-06-01 12:45:13 -04:00
Carlos O'Donell
b9125aeaed stdio-common: Adjust tests in Makefile
Sort tests against updated scripts/sort-makefile-lines.py.

No changes in generated code.
No regressions on x86_64 and i686.

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
2023-05-18 12:34:00 -04:00
Carlos O'Donell
c3004417af stdio-common: Reformat Makefile.
Reflow Makefile.
Sort using scripts/sort-makefile-lines.py.

Code generation is changed as routines are linked in sorted order
as expected.

No regressions on x86_64 and i686.
2023-05-16 07:19:31 -04:00
Sergey Bugaev
589bcfdeef stdio-common: Fix building when !IS_IN (libc)
In this case, _itoa_word () is already defined inline in the header (see
sysdeps/generic/_itoa.h), and the second definition causes an error.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230319151017.531737-11-bugaevc@gmail.com>
2023-04-03 01:01:11 +02:00
Adhemerval Zanella Netto
3020f72618 libio: Remove the usage of __libc_IO_vtables
Instead of using a special ELF section along with a linker script
directive to put the IO vtables within the RELRO section, the libio
vtables are all moved to an array marked as data.relro (so linker
will place in the RELRO segment without the need of extra directives).

To avoid static linking namespace issues and including all vtable
referenced objects, all required function pointers are set to weak alias.

Checked on x86_64-linux-gnu, i686-linux-gnu, and aarch64-linux-gnu.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2023-03-27 13:57:55 -03:00
Adhemerval Zanella Netto
f65ca70dea libio: Do not autogenerate stdio_lim.h
Instead define the required fields in system dependend files.  The only
system dependent definition is FILENAME_MAX, which should match POSIX
PATH_MAX, and it is obtained from either kernel UAPI or mach headers.
Currently set pre-defined value from current kernels.

It avoids a circular dependendy when including stdio.h in
gen-as-const-headers files.

Checked on x86_64-linux-gnu and i686-linux-gnu
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2023-03-27 13:57:55 -03:00
Adhemerval Zanella Netto
88677348b4 Move libc_freeres_ptrs and libc_subfreeres to hidden/weak functions
They are both used by __libc_freeres to free all library malloc
allocated resources to help tooling like mtrace or valgrind with
memory leak tracking.

The current scheme uses assembly markers and linker script entries
to consolidate the free routine function pointers in the RELRO segment
and to be freed buffers in BSS.

This patch changes it to use specific free functions for
libc_freeres_ptrs buffers and call the function pointer array directly
with call_function_static_weak.

It allows the removal of both the internal macros and the linker
script sections.

Checked on x86_64-linux-gnu, i686-linux-gnu, and aarch64-linux-gnu.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2023-03-27 13:57:55 -03:00
Sam James
ecf8ae6704 stdio-common: tests: don't double-define _FORTIFY_SOURCE
Exactly the same as 35bcb08eaa.

If using -D_FORITFY_SOURCE=3 (in my case, I've patched GCC to add
=3 instead of =2 (we've done =2 for years in Gentoo)), building
glibc tests will fail on tst-bz11319-fortify2 like:
```
<command-line>: error: "_FORTIFY_SOURCE" redefined [-Werror]
<built-in>: note: this is the location of the previous definition
cc1: all warnings being treated as errors
```

It's just because we're always setting -D_FORTIFY_SOURCE=2
rather than unsetting it first. If F_S is already 2, it's harmless,
but if it's another value (say, 1, or 3), the compiler will bawk.

(I'm not aware of a reason this couldn't be tested with =3,
but the toolchain support is limited for that (too new), and we want
to run the tests everywhere possible.)

As Siddhesh noted previously, we could implement some fallback
logic to determine the maximal F_S value supported by the toolchain,
which is a bit easier now that autoconf-archive has been updated for F_S=3
(https://github.com/autoconf-archive/autoconf-archive/pull/269), but let's
revisit this if it continues to crop up.

Signed-off-by: Sam James <sam@gentoo.org>
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
2023-03-27 09:12:45 -04:00
Joseph Myers
2d4728e606 Update printf %b/%B C2x support
WG14 recently accepted two additions to the printf/scanf %b/%B
support: there are now PRIb* and SCNb* macros in <inttypes.h>, and
printf %B is now an optional feature defined in normative text,
instead of recommended practice, with corresponding PRIB* macros that
can also be used to test whether that optional feature is supported.
See N3072 items 14 and 15 for details (those changes were accepted,
some other changes in that paper weren't).

Add the corresponding PRI* macros to glibc and update one place in the
manual referring to %B as recommended.  (SCNb* should naturally be
added at the same time as the corresponding scanf %b support.)

Tested for x86_64 and x86.
2023-03-14 16:58:35 +00:00
Joseph Myers
dee2bea048 C2x scanf binary constant handling
C2x adds binary integer constants starting with 0b or 0B, and supports
those constants for the %i scanf format (in addition to the %b format,
which isn't yet implemented for scanf in glibc).  Implement that scanf
support for glibc.

As with the strtol support, this is incompatible with previous C
standard versions, in that such an input string starting with 0b or 0B
was previously required to be parsed as 0 (with the rest of the input
potentially matching subsequent parts of the scanf format string).
Thus this patch adds 12 new __isoc23_* functions per long double
format (12, 24 or 36 depending on how many long double formats the
glibc configuration supports), with appropriate header redirection
support (generally very closely following that for the __isoc99_*
scanf functions - note that __GLIBC_USE (DEPRECATED_SCANF) takes
precedence over __GLIBC_USE (C2X_STRTOL), so the case of GNU
extensions to C89 continues to get old-style GNU %a and does not get
this new feature).  The function names would remain as __isoc23_* even
if C2x ends up published in 2024 rather than 2023.

When scanf %b support is added, I think it will be appropriate for all
versions of scanf to follow C2x rules for inputs to the %b format
(given that there are no compatibility concerns for a new format).

Tested for x86_64 (full glibc testsuite).  The first version was also
tested for powerpc (32-bit) and powerpc64le (stdio-common/ and wcsmbs/
tests), and with build-many-glibcs.py.
2023-03-02 19:10:37 +00:00
Adhemerval Zanella
e7223fa1e8 stdio: Do not ignore posix_spawn error on popen (BZ #29016)
To correctly return error in case of default shell is not present.

Checked on x86_64-linux-gnu.
2023-02-14 15:30:35 -03:00
Carlos O'Donell
c980549cc6 Account for grouping in printf width (bug 30068)
This is a partial fix for mishandling of grouping when formatting
integers.  It properly computes the width in the presence of grouping
characters when the width is larger than the number of significant
digits. The precision related issue is documented in bug 23432.

Co-authored-by: Andreas Schwab <schwab@suse.de>
2023-02-06 10:20:39 -05:00
Florian Weimer
f5c65fa920 libio: Update number of written bytes in dprintf implementation
The __printf_buffer_flush_dprintf function needs to record that
the buffer has been written before reusing it.  Without this
accounting, dprintf always returns zero.

Fixes commit 8ece45e4f5
("libio: Convert __vdprintf_internal to buffers").

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Tested-by: Carlos O'Donell <carlos@redhat.com>
2023-01-31 22:22:02 +01:00
Andreas Schwab
2f39e44a84 Account for octal marker in %#o format 2023-01-30 16:56:07 +01:00
Joseph Myers
6d7e8eda9b Update copyright dates with scripts/update-copyrights 2023-01-06 21:14:39 +00:00
Florian Weimer
118816de33 libio: Convert __vswprintf_internal to buffers (bug 27857)
Always null-terminate the buffer and set E2BIG if the buffer is too
small.  This fixes bug 27857.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2022-12-19 18:56:55 +01:00
Florian Weimer
5365acc567 libio: Convert __obstack_vprintf_internal to buffers (bug 27124)
This fixes bug 27124 because the problematic built-in vtable is gone.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2022-12-19 18:56:55 +01:00
Florian Weimer
8ece45e4f5 libio: Convert __vdprintf_internal to buffers
The internal buffer size is set to 2048 bytes.  This is less than
the original BUFSIZ value used by buffered_vfprintf before
the conversion, but it hopefully covers all cases where write
boundaries matter.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2022-12-19 18:56:55 +01:00
Florian Weimer
af7f416551 libio: Convert __vasprintf_internal to buffers
The buffer resizing algorithm is slightly different.  The initial
buffer is on the stack, and small buffers are directly allocated
on the heap using the exact required size.  The overhead of the
additional copy is compensated by the lowered setup cost for buffers
compared to libio streams.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2022-12-19 18:56:55 +01:00
Florian Weimer
fb9bd841b8 libio: Convert __vsprintf_internal to buffers
Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2022-12-19 18:56:55 +01:00
Florian Weimer
3d0005b54a stdio-common: Add lock optimization to vfprintf and vfwprintf
After the rewrite and the implicit unbuffered streams handling, this
is very straightforward to add.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2022-12-19 18:56:54 +01:00
Florian Weimer
e88b9f0e5c stdio-common: Convert vfprintf and related functions to buffers
vfprintf is entangled with vfwprintf (of course), __printf_fp,
__printf_fphex, __vstrfmon_l_internal, and the strfrom family of
functions.  The latter use the internal snprintf functionality,
so vsnprintf is converted as well.

The simples conversion is __printf_fphex, followed by
__vstrfmon_l_internal and __printf_fp, and finally
__vfprintf_internal and __vfwprintf_internal.  __vsnprintf_internal
and strfrom* are mostly consuming the new interfaces, so they
are comparatively simple.

__printf_fp is a public symbol, so the FILE *-based interface
had to preserved.

The __printf_fp rewrite does not change the actual binary-to-decimal
conversion algorithm, and digits are still not emitted directly to
the target buffer.  However, the staging buffer now uses bytes
instead of wide characters, and one buffer copy is eliminated.

The changes are at least performance-neutral in my testing.
Floating point printing and snprintf improved measurably, so that
this Lua script

  for i=1,5000000 do
      print(i, i * math.pi)
  end

runs about 5% faster for me.  To preserve fprintf performance for
a simple "%d" format, this commit has some logic changes under
LABEL (unsigned_number) to avoid additional function calls.  There
are certainly some very easy performance improvements here: binary,
octal and hexadecimal formatting can easily avoid the temporary work
buffer (the number of digits can be computed ahead-of-time using one
of the __builtin_clz* built-ins). Decimal formatting can use a
specialized version of _itoa_word for base 10.

The existing (inconsistent) width handling between strfmon and printf
is preserved here.  __print_fp_buffer_1 would have to use
__translated_number_width to achieve ISO conformance for printf.

Test expectations in libio/tst-vtables-common.c are adjusted because
the internal staging buffer merges all virtual function calls into
one.

In general, stack buffer usage is greatly reduced, particularly for
unbuffered input streams.  __printf_fp can still use a large buffer
in binary128 mode for %g, though.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2022-12-19 18:56:54 +01:00
Florian Weimer
46378560e0 stdio-common: Add __translated_number_width
This function will be used to compute the width of a number
after i18n digit translation.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2022-12-19 18:56:54 +01:00
Florian Weimer
c7bf2e99ca stdio-common: Add __printf_function_invoke
And __wprintf_function_invoke.  These functions will be used to
to call registered printf specifier callbacks on printf buffers
after vfprintf and vfwprintf have been converted to buffers.  The new
implementation avoids alloca/variable length arrays.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2022-12-19 18:56:54 +01:00
Florian Weimer
659fe9fdd1 stdio-common: Introduce buffers for implementing printf
These buffers will eventually be used instead of FILE * objects
to implement printf functions.  The multibyte buffer is struct
__printf_buffer, the wide buffer is struct __wprintf_buffer.

To enable writing type-generic code, the header files
printf_buffer-char.h and printf_buffer-wchar_t.h define the
Xprintf macro differently, enabling Xprintf (buffer) to stand
for __printf_buffer and __wprintf_buffer as appropriate.  For
common cases, macros like Xprintf_buffer are provided as a more
syntactically convenient shortcut.

Buffer-specific flush callbacks are implemented with a switch
statement instead of a function pointer, to avoid hardening issues
similar to those of libio vtables.  struct __printf_buffer_as_file
is needed to support custom printf specifiers because the public
interface for that requires passing a FILE *, which is why there
is a trapdoor back from these buffers to FILE * streams.

Since the immediate user of these interfaces knows when processing
has finished, there is no flush callback for the end of processing,
only a flush callback for the intermediate buffer flush.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2022-12-19 18:56:54 +01:00
Florian Weimer
ffde06c915 locale: Implement struct grouping_iterator
The iterator allows grouping while scanning forward through
the digits.  This enables emitting digits as they are processed.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2022-12-19 18:56:54 +01:00
Andreas Schwab
a46956e65d stdio-common: Add missing dependencies (bug 29780)
Handle all object suffixes for dependencies of errlist-data and siglist
objects.
2022-11-21 17:37:33 +01:00
Adhemerval Zanella
8d98c7c00f configure: Use -Wno-ignored-attributes if compiler warns about multiple aliases
clang emits an warning when a double alias redirection is used, to warn
the the original symbol will be used even when weak definition is
overridden.  However, this is a common pattern for weak_alias, where
multiple alias are set to same symbol.

Reviewed-by: Fangrui Song <maskray@google.com>
2022-11-01 09:51:06 -03:00
Szabolcs Nagy
b866018f54 Fix missing NUL terminator in stdio-common/scanf13 test
sscanf is only defined on nul terminated string input, but '\0' was
missing in this test which caused _IO_str_init_static_internal to
read OOB on the stack when computing the bounds of the string.

Reviewed-by: Florian Weimer <fweimer@redhat.com>
2022-10-28 11:16:51 +01:00
Samuel Thibault
6841aed6c4 tst-sprintf-errno: Update Hurd message length
03ad444e8e ("mach: Fix incoherency between perror and strerror") fixesd
the output of error messages, but tst-sprintf-errno.c was still checking
the old (erroneous) format length. This updates the expected output length
according to the 03ad444e8e fix.
2022-09-17 17:42:42 +02:00
Samuel Thibault
1918241b55 tst-sprintf-errno: Update Hurd message output
03ad444e8e ("mach: Fix incoherency between perror and strerror")
fixesd the output of error messages, but tst-sprintf-errno.c was still
checking the old (erroneous) format. This updates the expected output
according to the 03ad444e8e fix.
2022-09-11 14:22:04 +02:00
Andreas Schwab
3d7d5c10c8 errlist: add missing entry for EDEADLOCK (bug 29545)
Some architectures (mips, powerpc and sparc) define separate values for
EDEADLOCK and EDEADLK.  Readd the errlist entry for EDEADLOCK for those
configurations.  Also use the dependency files from generating the
auxiliary errlist and siglist files.
2022-09-08 11:40:24 +02:00
Andreas Schwab
ca6466e8be Add test for bug 29530
This tests for a bug that was introduced in commit edc1686af0 ("vfprintf:
Reuse work_buffer in group_number") and fixed as a side effect of commit
6caddd34bd ("Remove most vfprintf width/precision-dependent allocations
(bug 14231, bug 26211).").
2022-08-29 17:05:36 +02:00
Wilco Dijkstra
f107b7b30d libio: Avoid RMW of flags2 outside lock (BZ #27842)
Remove an unconditional RMW on flags2 in flockfile - we don't need to change
_IO_FLAGS2_NEED_LOCK since it isn't used in flockfile or funlockfile.
This fixes BZ #27842.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2022-06-10 13:35:57 +01:00
Florian Weimer
fe8ca369ad stdio-common: Simplify printf_unknown interface in vfprintf-internal.c
The called function does not use the args array, so there is no need
to produce it.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2022-05-24 08:03:11 +02:00
Florian Weimer
46db978347 stdio-common: Move union printf_arg int <printf.h>
The type does not depend on wide vs narrow preprocessor macros,
so it does not need to be customized in stdio-common/printf-parse.h.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2022-05-24 08:03:11 +02:00
Florian Weimer
800d535504 stdio-common: Add printf specifier registry to <printf.h>
Add  __printf_arginfo_table, __printf_function_table,
__printf_va_arg_table, __register_printf_specifier to
include/printf.h.
2022-05-24 08:03:11 +02:00
Florian Weimer
0060a6de54 stdio-common: Add tst-memstream-string for open_memstream overflow
This code path is exercised indirectly by some of the DNS stub
resolver tests, via their own use of xopen_memstream for constructing
strings describing result data.  The relative lack of test suite
coverage became apparent when these tests starting failing after a
printf changes uncovered bug 28949.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2022-05-23 11:06:31 +02:00
Florian Weimer
b094c52b1b __printf_fphex always uses LC_NUMERIC
There is no hexadecimal currency printing.  strfmon uses
__printf_fp_l exclusively.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2022-05-23 11:06:31 +02:00
Florian Weimer
859e7a00af vfprintf: Consolidate some multibyte/wide character processing
form_character and form_string processing a sufficiently similar
that the logic can be shared.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2022-05-23 11:06:31 +02:00
Florian Weimer
5442ea7ffe vfprintf: Move argument processing into vfprintf-process-arg.c
This simplies formatting and helps with debugging.  It also allows
the use of localized COMPILE_WPRINTF preprocessor conditionals.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2022-05-23 11:06:31 +02:00
Florian Weimer
21bb8382b6 stdio-common: Add tst-vfprintf-width-i18n to cover numeric field width
Related to bug 28943 and bug 28944.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2022-05-23 11:06:31 +02:00
Adhemerval Zanella
6fad891dfd stdio: Remove the usage of $(fno-unit-at-a-time) for siglist.c
The siglist.c is built with -fno-toplevel-reorder to avoid compiler
to reorder the compat assembly directives due an assembler
issue [1] (fixed on 2.39).

This patch removes the compiler flags by split the compat symbol
generation in two phases.  First the __sys_siglist and __sys_sigabbrev
without any compat symbol directive is preprocessed to generate an
assembly source code.  This generate assembly is then used as input
on a platform agnostic siglist.S which then creates the compat
definitions.  This prevents compiler to move any compat directive
prior the _sys_errlist definition itself.

Checked on a make check run-built-tests=no on all affected ABIs.

Reviewed-by: Fangrui Song <maskray@google.com>
2022-05-13 10:54:41 -03:00
Adhemerval Zanella
900fa25736 stdio: Remove the usage of $(fno-unit-at-a-time) for errlist.c
The errlist.c is built with -fno-toplevel-reorder to avoid compiler to
reorder the compat assembly directives due an assembler issue [1]
(fixed on 2.39).

This patch removes the compiler flags by split the compat symbol
generation in two phases.  First the _sys_errlist_internal internal
without any compat symbol directive is preprocessed to generate an
assembly source code.  This generate assembly is then used as input
on a platform agnostic errlist-data.S which then creates the compat
definitions.  This prevents compiler to move any compat directive
prior the _sys_errlist_internal definition itself.

Checked on a make check run-built-tests=no on all affected ABIs.

[1] https://sourceware.org/bugzilla/show_bug.cgi?id=29012
2022-05-13 10:54:41 -03:00
Adhemerval Zanella
592b6d00aa stdio: Split __get_errname definition from errlist.c
The loader does not need to pull all __get_errlist definitions
and its size is decreased:

Before:
$ size elf/ld.so
   text    data     bss     dec     hex filename
 197774   11024     456  209254   33166 elf/ld.so

After:
$ size elf/ld.so
   text    data     bss     dec     hex filename
 191510    9936     456  201902   314ae elf/ld.so

Checked on x86_64-linux-gnu.
2022-04-15 09:37:57 -03:00
Florian Weimer
59c30d5708 stdio-common: Add wide stream coverage to tst-vfprintf-user-type
And use TEST_COMPARE_STRING for the narrow tests.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2022-03-18 21:40:03 +01:00
Florian Weimer
e297d33c73 stdio-common: Generate ja_JP.EUC-JP locale
It is needed by tst-swprintf.
2022-03-17 10:50:26 +01:00
Florian Weimer
46c75c9aa2 stdio-common: Re-flow and sort Makefile variables 2022-03-17 10:50:26 +01:00
Paul Eggert
581c785bf3 Update copyright dates with scripts/update-copyrights
I used these shell commands:

../glibc/scripts/update-copyrights $PWD/../gnulib/build-aux/update-copyright
(cd ../glibc && git commit -am"[this commit message]")

and then ignored the output, which consisted lines saying "FOO: warning:
copyright statement not found" for each of 7061 files FOO.

I then removed trailing white space from math/tgmath.h,
support/tst-support-open-dev-null-range.c, and
sysdeps/x86_64/multiarch/strlen-vec.S, to work around the following
obscure pre-commit check failure diagnostics from Savannah.  I don't
know why I run into these diagnostics whereas others evidently do not.

remote: *** 912-#endif
remote: *** 913:
remote: *** 914-
remote: *** error: lines with trailing whitespace found
...
remote: *** error: sysdeps/unix/sysv/linux/statx_cp.c: trailing lines
2022-01-01 11:40:24 -08:00
Samuel Thibault
422e4cd0ff stdio-common: Fix %m sprintf test output for GNU/Hurd
GNU/Hurd has slightly different error messages for undefined numbers,
due to the notion of error subsystems.
2021-12-27 21:23:05 +01:00
Florian Weimer
9702a7901e stdio: Implement %#m for vfprintf and related functions
%#m prints errno as an error constant if one is available, or
a decimal number as a fallback.  This intends to address the gap
that strerrorname_np does not work well with printf for unknown
error codes due to its NULL return values in those cases.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2021-12-23 15:02:50 +01:00
Joseph Myers
309548bec3 Support C2X printf %b, %B
C2X adds a printf %b format (see
<http://www.open-std.org/jtc1/sc22/wg14/www/docs/n2630.pdf>, accepted
for C2X), for outputting integers in binary.  It also has recommended
practice for a corresponding %B format (like %b, but %#B starts the
output with 0B instead of 0b).  Add support for these formats to
glibc.

One existing test uses %b as an example of an unknown format, to test
how glibc printf handles unknown formats; change that to %v.  Use of
%b and %B as user-registered format specifiers continues to work (and
we already have a test that covers that, tst-printfsz.c).

Note that C2X also has scanf %b support, plus support for binary
constants starting 0b in strtol (base 0 and 2) and scanf %i (strtol
base 0 and scanf %i coming from a previous paper that added binary
integer literals).  I intend to implement those features in a separate
patch or patches; as discussed in the thread starting at
<https://sourceware.org/pipermail/libc-alpha/2020-December/120414.html>,
they will be more complicated because they involve adding extra public
symbols to ensure compatibility with existing code that might not
expect 0b constants to be handled by strtol base 0 and 2 and scanf %i,
whereas simply adding a new format specifier poses no such
compatibility concerns.

Note that the actual conversion from integer to string uses existing
code in _itoa.c.  That code has special cases for bases 8, 10 and 16,
probably so that the compiler can optimize division by an integer
constant in the code for those bases.  If desired such special cases
could easily be added for base 2 as well, but that would be an
optimization, not actually needed for these printf formats to work.

Tested for x86_64 and x86.  Also tested with build-many-glibcs.py for
aarch64-linux-gnu with GCC mainline to make sure that the test does
indeed build with GCC 12 (where format checking warnings are enabled
for most of the test).
2021-11-10 15:52:21 +00:00
Joseph Myers
db6c4935fa Fix memmove call in vfprintf-internal.c:group_number
A recent GCC mainline change introduces errors of the form:

vfprintf-internal.c: In function 'group_number':
vfprintf-internal.c:2093:15: error: 'memmove' specified bound between 9223372036854775808 and 18446744073709551615 exceeds maximum object size 9223372036854775807 [-Werror=stringop-overflow=]
 2093 |               memmove (w, s, (front_ptr -s) * sizeof (CHAR_T));
      |               ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

This is a genuine bug in the glibc code: s > front_ptr is always true
at this point in the code, and the intent is clearly for the
subtraction to be the other way round.  The other arguments to the
memmove call here also appear to be wrong; w and s point just *after*
the destination and source for copying the rest of the number, so the
size needs to be subtracted to get appropriate pointers for the
copying.  Adjust the memmove call to conform to the apparent intent of
the code, so fixing the -Wstringop-overflow error.

Now, if the original code were ever executed, a buffer overrun would
result.  However, I believe this code (introduced in commit
edc1686af0, "vfprintf: Reuse work_buffer
in group_number", so in glibc 2.26) is unreachable in prior glibc
releases (so there is no need for a bug in Bugzilla, no need to
consider any backports unless someone wants to build older glibc
releases with GCC 12 and no possibility of this buffer overrun
resulting in a security issue).

work_buffer is 1000 bytes / 250 wide characters.  This case is only
reachable if an initial part of the number, plus a grouped copy of the
rest of the number, fail to fit in that space; that is, if the grouped
number fails to fit in the space.  In the wide character case,
grouping is always one wide character, so even with a locale (of which
there aren't any in glibc) grouping every digit, a number would need
to occupy at least 125 wide characters to overflow, and a 64-bit
integer occupies at most 23 characters in octal including a leading 0.
In the narrow character case, the multibyte encoding of the grouping
separator would need to be at least 42 bytes to overflow, again
supposing grouping every digit, but MB_LEN_MAX is 16.  So even if we
admit the case of artificially constructed locales not shipped with
glibc, given that such a locale would need to use one of the character
sets supported by glibc, this code cannot be reached at present.  (And
POSIX only actually specifies the ' flag for grouping for decimal
output, though glibc acts on it for other bases as well.)

With binary output (if you consider use of grouping there to be
valid), you'd need a 15-byte multibyte character for overflow; I don't
know if any supported character set has such a character (if, again,
we admit constructed locales using grouping every digit and a grouping
separator chosen to have a multibyte encoding as long as possible, as
well as accepting use of grouping with binary), but given that we have
this code at all (clearly it's not *correct*, or in accordance with
the principle of avoiding arbitrary limits, to skip grouping on
running out of internal space like that), I don't think it should need
any further changes for binary printf support to go in.

On the other hand, support for large sizes of _BitInt in printf (see
the N2858 proposal) *would* require something to be done about such
arbitrary limits (presumably using dynamic allocation in printf again,
for sufficiently large _BitInt arguments only - currently only
floating-point uses dynamic allocation, and, as previously discussed,
that could actually be replaced by bounded allocation given smarter
code).

Tested with build-many-glibcs.py for aarch64-linux-gnu (GCC mainline).
Also tested natively for x86_64.
2021-11-08 19:11:51 +00:00
Joseph Myers
a312e8fe6d Fix stdio-common tests for GCC 12 -Waddress
My glibc bot shows failures building the testsuite with GCC mainline
across all architectures:

tst-vfprintf-width-prec.c: In function 'do_test':
tst-vfprintf-width-prec.c:90:16: error: the comparison will always evaluate as 'false' for the address of 'result' will never be NULL [-Werror=address]
   90 |     if (result == NULL)
      |                ^~
tst-vfprintf-width-prec.c:89:13: note: 'result' declared here
   89 |     wchar_t result[100];
      |             ^~~~~~

This is clearly a correct warning; the comparison against NULL is
clearly a cut-and-paste mistake from an earlier case in the test that
does use calloc.  Thus, remove the unnecessary check for NULL shown up
by the warning.

Similarly, two other tests have bogus comparisons against NULL; remove
those as well:

scanf14a.c:95:13: error: the comparison will always evaluate as 'false' for the address of 'fname' will never be NULL [-Werror=address]
   95 |   if (fname == NULL)
      |             ^~
scanf14a.c:93:8: note: 'fname' declared here
   93 |   char fname[strlen (tmpdir) + sizeof "/tst-scanf14.XXXXXX"];
      |        ^~~~~

scanf16a.c:125:13: error: the comparison will always evaluate as 'false' for the address of 'fname' will never be NULL [-Werror=address]
  125 |   if (fname == NULL)
      |             ^~
scanf16a.c:123:8: note: 'fname' declared here
  123 |   char fname[strlen (tmpdir) + sizeof "/tst-scanf16.XXXXXX"];
      |        ^~~~~

Tested with build-many-glibcs.py (GCC mainline) for aarch64-linux-gnu.
2021-10-04 19:10:43 +00:00
Florian Weimer
475b0b92e0 vfprintf: Unify argument handling in process_arg
Instead of checking a pointer argument for NULL, use helper macros
defined differently in the non-positional and positional cases.
This avoids frequent conditional checks and a GCC 12 warning
about comparing pointers against NULL which cannot be NULL.
2021-09-23 11:19:20 +02:00
Florian Weimer
0a5e270bd1 vfprintf: Handle floating-point cases outside of process_arg macro
A lot of the code is unique to the positional and non-positional
code.  Also unify the decimal and hexadecimal cases via the new
helper function __printf_fp_spec.
2021-09-23 11:16:02 +02:00
Siddhesh Poyarekar
30891f35fa Remove "Contributed by" lines
We stopped adding "Contributed by" or similar lines in sources in 2012
in favour of git logs and keeping the Contributors section of the
glibc manual up to date.  Removing these lines makes the license
header a bit more consistent across files and also removes the
possibility of error in attribution when license blocks or files are
copied across since the contributed-by lines don't actually reflect
reality in those cases.

Move all "Contributed by" and similar lines (Written by, Test by,
etc.) into a new file CONTRIBUTED-BY to retain record of these
contributions.  These contributors are also mentioned in
manual/contrib.texi, so we just maintain this additional record as a
courtesy to the earlier developers.

The following scripts were used to filter a list of files to edit in
place and to clean up the CONTRIBUTED-BY file respectively.  These
were not added to the glibc sources because they're not expected to be
of any use in future given that this is a one time task:

https://gist.github.com/siddhesh/b5ecac94eabfd72ed2916d6d8157e7dc
https://gist.github.com/siddhesh/15ea1f5e435ace9774f485030695ee02

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2021-09-03 22:06:44 +05:30
Samuel Thibault
5eb3e2c794 hurd: Fix errlist error mapping
On the Hurd, the errno values don't start at 0, so _sys_errlist_internal
needs index remapping. The _sys_errlist_internal definition already properly
uses ERR_MAP, but __get_errlist and __get_errname were not.
2021-08-23 19:06:49 +02:00
Siddhesh Poyarekar
2d2d9f2b48 Move malloc hooks into a compat DSO
Remove all malloc hook uses from core malloc functions and move it
into a new library libc_malloc_debug.so.  With this, the hooks now no
longer have any effect on the core library.

libc_malloc_debug.so is a malloc interposer that needs to be preloaded
to get hooks functionality back so that the debugging features that
depend on the hooks, i.e. malloc-check, mcheck and mtrace work again.
Without the preloaded DSO these debugging features will be nops.
These features will be ported away from hooks in subsequent patches.

Similarly, legacy applications that need hooks functionality need to
preload libc_malloc_debug.so.

The symbols exported by libc_malloc_debug.so are maintained at exactly
the same version as libc.so.

Finally, static binaries will no longer be able to use malloc
debugging features since they cannot preload the debugging DSO.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Tested-by: Carlos O'Donell <carlos@redhat.com>
2021-07-22 18:37:59 +05:30
Florian Weimer
7fcdb53253 libio: Replace internal _IO_getdelim symbol with __getdelim
__getdelim is exported, _IO_getdelim is not.  Add a hidden prototype
for __getdelim.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2021-07-07 18:33:52 +02:00
Florian Weimer
c8a11c5867 stdio-common: Remove _IO_vfwscanf
The symbol has never been exported, so no compatibility symbol is
needed.  Removing this file prevents ld from creation an exported
symbol in case GLIBC_2_0 expands to a symbol version which
does not have a local: *; directive in the symbol version map file.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2021-06-01 16:00:52 +02:00
Adhemerval Zanella
1abc2fba55 linux: Move funlockfile/_IO_funlockfile into libc
The nptl version is used as default, since now with symbol always
present the single-thread optimization is tricky.

Hurd is not change, it is used it own lock scheme (which call
_cthreads_funlockfile).

Checked on x86_64-linux-gnu.
2021-05-10 23:35:44 -03:00
Adhemerval Zanella
e874d3d189 linux: Move ftrylockfile/_IO_ftrylockfile into libc
The nptl version is used as default, since now with symbol always
present the single-thread optimization is tricky.

Hurd is not change, it is used it own lock scheme (which call
 _cthreads_ftrylockfile).

Checked on x86_64-linux-gnu.
2021-05-10 23:35:44 -03:00
Adhemerval Zanella
7b4e7ca9db linux: Move flockfile/_IO_flockfile into libc
The nptl version is used as default, since now with symbol always
present the single-thread optimization is tricky.

Hurd is not change, it is used it own lock scheme (which call
_cthreads_flockfile).

Checked on x86_64-linux-gnu.
2021-05-10 23:35:44 -03:00
Martin Sebor
26492c0a14 Annotate additional APIs with GCC attribute access.
This change continues the improvements to compile-time out of bounds
checking by decorating more APIs with either attribute access, or by
explicitly providing the array bound in APIs such as tmpnam() that
expect arrays of some minimum size as arguments.  (The latter feature
is new in GCC 11.)

The only effects of the attribute and/or the array bound is to check
and diagnose calls to the functions that fail to provide a sufficient
number of elements, and the definitions of the functions that access
elements outside the specified bounds.  (There is no interplay with
_FORTIFY_SOURCE here yet.)

Tested with GCC 7 through 11 on x86_64-linux.
2021-05-06 11:01:05 -06:00
Alyssa Ross
b03e4d7bd2 stdio: fix vfscanf with matches longer than INT_MAX (bug 27650)
Patterns like %*[ can safely be used to match a great many characters,
and it's quite realisitic to use them for more than INT_MAX characters
from an IO stream.

With the previous approach, after INT_MAX characters (v)fscanf would
return successfully, indicating an end to the match, even though there
wasn't one.
2021-05-03 10:34:11 +02:00
Alejandro Colomar \(man-pages\)
8786bf6eb6 stdio-common/printf-prs.c: Reword comment
'this' can be understood as the current parameter, but in this case it
is meaning the other one, the one holding the width/precission.

'it' better describes that parameter, differentiating it from the
one corresponding to the current specifier.

Signed-off-by: Alejandro Colomar <alx.manpages@gmail.com>
Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2021-03-31 17:20:18 -03:00
Siddhesh Poyarekar
921e6f4198 printf: Add smoke tests for long double
The printf tests have no coverage for long double.  Duplicate the
double tests so that we have some basic coverage.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2021-02-05 09:52:52 +05:30
Mike Hommey
5d5d71b898 stdio-common: Add a few double formatting tests [BZ #27245]
Checked on x86_64-linux-gnu.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2021-02-03 16:47:47 -03:00
Paul Eggert
2b778ceb40 Update copyright dates with scripts/update-copyrights
I used these shell commands:

../glibc/scripts/update-copyrights $PWD/../gnulib/build-aux/update-copyright
(cd ../glibc && git commit -am"[this commit message]")

and then ignored the output, which consisted lines saying "FOO: warning:
copyright statement not found" for each of 6694 files FOO.
I then removed trailing white space from benchtests/bench-pthread-locks.c
and iconvdata/tst-iconv-big5-hkscs-to-2ucs4.c, to work around this
diagnostic from Savannah:
remote: *** pre-commit check failed ...
remote: *** error: lines with trailing whitespace found
remote: error: hook declined to update refs/heads/master
2021-01-02 12:17:34 -08:00
Siddhesh Poyarekar
ee9946ce3c tests: Remove NULL check for an array
The NULL check for an array on stack is pointless since it will always
be false, so drop it.
2020-11-12 13:29:59 +05:30
Andreas Schwab
c0e9ddf59e __vfscanf_internal: fix aliasing violation (bug 26690)
As noted in <https://gcc.gnu.org/bugzilla/show_bug.cgi?id=97264>, the cast
in the call to the read_int function is an aliasing violation.  Change the
type of local variable f to a pointer to unsigned, which allows to
eliminate most casts while only adding three new ones.
2020-10-08 10:09:30 +02:00
Andreas Schwab
8f8052c2aa Revert "Fix missing redirects in testsuite targets"
This reverts commit d5afb38503.  The log files are actually created by the
various shell scripts that drive the tests.
2020-10-08 10:09:30 +02:00
Adhemerval Zanella
cef95fdc2e string: Fix strerrorname_np return value [BZ #26555]
It returns the string of the error constant, not its description (as
strerrordesc_np).  To handle the Hurd error mapping, the ERR_MAP was
removed from errlist.h to errlist.c.

Also, the testcase test-strerr (added on 325081b9eb) was not added
on the check build neither it builds correctly.  This patch also
changed it to decouple from errlist.h, the expected return values
are added explicitly for both both strerrorname_np and strerrordesc_np
directly.

Checked on x86_64-linux-gnu and i686-linux-gnu.  I also run a make
check for i686-gnu.
2020-09-29 13:56:06 -03:00
Joseph Myers
90663e9c81 Fix memory leak in __printf_fp_l (bug 26215).
__printf_fp_l has a memory leak in the case of some I/O errors, where
both buffer and wbuffer have been malloced but the handling of I/O
errors only frees wbuffer.  This patch fixes this by moving the
declaration of buffer to an outer scope and ensuring that it is freed
when wbuffer is freed.

Tested for x86_64 and x86.
2020-07-09 21:52:24 +00:00
Joseph Myers
ede56038e5 Fix double free in __printf_fp_l (bug 26214).
__printf_fp_l has a double free bug in the case where it allocates
memory with malloc internally, then has an I/O error while outputting
trailing padding and tries to free that already-freed memory when the
error occurs.  This patch fixes this by setting the relevant pointer
to NULL after the first free (the only free of this pointer that isn't
immediately followed by returning from the function).

Tested for x86_64 and x86.
2020-07-09 21:51:49 +00:00
Adhemerval Zanella
325081b9eb string: Add strerrorname_np and strerrordesc_np
The strerrorname_np returns error number name (e.g. "EINVAL" for EINVAL)
while strerrordesc_np returns string describing error number (e.g
"Invalid argument" for EINVAL).  Different than strerror,
strerrordesc_np does not attempt to translate the return description,
both functions return NULL for an invalid error number.

They should be used instead of sys_errlist and sys_nerr, both are
thread and async-signal safe.  These functions are GNU extensions.

Checked on x86-64-linux-gnu, i686-linux-gnu, powerpc64le-linux-gnu,
and s390x-linux-gnu.

Tested-by: Carlos O'Donell <carlos@redhat.com>
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2020-07-07 15:02:57 -03:00
Adhemerval Zanella
bfe05aa289 string: Add sigabbrev_np and sigdescr_np
The sigabbrev_np returns the abbreviated signal name (e.g. "HUP" for
SIGHUP) while sigdescr_np returns the string describing the error
number (e.g "Hangup" for SIGHUP).  Different than strsignal,
sigdescr_np does not attempt to translate the return description and
both functions return NULL for an invalid signal number.

They should be used instead of sys_siglist or sys_sigabbrev and they
are both thread and async-signal safe.  They are added as GNU
extensions on string.h header (same as strsignal).

Checked on x86-64-linux-gnu, i686-linux-gnu, powerpc64le-linux-gnu,
and s390x-linux-gnu.

Tested-by: Carlos O'Donell <carlos@redhat.com>
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2020-07-07 14:57:14 -03:00
Adhemerval Zanella
f13d260190 signal: Move sys_errlist to a compat symbol
The symbol is deprecated by strerror since its usage imposes some issues
such as copy relocations.

Its internal name is also changed to _sys_errlist_internal to avoid
static linking usage.  The compat code is also refactored by removing
the over enginered errlist-compat.c generation from manual entried and
extra comment token in linker script file.  It disantangle the code
generation from manual and simplify both Linux and Hurd compat code.

The definitions from errlist.c are moved to errlist.h and a new test
is added to avoid a new errno entry without an associated one in manual.

Checked on x86_64-linux-gnu and i686-linux-gnu. I also run a check-abi
on all affected platforms.

Tested-by: Carlos O'Donell <carlos@redhat.com>
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2020-07-07 14:10:58 -03:00
Adhemerval Zanella
b1ccfc061f signal: Move sys_siglist to a compat symbol
The symbol was deprecated by strsignal and its usage imposes issues
such as copy relocations.

Its internal name is changed to __sys_siglist and __sys_sigabbrev to
avoid static linking usage.  The compat code is also refactored, since
both Linux and Hurd usage the same strategy: export the same array with
different object sizes.

The libSegfault change avoids calling strsignal on the SIGFAULT signal
handler (the current usage is already sketchy, adding a call that
potentially issue locale internal function is even sketchier).

Checked on x86_64-linux-gnu and i686-linux-gnu. I also run a check-abi
on all affected platforms.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2020-07-07 14:10:58 -03:00
Joseph Myers
6caddd34bd Remove most vfprintf width/precision-dependent allocations (bug 14231, bug 26211).
The vfprintf implementation (used for all printf-family functions)
contains complicated logic to allocate internal buffers of a size
depending on the width and precision used for a format, using either
malloc or alloca depending on that size, and with consequent checks
for size overflow and allocation failure.

As noted in bug 26211, the version of that logic used when '$' plus
argument number formats are in use is missing the overflow checks,
which can result in segfaults (quite possibly exploitable, I didn't
try to work that out) when the width or precision is in the range
0x7fffffe0 through 0x7fffffff (maybe smaller values as well in the
wprintf case on 32-bit systems, when the multiplication by sizeof
(CHAR_T) can overflow).

All that complicated logic in fact appears to be useless.  As far as I
can tell, there has been no need (outside the floating-point printf
code, which does its own allocations) for allocations depending on
width or precision since commit
3e95f6602b ("Remove limitation on size
of precision for integers", Sun Sep 12 21:23:32 1999 +0000).  Thus,
this patch removes that logic completely, thereby fixing both problems
with excessive allocations for large width and precision for
non-floating-point formats, and the problem with missing overflow
checks with such allocations.  Note that this does have the
consequence that width and precision up to INT_MAX are now allowed
where previously INT_MAX / sizeof (CHAR_T) - EXTSIZ or more would have
been rejected, so could potentially expose any other overflows where
the value would previously have been rejected by those removed checks.

I believe this completely fixes bugs 14231 and 26211.

Excessive allocations are still possible in the floating-point case
(bug 21127), as are other integer or buffer overflows (see bug 26201).
This does not address the cases where a precision larger than INT_MAX
(embedded in the format string) would be meaningful without printf's
return value overflowing (when it's used with a string format, or %g
without the '#' flag, so the actual output will be much smaller), as
mentioned in bug 17829 comment 8; using size_t internally for
precision to handle that case would be complicated by struct
printf_info being a public ABI.  Nor does it address the matter of an
INT_MIN width being negated (bug 17829 comment 7; the same logic
appears a second time in the file as well, in the form of multiplying
by -1).  There may be other sources of memory allocations with malloc
in printf functions as well (bug 24988, bug 16060).  From inspection,
I think there are also integer overflows in two copies of "if ((width
-= len) < 0)" logic (where width is int, len is size_t and a very long
string could result in spurious padding being output on a 32-bit
system before printf overflows the count of output characters).

Tested for x86-64 and x86.
2020-07-07 14:54:12 +00:00
Paul E. Murphy
e2239af353 Rename __LONG_DOUBLE_USES_FLOAT128 to __LDOUBLE_REDIRECTS_TO_FLOAT128_ABI
Improve the commentary to aid future developers who will stumble
upon this novel, yet not always perfect, mechanism to support
alternative formats for long double.

Likewise, rename __LONG_DOUBLE_USES_FLOAT128 to
__LDOUBLE_REDIRECTS_TO_FLOAT128_ABI now that development work
has settled down.  The command used was

git grep -l __LONG_DOUBLE_USES_FLOAT128 ':!./ChangeLog*' | \
  xargs sed -i 's/__LONG_DOUBLE_USES_FLOAT128/__LDOUBLE_REDIRECTS_TO_FLOAT128_ABI/g'

Reviewed-by: Tulio Magno Quites Machado Filho <tuliom@linux.ibm.com>
2020-04-30 08:52:08 -05:00
Paul E. Murphy
d0d1811fb9 Fix tests which expose ldbl -> _Float128 redirects
The ldbl redirects for ieee128 have some jagged edges when
inspecting and manipulating symbols directly.

e.g asprintf is unconditionally redirected to __asprintfieee128
thus any tests relying on GCC's redirect behavior will encounter
problems if they inspect the symbol names too closely.

I've mitigated tests which expose the limitations of the
ldbl -> f128 redirects by giving them knowledge about the
redirected symbol names.

Hopefully there isn't much user code which depends on this
implementation specific behavior.

Reviewed-by: Tulio Magno Quites Machado Filho <tuliom@linux.ibm.com>
2020-03-25 14:34:23 -05:00
Adhemerval Zanella
910a835dc9 stdio: Add tests for printf multibyte convertion leak [BZ#25691]
Checked on x86_64-linux-gnu and i686-linux-gnu.
2020-03-20 11:02:38 -03:00
Florian Weimer
3cc4a8367c stdio: Remove memory leak from multibyte convertion [BZ#25691]
This is an updated version of a previous patch [1] with the
following changes:

  - Use compiler overflow builtins on done_add_func function.
  - Define the scratch +utstring_converted_wide_string using
    CHAR_T.
  - Added a testcase and mention the bug report.

Both default and wide printf functions might leak memory when
manipulate multibyte characters conversion depending of the size
of the input (whether __libc_use_alloca trigger or not the fallback
heap allocation).

This patch fixes it by removing the extra memory allocation on
string formatting with conversion parts.

The testcase uses input argument size that trigger memory leaks
on unpatched code (using a scratch buffer the threashold to use
heap allocation is lower).

Checked on x86_64-linux-gnu and i686-linux-gnu.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>

[1] https://sourceware.org/pipermail/libc-alpha/2017-June/082098.html
2020-03-20 11:02:38 -03:00
Gabriel F. T. Gomes
e4a3999213 Prepare redirections for IEEE long double on powerpc64le
All functions that have a format string, which can consume a long double
argument, must have one version for each long double format supported on
a platform.  On powerpc64le, these functions currently have two versions
(i.e.: long double with the same format as double, and long double with
IBM Extended Precision format).  Support for a third long double format
option (i.e. long double with IEEE long double format) is being prepared
and all the aforementioned functions now have a third version (not yet
exported on the master branch, but the code is in).

For these functions to get selected (during build time), references to
them in user programs (or dependent libraries) must get redirected to
the aforementioned new versions of the functions.  This patch installs
the header magic required to perform such redirections.

Notice, however, that since the redirections only happen when
__LONG_DOUBLE_USES_FLOAT128 is set to 1, and no platform (including
powerpc64le) currently does it, no redirections actually happen.
Redirections and the exporting of the new functions will happen at the
same time (when powerpc64le adds ldbl-128ibm-compat to their Implies.

Reviewed-by: Tulio Magno Quites Machado Filho <tuliom@linux.ibm.com>
Reviewed-by: Paul E. Murphy <murphyp@linux.vnet.ibm.com>
2020-02-17 15:28:29 -06:00
Joseph Myers
d614a75396 Update copyright dates with scripts/update-copyrights. 2020-01-01 00:14:33 +00:00
Paul Eggert
5a82c74822 Prefer https to http for gnu.org and fsf.org URLs
Also, change sources.redhat.com to sourceware.org.
This patch was automatically generated by running the following shell
script, which uses GNU sed, and which avoids modifying files imported
from upstream:

sed -ri '
  s,(http|ftp)(://(.*\.)?(gnu|fsf|sourceware)\.org($|[^.]|\.[^a-z])),https\2,g
  s,(http|ftp)(://(.*\.)?)sources\.redhat\.com($|[^.]|\.[^a-z]),https\2sourceware.org\4,g
' \
  $(find $(git ls-files) -prune -type f \
      ! -name '*.po' \
      ! -name 'ChangeLog*' \
      ! -path COPYING ! -path COPYING.LIB \
      ! -path manual/fdl-1.3.texi ! -path manual/lgpl-2.1.texi \
      ! -path manual/texinfo.tex ! -path scripts/config.guess \
      ! -path scripts/config.sub ! -path scripts/install-sh \
      ! -path scripts/mkinstalldirs ! -path scripts/move-if-change \
      ! -path INSTALL ! -path  locale/programs/charmap-kw.h \
      ! -path po/libc.pot ! -path sysdeps/gnu/errlist.c \
      ! '(' -name configure \
            -execdir test -f configure.ac -o -f configure.in ';' ')' \
      ! '(' -name preconfigure \
            -execdir test -f preconfigure.ac ';' ')' \
      -print)

and then by running 'make dist-prepare' to regenerate files built
from the altered files, and then executing the following to cleanup:

  chmod a+x sysdeps/unix/sysv/linux/riscv/configure
  # Omit irrelevant whitespace and comment-only changes,
  # perhaps from a slightly-different Autoconf version.
  git checkout -f \
    sysdeps/csky/configure \
    sysdeps/hppa/configure \
    sysdeps/riscv/configure \
    sysdeps/unix/sysv/linux/csky/configure
  # Omit changes that caused a pre-commit check to fail like this:
  # remote: *** error: sysdeps/powerpc/powerpc64/ppc-mcount.S: trailing lines
  git checkout -f \
    sysdeps/powerpc/powerpc64/ppc-mcount.S \
    sysdeps/unix/sysv/linux/s390/s390-64/syscall.S
  # Omit change that caused a pre-commit check to fail like this:
  # remote: *** error: sysdeps/sparc/sparc64/multiarch/memcpy-ultra3.S: last line does not end in newline
  git checkout -f sysdeps/sparc/sparc64/multiarch/memcpy-ultra3.S
2019-09-07 02:43:31 -07:00
Gabriel F. T. Gomes
1626f499d1 Prepare vfprintf to use __printf_fp/__printf_fphex with float128 arg
On powerpc64le, long double can currently take two formats: the same as
double (-mlong-double-64) or IBM Extended Precision (default with
-mlong-double-128 or explicitly with -mabi=ibmlongdouble).  The internal
implementation of printf-like functions is aware of these possibilities
and properly parses floating-point values from the variable arguments,
before making calls to __printf_fp and __printf_fphex.  These functions
are also aware of the format possibilities and know how to convert both
formats to string.

When library support for TS 18661-3 was added to glibc, __printf_fp and
__printf_fphex were extended with support for an additional type
(__float128/_Float128) with a different format (binary128).  Now that
powerpc64le is getting support for its third long double format, and
taking into account that this format is the same as the format of
__float128/_Float128, this patch extends __vfprintf_internal to properly
call __printf_fp and __printf_fphex with this new format.

Tested for powerpc64le (with additional patches to actually enable the
use of these preparations) and for x86_64.

Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2019-06-27 17:51:59 -03:00
Joseph Myers
c5f65462a2 Break lines before not after operators, batch 4.
This patch fixes further coding style issues where code should have
broken lines before operators in accordance with the GNU Coding
Standards but instead was breaking lines after them.

Tested for x86_64, and with build-many-glibcs.py.

	* stdio-common/vfscanf-internal.c (ARG): Break lines before rather
	than after operators.
	* sysdeps/mach/hurd/setitimer.c (timer_thread): Likewise.
	(setitimer_locked): Likewise.
	* sysdeps/mach/hurd/sigaction.c (__sigaction): Likewise.
	* sysdeps/mach/hurd/sigaltstack.c (__sigaltstack): Likewise.
	* sysdeps/mach/pagecopy.h (PAGE_COPY_FWD): Likewise.
	* sysdeps/mach/thread_state.h (machine_get_basic_state): Likewise.
	* sysdeps/powerpc/powerpc64/tst-ucontext-ppc64-vscr.c
	(PPC_CPU_SUPPORTED): Likewise.
	* sysdeps/unix/sysv/linux/alpha/a.out.h (N_TXTOFF): Likewise.
	* sysdeps/unix/sysv/linux/generic/wordsize-32/overflow.h
	(stat_overflow): Likewise.
	(statfs_overflow): Likewise.
	* sysdeps/unix/sysv/linux/tst-personality.c (do_test): Likewise.
	* sysdeps/unix/sysv/linux/tst-ttyname.c (eq_ttyname): Likewise.
	(eq_ttyname_r): Likewise.
	(run_chroot_tests): Likewise.
2019-03-07 20:20:25 +00:00
Samuel Thibault
1b21841775 hurd: Add renameat2 support for RENAME_NOREPLACE
* include/stdio.h (__renameat2): New hidden prototype.
	* stdio-common/renameat2.c (__renameat2): Add hidden definition.
	* sysdeps/mach/hurd/renameat.c (__renameat): Move implementation to...
	* sysdeps/mach/hurd/renameat2.c (__renameat2): ... new function, and
	add support for RENAME_NOREPLACE.
	* sysdeps/unix/sysv/linux/renameat2.c (__renameat2): Add hidden definition.
2019-02-27 09:42:44 -08:00