Commit Graph

1041 Commits

Author SHA1 Message Date
Steve Grubb
590f5992b6 Add some missing access function attributes
This patch adds some missing access function attributes to getrandom /
getentropy and several functions in sys/xattr.h

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
2022-03-10 05:56:33 +05:30
Siddhesh Poyarekar
949ad78a18 realpath: Do not copy result on failure (BZ #28815)
On failure, the contents of the resolved buffer passed in by the caller
to realpath are undefined.  Do not copy any partial resolution to the
buffer and also do not test resolved contents in test-canon.c.

Resolves: BZ #28815

Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2022-02-21 08:26:33 +05:30
Martin Sebor
4f20a1dc52 stdlib: Avoid -Wuse-after-free in __add_to_environ [BZ #26779]
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2022-01-25 17:39:36 -07:00
Siddhesh Poyarekar
84d2d0fe20 realpath: Avoid overwriting preexisting error (CVE-2021-3998)
Set errno and failure for paths that are too long only if no other error
occurred earlier.

Related: BZ #28770

Reviewed-by: Andreas Schwab <schwab@linux-m68k.org>
Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
2022-01-24 21:40:00 +05:30
Siddhesh Poyarekar
976db046bc tst-realpath-toolong: Fix hurd build
Define PATH_MAX to a constant if it isn't already defined, like in hurd.

Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
2022-01-24 11:00:23 +05:30
Siddhesh Poyarekar
ee8d5e33ad realpath: Set errno to ENAMETOOLONG for result larger than PATH_MAX [BZ #28770]
realpath returns an allocated string when the result exceeds PATH_MAX,
which is unexpected when its second argument is not NULL.  This results
in the second argument (resolved) being uninitialized and also results
in a memory leak since the caller expects resolved to be the same as the
returned value.

Return NULL and set errno to ENAMETOOLONG if the result exceeds
PATH_MAX.  This fixes [BZ #28770], which is CVE-2021-3998.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
2022-01-21 23:01:30 +05:30
Siddhesh Poyarekar
f9dab1b5f2 stdlib: Fix formatting of tests list in Makefile
Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
Reviewed-by: Florian Weimer <fweimer@redhat.com>
2022-01-13 18:50:55 +05:30
Siddhesh Poyarekar
5b766603ef stdlib: Sort tests in Makefile
Put one test per line and sort them.

Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
2022-01-13 10:34:37 +05:30
Paul Eggert
581c785bf3 Update copyright dates with scripts/update-copyrights
I used these shell commands:

../glibc/scripts/update-copyrights $PWD/../gnulib/build-aux/update-copyright
(cd ../glibc && git commit -am"[this commit message]")

and then ignored the output, which consisted lines saying "FOO: warning:
copyright statement not found" for each of 7061 files FOO.

I then removed trailing white space from math/tgmath.h,
support/tst-support-open-dev-null-range.c, and
sysdeps/x86_64/multiarch/strlen-vec.S, to work around the following
obscure pre-commit check failure diagnostics from Savannah.  I don't
know why I run into these diagnostics whereas others evidently do not.

remote: *** 912-#endif
remote: *** 913:
remote: *** 914-
remote: *** error: lines with trailing whitespace found
...
remote: *** error: sysdeps/unix/sysv/linux/statx_cp.c: trailing lines
2022-01-01 11:40:24 -08:00
Siddhesh Poyarekar
2bbd07c715 fortify: Fix spurious warning with realpath
The length and object size arguments were swapped around for realpath.
Also add a smoke test so that any changes in this area get caught in
future.

Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2021-12-17 18:49:27 +05:30
Jonathan Wakely
8a9a593115 Add alloc_align attribute to memalign et al
GCC 4.9.0 added the alloc_align attribute to say that a function
argument specifies the alignment of the returned pointer. Clang supports
the attribute too. Using the attribute can allow a compiler to generate
better code if it knows the returned pointer has a minimum alignment.
See https://gcc.gnu.org/PR60092 for more details.

GCC implicitly knows the semantics of aligned_alloc and posix_memalign,
but not the obsolete memalign. As a result, GCC generates worse code
when memalign is used, compared to aligned_alloc.  Clang knows about
aligned_alloc and memalign, but not posix_memalign.

This change adds a new __attribute_alloc_align__ macro to <sys/cdefs.h>
and then uses it on memalign (where it helps GCC) and aligned_alloc
(where GCC and Clang already know the semantics, but it doesn't hurt)
and xposix_memalign. It can't be used on posix_memalign because that
doesn't return a pointer (the allocated pointer is returned via a void**
parameter instead).

Unlike the alloc_size attribute, alloc_align only allows a single
argument. That means the new __attribute_alloc_align__ macro doesn't
really need to be used with double parentheses to protect a comma
between its arguments. For consistency with __attribute_alloc_size__
this patch defines it the same way, so that double parentheses are
required.

Signed-off-by: Jonathan Wakely <jwakely@redhat.com>

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Tested-by: Carlos O'Donell <carlos@redhat.com>
2021-10-21 00:19:20 +01:00
omain GEISSLER
e037274c8e stdlib: Fix tst-canon-bz26341 when the glibc build current working directory is itself using symlinks. 2021-10-20 12:01:40 -03:00
Siddhesh Poyarekar
a643f60c53 Make sure that the fortified function conditionals are constant
In _FORTIFY_SOURCE=3, the size expression may be non-constant,
resulting in branches in the inline functions remaining intact and
causing a tiny overhead.  Clang (and in future, gcc) make sure that
the -1 case is always safe, i.e. any comparison of the generated
expression with (size_t)-1 is always false so that bit is taken care
of.  The rest is avoidable since we want the _chk variant whenever we
have a size expression and it's not -1.

Rework the conditionals in a uniform way to clearly indicate two
conditions at compile time:

- Either the size is unknown (-1) or we know at compile time that the
  operation length is less than the object size.  We can call the
  original function in this case.  It could be that either the length,
  object size or both are non-constant, but the compiler, through
  range analysis, is able to fold the *comparison* to a constant.

- The size and length are known and the compiler can see at compile
  time that operation length > object size.  This is valid grounds for
  a warning at compile time, followed by emitting the _chk variant.

For everything else, emit the _chk variant.

This simplifies most of the fortified function implementations and at
the same time, ensures that only one call from _chk or the regular
function is emitted.

Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2021-10-20 18:12:41 +05:30
Siddhesh Poyarekar
e938c02748 Don't add access size hints to fortifiable functions
In the context of a function definition, the size hints imply that the
size of an object pointed to by one parameter is another parameter.
This doesn't make sense for the fortified versions of the functions
since that's the bit it's trying to validate.

This is harmless with __builtin_object_size since it has fairly simple
semantics when it comes to objects passed as function parameters.
With __builtin_dynamic_object_size we could (as my patchset for gcc[1]
already does) use the access attribute to determine the object size in
the general case but it misleads the fortified functions.

Basically the problem occurs when access attributes are present on
regular functions that have inline fortified definitions to generate
_chk variants; the attributes get inherited by these definitions,
causing problems when analyzing them.  For example with poll(fds, nfds,
timeout), nfds is hinted using the __attr_access as being the size of
fds.

Now, when analyzing the inline function definition in bits/poll2.h, the
compiler sees that nfds is the size of fds and tries to use that
information in the function body.  In _FORTIFY_SOURCE=3 case, where the
object size could be a non-constant expression, this information results
in the conclusion that nfds is the size of fds, which defeats the
purpose of the implementation because we're trying to check here if nfds
does indeed represent the size of fds.  Hence for this case, it is best
to not have the access attribute.

With the attributes gone, the expression evaluation should get delayed
until the function is actually inlined into its destinations.

Disable the access attribute for fortified function inline functions
when building at _FORTIFY_SOURCE=3 to make this work better.  The
access attributes remain for the _chk variants since they can be used
by the compiler to warn when the caller is passing invalid arguments.

[1] https://gcc.gnu.org/pipermail/gcc-patches/2021-October/581125.html

Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
2021-10-20 08:33:31 +05:30
Joseph Myers
a0f0c08e4f Fix stdlib/tst-setcontext.c for GCC 12 -Warray-compare
Building stdlib/tst-setcontext.c fails with GCC mainline:

tst-setcontext.c: In function 'f2':
tst-setcontext.c:61:16: error: comparison between two arrays [-Werror=array-compare]
   61 |   if (on_stack < st2 || on_stack >= st2 + sizeof (st2))
      |                ^
tst-setcontext.c:61:16: note: use '&on_stack[0] < &st2[0]' to compare the addresses

The comparison in this case is deliberate, so adjust it as suggested
in that note.

Tested with build-many-glibcs.py (GCC mainline) for aarch64-linux-gnu.
2021-10-05 14:25:40 +00:00
Siddhesh Poyarekar
30891f35fa Remove "Contributed by" lines
We stopped adding "Contributed by" or similar lines in sources in 2012
in favour of git logs and keeping the Contributors section of the
glibc manual up to date.  Removing these lines makes the license
header a bit more consistent across files and also removes the
possibility of error in attribution when license blocks or files are
copied across since the contributed-by lines don't actually reflect
reality in those cases.

Move all "Contributed by" and similar lines (Written by, Test by,
etc.) into a new file CONTRIBUTED-BY to retain record of these
contributions.  These contributors are also mentioned in
manual/contrib.texi, so we just maintain this additional record as a
courtesy to the earlier developers.

The following scripts were used to filter a list of files to edit in
place and to clean up the CONTRIBUTED-BY file respectively.  These
were not added to the glibc sources because they're not expected to be
of any use in future given that this is a one time task:

https://gist.github.com/siddhesh/b5ecac94eabfd72ed2916d6d8157e7dc
https://gist.github.com/siddhesh/15ea1f5e435ace9774f485030695ee02

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2021-09-03 22:06:44 +05:30
DJ Delorie
ac30324c67 test-dlclose-exit-race: avoid hang on pthread_create error
This test depends on the "last" function being called in a
different thread than the "first" function, as "last" posts
a semaphore that "first" is waiting on.  However, if pthread_create
fails - for example, if running in an older container before
the clone3()-in-container-EPERM fixes - exit() is called in the
same thread as everything else, the semaphore never gets posted,
and first hangs.

The fix is to pre-post that semaphore before a single-threaded
exit.

Reviewed-by: Arjun Shankar <arjun@redhat.com>
2021-08-04 15:33:21 -04:00
Siddhesh Poyarekar
4aedc25f55 __cxa_thread_atexit_impl: Abort on allocation failure [BZ #18524]
Abort in the unlikely event that allocation fails when trying to
register a TLS destructor.

Reviewed-by: Florian Weimer <fweimer@redhat.com>
2021-07-28 13:55:42 +05:30
H.J. Lu
5d98a7dae9 Define PTHREAD_STACK_MIN to sysconf(_SC_THREAD_STACK_MIN)
The constant PTHREAD_STACK_MIN may be too small for some processors.
Rename _SC_SIGSTKSZ_SOURCE to _DYNAMIC_STACK_SIZE_SOURCE.  When
_DYNAMIC_STACK_SIZE_SOURCE or _GNU_SOURCE are defined, define
PTHREAD_STACK_MIN to sysconf(_SC_THREAD_STACK_MIN) which is changed
to MIN (PTHREAD_STACK_MIN, sysconf(_SC_MINSIGSTKSZ)).

Consolidate <bits/local_lim.h> with <bits/pthread_stack_min.h> to
provide a constant target specific PTHREAD_STACK_MIN value.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2021-07-09 15:10:35 -07:00
Florian Weimer
7c241325d6 Force building with -fno-common
As a result, is not necessary to specify __attribute__ ((nocommon))
on individual definitions.

GCC 10 defaults to -fno-common on all architectures except ARC,
but this change is compatible with older GCC versions and ARC, too.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2021-07-09 20:09:14 +02:00
Siddhesh Poyarekar
b8a19968b0 Move mcheck symbol from stdlib to malloc
It is defined in malloc, so it belongs there.  Verified on x86_64 that
the built libraries are identical despite this change.
2021-07-08 18:47:21 +05:30
Florian Weimer
6f1c701026 dlfcn: Cleanups after -ldl is no longer required
This commit removes the ELF constructor and internal variables from
dlfcn/dlfcn.c.  The file now serves the same purpose as
nptl/libpthread-compat.c, so it is renamed to dlfcn/libdl-compat.c.
The use of libdl-shared-only-routines ensures that libdl.a is empty.

This commit adjusts the test suite not to use $(libdl).  The libdl.so
symbolic link is no longer installed.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2021-06-03 09:11:45 +02:00
Martin Sebor
c1760eaf3b Enable support for GCC 11 -Wmismatched-dealloc.
To help detect common kinds of memory (and other resource) management
bugs, GCC 11 adds support for the detection of mismatched calls to
allocation and deallocation functions.  At each call site to a known
deallocation function GCC checks the set of allocation functions
the former can be paired with and, if the two don't match, issues
a -Wmismatched-dealloc warning (something similar happens in C++
for mismatched calls to new and delete).  GCC also uses the same
mechanism to detect attempts to deallocate objects not allocated
by any allocation function (or pointers past the first byte into
allocated objects) by -Wfree-nonheap-object.

This support is enabled for built-in functions like malloc and free.
To extend it beyond those, GCC extends attribute malloc to designate
a deallocation function to which pointers returned from the allocation
function may be passed to deallocate the allocated objects.  Another,
optional argument designates the positional argument to which
the pointer must be passed.

This change is the first step in enabling this extended support for
Glibc.
2021-05-16 15:21:18 -06:00
Vitaly Buka
16adc58e73 stdlib: Fix data race in __run_exit_handlers [BZ #27749]
Keep __exit_funcs_lock almost all the time and unlock it only to execute
callbacks. This fixed two issues.

1. f->func.cxa was modified outside the lock with rare data race like:
	thread 0: __run_exit_handlers unlock __exit_funcs_lock
	thread 1: __internal_atexit locks __exit_funcs_lock
	thread 0: f->flavor = ef_free;
	thread 1: sees ef_free and use it as new
	thread 1: new->func.cxa.fn = (void (*) (void *, int)) func;
	thread 1: new->func.cxa.arg = arg;
	thread 1: new->flavor = ef_cxa;
	thread 0: cxafct = f->func.cxa.fn;  // it's wrong fn!
	thread 0: cxafct (f->func.cxa.arg, status);  // it's wrong arg!
	thread 0: goto restart;
	thread 0: call the same exit_function again as it's ef_cxa

2. Don't unlock in main while loop after *listp = cur->next. If *listp
   is NULL and __exit_funcs_done is false another thread may fail in
   __new_exitfn on assert (l != NULL):
	 thread 0: *listp = cur->next;  // It can be the last: *listp = NULL.
	 thread 0: __libc_lock_unlock
	 thread 1: __libc_lock_lock in __on_exit
	 thread 1: __new_exitfn
	 thread 1: if (__exit_funcs_done)  // false: thread 0 isn't there yet.
	 thread 1: l = *listp
	 thread 1: moves one and crashes on assert (l != NULL);

The test needs multiple iterations to consistently fail without the fix.

Fixes https://sourceware.org/bugzilla/show_bug.cgi?id=27749

Checked on x86_64-linux-gnu.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2021-05-14 11:36:40 -03:00
Martin Sebor
26492c0a14 Annotate additional APIs with GCC attribute access.
This change continues the improvements to compile-time out of bounds
checking by decorating more APIs with either attribute access, or by
explicitly providing the array bound in APIs such as tmpnam() that
expect arrays of some minimum size as arguments.  (The latter feature
is new in GCC 11.)

The only effects of the attribute and/or the array bound is to check
and diagnose calls to the functions that fail to provide a sufficient
number of elements, and the definitions of the functions that access
elements outside the specified bounds.  (There is no interplay with
_FORTIFY_SOURCE here yet.)

Tested with GCC 7 through 11 on x86_64-linux.
2021-05-06 11:01:05 -06:00
Florian Weimer
93d78ec1cb nptl: Move pthread_setcancelstate into libc
No new symbol version is required because there was a forwarder.

The symbol has been moved using scripts/move-symbol-to-libc.py.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2021-04-21 19:49:50 +02:00
Siddhesh Poyarekar
716a3bdc41 support: Add capability to fork an sgid child
Add a new function support_capture_subprogram_self_sgid that spawns an
sgid child of the running program with its own image and returns the
exit code of the child process.  This functionality is used by at
least three tests in the testsuite at the moment, so it makes sense to
consolidate.

There is also a new function support_subprogram_wait which should
provide simple system() like functionality that does not set up file
actions.  This is useful in cases where only the return code of the
spawned subprocess is interesting.

This patch also ports tst-secure-getenv to this new function.  A
subsequent patch will port other tests.  This also brings an important
change to tst-secure-getenv behaviour.  Now instead of succeeding, the
test fails as UNSUPPORTED if it is unable to spawn a setgid child,
which is how it should have been in the first place.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2021-04-12 19:03:19 +05:30
Samuel Thibault
64786a7090 fork.h: replace with register-atfork.h
UNREGISTER_ATFORK is now defined for all ports in register-atfork.h, so most
previous includes of fork.h actually only need register-atfork.h now, and
cxa_finalize.c does not need an ifdef UNREGISTER_ATFORK any more.

The nptl-specific fork generation counters can then go to pthreadP.h, and
fork.h be removed.

Checked on x86_64-linux-gnu and i686-gnu.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2021-03-29 21:41:09 +02:00
Samuel Thibault
4631c2372a stdlib: Fix BZ #26241 testcase on GNU/Hurd
GNU/Hurd's readlink system call is partly implemented in userspace, which
also allocates a buffer on the stack for the result, and thus needs one
more path.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2021-03-24 21:58:05 +01:00
Adhemerval Zanella
961d7cff51 stdlib: Add testcase for BZ #26241
Old implementation of realpath allocates a PATH_MAX using alloca for
each symlink in the path, leading to MAXSYMLINKS times PATH_MAX
maximum stack usage.

The test create a symlink with __eloop_threshold() loops and creates
a thread with minimum stack size (obtained through
support_small_stack_thread_attribute).  The thread issues a stack
allocations that fill the thread allocated stack minus some slack
plus and the realpath usage (which assumes a bounded stack usage).
If realpath uses more than about 2 * PATH_MAX plus some slack it
triggers a stackoverflow.

Checked on x86_64-linux-gnu and i686-linux-gnu.

Reviewed-by: DJ Delorie <dj@redhat.com>
2021-01-20 11:13:53 -03:00
Adhemerval Zanella
42dda89dcb posix: Fix return value of system if shell can not be executed [BZ #27053]
POSIX states that system returned code for failure to execute the shell
shall be as if the shell had terminated using _exit(127).  This
behaviour was removed with 5fb7fc9635.

Checked on x86_64-linux-gnu.
2021-01-11 12:26:58 -03:00
Adhemerval Zanella
c6e0b0b5b0 stdlib: Sync canonicalize with gnulib [BZ #10635] [BZ #26592] [BZ #26341] [BZ #24970]
It sync with gnulib version ae9fb3d66.  The testcase for BZ#23741
(stdlib/test-bz22786.c) is adjusted to check also for ENOMEM.

The patch fixes multiple realpath issues:

  - Portability fixes for errno clobbering on free (BZ#10635).  The
    function does not call free directly anymore, although it might be
    done through scratch_buffer_free.  The free errno clobbering is
    being tracked by BZ#17924.

  - Pointer arithmetic overflows in realpath (BZ#26592).

  - Realpath cyclically call __alloca(path_max) to consume too much
    stack space (BZ#26341).

  - Realpath mishandles EOVERFLOW; stat not needed anyway (BZ#24970).
    The check is done through faccessat now.

Checked on x86_64-linux-gnu and i686-linux-gnu.
2021-01-05 11:33:16 -03:00
Paul Eggert
2b778ceb40 Update copyright dates with scripts/update-copyrights
I used these shell commands:

../glibc/scripts/update-copyrights $PWD/../gnulib/build-aux/update-copyright
(cd ../glibc && git commit -am"[this commit message]")

and then ignored the output, which consisted lines saying "FOO: warning:
copyright statement not found" for each of 6694 files FOO.
I then removed trailing white space from benchtests/bench-pthread-locks.c
and iconvdata/tst-iconv-big5-hkscs-to-2ucs4.c, to work around this
diagnostic from Savannah:
remote: *** pre-commit check failed ...
remote: *** error: lines with trailing whitespace found
remote: error: hook declined to update refs/heads/master
2021-01-02 12:17:34 -08:00
Siddhesh Poyarekar
f9de8bfe1a nonstring: Enable __FORTIFY_LEVEL=3
Use __builtin_dynamic_object_size in the remaining functions that
don't have compiler builtins as is the case for string functions.
2020-12-31 16:55:21 +05:30
Lode Willems
59d572ef61 getenv: Move call to strlen to the branch it's used in.
The len variable is only used in the else branch.
We don't need the call to strlen if the name is 0 or 1 characters long.

2019-10-02  Lode Willems  <Lode.Willems@UGent.be>

	* tdlib/getenv.c: Move the call to strlen into the branch it's used.
2020-12-18 12:02:28 +05:30
Joseph Myers
e182654151 Remove strtoimax, strtoumax, wcstoimax, wcstoumax inlines
inttypes.h has inline implementations of the strtoimax, strtoumax,
wcstoimax and wcstoumax functions, despite the corresponding stdlib.h
and wchar.h inlines having been removed in 2007 (commit
9b2e9577b2).

Remove those inlines, thereby eliminating all references to the
corresponding __*_internal functions from installed headers (so they
could be made into compat symbols in future if desired).

Tested for x86_64 and x86.
2020-12-14 17:51:38 +00:00
Jonny Grant
2ea6af7447 Fix spelling and grammar in several comments 2020-12-12 01:16:56 +01:00
Joseph Myers
224b419d1e Make strtoimax, strtoumax, wcstoimax, wcstoumax into aliases
The functions strtoimax, strtoumax, wcstoimax, wcstoumax currently
have three implementations each (wordsize-32, wordsize-64 and dummy
implementation in stdlib/ using #error), defining the functions as
thin wrappers round corresponding *_internal functions.  Simplify the
code by changing them into aliases of functions such as strtol and
wcstoull.  This is more consistent with how e.g. imaxdiv is handled.

Tested for x86_64 and x86.
2020-12-08 18:15:27 +00:00
Andreas Schwab
8f8052c2aa Revert "Fix missing redirects in testsuite targets"
This reverts commit d5afb38503.  The log files are actually created by the
various shell scripts that drive the tests.
2020-10-08 10:09:30 +02:00
Adhemerval Zanella
04986243d1 Remove internal usage of extensible stat functions
It replaces the internal usage of __{f,l}xstat{at}{64} with the
__{f,l}stat{at}{64}.  It should not change the generate code since
sys/stat.h explicit defines redirections to internal calls back to
xstat* symbols.

Checked with a build for all affected ABIs.  I also check on
x86_64-linux-gnu and i686-linux-gnu.

Reviewed-by: Lukasz Majewski <lukma@denx.de>
2020-09-11 14:35:32 -03:00
Joseph Myers
c6aac3bf36 Fix typo in comment in bug 26137 fix. 2020-07-01 14:53:30 +00:00
Joseph Myers
09555b9721 Fix strtod multiple-precision division bug (bug 26137).
Bug 26137 reports spurious "inexact" exceptions from strtod, on 32-bit
systems only, for a decimal argument that is exactly 1 + 2^-32.  In
fact the same issue also appears for 1 + 2^-64 and 1 + 2^-96 as
arguments to strtof128 on 32-bit systems, and 1 + 2^-64 as an argument
to strtof128 on 64-bit systems.  In FE_DOWNWARD or FE_TOWARDZERO mode,
the return value is also incorrect.

The problem is in the multiple-precision division logic used in the
case of dividing by a denominator that occupies at least three GMP
limbs.  There was a comment "The division does not work if the upper
limb of the two-limb mumerator is greater than the denominator.", but
in fact there were problems for the case of equality (that is, where
the high limbs are equal, offset by some multiple of the GMP limb
size) as well.  In such cases, the code used "quot = ~(mp_limb_t) 0;"
(with subsequent correction if that is an overestimate), because
udiv_qrnnd does not support the case of equality, but it's possible
for the shifted numerator to be greater than or equal to the
denominator, in which case that is an underestimate.  To avoid that,
this patch changes the ">" condition to ">=", meaning the first
division is done with a zero high word.

The tests added are all 1 + 2^-n for n from 1 to 113 except for those
that were already present in tst-strtod-round-data.

Tested for x86_64 and x86.
2020-06-30 23:04:06 +00:00
John Marshall
354b98cdfd random: range is not portably RAND_MAX [BZ #7003]
On other platforms, RAND_MAX (which is the range of rand(3))
may differ from 2^31-1 (which is the range of random(3)).

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2020-06-30 14:20:17 -04:00
Carlos O'Donell
61af4bbb2a mbstowcs: Document, test, and fix null pointer dst semantics (Bug 25219)
The function mbstowcs, by an XSI extension to POSIX, accepts a null
pointer for the destination wchar_t array.  This API behaviour allows
you to use the function to compute the length of the required wchar_t
array i.e. does the conversion without storing it and returns the
number of wide characters required.

We remove the __write_only__ markup for the first argument because it
is not true since the destination may be a null pointer, and so the
length argument may not apply.  We remove the markup otherwise the new
test case cannot be compiled with -Werror=nonnull.

We add a new test case for mbstowcs which exercises the destination is
a null pointer behaviour which we have now explicitly documented.

The mbsrtowcs and mbsnrtowcs behave similarly, and mbsrtowcs is
documented as doing this in C11, even if the standard doesn't come out
and call out this specific use case.  We add one note to each of
mbsrtowcs and mbsnrtowcs to call out that they support a null pointer
for the destination.

The wcsrtombs function behaves similarly but in the other way around
and allows you to use a null destination pointer to compute how many
bytes you would need to convert the wide character input.  We document
this particular case also, but leave wcsnrtombs as a references to
wcsrtombs, so the reader must still read the details of the semantics
for wcsrtombs.
2020-06-01 12:26:32 -04:00
Martin Sebor
06febd8c67 improve out-of-bounds checking with GCC 10 attribute access [BZ #25219]
Adds the access attribute newly introduced in GCC 10 to the subset of
function declarations that are already covered by _FORTIFY_SOURCE and
that don't have corresponding GCC built-in equivalents.

Reviewed-by: DJ Delorie <dj@redhat.com>
2020-05-04 11:21:50 -06:00
Paul E. Murphy
e2239af353 Rename __LONG_DOUBLE_USES_FLOAT128 to __LDOUBLE_REDIRECTS_TO_FLOAT128_ABI
Improve the commentary to aid future developers who will stumble
upon this novel, yet not always perfect, mechanism to support
alternative formats for long double.

Likewise, rename __LONG_DOUBLE_USES_FLOAT128 to
__LDOUBLE_REDIRECTS_TO_FLOAT128_ABI now that development work
has settled down.  The command used was

git grep -l __LONG_DOUBLE_USES_FLOAT128 ':!./ChangeLog*' | \
  xargs sed -i 's/__LONG_DOUBLE_USES_FLOAT128/__LDOUBLE_REDIRECTS_TO_FLOAT128_ABI/g'

Reviewed-by: Tulio Magno Quites Machado Filho <tuliom@linux.ibm.com>
2020-04-30 08:52:08 -05:00
Joseph Myers
dbb188dd87 Remove unused floating-point configuration from gmp-impl.h.
This patch removes the IEEE_DOUBLE_BIG_ENDIAN and
IEEE_DOUBLE_MIXED_ENDIAN macros from gmp-impl.h and gmp-mparam.h, and
the ieee_double_extract union from gmp-impl.h.  The macros were used
only in defining the union, which was used nowhere in glibc.  As GMP's
gmp-impl.h is over 5000 lines, the file in glibc is so far from the
GMP version that it doesn't seem to make sense to keep things there
that are not relevant in glibc.  (I expect there is plenty more in the
header after this patch that is also not relevant in glibc and can be
cleaned up later.)

Tested with build-many-glibcs.py that installed stripped shared
libraries are unchanged by this patch.
2020-04-28 15:05:09 +00:00
Joseph Myers
319d2a7b60 Add GRND_INSECURE from Linux 5.6 to sys/random.h
This patch adds the GRND_INSECURE constant from Linux 5.6 to glibc's
sys/random.h.  This is also added to the documentation.  The constant
acts as a no-op for the Hurd implementation (as that doesn't check
whether the flags are known), which is semantically fine, while older
Linux kernels reject unknown flags with an EINVAL error.

Tested for x86_64.
2020-04-09 21:21:16 +00:00
Adhemerval Zanella
4eda036f5b stdlib: Move tst-system to tests-container
Fix some issues with different shell and error messages.

Checked on x86_64-linux-gnu and i686-linux-gnu.
2020-03-25 09:50:45 -03:00
Adhemerval Zanella
f09542c584 posix: Fix system error return value [BZ #25715]
It fixes 5fb7fc9635 when posix_spawn fails.

Checked on x86_64-linux-gnu and i686-linux-gnu.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2020-03-23 18:00:38 -03:00
Vineet Gupta
a9f4703d93 gcc PR 89877: miscompilation due to missing cc clobber in longlong.h macros
simple test such as below was failing.

| void main(int argc, char *argv[])
| {
|    size_t total_time = 115424;                       // expected 115.424
|    double secs = (double)total_time/(double)1000;
|    printf("%s %d %lf\n", "secs", total_time, secs);  // prints 113.504
|    printf("%d\n", (size_t)secs);
| }

The printf eventually called into glibc stdlib/divrem.c:__mpn_divrem()
which uses the __arc__ specific inline asm macros from longlong.h which
were causing miscompilation.

include/
2019-03-28  Vineet Gupta <vgupta@synopsys.com>

	PR 89877

	* longlong.h [__arc__] (add_ssaaaa): Add cc clobber
	(sub_ddmmss): Likewise.

Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
2020-03-10 18:57:28 -07:00
Gabriel F. T. Gomes
e4a3999213 Prepare redirections for IEEE long double on powerpc64le
All functions that have a format string, which can consume a long double
argument, must have one version for each long double format supported on
a platform.  On powerpc64le, these functions currently have two versions
(i.e.: long double with the same format as double, and long double with
IBM Extended Precision format).  Support for a third long double format
option (i.e. long double with IEEE long double format) is being prepared
and all the aforementioned functions now have a third version (not yet
exported on the master branch, but the code is in).

For these functions to get selected (during build time), references to
them in user programs (or dependent libraries) must get redirected to
the aforementioned new versions of the functions.  This patch installs
the header magic required to perform such redirections.

Notice, however, that since the redirections only happen when
__LONG_DOUBLE_USES_FLOAT128 is set to 1, and no platform (including
powerpc64le) currently does it, no redirections actually happen.
Redirections and the exporting of the new functions will happen at the
same time (when powerpc64le adds ldbl-128ibm-compat to their Implies.

Reviewed-by: Tulio Magno Quites Machado Filho <tuliom@linux.ibm.com>
Reviewed-by: Paul E. Murphy <murphyp@linux.vnet.ibm.com>
2020-02-17 15:28:29 -06:00
Florian Weimer
ab3df8154f stdlib: Reduce namespace pollution in <inttypes.h>
The namespace pollution results in conform test failures if the tests
are run __USE_EXTERN_INLINES defined (e.g., when configuring with
CC="gcc -O3" CXX="g++ -O3").
2020-02-17 19:47:06 +01:00
Joseph Myers
d614a75396 Update copyright dates with scripts/update-copyrights. 2020-01-01 00:14:33 +00:00
Samuel Thibault
8eaf34eda2 hurd: Fix local PLT
* include/sys/random.h (__getrandom): Add hidden prototype.
* stdlib/getrandom.c (getrandom): Rename to hidden definition __getrandom.
Add weak alias.
* sysdeps/mach/hurd/getrandom.c (getrandom): Likewise.
* sysdeps/unix/sysv/linux/getrandom.c (getrandom): Likewise.
* sysdeps/mach/hurd/getentropy.c (getentropy): Use __getrandom instead of
getrandom.
2019-12-13 11:11:54 +01:00
Florian Weimer
8b196ac4b8 Expand $(as-needed) and $(no-as-needed) throughout the build system
Since commit a3cc4f48e9 ("Remove
--as-needed configure test."), --as-needed support is no longer
optional.

The macros are not much shorter and do not provide documentary
value, either, so this commit removes them.
2019-12-03 21:37:50 +01:00
Rajalakshmi Srinivasaraghavan
66fa30828a ldbl-128ibm-compat: Add strfmon_l with IEEE long double format
Similarly to what has been done for printf-like functions, more
specifically to the internal implementation in __vfprintf_internal, this
patch extends __vstrfmon_l_internal to deal with long double values with
binary128 format (as a third format option and reusing the float128
implementation).

Tested for powerpc64le, powerpc64, x86_64, and with build-many-glibcs.

Reviewed-by: Paul E. Murphy <murphyp@linux.ibm.com>
2019-12-03 13:30:37 -03:00
Paul Eggert
5a82c74822 Prefer https to http for gnu.org and fsf.org URLs
Also, change sources.redhat.com to sourceware.org.
This patch was automatically generated by running the following shell
script, which uses GNU sed, and which avoids modifying files imported
from upstream:

sed -ri '
  s,(http|ftp)(://(.*\.)?(gnu|fsf|sourceware)\.org($|[^.]|\.[^a-z])),https\2,g
  s,(http|ftp)(://(.*\.)?)sources\.redhat\.com($|[^.]|\.[^a-z]),https\2sourceware.org\4,g
' \
  $(find $(git ls-files) -prune -type f \
      ! -name '*.po' \
      ! -name 'ChangeLog*' \
      ! -path COPYING ! -path COPYING.LIB \
      ! -path manual/fdl-1.3.texi ! -path manual/lgpl-2.1.texi \
      ! -path manual/texinfo.tex ! -path scripts/config.guess \
      ! -path scripts/config.sub ! -path scripts/install-sh \
      ! -path scripts/mkinstalldirs ! -path scripts/move-if-change \
      ! -path INSTALL ! -path  locale/programs/charmap-kw.h \
      ! -path po/libc.pot ! -path sysdeps/gnu/errlist.c \
      ! '(' -name configure \
            -execdir test -f configure.ac -o -f configure.in ';' ')' \
      ! '(' -name preconfigure \
            -execdir test -f preconfigure.ac ';' ')' \
      -print)

and then by running 'make dist-prepare' to regenerate files built
from the altered files, and then executing the following to cleanup:

  chmod a+x sysdeps/unix/sysv/linux/riscv/configure
  # Omit irrelevant whitespace and comment-only changes,
  # perhaps from a slightly-different Autoconf version.
  git checkout -f \
    sysdeps/csky/configure \
    sysdeps/hppa/configure \
    sysdeps/riscv/configure \
    sysdeps/unix/sysv/linux/csky/configure
  # Omit changes that caused a pre-commit check to fail like this:
  # remote: *** error: sysdeps/powerpc/powerpc64/ppc-mcount.S: trailing lines
  git checkout -f \
    sysdeps/powerpc/powerpc64/ppc-mcount.S \
    sysdeps/unix/sysv/linux/s390/s390-64/syscall.S
  # Omit change that caused a pre-commit check to fail like this:
  # remote: *** error: sysdeps/sparc/sparc64/multiarch/memcpy-ultra3.S: last line does not end in newline
  git checkout -f sysdeps/sparc/sparc64/multiarch/memcpy-ultra3.S
2019-09-07 02:43:31 -07:00
Paul Eggert
e6855a3bdf Fix spellings of contributor names in comments and doc 2019-08-23 13:11:05 -07:00
Joseph Myers
0175c9e9be Declare most TS 18661-1 interfaces for C2X.
C2X adds the interfaces from TS 18661-1, and all except a handful in
Annex F are unconditionally visible in C2X rather than only visible
when __STDC_WANT_IEC_60559_BFP_EXT__ is defined.  This patch updates
glibc headers accordingly: most uses of __GLIBC_USE
(IEC_60559_BFP_EXT) are changed to a new __GLIBC_USE
(IEC_60559_BFP_EXT_C2X).  (Regarding totalorder and totalordermag, the
type-generic macros in tgmath.h will go away when the functions are
changed to take pointer arguments.)

	* bits/libc-header-start.h (__GLIBC_USE_IEC_60559_BFP_EXT): Update
	comment.
	(__GLIBC_USE_IEC_60559_BFP_EXT_C2X): New macro.
	* bits/fenv.h [__GLIBC_USE (IEC_60559_BFP_EXT)]: Change to
	[__GLIBC_USE (IEC_60559_BFP_EXT_C2X)].
	* include/limits.h [__GLIBC_USE (IEC_60559_BFP_EXT)]: Likewise.
	* math/fenv.h [__GLIBC_USE (IEC_60559_BFP_EXT)]: Likewise.
	* math/math.h [__GLIBC_USE (IEC_60559_BFP_EXT)]: Likewise.
	* stdlib/bits/stdlib-ldbl.h [__GLIBC_USE (IEC_60559_BFP_EXT)]:
	Likewise.
	* stdlib/stdint.h [__GLIBC_USE (IEC_60559_BFP_EXT)]: Likewise.
	* stdlib/stdlib.h [__GLIBC_USE (IEC_60559_BFP_EXT)]: Likewise.
	* sysdeps/aarch64/bits/fenv.h [__GLIBC_USE (IEC_60559_BFP_EXT)]:
	Likewise.
	* sysdeps/alpha/fpu/bits/fenv.h [__GLIBC_USE (IEC_60559_BFP_EXT)]:
	Likewise.
	* sysdeps/arm/bits/fenv.h [__GLIBC_USE (IEC_60559_BFP_EXT)]:
	Likewise.
	* sysdeps/csky/bits/fenv.h [__GLIBC_USE (IEC_60559_BFP_EXT)]:
	Likewise.
	* sysdeps/hppa/fpu/bits/fenv.h [__GLIBC_USE (IEC_60559_BFP_EXT)]:
	Likewise.
	* sysdeps/ia64/bits/fenv.h [__GLIBC_USE (IEC_60559_BFP_EXT)]:
	Likewise.
	* sysdeps/m68k/bits/fenv.h [__GLIBC_USE (IEC_60559_BFP_EXT)]:
	Likewise.
	* sysdeps/microblaze/bits/fenv.h [__GLIBC_USE
	(IEC_60559_BFP_EXT)]: Likewise.
	* sysdeps/mips/bits/fenv.h [__GLIBC_USE (IEC_60559_BFP_EXT)]:
	Likewise.
	* sysdeps/nios2/bits/fenv.h [__GLIBC_USE (IEC_60559_BFP_EXT)]:
	Likewise.
	* sysdeps/powerpc/bits/fenv.h [__GLIBC_USE (IEC_60559_BFP_EXT)]:
	Likewise.
	* sysdeps/riscv/bits/fenv.h [__GLIBC_USE (IEC_60559_BFP_EXT)]:
	Likewise.
	* sysdeps/s390/fpu/bits/fenv.h [__GLIBC_USE (IEC_60559_BFP_EXT)]:
	Likewise.
	* sysdeps/sh/bits/fenv.h [__GLIBC_USE (IEC_60559_BFP_EXT)]:
	Likewise.
	* sysdeps/sparc/fpu/bits/fenv.h [__GLIBC_USE (IEC_60559_BFP_EXT)]:
	Likewise.
	* sysdeps/x86/fpu/bits/fenv.h [__GLIBC_USE (IEC_60559_BFP_EXT)]:
	Likewise.
	* math/bits/mathcalls.h [__GLIBC_USE (IEC_60559_BFP_EXT)]:
	Likewise, except for totalorder, totalordermag, getpayload,
	setpayload and setpayloadsig.
	* math/tgmath.h [__GLIBC_USE (IEC_60559_BFP_EXT)]: Likewise,
	except for totalorder and totalordermag.
2019-08-13 11:28:51 +00:00
Adhemerval Zanella
9bf8e29ca1 malloc: make malloc fail with requests larger than PTRDIFF_MAX (BZ#23741)
As discussed previously on libc-alpha [1], this patch follows up the idea
and add both the __attribute_alloc_size__ on malloc functions (malloc,
calloc, realloc, reallocarray, valloc, pvalloc, and memalign) and limit
maximum requested allocation size to up PTRDIFF_MAX (taking into
consideration internal padding and alignment).

This aligns glibc with gcc expected size defined by default warning
-Walloc-size-larger-than value which warns for allocation larger than
PTRDIFF_MAX.  It also aligns with gcc expectation regarding libc and
expected size, such as described in PR#67999 [2] and previously discussed
ISO C11 issues [3] on libc-alpha.

From the RFC thread [4] and previous discussion, it seems that consensus
is only to limit such requested size for malloc functions, not the system
allocation one (mmap, sbrk, etc.).

The implementation changes checked_request2size to check for both overflow
and maximum object size up to PTRDIFF_MAX. No additional checks are done
on sysmalloc, so it can still issue mmap with values larger than
PTRDIFF_T depending on the requested size.

The __attribute_alloc_size__ is for functions that return a pointer only,
which means it cannot be applied to posix_memalign (see remarks in GCC
PR#87683 [5]). The runtimes checks to limit maximum requested allocation
size does applies to posix_memalign.

Checked on x86_64-linux-gnu and i686-linux-gnu.

[1] https://sourceware.org/ml/libc-alpha/2018-11/msg00223.html
[2] https://gcc.gnu.org/bugzilla//show_bug.cgi?id=67999
[3] https://sourceware.org/ml/libc-alpha/2011-12/msg00066.html
[4] https://sourceware.org/ml/libc-alpha/2018-11/msg00224.html
[5] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87683

	[BZ #23741]
	* malloc/hooks.c (malloc_check, realloc_check): Use
	__builtin_add_overflow on overflow check and adapt to
	checked_request2size change.
	* malloc/malloc.c (__libc_malloc, __libc_realloc, _mid_memalign,
	__libc_pvalloc, __libc_calloc, _int_memalign): Limit maximum
	allocation size to PTRDIFF_MAX.
	(REQUEST_OUT_OF_RANGE): Remove macro.
	(checked_request2size): Change to inline function and limit maximum
	requested size to PTRDIFF_MAX.
	(__libc_malloc, __libc_realloc, _int_malloc, _int_memalign): Limit
	maximum allocation size to PTRDIFF_MAX.
	(_mid_memalign): Use _int_memalign call for overflow check.
	(__libc_pvalloc): Use __builtin_add_overflow on overflow check.
	(__libc_calloc): Use __builtin_mul_overflow for overflow check and
	limit maximum requested size to PTRDIFF_MAX.
	* malloc/malloc.h (malloc, calloc, realloc, reallocarray, memalign,
	valloc, pvalloc): Add __attribute_alloc_size__.
	* stdlib/stdlib.h (malloc, realloc, reallocarray, valloc): Likewise.
	* malloc/tst-malloc-too-large.c (do_test): Add check for allocation
	larger than PTRDIFF_MAX.
	* malloc/tst-memalign.c (do_test): Disable -Walloc-size-larger-than=
	around tests of malloc with negative sizes.
	* malloc/tst-posix_memalign.c (do_test): Likewise.
	* malloc/tst-pvalloc.c (do_test): Likewise.
	* malloc/tst-valloc.c (do_test): Likewise.
	* malloc/tst-reallocarray.c (do_test): Replace call to reallocarray
	with resulting size allocation larger than PTRDIFF_MAX with
	reallocarray_nowarn.
	(reallocarray_nowarn): New function.
	* NEWS: Mention the malloc function semantic change.
2019-04-18 17:30:06 -03:00
Mike Gerow
bae8cf0e93 stdlib/tst-secure-getenv: handle >64 groups
This test would fail unnecessarily if the user running it had more than
64 groups since getgroups returns EINVAL if the size provided is less
than the number of supplementary group IDs. Instead dynamically
determine the number of supplementary groups the user has.
2019-04-17 11:45:34 +02:00
Zack Weinberg
29218b265f
Move inttypes.h and stdint.h to stdlib.
inttypes.h and stdint.h are in sysdeps/generic, but there are no other
versions of these headers anywhere in the source tree, so they aren’t
actually system-dependent.  Move them to the subdirectory that
installs them (stdlib).

Reviewed-by: Joseph Myers <joseph@codesourcery.com>

	* sysdeps/generic/inttypes.h, sysdeps/generic/stdint.h:
	Move to stdlib.
	* include/inttypes.h: Adjust to match.
	* include/stdint.h: New wrapper.
2019-03-13 09:42:09 -04:00
Joseph Myers
c4f50205e1 Add some spaces before '('.
This patch fixes various places where a space should have been present
before '(' in accordance with the GNU Coding Standards.  Most but not
all of the fixes in this patch are for calls to sizeof (but it's not
exhaustive regarding such calls that should be fixed).

Tested for x86_64, and with build-many-glibcs.py.

	* benchtests/bench-strcpy.c (do_test): Use space before '('.
	* benchtests/bench-string.h (cmdline_process_function): Likewise.
	* benchtests/bench-strlen.c (do_test): Likewise.
	(test_main): Likewise.
	* catgets/gencat.c (read_old): Likewise.
	* elf/cache.c (load_aux_cache): Likewise.
	* iconvdata/bug-iconv8.c (do_test): Likewise.
	* math/test-tgmath-ret.c (do_test): Likewise.
	* nis/nis_call.c (rec_dirsearch): Likewise.
	* nis/nis_findserv.c (__nis_findfastest_with_timeout): Likewise.
	* nptl/tst-audit-threads.c (do_test): Likewise.
	* nptl/tst-cancel4-common.h (set_socket_buffer): Likewise.
	* nss/nss_test1.c (init): Likewise.
	* nss/test-netdb.c (test_hosts): Likewise.
	* posix/execvpe.c (maybe_script_execute): Likewise.
	* stdio-common/tst-fmemopen4.c (do_test): Likewise.
	* stdio-common/tst-printf.c (do_test): Likewise.
	* stdio-common/vfscanf-internal.c (__vfscanf_internal): Likewise.
	* stdlib/fmtmsg.c (NKEYWORDS): Likewise.
	* stdlib/qsort.c (STACK_SIZE): Likewise.
	* stdlib/test-canon.c (do_test): Likewise.
	* stdlib/tst-swapcontext1.c (do_test): Likewise.
	* string/memcmp.c (OPSIZ): Likewise.
	* string/test-strcpy.c (do_test): Likewise.
	(do_random_tests): Likewise.
	* string/test-strlen.c (do_test): Likewise.
	(test_main): Likewise.
	* string/test-strrchr.c (do_test): Likewise.
	(do_random_tests): Likewise.
	* string/tester.c (test_memrchr): Likewise.
	(test_memchr): Likewise.
	* sysdeps/generic/memcopy.h (OPSIZ): Likewise.
	* sysdeps/generic/unwind-dw2.c (execute_stack_op): Likewise.
	* sysdeps/generic/unwind-pe.h (read_sleb128): Likewise.
	(read_encoded_value_with_base): Likewise.
	* sysdeps/hppa/dl-machine.h (elf_machine_runtime_setup): Likewise.
	* sysdeps/hppa/fpu/feupdateenv.c (__feupdateenv): Likewise.
	* sysdeps/ia64/fpu/sfp-machine.h (TI_BITS): Likewise.
	* sysdeps/mach/hurd/spawni.c (__spawni): Likewise.
	* sysdeps/posix/spawni.c (maybe_script_execute): Likewise.
	* sysdeps/powerpc/fpu/tst-setcontext-fpscr.c (query_auxv):
	Likewise.
	* sysdeps/unix/sysv/linux/aarch64/bits/procfs.h (ELF_NGREG):
	Likewise.
	* sysdeps/unix/sysv/linux/arm/bits/procfs.h (ELF_NGREG): Likewise.
	* sysdeps/unix/sysv/linux/arm/ioperm.c (init_iosys): Likewise.
	* sysdeps/unix/sysv/linux/csky/bits/procfs.h (ELF_NGREG):
	Likewise.
	* sysdeps/unix/sysv/linux/m68k/bits/procfs.h (ELF_NGREG):
	Likewise.
	* sysdeps/unix/sysv/linux/nios2/bits/procfs.h (ELF_NGREG):
	Likewise.
	* sysdeps/unix/sysv/linux/spawni.c (maybe_script_execute):
	Likewise.
	* sysdeps/unix/sysv/linux/x86/bits/procfs.h (ELF_NGREG): Likewise.
	* sysdeps/unix/sysv/linux/x86/bits/sigcontext.h
	(FP_XSTATE_MAGIC2_SIZE): Likewise.
	* sysdeps/x86/fpu/sfp-machine.h (TI_BITS): Likewise.
	* time/test_time.c (main): Likewise.
2019-02-27 13:55:45 +00:00
Joseph Myers
34a5a1460e Break some lines before not after operators.
The GNU Coding Standards specify that line breaks in expressions
should go before an operator, not after one.  This patch fixes various
code to do this.  It only changes code that appears to be mostly
following GNU style anyway, not files and directories with
substantially different formatting.  It is not exhaustive even for
files using GNU style (for example, changes to sysdeps files are
deferred for subsequent cleanups).  Some files changed are shared with
gnulib, but most are specific to glibc.  Changes were made manually,
with places to change found by grep (so some cases, e.g. where the
operator was followed by a comment at end of line, are particularly
liable to have been missed by grep, but I did include cases where the
operator was followed by backslash-newline).

This patch generally does not attempt to address other coding style
issues in the expressions changed (for example, missing spaces before
'(', or lack of parentheses to ensure indentation of continuation
lines properly reflects operator precedence).

Tested for x86_64, and with build-many-glibcs.py.

	* benchtests/bench-memmem.c (simple_memmem): Break lines before
	rather than after operators.
	* benchtests/bench-skeleton.c (TIMESPEC_AFTER): Likewise.
	* crypt/md5.c (md5_finish_ctx): Likewise.
	* crypt/sha256.c (__sha256_finish_ctx): Likewise.
	* crypt/sha512.c (__sha512_finish_ctx): Likewise.
	* elf/cache.c (load_aux_cache): Likewise.
	* elf/dl-load.c (open_verify): Likewise.
	* elf/get-dynamic-info.h (elf_get_dynamic_info): Likewise.
	* elf/readelflib.c (process_elf_file): Likewise.
	* elf/rtld.c (dl_main): Likewise.
	* elf/sprof.c (generate_call_graph): Likewise.
	* hurd/ctty-input.c (_hurd_ctty_input): Likewise.
	* hurd/ctty-output.c (_hurd_ctty_output): Likewise.
	* hurd/dtable.c (reauth_dtable): Likewise.
	* hurd/getdport.c (__getdport): Likewise.
	* hurd/hurd/signal.h (_hurd_interrupted_rpc_timeout): Likewise.
	* hurd/hurd/sigpreempt.h (HURD_PREEMPT_SIGNAL_P): Likewise.
	* hurd/hurdfault.c (_hurdsig_fault_catch_exception_raise):
	Likewise.
	* hurd/hurdioctl.c (fioctl): Likewise.
	* hurd/hurdselect.c (_hurd_select): Likewise.
	* hurd/hurdsig.c (_hurdsig_abort_rpcs): Likewise.
	(STOPSIGS): Likewise.
	* hurd/hurdstartup.c (_hurd_startup): Likewise.
	* hurd/intr-msg.c (_hurd_intr_rpc_mach_msg): Likewise.
	* hurd/lookup-retry.c (__hurd_file_name_lookup_retry): Likewise.
	* hurd/msgportdemux.c (msgport_server): Likewise.
	* hurd/setauth.c (_hurd_setauth): Likewise.
	* include/features.h (__GLIBC_USE_DEPRECATED_SCANF): Likewise.
	* libio/libioP.h [IO_DEBUG] (CHECK_FILE): Likewise.
	* locale/programs/ld-ctype.c (set_class_defaults): Likewise.
	* localedata/tests-mbwc/tst_swscanf.c (tst_swscanf): Likewise.
	* login/tst-utmp.c (do_check): Likewise.
	(simulate_login): Likewise.
	* mach/lowlevellock.h (lll_lock): Likewise.
	(lll_trylock): Likewise.
	* math/test-fenv.c (ALL_EXC): Likewise.
	* math/test-fenvinline.c (ALL_EXC): Likewise.
	* misc/sys/cdefs.h (__attribute_deprecated_msg__): Likewise.
	* nis/nis_call.c (__do_niscall3): Likewise.
	* nis/nis_callback.c (cb_prog_1): Likewise.
	* nis/nis_defaults.c (searchaccess): Likewise.
	* nis/nis_findserv.c (__nis_findfastest_with_timeout): Likewise.
	* nis/nis_ismember.c (internal_ismember): Likewise.
	* nis/nis_local_names.c (nis_local_principal): Likewise.
	* nis/nss_nis/nis-rpc.c (_nss_nis_getrpcbyname_r): Likewise.
	* nis/nss_nisplus/nisplus-netgrp.c (_nss_nisplus_getnetgrent_r):
	Likewise.
	* nis/ypclnt.c (yp_match): Likewise.
	(yp_first): Likewise.
	(yp_next): Likewise.
	(yp_master): Likewise.
	(yp_order): Likewise.
	* nscd/hstcache.c (cache_addhst): Likewise.
	* nscd/initgrcache.c (addinitgroupsX): Likewise.
	* nss/nss_compat/compat-pwd.c (copy_pwd_changes): Likewise.
	(internal_getpwuid_r): Likewise.
	* nss/nss_compat/compat-spwd.c (copy_spwd_changes): Likewise.
	* posix/glob.h (__GLOB_FLAGS): Likewise.
	* posix/regcomp.c (peek_token): Likewise.
	(peek_token_bracket): Likewise.
	(parse_expression): Likewise.
	* posix/regexec.c (sift_states_iter_mb): Likewise.
	(check_node_accept_bytes): Likewise.
	* posix/tst-spawn3.c (do_test): Likewise.
	* posix/wordexp-test.c (testit): Likewise.
	* posix/wordexp.c (parse_tilde): Likewise.
	(exec_comm): Likewise.
	* posix/wordexp.h (__WRDE_FLAGS): Likewise.
	* resource/vtimes.c (TIMEVAL_TO_VTIMES): Likewise.
	* setjmp/sigjmp.c (__sigjmp_save): Likewise.
	* stdio-common/printf_fp.c (__printf_fp_l): Likewise.
	* stdio-common/tst-fileno.c (do_test): Likewise.
	* stdio-common/vfprintf-internal.c (vfprintf): Likewise.
	* stdlib/strfmon_l.c (__vstrfmon_l_internal): Likewise.
	* stdlib/strtod_l.c (round_and_return): Likewise.
	(____STRTOF_INTERNAL): Likewise.
	* stdlib/tst-strfrom.h (TEST_STRFROM): Likewise.
	* string/strcspn.c (STRCSPN): Likewise.
	* string/test-memmem.c (simple_memmem): Likewise.
	* termios/tcsetattr.c (tcsetattr): Likewise.
	* time/alt_digit.c (_nl_parse_alt_digit): Likewise.
	* time/asctime.c (asctime_internal): Likewise.
	* time/strptime_l.c (__strptime_internal): Likewise.
	* time/sys/time.h (timercmp): Likewise.
	* time/tzfile.c (__tzfile_compute): Likewise.
2019-02-22 01:32:36 +00:00
Aurelien Jarno
11f382ee78 testsuite: stdlib/isomac.c: add missing include
When running the testsuite, building stdlib/isomac.c outputs the
following warning:

  gcc -O   -D_GNU_SOURCE -DIS_IN_build -include /home/aurel32/glibc-build/config.h isomac.c -o /home/aurel32/glibc-build/stdlib/isomac
  isomac.c: In function ‘get_null_defines’:
  isomac.c:260:3: warning: implicit declaration of function ‘close’; did you mean ‘pclose’? [-Wimplicit-function-declaration]
     close (fd);
     ^~~~~
     pclose

Fix that by adding the <unistd.h> include.

Changelog:
	* stdlib/isomac.c: Include <unistd.h>.
2019-02-03 15:17:18 +01:00
Joseph Myers
04277e02d7 Update copyright dates with scripts/update-copyrights.
* All files with FSF copyright notices: Update copyright dates
	using scripts/update-copyrights.
	* locale/programs/charmap-kw.h: Regenerated.
	* locale/programs/locfile-kw.h: Likewise.
2019-01-01 00:11:28 +00:00
Joseph Myers
5d025ea617 Update longlong.h.
This patch updates longlong.h from GCC.  There were no local changes
in glibc (the previous version was identical to the r232143 GCC
version, apart from copyright dates which had been updated in both
places), so this patch makes it identical to the version in GCC again.

Tested for x86_64 and x86.  Also tested with build-many-glibcs.py for
its RISC-V configurations, as the glibc architecture with the most
substantial changes in longlong.h in this patch.

	* stdlib/longlong.h: Update from GCC.
2018-12-21 18:45:03 +00:00
Zack Weinberg
698fb75b9f Add __v*printf_internal with flags arguments
There are a lot more printf variants than there are scanf variants,
and the code for setting up and tearing down their custom FILE
variants around the call to __vf(w)printf is more complicated and
variable.  Therefore, I have added _internal versions of all the
v*printf variants, rather than introducing helper routines so that
they can all directly call __vf(w)printf_internal, as was done with
scanf.

As with the scanf changes, in this patch the _internal functions still
look at the environmental mode bits and all callers pass 0 for the
flags parameter.

Several of the affected public functions had _IO_ name aliases that
were not exported (but, in one case, appeared in libio.h anyway);
I was originally planning to leave them as aliases to avoid having
to touch internal callers, but it turns out ldbl_*_alias only work
for exported symbols, so they've all been removed instead.  It also
turns out there were hardly any internal callers.  _IO_vsprintf and
_IO_vfprintf *are* exported, so those two stick around.

Summary for the changes to each of the affected symbols:

  _IO_vfprintf, _IO_vsprintf:
    All internal calls removed, thus the internal declarations, as well
    as uses of libc_hidden_proto and libc_hidden_def, were also removed.
    The external symbol is now exposed via uses of ldbl_strong_alias
    to __vfprintf_internal and __vsprintf_internal, respectively.

  _IO_vasprintf, _IO_vdprintf, _IO_vsnprintf,
  _IO_vfwprintf, _IO_vswprintf,
  _IO_obstack_vprintf, _IO_obstack_printf:
    All internal calls removed, thus declaration in internal headers
    were also removed.  They were never exported, so there are no
    aliases tying them to the internal functions.  I.e.: entirely gone.

  __vsnprintf:
    Internal calls were always preceded by macros such as
      #define __vsnprintf _IO_vsnprintf, and
      #define __vsnprintf vsnprintf
    The macros were removed and their uses replaced with calls to the
    new internal function __vsnprintf_internal.  Since there were no
    internal calls, the internal declaration was also removed.  The
    external symbol is preserved with ldbl_weak_alias to ___vsnprintf.

  __vfwprintf:
    All internal calls converted into calls to __vfwprintf_internal,
    thus the internal declaration was removed.  The function is now a
    wrapper that calls __vfwprintf_internal.  The external symbol is
    preserved.

  __vswprintf:
    Similarly, but no external symbol.

  __vasprintf, __vdprintf, __vfprintf, __vsprintf:
    New internal wrappers.  Not exported.

  vasprintf, vdprintf, vfprintf, vsprintf, vsnprintf,
  vfwprintf, vswprintf,
  obstack_vprintf, obstack_printf:
    These functions used to be aliases to the respective _IO_* function,
    they are now aliases to their respective __* functions.

Tested for powerpc and powerpc64le.
2018-12-05 18:15:42 -02:00
Paul Pluzhnikov
8e67b39eb4 stdlib: assert on NULL function pointer in atexit etc. [BZ #20544] 2018-11-30 16:18:34 -08:00
Zack Weinberg
c75772e3f0 Use STRFMON_LDBL_IS_DBL instead of __ldbl_is_dbl.
On platforms where long double used to have the same format as double,
but later switched to a different format (alpha, s390, sparc, and
powerpc), accessing the older behavior is possible and it happens via
__nldbl_* functions (not on the API, but accessible from header
redirection and from compat symbols).  These functions write to the
global flag __ldbl_is_dbl, which tells other functions that long double
variables should be handled as double.  This patch takes the first step
towards removing this global flag and creates __vstrfmon_l_internal,
which takes an explicit flags parameter.

This change arguably makes the generated code slightly worse on
architectures where __ldbl_is_dbl is never true; right now, on those
architectures, it's a compile-time constant; after this change, the
compiler could theoretically prove that __vstrfmon_l_internal was
never called with a nonzero flags argument, but it would probably need
LTO to do it.  This is not performance critical code and I tend to
think that the maintainability benefits of removing action at a
distance are worth it.  However, we _could_ wrap the runtime flag
check with a macro that was defined to ignore its argument and always
return false on architectures where __ldbl_is_dbl is never true, if
people think the codegen benefits are important.

Tested for powerpc and powerpc64le.
2018-11-16 09:21:14 -02:00
Florian Weimer
6070803053 stdlib/test-bz22786: Avoid memory leaks in the test itself 2018-10-30 13:56:40 +01:00
Florian Weimer
07da99aad9 stdlib/tst-strtod-overflow: Switch to support_blob_repeat
This is another test with an avoidable large memory allocation.
2018-10-30 13:55:01 +01:00
Florian Weimer
f5e7e95921 stdlib/test-bz22786: Avoid spurious test failures using alias mappings
On systems without enough random-access memory, stdlib/test-bz22786
will go deeply into swap and time out, even with a substantial
TIMEOUTFACTOR.  This commit adds a facility to construct repeating
strings with alias mappings, so that the requirement for physical
memory, and uses it in stdlib/test-bz22786.
2018-10-30 13:17:36 +01:00
Albert ARIBAUD (3ADEV)
d51f99ce80 Y2038: Add 64-bit time for all architectures
glibc support for 64-bit time_t on 32-bit architectures
will involve:

- Using 64-bit times inside glibc, with conversions
  to and from 32-bit times taking place as necessary
  for interfaces using such times.

- Adding 64-bit-time support in the glibc public API.
  This support should be dynamic, i.e. glibc should
  provide both 32-bit and 64-bit implementations and
   let user code choose at compile time whether to use
   the 32-bit or 64-bit interfaces.

This requires a glibc-internal name for a type for times
that are always 64-bit.

Based on __TIMESIZE, a new macro is defined, __TIME64_T_TYPE,
 which is always the right __*_T_TYPE to hold a 64-bit-time.
__TIME64_T_TYPE equals __TIME_T_TYPE if __TIMESIZE equals 64
and equals __SQUAD_T_TYPE otherwise.

__time64_t can then replace uses of internal_time_t.

This patch was tested by running 'make check' on branch
master then applying this patch and its predecessor and
running 'make check' again, and checking that both 'make
check' yield identical results. This was done on
x86_64-linux-gnu and i686-linux-gnu.

	* bits/time64.h: New file.
	* include/time.h: Replace internal_time_t with __time64_t.
	* posix/bits/types (__time64_t): Add.
	* stdlib/Makefile: Add bits/time64.h to includes.
	* time/tzfile.c: Replace internal_time_t with __time64_t.
2018-10-24 22:09:34 +02:00
Albert ARIBAUD (3ADEV)
a27a4f4721 Y2038: provide size of default time_t for target architecture
To determine whether the default time_t interfaces are 32-bit
    and so need conversions, or are 64-bit and so are compatible
    with the internal 64-bit type without conversions, a macro
    giving the size of the  default time_t is also required.
    This macro is called __TIMESIZE.

    This macro can then be used instead of __WORDSIZE in msq-pad.h
    and shm-pad.h files, which in turn allows removing their x86
    variants, and in sem-pad.h files but keeping the x86 variant.

    This patch was tested by running 'make check' on branch master
    then applying this patch and running 'make check' again, and
    checking that both 'make check' yield identical results.
    This was done on x86_64-linux-gnu and i686-linux-gnu.

	* bits/timesize.h: New file.
	* stdlib/Makefile (headers): Add bits/timesize.h.
	* sysdeps/unix/sysv/linux/bits/msq-pad.h
	(__MSQ_PAD_AFTER_TIME): Use __TIMESIZE instead of __WORDSIZE.
	* sysdeps/unix/sysv/linux/bits/sem-pad.h
	(__SEM_PAD_AFTER_TIME): Likewise.
	* sysdeps/unix/sysv/linux/bits/shm-pad.h
	(__SHM_PAD_AFTER_TIME): Likewise.
	* sysdeps/unix/sysv/linux/hppa/bits/msq-pad.h
	(__MSQ_PAD_BEFORE_TIME): Likewise.
	* sysdeps/unix/sysv/linux/hppa/bits/sem-pad.h
	(__SEM_PAD_BEFORE_TIME): Likewise.
	* sysdeps/unix/sysv/linux/hppa/bits/shm-pad.h
	(__SHM_PAD_BEFORE_TIME, __SHM_PAD_BETWEEN_TIME_AND_SEGSZ): Likewise.
	* sysdeps/unix/sysv/linux/mips/bits/msq-pad.h
        (__MSQ_PAD_AFTER_TIME, __MSQ_PAD_BEFORE_TIME): Likewise.
        * sysdeps/unix/sysv/linux/powerpc/bits/msq-pad.h
        (__MSQ_PAD_BEFORE_TIME): Likewise.
	* sysdeps/unix/sysv/linux/powerpc/bits/sem-pad.h
	(__SEM_PAD_BEFORE_TIME): Likewise.
	* sysdeps/unix/sysv/linux/powerpc/bits/shm-pad.h
	(__SHM_PAD_BEFORE_TIME, __SHM_PAD_BETWEEN_TIME_AND_SEGSZ): Likewise.
	* sysdeps/unix/sysv/linux/sparc/bits/msq-pad.h
	(__MSQ_PAD_BEFORE_TIME): Likewise.
	* sysdeps/unix/sysv/linux/sparc/bits/sem-pad.h
	(__SEM_PAD_BEFORE_TIME): Likewise.
	* sysdeps/unix/sysv/linux/sparc/bits/shm-pad.h
	(__SHM_PAD_BEFORE_TIME): Likewise.
	* sysdeps/unix/sysv/linux/x86/bits/msq-pad.h: Delete file.
	* sysdeps/unix/sysv/linux/x86/bits/shm-pad.h: Likewise.
	* sysdeps/unix/sysv/linux/x86/bits/timesize.h: New file.
2018-10-24 11:37:09 +02:00
Andreas Schwab
ce5a7de6cd Don't reduce test timeout to less than default
This removes all overrides of TIMEOUT that are less than or equal to the
default timeout.
2018-10-17 09:34:13 +02:00
Andreas Schwab
f841c97e51 Fix stack overflow in tst-setcontext9 (bug 23717)
The function f1a, executed on a stack of size 32k, allocates an object of
size 32k on the stack.  Make the stack variables static to reduce
excessive stack usage.
2018-09-27 12:31:03 +02:00
Carlos O'Donell
791b350dc7 Fix tst-setcontext9 for optimized small stacks.
If the compiler reduces the stack usage in function f1 before calling
into function f2, then when we swapcontext back to f1 and continue
execution we may overwrite registers that were spilled to the stack
while f2 was executing.  Later when we return to f2 the corrupt
registers will be reloaded from the stack and the test will crash.  This
was most commonly observed on i686 with __x86.get_pc_thunk.dx and
needing to save and restore $edx.  Overall i686 has few registers and
the spilling to the stack is bound to happen, therefore the solution to
making this test robust is to split function f1 into two parts f1a and
f1b, and allocate f1b it's own stack such that subsequent execution does
not overwrite the stack in use by function f2.

Tested on i686 and x86_64.

Signed-off-by: Carlos O'Donell <carlos@redhat.com>
2018-09-19 22:33:07 -04:00
Florian Weimer
2bda273aa3 reallocarray: Declare under _DEFAULT_SOURCE
Initially, this function was restricted to _GNU_SOURCE, but experience
shows that compatibility with existing build systems is improved if we
declare it under _DEFAULT_SOURCE as well.
2018-08-30 14:14:53 +02:00
Stefan Liebler
3bad2358d6 Test stdlib/test-bz22786 exits now with unsupported if malloc fails.
The test tries to allocate more than 2^31 bytes which will always fail on s390
as it has maximum 2^31bit of memory.
Before commit 6c3a8a9d86, this test returned
unsupported if malloc fails.  This patch re enables this behaviour.

Furthermore support_delete_temp_files() failed to remove the temp directory
in this case as it is not empty due to the created symlink.
Thus the creation of the symlink is moved behind malloc.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>

ChangeLog:

	* stdlib/test-bz22786.c (do_test): Return EXIT_UNSUPPORTED
	if malloc fails.
2018-08-30 08:44:32 +02:00
Paul Pluzhnikov
6c3a8a9d86 Fix BZ#23400 (creating temporary files in source tree), and undefined behavior in test. 2018-08-24 18:08:51 -07:00
Florian Weimer
017801880b mbstowcs: Remove outdated comment
ISO C requires that there is no effect on any global conversion state,
so the change in commit 9f097308c7 was
correct in princple.
2018-08-13 14:05:01 +02:00
Ilya Leoshkevich
8d997d2253 Move __fentry__ version definition to sysdeps/{i386,x86_64}
__fentry__ symbol is currently not defined for other architectures.
Attempts to introduce it cause abicheck to fail, because it will be
available since 2.29 earliest, and not 2.13, which is the case for
Intel.  With the new code, abicheck passes for i686-linux-gnu,
x86_64-linux-gnu and x86_64-linux-gnu32 triples.

ChangeLog:

	* stdlib/Versions: Remove __fentry__.
	* sysdeps/i386/Versions: Add __fentry__.
	* sysdeps/x86_64/Versions: Add __fentry__.
2018-08-10 09:07:44 +02:00
H.J. Lu
375a484459 Add tests for setcontext on the context from makecontext
Reviewed-by: Carlos O'Donell <carlos@redhat.com>

	* stdlib/Makefile ((tests): Add tst-setcontext6, tst-setcontext7,
	tst-setcontext8 and tst-setcontext9.
	* stdlib/tst-setcontext6.c: New file.
	* stdlib/tst-setcontext7.c: Likewise.
	* stdlib/tst-setcontext8.c: Likewise.
	* stdlib/tst-setcontext9.c: Likewise.
2018-07-25 05:13:16 -07:00
H.J. Lu
bd4f7903df Add a test for multiple setcontext calls
Check multiple setcontext calls.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>.

	* stdlib/Makefile ((tests): Add tst-setcontext5.
	* stdlib/tst-setcontext5.c: New file.
2018-07-25 05:00:30 -07:00
H.J. Lu
7e28f20345 Add another test for setcontext
Reviewed-by: Carlos O'Donell <carlos@redhat.com>

	* stdlib/Makefile (tests): Add tst-setcontext4.
	* stdlib/tst-setcontext4.c: New file.
2018-07-25 04:57:21 -07:00
H.J. Lu
8516ad2de3 Add a test for multiple makecontext calls
Check multiple makecontext calls.

	* stdlib/Makefile (tests): Add tst-swapcontext1.
	* stdlib/tst-swapcontext1.c: New test.
2018-07-25 04:54:00 -07:00
H.J. Lu
e27f41ba2b Add <bits/indirect-return.h>
Add <bits/indirect-return.h> and include it in <ucontext.h>.
__INDIRECT_RETURN defined in <bits/indirect-return.h> indicates if
swapcontext requires special compiler treatment.  The default
__INDIRECT_RETURN is empty.

On x86, when shadow stack is enabled, __INDIRECT_RETURN is defined
with indirect_return attribute, which has been added to GCC 9, to
indicate that swapcontext returns via indirect branch.  Otherwise
__INDIRECT_RETURN is defined with returns_twice attribute.

When shadow stack is enabled, remove always_inline attribute from
prepare_test_buffer in string/tst-xbzero-opt.c to avoid:

tst-xbzero-opt.c: In function ‘prepare_test_buffer’:
tst-xbzero-opt.c:105:1: error: function ‘prepare_test_buffer’ can never be inlined because it uses setjmp
 prepare_test_buffer (unsigned char *buf)

when indirect_return attribute isn't available.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>

	* bits/indirect-return.h: New file.
	* misc/sys/cdefs.h (__glibc_has_attribute): New.
	* sysdeps/x86/bits/indirect-return.h: Likewise.
	* stdlib/Makefile (headers): Add bits/indirect-return.h.
	* stdlib/ucontext.h: Include <bits/indirect-return.h>.
	(swapcontext): Add __INDIRECT_RETURN.
	* string/tst-xbzero-opt.c (ALWAYS_INLINE): New.
	(prepare_test_buffer): Use it.
2018-07-24 07:55:47 -07:00
Joseph Myers
5c112f1b62 Avoid insecure usage of tmpnam in tests.
Various glibc testcases use tmpnam in ways subject to race conditions
(generate a temporary file name, then later open that file without
O_EXCL).

This patch fixes those tests to use mkstemp - generally a minimal
local fix to use mkstemp instead of tmpnam, rather than a larger fix
to use other testsuite infrastructure for temporary files.  The
unchanged use of tmpnam in posix/wordexp-test.c would fail safe in the
event of a race (it's generating a name for use with mkdir rather than
for a file to be opened for writing).

Tested for x86_64.

	* grp/tst_fgetgrent.c: Include <unistd.h>.
	(main): Use mkstemp instead of tmpnam.
	* io/test-utime.c (main): Likewise.
	* posix/annexc.c (macrofile): Change to modifiable array.
	(get_null_defines): Use mkstemp instead of tmpnam.  Do not remove
	macrofile here.
	* posix/bug-getopt1.c: Include <stdlib.h>.
	(do_test): Use mkstemp instead of tmpnam.
	* posix/bug-getopt2.c: Include <stdlib.h>.
	(do_test): Use mkstemp instead of tmpnam.
	* posix/bug-getopt3.c: Include <stdlib.h>.
	(do_test): Use mkstemp instead of tmpnam.
	* posix/bug-getopt4.c: Include <stdlib.h>.
	(do_test): Use mkstemp instead of tmpnam.
	* posix/bug-getopt5.c: Include <stdlib.h>.
	(do_test): Use mkstemp instead of tmpnam.
	* stdio-common/bug7.c: Include <stdlib.h> and <unistd.h>.
	(main): Use mkstemp instead of tmpnam.
	* stdio-common/tst-fdopen.c: Include <stdlib.h>.
	(main): Use mkstemp instead of tmpnam.
	* stdio-common/tst-ungetc.c: Include <stdlib.h>.
	(main): use mkstemp instead of tmpnam.
	* stdlib/isomac.c (macrofile): Change to modifiable array.
	(get_null_defines): Use mkstemp instead of tmpnam.  Do not remove
	macrofile here.
2018-07-18 21:04:12 +00:00
Rajalakshmi Srinivasaraghavan
37d3d244e1 Add long double input for strfmon test
This patch adds long double type inputs in strfmon_l test
which will help in long double migration.

Tested for powerpc64le.
2018-06-30 06:54:34 +05:30
Zack Weinberg
b10a0accee Disallow use of DES encryption functions in new programs.
The functions encrypt, setkey, encrypt_r, setkey_r, cbc_crypt,
ecb_crypt, and des_setparity should not be used in new programs,
because they use the DES block cipher, which is unacceptably weak by
modern standards.  Demote all of them to compatibility symbols, and
remove their prototypes from installed headers.  cbc_crypt, ecb_crypt,
and des_setparity were already compat symbols when glibc was
configured with --disable-obsolete-rpc.

POSIX requires encrypt and setkey to be available when _XOPEN_CRYPT
is defined, so this change also removes the definition of X_OPEN_CRYPT
from <unistd.h>.

The entire "DES Encryption" section is dropped from the manual, as is
the mention of AUTH_DES and FIPS 140-2 in the introduction to
crypt.texi.  The documentation of 'memfrob' cross-referenced the DES
Encryption section, which is replaced by a hyperlink to libgcrypt, and
while I was in there I spruced up the actual documentation of
'memfrob' and 'strfry' a little.  It's still fairly jokey, because
those functions _are_ jokes, but they do also have real use cases, so
people trying to use them for real should have all the information
they need.

DES-based authentication for Sun RPC is also insecure and should be
deprecated or even removed, but maybe that can be left as TI-RPC's
problem.
2018-06-29 16:53:18 +02:00
Joseph Myers
b12c1e7991 Add tests for sign of NaN returned by strtod (bug 23007).
This patch adds tests for bug 23007, strtod ignoring any sign in the
input string in the case of a NaN result.

Tested for x86_64.

	[BZ #23007]
	* stdlib/tst-strtod-nan-sign-main.c: New file.
	* stdlib/tst-strtod-nan-sign.c: Likewise.
	* wcsmbs/tst-wcstod-nan-sign.c: Likewise.
	* stdlib/Makefile (tests): Add tst-strtod-nan-sign.
	($(objpfx)tst-strtod-nan-sign): Depend on $(libm).
	* wcsmbs/Makefile (tests) Add tst-wcstod-nan-sign.
	($(objpfx)tst-wcstod-nan-sign): Depend on $(libm).
2018-06-15 17:36:21 +00:00
Herman ten Brugge
b0debe14fc Fix sign of NaN returned by strtod (bug 23007).
As reported in bug 23007, strtod ignores any sign in the input string
in the case of a NaN result.  Thes patch fixes this.

Tested for x86_64 (in conjunction with tests to be added separately).

	[BZ #23007]
	* stdlib/strtod_l.c (____STRTOF_INTERNAL): Return NaN of
	appropriate sign.
2018-06-15 17:35:17 +00:00
Joseph Myers
fcd6b5ac36 Fix strtod overflow detection (bug 23279).
As shown by bug 23279, strtod's round_and_return has an off-by-one
error in its overflow detection, only counting an exponent greater
than MAX_EXP as overflowing when an exponent of MAX_EXP also means
overflow (recall the ISO C definition of DBL_MAX_EXP etc. is based on
a floating-point model where 2^exp is multiplied by a value in the
interval [0.5, 1), so 2^MAX_EXP is not representable).

For decimal arguments to strtod, a separate overflow check in the main
implementation covers the case where the integer part of the argument
(truncated to the nearest integer towards zero) has more than MAX_EXP
bits, meaning that this issue in round_and_return only affects cases
(arguments with absolute value strictly between the maximum
representable value and 2^MAX_EXP) where overflow depends on the
rounding mode; in such cases, the returned value would still have been
correct on overflow but without the overflow exception being raised or
errno being set to ERANGE.  For hex float arguments, however, other
cases can arise, as shown in bug 23279, where a value with exponent
already set to MAX_EXP is passed into round_and_return and a result
can wrongly end up being NaN, or infinity instead of the largest
finite value.

This patch fixes the off-by-one error, adds testing of overflow
exceptions to the tst-strtod-round framework, and adds tests of these
issues.

Tested for x86_64.  Also ran the tst-strtod-round tests for powerpc to
make sure the new tests didn't introduce any new failures for IBM long
double.

	[BZ #23279]
	* stdlib/strtod_l.c (round_and_return): Handle an exponent of
	MAX_EXP as overflowing.
	* stdlib/gen-tst-strtod-round.c (string_to_fp): Clear MPFR
	overflow flag.
	(round_str): Output also whether result overflows in each rounding
	mode.
	* stdlib/tst-strtod-round-data: Add more tests.
	* stdlib/tst-strtod-round-data.h: Regenerated.
	* stdlib/tst-strtod-round-skeleton.c (_XNTRY): Update comment.
	(TEST): Handle extra arguments for overflow flags.
	(struct test_overflow): New type.
	[!FE_OVERFLOW] (FE_OVERFLOW): Define to 0.
	(GEN_ONE_TEST): Clear all exceptions.  Test overflow flag.
	(test_in_one_mode): Take argument with overflow information.
	(do_test): Update calls to test_in_one_mode.
2018-06-13 16:06:14 +00:00
Florian Weimer
e48903000b stdlib: Additional tests need generated locale dependencies
Without these dependencies, the tests fail at high make parallelism
levels if the locale data has not been generated for other reasons.
2018-05-29 10:34:53 +02:00
Florian Weimer
9761bf4dfa math: Merge strtod_nan_*.h into math-type-macros-*.h
This change will eventually make it possible to compile
stdlib/strtod_nan_main.c as part of math/s_nan_template.c.
2018-05-16 06:03:08 +02:00
Joseph Myers
b4d5b8b021 Do not include math-barriers.h in math_private.h.
This patch continues the math_private.h cleanup by stopping
math_private.h from including math-barriers.h and making the users of
the barrier macros include the latter header directly.  No attempt is
made to remove any math_private.h includes that are now unused, except
in strtod_l.c where that is done to avoid line number changes in
assertions, so that installed stripped shared libraries can be
compared before and after the patch.  (I think the floating-point
environment support in math_private.h should also move out - some
architectures already have fenv_private.h as an architecture-internal
header included from their math_private.h - and after moving that out
might be a better time to identify unused math_private.h includes.)

Tested for x86_64 and x86, and tested with build-many-glibcs.py that
installed stripped shared libraries are unchanged by the patch.

	* sysdeps/generic/math_private.h: Do not include
	<math-barriers.h>.
	* stdlib/strtod_l.c: Include <math-barriers.h> instead of
	<math_private.h>.
	* math/fromfp.h: Include <math-barriers.h>.
	* math/math-narrow.h: Likewise.
	* math/s_nextafter.c: Likewise.
	* math/s_nexttowardf.c: Likewise.
	* sysdeps/aarch64/fpu/s_llrint.c: Likewise.
	* sysdeps/aarch64/fpu/s_llrintf.c: Likewise.
	* sysdeps/aarch64/fpu/s_lrint.c: Likewise.
	* sysdeps/aarch64/fpu/s_lrintf.c: Likewise.
	* sysdeps/i386/fpu/s_nextafterl.c: Likewise.
	* sysdeps/i386/fpu/s_nexttoward.c: Likewise.
	* sysdeps/i386/fpu/s_nexttowardf.c: Likewise.
	* sysdeps/ieee754/dbl-64/e_atan2.c: Likewise.
	* sysdeps/ieee754/dbl-64/e_atanh.c: Likewise.
	* sysdeps/ieee754/dbl-64/e_exp.c: Likewise.
	* sysdeps/ieee754/dbl-64/e_exp2.c: Likewise.
	* sysdeps/ieee754/dbl-64/e_j0.c: Likewise.
	* sysdeps/ieee754/dbl-64/e_sqrt.c: Likewise.
	* sysdeps/ieee754/dbl-64/s_expm1.c: Likewise.
	* sysdeps/ieee754/dbl-64/s_fma.c: Likewise.
	* sysdeps/ieee754/dbl-64/s_fmaf.c: Likewise.
	* sysdeps/ieee754/dbl-64/s_log1p.c: Likewise.
	* sysdeps/ieee754/dbl-64/s_nearbyint.c: Likewise.
	* sysdeps/ieee754/dbl-64/wordsize-64/s_nearbyint.c: Likewise.
	* sysdeps/ieee754/flt-32/e_atanhf.c: Likewise.
	* sysdeps/ieee754/flt-32/e_j0f.c: Likewise.
	* sysdeps/ieee754/flt-32/s_expm1f.c: Likewise.
	* sysdeps/ieee754/flt-32/s_log1pf.c: Likewise.
	* sysdeps/ieee754/flt-32/s_nearbyintf.c: Likewise.
	* sysdeps/ieee754/flt-32/s_nextafterf.c: Likewise.
	* sysdeps/ieee754/k_standardl.c: Likewise.
	* sysdeps/ieee754/ldbl-128/e_asinl.c: Likewise.
	* sysdeps/ieee754/ldbl-128/e_expl.c: Likewise.
	* sysdeps/ieee754/ldbl-128/e_powl.c: Likewise.
	* sysdeps/ieee754/ldbl-128/s_fmal.c: Likewise.
	* sysdeps/ieee754/ldbl-128/s_nearbyintl.c: Likewise.
	* sysdeps/ieee754/ldbl-128/s_nextafterl.c: Likewise.
	* sysdeps/ieee754/ldbl-128/s_nexttoward.c: Likewise.
	* sysdeps/ieee754/ldbl-128/s_nexttowardf.c: Likewise.
	* sysdeps/ieee754/ldbl-128ibm/e_asinl.c: Likewise.
	* sysdeps/ieee754/ldbl-128ibm/s_fmal.c: Likewise.
	* sysdeps/ieee754/ldbl-128ibm/s_nextafterl.c: Likewise.
	* sysdeps/ieee754/ldbl-128ibm/s_nexttoward.c: Likewise.
	* sysdeps/ieee754/ldbl-128ibm/s_nexttowardf.c: Likewise.
	* sysdeps/ieee754/ldbl-128ibm/s_rintl.c: Likewise.
	* sysdeps/ieee754/ldbl-96/e_atanhl.c: Likewise.
	* sysdeps/ieee754/ldbl-96/e_j0l.c: Likewise.
	* sysdeps/ieee754/ldbl-96/s_fma.c: Likewise.
	* sysdeps/ieee754/ldbl-96/s_fmal.c: Likewise.
	* sysdeps/ieee754/ldbl-96/s_nexttoward.c: Likewise.
	* sysdeps/ieee754/ldbl-96/s_nexttowardf.c: Likewise.
	* sysdeps/ieee754/ldbl-opt/s_nexttowardfd.c: Likewise.
	* sysdeps/m68k/m680x0/fpu/s_nextafterl.c: Likewise.
2018-05-11 15:11:38 +00:00
Paul Pluzhnikov
5460617d15 Fix BZ 22786: integer addition overflow may cause stack buffer overflow
when realpath() input length is close to SSIZE_MAX.

2018-05-09  Paul Pluzhnikov  <ppluzhnikov@google.com>

	[BZ #22786]
	* stdlib/canonicalize.c (__realpath): Fix overflow in path length
	computation.
	* stdlib/Makefile (test-bz22786): New test.
	* stdlib/test-bz22786.c: New test.
2018-05-08 18:12:41 -07:00
Joseph Myers
aaee3cd88e Move math_narrow_eval to separate math-narrow-eval.h.
This patch continues cleaning up the math_private.h header, which
contains lots of different definitions many of which are only needed
by a limited subset of files using that header (and some of which are
overridden by architectures that only want to override selected parts
of the header), by moving the math_narrow_eval macro out to a separate
math-narrow-eval.h header, only included by those files that need it.
That header is placed in include/ (since it's used in stdlib/, not
just files built in math/, but no sysdeps variants are needed at
present).

Tested for x86_64, and with build-many-glibcs.py.  (Installed stripped
shared libraries change because of line numbers in assertions in
strtod_l.c.)

	* include/math-narrow-eval.h: New file.  Contents moved from ....
	* sysdeps/generic/math_private.h: ... here.
	(math_narrow_eval): Remove macro.  Moved to math-narrow-eval.h.
	[FLT_EVAL_METHOD != 0] (excess_precision): Likewise.
	* math/s_fdim_template.c: Include <math-narrow-eval.h>.
	* stdlib/strtod_l.c: Likewise.
	* sysdeps/i386/fpu/s_f32xaddf64.c: Likewise.
	* sysdeps/i386/fpu/s_f32xsubf64.c: Likewise.
	* sysdeps/i386/fpu/s_fdim.c: Likewise.
	* sysdeps/ieee754/dbl-64/e_cosh.c: Likewise.
	* sysdeps/ieee754/dbl-64/e_gamma_r.c: Likewise.
	* sysdeps/ieee754/dbl-64/e_j1.c: Likewise.
	* sysdeps/ieee754/dbl-64/e_jn.c: Likewise.
	* sysdeps/ieee754/dbl-64/e_lgamma_r.c: Likewise.
	* sysdeps/ieee754/dbl-64/e_sinh.c: Likewise.
	* sysdeps/ieee754/dbl-64/gamma_productf.c: Likewise.
	* sysdeps/ieee754/dbl-64/k_rem_pio2.c: Likewise.
	* sysdeps/ieee754/dbl-64/lgamma_neg.c: Likewise.
	* sysdeps/ieee754/dbl-64/s_erf.c: Likewise.
	* sysdeps/ieee754/dbl-64/s_llrint.c: Likewise.
	* sysdeps/ieee754/dbl-64/s_lrint.c: Likewise.
	* sysdeps/ieee754/flt-32/e_coshf.c: Likewise.
	* sysdeps/ieee754/flt-32/e_exp2f.c: Likewise.
	* sysdeps/ieee754/flt-32/e_expf.c: Likewise.
	* sysdeps/ieee754/flt-32/e_gammaf_r.c: Likewise.
	* sysdeps/ieee754/flt-32/e_j1f.c: Likewise.
	* sysdeps/ieee754/flt-32/e_jnf.c: Likewise.
	* sysdeps/ieee754/flt-32/e_lgammaf_r.c: Likewise.
	* sysdeps/ieee754/flt-32/e_sinhf.c: Likewise.
	* sysdeps/ieee754/flt-32/k_rem_pio2f.c: Likewise.
	* sysdeps/ieee754/flt-32/lgamma_negf.c: Likewise.
	* sysdeps/ieee754/flt-32/s_erff.c: Likewise.
	* sysdeps/ieee754/flt-32/s_llrintf.c: Likewise.
	* sysdeps/ieee754/flt-32/s_lrintf.c: Likewise.
	* sysdeps/ieee754/ldbl-96/gamma_product.c: Likewise.
2018-05-09 00:15:10 +00:00