This patch is split out of
<https://sourceware.org/pipermail/libc-alpha/2022-December/144122.html>.
atoi has undefined behavior on out-of-range input, which makes it
problematic to use anywhere in glibc that might be processing input
out-of-range for atoi but not specified to produce undefined behavior
for the function calling atoi. Change some uses of atoi to call
strtol instead; this avoids the undefined behavior, though there is no
guarantee that the overflow handling of strtol is really right in
those places either. This also serves to avoid localplt test failures
given an installed header redirection for strtol (which means that the
call from the inline atoi implementation doesn't end up at a hidden
alias from libc_hidden_proto).
Certainly, the use of atoi is questionable in argp-help.c (shared with
gnulib, so shouldn't depend on glibc implementation details, and
processing user-provided input), and maybe also in argp-parse.c (I'm
not sure what that code in argp-parse.c is meant to be used for). I
also changed inet/rexec.c and resolv/res_init.c similarly to use
strtol to avoid such localplt failures, although given those files (in
those versions) are only used in glibc it's not problematic for them
to rely on the specific behavior of glibc's atoi on out-of-range input
(in the absence of compiler optimizations based on the undefined
behavior) in the same way it's problematic for gnulib code to do so.
There may be other uses of atoi (or atol or atoll), in any of glibc's
installed code, for which it would also be appropriate to avoid the
undefined behavior on out-of-range input; this patch only fixes the
specific cases needed to avoid localplt failures.
Tested for x86_64.
I used these shell commands:
../glibc/scripts/update-copyrights $PWD/../gnulib/build-aux/update-copyright
(cd ../glibc && git commit -am"[this commit message]")
and then ignored the output, which consisted lines saying "FOO: warning:
copyright statement not found" for each of 7061 files FOO.
I then removed trailing white space from math/tgmath.h,
support/tst-support-open-dev-null-range.c, and
sysdeps/x86_64/multiarch/strlen-vec.S, to work around the following
obscure pre-commit check failure diagnostics from Savannah. I don't
know why I run into these diagnostics whereas others evidently do not.
remote: *** 912-#endif
remote: *** 913:
remote: *** 914-
remote: *** error: lines with trailing whitespace found
...
remote: *** error: sysdeps/unix/sysv/linux/statx_cp.c: trailing lines
This fixes a Gnulib test-argp-2.sh test failure on macOS and FreeBSD.
Reported by Jeffrey Walton <noloader@gmail.com> in
<https://lists.gnu.org/archive/html/bug-gnulib/2020-03/msg00085.html>.
* argp/argp-help.c (group_cmp): Remove third argument.
(hol_sibling_cluster_cmp, hol_cousin_cluster_cmp): New functions, based
upon hol_cluster_cmp.
(hol_cluster_cmp): Use hol_cousin_cluster_cmp.
(hol_entry_cmp): Rewritten to implement a total order.
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* lib/argp-help.c (SKIPWS): Cast character to 'unsigned char' before passing it
to isspace().
(fill_in_uparams): Likewise for isalpha(), isalnum(), isdigit().
(canon_doc_option): Likewise for isspace(), isalnum().
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Patch by Eric Blake
<https://lists.gnu.org/archive/html/bug-gnulib/2009-09/msg00287.html>.
* argp/argp-help.c (hol_entry_cmp): Don't use _tolower on values that are
not upper-case. Pass correct range to tolower.
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* argp/argp-help.c (hol_append): Don't subtract pointers to
different arrays, as this can run afoul of -fcheck-pointer-bounds.
See the thread containing Bruno Haible's report in:
http://lists.gnu.org/archive/html/bug-gnulib/2017-05/msg00171.html
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
I used these shell commands:
../glibc/scripts/update-copyrights $PWD/../gnulib/build-aux/update-copyright
(cd ../glibc && git commit -am"[this commit message]")
and then ignored the output, which consisted lines saying "FOO: warning:
copyright statement not found" for each of 6694 files FOO.
I then removed trailing white space from benchtests/bench-pthread-locks.c
and iconvdata/tst-iconv-big5-hkscs-to-2ucs4.c, to work around this
diagnostic from Savannah:
remote: *** pre-commit check failed ...
remote: *** error: lines with trailing whitespace found
remote: error: hook declined to update refs/heads/master
Since the introduction of explicit flags in the internal implementation
of the printf family of functions, the 'mode' parameter can be used to
select which format long double parameters have (with the mode flag:
PRINTF_LDBL_IS_DBL). This patch uses this feature in the implementation
of some functions in argp.h, err.h, and error.h (only those that take a
format string and positional parameters). Future patches will add
support for 'nldbl' and 'ieee128' versions of these functions.
Tested for powerpc64le and x86_64.
There are a lot more printf variants than there are scanf variants,
and the code for setting up and tearing down their custom FILE
variants around the call to __vf(w)printf is more complicated and
variable. Therefore, I have added _internal versions of all the
v*printf variants, rather than introducing helper routines so that
they can all directly call __vf(w)printf_internal, as was done with
scanf.
As with the scanf changes, in this patch the _internal functions still
look at the environmental mode bits and all callers pass 0 for the
flags parameter.
Several of the affected public functions had _IO_ name aliases that
were not exported (but, in one case, appeared in libio.h anyway);
I was originally planning to leave them as aliases to avoid having
to touch internal callers, but it turns out ldbl_*_alias only work
for exported symbols, so they've all been removed instead. It also
turns out there were hardly any internal callers. _IO_vsprintf and
_IO_vfprintf *are* exported, so those two stick around.
Summary for the changes to each of the affected symbols:
_IO_vfprintf, _IO_vsprintf:
All internal calls removed, thus the internal declarations, as well
as uses of libc_hidden_proto and libc_hidden_def, were also removed.
The external symbol is now exposed via uses of ldbl_strong_alias
to __vfprintf_internal and __vsprintf_internal, respectively.
_IO_vasprintf, _IO_vdprintf, _IO_vsnprintf,
_IO_vfwprintf, _IO_vswprintf,
_IO_obstack_vprintf, _IO_obstack_printf:
All internal calls removed, thus declaration in internal headers
were also removed. They were never exported, so there are no
aliases tying them to the internal functions. I.e.: entirely gone.
__vsnprintf:
Internal calls were always preceded by macros such as
#define __vsnprintf _IO_vsnprintf, and
#define __vsnprintf vsnprintf
The macros were removed and their uses replaced with calls to the
new internal function __vsnprintf_internal. Since there were no
internal calls, the internal declaration was also removed. The
external symbol is preserved with ldbl_weak_alias to ___vsnprintf.
__vfwprintf:
All internal calls converted into calls to __vfwprintf_internal,
thus the internal declaration was removed. The function is now a
wrapper that calls __vfwprintf_internal. The external symbol is
preserved.
__vswprintf:
Similarly, but no external symbol.
__vasprintf, __vdprintf, __vfprintf, __vsprintf:
New internal wrappers. Not exported.
vasprintf, vdprintf, vfprintf, vsprintf, vsnprintf,
vfwprintf, vswprintf,
obstack_vprintf, obstack_printf:
These functions used to be aliases to the respective _IO_* function,
they are now aliases to their respective __* functions.
Tested for powerpc and powerpc64le.
_IO_fwide() is defined in libio.h file. This file is included only
when _LIBC is defined.
So, in case of compilation of these files without _LIBC definition,
the compilation failed due to this unknown function.
Now this function is called when libio.h file is included.
(Change merged from gnulib. Tested on x86_64.)
* argp/argp-fmtstream.c (__argp_fmtstream_update): Use [_LIBC]
conditional on calls to _IO_fwide and putwc_unlocked. (Merge from
gnulib.)
* argp/argp-help.c (__argp_failure): Likewise.
Mark internal argp functions with attribute_hidden to allow direct
access to them within libc.so and libc.a without using GOT nor PLT.
[BZ #18822]
* argp/argp-fmtstream.c: Include <argp-fmtstream.h>.
* argp/argp-fs-xinl.c: Likewise.
* argp/argp-help.c: Include <argp.h> and <argp-fmtstream.h>.
* argp/argp-parse.c: Include <argp.h>.
* argp/argp-xinl.c: Likewise.
* include/argp-fmtstream.h: New file.
* include/argp.h (__argp_error): Add attribute_hidden.
(__argp_failure): Likewise.
(__argp_input): Likewise.
(__argp_state_help): Likewise.
* argp/argp-help.c (hol_cluster_cmp): Fix comparisons used to find
ancestors with the same depths.
Patch by Niels Moeller <nisse@lysator.liu.se>.
(filter_doc): Don't crash if argp is NULL.
* argp/Makefile (tests): Add tst-argp2.
* argp/tst-argp2.c: New test.
2007-03-15 Jakub Jelinek <jakub@redhat.com>
[Coverity CID 229, 230]
* argp/argp-help.c (hol_entry_help): Handle STATE==NULL in ARG and
DGETTEXT calls.
(hol_help): Likewise. [Coverity CID 226, 227]
* string/argz-replace.c (__argz_replace): Unconditionally call
free on SRC. [Coverity CID 225]
* nis/nis_creategroup.c (nis_creategroup): No need to duplicate
the return value of __nis_default_owner and __nis_default_group,
it has been especially allocated. [Coverity CID 224]
was allocated here. [Coverity CID 219]
* posix/getconf.c (print_all): Free confstr data after printing.
[Coverity CID 218]
* sysdeps/posix/getaddrinfo.c (gaih_inet): Free canon string if
list allocation fails. [Coverity CID 215]
* nss/nsswitch.c (__nss_configure_lookup): Fix loop end condition.
[Coverity CID 213]
* argp/argp-help.c (hol_entry_cmp): Don't call canon_doc_option if
string is NULL. [Coverity CID 212]
* argp/Makefile: Add rules to build and run bug-argp1.
* argp/bug-argp1.c: New file.
* io/ftw.c (ftw_dir): Use __rawmemchr instead of strchr to find
end of string.
* stdlib/canonicalize.c (__realpath): Likewise.
* locale/programs/ld-time.c (time_finish): Don't dereference NULL
pointer. [Coverity CID 206]
* elf/dl-dst.h (DL_DST_REQUIRED): Be prepared for missing link map
in statically linked code.
* elf/dl-load.c (_dl_dst_substitute): When replacing ORIGIN in
statically built code, be prepared to have no link map.
[Coverity CID 205]
* argp/argp-help.c (fill_in_uparams): Handle STATE==NULL in
dgettext calls. [Coverity CID 204]
* argp/argp-help.c (struct uparams): Remove valid member. Change
the one user.
(uparam_names): Reduce size. Avoid relative relocations.
Moved to read-only segment.
(fill_in_uparams): Update for new layout.
* sysdeps/unix/sysv/linux/ifaddrs.c (getifaddrs): Parameter can be
assumed to always be != NULL. [Coverity CID 202]
* argp/argp-help.c (hol_entry_help): Remove some dead code
[Coverity CID 200].
* nis/nss_nis/nis-service.c (_nss_nis_getservbyport_r): Optimize
away a few more unconditional yperr2nss calls.
(_nss_nis_getservbyname_r): Likewise.
2003-10-10 Simon Josefsson <jas@extundo.com>
* argp/argp-namefrob.h [!_LIBC]: Include mempcpy.h, strcase.h,
strchrnul.h, strndup.h (from gnulib).
* argp/argp-parse.c: Add alloca.h include snippet verbatim from
Autoconf manual.
* argp/argp-help.c: Replace alloca.h include snipper with verbatim
Autoconf manual version.
* argp/argp.h: Map __restrict to restrict or empty string when
necessary, copied verbatim from posix/regex.h.
2002-04-08 Ulrich Drepper <drepper@redhat.com>
* Makeconfig (CPPFLAGS): Also add CPPFLAGS-<basename> where <basename>
is the name of the source file without extension.
* Makefile (distribute): Add cppflags-iterator.mk.
* cppflags-iterator.mk: New file.
* extra-lib.mk: For the sources of the library run
cppflags-iterator.mk.
* include/libintl.h: Declare __dcgettext_internal and
_libc_intl_domainname_internal. Define __dcgettext using these
two symbols if used in libc itself.
* argp/argp-help.c: Define dgettext using __dcgettext_internal and
_libc_intl_domainname_internal.
* argp/argp-parse.c: Likewise.
* intl/dcgettext.c (__dcgettext): Use INTDEF to define alias.
* intl/dgettext.c: Call __dcgettext_internal instead of __dcgettext.
* intl/gettext.c: Likewise.
* locale/SYS_libc.c (_libc_intl_domainname): Use INTDEF to define
alias.
* posix/regcomp.c (gettext): Use __dcgettext_internal instead of
__dcgettext.
* posix/regex_internal.c (gettext): Likewise.
