Commit Graph

151 Commits

Author SHA1 Message Date
Adhemerval Zanella
77c6a2717d string: Disable stack protector for memset in early static initialization
For ports that use the default memset, the compiler might generate early
calls before the stack protector is initialized (for instance, riscv
with -fstack-protector-all on _dl_aux_init).

Checked on riscv64-linux-gnu-rv64imafdc-lp64d.

Reviewed-by: Florian Weimer <fweimer@redhat.com>
2024-01-23 10:22:59 -03:00
Paul Eggert
dff8da6b3e Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
Adhemerval Zanella
fccf38c517 string: Add internal memswap implementation
The prototype is:

  void __memswap (void *restrict p1, void *restrict p2, size_t n)

The function swaps the content of two memory blocks P1 and P2 of
len N.  Memory overlap is NOT handled.

It will be used on qsort optimization.

Checked on x86_64-linux-gnu and aarch64-linux-gnu.
Reviewed-by: Noah Goldstein <goldstein.w.n@gmail.com>
2023-10-31 14:17:33 -03:00
Sunil K Pandey
b316c9a769 Add strlcat/wcslcat testcase.
This patch implements comprehensive tests for strlcat/wcslcat
functions.  Tests are mostly derived from strncat test suites
and modified to incorporate strlcat/wcslcat specifications.

Reviewed-by: DJ Delorie <dj@redhat.com>
2023-10-17 18:19:01 -04:00
Sunil K Pandey
23871292fb Add strlcpy/wcslcpy testcase
This patch implements comprehensive tests for strlcpy/wcslcpy
functions.  Tests are mostly derived from strncpy test suites
and modified to incorporate strlcpy/wcslcpy specifications.

Reviewed-by: DJ Delorie <dj@redhat.com>
2023-10-17 18:18:55 -04:00
Frédéric Bérat
20c894d21e Exclude routines from fortification
Since the _FORTIFY_SOURCE feature uses some routines of Glibc, they need to
be excluded from the fortification.

On top of that:
 - some tests explicitly verify that some level of fortification works
   appropriately, we therefore shouldn't modify the level set for them.
 - some objects need to be build with optimization disabled, which
   prevents _FORTIFY_SOURCE to be used for them.

Assembler files that implement architecture specific versions of the
fortified routines were not excluded from _FORTIFY_SOURCE as there is no
C header included that would impact their behavior.

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
2023-07-05 16:59:48 +02:00
Florian Weimer
1d44530a5b string: strerror must not return NULL (bug 30555)
For strerror, this fixes commit 28aff04781 ("string:
Implement strerror in terms of strerror_l").  This commit avoids
returning NULL for strerror_l as well, although POSIX allows this
behavior for strerror_l.

Reviewed-by: Arjun Shankar <arjun@redhat.com>
2023-06-15 19:54:09 +02:00
Florian Weimer
454a20c875 Implement strlcpy and strlcat [BZ #178]
These functions are about to be added to POSIX, under Austin Group
issue 986.

The fortified strlcat implementation does not raise SIGABRT if the
destination buffer does not contain a null terminator, it just
inherits the non-failing regular strlcat behavior.

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
2023-06-14 18:10:08 +02:00
Joe Simmons-Talbott
0c48aa0551 string: Add tests for strndup (BZ #30266)
Copy strncpy tests for strndup.  Covers some basic testcases with random
strings.  Remove tests that set the destination's bytes and checked the
resulting buffer's bytes.  Remove wide character test support since
wcsndup() doesn't exist.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2023-04-21 10:50:42 -03:00
Joe Simmons-Talbott
eaaad78db4 string: Add tests for strdup (BZ #30266)
Copy strcpy tests for strdup.  Covers some basic testcases with random
strings.  Add a zero-length string testcase.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2023-04-21 10:28:01 -03:00
Adhemerval Zanella
fb95c31638 string: Disable stack protector in early static initialization
For powerpc, strncmp is used on _dl_string_platform issued by
__tcb_parse_hwcap_and_convert_at_platform.

Reviewed-by: Carlos Eduardo Seo <carlos.seo@linaro.org>
2023-02-08 17:14:03 -03:00
Joseph Myers
6d7e8eda9b Update copyright dates with scripts/update-copyrights 2023-01-06 21:14:39 +00:00
Adhemerval Zanella
8d98c7c00f configure: Use -Wno-ignored-attributes if compiler warns about multiple aliases
clang emits an warning when a double alias redirection is used, to warn
the the original symbol will be used even when weak definition is
overridden.  However, this is a common pattern for weak_alias, where
multiple alias are set to same symbol.

Reviewed-by: Fangrui Song <maskray@google.com>
2022-11-01 09:51:06 -03:00
H.J. Lu
a007ec4669 string: Sort headers, routines, tests and tests-translation
Sort headers, routines, tests and tests-translation.  Put one entry per
line.
2022-02-05 16:42:17 -08:00
Paul Eggert
581c785bf3 Update copyright dates with scripts/update-copyrights
I used these shell commands:

../glibc/scripts/update-copyrights $PWD/../gnulib/build-aux/update-copyright
(cd ../glibc && git commit -am"[this commit message]")

and then ignored the output, which consisted lines saying "FOO: warning:
copyright statement not found" for each of 7061 files FOO.

I then removed trailing white space from math/tgmath.h,
support/tst-support-open-dev-null-range.c, and
sysdeps/x86_64/multiarch/strlen-vec.S, to work around the following
obscure pre-commit check failure diagnostics from Savannah.  I don't
know why I run into these diagnostics whereas others evidently do not.

remote: *** 912-#endif
remote: *** 913:
remote: *** 914-
remote: *** error: lines with trailing whitespace found
...
remote: *** error: sysdeps/unix/sysv/linux/statx_cp.c: trailing lines
2022-01-01 11:40:24 -08:00
Noah Goldstein
6c1e3c0fd0 String: Split memcpy tests so that parallel build is faster
No bug.

This commit splits test-memcpy.c into test-memcpy.c and
test-memcpy-large.c. The idea is parallel builds will be able to run
both in parallel speeding up the process.

Signed-off-by: Noah Goldstein <goldstein.w.n@gmail.com>
Reviewed-by: H.J. Lu <hjl.tools@gmail.com>
2021-11-10 20:14:09 -06:00
Noah Goldstein
3592ccd472 String: Add __memcmpeq as build target
No bug. This commit just adds __memcmpeq as a build target so that
implementations for __memcmpeq that are not just aliases to memcmp can
be supported.
2021-10-27 13:03:46 -05:00
Noah Goldstein
d9283b71ac String: Add tests for __memcmpeq
No bug.

This commit adds tests for the new function __memcmpeq. The new tests
use the existing tests in 'test-memcmp.c' but relax the result
requirement to only check for zero or non-zero returns.

All string tests include test-memcmpeq are passing.
2021-10-26 16:51:29 -05:00
Florian Weimer
6f1c701026 dlfcn: Cleanups after -ldl is no longer required
This commit removes the ELF constructor and internal variables from
dlfcn/dlfcn.c.  The file now serves the same purpose as
nptl/libpthread-compat.c, so it is renamed to dlfcn/libdl-compat.c.
The use of libdl-shared-only-routines ensures that libdl.a is empty.

This commit adjusts the test suite not to use $(libdl).  The libdl.so
symbolic link is no longer installed.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2021-06-03 09:11:45 +02:00
Paul Eggert
2b778ceb40 Update copyright dates with scripts/update-copyrights
I used these shell commands:

../glibc/scripts/update-copyrights $PWD/../gnulib/build-aux/update-copyright
(cd ../glibc && git commit -am"[this commit message]")

and then ignored the output, which consisted lines saying "FOO: warning:
copyright statement not found" for each of 6694 files FOO.
I then removed trailing white space from benchtests/bench-pthread-locks.c
and iconvdata/tst-iconv-big5-hkscs-to-2ucs4.c, to work around this
diagnostic from Savannah:
remote: *** pre-commit check failed ...
remote: *** error: lines with trailing whitespace found
remote: error: hook declined to update refs/heads/master
2021-01-02 12:17:34 -08:00
Adhemerval Zanella
10b01bd452 string: Make tst-strerror/tst-strsignal unsupported if msgfmt is not installed
Without msgfmt libc.mo files are not generated and its loading failure
is silent ignored with xsetlocale.

Also unset LANGUAGE environment variable to avoid it taking precedence
when loading the message catalog.  Although not strictly required
(since the test is issued with test-container and it sets a strict
environment variable) it follows other tests that deal with
translation.

Checked on x86_64-linux-gnu.
2020-07-13 09:16:11 -03:00
Adhemerval Zanella
c1e63c7214 string: Move tst-strsignal tst-strerror to tests-container
Both tests require libc.mo translation files which might not be
installed on the system.

Checked on x86_64-linux-gnu.
2020-07-08 10:23:14 -03:00
Adhemerval Zanella
325081b9eb string: Add strerrorname_np and strerrordesc_np
The strerrorname_np returns error number name (e.g. "EINVAL" for EINVAL)
while strerrordesc_np returns string describing error number (e.g
"Invalid argument" for EINVAL).  Different than strerror,
strerrordesc_np does not attempt to translate the return description,
both functions return NULL for an invalid error number.

They should be used instead of sys_errlist and sys_nerr, both are
thread and async-signal safe.  These functions are GNU extensions.

Checked on x86-64-linux-gnu, i686-linux-gnu, powerpc64le-linux-gnu,
and s390x-linux-gnu.

Tested-by: Carlos O'Donell <carlos@redhat.com>
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2020-07-07 15:02:57 -03:00
Adhemerval Zanella
bfe05aa289 string: Add sigabbrev_np and sigdescr_np
The sigabbrev_np returns the abbreviated signal name (e.g. "HUP" for
SIGHUP) while sigdescr_np returns the string describing the error
number (e.g "Hangup" for SIGHUP).  Different than strsignal,
sigdescr_np does not attempt to translate the return description and
both functions return NULL for an invalid signal number.

They should be used instead of sys_siglist or sys_sigabbrev and they
are both thread and async-signal safe.  They are added as GNU
extensions on string.h header (same as strsignal).

Checked on x86-64-linux-gnu, i686-linux-gnu, powerpc64le-linux-gnu,
and s390x-linux-gnu.

Tested-by: Carlos O'Donell <carlos@redhat.com>
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2020-07-07 14:57:14 -03:00
Adhemerval Zanella
653200ef42 string: Add strerror, strerror_r, and strerror_l test
Checked on x86-64-linux-gnu, i686-linux-gnu, powerpc64le-linux-gnu,
and s390x-linux-gnu.

Tested-by: Carlos O'Donell <carlos@redhat.com>
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2020-07-07 14:10:58 -03:00
Adhemerval Zanella
c2723ce317 string: Add strsignal test
Checked on x86-64-linux-gnu, i686-linux-gnu, powerpc64le-linux-gnu,
and s390x-linux-gnu.

Tested-by: Carlos O'Donell <carlos@redhat.com>
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2020-07-07 14:10:58 -03:00
Florian Weimer
eec0f4218c string: Add string/tst-memmove-overflow, a test case for bug 25620
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Tested-by: Carlos O'Donell <carlos@redhat.com>
2020-05-12 19:02:44 +02:00
Joseph Myers
d614a75396 Update copyright dates with scripts/update-copyrights. 2020-01-01 00:14:33 +00:00
Alistair Francis
aa706e13f4 Split up endian.h to minimize exposure of BYTE_ORDER.
With only two exceptions (sys/types.h and sys/param.h, both of which
historically might have defined BYTE_ORDER) the public headers that
include <endian.h> only want to be able to test __BYTE_ORDER against
__*_ENDIAN.

This patch creates a new bits/endian.h that can be included by any
header that wants to be able to test __BYTE_ORDER and/or
__FLOAT_WORD_ORDER against the __*_ENDIAN constants, or needs
__LONG_LONG_PAIR.  It only defines macros in the implementation
namespace.

The existing bits/endian.h (which could not be included independently
of endian.h, and only defines __BYTE_ORDER and maybe __FLOAT_WORD_ORDER)
is renamed to bits/endianness.h.  I also took the opportunity to
canonicalize the form of this header, which we are stuck with having
one copy of per architecture.  Since they are so short, this means git
doesn’t understand that they were renamed from existing headers, sigh.

endian.h itself is a nonstandard header and its only remaining use
from a standard header is guarded by __USE_MISC, so I dropped the
__USE_MISC conditionals from around all of the public-namespace things
it defines.  (This means, an application that requests strict library
conformance but includes endian.h will still see the definition of
BYTE_ORDER.)

A few changes to specific bits/endian(ness).h variants deserve
mention:

 - sysdeps/unix/sysv/linux/ia64/bits/endian.h is moved to
   sysdeps/ia64/bits/endianness.h.  If I remember correctly, ia64 did
   have selectable endianness, but we have assembly code in
   sysdeps/ia64 that assumes it’s little-endian, so there is no reason
   to treat the ia64 endianness.h as linux-specific.

 - The C-SKY port does not fully support big-endian mode, the compile
   will error out if __CSKYBE__ is defined.

 - The PowerPC port had extra logic in its bits/endian.h to detect a
   broken compiler, which strikes me as unnecessary, so I removed it.

 - The only files that defined __FLOAT_WORD_ORDER always defined it to
   the same value as __BYTE_ORDER, so I removed those definitions.
   The SH bits/endian(ness).h had comments inconsistent with the
   actual setting of __FLOAT_WORD_ORDER, which I also removed.

 - I *removed* copyright boilerplate from the few bits/endian(ness).h
   headers that had it; these files record a single fact in a fashion
   dictated by an external spec, so I do not think they are copyrightable.

As long as I was changing every copy of ieee754.h in the tree, I
noticed that only the MIPS variant includes float.h, because it uses
LDBL_MANT_DIG to decide among three different versions of
ieee854_long_double.  This patch makes it not include float.h when
GCC’s intrinsic __LDBL_MANT_DIG__ is available.

	* string/endian.h: Unconditionally define LITTLE_ENDIAN,
	BIG_ENDIAN, PDP_ENDIAN, and BYTE_ORDER.	 Condition byteswapping
	macros only on !__ASSEMBLER__.	Move the definitions of
	__BIG_ENDIAN, __LITTLE_ENDIAN, __PDP_ENDIAN, __FLOAT_WORD_ORDER,
	and __LONG_LONG_PAIR to...
	* string/bits/endian.h: ...this new file, which includes
	the renamed header bits/endianness.h for the definition of
	__BYTE_ORDER and possibly __FLOAT_WORD_ORDER.

	* string/Makefile: Install bits/endianness.h.
	* include/bits/endian.h: New wrapper.

	* bits/endian.h: Rename to bits/endianness.h.
	Add multiple-include guard.  Rewrite the comment explaining what
	the machine-specific variants of this file should do.

	* sysdeps/unix/sysv/linux/ia64/bits/endian.h:
	Move to sysdeps/ia64.

	* sysdeps/aarch64/bits/endian.h
	* sysdeps/alpha/bits/endian.h
	* sysdeps/arm/bits/endian.h
	* sysdeps/csky/bits/endian.h
	* sysdeps/hppa/bits/endian.h
	* sysdeps/ia64/bits/endian.h
	* sysdeps/m68k/bits/endian.h
	* sysdeps/microblaze/bits/endian.h
	* sysdeps/mips/bits/endian.h
	* sysdeps/nios2/bits/endian.h
	* sysdeps/powerpc/bits/endian.h
	* sysdeps/riscv/bits/endian.h
	* sysdeps/s390/bits/endian.h
	* sysdeps/sh/bits/endian.h
	* sysdeps/sparc/bits/endian.h
	* sysdeps/x86/bits/endian.h:
	Rename to endianness.h; canonicalize form of file; remove
	redundant definitions of __FLOAT_WORD_ORDER.

	* sysdeps/powerpc/bits/endianness.h: Remove logic to check for
	broken compilers.

	* ctype/ctype.h
	* sysdeps/aarch64/nptl/bits/pthreadtypes-arch.h
	* sysdeps/arm/nptl/bits/pthreadtypes-arch.h
	* sysdeps/csky/nptl/bits/pthreadtypes-arch.h
	* sysdeps/ia64/ieee754.h
	* sysdeps/ieee754/ieee754.h
	* sysdeps/ieee754/ldbl-128/ieee754.h
	* sysdeps/ieee754/ldbl-128ibm/ieee754.h
	* sysdeps/m68k/nptl/bits/pthreadtypes-arch.h
	* sysdeps/microblaze/nptl/bits/pthreadtypes-arch.h
	* sysdeps/mips/ieee754/ieee754.h
	* sysdeps/mips/nptl/bits/pthreadtypes-arch.h
	* sysdeps/nios2/nptl/bits/pthreadtypes-arch.h
	* sysdeps/nptl/pthread.h
	* sysdeps/riscv/nptl/bits/pthreadtypes-arch.h
	* sysdeps/sh/nptl/bits/pthreadtypes-arch.h
	* sysdeps/sparc/sparc32/ieee754.h
	* sysdeps/unix/sysv/linux/generic/bits/stat.h
	* sysdeps/unix/sysv/linux/generic/bits/statfs.h
	* sysdeps/unix/sysv/linux/sys/acct.h
	* wctype/bits/wctype-wchar.h:
	Include bits/endian.h, not endian.h.

	* sysdeps/unix/sysv/linux/hppa/pthread.h: Don’t include endian.h.

	* sysdeps/mips/ieee754/ieee754.h: Use __LDBL_MANT_DIG__
	in ifdefs, instead of LDBL_MANT_DIG.  Only include float.h
	when __LDBL_MANT_DIG__ is not predefined, in which case
	define __LDBL_MANT_DIG__ to equal LDBL_MANT_DIG.
2019-10-01 14:54:46 -07:00
Paul Eggert
5a82c74822 Prefer https to http for gnu.org and fsf.org URLs
Also, change sources.redhat.com to sourceware.org.
This patch was automatically generated by running the following shell
script, which uses GNU sed, and which avoids modifying files imported
from upstream:

sed -ri '
  s,(http|ftp)(://(.*\.)?(gnu|fsf|sourceware)\.org($|[^.]|\.[^a-z])),https\2,g
  s,(http|ftp)(://(.*\.)?)sources\.redhat\.com($|[^.]|\.[^a-z]),https\2sourceware.org\4,g
' \
  $(find $(git ls-files) -prune -type f \
      ! -name '*.po' \
      ! -name 'ChangeLog*' \
      ! -path COPYING ! -path COPYING.LIB \
      ! -path manual/fdl-1.3.texi ! -path manual/lgpl-2.1.texi \
      ! -path manual/texinfo.tex ! -path scripts/config.guess \
      ! -path scripts/config.sub ! -path scripts/install-sh \
      ! -path scripts/mkinstalldirs ! -path scripts/move-if-change \
      ! -path INSTALL ! -path  locale/programs/charmap-kw.h \
      ! -path po/libc.pot ! -path sysdeps/gnu/errlist.c \
      ! '(' -name configure \
            -execdir test -f configure.ac -o -f configure.in ';' ')' \
      ! '(' -name preconfigure \
            -execdir test -f preconfigure.ac ';' ')' \
      -print)

and then by running 'make dist-prepare' to regenerate files built
from the altered files, and then executing the following to cleanup:

  chmod a+x sysdeps/unix/sysv/linux/riscv/configure
  # Omit irrelevant whitespace and comment-only changes,
  # perhaps from a slightly-different Autoconf version.
  git checkout -f \
    sysdeps/csky/configure \
    sysdeps/hppa/configure \
    sysdeps/riscv/configure \
    sysdeps/unix/sysv/linux/csky/configure
  # Omit changes that caused a pre-commit check to fail like this:
  # remote: *** error: sysdeps/powerpc/powerpc64/ppc-mcount.S: trailing lines
  git checkout -f \
    sysdeps/powerpc/powerpc64/ppc-mcount.S \
    sysdeps/unix/sysv/linux/s390/s390-64/syscall.S
  # Omit change that caused a pre-commit check to fail like this:
  # remote: *** error: sysdeps/sparc/sparc64/multiarch/memcpy-ultra3.S: last line does not end in newline
  git checkout -f sysdeps/sparc/sparc64/multiarch/memcpy-ultra3.S
2019-09-07 02:43:31 -07:00
Aurelien Jarno
2ef4271688 Only build libm with -fno-math-errno (bug 24024)
Commit 1294b1892e ("Add support for sqrt asm redirects") added the
-fno-math-errno flag to build most of the glibc in order to enable GCC
to inline math functions. Due to GCC bug #88576, saving and restoring
errno around calls to malloc are optimized-out. In turn this causes
strerror to set errno to ENOMEM if it get passed an invalid error number
and if malloc sets errno to ENOMEM (which might happen even if it
succeeds). This is not allowed by POSIX.

This patch changes the build flags, building only libm with
-fno-math-errno and all the remaining code with -fno-math-errno. This
should be safe as libm doesn't contain any code saving and restoring
errno around malloc. This patch can probably be reverted once the GCC
bug is fixed and available in stable releases.

Tested on x86-64, no regression in the testsuite.

Changelog:
	[BZ #24024]
	* Makeconfig: Build libm with -fno-math-errno but build the remaining
	code with -fmath-errno.
	* string/Makefile [$(build-shared)] (tests): Add test-strerror-errno.
	[$(build-shared)] (LDLIBS-test-strerror-errno): New variable.
	* string/test-strerror-errno.c: New file.
2019-01-07 14:59:07 +01:00
Joseph Myers
04277e02d7 Update copyright dates with scripts/update-copyrights.
* All files with FSF copyright notices: Update copyright dates
	using scripts/update-copyrights.
	* locale/programs/charmap-kw.h: Regenerated.
	* locale/programs/locfile-kw.h: Likewise.
2019-01-01 00:11:28 +00:00
Joseph Myers
0d40d0ecba Unify and simplify bits/byteswap.h, bits/byteswap-16.h headers (bug 14508, bug 15512, bug 17082, bug 20530).
We have a general principle of preferring optimizations for library
facilities to use compiler built-in functions rather than being
located in library headers, where the compiler can reasonably optimize
code without needing to know glibc implementation details.

This patch applies this principle to bits/byteswap.h, eliminating all
the architecture-specific variants and bits/byteswap-16.h.  The
__bswap_16, __bswap_32 and __bswap_64 interfaces all become inline
functions, never macros, using the GCC built-in functions where
available and otherwise a single architecture-independent definition
using shifts and masking (which compilers may well be able to detect
and optimize; GCC has detection of various byte-swapping idioms).

The __bswap_constant_32 macro needs to stay around because of uses in
static initializers within glibc and its tests, and so for consistency
all __bswap_constant_* are kept rather than just being inlined into
the old-GCC-or-non-GCC parts of the __bswap_* inline function
definitions.

Various open bugs are addressed by this cleanup, with caveats about
exactly what is covered by those bugs and when the bugs applied at
all.

Bug 14508 reports -Wformat warnings building glibc because __bswap_*
sometimes returned the wrong types.  Obviously we already don't have
such warnings any more or the build would be failing, given -Werror,
and I suspect that bug was originally for wrong types for x86_64, as
fixed by commit d394eb742a (glibc 2.17).
The only case I saw removed by this patch where the types would still
have been wrong was the non-__GNUC__ case of __bswap_64 in the s390
header (using unsigned long long int, but uint64_t would be unsigned
long int for 64-bit).  In any case, the single header consistently
uses __uintN_t types after this patch, thereby eliminating all such
bugs.  The existing string/test-endian-types.c test already suffices
to verify that the types are correct with the compiler used to build
glibc and its tests.

Bug 15512 reports an error from __bswap_constant_16 with -Werror
-Wsign-conversion.  I am unable to reproduce this with any GCC version
supporting -Wsign-conversion - all seem to be able to avoid warning
for ((x) >> 8) & 0xffu, where x is uint16_t, which while it formally
does involve an implicit conversion from int to unsigned int, is also
a case where it should be easy for the compiler to see that the value
converted is never negative.  But in this patch __bswap_constant_16 is
changed to use signed 0xff so that no such implicit conversion occurs
at all, and a test with -Werror -Wsign-conversion is added.

Bug 17082 objects to the use of ({}) statement expressions in these
macros preventing use at file scope (in C, that's in sizeof etc.; in
C++, more generally in static initializers).  The particular case of
these interfaces is fixed by this patch as it changes them to inline
functions, eliminating all uses of ({}) in bits/byteswap.h, and a
corresponding testcase is added.  The bug tries to raise a more
general policy question about use of ({}) in macros in installed
headers, referring to "many other libc functions" (unspecified which
functions are being considered).

Since such policy questions belong on libc-alpha, and since there
*are* macros in installed headers which can't really avoid using ({})
(where they are type-generic, so can't use an inline function, but
need a temporary variable, and a few where the interface involves
returning memory from alloca so can't use an inline function either),
I propose to consider that bug fixed with this change.  That is
without prejudice to any other new bugs anyone wishes to file *for
precisely defined sets of macros* requesting moving away from ({})
*where it is clearly possible for those interfaces*.  Where ({}) can
be avoided, typically by use of an inline function, I think that's a
good idea - that inline functions are typically to be preferred to
({}) for header interfaces where such optimizations are useful but the
interface is suited to being defined using an inline function.

Bug 20530 requests use of __builtin_bswap16 when available (GCC 4.8
and later), which this patch implements.

Tested for x86_64, and with build-many-glibcs.py.  Also did an x86_64
test with the __GNUC_PREREQ conditionals changed to "#if 0" to verify
the old-GCC/non-GCC case in the headers.  (There are already existing
tests for correctness of results of these interfaces.)

	[BZ #14508]
	[BZ #15512]
	[BZ #17082]
	[BZ #20530]
	* bits/byteswap.h: Update file comment.  Do not include
	<bits/byteswap-16.h>.
	(__bswap_constant_16): Cast result to __uint16_t.  Use signed 0xff
	constant.
	(__bswap_16): Define as inline function.
	(__bswap_constant_32): Reformat definition.
	(__bswap_32): Always define as inline function, not macro, using
	__uint32_t.  Use __builtin_bswap32 if [__GNUC_PREREQ (4, 3)],
	otherwise __bswap_constant_32.
	(__bswap_constant_64): Reformat definition.  Do not use
	__extension__ here.
	(__bswap_64): Always define as inline function, not macro.  Use
	__extension__ on function definition.  Use __builtin_bswap64 if
	[__GNUC_PREREQ (4, 3)], otherwise __bswap_constant_64.
	* string/test-endian-file-scope.c: New file.
	* string/test-endian-sign-conversion.c: Likewise.
	* string/Makefile (headers): Remove bits/byteswap-16.h.
	(tests): Add test-endian-file-scope and
	test-endian-sign-conversion.
	(CFLAGS-test-endian-sign-conversion.c): New variable.
	* bits/byteswap-16.h: Remove file.
	* sysdeps/ia64/bits/byteswap-16.h: Likewise.
	* sysdeps/ia64/bits/byteswap.h: Likewise.
	* sysdeps/m68k/bits/byteswap.h: Likewise.
	* sysdeps/s390/bits/byteswap-16.h: Likewise.
	* sysdeps/s390/bits/byteswap.h: Likewise.
	* sysdeps/tile/bits/byteswap.h: Likewise.
	* sysdeps/x86/bits/byteswap-16.h: Likewise.
	* sysdeps/x86/bits/byteswap.h: Likewise.
2018-02-06 21:55:08 +00:00
Joseph Myers
688903eb3e Update copyright dates with scripts/update-copyrights.
* All files with FSF copyright notices: Update copyright dates
	using scripts/update-copyrights.
	* locale/programs/charmap-kw.h: Regenerated.
	* locale/programs/locfile-kw.h: Likewise.
2018-01-01 00:32:25 +00:00
H.J. Lu
e70c6fee46 string: Replace = with += in CFLAGS-xxx.c
Replace = with += in CFLAGS-xxx.c to allow Makefile under sysdeps to
define CFLAGS-xx.c.

	* string/Makefile (CFLAGS-inl-tester.c): Replace = with +=.
	(CFLAGS-noinl-tester.c): Likewise.
	(CFLAGS-tst-strlen.c): Likewise.
	(CFLAGS-stratcliff.c): Likewise.
	(CFLAGS-test-ffs.c): Likewise.
	(CFLAGS-tst-inlcall.c): Likewise.
	(CFLAGS-tst-xbzero-opt.c): Likewise.
	(CFLAGS-memcpy.c): Likewise.
	(CFLAGS-wordcopy.c): Likewise.
2017-12-11 08:39:24 -08:00
Zack Weinberg
09a596cc2c Remove bits/string.h.
These machine-dependent inline string functions have never been on by
default, and even if they were a good idea at the time they were
introduced, they haven't really been touched in ten to fifteen years
and probably aren't a good idea on current-gen processors.  Current
thinking is that this class of optimization is best left to the
compiler.

	* bits/string.h, string/bits/string.h
	* sysdeps/aarch64/bits/string.h
	* sysdeps/m68k/m680x0/m68020/bits/string.h
	* sysdeps/s390/bits/string.h, sysdeps/sparc/bits/string.h
	* sysdeps/x86/bits/string.h: Delete file.

	* string/string.h: Don't include bits/string.h.
	* string/bits/string3.h: Rename to bits/string_fortified.h.
	No need to undef various symbols that the removed headers
	might have defined as macros.
	* string/Makefile (headers): Remove bits/string.h, change
	bits/string3.h to bits/string_fortified.h.
	* string/string-inlines.c: Update commentary.  Remove definitions
	of various macros that nothing looks at anymore.  Don't directly
	include bits/string.h. Set _STRING_INLINE_unaligned here, based on
	compiler-predefined macros.
	* string/strncat.c: If STRNCAT is not defined, or STRNCAT_PRIMARY
	_is_ defined, provide internal hidden alias __strncat.
	* include/string.h: Declare internal hidden alias __strncat.
	Only forward __stpcpy to __builtin_stpcpy if __NO_STRING_INLINES is
	not defined.
	* include/bits/string3.h: Rename to bits/string_fortified.h,
	update to match above.

	* sysdeps/i386/string-inlines.c: Define compat symbols for
	everything formerly defined by sysdeps/x86/bits/string.h.
	Make existing definitions into compat symbols as well.
	Remove some no-longer-necessary messing around with macros.

	* sysdeps/powerpc/powerpc32/power4/multiarch/mempcpy.c
	* sysdeps/powerpc/powerpc64/multiarch/mempcpy.c
	* sysdeps/powerpc/powerpc64/multiarch/stpcpy.c
	* sysdeps/s390/multiarch/mempcpy.c
	No need to define _HAVE_STRING_ARCH_mempcpy.
	Do define __NO_STRING_INLINES and NO_MEMPCPY_STPCPY_REDIRECT.

	* sysdeps/i386/i686/multiarch/strncat-c.c
	* sysdeps/s390/multiarch/strncat-c.c
	* sysdeps/x86_64/multiarch/strncat-c.c
	Define STRNCAT_PRIMARY.  Don't change definition of libc_hidden_def.
2017-06-20 08:21:24 -04:00
Wilco Dijkstra
18b10de7ce 2017-06-12 Wilco Dijkstra <wdijkstr@arm.com>
There is no longer a need for string2.h, so remove it and all mention of it.
Move the redirect for __stpcpy to include/string.h since it is still required
until all internal uses have been renamed.
This fixes several linknamespace/localplt failures when building with -Os.

	[BZ #15105]
	[BZ #19463]
	* include/string.h: Add internal redirect for __stpcpy.
	* string/Makefile: Remove bits/string2.h.
	* string/string.h: Update comment.
	* string/string-inlines.c: Remove bits/string2.h include and comment.
	* string/bits/string2.h: Remove file.
2017-06-12 15:22:17 +01:00
Florian Weimer
5653ab12b4 string/tst-strcoll-overflow: Do not accept timeout as test result
The test completes within 300 seconds if enough memory is available.
2017-01-25 16:27:03 +01:00
Stefan Liebler
570c443352 S390: Fix FAIL in test string/tst-xbzero-opt [BZ #21006]
On s390x this test failed with:
FAIL: explicit clear/test: expected 0 got 1

In setup_explicit_clear, the buffer is filled with the test_pattern.
On s390x the memcpy in prepare_test_buffer is done by loading
r4 / r5 with the test_pattern and using store multiple instruction
to store r4 / r5 to buf.
If explicit_bzero is resolved in setup_explicit_clear, r4 / r5 is
stored to stack by _dl_runtime_resolve and the call to memmem in
count_test_patterns finds a hit of the test_pattern on the stack.

This patch resolves all symbols at program startup by linking with
-z now.  This omits the call of _dl_runtime_resolve within
setup_explicit_clear and the test passes.

ChangeLog:

	[BZ #21006]
	* string/Makefile (LDFLAGS-tst-xbzero-opt): New variable.
2017-01-17 08:54:58 +01:00
Joseph Myers
6a1cefac19 Make endian-conversion macros always return correct types (bug 16458).
Bug 16458 reports that the endian-conversion macros in <endian.h> and
<netinet/in.h>, in the case where no endian conversion is needed, just
return their arguments without converting to the expected return type,
so failing to act as expected for a macro version of a function.  (The
<netinet/in.h> macros, in particular, are described with prototypes in
POSIX so should act like correspondingly prototyped functions.)

Where previously this was a fairly obscure issue, it now results in
glibc build with GCC mainline breaking for big-endian systems:

nss_hesiod/hesiod-service.c: In function '_nss_hesiod_getservbyport_r':
nss_hesiod/hesiod-service.c:142:39: error: '%d' directive output may be truncated writing between 1 and 11 bytes into a region of size 6 [-Werror=format-truncation=]
   snprintf (portstr, sizeof portstr, "%d", ntohs (port));
                                       ^~
nss_hesiod/hesiod-service.c:142:38: note: using the range [1, -2147483648] for directive argument
   snprintf (portstr, sizeof portstr, "%d", ntohs (port));
                                      ^~~~
nss_hesiod/hesiod-service.c:142:3: note: format output between 2 and 12 bytes into a destination of size 6
   snprintf (portstr, sizeof portstr, "%d", ntohs (port));
   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

The port argument is passed as int to this function, so when ntohs
does not convert the compiler cannot tell that the result is within
the range of uint16_t.  (I don't know if in fact it's possible for
out-of-range values to reach this function and so get truncated as
strings without this patch or as integers with it.)

This patch arranges for these macros to use identity functions to
ensure appropriate conversions while having warnings for implicit
conversions of function arguments that might not occur with a cast.

Tested for x86_64 and x86; with build-many-glibcs.py with GCC 6; and
with build-many-glibcs.py with GCC mainline for powerpc to test the
build fix.

	[BZ #16458]
	* bits/uintn-identity.h: New file.
	* inet/netinet/in.h: Include <bits/uintn-identity.h>.
	[__BYTE_ORDER == __BIG_ENDIAN] (ntohl): Use __uint32_identity.
	[__BYTE_ORDER == __BIG_ENDIAN] (ntohs): Use __uint16_identity.
	[__BYTE_ORDER == __BIG_ENDIAN] (htonl): Use __uint32_identity.
	[__BYTE_ORDER == __BIG_ENDIAN] (htohs): Use __uint16_identity.
	* string/endian.h: Include <bits/uintn-identity.h>.
	[__BYTE_ORDER == __LITTLE_ENDIAN] (htole16): Use
	__uint16_identity.
	[__BYTE_ORDER == __LITTLE_ENDIAN] (le16toh): Likewise.
	[__BYTE_ORDER == __LITTLE_ENDIAN] (htole32): Use
	__uint32_identity.
	[__BYTE_ORDER == __LITTLE_ENDIAN] (le32toh): Likewise.
	[__BYTE_ORDER == __LITTLE_ENDIAN] (htole64): Use
	__uint64_identity.
	[__BYTE_ORDER == __LITTLE_ENDIAN] (le64toh): Likewise.
	[__BYTE_ORDER != __LITTLE_ENDIAN] (htobe16): Use
	__uint16_identity.
	[__BYTE_ORDER != __LITTLE_ENDIAN] (be16toh): Likewise.
	[__BYTE_ORDER != __LITTLE_ENDIAN] (htobe32): Use
	__uint32_identity.
	[__BYTE_ORDER != __LITTLE_ENDIAN] (be32toh): Likewise.
	[__BYTE_ORDER != __LITTLE_ENDIAN] (htobe64): Use
	__uint64_identity.
	[__BYTE_ORDER != __LITTLE_ENDIAN] (be64toh): Likewise.
	* string/Makefile (headers): Add bits/uintn-identity.h.
	(tests): Add test-endian-types.
	* string/test-endian-types.c: New file.
	* inet/Makefile (tests): Add test-hnto-types.
	* inet/test-hnto-types.c: New file.
2017-01-11 15:28:08 +00:00
Adhemerval Zanella
38765ab68f Use fortify macros for b{zero,copy} along decl from strings.h
As described in BZ#20558, bzero and bcopy declaration can only benefit
from fortified macros when decl came from string.h and when __USE_MISC
is defined (default behaviour).

This is due no standard includes those functions in string.h, so they
are only declared if __USE_MISC is defined (as pointed out in comment 4).
However fortification should be orthogona to other features test macros,
i.e, any function should be fortified if that function is declared.

To fix this behavior, the patch moved the bzero, bcopy, and
__explicit_bzero_chk to a common header (string/bits/strings_fortified.h)
and explicit fortified inclusion macros similar to string.h is added
on strings.h.  This allows to get fortified declarions by only including
strings.h.

Checked on x86_64-linux-gnu and along on a bootstrap installation to check
if the fortified are correctly triggered with example from bug report.

	[BZ #20558]
	* string/bits/string3.h [__USE_MISC] (bcopy): Move to
	strings_fortified.h.
	[__USE_MISC] (bzero): Likewise.
	[__USE_MISC] (explicit_bzero): Likewise.
	* string/strings.h: Include strings_fortified.h.
	* string/Makefile (headers): Add strings_fortified.h.
	* string/bits/strings_fortified.h: New file.
	* include/bits/strings_fortified.h: Likewise.
2017-01-05 15:54:13 -02:00
Joseph Myers
bfff8b1bec Update copyright dates with scripts/update-copyrights. 2017-01-01 00:14:16 +00:00
Nick Alcock
10c85e76c0 Disable stack protector in early static initialization [BZ #7065]
The startup code in csu/, and the brk and sbrk functions are
needed very early in initialization of a statically-linked program,
before the stack guard is initialized; TLS initialization also uses
memcpy, which cannot overrun its own stack.  Mark all of these as
-fno-stack-protector.

We also finally introduce @libc_cv_ssp@ and @no_stack_protector@, both
substituted by the configury changes made earlier, to detect the case
when -fno-stack-protector is supported by the compiler, and
unconditionally pass it in when this is the case, whether or not
--enable-stack-protector is passed to configure.  (This means that
it'll even work when the compiler's been hacked to pass
-fstack-protector by default, unless the hackage is so broken that
it does so in a way that is impossible to override.)
2016-12-26 10:08:45 +01:00
Florian Weimer
8d71242eb7 Do not require memset elimination in explicit_bzero test
Some targets fail to apply dead store elimination to the
memset call in setup_ordinary_clear.  Before this commit,
this causes the test case to fail.  Instead, the test case
now logs lack of memset elimination as an informational
message.
2016-12-20 11:08:10 +01:00
Zack Weinberg
ea1bd74def New string function explicit_bzero (from OpenBSD).
explicit_bzero(s, n) is the same as memset(s, 0, n), except that the
compiler is not allowed to delete a call to explicit_bzero even if the
memory pointed to by 's' is dead after the call.  Right now, this effect
is achieved externally by having explicit_bzero be a function whose
semantics are unknown to the compiler, and internally, with a no-op
asm statement that clobbers memory.  This does mean that small
explicit_bzero operations cannot be expanded inline as small memset
operations can, but on the other hand, small memset operations do get
deleted by the compiler.  Hopefully full compiler support for
explicit_bzero will happen relatively soon.

There are two new tests: test-explicit_bzero.c verifies the
visible semantics in the same way as the existing test-bzero.c,
and tst-xbzero-opt.c verifies the not-being-optimized-out property.
The latter is conceptually based on a test written by Matthew Dempsky
for the OpenBSD regression suite.

The crypt() implementation has an immediate use for this new feature.
We avoid having to add a GLIBC_PRIVATE alias for explicit_bzero
by running all of libcrypt's calls through the fortified variant,
__explicit_bzero_chk, which is in the impl namespace anyway.  Currently
I'm not aware of anything in libc proper that needs this, but the
glue is all in place if it does become necessary.  The legacy DES
implementation wasn't bothering to clear its buffers, so I added that,
mostly for consistency's sake.

	* string/explicit_bzero.c: New routine.
	* string/test-explicit_bzero.c, string/tst-xbzero-opt.c: New tests.
	* string/Makefile (routines, strop-tests, tests): Add them.
	* string/test-memset.c: Add ifdeffage for testing explicit_bzero.
	* string/string.h [__USE_MISC]: Declare explicit_bzero.

	* debug/explicit_bzero_chk.c: New routine.
	* debug/Makefile (routines): Add it.
	* debug/tst-chk1.c: Test fortification of explicit_bzero.
	* string/bits/string3.h: Fortify explicit_bzero.

	* manual/string.texi: Document explicit_bzero.
	* NEWS: Mention addition of explicit_bzero.

	* crypt/crypt-entry.c (__crypt_r): Clear key-dependent intermediate
	data before returning, using explicit_bzero.
	* crypt/md5-crypt.c (__md5_crypt_r): Likewise.
	* crypt/sha256-crypt.c (__sha256_crypt_r): Likewise.
	* crypt/sha512-crypt.c (__sha512_crypt_r): Likewise.

	* include/string.h: Redirect internal uses of explicit_bzero
	to __explicit_bzero_chk[_internal].
	* string/Versions [GLIBC_2.25]: Add explicit_bzero.
	* debug/Versions [GLIBC_2.25]: Add __explicit_bzero_chk.
	* sysdeps/arm/nacl/libc.abilist
	* sysdeps/unix/sysv/linux/aarch64/libc.abilist
	* sysdeps/unix/sysv/linux/alpha/libc.abilist
	* sysdeps/unix/sysv/linux/arm/libc.abilist
	* sysdeps/unix/sysv/linux/hppa/libc.abilist
	* sysdeps/unix/sysv/linux/i386/libc.abilist
	* sysdeps/unix/sysv/linux/ia64/libc.abilist
	* sysdeps/unix/sysv/linux/m68k/coldfire/libc.abilist
	* sysdeps/unix/sysv/linux/m68k/m680x0/libc.abilist
	* sysdeps/unix/sysv/linux/microblaze/libc.abilist
	* sysdeps/unix/sysv/linux/mips/mips32/fpu/libc.abilist
	* sysdeps/unix/sysv/linux/mips/mips32/nofpu/libc.abilist
	* sysdeps/unix/sysv/linux/mips/mips64/n32/libc.abilist
	* sysdeps/unix/sysv/linux/mips/mips64/n64/libc.abilist
	* sysdeps/unix/sysv/linux/nios2/libc.abilist
	* sysdeps/unix/sysv/linux/powerpc/powerpc32/fpu/libc.abilist
	* sysdeps/unix/sysv/linux/powerpc/powerpc32/nofpu/libc.abilist
	* sysdeps/unix/sysv/linux/powerpc/powerpc64/libc-le.abilist
	* sysdeps/unix/sysv/linux/powerpc/powerpc64/libc.abilist
	* sysdeps/unix/sysv/linux/s390/s390-32/libc.abilist
	* sysdeps/unix/sysv/linux/s390/s390-64/libc.abilist
	* sysdeps/unix/sysv/linux/sh/libc.abilist
	* sysdeps/unix/sysv/linux/sparc/sparc32/libc.abilist
	* sysdeps/unix/sysv/linux/sparc/sparc64/libc.abilist
	* sysdeps/unix/sysv/linux/tile/tilegx/tilegx32/libc.abilist
	* sysdeps/unix/sysv/linux/tile/tilegx/tilegx64/libc.abilist
	* sysdeps/unix/sysv/linux/tile/tilepro/libc.abilist
	* sysdeps/unix/sysv/linux/x86_64/64/libc.abilist
	* sysdeps/unix/sysv/linux/x86_64/x32/libc.abilist:
	Add entries for explicit_bzero and __explicit_bzero_chk.
2016-12-16 16:21:54 -05:00
Florian Weimer
6e263a27c4 string: More tests for strcmp, strcasecmp, strncmp, strncasecmp 2016-08-26 14:28:46 +02:00
Joseph Myers
f7a9f785e5 Update copyright dates with scripts/update-copyrights. 2016-01-04 16:05:18 +00:00
Carlos O'Donell
facdd9ea29 Fix typo in bug-strcoll2 (Bug 18589)
Fix the copyright year and remove contributed by in the
bug-strcoll2 test. In addition add the correct dependency
on $(gen-locales) to ensure all the test locales are generated.
2015-10-09 16:38:04 -04:00
Carlos O'Donell
02018629a1 strcoll: Add bug-strcoll2 to testsuite (Bug 18589).
Adds bug-strcoll2 to the string tests, along with the
generation of required locales.
2015-10-08 17:02:50 -04:00
Martin Sebor
60cf80f09d Let 'make check subdirs=string' succeed even when it's invoked
immediately after glibc has been built and before 'make check'
(or after 'make clean').
2015-09-28 16:55:57 -04:00