This patch starts preparation for C2X support in glibc headers by
adding a feature test macro _ISOC2X_SOURCE and corresponding
__GLIBC_USE (ISOC2X). (I chose to use the newer __GLIBC_USE style for
this rather than the older __USE_* macros tested with #ifdef.) As
with other such macros, C2X features are also enabled by compiling for
a standard newer than C17, or by using _GNU_SOURCE.
This patch does not itself enable anything new in the headers for C2X;
that is to be done in followup patches. (For example, most of the TS
18661-1 functions should be declared for C2X without any
__STDC_WANT_IEC_60559_BFP_EXT__ being needed, but the ones that
18661-1 adds to Annex F because of their close relation to IEEE 754
formats do still need the WANT macro in C2X.)
Once C2X becomes an actual standard we'll presumably move to using the
actual year in the feature test macro and __GLIBC_USE, with some
period when both macro spellings are accepted, as was done with
_ISOC9X_SOURCE.
Tested for x86_64.
* include/features.h (_ISOC2X_SOURCE): New feature test macro.
Undefine and define to 1 if [_GNU_SOURCE].
(__GLIBC_USE_ISOC2X): New macro. Undefine and redefine depending
on [_ISOC2X_SOURCE] and [__STDC_VERSION__ > 201710L].
(__USE_ISOC11): Also define to 1 if [_ISOC2X_SOURCE].
(__USE_ISOC99): Likewise.
(__USE_ISOC95): Likewise.
* manual/creature.texi (_ISOC2X_SOURCE): Document.
Now that there are no internal users of __sysctl left, it is possible
to add an unconditional deprecation warning to <sys/sysctl.h>.
To avoid a test failure due this warning in check-install-headers,
skip the test for sys/sysctl.h.
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
No 32-bit system call wrapper is added because the interface
is problematic because it cannot deal with 64-bit inode numbers
and 64-bit directory hashes.
A future commit will deprecate the undocumented getdirentries
and getdirentries64 functions.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
The twalk function is very difficult to use in a multi-threaded
program because there is no way to pass external state to the
iterator function.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Keep these functions compatible with Gnulib while adding
__time64_t support. The basic idea is to move private API
declarations from include/time.h to time/mktime-internal.h, since
the former file cannot easily be shared with Gnulib whereas the
latter can.
Also, do some other minor cleanup while in the neighborhood.
* include/time.h: Include stdbool.h, time/mktime-internal.h.
(__mktime_internal): Move this prototype to time/mktime-internal.h,
since Gnulib needs it.
(__localtime64_r, __gmtime64_r) [__TIMESIZE == 64]:
Move these macros to time/mktime-internal.h, since Gnulib needs them.
(__mktime64, __timegm64) [__TIMESIZE != 64]: New prototypes.
(in_time_t_range): New static function.
* posix/bits/types.h (__time64_t) [__TIMESIZE == 64 && !defined __LIBC]:
Do not define as a macro in this case, so that portable code is
less tempted to use __time64_t.
* time/mktime-internal.h: Rewrite so that it does both glibc
and Gnulib work. Include time.h if not _LIBC.
(mktime_offset_t) [!_LIBC]: Define for gnulib.
(__time64_t, __gmtime64_r, __localtime64_r, __mktime64, __timegm64)
[!_LIBC || __TIMESIZE == 64]: New macros, mostly moved here
from include/time.h.
(__gmtime_r, __localtime_r, __mktime_internal) [!_LIBC]:
New macros, taken from GNulib.
(__mktime_internal): New prototype, moved here from include/time.h.
* time/mktime.c (mktime_min, mktime_max, convert_time)
(ranged_convert, __mktime_internal, __mktime64):
* time/timegm.c (__timegm64):
Use __time64_t, not time_t.
* time/mktime.c: Stop worrying about whether time_t is floating-point.
(__mktime64) [! (_LIBC && __TIMESIZE != 64)]:
Rename from mktime.
(mktime) [_LIBC && __TIMESIZE != 64]: New function.
* time/timegm.c [!_LIBC]: Include libc-config.h, not config.h,
for libc_hidden_def.
Include errno.h.
(__timegm64) [! (_LIBC && __TIMESIZE != 64)]:
Rename from timegm.
(timegm) [_LIBC && __TIMESIZE != 64]: New function.
First cut at publicizing __time64_t
alloc_buffer_next is useful for peeking to the remaining part of the
buffer and update it, with subsequent allocation (once the length
is known) using alloc_buffer_alloc_bytes. This is not as robust
as the other interfaces, but it allows using alloc_buffer with
string-writing interfaces such as snprintf and ns_name_ntop.
This allows an architecture to use the old generic implementation
and also set explicit loop unrolling.
Checked on aarch64-linux-gnu.
* include/loop_unroll.h: New file.
* wcsmbs/wcscpy (__wcscpy): Add option to use loop unrolling
besides generic implementation.
This patch removes the HP_TIMING_BITS usage for fast random bits and replace
with clock_gettime (CLOCK_MONOTONIC). It has unspecified starting time and
nano-second accuracy, so its randomness is significantly better than
gettimeofday.
Althoug it should incur in more overhead (specially for architecture that
support hp-timing), the symbol is also common implemented as a vDSO.
Checked on aarch64-linux-gnu, x86_64-linux-gnu, and i686-linux-gnu. I also
checked on a i686-gnu build.
* include/random-bits.h: New file.
* resolv/res_mkquery.c [HP_TIMING_AVAIL] (RANDOM_BITS,
(__res_context_mkquery): Remove usage hp-timing usage and replace with
random_bits.
* resolv/res_send.c [HP_TIMING_AVAIL] (nameserver_offset): Likewise.
* sysdeps/posix/tempname.c [HP_TIMING_AVAIL] (__gen_tempname):
Likewise.
With clock_getres, clock_gettime, and clock_settime refactor to remove the
generic CLOCK_PROCESS_CPUTIME_ID and CLOCK_THREAD_CPUTIME_ID support through
hp-timing, there is no usage of internal __get_clockfreq. This patch removes
both generic and Linux implementation..
Checked with a build against aarch64-linux-gnu, i686-linux-gnu, ia64-linux-gnu,
sparc64-linux-gnu, powerpc-linux-gnu-power4.
* include/libc-internal.h (__get_clockfreq): Remove prototype.
* rt/Makefile (clock-routines): Remove get_clockfreq.
* rt/get_clockfreq.c: Remove file.
* sysdeps/unix/sysv/linux/i386/get_clockfreq.c: Likewise.
* sysdeps/unix/sysv/linux/ia64/get_clockfreq.c: Likewise.
* sysdeps/unix/sysv/linux/sparc/sparc64/get_clockfreq.c: Likewise.
* sysdeps/unix/sysv/linux/powerpc/get_clockfreq.c: Move code to ...
* sysdeps/unix/sysv/linux/powerpc/get_timebase_freq.c: ... here.
The stub implementations are turned into compat symbols.
Linux actually has two reserved system call numbers (for getpmsg
and putpmsg), but these system calls have never been implemented,
and there are no plans to implement them, so this patch replaces
the wrappers with the generic stubs.
According to <https://bugzilla.redhat.com/show_bug.cgi?id=436349>,
the presence of the XSI STREAMS declarations is a minor portability
hazard because they are not actually implemented.
This commit does not change the TIRPC support code in
sunrpc/rpc_svcout.c. It uses additional XTI functionality and
therefore never worked with glibc.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
inttypes.h and stdint.h are in sysdeps/generic, but there are no other
versions of these headers anywhere in the source tree, so they aren’t
actually system-dependent. Move them to the subdirectory that
installs them (stdlib).
Reviewed-by: Joseph Myers <joseph@codesourcery.com>
* sysdeps/generic/inttypes.h, sysdeps/generic/stdint.h:
Move to stdlib.
* include/inttypes.h: Adjust to match.
* include/stdint.h: New wrapper.
On platforms where long double may have the same format as double
(-mlong-double-64), error and error_at_line do not take that into
account and might produce wrong output if a long double conversion is
requested by the format string ('%Lf'). This patch adds compatibility
functions for this situation and redirects calls via header magic.
Tested for powerpc, powerpc64 and powerpc64le.
When support for long double format with 128-bits (-mlong-double-128)
was added for platforms where long double had the same format as double,
such as powerpc, compatibility versions for the functions listed in the
commit title were missed. Since the older format of long double can
still be used (with -mlong-double-64), using these functions with a
format string that requests the printing of long double variables will
produce wrong outputs.
This patch adds the missing compatibility functions and header magic to
redirect calls to them when -mlong-double-64 is in use.
Tested for powerpc, powerpc64 and powerpc64le.
The functions argp_error and argp_failure are missing support for
printing long double values when long double has the same format as
double. This patch adds the new functions __nldbl_argp_error and
__nldbl_argp_failure, as well as header magic to redirect calls to them
when -mlong-double-64 is in use.
Tested for powerpc, powerpc64 and powerpc64le.
This patch rewrites wcscat using wcslen and wcscpy. This is similar to
the optimization done on strcat by 6e46de42fe.
The strcpy changes are mainly to add the internal alias to avoid PLT
calls.
Checked on x86_64-linux-gnu and a build against the affected
architectures.
* include/wchar.h (__wcscpy): New prototype.
* sysdeps/powerpc/powerpc32/power4/multiarch/wcscpy-ppc32.c
(__wcscpy): Route internal symbol to generic implementation.
* sysdeps/powerpc/powerpc32/power4/multiarch/wcscpy.c (wcscpy):
Add internal __wcscpy alias.
* sysdeps/powerpc/powerpc64/multiarch/wcscpy.c (wcscpy): Likewise.
* sysdeps/s390/wcscpy.c (wcscpy): Likewise.
* sysdeps/x86_64/multiarch/wcscpy.c (wcscpy): Likewise.
* wcsmbs/wcscpy.c (wcscpy): Add
* sysdeps/x86_64/multiarch/wcscpy-c.c (WCSCPY): Adjust macro to
use generic implementation.
* wcsmbs/wcscat.c (wcscat): Rewrite using wcslen and wcscpy.
Since the introduction of explicit flags in the internal implementation
of the printf family of functions, the 'mode' parameter can be used to
select which format long double parameters have (with the mode flag:
PRINTF_LDBL_IS_DBL). This patch uses this feature in the implementation
of some functions in argp.h, err.h, and error.h (only those that take a
format string and positional parameters). Future patches will add
support for 'nldbl' and 'ieee128' versions of these functions.
Tested for powerpc64le and x86_64.
With a complete set of wrapper headers, it will be possible to check
for automatically for new installed headers which lack such wrappers.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
One group of warnings seen building glibc with -Wextra is -Wempty-body
warnings about an 'if' body (or in one case an 'else' body) that is
just a semicolon, "warning: suggest braces around empty body in an
'if' statement [-Wempty-body]" - I think the point of the warning
being to make it more visible whether an 'if' body is actually present
or not.
This patch fixes such warnings in glibc. There's one place, with a
semicolon at the end of a comment, where this is clearly making the
presence of an 'else' body more visible. The other cases involve
macro definitions expanding to nothing. While there's no issue there
with visibility at the call sites, I think it's still cleaner to have
a macro that expands to something nonempty appropriate for the context
- so do {} while (0) if it's only intended to be usable as a
statement, or ((void) 0) where the macro definition is an alternative
to a call to a function returning void, so this patch makes those
changes.
Tested for x86_64.
* catgets/gencat.c (normalize_line): Use braces around empty
'else' body.
* include/stap-probe.h [!USE_STAP_PROBE && !__ASSEMBLER__]
(STAP_PROBE0): Use do {} while (0) for do-nothing definition.
[!USE_STAP_PROBE && !__ASSEMBLER__] (STAP_PROBE1): Likewise.
[!USE_STAP_PROBE && !__ASSEMBLER__] (STAP_PROBE2): Likewise.
[!USE_STAP_PROBE && !__ASSEMBLER__] (STAP_PROBE3): Likewise.
[!USE_STAP_PROBE && !__ASSEMBLER__] (STAP_PROBE4): Likewise.
* libio/libio.h (_IO_funlockfile): Use ((void) 0) for do-nothing
definition.
Non-sysdeps headers cannot be overriden by sysdeps headers across the
entire build, so it is necessary to turn such extension headers into
sysdeps headers themselves. The approach here follows the existing
<bits/shm.h> header (although it uses sysdeps/gnu instead of
sysdeps/generic).
Fixes commit 1d0fc21382 ("Linux: Add
gettid system call wrapper [BZ #6399]") and commit
8f89ab216f ("posix: Fix missing wrapper
header for <bits/unistd_ext.h>").
Do not use a statement expression in array_length, so that
array_length can be used at file scope and as a constant expression.
Instead, put the _Static_assert into a struct (as a declaration),
and nest this in the expression using a sizeof expression.
With the default "nor" constraint, current GCC will use the "o"
constraint for constants, after emitting the constant to memory. That
results in unparseable Systemtap probe notes such as "-4@.L1052".
Removing the "o" alternative and using "nr" instead avoids this.
This fixes the same bug in fnmatch that was fixed by commit 7e2f0d2d77 for
regexp matching. As a side effect it also removes the use of an unbound
VLA.
The GMT offset can be outside the range of a 16-bit int type, which
is presumably the reason why long int was used in struct tm. We
cannot change struct tm, but we can change the internal type for
the offset.
The IPv4 address parser in the getaddrinfo function is changed so that
it does not ignore trailing whitespace and all characters after it.
For backwards compatibility, the getaddrinfo function still recognizes
legacy name syntax, such as 192.000.002.010 interpreted as 192.0.2.8
(octal).
This commit does not change the behavior of inet_addr and inet_aton.
gethostbyname already had additional sanity checks (but is switched
over to the new __inet_aton_exact function for completeness as well).
To avoid sending the problematic query names over DNS, commit
6ca53a2453 ("resolv: Do not send queries
for non-host-names in nss_dns [BZ #24112]") is needed.
The only difference between noncompliant and C99-compliant scanf is
that the former accepts the archaic GNU extension '%as' (also %aS and
%a[...]) meaning to allocate space for the input string with malloc.
This extension conflicts with C99's use of %a as a format _type_
meaning to read a floating-point number; POSIX.1-2008 standardized
equivalent functionality using the modifier letter 'm' instead (%ms,
%mS, %m[...]).
The extension was already disabled in most conformance modes:
specifically, any mode that doesn't involve _GNU_SOURCE and _does_
involve either strict conformance to C99 or loose conformance to both
C99 and POSIX.1-2001 would get the C99-compliant scanf. With
compilers new enough to use -std=gnu11 instead of -std=gnu89, or
equivalent, that includes the default mode.
With this patch, we now provide C99-compliant scanf in all
configurations except when _GNU_SOURCE is defined *and*
__STDC_VERSION__ or __cplusplus (whichever is relevant) indicates
C89/C++98. This leaves the old scanf available under e.g. -std=c89
-D_GNU_SOURCE, but removes it from e.g. -std=gnu11 -D_GNU_SOURCE (it
was already not present under -std=gnu11 without -D_GNU_SOURCE) and
from -std=gnu89 without -D_GNU_SOURCE.
There needs to be an internal override so we can compile the
noncompliant scanf itself. This is the same problem we had when we
removed 'gets' from _GNU_SOURCE and it's dealt with the same way:
there's a new __GLIBC_USE symbol, DEPRECATED_SCANF, which defaults to
off under the appropriate conditions for external code, but can be
overridden by individual files within stdio.
We also run into problems with PLT bypass for internal uses of sscanf,
because libc_hidden_proto uses __REDIRECT and so does the logic in
stdio.h for choosing which implementation of scanf to use; __REDIRECT
isn't transitive, so include/stdio.h needs to bridge the gap with a
macro. As far as I can tell, sscanf is the only function in this
family that's internally called by unrelated code.
Finally, there are several tests in stdio-common that use the
extension. bug21.c is a regression test for a crash; it still
exercises the relevant code when changed to use %ms instead of %as.
scanf14.c through scanf17.c are more complicated since they are
actually testing the subtleties of the extension - under what
circumstances is 'a' treated as a modifier letter, etc. I changed all
of them to use %ms instead of %as as well, but duplicated scanf14.c
and scanf16.c as scanf14a.c and scanf16a.c. These still use %as and
are compiled with -std=gnu89 to access the old extension. A bunch of
diagnostic overrides and manual workarounds for the old stdio.h
behavior become unnecessary. Yay!
* include/features.h (__GLIBC_USE_DEPRECATED_SCANF): New __GLIBC_USE
parameter. Only use deprecated scanf when __USE_GNU is defined
and __STDC_VERSION__ is less than 199901L or __cplusplus is less
than 201103L, whichever is relevant for the language being compiled.
* libio/stdio.h, libio/bits/stdio-ldbl.h: Decide whether to redirect
scanf, fscanf, sscanf, vscanf, vfscanf, and vsscanf to their
__isoc99_ variants based only on __GLIBC_USE (DEPRECATED_SCANF).
* wcsmbs/wchar.h: wcsmbs/bits/wchar-ldbl.h: Likewise for
wscanf, fwscanf, swscanf, vwscanf, vfwscanf, and vswscanf.
* libio/iovsscanf.c
* libio/fwscanf.c
* libio/iovswscanf.c
* libio/swscanf.c
* libio/vscanf.c
* libio/vwscanf.c
* libio/wscanf.c
* stdio-common/fscanf.c
* stdio-common/scanf.c
* stdio-common/vfscanf.c
* stdio-common/vfwscanf.c
* sysdeps/ieee754/ldbl-opt/nldbl-compat.c
* sysdeps/ieee754/ldbl-opt/nldbl-fscanf.c
* sysdeps/ieee754/ldbl-opt/nldbl-fwscanf.c
* sysdeps/ieee754/ldbl-opt/nldbl-iovfscanf.c
* sysdeps/ieee754/ldbl-opt/nldbl-scanf.c
* sysdeps/ieee754/ldbl-opt/nldbl-sscanf.c
* sysdeps/ieee754/ldbl-opt/nldbl-swscanf.c
* sysdeps/ieee754/ldbl-opt/nldbl-vfscanf.c
* sysdeps/ieee754/ldbl-opt/nldbl-vfwscanf.c
* sysdeps/ieee754/ldbl-opt/nldbl-vscanf.c
* sysdeps/ieee754/ldbl-opt/nldbl-vsscanf.c
* sysdeps/ieee754/ldbl-opt/nldbl-vswscanf.c
* sysdeps/ieee754/ldbl-opt/nldbl-vwscanf.c
* sysdeps/ieee754/ldbl-opt/nldbl-wscanf.c:
Override __GLIBC_USE_DEPRECATED_SCANF to 1.
* stdio-common/sscanf.c: Likewise. Remove ldbl_hidden_def for __sscanf.
* stdio-common/isoc99_sscanf.c: Add libc_hidden_def for __isoc99_sscanf.
* include/stdio.h: Provide libc_hidden_proto for __isoc99_sscanf,
not sscanf.
[!__GLIBC_USE (DEPRECATED_SCANF)]: Define sscanf as __isoc99_scanf
with a preprocessor macro.
* stdio-common/bug21.c, stdio-common/scanf14.c:
Use %ms instead of %as, %mS instead of %aS, %m[] instead of %a[];
remove DIAG_IGNORE_NEEDS_COMMENT for -Wformat.
* stdio-common/scanf16.c: Likewise. Add __attribute__ ((format (scanf)))
to xscanf, xfscanf, xsscanf.
* stdio-common/scanf14a.c: New copy of scanf14.c which still uses
%as, %aS, %a[]. Remove DIAG_IGNORE_NEEDS_COMMENT for -Wformat.
* stdio-common/scanf16a.c: New copy of scanf16.c which still uses
%as, %aS, %a[]. Add __attribute__ ((format (scanf))) to xscanf,
xfscanf, xsscanf.
* stdio-common/scanf15.c, stdio-common/scanf17.c: No need to
override feature selection macros or provide definitions of u_char etc.
* stdio-common/Makefile (tests): Add scanf14a and scanf16a.
(CFLAGS-scanf15.c, CFLAGS-scanf17.c): Remove.
(CFLAGS-scanf14a.c, CFLAGS-scanf16a.c): New. Compile these files
with -std=gnu89.
Provide a 64-bit-time version of __difftime (but do not assume
__time64_t is a signed int so that Gnulib can reuse the code)
and make the 32-bit version a wrapper of it.
Current difftime expects two time_t arguments and returns a
double. To preserve source-code compatibility, its 64-bit-time
equivalent expects two __time64_t arguments but still returns
a double.
This patch was tested by running 'make check' on branch
master then applying this patch and its two predecessors and
running 'make check' again, and checking that both 'make check'
yield identical results. This was done on x86_64-linux-gnu and
i686-linux-gnu.
This patch was also functionally tested with an ad hoc userland
C program which checks the result of difftime for various pairs
of 32-bit and, for 64-bit builds, of 64-bit time_t values too.
The program was built and run against a glibc with and without
the patch, and the results compared to ensure the patch does
not change the behavior of difftime.
* include/time.h (__difftime64): Add.
* time/difftime.c (subtract): convert to 64-bit time.
* time/difftime.c (__difftime64): Add.
* time/difftime.c (__difftime): Wrap around __difftime64.
Tested with 'make check' on x86_64-linux-gnu and i686-linux.gnu.
* include/time.h
(__ctime64_r): Add.
* time/ctime_r.c
(__ctime64_r): Add.
[__TIMESIZE != 64] (__ctime_r): Turn into a wrapper.
Tested with 'make check' on x86_64-linux-gnu and i686-linux.gnu.
* include/time.h
(__ctime64): Add.
* time/gmtime.c
(__ctime64): Add.
[__TIMESIZE != 64] (ctime): Turn into a wrapper.
Tested with 'make check' on x86_64-linux-gnu and i686-linux.gnu.
* include/time.h
(__gmtime64_r): Add.
* time/gmtime.c
(__gmtime64_r): Add.
[__TIMESIZE != 64] (__gmtime): Turn into a wrapper.
Tested with 'make check' on x86_64-linux-gnu and i686-linux.gnu.
* include/time.h
(__gmtime64): Add.
* time/gmtime.c
(__gmtime64): Add.
[__TIMESIZE != 64] (__gmtime): Turn into a wrapper.
Tested with 'make check' on x86_64-linux-gnu and i686-linux.gnu.
* include/time.h
(__localtime64_r): Add.
* time/localtime.c
(__localtime64_r): Add.
[__TIMESIZE != 64] (__localtime_r): Turn into a wrapper.
Tested with 'make check' on x86_64-linux-gnu and i686-linux.gnu.
* include/time.h
(__localtime64): Add.
* manual/maint.texi: Document Y2038 symbol handling.
* time/localtime.c
(__localtime64): Add.
[__TIMERSIZE != 64] (__localtime): Turn into a wrapper.
On some platforms, long double may have either the same format as double
or another, wider format, such as the Quadruple IEC 60559 long double
format or the IBM Extended Precision format (both 128-bits wide).
Selecting between the available formats is done by using one of the
following compiler switches: -mlong-double-128, for the wider format, or
-mlong-double-64, for the narrower. On all platforms that provide this
choice, the wider format is the default.
When the non-default format is selected by user code (i.e.: when
building with -mlong-double-64) calls to functions that take long double
parameters or return a long double type (e.g.: strfroml) are redirected
to a compat function, via assembler redirection, by headers such as
bits/stdlib-ldbl.h or bits/misc-ldbl.h.
In glibc builds, however, these headers are currently being read from
the system directories (/usr/include/bits) rather than from the source
directory. Although this works correctly today, it raises
reproducibility concerns. Besides that, builds for powerpc64le will
need these files from the source directory, because on powerpc64le, the
new redirections for long double with IEEE binary128 format will be
implemented in these headers.
Tested for powerpc64 and powerpc64le.
We can't use "__typeof__ (getcpu)" since getcpu is Linux specific and
Hurd doesn't have it.
Tested with build-many-glibcs.py.
* include/sched.h (__getcpu): Don't use __typeof__ (getcpu).
The _chk variants of all of the printf functions become much simpler.
This is the last thing that we needed _IO_acquire_lock_clear_flags2
for, so it can go as well. I took the opportunity to make the headers
included and the names of all local variables consistent across all the
affected files.
Since we ultimately want to get rid of __no_long_double as well, it
must be possible to get all of the nontrivial effects of the _chk
functions by calling the _internal functions with appropriate flags.
For most of the __(v)xprintf_chk functions, this is covered by
PRINTF_FORTIFY plus some up-front argument checks that can be
duplicated. However, __(v)sprintf_chk installs a custom jump table so
that it can crash instead of overflowing the output buffer. This
functionality is moved to __vsprintf_internal, which now has a
'maxlen' argument like __vsnprintf_internal; to get the unsafe
behavior of ordinary (v)sprintf, pass -1 for that argument.
obstack_printf_chk and obstack_vprintf_chk are no longer in the same
file.
As a side-effect of the unification of both fortified and non-fortified
vdprintf initialization, this patch fixes bug 11319 for __dprintf_chk
and __vdprintf_chk, which was previously fixed only for dprintf and
vdprintf by the commit
commit 7ca890b88e
Author: Ulrich Drepper <drepper@redhat.com>
Date: Wed Feb 24 16:07:57 2010 -0800
Fix reporting of I/O errors in *dprintf functions.
This patch adds a test case to avoid regressions.
Tested for powerpc and powerpc64le.
__nldbl___vsyslog_chk will ultimately want to pass PRINTF_LDBL_IS_DBL
down to __vfprintf_internal *as well as* possibly setting PRINTF_FORTIFY.
To make that possible, we need a __vsyslog_internal that takes the
same flags as printf. The code in misc/syslog.c does also get a
little simpler.
Tested for powerpc and powerpc64le.
There are a lot more printf variants than there are scanf variants,
and the code for setting up and tearing down their custom FILE
variants around the call to __vf(w)printf is more complicated and
variable. Therefore, I have added _internal versions of all the
v*printf variants, rather than introducing helper routines so that
they can all directly call __vf(w)printf_internal, as was done with
scanf.
As with the scanf changes, in this patch the _internal functions still
look at the environmental mode bits and all callers pass 0 for the
flags parameter.
Several of the affected public functions had _IO_ name aliases that
were not exported (but, in one case, appeared in libio.h anyway);
I was originally planning to leave them as aliases to avoid having
to touch internal callers, but it turns out ldbl_*_alias only work
for exported symbols, so they've all been removed instead. It also
turns out there were hardly any internal callers. _IO_vsprintf and
_IO_vfprintf *are* exported, so those two stick around.
Summary for the changes to each of the affected symbols:
_IO_vfprintf, _IO_vsprintf:
All internal calls removed, thus the internal declarations, as well
as uses of libc_hidden_proto and libc_hidden_def, were also removed.
The external symbol is now exposed via uses of ldbl_strong_alias
to __vfprintf_internal and __vsprintf_internal, respectively.
_IO_vasprintf, _IO_vdprintf, _IO_vsnprintf,
_IO_vfwprintf, _IO_vswprintf,
_IO_obstack_vprintf, _IO_obstack_printf:
All internal calls removed, thus declaration in internal headers
were also removed. They were never exported, so there are no
aliases tying them to the internal functions. I.e.: entirely gone.
__vsnprintf:
Internal calls were always preceded by macros such as
#define __vsnprintf _IO_vsnprintf, and
#define __vsnprintf vsnprintf
The macros were removed and their uses replaced with calls to the
new internal function __vsnprintf_internal. Since there were no
internal calls, the internal declaration was also removed. The
external symbol is preserved with ldbl_weak_alias to ___vsnprintf.
__vfwprintf:
All internal calls converted into calls to __vfwprintf_internal,
thus the internal declaration was removed. The function is now a
wrapper that calls __vfwprintf_internal. The external symbol is
preserved.
__vswprintf:
Similarly, but no external symbol.
__vasprintf, __vdprintf, __vfprintf, __vsprintf:
New internal wrappers. Not exported.
vasprintf, vdprintf, vfprintf, vsprintf, vsnprintf,
vfwprintf, vswprintf,
obstack_vprintf, obstack_printf:
These functions used to be aliases to the respective _IO_* function,
they are now aliases to their respective __* functions.
Tested for powerpc and powerpc64le.
Now that __time64_t exists, we can switch internal function
__tz_convert from 32-bit to 64-bit time. This involves switching
some other internal functions as well, namely __tz_compute and
__offtime.
Tested with 'make check' on x86_64-linux-gnu and i686-linux.gnu.
* include/time.h
(__tz_compute): Replace time_t with __time64_t.
(__tz_convert): Replace time_t* with __time64_t.
(__offtime): Replace time_t* with __time64_t.
* time/gmtime.c
(__gmtime_r): Adjust call to __tz_convert.
(gmtime): Likewise.
* time/localtime.c
(__localtime_r): Likewise.
(localtime): Likewise.
* time/offtime.c: Replace time_t with __time64_t.
* time/tzset.c: Likewise.
There is a data-dependency between the fields of struct l_reloc_result
and the field used as the initialization guard. Users of the guard
expect writes to the structure to be observable when they also observe
the guard initialized. The solution for this problem is to use an acquire
and release load and store to ensure previous writes to the structure are
observable if the guard is initialized.
The previous implementation used DL_FIXUP_VALUE_ADDR (l_reloc_result->addr)
as the initialization guard, making it impossible for some architectures
to load and store it atomically, i.e. hppa and ia64, due to its larger size.
This commit adds an unsigned int to l_reloc_result to be used as the new
initialization guard of the struct, making it possible to load and store
it atomically in all architectures. The fix ensures that the values
observed in l_reloc_result are consistent and do not lead to crashes.
The algorithm is documented in the code in elf/dl-runtime.c
(_dl_profile_fixup). Not all data races have been eliminated.
Tested with build-many-glibcs and on powerpc, powerpc64, and powerpc64le.
[BZ #23690]
* elf/dl-runtime.c (_dl_profile_fixup): Guarantee memory
modification order when accessing reloc_result->addr.
* include/link.h (reloc_result): Add field init.
* nptl/Makefile (tests): Add tst-audit-threads.
(modules-names): Add tst-audit-threads-mod1 and
tst-audit-threads-mod2.
Add rules to build tst-audit-threads.
* nptl/tst-audit-threads-mod1.c: New file.
* nptl/tst-audit-threads-mod2.c: Likewise.
* nptl/tst-audit-threads.c: Likewise.
* nptl/tst-audit-threads.h: Likewise.
Signed-off-by: Tulio Magno Quites Machado Filho <tuliom@linux.ibm.com>
Reviewed-by: Carlos O'Donell <carlos@redhat.com>