This change continues the improvements to compile-time out of bounds
checking by decorating more APIs with either attribute access, or by
explicitly providing the array bound in APIs such as tmpnam() that
expect arrays of some minimum size as arguments. (The latter feature
is new in GCC 11.)
The only effects of the attribute and/or the array bound is to check
and diagnose calls to the functions that fail to provide a sufficient
number of elements, and the definitions of the functions that access
elements outside the specified bounds. (There is no interplay with
_FORTIFY_SOURCE here yet.)
Tested with GCC 7 through 11 on x86_64-linux.
I used these shell commands:
../glibc/scripts/update-copyrights $PWD/../gnulib/build-aux/update-copyright
(cd ../glibc && git commit -am"[this commit message]")
and then ignored the output, which consisted lines saying "FOO: warning:
copyright statement not found" for each of 6694 files FOO.
I then removed trailing white space from benchtests/bench-pthread-locks.c
and iconvdata/tst-iconv-big5-hkscs-to-2ucs4.c, to work around this
diagnostic from Savannah:
remote: *** pre-commit check failed ...
remote: *** error: lines with trailing whitespace found
remote: error: hook declined to update refs/heads/master
2001-07-06 Paul Eggert <eggert@twinsun.com>
* manual/argp.texi: Remove ignored LGPL copyright notice; it's
not appropriate for documentation anyway.
* manual/libc-texinfo.sh: "Library General Public License" ->
"Lesser General Public License".
2001-07-06 Andreas Jaeger <aj@suse.de>
* All files under GPL/LGPL version 2: Place under LGPL version
2.1.
2000-09-26 Ulrich Drepper <drepper@redhat.com>
* sysdeps/unix/sysv/linux/gethostid.c (sethostid): Use O_TRUNC to
remove possible garbage at the end of the file.
* stdio-common/tmpnam_r.c: Warn about insecure tmpnam_r.
* stdio-common/tmpnam.c: Warn about insecure tmpnam.
* stdio-common/tempnam.c: Warn about insecure tempnam.
* misc/mktemp.c: Warn about insecure mktemp.
1999-07-06 Ulrich Drepper <drepper@cygnus.com>
* sysdeps/unix/sysv/linux/alpha/ioperm.c: Update for some more
motherboards.
Patch by Jay Estabrook.
* sysdeps/unix/sysv/linux/configure.in: Don't test for libc4 in
ldd for SPARC.
* /sysdeps/unix/sysv/linux/sparc/ldd-rewrite.sed: New file.
Patch by Cristian Gafton.
1999-07-02 Cristian Gafton <gafton@redhat.com>
* sysdeps/unix/sysv/linux/bits/socket.h (__cmsg_nxthdr): "return 0"
instead of "return NULL" to make C++ happy.
1999-07-04 Mark Kettenis <kettenis@gnu.org>
* libio/iofdopen.c (_IO_new_fdopen): Set EINVAL if MODE is not
allowed by the file access mode of the open file.
1999-07-06 Ulrich Drepper <drepper@cygnus.com>
* sysdeps/generic/setfpucw.c: Include math.h to get all needed
macros defined.
1999-07-03 Jakub Jelinek <jj@ultra.linux.cz>
* sysdeps/sparc/sparc64/submul_1.S: Fix carry handling. Optimize.
* sysdeps/sparc/sparc64/lshift.S: Make a leaf subroutine. Optimize.
* sysdeps/sparc/sparc64/rshift.S: Likewise.
* sysdeps/sparc/sparc64/mul_1.S: Optimize.
1999-07-04 Wolfram Gloger <wmglo@dent.med.uni-muenchen.de>
* malloc/malloc.c (request2size): Check for overflow and return
NULL whenever it is encountered.
1999-07-04 Zack Weinberg <zack@rabi.columbia.edu>
* sysdeps/posix/tempname.c (__gen_tempname): Add
ability to create directories. Replace OPENIT and LARGEFILE
args with a single flags parameter.
* sysdeps/generic/tempname.c: Likewise.
* include/stdio.h: Adjust prototype of __gen_tempname to
match. Define symbolic constants for second argument.
* misc/mkdtemp.c: New file, provides new function mkdtemp().
* stdlib/stdlib.h: Prototype it.
* misc/Versions: Export it.
* misc/Makefile (routines): Add mktemp.
* manual/filesys.texi: Document it.
* misc/mktemp.c: Adjust call of __gen_tempname to match new
convention.
* misc/mkstemp.c: Likewise.
* stdio-common/tempnam.c: Likewise.
* stdio-common/tmpfile.c: Likewise.
* stdio-common/tmpfile64.c: Likewise.
* stdio-common/tmpnam.c: Likewise.
* stdio-common/tmpnam_r.c: Likewise.
1999-07-05 Jakub Jelinek <jj@ultra.linux.cz>
* sysdeps/sparc/sparc64/dl-machine.h (elf_machine_rela): Support
R_SPARC_OLO10 relocations.
* elf/elf.h (R_SPARC_OLO10): Fix comment.
* include/stdio.h: Add new parameter to __path_search.
* libio/oldtmpfile.c: Add 0 as new parameter to __path_search.
* stdio-common/tmpfile.c: Likewise.
* stdio-common/tmpfile64.c: Likewise.
* stdio-common/tmpnam.c: Likewise.
* stdio-common/tmpnam_r.c: Likewise.
* stdio-common/tempnam.c: Add 1 as new parameter to __path_search.
* sysdeps/posix/tempname.c: Add new parameter. If value is nonzero
consider TMPDIR environment variable and dir parameter. Otherwise not.
* stdio-common/Makefile (tests): Add tst-tmpnam.
* stdio-common/tst-tmpnam.c: New file.
1998-09-10 Ulrich Drepper <drepper@cygnus.com>
* stdio-common/tmpnam.c: Move local static variable buf to
toplevel and rename to tmpnam_buffer to ease debugging.
Patch by Joe Keane <jgk@jgk.org>.
Optimize s == NULL case a bit.
1998-08-03 16:36 Ulrich Drepper <drepper@cygnus.com>
* catgets/catgets.c: Use mmap/munmap only is _POSIX_MAPPED_FILES
is defined.
* catgets/open_catalog.c: Likewise.
* iconv/iconv_prog.c: Likewise.
* intl/loadmsgcat.c: Likewise.
* locale/findlocale.c: Likewise.
* locale/loadlocale.c: Likewise.
* locale/programs/localedef.c: Likewise.
* malloc/malloc.c: Likewise.
* elf/elf.h: Fix typo.
* math/Makefile: Use $(LN_S) instead of ln.
* sysdeps/generic/getpgid.c: Fix return type.
1998-08-01 02:49 -0400 Zack Weinberg <zack@rabi.phys.columbia.edu>
* sysdeps/posix/tempname.c (__stdio_gen_tempname): Rename to
__gen_tempname and simplify the interface. Strip out the
code to do path search and create FILE objects. This function
now takes a mktemp() style template and returns either a name
or a file descriptor.
(__path_search): New function; searches for directories for
temp files.
* sysdeps/generic/tempname.c: Stub out __gen_tempname and
__path_search, not __stdio_gen_tempname.
* libio/stdio.h: Prototype __gen_tempname and __path_search,
not __stdio_gen_tempname.
* stdio/stdio.h: Likewise.
* stdio-common/tempnam.c: Use __path_search and __gen_tempname.
* stdio-common/tmpfile.c: Likewise.
* stdio-common/tmpfile64.c: Likewise.
* stdio-common/tmpnam.c: Likewise.
* stdio-common/tmpnam_r.c: Likewise.
* misc/mkstemp.c: New file. Use __gen_tempname.
* misc/mktemp.c: Likewise.
* sysdeps/posix/mkstemp.c: Removed.
* sysdeps/posix/mktemp.c: Removed.
* sysdeps/generic/mkstemp.c: Removed.
* sysdeps/generic/mktemp.c: Removed.
1998-08-02 Thorsten Kukuk <kukuk@vt.uni-paderborn.de>
* configure.in: Check, if door add-on is installed.
* config.make.in: Add have_doors.
* sunrpc/Makefile: Add HAVE_DOOR define.
* sunrpc/key_call.c: Add keyserv/door interface.
* sunrpc/svc_unix.c: Call setsockopt only if SO_PASSCRED is defined.
* sunrpc/clnt_unix.c: Likewise.
1998-08-02 Andreas Jaeger <aj@arthur.rhein-neckar.de>
* inet/netinet/in.h (IN_CLASSC): Correct mask.
Reported by Ian Staniforth <I.Staniforth@sheffield.ac.uk> [fixes
PR libc/727].
1998-08-03 10:23 Ulrich Drepper <drepper@cygnus.com>
* misc/Makefile: Fix installation problem with --disable-shared.
* posix/Makefile: Likewise.
1998-08-02 Andreas Schwab <schwab@issan.informatik.uni-dortmund.de>
* posix/regex.c (re_search_2): Optimize searching for anchored
pattern if '^' cannot match at embedded newlines.
(regerror): Renamed from __regerror, which it should only be
called if _LIBC.
1998-07-31 Andreas Schwab <schwab@issan.informatik.uni-dortmund.de>
* sunrpc/svc_unix.c (__msgread): Check setsockopt return value.
1998-07-31 Andreas Schwab <schwab@issan.informatik.uni-dortmund.de>
* sysdeps/generic/glob.c: Remove obsolete cast.
1998-07-31 Andreas Schwab <schwab@issan.informatik.uni-dortmund.de>
* Rules (tests): Fix last change.
1997-01-23 Paul Eggert <eggert@twinsun.com>
* mktime.c (mktime): Invoke __tzset, not __tzset_internal, to set tz,
so that tzname is set as POSIX requires.
Fri Jan 24 02:49:18 1997 Ulrich Drepper <drepper@cygnus.com>
* dirent/dirent.h: Declare readdir_r also when __USE_POSIX.
* grp/grp.h: Declare *_r functions also when __USE_POSIX.
* pwd/pwd.h: Likewise.
* time/time.h: Likewise.
* posix/unistd.h: Declare ttyname_r also when __USE_POSIX.
* string/string.h: Declare strtok_r also when __USE_POSIX.
* stdio-common/bug7.c: Use tmpnam to generate names for test files.
* stdio-common/tmpnam.c: Update copyright.
* stdio-common/tmpnam_r.c: Likewise.
* sysdeps/unix/sysv/linux/alpha/sys/kernel_termios.h: Protect
against multiple inclusion. Include <termbits.h>.
* sysdeps/unix/sysv/linux/sys/kernel_termios.h: Likewise.
* sysdeps/unix/sysv/linux/net/if.h: Update according to recent
kernel headers. Patch by Philip Blundell <pjb27@cam.ac.uk>.
Thu Jan 23 17:42:00 1997 Ulrich Drepper <drepper@cygnus.com>
* sysdeps/unix/sysv/linux/sparc/clone.S: Correct author attribution.
* sysdeps/unix/sysv/linux/net/if_arp (MAX_ADDR_LEN): Add definition.
Thu Jan 23 14:20:34 1997 Ulrich Drepper <drepper@cygnus.com>
* time/tzfile.c (__tzfile_read): Don't allow arbitrary files to be
read when running a setuid program.
Sat Sep 28 03:02:49 1996 Ulrich Drepper <drepper@cygnus.com>
* dirent/Makefile (routines): Add readdir_r.
* dirent/readdir_r.c: New file. Wrapper around readdir.c.
* dirent/dirent.h: Add prototype for readdir_r.
* misc/hsearch_r.c (ENTRY): Make field `used' of type `unsigned int'
to prevent warnings.
* sysdeps/unix/sysv/linux/getsysstats.c (get_proc_path):
Initialize `result'.
Sat Sep 28 01:16:42 1996 Ulrich Drepper <drepper@cygnus.com>
* sysdeps/generic/strsep.c: Rename to __strsep and make strsep
weak alias.
* string/string.h: Add prototype for __strsep.
* misc/mntent_r.c: Use __strsep instead of strsep to keep
namespace clean.
* sysdeps/stub/nanosleep.c: Rename to __libc_nanosleep and make
__nanosleep and nanosleep weak aliases.
* sysdeps/unix/sysv/linux/syscalls.list: Add __nanosleep as weak
alias.
* sysdeps/unix/sysv/linux/sleep.c: Call __nanosleep instead of
nanosleep to keep namespace clean.
* sysdeps/posix/ttyname.c (ttyname): Add cast to prevent warning.
* sysdeps/posix/ttyname_r.c (ttyname_r): Likewise.
* sysdeps/posix/getcwd.c (__getcwd): Likewise.
* sysdeps/unix/nlist.c: Use ISO C definition since we don't always
have prototype.
* login/Makefile (headers): Add pty.h.
* login/pty.h: New file.
* sysdeps/generic/pty.h: Include <pty.h>.
* login/pututline_r.c: Add cast to prevent warning.
* gmon/gmon.c: Add prototype for __profile_frequency.
(monstartup): Add cast to prevent warning.
* sysdeps/generic/prof-freq.c: Change to use ISO C style definition.
* locale/programs/ld-time.c (time_output): Write `era' information
in correct order.
Sat Sep 28 00:11:08 1996 Ulrich Drepper <drepper@cygnus.com>
* sysdeps/unix/sysv/linux/syscalls.list: Add weak alias
`adjtimex'.
Set caller for mlock, mlockall, mremap, munlock, and munlockall
to EXTRA.
Reported by Matthias Urlichs <smurf@smurf.noris.de>.
1996-09-27 Paul Eggert <eggert@twinsun.com>
* strftime.c (strftime): Output incomplete formats like %E
at end of string.
1996-09-27 Paul Eggert <eggert@twinsun.com>
* strftime.c (strftime): Add support for %EC and %Ey.
Fix support for %EY. This uses the new _nl_get_era_entry function.
Fri Sep 27 14:12:27 1996 Ulrich Drepper <drepper@cygnus.com>
Security related patch by Elliot Lee <sopwith@redhat.com> and
David Holland <dholland@eecs.harvard.edu>.
* inet/rexec.c (rexec): Increase size of `num' array from 8 to 32.
* inet/ruserpass.c (ruserpass): Don't allow $HOME envvar to not exist.
* sysdeps/generic/getenv.c (__secure_getenv): New function. Return
NULL when programs runs with SUID or SGID enabled.
* sysdeps/stub/getenv.c: Make __secure_getenv an alias of getenv.
* stdlib/stdlib.h: Add prototype for __secure_getenv.
* locale/setlocale.c: Use __secure_getenv.
* resolv/res_init.c: Likewise.
* resolv/res_query.c: Likewise.
* inet/ruserpass.c: Likewise.
* sysdeps/posix/tempname.c: Likewise.
* malloc/mtrace.c: Likewise.
* catgets/catgets.c: Likewise.
Make temporary file handling functions reentrant.
* stdio-common/tmpnam.c: Rewrite to have own buffer to write
result to. The called __stdio_gen_tempname function must be
thread safe.
* stdio-common/tmpnam_r.c: New file.
* stdio/stdio.h: Add prototype for `tmpnam_r'.
Change prototype for __stdio_gen_tempname.
* stdio/libio.h: Likewise.
* sysdeps/posix/tempname.c: Add new parameters and use them instead
of static buffer.
Don't reset `indeces' when PID changed between calls.
Don't fail for long running programs when index counter once
reached the limit.
* sysdeps/stub/tempname.c: Likewise.
* stdio-common/tempnam.c: Provide local buffer as extra argument
to __stdio_gen_tempname. This makes this function reentrant.
* stdio-common/tmpfile.c: Likewise.
* stdio-common/temptest.c: Provide extra argument to
__stdio_gen_tempname.
* manual/filesys.texi: Describe tmpnam_r and add comments about
reentrancy of the functions.
* inet/rcmd.c: Fixed address length handling.
* sysdeps/posix/mk-stdiolim.c: Count final \0 byte in L_tmpnam value.
* time/strftime.c: Remove unused variables alt_digits and
end_alt_digits.
* sysdeps/unix/sysv/linux/sys/sysinfo.h: Correct prototype names
for get_nprocs and get_nprocs_conf.
* sysdeps/generic/sys/sysinfo.h: Likewise.
* stdlib/test-canon.c: Finally do the right fix.
* misc/Makefile: Only compile force-wrapper when compiling
reentrant libc.
* configure.in: Grok arg --enable-libio.
($stdio = libio): Define USE_IN_LIBIO.
* config.h.in (USE_IN_LIBIO): Add #undef.
* config.make.in (stdio): New variable, set by configure.
* Makeconfig (stdio): New variable.
* stdio.h [USE_IN_LIBIO]: Include libio/stdio.h instead of
stdio/stdio.h.
* stdio-common/Makefile: New file.
* stdio/Makefile: Half the contents moved to stdio-common/Makefile.
* stdio/_itoa.c: Moved to stdio-common.
* stdio/_itoa.h: Moved to stdio-common.
* stdio/asprintf.c: Moved to stdio-common.
* stdio/bug1.c: Moved to stdio-common.
* stdio/bug1.input: Moved to stdio-common.
* stdio/bug2.c: Moved to stdio-common.
* stdio/bug3.c: Moved to stdio-common.
* stdio/bug4.c: Moved to stdio-common.
* stdio/bug5.c: Moved to stdio-common.
* stdio/bug6.c: Moved to stdio-common.
* stdio/bug6.input: Moved to stdio-common.
* stdio/bug7.c: Moved to stdio-common.
* stdio/dprintf.c: Moved to stdio-common.
* stdio/errnobug.c: Moved to stdio-common.
* stdio/getline.c: Moved to stdio-common.
* stdio/getw.c: Moved to stdio-common.
* stdio/perror.c: Moved to stdio-common.
* stdio/printf-parse.h: Moved to stdio-common.
* stdio/printf-prs.c: Moved to stdio-common.
* stdio/printf.c: Moved to stdio-common.
* stdio/printf.h: Moved to stdio-common.
* stdio/printf_fp.c: Moved to stdio-common.
* stdio/psignal.c: Moved to stdio-common.
* stdio/putw.c: Moved to stdio-common.
* stdio/reg-printf.c: Moved to stdio-common.
* stdio/scanf.c: Moved to stdio-common.
* stdio/snprintf.c: Moved to stdio-common.
* stdio/sprintf.c: Moved to stdio-common.
* stdio/sscanf.c: Moved to stdio-common.
* stdio/tempnam.c: Moved to stdio-common.
* stdio/temptest.c: Moved to stdio-common.
* stdio/test-fseek.c: Moved to stdio-common.
* stdio/test-fwrite.c: Moved to stdio-common.
* stdio/test-popen.c: Moved to stdio-common.
* stdio/test_rdwr.c: Moved to stdio-common.
* stdio/tmpfile.c: Moved to stdio-common.
* stdio/tmpnam.c: Moved to stdio-common.
* stdio/tst-fileno.c: Moved to stdio-common.
* stdio/tst-printf.c: Moved to stdio-common.
* stdio/tstgetln.c: Moved to stdio-common.
* stdio/tstgetln.input: Moved to stdio-common.
* stdio/tstscanf.c: Moved to stdio-common.
* stdio/tstscanf.input: Moved to stdio-common.
* stdio/vfprintf.c: Moved to stdio-common.
* stdio/vfscanf.c: Moved to stdio-common.
* stdio/vprintf.c: Moved to stdio-common.
* stdio/xbug.c: Moved to stdio-common.
* sysdeps/generic/Makefile (siglist.c rules): Do this in subdir
stdio-common instead of stdio.
* sysdeps/unix/Makefile (errlist.c rules): Likewise.
* stdio-common/asprintf.c [USE_IN_LIBIO]: Call libio primitive
function.
* stdio-common/dprintf.c: Likewise.
* stdio-common/printf.c: Likewise.
* stdio-common/scanf.c: Likewise.
* stdio-common/snprintf.c: Likewise.
* stdio-common/sprintf.c: Likewise.
* stdio-common/sscanf.c: Likewise.
* stdio-common/vprintf.c: Likewise.
* Makerules: Include $(+depfiles) directly instead of generating
depend-$(subdir).
(depend-$(subdir)): Target removed.
(common-clean): Don't remove depend-$(subdir).