The changes to fix bug 20729 introduced an error which removed an
ignore diagnostic from -O2 by using the new -Os related macro.
This broke ppc64 builds. This commit fixes the mistake.
Tested on x86, x86_64, ppc64, ppc64le, arm, aarch64, and s390x.
This commit adds a new DIAG_IGNORE_Os_NEEDS_COMMENT which is only
enabled when compiling with -Os. This allows developers working on
-Os enabled builds to mark false-positive warnings without impacting the
warnings emitted at -O2.
Then using the new DIAG_IGNORE_Os_NEEDS_COMMENT we fix 6 warnings
generated with GCC 5 to get -Os builds working again.
In ns_name_ntop, the NS_CMPRSFLGS check is no longer needed because
labellen (called earlier) already rejects everything which is not
a plain label (compression references and extended label types).
Many headers are expected to expose a subset of the type definitions
in time.h. time.h has a whole bunch of messy logic for conditionally
defining some its types and structs, but, as best I can tell, this
has never worked 100%. In particular, __need_timespec is ineffective
if _TIME_H has already been defined, which means that if you compile
#include <time.h>
#include <sched.h>
with e.g. -fsyntax-only -std=c89 -Wall -Wsystem-headers, you will get
In file included from test.c:2:0:
/usr/include/sched.h:74:57: warning: "struct timespec" declared inside
parameter list will not be visible outside of this definition or declaration
extern int sched_rr_get_interval (__pid_t __pid, struct timespec *__t) __THROW;
^~~~~~~~
And if you want to _use_ sched_rr_get_interval in a TU compiled that
way, you're hosed.
This patch replaces all of that with small bits/types/TYPE.h headers
as introduced earlier. time.h and bits/time.h are now *much* simpler,
and a lot of other headers are slightly simpler.
* time/time.h, bits/time.h, sysdeps/unix/sysv/linux/bits/time.h:
Remove all logic conditional on __need macros. Move all the
conditionally defined types to their own headers...
* time/bits/types/clock_t.h: Define clock_t here.
* time/bits/types/clockid_t.h: Define clockid_t here.
* time/bits/types/struct_itimerspec.h: Define struct itimerspec here.
* time/bits/types/struct_timespec.h: Define struct timespec here.
* time/bits/types/struct_timeval.h: Define struct timeval here.
* time/bits/types/struct_tm.h: Define struct tm here.
* time/bits/types/time_t.h: Define time_t here.
* time/bits/types/timer_t.h: Define timer_t here.
* time/Makefile: Install the new headers.
* bits/resource.h, io/fcntl.h, io/sys/poll.h, io/sys/stat.h
* io/utime.h, misc/sys/select.h, posix/sched.h, posix/sys/times.h
* posix/sys/types.h, resolv/netdb.h, rt/aio.h, rt/mqueue.h
* signal/signal.h, pthread/semaphore.h, sysdeps/nptl/pthread.h
* sysdeps/unix/sysv/linux/alpha/bits/resource.h
* sysdeps/unix/sysv/linux/alpha/sys/acct.h
* sysdeps/unix/sysv/linux/bits/resource.h
* sysdeps/unix/sysv/linux/bits/timex.h
* sysdeps/unix/sysv/linux/mips/bits/resource.h
* sysdeps/unix/sysv/linux/net/ppp_defs.h
* sysdeps/unix/sysv/linux/sparc/bits/resource.h
* sysdeps/unix/sysv/linux/sys/acct.h
* sysdeps/unix/sysv/linux/sys/timerfd.h
* sysvipc/sys/msg.h, sysvipc/sys/sem.h, sysvipc/sys/shm.h
* time/sys/time.h, time/sys/timeb.h
Use the new bits/types headers.
* include/time.h: Remove __need logic.
* include/bits/time.h
* include/bits/types/clock_t.h, include/bits/types/clockid_t.h
* include/bits/types/time_t.h, include/bits/types/timer_t.h
* include/bits/types/struct_itimerspec.h
* include/bits/types/struct_timespec.h
* include/bits/types/struct_timeval.h
* include/bits/types/struct_tm.h:
New wrapper headers.
The types u_char, u_short, u_int, u_long, ushort, uint, ulong, u_int8_t,
u_int16_t, u_int32_t, u_int64_t, quad_t, and u_quad_t are BSDisms that
have never been standardized. While glibc should continue to *provide*
these types for compatibility's sake, its public headers should not
use them.
The meat of this change was mechanically generated by the following
shell command:
perl -pi~ -e '
s/\b(__)?u_char\b/unsigned char/g;
s/\b(__)?u_?short\b/unsigned short/g;
s/\b(__)?u_?int\b/unsigned int/g;
s/\b(__)?u_?long\b/unsigned long/g;
s/\b(__)?u_int8_t\b/uint8_t/g;
s/\b(__)?u_int16_t\b/uint16_t/g;
s/\b(__)?u_int32_t\b/uint32_t/g;
s/\b(__)?u_int64_t\b/uint64_t/g;
s/\b(__)?u_quad_t\b/uint64_t/g;
s/\b(__)?quad_t\b/uint64_t/g;
' $(grep -lE -e '\<((__)?(quad_t|u(short|int|long|_(char|short|int([0-9]+_t)?|long|quad_t))))\>' \
$(grep -LE '\<(_(SYS|BITS)_TYPES_H|rpc/(rpc|rpc_msg|types|xdr)\.h)\>' \
$(find . \( -false $(sed 's/^/-o -name /' all-installed-headers) \
\) -printf '%P\n' | sort -u)))
where 'all-installed-headers' was a list of the basenames of all installed
header files, manually extracted from the Makefiles. Non-installed
wrapper headers in include/ are also adjusted, for consistency.
I then manually fixed up indentation and line-wrapping.
sys/types.h and bits/types.h are excluded because they must continue
to define the u_* types (under __USE_MISC) for compatibility with
applications. They do not use these types themselves.
All headers that (transitively) include rpc/types.h are also excluded,
for three reasons. First, the u_* types are defined by rpc/types.h,
unconditionally (not just under __USE_MISC) so they are logically part
of the SunRPC API. Second, many of those headers appear to be
machine-generated. Third, it's my understanding that we are getting
rid of as much of SunRPC as possible in the near future.
(The one file under sunrpc/ that's touched, sunrpc/rpc/rpc_des.h, does
*not* include rpc/types.h. This may itself be a bug.)
After changing from u_intNN_t to uintNN_t, a number of headers now
need to include stdint.h to pick up those types. It might be more
hygenic, namespace-wise, to use __uintNN_t instead, but none of these
headers are bound by ISO or POSIX to do so, and it's unlikely that
anyone using them will be bothered. (The two files that were using
__-prefixed versions of the u_types, sysdeps/mach/hurd/net/route.h and
sysdeps/unix/sysv/linux/net/route.h, both already also contained uses of
the unprefixed versions.)
Some of these files directly included features.h and/or sys/cdefs.h,
which I removed, as the style generally seems to be to let sys/types.h
do that for us. (This does not change the set of definitions exposed
by any header; sys/types.h unconditionally includes both features.h
and sys/cdefs.h.)
One file included asm/types.h unnecessarily.
* bits/in.h, gmon/sys/gmon.h, inet/netinet/igmp.h
* inet/protocols/routed.h, inet/protocols/talkd.h
* inet/protocols/timed.h, io/fts.h, nptl_db/thread_db.h
* resolv/arpa/nameser.h, resolv/resolv.h, sunrpc/rpc/rpc_des.h
* sysdeps/generic/netinet/if_ether.h
* sysdeps/generic/netinet/in_systm.h
* sysdeps/generic/netinet/ip.h, sysdeps/generic/netinet/tcp.h
* sysdeps/gnu/netinet/ip_icmp.h, sysdeps/gnu/netinet/tcp.h
* sysdeps/gnu/netinet/udp.h, sysdeps/mach/hurd/net/ethernet.h
* sysdeps/mach/hurd/net/if_arp.h
* sysdeps/mach/hurd/net/if_ppp.h
* sysdeps/mach/hurd/net/route.h, sysdeps/mach/sys/reboot.h
* sysdeps/unix/sysv/linux/bits/in.h
* sysdeps/unix/sysv/linux/net/ethernet.h
* sysdeps/unix/sysv/linux/net/if_arp.h
* sysdeps/unix/sysv/linux/net/if_ppp.h
* sysdeps/unix/sysv/linux/net/if_shaper.h
* sysdeps/unix/sysv/linux/net/route.h
* sysdeps/unix/sysv/linux/netinet/if_ether.h
* sysdeps/unix/sysv/linux/netinet/if_fddi.h
* sysdeps/unix/sysv/linux/netinet/if_tr.h
* sysdeps/unix/sysv/linux/netipx/ipx.h
* sysdeps/unix/sysv/linux/sys/acct.h
* include/arpa/nameser.h, include/resolv.h:
Change all uses of u_char to unsigned char,
u_short and ushort to unsigned short, u_int and uint to unsigned int,
u_long and ulong to unsigned long, u_int8_t to uint8_t,
u_int16_t to uint16_t, u_int32_t to uint32_t, quad_t to int64_t,
and u_int64_t and u_quad_t to uint64_t.
* mach/sys/reboot.h: Remove two casts of integer literals
to the types they already have.
* bits/in.h: Correct error in description of IP_MULTICAST_LOOP.
* sysdeps/unix/sysv/linux/bits/in.h: Likewise.
* sysdeps/unix/sysv/linux/netinet/if_ether.h: Change a comment
from referring to 'unsigned char' to 'uint8_t' for consistency with
the macro definition below.
* gmon/sys/gmon.h, inet/netinet/igmp.h, inet/protocols/talkd.h
* io/fts.h, resolv/arpa/nameser.h, resolv/resolv.h
* sunrpc/rpc/rpc_des.h, sysdeps/generic/netinet/ip.h
* sysdeps/gnu/netinet/tcp.h, sysdeps/gnu/netinet/udp.h
* sysdeps/mach/hurd/net/if_ppp.h, sysdeps/unix/sysv/linux/net/if_ppp.h
* sysdeps/unix/sysv/linux/sys/acct.h
* include/arpa/nameser.h, include/resolv.h:
Fix indentation disrupted by mechanical edits.
* inet/protocols/talkd.h, resolv/arpa/nameser.h
* sysdeps/generic/netinet/in_systm.h
* sysdeps/gnu/netinet/ip_icmp.h, sysdeps/gnu/netinet/tcp.h
* sysdeps/gnu/netinet/udp.h
* sysdeps/unix/sysv/linux/net/ethernet.h
* sysdeps/unix/sysv/linux/net/if_arp.h
* sysdeps/unix/sysv/linux/net/if_ppp.h
* sysdeps/unix/sysv/linux/net/if_shaper.h
* sysdeps/unix/sysv/linux/netinet/if_fddi.h
* sysdeps/unix/sysv/linux/netinet/if_tr.h
* sysdeps/unix/sysv/linux/netipx/ipx.h
* sysdeps/unix/sysv/linux/sys/acct.h
Include stdint.h for uintNN_t definitions.
Don't include sys/cdefs.h, features.h, or asm/types.h directly.
Some headers did not include all of their prerequisite headers.
* rpcsvc/nislib.h: Include rpcsvc/nis.h.
* sysdeps/unix/sysv/linux/netrose/rose.h:
Include sys/socket.h and netax25/ax25.h.
<endian.h> only defines BYTE_ORDER, BIG_ENDIAN, LITTLE_ENDIAN,
etc. under __USE_MISC; glibc's headers should use __BYTE_ORDER,
__BIG_ENDIAN, __LITTLE_ENDIAN, etc. instead.
* inet/netinet/icmp6.h, inet/netinet/ip6.h
* resolv/arpa/nameser_compat.h:
Use __BYTE_ORDER etc. instead of BYTE_ORDER etc.
sys/types.h only conditionally defines caddr_t and clockid_t.
* sysdeps/unix/sysv/linux/sys/quota.h:
Use __caddr_t instead of caddr_t.
* sysdeps/unix/sysv/linux/sys/timerfd.h:
Use __clockid_t instead of clockid_t.
Remove a #warning that was the sole actual problem with using sys/ipc.h
without _GNU_SOURCE/_XOPEN_SOURCE.
* sysvipc/sys/ipc.h: Remove unnecessary #warning.
_LIBC, __USE_XOPEN2K8, and __STDC_VERSION__ are not always defined.
It seems to me that _LIBC should not appear in installed headers, but
avoiding that for argp specifically would require more surgery than
feels appropriate for this patch set. It's possible that
"#ifdef _LIBC" would be sufficient, but I wanted to be conservative.
All three versions of bits/socket.h want to know whether __flexarr
will produce a real flexible array member -- specifically, one that
doesn't alter sizeof(the structure containing it). They were testing
for this with a complicated #if condition that did not agree with
sys/cdefs.h and that tripped -Wundef warnings under -std=c90.
I added a new macro to sys/cdefs.h, __glibc_c99_flexarr_available,
which reveals exactly what these headers want to know. I also took
the opportunity to flatten the rather messy conditional nest defining
__flexarr.
* argp/argp.h: Check whether _LIBC is defined before expanding it.
* posix/glob.h: Check whether __USE_XOPEN2K8 is defined instead
of expanding it.
* misc/sys/cdefs.h: Tidy up conditional nest defining __flexarr.
Define __glibc_c99_flexarr_available to 1 when the compiler
supports C99-compatible flexible array members, 0 otherwise.
* sysdeps/unix/sysv/linux/bits/socket.h
* sysdeps/mach/hurd/bits/socket.h
* bits/socket.h: Use __glibc_c99_flexarr_available in
definitions of struct cmsghdr and CMSG_DATA.
The macros are no longer up-to-date, and the classification is not
useful. In this particular case, removal without prior deprecation
seems the right approach.
_res_hconf.initialized was not suitable for use in a multi-threaded
environment due to the lack of atomics and memory barriers. Use of it was
also unnecessary because _res_hconf_init did the right thing by using
__libc_once. This patch fixes the glibc-internal uses by just calling
_res_hconf_init unconditionally, and switches to a release MO atomic store
for _res_hconf.initialized to fix the glibc side of the synchronization
problem (which will maintain backward compatibility, but cannot fix the
lack of acquire MO on any glibc-external loads).
[BZ #20477]
* resolv/res_hconf.c (do_init): Use atomic access.
* resolv/res_hconf.h: Add comments.
* nscd/aicache.c (addhstaiX): Call _res_hconf_init unconditionally.
* nss/getXXbyYY_r.c (REENTRANT_NAME): Likewise.
* sysdeps/posix/getaddrinfo.c (gaih_inet): Likewise.
Previously, we allocated room in the result space before the check,
leaving uninitialized data there in case the check failed.
This also consolidates the behavior between single (A or AAAA) and
dual (A and AAAA in parallel) queries. Single queries checked
the record length against the QTYPE, not the RRTYPE.
In various error scenarios (for example, if the server closes the
TCP connection before sending the full response), send_vc can return
without resetting the *resplen2 value. This can pass uninitialized
or unexpected data to the caller.
Since commit 44d20bca52 (Implement
second fallback mode for DNS requests), there is a code path which
returns early, before *resplen2 is initialized. This happens if the
name server address is immediately recognized as invalid (because of
lack of protocol support, or if it is a broadcast address such
255.255.255.255, or another invalid address).
If this happens and *resplen2 was non-zero (which is the case if a
previous query resulted in a failure), __libc_res_nquery would reuse
an existing second answer buffer. This answer has been previously
identified as unusable (for example, it could be an NXDOMAIN
response). Due to the presence of a second answer, no name server
switching will occur. The result is a name resolution failure,
although a successful resolution would have been possible if name
servers have been switched and queries had proceeded along the search
path.
The above paragraph still simplifies the situation. Before glibc
2.23, if the second answer needed malloc, the stub resolver would
still attempt to reuse the second answer, but this is not possible
because __libc_res_nsearch has freed it, after the unsuccessful call
to __libc_res_nquerydomain, and set the buffer pointer to NULL. This
eventually leads to an assertion failure in __libc_res_nquery:
/* Make sure both hp and hp2 are defined */
assert((hp != NULL) && (hp2 != NULL));
If assertions are disabled, the consequence is a NULL pointer
dereference on the next line.
Starting with glibc 2.23, as a result of commit
e9db92d3ac (CVE-2015-7547: getaddrinfo()
stack-based buffer overflow (Bug 18665)), the second answer is always
allocated with malloc. This means that the assertion failure happens
with small responses as well because there is no buffer to reuse, as
soon as there is a name resolution failure which triggers a search for
an answer along the search path.
This commit addresses the issue by ensuring that *resplen2 is
initialized before the send_dg function returns.
This commit also addresses a bug where an invalid second reply is
incorrectly returned as a valid to the caller.
The number of currently defined nameservers is stored in ->nscount,
whereas ->_u._ext.nscount is set by __libc_res_nsend only after local
initializations.
* A stack-based buffer overflow was found in libresolv when invoked from
libnss_dns, allowing specially crafted DNS responses to seize control
of execution flow in the DNS client. The buffer overflow occurs in
the functions send_dg (send datagram) and send_vc (send TCP) for the
NSS module libnss_dns.so.2 when calling getaddrinfo with AF_UNSPEC
family. The use of AF_UNSPEC triggers the low-level resolver code to
send out two parallel queries for A and AAAA. A mismanagement of the
buffers used for those queries could result in the response of a query
writing beyond the alloca allocated buffer created by
_nss_dns_gethostbyname4_r. Buffer management is simplified to remove
the overflow. Thanks to the Google Security Team and Red Hat for
reporting the security impact of this issue, and Robert Holiday of
Ciena for reporting the related bug 18665. (CVE-2015-7547)
See also:
https://sourceware.org/ml/libc-alpha/2016-02/msg00416.htmlhttps://sourceware.org/ml/libc-alpha/2016-02/msg00418.html
Resetting defdname (default domain name) before use in __res_vinit
ensures that the default domain name is correctly set to a default
value when it is not set by the LOCALDOMAIN environment variable or
the "domain" or "search" parameters in resolv.conf
Tested using the steps from:
https://sourceware.org/bugzilla/show_bug.cgi?id=19369