This patch is split out of
<https://sourceware.org/pipermail/libc-alpha/2022-December/144122.html>.
atoi has undefined behavior on out-of-range input, which makes it
problematic to use anywhere in glibc that might be processing input
out-of-range for atoi but not specified to produce undefined behavior
for the function calling atoi. Change some uses of atoi to call
strtol instead; this avoids the undefined behavior, though there is no
guarantee that the overflow handling of strtol is really right in
those places either. This also serves to avoid localplt test failures
given an installed header redirection for strtol (which means that the
call from the inline atoi implementation doesn't end up at a hidden
alias from libc_hidden_proto).
Certainly, the use of atoi is questionable in argp-help.c (shared with
gnulib, so shouldn't depend on glibc implementation details, and
processing user-provided input), and maybe also in argp-parse.c (I'm
not sure what that code in argp-parse.c is meant to be used for). I
also changed inet/rexec.c and resolv/res_init.c similarly to use
strtol to avoid such localplt failures, although given those files (in
those versions) are only used in glibc it's not problematic for them
to rely on the specific behavior of glibc's atoi on out-of-range input
(in the absence of compiler optimizations based on the undefined
behavior) in the same way it's problematic for gnulib code to do so.
There may be other uses of atoi (or atol or atoll), in any of glibc's
installed code, for which it would also be appropriate to avoid the
undefined behavior on out-of-range input; this patch only fixes the
specific cases needed to avoid localplt failures.
Tested for x86_64.
clang emits an warning when a double alias redirection is used, to warn
the the original symbol will be used even when weak definition is
overridden. However, this is a common pattern for weak_alias, where
multiple alias are set to same symbol.
Reviewed-by: Fangrui Song <maskray@google.com>
I used these shell commands:
../glibc/scripts/update-copyrights $PWD/../gnulib/build-aux/update-copyright
(cd ../glibc && git commit -am"[this commit message]")
and then ignored the output, which consisted lines saying "FOO: warning:
copyright statement not found" for each of 7061 files FOO.
I then removed trailing white space from math/tgmath.h,
support/tst-support-open-dev-null-range.c, and
sysdeps/x86_64/multiarch/strlen-vec.S, to work around the following
obscure pre-commit check failure diagnostics from Savannah. I don't
know why I run into these diagnostics whereas others evidently do not.
remote: *** 912-#endif
remote: *** 913:
remote: *** 914-
remote: *** error: lines with trailing whitespace found
...
remote: *** error: sysdeps/unix/sysv/linux/statx_cp.c: trailing lines
We stopped adding "Contributed by" or similar lines in sources in 2012
in favour of git logs and keeping the Contributors section of the
glibc manual up to date. Removing these lines makes the license
header a bit more consistent across files and also removes the
possibility of error in attribution when license blocks or files are
copied across since the contributed-by lines don't actually reflect
reality in those cases.
Move all "Contributed by" and similar lines (Written by, Test by,
etc.) into a new file CONTRIBUTED-BY to retain record of these
contributions. These contributors are also mentioned in
manual/contrib.texi, so we just maintain this additional record as a
courtesy to the earlier developers.
The following scripts were used to filter a list of files to edit in
place and to clean up the CONTRIBUTED-BY file respectively. These
were not added to the glibc sources because they're not expected to be
of any use in future given that this is a one time task:
https://gist.github.com/siddhesh/b5ecac94eabfd72ed2916d6d8157e7dchttps://gist.github.com/siddhesh/15ea1f5e435ace9774f485030695ee02
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
This fixes a Gnulib test-argp-2.sh test failure on macOS and FreeBSD.
Reported by Jeffrey Walton <noloader@gmail.com> in
<https://lists.gnu.org/archive/html/bug-gnulib/2020-03/msg00085.html>.
* argp/argp-help.c (group_cmp): Remove third argument.
(hol_sibling_cluster_cmp, hol_cousin_cluster_cmp): New functions, based
upon hol_cluster_cmp.
(hol_cluster_cmp): Use hol_cousin_cluster_cmp.
(hol_entry_cmp): Rewritten to implement a total order.
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* lib/argp-help.c (SKIPWS): Cast character to 'unsigned char' before passing it
to isspace().
(fill_in_uparams): Likewise for isalpha(), isalnum(), isdigit().
(canon_doc_option): Likewise for isspace(), isalnum().
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Patch by Eric Blake
<https://lists.gnu.org/archive/html/bug-gnulib/2009-09/msg00287.html>.
* argp/argp-help.c (hol_entry_cmp): Don't use _tolower on values that are
not upper-case. Pass correct range to tolower.
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* argp/argp-help.c (hol_append): Don't subtract pointers to
different arrays, as this can run afoul of -fcheck-pointer-bounds.
See the thread containing Bruno Haible's report in:
http://lists.gnu.org/archive/html/bug-gnulib/2017-05/msg00171.html
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
I used these shell commands:
../glibc/scripts/update-copyrights $PWD/../gnulib/build-aux/update-copyright
(cd ../glibc && git commit -am"[this commit message]")
and then ignored the output, which consisted lines saying "FOO: warning:
copyright statement not found" for each of 6694 files FOO.
I then removed trailing white space from benchtests/bench-pthread-locks.c
and iconvdata/tst-iconv-big5-hkscs-to-2ucs4.c, to work around this
diagnostic from Savannah:
remote: *** pre-commit check failed ...
remote: *** error: lines with trailing whitespace found
remote: error: hook declined to update refs/heads/master
Improve the commentary to aid future developers who will stumble
upon this novel, yet not always perfect, mechanism to support
alternative formats for long double.
Likewise, rename __LONG_DOUBLE_USES_FLOAT128 to
__LDOUBLE_REDIRECTS_TO_FLOAT128_ABI now that development work
has settled down. The command used was
git grep -l __LONG_DOUBLE_USES_FLOAT128 ':!./ChangeLog*' | \
xargs sed -i 's/__LONG_DOUBLE_USES_FLOAT128/__LDOUBLE_REDIRECTS_TO_FLOAT128_ABI/g'
Reviewed-by: Tulio Magno Quites Machado Filho <tuliom@linux.ibm.com>
All functions that have a format string, which can consume a long double
argument, must have one version for each long double format supported on
a platform. On powerpc64le, these functions currently have two versions
(i.e.: long double with the same format as double, and long double with
IBM Extended Precision format). Support for a third long double format
option (i.e. long double with IEEE long double format) is being prepared
and all the aforementioned functions now have a third version (not yet
exported on the master branch, but the code is in).
For these functions to get selected (during build time), references to
them in user programs (or dependent libraries) must get redirected to
the aforementioned new versions of the functions. This patch installs
the header magic required to perform such redirections.
Notice, however, that since the redirections only happen when
__LONG_DOUBLE_USES_FLOAT128 is set to 1, and no platform (including
powerpc64le) currently does it, no redirections actually happen.
Redirections and the exporting of the new functions will happen at the
same time (when powerpc64le adds ldbl-128ibm-compat to their Implies.
Reviewed-by: Tulio Magno Quites Machado Filho <tuliom@linux.ibm.com>
Reviewed-by: Paul E. Murphy <murphyp@linux.vnet.ibm.com>
This patch fixes the following gcc 9 warnings for "make xcheck" / "make bench":
-string/tst-strcasestr.c:
../include/bits/../../misc/bits/error.h:42:5: error: ‘%s’ directive argument is null [-Werror=format-overflow=]
-argp/argp-test.c:
argp-test.c:130:20: error: ‘%d’ directive writing between 1 and 11 bytes into a region of size 10 [-Werror=format-overflow=]
argp-test.c:130:19: note: directive argument in the range [-2147483648, 122]
argp-test.c:130:5: note: ‘sprintf’ output between 2 and 12 bytes into a destination of size 10
-nss/tst-field.c:
tst-field.c:52:7: error: ‘%s’ directive argument is null [-Werror=format-overflow=]
-benchtests/bench-strstr.c:
../include/bits/../../misc/bits/error.h:42:5: error: ‘%s’ directive argument is null [-Werror=format-overflow=]
-benchtests/bench-malloc-simple.c:
bench-malloc-simple.c:93:16: error: iteration 3 invokes undefined behavior [-Werror=aggressive-loop-optimizations]
ChangeLog:
[BZ #24556]
* string/test-strcasestr.c (check_result): Add NULL check.
* nss/tst-field.c (check_rewrite): Likewise.
* benchtests/bench-strstr.c (do_one_test): Likewise.
* string/test-strstr.c (check_result): Likewise.
* argp/argp-test.c (popt): Increase size of buf to 12.
* benchtests/bench-malloc-simple.c (bench):
Do not initialize tests array out of bounds.
The functions argp_error and argp_failure are missing support for
printing long double values when long double has the same format as
double. This patch adds the new functions __nldbl_argp_error and
__nldbl_argp_failure, as well as header magic to redirect calls to them
when -mlong-double-64 is in use.
Tested for powerpc, powerpc64 and powerpc64le.
Since the introduction of explicit flags in the internal implementation
of the printf family of functions, the 'mode' parameter can be used to
select which format long double parameters have (with the mode flag:
PRINTF_LDBL_IS_DBL). This patch uses this feature in the implementation
of some functions in argp.h, err.h, and error.h (only those that take a
format string and positional parameters). Future patches will add
support for 'nldbl' and 'ieee128' versions of these functions.
Tested for powerpc64le and x86_64.
There are a lot more printf variants than there are scanf variants,
and the code for setting up and tearing down their custom FILE
variants around the call to __vf(w)printf is more complicated and
variable. Therefore, I have added _internal versions of all the
v*printf variants, rather than introducing helper routines so that
they can all directly call __vf(w)printf_internal, as was done with
scanf.
As with the scanf changes, in this patch the _internal functions still
look at the environmental mode bits and all callers pass 0 for the
flags parameter.
Several of the affected public functions had _IO_ name aliases that
were not exported (but, in one case, appeared in libio.h anyway);
I was originally planning to leave them as aliases to avoid having
to touch internal callers, but it turns out ldbl_*_alias only work
for exported symbols, so they've all been removed instead. It also
turns out there were hardly any internal callers. _IO_vsprintf and
_IO_vfprintf *are* exported, so those two stick around.
Summary for the changes to each of the affected symbols:
_IO_vfprintf, _IO_vsprintf:
All internal calls removed, thus the internal declarations, as well
as uses of libc_hidden_proto and libc_hidden_def, were also removed.
The external symbol is now exposed via uses of ldbl_strong_alias
to __vfprintf_internal and __vsprintf_internal, respectively.
_IO_vasprintf, _IO_vdprintf, _IO_vsnprintf,
_IO_vfwprintf, _IO_vswprintf,
_IO_obstack_vprintf, _IO_obstack_printf:
All internal calls removed, thus declaration in internal headers
were also removed. They were never exported, so there are no
aliases tying them to the internal functions. I.e.: entirely gone.
__vsnprintf:
Internal calls were always preceded by macros such as
#define __vsnprintf _IO_vsnprintf, and
#define __vsnprintf vsnprintf
The macros were removed and their uses replaced with calls to the
new internal function __vsnprintf_internal. Since there were no
internal calls, the internal declaration was also removed. The
external symbol is preserved with ldbl_weak_alias to ___vsnprintf.
__vfwprintf:
All internal calls converted into calls to __vfwprintf_internal,
thus the internal declaration was removed. The function is now a
wrapper that calls __vfwprintf_internal. The external symbol is
preserved.
__vswprintf:
Similarly, but no external symbol.
__vasprintf, __vdprintf, __vfprintf, __vsprintf:
New internal wrappers. Not exported.
vasprintf, vdprintf, vfprintf, vsprintf, vsnprintf,
vfwprintf, vswprintf,
obstack_vprintf, obstack_printf:
These functions used to be aliases to the respective _IO_* function,
they are now aliases to their respective __* functions.
Tested for powerpc and powerpc64le.
_IO_fwide() is defined in libio.h file. This file is included only
when _LIBC is defined.
So, in case of compilation of these files without _LIBC definition,
the compilation failed due to this unknown function.
Now this function is called when libio.h file is included.
(Change merged from gnulib. Tested on x86_64.)
* argp/argp-fmtstream.c (__argp_fmtstream_update): Use [_LIBC]
conditional on calls to _IO_fwide and putwc_unlocked. (Merge from
gnulib.)
* argp/argp-help.c (__argp_failure): Likewise.
The commit
commit 1df872fd74
Author: Florian Weimer <fweimer@redhat.com>
Date: Wed Nov 7 12:42:44 2018 +0100
support: Implement TEST_COMPARE_STRING
added the new macro TEST_COMPARE_STRING, which compares the output of
functions under test against expected strings, and, when there's a
mismatch, automatically reports an error and prints the differences.
This patch adapts recently added test cases to use this new macro.
Tested for powerpc64le (as is, and locally patched to intentionally fail
and produce error output).
* argp/tst-ldbl-argp.c (do_one_test): Use TEST_COMPARE_STRING,
instead of manually comparing and reporting mismatching strings.
* misc/tst-ldbl-error.c (do_one_test): Likewise.
* misc/tst-ldbl-warn.c (do_one_test): Likewise.
The functions argp_error and argp_failure, from argp.h, have a format
string as parameter, which can possibly request the printing of
floating-point values. These values could be of long double type, which
can have different formats, depending on the architecture and on
compilation parameters (for instance, on powerpc, long double values can
have double format (-mlong-double-64) or IBM Extended Precision format
(-mlong-double-128)).
This patch adds tests for argp_error and argp_failure that contain a
format string with double and long double conversion specifiers ('%f'
and '%Lf'). These tests automatically check that the default format of
the long double type works. A future patch will extend the test for
platforms that can have an optional format for long double.
Tested for powerpc64le.
* argp/Makefile (tests): Add tst-ldbl-argp.
* argp/tst-ldbl-argp.c: New file.
Mark internal argp functions with attribute_hidden to allow direct
access to them within libc.so and libc.a without using GOT nor PLT.
[BZ #18822]
* argp/argp-fmtstream.c: Include <argp-fmtstream.h>.
* argp/argp-fs-xinl.c: Likewise.
* argp/argp-help.c: Include <argp.h> and <argp-fmtstream.h>.
* argp/argp-parse.c: Include <argp.h>.
* argp/argp-xinl.c: Likewise.
* include/argp-fmtstream.h: New file.
* include/argp.h (__argp_error): Add attribute_hidden.
(__argp_failure): Likewise.
(__argp_input): Likewise.
(__argp_state_help): Likewise.
This is fairly complicated, not because the users of __need_Emath and
__need_error_t have complicated requirements, but because the core
changes had a lot of fallout.
__need_error_t exists for gnulib compatibility in argz.h and argp.h.
error_t itself is a Hurdism, an enum containing all the E-constants,
so you can do 'p (error_t) errno' in gdb and get a symbolic value.
argz.h and argp.h use it for function return values, and they want to
fall back to 'int' when that's not available. There is no reason why
these nonstandard headers cannot just go ahead and include all of
errno.h; so we do that.
__need_Emath is defined only by .S files; what they _really_ need is
for errno.h to avoid declaring anything other than the E-constants
(e.g. 'extern int __errno_location(void);' is a syntax error in
assembly language). This is replaced with a check for __ASSEMBLER__ in
errno.h, plus a carefully documented requirement for bits/errno.h not
to define anything other than macros. That in turn has the
consequence that bits/errno.h must not define errno - fortunately, all
live ports use the same definition of errno, so I've moved it to
errno.h. The Hurd bits/errno.h must also take care not to define
error_t when __ASSEMBLER__ is defined, which involves repeating all of
the definitions twice, but it's a generated file so that's okay.
* stdlib/errno.h: Remove __need_Emath and __need_error_t logic.
Reorganize file. Declare errno here. When __ASSEMBLER__ is
defined, don't declare anything other than the E-constants.
* include/errno.h: Change conditional for exposing internal
declarations to (not _ISOMAC and not __ASSEMBLER__).
* bits/errno.h: Remove logic for __need_Emath. Document
requirements for a port-specific bits/errno.h.
* sysdeps/unix/sysv/linux/bits/errno.h
* sysdeps/unix/sysv/linux/alpha/bits/errno.h
* sysdeps/unix/sysv/linux/hppa/bits/errno.h
* sysdeps/unix/sysv/linux/mips/bits/errno.h
* sysdeps/unix/sysv/linux/sparc/bits/errno.h:
Add multiple-include guard and check against improper inclusion.
Remove __need_Emath logic. Don't declare errno here. Ensure all
constants are defined as simple integer literals. Consistent
formatting.
* sysdeps/mach/hurd/errnos.awk: Likewise. Only define error_t and
enum __error_t_codes if __ASSEMBLER__ is not defined.
* sysdeps/mach/hurd/bits/errno.h: Regenerate.
* argp/argp.h, string/argz.h: Don't define __need_error_t before
including errno.h.
* sysdeps/i386/i686/fpu/multiarch/s_cosf-sse2.S
* sysdeps/i386/i686/fpu/multiarch/s_sincosf-sse2.S
* sysdeps/i386/i686/fpu/multiarch/s_sinf-sse2.S
* sysdeps/x86_64/fpu/s_cosf.S
* sysdeps/x86_64/fpu/s_sincosf.S
* sysdeps/x86_64/fpu/s_sinf.S:
Just include errno.h; don't define __need_Emath or include
bits/errno.h directly.
Some headers did not include all of their prerequisite headers.
* rpcsvc/nislib.h: Include rpcsvc/nis.h.
* sysdeps/unix/sysv/linux/netrose/rose.h:
Include sys/socket.h and netax25/ax25.h.
<endian.h> only defines BYTE_ORDER, BIG_ENDIAN, LITTLE_ENDIAN,
etc. under __USE_MISC; glibc's headers should use __BYTE_ORDER,
__BIG_ENDIAN, __LITTLE_ENDIAN, etc. instead.
* inet/netinet/icmp6.h, inet/netinet/ip6.h
* resolv/arpa/nameser_compat.h:
Use __BYTE_ORDER etc. instead of BYTE_ORDER etc.
sys/types.h only conditionally defines caddr_t and clockid_t.
* sysdeps/unix/sysv/linux/sys/quota.h:
Use __caddr_t instead of caddr_t.
* sysdeps/unix/sysv/linux/sys/timerfd.h:
Use __clockid_t instead of clockid_t.
Remove a #warning that was the sole actual problem with using sys/ipc.h
without _GNU_SOURCE/_XOPEN_SOURCE.
* sysvipc/sys/ipc.h: Remove unnecessary #warning.
_LIBC, __USE_XOPEN2K8, and __STDC_VERSION__ are not always defined.
It seems to me that _LIBC should not appear in installed headers, but
avoiding that for argp specifically would require more surgery than
feels appropriate for this patch set. It's possible that
"#ifdef _LIBC" would be sufficient, but I wanted to be conservative.
All three versions of bits/socket.h want to know whether __flexarr
will produce a real flexible array member -- specifically, one that
doesn't alter sizeof(the structure containing it). They were testing
for this with a complicated #if condition that did not agree with
sys/cdefs.h and that tripped -Wundef warnings under -std=c90.
I added a new macro to sys/cdefs.h, __glibc_c99_flexarr_available,
which reveals exactly what these headers want to know. I also took
the opportunity to flatten the rather messy conditional nest defining
__flexarr.
* argp/argp.h: Check whether _LIBC is defined before expanding it.
* posix/glob.h: Check whether __USE_XOPEN2K8 is defined instead
of expanding it.
* misc/sys/cdefs.h: Tidy up conditional nest defining __flexarr.
Define __glibc_c99_flexarr_available to 1 when the compiler
supports C99-compatible flexible array members, 0 otherwise.
* sysdeps/unix/sysv/linux/bits/socket.h
* sysdeps/mach/hurd/bits/socket.h
* bits/socket.h: Use __glibc_c99_flexarr_available in
definitions of struct cmsghdr and CMSG_DATA.
glibc provides fallback definitions already. It is not necessary to
suppress warnings for unknown attributes because GCC does this
automatically for system headers.
This commit does not sync with gnulib because gnulib has started to use
_GL_* macros in the header file, which are arguably in the gnulib
implementation space and not suitable for an installed glibc header
file.
ChangeLog:
2014-03-17 Will Newton <will.newton@linaro.org>
* argp/argp-fmtstream.h: Check whether
__STRICT_ANSI__ is defined with #ifdef rather
than #if.
* argp/argp.h: Likewise.
In <https://sourceware.org/ml/libc-alpha/2014-01/msg00196.html> I
noted it was necessary to add includes of Makeconfig early in various
subdirectory makefiles for the tests-special variable settings added
by that patch to be conditional on configuration information. No-one
commented on the general question there of whether Makeconfig should
always be included immediately after the definition of subdir.
This patch implements that early inclusion of Makeconfig in each
directory (which is a lot easier than consistent placement of includes
of Rules). Includes are added if needed, or moved up if already
present. Subdirectory "all:" targets are removed, since Makeconfig
provides one.
There is potential for further cleanups I haven't done. Rules and
Makerules have code such as
ifneq "$(findstring env,$(origin headers))" ""
headers :=
endif
to override to empty any value of various variables that came from the
environment. I think there is a case for Makeconfig setting all the
subdirectory variables (other than subdir) to empty to ensure no
outside value is going to take effect if a subdirectory fails to
define a variable. (A list of such variables, possibly out of date
and incomplete, is in manual/maint.texi.) Rules and Makerules would
give errors if Makeconfig hadn't already been included, instead of
including it themselves. The special code to override values coming
from the environment would then be obsolete and could be removed.
Tested x86_64, including that installed binaries are identical before
and after the patch.
* argp/Makefile: Include Makeconfig immediately after defining
subdir.
* assert/Makefile: Likewise.
* benchtests/Makefile: Likewise.
* catgets/Makefile: Likewise.
* conform/Makefile: Likewise.
* crypt/Makefile: Likewise.
* csu/Makefile: Likewise.
(all): Remove target.
* ctype/Makefile: Include Makeconfig immediately after defining
subdir.
* debug/Makefile: Likewise.
* dirent/Makefile: Likewise.
* dlfcn/Makefile: Likewise.
* gmon/Makefile: Likewise.
* gnulib/Makefile: Likewise.
* grp/Makefile: Likewise.
* gshadow/Makefile: Likewise.
* hesiod/Makefile: Likewise.
* hurd/Makefile: Likewise.
(all): Remove target.
* iconvdata/Makefile: Include Makeconfig immediately after
defining subdir.
* inet/Makefile: Likewise.
* intl/Makefile: Likewise.
* io/Makefile: Likewise.
* libio/Makefile: Likewise.
(all): Remove target.
* locale/Makefile: Include Makeconfig immediately after defining
subdir.
* login/Makefile: Likewise.
* mach/Makefile: Likewise.
(all): Remove target.
* malloc/Makefile: Include Makeconfig immediately after defining
subdir.
(all): Remove target.
* manual/Makefile: Include Makeconfig immediately after defining
subdir.
* math/Makefile: Likewise.
* misc/Makefile: Likewise.
* nis/Makefile: Likewise.
* nss/Makefile: Likewise.
* po/Makefile: Likewise.
(all): Remove target.
* posix/Makefile: Include Makeconfig immediately after defining
subdir.
* pwd/Makefile: Likewise.
* resolv/Makefile: Likewise.
* resource/Makefile: Likewise.
* rt/Makefile: Likewise.
* setjmp/Makefile: Likewise.
* shadow/Makefile: Likewise.
* signal/Makefile: Likewise.
* socket/Makefile: Likewise.
* soft-fp/Makefile: Likewise.
* stdio-common/Makefile: Likewise.
* stdlib/Makefile: Likewise.
* streams/Makefile: Likewise.
* string/Makefile: Likewise.
* sunrpc/Makefile: Likewise.
(all): Remove target.
* sysvipc/Makefile: Include Makeconfig immediately after defining
subdir.
* termios/Makefile: Likewise.
* time/Makefile: Likewise.
* timezone/Makefile: Likewise.
(all): Remove target.
* wcsmbs/Makefile: Include Makeconfig immediately after defining
subdir.
* wctype/Makefile: Likewise.
libidn/ChangeLog:
* Makefile: Include Makeconfig immediately after defining subdir.
localedata/ChangeLog:
* Makefile: Include Makeconfig immediately after defining subdir.
(all): Remove target.
nptl/ChangeLog:
* Makefile: Include Makeconfig immediately after defining subdir.
nptl_db/ChangeLog:
* Makefile: Include Makeconfig immediately after defining subdir.