This patch fixes the glibc testsuite build for GCC 7
-Wformat-truncation, newly moved out of -Wformat-length and with some
further warnings that didn't previously appear. Two tests that
previously disabled -Wformat-length are changed to disable
-Wformat-truncation instead; two others are made to disable that
option as well.
Tested (compilation only) with build-many-glibcs.py for aarch64 with
GCC mainline.
* stdio-common/tst-printf.c [__GNUC_PREREQ (7, 0)]: Ignore
-Wformat-truncation instead of -Wformat-length.
* time/tst-strptime2.c (mkbuf) [__GNUC_PREREQ (7, 0)]: Likewise.
* stdio-common/tstdiomisc.c (F): Ignore -Wformat-truncation for
GCC 7.
* wcsmbs/tst-wcstof.c: Include <libc-internal.h>.
(do_test): Ignore -Wformat-truncation for GCC 7.
Extending linknamespace tests to cover libcrypt showed that crypt
brings in references to snprintf, but is in XPG3 and XPG4 which don't
have snprintf. This patch fixes it to use __snprintf instead,
exporting __snprintf from libc.so at version GLIBC_PRIVATE and adding
libc_hidden_proto / libc_hidden_def accordingly.
Tested for x86_64 and x86, in conjunction with the testsuite changes
to enable linknamespace testing for libdl and libcrypt. Also tested
(compilation only) for powerpc to make sure there were no problem
interactions with the optional-long-double handling for snprintf.
[BZ #20829]
* stdio-common/Versions (__snprintf): Add to version
GLIBC_PRIVATE.
* include/stdio.h (__snprintf): Use libc_hidden_proto.
* stdio-common/snprintf.c (__snprintf): Use libc_hidden_def.
* crypt/sha256-crypt.c (__sha256_crypt_r): Use __snprintf instead
of snprintf.
* crypt/sha512-crypt.c (__sha512_crypt_r): Likewise.
The function read_int, from printf-parse.h, parses an integer from a string
while avoiding overflows. It is used by other functions, such as vfprintf,
to avoid undefined behavior.
The function vfscanf (_IO_vfwscanf) parses an integer from the format
string, and can use read_int.
This avoids a race condition if the process-global locale is changed
while vfscanf is running. MB_LEN_MAX is always larger than MB_CUR_MAX,
so we might realloc earlier than necessary (but even MB_CUR_MAX could
be larger than the minimum required space).
The existing length was a bit questionable because str + MB_LEN_MAX
might point past the end of the buffer.
This commit puts all libio vtables in a dedicated, read-only ELF
section, so that they are consecutive in memory. Before any indirect
jump, the vtable pointer is checked against the section boundaries,
and the process is terminated if the vtable pointer does not fall into
the special ELF section.
To enable backwards compatibility, a special flag variable
(_IO_accept_foreign_vtables), protected by the pointer guard, avoids
process termination if libio stream object constructor functions have
been called earlier. Such constructor functions are called by the GCC
2.95 libstdc++ library, and this mechanism ensures compatibility with
old binaries. Existing callers inside glibc of these functions are
adjusted to call the original functions, not the wrappers which enable
vtable compatiblity.
The compatibility mechanism is used to enable passing FILE * objects
across a static dlopen boundary, too.
The fmemopen implementation does not account the file position correctly in
append mode. The following example shows the failure:
===
int main ()
{
char buf[10] = "test";
FILE *fp = fmemopen (buf, 10, "a+");
fseek (fp, 0, SEEK_SET);
int gr;
if ((gr = getc (fp)) != 't' ||
(gr = getc (fp)) != 'e' ||
(gr = getc (fp)) != 's' ||
(gr = getc (fp)) != 't' ||
(gr = getc (fp)) != EOF)
{
printf ("%s: getc failed returned %i\n", __FUNCTION__, gr);
return 1;
}
return 0;
}
===
This is due both how read and write operation update the buffer position,
taking in consideration buffer lenght instead of maximum position defined
by the open mode. This patch fixes it and also fixes fseek not returning
EINVAL for invalid whence modes.
Tested on x86_64 and i686.
[BZ #20012]
* libio/fmemopen.c (fmemopen_read): Use buffer maximum position, not
length to calculate the buffer to read.
(fmemopen_write): Set the buffer position based on bytes written.
(fmemopen_seek): Return EINVAL for invalid whence modes.
Current GLIBC fmemopen fails with a simple testcase:
char buffer[500] = "x";
FILE *stream;
stream = fmemopen(buffer, 500, "r+");
fwrite("fish",sizeof(char),5,stream);
printf("pos-1:%ld\n",ftell(stream));
fflush(stream);
printf("pos-2:%ld\n",ftell(stream));
It returns:
pos-1:5
pos-2:0
Where it should return:
pos-1:5
pos-2:5
This is due the internal write function does not correctly update the internal
object position state and then the seek operation returns a wrong value. This
patch fixes it.
It fixes both BZ #20005 and BZ #19230 (marked as duplicated). A new test is
added to check for such case.
Tested on x86_64 and i686.
* libio/fmemopen.c (fmemopen_write): Update internal position after
write.
* stdio-common/Makefile (tests): Add tst-fmemopen4.c.
* stdio-common/tst-fmemopen4.c: New file..
The commit 985fc132f2
"strfmon_l: Use specified locale for number formatting [BZ #19633]"
introduced an elf/check-abi-libc testfailure due to __printf_fp_l
on architectures which use sysdeps/ieee754/ldbl-opt/math_ldbl_opt.h.
This patch uses libc_hidden_def instead of ldbl_hidden_def.
The ldbl_strong_alias is removed due to the rename of ___printf_fp_l
to __printf_fp_l.
ChangeLog:
* stdio-common/printf_fp.c (__printf_fp_l):
Rename ___printf_fp_l to __printf_fp_l and
remove strong alias. Use libc_hidden_def instead
of ldbl_hidden_def macro.
When the signs differ, the precision of the conversion sometimes
drops below 106 bits. This strategy is identical to the
hexadecimal variant.
I've refactored tst-sprintf3 to enable testing a value with more
than 30 significant digits in order to demonstrate this failure
and its solution.
Additionally, this implicitly fixes a typo in the shift
quantities when subtracting from the high mantissa to compute
the difference.
A custom character buffer is added in this commit, in the form of
struct char_buffer. The char_buffer_add function replaces the
ADDW macro (which has grown with each successive security fix).
The char_buffer_add slow path is moved out-of-line, reducing
code size.
* stdio-common/vfscanf.c (MEMCPY): Remove macro.
(struct char_buffer): New type.
(char_buffer_start, char_buffer_size, char_buffer_error)
(char_buffer_rewind, char_buffer_add): New functions.
(ADDW): Remove macro, replaced by the char_buffer_add function.
(_IO_vfscanf_internal): Rewrite using struct char_buffer instead
of extend_alloca. Make control flow more explicit.
Every so often someone gets confused by the fact that the installed
<bits/stdio-lock.h> header includes the non-installed <lowlevellock.h>
header.
This inclusion is not in fact a bug, because <bits/stdio-lock.h> only
gets included by any header that users should include directly if
_IO_MTSAFE_IO is defined, and that's an internal define used when
building libio, not a feature test macro it's valid for users to
define. However, on general principles it's best to have as little as
possible in the installed headers that is inapplicable for valid uses
of the installed glibc.
This patch moves the include of <bits/stdio-lock.h> to the internal
header include/libio.h, so that even if someone defines _IO_MTSAFE_IO
it won't get included. This is intended as preparation for stopping
<bits/stdio-lock.h> and <bits/libc-lock.h> from being installed at all
(after this patch they aren't used in any installed header; formally
of course they don't need to be installed even before this patch, but
stopping them being installed before removing the #include would just
exacerbate the confusion described above), and then moving those out
of the bits/ namespace in accordance with the principle that that
namespace is only for installed headers.
The tests scanf15.c and scanf17.c avoid the internal headers; after
this patch that means they need to undefine _IO_MTSAFE_IO as well as
_LIBC so as to get a working _IO_lock_t definition for libio.h. This
brings them closer to using the headers as an installed program would,
which clearly accords with the intent of those tests.
Tested for x86_64 (testsuite, and that installed stripped shared
libraries are unchanged by the patch).
* libio/libio.h [_IO_MTSAFE_IO]: Remove include of
<bits/stdio-lock.h> and commented-out include of <comthread.h>.
* include/libio.h [!_ISOMAC && _IO_MTSAFE_IO]: Include
<bits/stdio-lock.h>.
* stdio-common/scanf15.c (_IO_MTSAFE_IO): Undefine.
* stdio-common/scanf17.c (_IO_MTSAFE_IO): Likewise.
These scripts use #!/bin/sh explicitly, so make sure they avoid echo -n
as different shells treat it differently. Use the portable printf func
instead.
These tests were skipped by the use-test-skeleton conversion done in
commit 29955b5d because they did not have an `int main (void)'
declaration. Instead their `main' functions were declared with arguments
(i.e. argc, argv) even though they didn't use them.
Remove these arguments and include the test skeleton in these tests.
If 'w' mode is used with a provided buffer the fmemopen will try to find
the first null byte to set as maximum internal stream size. It should be
done only for append mode ('a').
Kudos for Stefan Liebler for finding this error on s390-32.
* libio/fmemopen.c (__fmemopen): Fix 'w' openmode with provided
buffer.
* stdio-common/tst-fmemopen2.c (do_test_with_buffer): Fix typo and
fail output information.
These tests were skipped by the use-test-skeleton conversion done in
commit 29955b5d because they were reused in other tests via the #include
directive, and so deemed worth an inspection before they were modified.
This has now been done.
ChangeLog:
2015-07-09 Arjun Shankar <arjun.is@lostca.se>
* elf/tst-leaks1.c (main): Converted to ...
(do_test): ... this.
(TEST_FUNCTION): New macro.
Include test-skeleton.c.
* localedata/tst-langinfo.c (main): Converted to ...
(do_test): ... this.
(TEST_FUNCTION): New macro.
Include test-skeleton.c.
* math/test-fpucw.c (main): Converted to ...
(do_test): ... this.
(TEST_FUNCTION): New macro.
Include test-skeleton.c.
* math/test-tgmath.c (main): Converted to ...
(do_test): ... this.
(TEST_FUNCTION): New macro.
Include test-skeleton.c.
* math/test-tgmath2.c (main): Converted to ...
(do_test): ... this.
(TEST_FUNCTION): New macro.
Include test-skeleton.c.
* setjmp/tst-setjmp.c (main): Converted to ...
(do_test): ... this.
(TEST_FUNCTION): New macro.
Include test-skeleton.c.
* stdio-common/tst-sscanf.c (main): Converted to ...
(do_test): ... this.
(TEST_FUNCTION): New macro.
Include test-skeleton.c.
* sysdeps/x86_64/tst-audit6.c (main): Converted to ...
(do_test): ... this.
(TEST_FUNCTION): New macro.
Include test-skeleton.c.
On x32, GCC 5.1 complains:
tst-fmemopen2.c: In function ‘do_test_without_buffer’:
tst-fmemopen2.c:124:15: error: format ‘%ld’ expects argument of type ‘long int’, but argument 2 has type ‘off_t {aka long long int}’ [-Werror=format=]
printf ("FAIL: first ftello returned %ld, expected %zu\n", o, nstr);
^
tst-fmemopen2.c:135:15: error: format ‘%ld’ expects argument of type ‘long int’, but argument 2 has type ‘off_t {aka long long int}’ [-Werror=format=]
printf ("FAIL: second ftello returned %ld, expected %zu\n", o, nbuf);
^
tst-fmemopen2.c:148:15: error: format ‘%ld’ expects argument of type ‘long int’, but argument 2 has type ‘off_t {aka long long int}’ [-Werror=format=]
printf ("FAIL: third ftello returned %ld, expected %zu\n", o, nstr2);
^
tst-fmemopen2.c: In function ‘do_test_length_zero’:
tst-fmemopen2.c:183:15: error: format ‘%ld’ expects argument of type ‘long int’, but argument 2 has type ‘off_t {aka long long int}’ [-Werror=format=]
printf ("FAIL: first ftello returned %ld, expected 0\n", o);
^
This patch silences GCC.
* stdio-common/tst-fmemopen2.c (do_test_without_buffer): Replace
%ld with %jd and cast to intmax_t.
(do_test_length_zero): Likewise.
This patch updates tst-fmemopen2 to check for fmemopen with NULL buffer
inputs and also refactor the code a bit.
The test relies on a POSIX compliant fmemopen implementation.
* stdio-common/tst-fmemopen2.c (do_test): Add test for NULL and zero
length buffers.
* stdio-common/tst-fmemopen.c (do_test): Refactor to use
test-skeleton.c.
This patch added a new fmemopen version, for glibc 2.22, that aims to be
POSIX complaint. It fixes some long-stading glibc fmemopen issues, such
as:
* it changes the way fseek with SEEK_END works on fmemopen to seek
relative to buffer size instead of first '\0'. This is default mode and
'b' opening mode does not change internal behavior (bz#6544).
* fix apending opening mode to use as start position either first null
byte of len specified in function call (bz#13152 and #13151).
* remove binary option 'b' and internal different handling (bz#12836)
* fix seek/SEE_END with negative values (bz#14292).
A compatibility symbol is provided to with old behavior for older symbols
version (2.2.5).
* include/stdio.h (fmemopen): Remove hidden prototype.
(__fmemopen): Add new hidden prototype.
* libio/Makefile: Add oldfmemopen object.
* libio/Versions [GLIBC_2.22]: Add new fmemopen symbol.
* libio/fmemopen.c (__fmemopen): Function rewrite to be POSIX
compliance.
* libio/oldfmemopen.c: New file: old fmemopen implementation for
symbol compatibility.
* stdio-common/Makefile [tests]: Add new tst-fmemopen3.
* stdio-common/psiginfo.c [psiginfo]: Call __fmemopen instead of
fmemopen.
* stdio-common/tst-fmemopen3.c: New file: more fmemopen tests, focus
on append and read mode.
* sysdeps/unix/sysv/linux/aarch64/libc.abilist [GLIBC_2.22]: Add
fmemopen.
* sysdeps/unix/sysv/linux/alpha/libc.abilist [GLIBC_2.22]: Likewise.
* sysdeps/unix/sysv/linux/arm/libc.abilist [GLIBC_2.22]: Likewise.
* sysdeps/unix/sysv/linux/i386/libc.abilist [GLIBC_2.22]: Likewise.
* sysdeps/unix/sysv/linux/ia64/libc.abilist [GLIBC_2.22]:
Likewise.
* sysdeps/unix/sysv/linux/m68k/coldfire/libc.abilist
[GLIBC_2.22]: Likewise.
* sysdeps/unix/sysv/linux/m68k/m680x0/libc.abilist [GLIBC_2.22]:
Likewise.
* sysdeps/unix/sysv/linux/microblaze/libc.abilist [GLIBC_2.22]:
Likewise.
* sysdeps/unix/sysv/linux/mips/mips32/fpu/libc.abilist
[GLIBC_2.22]: Likewise.
* sysdeps/unix/sysv/linux/mips/mips32/nofpu/libc.abilist
[GLIBC_2.22]: Likewise.
* sysdeps/unix/sysv/linux/mips/mips64/n32/libc.abilist
[GLIBC_2.22]: Likewise.
* sysdeps/unix/sysv/linux/mips/mips64/n64/libc.abilist
[GLIBC_2.22]: Likewise.
* sysdeps/unix/sysv/linux/powerpc/powerpc32/fpu/libc.abilist
[GLIBC_2.22]: Likewise.
* sysdeps/unix/sysv/linux/powerpc/powerpc32/nofpu/libc.abilist
[GLIBC_2.22]: Likewise.
* sysdeps/unix/sysv/linux/powerpc/powerpc64/libc.abilist
[GLIBC_2.22]: Likewise.
* sysdeps/unix/sysv/linux/s390/s390-32/libc.abilist [GLIBC_2.22]:
Likewise.
* sysdeps/unix/sysv/linux/s390/s390-64/libc.abilist [GLIBC_2.22]:
Likewise.
* sysdeps/unix/sysv/linux/sh/libc.abilist [GLIBC_2.22]: Likewise.
* sysdeps/unix/sysv/linux/sparc/sparc32/libc.abilist
[GLIBC_2.22]: Likewise.
* sysdeps/unix/sysv/linux/sparc/sparc64/libc.abilist
[GLIBC_2.22]: Likewise.
* sysdeps/unix/sysv/linux/tile/tilegx/tilegx32/libc.abilist
[GLIBC_2.22]: Likewise.
* sysdeps/unix/sysv/linux/tile/tilegx/tilegx64/libc.abilist
[GLIBC_2.22]: Likewise.
* sysdeps/unix/sysv/linux/tile/tilepro/libc.abilist [GLIBC_2.22]:
Likewise.
* sysdeps/unix/sysv/linux/x86_64/64/libc.abilist [GLIBC_2.22]:
Likewise.
* sysdeps/unix/sysv/linux/x86_64/x32/libc.abilist [GLIBC_2.22]:
Likewise.
* sysdeps/unix/sysv/linux/hppa/libc.abilist [GLIBC_2.22]: Likewise.
* sysdeps/unix/sysv/linux/nios2/libc.abilist [GLIBC_2.22]: Likewise.
syslog functions bring in references to dprintf, which wasn't added to
POSIX until the 2008 edition and so isn't in various standards
containing the syslog functions. This patch fixes this by making
dprintf into a weak alias of __dprintf and using __dprintf as
appropriate.
Tested for x86_64 and x86 (testsuite, and that installed stripped
shared libraries are unchanged by the patch).
[BZ #18534]
* stdio-common/dprintf.c (__dprintf): Use libc_hidden_def.
(dprintf): Define as a weak alias of __dprintf, not a strong
alias.
* include/stdio.h (__dprintf): Declare. Use libc_hidden_proto.
* misc/syslog.c (__vsyslog_chk): Call __dprintf instead of
dprintf.
* conform/Makefile (test-xfail-XPG4/syslog.h/linknamespace):
Remove variable.
(test-xfail-UNIX98/syslog.h/linknamespace): Likewise.
(test-xfail-XOPEN2K/syslog.h/linknamespace): Likewise.
This splits a considerable chunk of code from the main vfprintf
function. This will make it easier to remove the use of extend_alloca
from the positional argument handling code.
BZ #16618
Under certain conditions wscanf can allocate too little memory for the
to-be-scanned arguments and overflow the allocated buffer. The
implementation now correctly computes the required buffer size when
using malloc.
A regression test was added to tst-sscanf.
Due to tile missing a bunch of FP exception and rounding
support, the tests generate warnings. These changes fix the
warnings by just not compiling some unused functions, and
adding some attribute ((unused)) tags.