- 19 5月, 2023 1 次提交
-
-
由 yinchuang 提交于
Issue:I70LQ0 Signed-off-by: Nyinchuang <yinchuang@huawei.com> Test:Build & Boot Device
-
- 11 3月, 2021 1 次提交
-
-
由 mamingshuai 提交于
-
- 09 9月, 2020 1 次提交
-
-
由 wenjun 提交于
-
- 13 9月, 2018 1 次提交
-
-
由 Rich Felker 提交于
libc.h was intended to be a header for access to global libc state and related interfaces, but ended up included all over the place because it was the way to get the weak_alias macro. most of the inclusions removed here are places where weak_alias was needed. a few were recently introduced for hidden. some go all the way back to when libc.h defined CANCELPT_BEGIN and _END, and all (wrongly implemented) cancellation points had to include it. remaining spurious users are mostly callers of the LOCK/UNLOCK macros and files that use the LFS64 macro to define the awful *64 aliases. in a few places, new inclusion of libc.h is added because several internal headers no longer implicitly include libc.h. declarations for __lockfile and __unlockfile are moved from libc.h to stdio_impl.h so that the latter does not need libc.h. putting them in libc.h made no sense at all, since the macros in stdio_impl.h are needed to use them correctly anyway.
-
- 30 8月, 2018 2 次提交
-
-
由 Rich Felker 提交于
if no output is produced, no underlying fwrite will ever be called, but byte-oriented printf functions are still required to set the orientation of the stream to byte-oriented. call __towrite explicitly if the FILE is not already in write mode.
-
由 Rich Felker 提交于
commit b5a8b289 setup the write buffer bound pointers for the temporary buffer manually to fix a buffer overflow issue, but in doing so, caused vfprintf on unbuffered files never to call __towrite, thereby failing to set the stream orientation to byte-oriented, failing to clear any prior read mode, and failing to produce an error when the stream is not writable. revert the inline setup of the bounds pointers and instead zero them, so that the underlying fwrite code will call __towrite to set them up.
-
- 24 8月, 2018 1 次提交
-
-
由 Rich Felker 提交于
the code to perform rounding to the desired precision wrongly assumed the long double mantissa was an integral number of nibbles (hex digits) in length. this is true for 80-bit extended precision (64-bit mantissa) but not for double (53) or quad (113). scale the rounding value by 1<<(LDBL_MANT_DIG%4) to compensate.
-
- 11 1月, 2018 1 次提交
-
-
由 Rich Felker 提交于
commit 78897b0d wrongly simplified Dmitry Levin's original submitted patch fixing alt-form octal with the zero flag and field width present, omitting the special case where the value is zero. as a result, printf("%#o",0) wrongly prints "00" rather than "0". the logic prior to this commit was actually better, in that it was aligned with how the alt-form flag (#) for printf is specified ("it shall increase the precision"). at the time there was no good way to avoid the zero flag issue with the old logic, but commit 167dfe96 added tracking of whether an explicit precision was provided. revert commit 78897b0d and switch to using the explicit precision indicator for suppressing the zero flag.
-
- 05 7月, 2017 1 次提交
-
-
由 Alexander Monakov 提交于
The switch statement has no 'default:' case and the function ends immediately following the switch, so the extra comparison did not communicate any extra information to the compiler.
-
- 23 4月, 2017 1 次提交
-
-
由 Rich Felker 提交于
the code being removed was written to optimize for size assuming the compiler cannot collapse code paths for different types with the same underlying representation. modern compilers sometimes succeed in making this optimization themselves, but either way it's a small size difference and not worth the source-level complexity or the UB involved in this hack. some incorrect use of va_arg still remains, particularly use of void * where the actual argument has a different pointer type. fixing this requires some actual code additions, rather than just removing cruft, so I'm leaving it to be done later as a separate commit.
-
- 20 10月, 2016 3 次提交
-
-
由 Szabolcs Nagy 提交于
in nearest rounding mode exact halfway cases were not following the round to even rule if the rounding happened at a base 1000000000 digit boundary of the internal representation and the previous digit was odd. e.g. printf("%.0f", 1.5) printed 1 instead of 2.
-
由 Rich Felker 提交于
this patch fixes a large number of missed internal signed-overflow checks and errors in determining when the return value (output length) would exceed INT_MAX, which should result in EOVERFLOW. some of the issues fixed were reported by Alexander Cherepanov; others were found in subsequent review of the code. aside from the signed overflows being undefined behavior, the following specific bugs were found to exist in practice: - overflows computing length of floating point formats with huge explicit precisions, integer formats with prefix characters and huge explicit precisions, or string arguments or format strings longer than INT_MAX, resulted in wrong return value and wrong %n results. - literal width and precision values outside the range of int were misinterpreted, yielding wrong behavior in at least one well-defined case: string formats with precision greater than INT_MAX were sometimes truncated. - in cases where EOVERFLOW is produced, incorrect values could be written for %n specifiers past the point of exceeding INT_MAX. in addition to fixing these bugs, we now stop producing output immediately when output length would exceed INT_MAX, rather than continuing and returning an error only at the end.
-
由 Rich Felker 提交于
if the requested precision is close to INT_MAX, adding LDBL_MANT_DIG/3+8 overflows. in practice the resulting undefined behavior manifests as a large negative result, which is then used to compute the new end pointer (z) with a wildly out-of-bounds value (more overflow, more undefined behavior). the end result is at least incorrect output and character count (return value); worse things do not seem to happen, but detailed analysis has not been done. this patch fixes the overflow by performing the intermediate computation as unsigned; after division by 9, the final result necessarily fits in int.
-
- 17 9月, 2016 1 次提交
-
-
由 Rich Felker 提交于
commit b91cdbe2, in fixing another issue, changed the logic for how alt-form octal adds the leading zero to adjust the precision rather than using a prefix character. this wrongly suppressed the zero flag by mimicing an explicit precision given by the format string. switch back to using a prefix character. based on bug report and patch by Dmitry V. Levin, but simplified.
-
- 19 12月, 2014 1 次提交
-
-
由 Rich Felker 提交于
formally, it seems a sign is only required when the '+' modifier appears in the format specifier, in which case either '+' or '-' must be present in the output. but the specification is written such that an optional negative sign is part of the output format anyway, and the simplest approach to fixing the problem is removing the code that was suppressing the sign.
-
- 17 12月, 2014 1 次提交
-
-
由 Rich Felker 提交于
previously, write errors neither stopped further output attempts nor caused the function to return an error to the caller. this could result in silent loss of output, possibly in the middle of output in the event of a non-permanent error. the simplest solution is temporarily clearing the error flag for the target stream, then suppressing further output when the error flag is set and checking/restoring it at the end of the operation to determine the correct return value. since the wide version of the code internally calls the narrow fprintf to perform some of its underlying operations, initial clearing of the error flag is suppressed when performing a narrow vfprintf on a wide-oriented stream. this is not a problem since the behavior of narrow operations on wide-oriented streams is undefined.
-
- 16 11月, 2014 1 次提交
-
-
由 Rich Felker 提交于
in this case there are two conflicting rules in play: that an explicit precision of zero with the value zero produces no output, and that the '#' modifier for octal increases the precision sufficiently to yield a leading zero. ISO C (7.19.6.1 paragraph 6 in C99+TC3) includes a parenthetical remark to clarify that the precision-increasing behavior takes precedence, but the corresponding text in POSIX off of which I based the implementation is missing this remark. this issue was covered in WG14 DR#151.
-
- 31 5月, 2014 1 次提交
-
-
由 Szabolcs Nagy 提交于
CONCAT(0x1p,LDBL_MANT_DIG) is not safe outside of libc, use 2/LDBL_EPSILON instead. fix was proposed by Morten Welinder.
-
- 08 4月, 2014 1 次提交
-
-
由 Rich Felker 提交于
the subsequent rounding code assumes the end pointer (z) accurately reflects the end of significance in the decimal expansion, but for certain large integers, spurious trailing zero slots were left behind when applying the binary exponent. issue reported by Morten Welinder; the analysis of the cause was performed by nsz, who also proposed this change.
-
- 07 4月, 2014 2 次提交
-
-
由 Rich Felker 提交于
the code to strip trailing zeros was only looking in the last slot for up to 9 zeros, assuming that the rounding code had already removed fully-zero slots from the end. however, this ignored cases where the rounding code did not run at all, which occur when the value being printed is exactly representable in the requested precision. the simplest solution is to move the code that strips trailing zero slots to run unconditionally, immediately after rounding, rather than as the last step of rounding.
-
由 Rich Felker 提交于
in cases where rounding caused a carry, the slot into which the carry was taking place was unconditionally treated as valid, despite the possibility that it could be a new slot prior to the beginning of the existing non-rounded number. in theory this could lead to unbounded runaway carry, but in order for that to happen, the whole uninitialized buffer would need to have been pre-filled with 32-bit integer values greater than or equal to 999999999. patch based on proposed fix by Morten Welinder, who also discovered and reported the bug.
-
- 09 3月, 2014 2 次提交
-
-
由 Rich Felker 提交于
the printf floating point formatting code contains an optimization to avoid computing digits that will be thrown away by rounding at the specified (or default) precision. while it was correctly retaining all places up to the last decimal place to be printed, it was not retaining enough precision to see the next nonzero decimal place in all cases. this could cause incorrect rounding down in round-to-even (default) rounding mode, for example, when printing 0.5+DBL_EPSILON with "%.0f". in the fix, LDBL_MANT_DIG/3 is a lazy (non-sharp) upper bound on the number of zeros between any two nonzero decimal digits.
-
由 Rich Felker 提交于
empirically the overflow was an off-by-one, and it did not seem to be overwriting meaningful data. rather than simply increasing the buffer size by one, however, I have attempted to make the size obviously correct in terms of bounds on the number of iterations for the loops that fill the buffer. this still results in no more than a negligible size increase of the buffer on the stack (6-7 32-bit slots) and is a "safer" fix unless/until somebody wants to do the proof that a smaller buffer would suffice.
-
- 07 10月, 2013 1 次提交
-
-
由 Szabolcs Nagy 提交于
add missing va_end and remove some unnecessary code.
-
- 03 8月, 2013 1 次提交
-
-
由 Rich Felker 提交于
check in configure to be polite (failing early if we're going to fail) and in vfprintf.c since that is the point at which a mismatching type would be extremely dangerous.
-
- 09 11月, 2012 1 次提交
-
-
由 Rich Felker 提交于
this header evolved to facilitate the extremely lazy practice of omitting explicit includes of the necessary headers in individual stdio source files; not only was this sloppy, but it also increased build time. now, stdio_impl.h is only including the headers it needs for its own use; any further headers needed by source files are included directly where needed.
-
- 19 10月, 2012 1 次提交
-
-
由 Rich Felker 提交于
-
- 07 9月, 2012 1 次提交
-
-
由 Rich Felker 提交于
to deal with the fact that the public headers may be used with pre-c99 compilers, __restrict is used in place of restrict, and defined appropriately for any supported compiler. we also avoid the form [restrict] since older versions of gcc rejected it due to a bug in the original c99 standard, and instead use the form *restrict.
-
- 11 8月, 2012 1 次提交
-
-
由 Rich Felker 提交于
the strspn call was made for every format specifier and end-of-string, even though the expected return value was 1-2 for normal usage. replace with simple loop.
-
- 20 6月, 2012 2 次提交
-
-
由 Rich Felker 提交于
this one could never cause any problems unless the compiler/machine goes to extra trouble to break oob pointer arithmetic, but it's best to fix it anyway.
-
由 Rich Felker 提交于
large precision values could cause out-of-bounds pointer arithmetic in computing the precision cutoff (used to avoid expensive long-precision arithmetic when the result will be discarded). per the C standard, this is undefined behavior. one would expect that it works anyway, and in fact it did in most real-world cases, but it was randomly (depending on aslr) crashing in i386 binaries running on x86_64 kernels. this is because linux puts the userspace stack near 4GB (instead of near 3GB) when the kernel is 64-bit, leading to the out-of-bounds pointer arithmetic overflowing past the end of address space and giving a very low pointer value, which then compared lower than a pointer it should have been higher than. the new code rearranges the arithmetic so that no overflow can occur. while this bug could crash printf with memory corruption, it's unlikely to have security impact in real-world applications since the ability to provide an extremely large field precision value under attacker-control is required to trigger the bug.
-
- 08 6月, 2012 2 次提交
-
-
由 Rich Felker 提交于
signedness issue kept %ls with no precision from working at all
-
由 Rich Felker 提交于
printf was not printing too many characters, but it was reading one too many wchar_t elements from the input. this could lead to crashes if running off the page, or spurious failure if the conversion of the extra wchar_t resulted in EILSEQ.
-
- 17 4月, 2012 2 次提交
-
-
由 Rich Felker 提交于
vfprintf temporarily swaps in a local buffer (for the duration of the operation) when the target stream is unbuffered; this both simplifies the implementation of functions like dprintf (they don't need their own buffers) and eliminates the pathologically bad performance of writing the formatted output with one or more write syscalls per formatting field. in cases like dprintf where we are dealing with a virgin FILE structure, everything worked correctly. however for long-lived files (like stderr), it's possible that the buffer bounds were already set for the internal zero-size buffer. on the next write, __stdio_write would pick up and use the new buffer provided by vfprintf, but the bound (wend) field was still pointing at the internal zero-size buffer's end. this in turn allowed unbounded writes to the temporary buffer.
-
由 Rich Felker 提交于
the l prefix is redundant/no-op with printf, since default promotions always promote floats to double; however, it is valid, and printf was wrongly rejecting it.
-
- 29 9月, 2011 1 次提交
-
-
由 Rich Felker 提交于
passing null pointer for %s is UB but lots of broken programs do it anyway
-
- 04 7月, 2011 3 次提交
-
-
由 Rich Felker 提交于
-
由 Rich Felker 提交于
-
由 Rich Felker 提交于
-
- 12 5月, 2011 1 次提交
-
-
由 Rich Felker 提交于
the observed symptom was that the code was incorrectly rounding up 1.0625 to 1.063 despite the rounding mode being round-to-nearest with ties broken by rounding to even last place. however, the code was just not right in many respects, and i'm surprised it worked as well as it did. this time i tested the values that end up in the variables round, small, and the expression round+small, and all look good.
-