- 20 6月, 2012 8 次提交
-
-
由 Rich Felker 提交于
patch by nsz
-
由 Rich Felker 提交于
dynamic-allocation of the structure is not valid; it can crash an application if malloc fails. since localeconv is not specified to have failure conditions, the object needs to have static storage duration. need to review whether all the values are right or not still..
-
由 Rich Felker 提交于
this was actually dangerously wrong, but presumably nobody uses this broken function anymore anyway..
-
由 Rich Felker 提交于
if we eventually have build options, it might be nice to make an option to dummy this out again, in case anybody needs a system-wide disable for disk/ssd-thrashing, etc. that some daemons do when logging...
-
由 Rich Felker 提交于
-
由 Rich Felker 提交于
large precision values could cause out-of-bounds pointer arithmetic in computing the precision cutoff (used to avoid expensive long-precision arithmetic when the result will be discarded). per the C standard, this is undefined behavior. one would expect that it works anyway, and in fact it did in most real-world cases, but it was randomly (depending on aslr) crashing in i386 binaries running on x86_64 kernels. this is because linux puts the userspace stack near 4GB (instead of near 3GB) when the kernel is 64-bit, leading to the out-of-bounds pointer arithmetic overflowing past the end of address space and giving a very low pointer value, which then compared lower than a pointer it should have been higher than. the new code rearranges the arithmetic so that no overflow can occur. while this bug could crash printf with memory corruption, it's unlikely to have security impact in real-world applications since the ability to provide an extremely large field precision value under attacker-control is required to trigger the bug.
-
由 Rich Felker 提交于
request/patch by william haddonthethird, slightly modifed to add _GNU_SOURCE feature test macro so that the compiler can verify the prototype matches.
-
由 Rich Felker 提交于
-
- 19 6月, 2012 7 次提交
-
-
由 Rich Felker 提交于
this is mildly ugly, but less ugly than gnulib trying to poke at the definition of the FILE structure...
-
由 Rich Felker 提交于
for seekable files, posix imposed requirements on the offset of the underlying open file description after a stream is closed. this was correctly handled (as a side effect of the unconditional fflush call) when streams were explicitly closed by fclose, but was not handled correctly at program exit time, where fflush(0) was being used. the weak symbol hackery is to pull in __stdio_exit if either of __toread or __towrite is used, but avoid calling it twice so we don't have to keep extra state. the new __stdio_exit is a streamlined fflush variant that avoids performing any unnecessary operations and which never unlocks the files or open file list, so we can be sure no other threads write new data to a stream's buffer after it's already flushed.
-
由 Rich Felker 提交于
-
由 Rich Felker 提交于
there is no need/use for a flush hook. the write function serves this purpose already. i originally created the hook for implementing mem streams based on a mistaken reading of posix, and later realized it wasn't useful but never removed it until now.
-
由 Rich Felker 提交于
-
由 Rich Felker 提交于
-
由 Rich Felker 提交于
apparently this was never tested before.
-
- 18 6月, 2012 2 次提交
-
-
由 Rich Felker 提交于
the old behavior was to only consider a stream to be "reading" or "writing" if it had buffered, unread/unwritten data. this reportedly differs from the traditional behavior of these functions, which is essentially to return true as much as possible without creating the possibility that both __freading and __fwriting could return true. gnulib expects __fwriting to return true as soon as a file is opened write-only, and possibly expects other cases that depend on the traditional behavior. and since these functions exist mostly for gnulib (does anything else use them??), they should match the expected behavior to avoid even more ugly hacks and workarounds...
-
由 Rich Felker 提交于
-
- 16 6月, 2012 1 次提交
-
-
由 Rich Felker 提交于
one file was reusing another file's macro name, and many had inconsistent underscores and application of SYS prefix, etc. patch by Szabolcs Nagy (nsz)
-
- 15 6月, 2012 1 次提交
-
-
由 Rich Felker 提交于
it probably does not matter for /dev/null, but this should be done consistently anyway.
-
- 14 6月, 2012 4 次提交
-
-
由 Rich Felker 提交于
this is required in case dtors use stdio. also remove the old comments; one was cruft from when the code used to be using function pointers and conditional calls, and has little motivation now that we're using weak symbols. the other was just complaining about having to support dtors even though the cost was made essentially zero in the non-use case by the way it's done here.
-
由 Rich Felker 提交于
-
由 Rich Felker 提交于
stime is not _XOPEN_SOURCE, and some functions were missing with _BSD_SOURCE..
-
由 Rich Felker 提交于
-
- 13 6月, 2012 3 次提交
-
-
由 Rich Felker 提交于
these are not exposed publicly in any header, but the few programs that use them (modutils/kmod, etc.) are declaring the functions themselves rather than making the syscalls directly, and it doesn't really hurt to have them (same as the capset junk).
-
由 Rich Felker 提交于
based on patch by Emil Renner Berthing, with minor changes to dirent.h for LFS64 and organization of declarations this code should work unmodified once a real strverscmp is added, but I've been hesitant to add it because the GNU strverscmp behavior is harmful in a lot of cases (for instance if you have numeric filenames in hex). at some point I plan on trying to design a variant of the algorithm that behaves better on a mix of filename styles.
-
由 Rich Felker 提交于
these were left in glibc for binary compatibility after the public part of the interface was removed, and libcap kept using them (with its own copy of the header files) rather than just making the syscalls directly. might as well add them since they're so small...
-
- 10 6月, 2012 2 次提交
-
-
由 Rich Felker 提交于
-
由 Rich Felker 提交于
i originally omitted these (optional, per POSIX) interfaces because i considered them backwards implementation details. however, someone later brought to my attention a fairly legitimate use case: allocating thread stacks in memory that's setup for sharing and/or fast transfer between CPU and GPU so that the thread can move data to a GPU directly from automatic-storage buffers without having to go through additional buffer copies. perhaps there are other situations in which these interfaces are useful too.
-
- 08 6月, 2012 7 次提交
-
-
由 Rich Felker 提交于
-
由 Rich Felker 提交于
the types of these expressions must match the integer promotions. unsigned 8- and 16-bit values promote to signed int, not unsigned int.
-
由 Rich Felker 提交于
signedness issue kept %ls with no precision from working at all
-
由 Rich Felker 提交于
printf was not printing too many characters, but it was reading one too many wchar_t elements from the input. this could lead to crashes if running off the page, or spurious failure if the conversion of the extra wchar_t resulted in EILSEQ.
-
由 Rich Felker 提交于
-
由 Rich Felker 提交于
this broke the busybox "free" utility (memory reporting) and possibly other things like uptime.
-
由 Rich Felker 提交于
the field width limit was not being cleared before reading the literal, causing spurious failures in scanf in cases like "%2d:" scanning "00:".
-
- 07 6月, 2012 5 次提交
-
-
由 Rich Felker 提交于
this issue affects the last gpl2 version of binutils, which some people are still using out of aversion to gpl3. musl requires -Bsymbolic-functions because it's the only way to make a libc.so that's able to operate prior to dynamic linking but that still behaves correctly with respect to global vars that may be moved to the main program via copy relocations.
-
由 Rich Felker 提交于
-
由 Rich Felker 提交于
it's possible that the user has provided a compiler that does not have any libc to link to, so linking a main program is a bad idea. instead, generate an empty shared library with no dependencies.
-
由 Rich Felker 提交于
in theory we could support stack protector in the libc itself, and users wanting to experiment with such usage could add -fstack-protector to CFLAGS intentionally. but to avoid breakage in the default case, override broken distro-patched gcc that forces stack protector on.
-
由 Rich Felker 提交于
some broken distro-provided toolchains have modified gcc to produce only "gnu hash" dynamic hash table by default. as this is unsupported by musl, that results in a non-working libc.so. we detect and switch this on in configure rather than hard-coding it in the Makefile because it's not supported by old binutils versions, but that might not even be relevant since old binutils versions already fail from -Bsymbolic-functions being missing. at some point I may review whether this should just go in the Makefile...
-