1. 31 7月, 2023 1 次提交
  2. 24 7月, 2023 1 次提交
  3. 25 6月, 2023 1 次提交
  4. 19 5月, 2023 1 次提交
  5. 11 3月, 2021 1 次提交
  6. 09 9月, 2020 1 次提交
  7. 13 9月, 2018 1 次提交
    • R
      reduce spurious inclusion of libc.h · 5ce37379
      Rich Felker 提交于
      libc.h was intended to be a header for access to global libc state and
      related interfaces, but ended up included all over the place because
      it was the way to get the weak_alias macro. most of the inclusions
      removed here are places where weak_alias was needed. a few were
      recently introduced for hidden. some go all the way back to when
      libc.h defined CANCELPT_BEGIN and _END, and all (wrongly implemented)
      cancellation points had to include it.
      
      remaining spurious users are mostly callers of the LOCK/UNLOCK macros
      and files that use the LFS64 macro to define the awful *64 aliases.
      
      in a few places, new inclusion of libc.h is added because several
      internal headers no longer implicitly include libc.h.
      
      declarations for __lockfile and __unlockfile are moved from libc.h to
      stdio_impl.h so that the latter does not need libc.h. putting them in
      libc.h made no sense at all, since the macros in stdio_impl.h are
      needed to use them correctly anyway.
      5ce37379
  8. 30 8月, 2018 2 次提交
    • R
      make vfprintf set stream orientation even for zero-length output · a43a7b21
      Rich Felker 提交于
      if no output is produced, no underlying fwrite will ever be called,
      but byte-oriented printf functions are still required to set the
      orientation of the stream to byte-oriented. call __towrite explicitly
      if the FILE is not already in write mode.
      a43a7b21
    • R
      re-fix vfprintf temporary buffer logic · f1791f42
      Rich Felker 提交于
      commit b5a8b289 setup the write buffer
      bound pointers for the temporary buffer manually to fix a buffer
      overflow issue, but in doing so, caused vfprintf on unbuffered files
      never to call __towrite, thereby failing to set the stream orientation
      to byte-oriented, failing to clear any prior read mode, and failing to
      produce an error when the stream is not writable.
      
      revert the inline setup of the bounds pointers and instead zero them,
      so that the underlying fwrite code will call __towrite to set them up.
      f1791f42
  9. 24 8月, 2018 1 次提交
    • R
      fix printf precision specifier for hex floats on non-ld80 archs · cfa0a54c
      Rich Felker 提交于
      the code to perform rounding to the desired precision wrongly assumed
      the long double mantissa was an integral number of nibbles (hex
      digits) in length. this is true for 80-bit extended precision (64-bit
      mantissa) but not for double (53) or quad (113).
      
      scale the rounding value by 1<<(LDBL_MANT_DIG%4) to compensate.
      cfa0a54c
  10. 11 1月, 2018 1 次提交
    • R
      fix printf alt-form octal with value 0 and no explicit precision · b64539ae
      Rich Felker 提交于
      commit 78897b0d wrongly simplified
      Dmitry Levin's original submitted patch fixing alt-form octal with the
      zero flag and field width present, omitting the special case where the
      value is zero. as a result, printf("%#o",0) wrongly prints "00" rather
      than "0".
      
      the logic prior to this commit was actually better, in that it was
      aligned with how the alt-form flag (#) for printf is specified ("it
      shall increase the precision"). at the time there was no good way to
      avoid the zero flag issue with the old logic, but commit
      167dfe96 added tracking of whether an
      explicit precision was provided.
      
      revert commit 78897b0d and switch to
      using the explicit precision indicator for suppressing the zero flag.
      b64539ae
  11. 05 7月, 2017 1 次提交
  12. 23 4月, 2017 1 次提交
    • R
      remove va_arg hacks in printf core with undefined behavior · 58e2396a
      Rich Felker 提交于
      the code being removed was written to optimize for size assuming the
      compiler cannot collapse code paths for different types with the same
      underlying representation. modern compilers sometimes succeed in
      making this optimization themselves, but either way it's a small size
      difference and not worth the source-level complexity or the UB
      involved in this hack.
      
      some incorrect use of va_arg still remains, particularly use of void *
      where the actual argument has a different pointer type. fixing this
      requires some actual code additions, rather than just removing cruft,
      so I'm leaving it to be done later as a separate commit.
      58e2396a
  13. 20 10月, 2016 3 次提交
    • S
      fix float formatting of some exact halfway cases · 51ab6db4
      Szabolcs Nagy 提交于
      in nearest rounding mode exact halfway cases were not following the
      round to even rule if the rounding happened at a base 1000000000 digit
      boundary of the internal representation and the previous digit was odd.
      
      e.g. printf("%.0f", 1.5) printed 1 instead of 2.
      51ab6db4
    • R
      fix integer overflows and uncaught EOVERFLOW in printf core · 167dfe96
      Rich Felker 提交于
      this patch fixes a large number of missed internal signed-overflow
      checks and errors in determining when the return value (output length)
      would exceed INT_MAX, which should result in EOVERFLOW. some of the
      issues fixed were reported by Alexander Cherepanov; others were found
      in subsequent review of the code.
      
      aside from the signed overflows being undefined behavior, the
      following specific bugs were found to exist in practice:
      
      - overflows computing length of floating point formats with huge
        explicit precisions, integer formats with prefix characters and huge
        explicit precisions, or string arguments or format strings longer
        than INT_MAX, resulted in wrong return value and wrong %n results.
      
      - literal width and precision values outside the range of int were
        misinterpreted, yielding wrong behavior in at least one well-defined
        case: string formats with precision greater than INT_MAX were
        sometimes truncated.
      
      - in cases where EOVERFLOW is produced, incorrect values could be
        written for %n specifiers past the point of exceeding INT_MAX.
      
      in addition to fixing these bugs, we now stop producing output
      immediately when output length would exceed INT_MAX, rather than
      continuing and returning an error only at the end.
      167dfe96
    • R
      fix integer overflow in float printf needed-precision computation · 70d2687d
      Rich Felker 提交于
      if the requested precision is close to INT_MAX, adding
      LDBL_MANT_DIG/3+8 overflows. in practice the resulting undefined
      behavior manifests as a large negative result, which is then used to
      compute the new end pointer (z) with a wildly out-of-bounds value
      (more overflow, more undefined behavior). the end result is at least
      incorrect output and character count (return value); worse things do
      not seem to happen, but detailed analysis has not been done.
      
      this patch fixes the overflow by performing the intermediate
      computation as unsigned; after division by 9, the final result
      necessarily fits in int.
      70d2687d
  14. 17 9月, 2016 1 次提交
    • R
      fix printf regression with alt-form octal, zero flag, and field width · 78897b0d
      Rich Felker 提交于
      commit b91cdbe2, in fixing another
      issue, changed the logic for how alt-form octal adds the leading zero
      to adjust the precision rather than using a prefix character. this
      wrongly suppressed the zero flag by mimicing an explicit precision
      given by the format string. switch back to using a prefix character.
      
      based on bug report and patch by Dmitry V. Levin, but simplified.
      78897b0d
  15. 19 12月, 2014 1 次提交
    • R
      don't suppress sign output for NANs in printf · 0f859fc9
      Rich Felker 提交于
      formally, it seems a sign is only required when the '+' modifier
      appears in the format specifier, in which case either '+' or '-' must
      be present in the output. but the specification is written such that
      an optional negative sign is part of the output format anyway, and the
      simplest approach to fixing the problem is removing the code that was
      suppressing the sign.
      0f859fc9
  16. 17 12月, 2014 1 次提交
    • R
      correctly handle write errors encountered by printf-family functions · d42269d7
      Rich Felker 提交于
      previously, write errors neither stopped further output attempts nor
      caused the function to return an error to the caller. this could
      result in silent loss of output, possibly in the middle of output in
      the event of a non-permanent error.
      
      the simplest solution is temporarily clearing the error flag for the
      target stream, then suppressing further output when the error flag is
      set and checking/restoring it at the end of the operation to determine
      the correct return value.
      
      since the wide version of the code internally calls the narrow fprintf
      to perform some of its underlying operations, initial clearing of the
      error flag is suppressed when performing a narrow vfprintf on a
      wide-oriented stream. this is not a problem since the behavior of
      narrow operations on wide-oriented streams is undefined.
      d42269d7
  17. 16 11月, 2014 1 次提交
    • R
      fix behavior of printf with alt-form octal, zero precision, zero value · b91cdbe2
      Rich Felker 提交于
      in this case there are two conflicting rules in play: that an explicit
      precision of zero with the value zero produces no output, and that the
      '#' modifier for octal increases the precision sufficiently to yield a
      leading zero. ISO C (7.19.6.1 paragraph 6 in C99+TC3) includes a
      parenthetical remark to clarify that the precision-increasing behavior
      takes precedence, but the corresponding text in POSIX off of which I
      based the implementation is missing this remark.
      
      this issue was covered in WG14 DR#151.
      b91cdbe2
  18. 31 5月, 2014 1 次提交
  19. 08 4月, 2014 1 次提交
    • R
      fix printf rounding with %g for some corner case midpoints · e94d0692
      Rich Felker 提交于
      the subsequent rounding code assumes the end pointer (z) accurately
      reflects the end of significance in the decimal expansion, but for
      certain large integers, spurious trailing zero slots were left behind
      when applying the binary exponent.
      
      issue reported by Morten Welinder; the analysis of the cause was
      performed by nsz, who also proposed this change.
      e94d0692
  20. 07 4月, 2014 2 次提交
    • R
      fix failure of printf %g to strip trailing zeros in some cases · 89740868
      Rich Felker 提交于
      the code to strip trailing zeros was only looking in the last slot for
      up to 9 zeros, assuming that the rounding code had already removed
      fully-zero slots from the end. however, this ignored cases where the
      rounding code did not run at all, which occur when the value being
      printed is exactly representable in the requested precision.
      
      the simplest solution is to move the code that strips trailing zero
      slots to run unconditionally, immediately after rounding, rather than
      as the last step of rounding.
      89740868
    • R
      fix carry into uninitialized slots during printf floating point rounding · 109048e0
      Rich Felker 提交于
      in cases where rounding caused a carry, the slot into which the carry
      was taking place was unconditionally treated as valid, despite the
      possibility that it could be a new slot prior to the beginning of the
      existing non-rounded number. in theory this could lead to unbounded
      runaway carry, but in order for that to happen, the whole
      uninitialized buffer would need to have been pre-filled with 32-bit
      integer values greater than or equal to 999999999.
      
      patch based on proposed fix by Morten Welinder, who also discovered
      and reported the bug.
      109048e0
  21. 09 3月, 2014 2 次提交
    • R
      fix incorrect rounding in printf floating point corner cases · 9743a399
      Rich Felker 提交于
      the printf floating point formatting code contains an optimization to
      avoid computing digits that will be thrown away by rounding at the
      specified (or default) precision. while it was correctly retaining all
      places up to the last decimal place to be printed, it was not
      retaining enough precision to see the next nonzero decimal place in
      all cases. this could cause incorrect rounding down in round-to-even
      (default) rounding mode, for example, when printing 0.5+DBL_EPSILON
      with "%.0f".
      
      in the fix, LDBL_MANT_DIG/3 is a lazy (non-sharp) upper bound on the
      number of zeros between any two nonzero decimal digits.
      9743a399
    • R
      fix buffer overflow in printf formatting of denormals with low bit set · ba231cf9
      Rich Felker 提交于
      empirically the overflow was an off-by-one, and it did not seem to be
      overwriting meaningful data. rather than simply increasing the buffer
      size by one, however, I have attempted to make the size obviously
      correct in terms of bounds on the number of iterations for the loops
      that fill the buffer. this still results in no more than a negligible
      size increase of the buffer on the stack (6-7 32-bit slots) and is a
      "safer" fix unless/until somebody wants to do the proof that a smaller
      buffer would suffice.
      ba231cf9
  22. 07 10月, 2013 1 次提交
  23. 03 8月, 2013 1 次提交
  24. 09 11月, 2012 1 次提交
    • R
      clean up stdio_impl.h · 835f9f95
      Rich Felker 提交于
      this header evolved to facilitate the extremely lazy practice of
      omitting explicit includes of the necessary headers in individual
      stdio source files; not only was this sloppy, but it also increased
      build time.
      
      now, stdio_impl.h is only including the headers it needs for its own
      use; any further headers needed by source files are included directly
      where needed.
      835f9f95
  25. 19 10月, 2012 1 次提交
  26. 07 9月, 2012 1 次提交
    • R
      use restrict everywhere it's required by c99 and/or posix 2008 · 400c5e5c
      Rich Felker 提交于
      to deal with the fact that the public headers may be used with pre-c99
      compilers, __restrict is used in place of restrict, and defined
      appropriately for any supported compiler. we also avoid the form
      [restrict] since older versions of gcc rejected it due to a bug in the
      original c99 standard, and instead use the form *restrict.
      400c5e5c
  27. 11 8月, 2012 1 次提交
  28. 20 6月, 2012 2 次提交
    • R
      fix another oob pointer arithmetic issue in printf floating point · 839bff64
      Rich Felker 提交于
      this one could never cause any problems unless the compiler/machine
      goes to extra trouble to break oob pointer arithmetic, but it's best
      to fix it anyway.
      839bff64
    • R
      fix pointer overflow bug in floating point printf · 914949d3
      Rich Felker 提交于
      large precision values could cause out-of-bounds pointer arithmetic in
      computing the precision cutoff (used to avoid expensive long-precision
      arithmetic when the result will be discarded). per the C standard,
      this is undefined behavior. one would expect that it works anyway, and
      in fact it did in most real-world cases, but it was randomly
      (depending on aslr) crashing in i386 binaries running on x86_64
      kernels. this is because linux puts the userspace stack near 4GB
      (instead of near 3GB) when the kernel is 64-bit, leading to the
      out-of-bounds pointer arithmetic overflowing past the end of address
      space and giving a very low pointer value, which then compared lower
      than a pointer it should have been higher than.
      
      the new code rearranges the arithmetic so that no overflow can occur.
      
      while this bug could crash printf with memory corruption, it's
      unlikely to have security impact in real-world applications since the
      ability to provide an extremely large field precision value under
      attacker-control is required to trigger the bug.
      914949d3
  29. 08 6月, 2012 2 次提交
  30. 17 4月, 2012 2 次提交
    • R
      fix buffer overflow in vfprintf on long writes to unbuffered files · b5a8b289
      Rich Felker 提交于
      vfprintf temporarily swaps in a local buffer (for the duration of the
      operation) when the target stream is unbuffered; this both simplifies
      the implementation of functions like dprintf (they don't need their
      own buffers) and eliminates the pathologically bad performance of
      writing the formatted output with one or more write syscalls per
      formatting field.
      
      in cases like dprintf where we are dealing with a virgin FILE
      structure, everything worked correctly. however for long-lived files
      (like stderr), it's possible that the buffer bounds were already set
      for the internal zero-size buffer. on the next write, __stdio_write
      would pick up and use the new buffer provided by vfprintf, but the
      bound (wend) field was still pointing at the internal zero-size
      buffer's end. this in turn allowed unbounded writes to the temporary
      buffer.
      b5a8b289
    • R
      fix %lf, etc. with printf · cc3a4466
      Rich Felker 提交于
      the l prefix is redundant/no-op with printf, since default promotions
      always promote floats to double; however, it is valid, and printf was
      wrongly rejecting it.
      cc3a4466
  31. 29 9月, 2011 1 次提交
  32. 04 7月, 2011 1 次提交