| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
libc: provide some bounds-checking through reallocarray(3).
reallocarray(3) is a non portable extension that originated in OpenBSD.
Given that it is already in FreeBSD's libc it is useful for the cases
where reallocation involves a multiplication.
|
| |
|
|
| |
Fix error handling.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
1) Fix errors handling.
2) Prevent out of bounds access to ws[-1] (passed buffer) which happens
when the first mb sequence is incomplete and there are not enougn chars in
the read buffer. ws[-1] may lead to memory faults or false results, in
case the memory here contains '\n'.
3) Fix n == 1 case. Here should be no physical read (fill buffer) attempt
(we read n - 1 chars with the room for NUL, see fgets()),
and no NULL return.
|
| |
|
|
|
|
|
| |
fgetwc(3) may set both __SEOF and __SERR at once (in case of incomplete
sequence near EOF), so we can't just check for
(wc == WEOF && !__sfeof(fp)) and must relay on __sferror(fp) with
__SERR clearing/restoring.
|
| |
|
|
|
| |
If error happens, don't overwrite original errno comes from __mbrtowc()
and __srefill().
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1) Don't forget to set __SERR on __slbexpand() error.
2) Remove "Fast path" from fgetwc()/fputwc() since it can't detect
encoding errors and ignores them all.
One of affected encoding example: US-ASCII
3) Original fgetln() from 44lite return success for line tail errors,
i.e. partial line, but set __SERR and errno in the same time, which
is inconsistent.
Now both OpenBSD and NetBSD return failure, i.e. no line and set error
indicators for such case, so make our fgetln() and fgetwln()
(as its wide version) compatible with the rest of *BSD.
PR: 212033
|
| |
|
|
|
|
|
|
| |
Don't check for __SERR which may stick from one of any previous stdio
functions.
__SERR is for user and the rest of stdio code do not check it
for error sensing internally, only set it.
In vf(w)printf.c here it is more easy to save __SERR, clear and restore it.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
1) Eliminate possibility to call __*collate_range_cmp() with inclomplete
locale (which cause core dump) by removing whole 'table' argument
by which it passed.
2) Restore __collate_range_cmp() in __sccl().
3) Collating [a-z] range in regcomp() work only for single bytes locales
(we can't do it now for other ones). In previous code only first 256
wchars are considered and all others are just silently dropped from the
range.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The fix to the __collate_range_cmp() ABI breakage missed some replacements
in libc's vfscanf(). Replace them with __wcollate_range_cmp() which
does what is expected.
This was breaking applications like xterm and pidgin when using wide
characters.
Reported by: Vitalij Satanivskij
Approved by: re
|
| |
|
|
|
|
| |
A follow-up to r299456.
Sponsored by: EMC / Isilon Storage Division
|
| |
|
|
|
|
| |
Reviewed by: jhb, oshogbo
Sponsored by: EMC / Isilon Storage Division
Differential Revision: https://reviews.freebsd.org/D6282
|
| |
|
|
| |
Mostly on comments.
|
| |
|
|
|
|
|
| |
Revert completley r297408 (and r297407): this ends up touching errno,
which we are not allowed to do.
Pointed out by: ache, bde
|
| |
|
|
|
|
|
|
| |
Revert r297407 and redo it cleanly.
Pointed out by: Jukka A. Ukkonen
CID: 1018720
MFC after: 1 week
|
| |
|
|
|
|
|
| |
The case doesn't look very likely but clean the possibility nevertheless
CID: 1018720
MFC after: 1 week
|
| |
|
|
|
| |
MFC after: 1 month
Sponsored by: The FreeBSD Foundation
|
| |
|
|
|
|
|
| |
Fix r295631: wrong value.
Pointy hat: pfg (me)
Pointed out by: bde
|
| |
|
|
|
|
|
|
|
| |
In such cases return ENOMEM. This is a limitation of our
implementation, alternatively you may consider getline(3).
Differential Revision: https://reviews.freebsd.org/D442 (Partial)
Obtained from: Apple Inc. (Libc 997.90.3)
Relnotes: yes
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
POSIX.1-2008 requires that successful completion simply return a
non-negative integer. We have regularly returned a constant value.
Another, equally valid, implementation convention implies returning
the number of bytes written.
Adopt this last convention to be in line with what Apple's libc
does. POSIX also explicitly notes:
Note that this implementation convention cannot be adhered to for strings
longer than {INT_MAX} bytes as the value would not be representable in the
return type of the function. For backwards-compatibility, implementations
can return the number of bytes for strings of up to {INT_MAX} bytes, and
return {INT_MAX} for all longer strings.
Developers shouldn't depend specifically on either convention but
the change may help port software from Apple.
Differential Revision: https://reviews.freebsd.org/D442 (Partial)
Obtained from: Apple Inc. (Libc 997.90.3 with changes)
Relnotes: yes
|
| |
|
|
|
|
| |
alignment.
Differential Revision: https://reviews.freebsd.org/D4708
|
| |
|
|
|
|
|
|
|
|
| |
aligned on a int64_t boundary. However, when we allocate the array of
these structures, we use ALIGNBYTES which defaults to sizeof(int) on
arm, i386 and others. The i386 stuff can handle unaligned accesses
seemlessly. However, arm cannot. Take this into account when creating
the array of FILEs, and add some comments about why.
Differential Revision: https://reviews.freebsd.org/D4708
|
| |
|
|
|
|
|
| |
MFC after: 3 days
X-MFC with: r292004
Submitted by: bde
Sponsored by: EMC / Isilon Storage Division
|
| |
|
|
|
|
|
|
|
|
| |
for intmax_t
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D4434
Reported by: cppcheck
Reviewed by: jhb
Sponsored by: EMC / Isilon Storage Division
|
| |
|
|
|
|
| |
X-MFC with: r285140
MFC after: 3 weeks (need to evaluate whether or not r285140 can be MFCed)
Sponsored by: EMC / Isilon Storage Division
|
| | |
|
| |
|
|
|
|
|
|
|
| |
immediatelly as old code does, now for append modes too.
Real use case for such fallback is impossible (unless specially crafted).
2) Remove now unneded include I forgot to remove in prev. commits.
MFC after: 1 week
|
| |
|
|
| |
MFC after: 1 week
|
| | |
|
| |
|
|
|
|
|
| |
In some edge cases fp->_p can be changed in _sseek(), recalculate.
PR: 204156
MFC after: 1 week
|
| |
|
|
|
| |
PR: 204156
MFC after: 1 week
|
| |
|
|
|
|
| |
Rewrite O_APPEND flag checking using new __S2OAP flag.
MFC after: 3 weeks
|
| |
|
|
|
|
| |
the stream (if mode had 'a' as the first character).
MFC after: 1 week
|
| |
|
|
|
|
|
| |
It helps to remove _fcntl() call from _ftello() and optimize seek position
calculation in _swrite().
MFC after: 3 weeks
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
are aliases for the syscall stubs and are plt-interposed, to the
libc-private aliases of internally interposed sigprocmask() etc.
Since e.g. _sigaction is not interposed by libthr, calling signal()
removes thr_sighandler() from the handler slot etc. The result was
breaking signal semantic and rtld locking.
The added __libc_sigprocmask and other symbols are hidden, they are
not exported and cannot be called through PLT. The setjmp/longjmp
functions for x86 were changed to use direct calls, and since
PIC_PROLOGUE only needed for functional PLT indirection on i386, it is
removed as well.
The PowerPC bug of calling the syscall directly in the setjmp/longjmp
implementation is kept as is.
Reported by: Pete French <petefrench@ingresso.co.uk>
Tested by: Michiel Boland <boland37@xs4all.nl>
Reviewed by: jilles (previous version)
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
|
| |
|
|
| |
MFC after: 2 weeks
|
| |
|
|
|
|
|
|
|
|
| |
This function is equivalent to fclose(3) function except that it
does not close the underlying file descriptor.
fdclose(3) is step forward to make FILE structure private.
Reviewed by: wblock, jilles, jhb, pjd
Approved by: pjd (mentor)
Differential Revision: https://reviews.freebsd.org/D2697
|
| |
|
|
|
|
|
| |
Computing Technologies LLC to Hudson River Trading LLC.
Approved by: Hudson River Trading LLC (who owns ACT LLC)
MFC after: 1 week
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add VCREAT flag to indicate when a new file is being created
* Add VVERIFY to indicate verification is required
* Both VCREAT and VVERIFY are only passed on the MAC method vnode_check_open
and are removed from the accmode after
* Add O_VERIFY flag to rtld open of objects
* Add 'v' flag to __sflags to set O_VERIFY flag.
Submitted by: Steve Kiernan <stevek@juniper.net>
Obtained from: Juniper Networks, Inc.
GitHub Pull Request: https://github.com/freebsd/freebsd/pull/27
Relnotes: yes
|
| |
|
|
|
|
|
| |
These were found by gcc 5.0 on Dragonfly BSD, however I
made no attempt to silence the false positives.
Obtained from: DragonFly (cf515c3a6f3a8964ad592e524442bc628f8ed63b)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
_p and _w are adjusted to account for the partial write (if any).
However, _p and _w should not be unconditionally adjusted and should only
be changed when we actually wrote some bytes, or the accumulated accounting
error will eventually result in a heap buffer overflow.
Reported by: adrian and alfred (Norse Corporation)
Security: FreeBSD-SA-14:27.stdio
Security: CVE-2014-8611
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
number for non-std* descriptors, but close old file and retry.
Obtained from: inspired by Apple's change from pfg@
MFC after: 2 weeks
|
| |
|
|
|
|
|
|
|
|
|
| |
For consistency with r268985 for fputs.c, assign iov_len
first, avoiding the cast to uio_resid (int in stdio)
from degrading the value.
We currently don't support lengths higher than INT_MAX so
this change is little more than cosmetic.
MFC after: 3 days
|
| |
|
|
|
| |
value now, like Apple does, but avoid their __sflush physical write
performance degradation as much as possible.
|
| |
|
|
| |
it can't be used in this field at all.
|
