| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
| |
getln: We cannot expand the buffer beyond INT_MAX (_size overflows).
In such cases return ENOMEM. This is a limitation of our
implementation, alternatively you may consider getline(3).
Differential Revision: https://reviews.freebsd.org/D442 (Partial)
Obtained from: Apple Inc. (Libc 997.90.3)
|
| |
|
|
|
| |
MFC at whole.
Set __SERR on __slbexpand() errors.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Avoid double use of "request" in a single sentence. Instead, describe
aio_sigevent as being used to request notification of the associated
operation's completion. This matches the language used to describe
aio_sigevent in aio(4).
- Simplify the prohibition on modifying buffers while requests are in
flight.
- Fix case mismatch.
- Drop note about not using stack variables. C programmers should be able
to figure out if a stack variable is safe based on the later warning
about the life cycle requirements of control blocks.
- Remove prohibition on modifying the I/O buffer for aio_fsync() since
it does not use an I/O buffer. For aio_mlock(), prohibit modifications
to the mapping (e.g. due to mprotect, munmap, mmap, etc.) but do not
prohibit modifications to the memory backing the buffer (stores into
the pages backing the buffer).
|
| |
|
|
|
|
|
|
|
| |
- src.opts.mk should be bsd.own.mk on ^/stable/10
- LIBADD should be DPADD/LDADD on ^/stable/10
Pointyhat to: kib
Reported by: Olivier Pinter <oliver.pinter@hardenedbsd.org>
Sponsored by: EMC / Isilon Storage Division
|
| |
|
|
| |
Add __cxa_thread_atexit(3) API implementation.
|
| |
|
|
| |
Create namespace for the symbols added during 12-CURRENT cycle.
|
| |
|
|
|
|
|
|
|
| |
First, PL_FLAG_FORKED events now also set a PL_FLAG_VFORKED flag when
the new child was created via vfork() rather than fork(). Second, a
new PL_FLAG_VFORK_DONE event can now be enabled via the PTRACE_VFORK
event mask. This new stop is reported after the vfork parent resumes
due to the child calling exit or exec. Debuggers can use this stop to
reinsert breakpoints in the vfork parent process before it resumes.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
r303088,r303142,r303208,r303210,r303530,r303536,r303564,r303565,
r303706
In short:
1) All situations with glob(3) error return codes are well defined by
POSIX, so rewrite old sporadic errors processing to match those
definitions.
Including subcases:
Both C99 and POSIX directly prohibits any standard function to set errno
to 0. Breaking this rule in 2001 NetBSD hack was imported which attempts
to workaround very limited glob(3) return codes amount.
Use POSIX-compatible workaround now with E2BIG which can't comes from
other functions used instead of prohibited 0.
Process errors happpens in (*readdirfunc)() too, as POSIX requires.
Per POSIX GLOB_NOCHECK should return original pattern,
unmodified, if no matches found. But our code strips all '\'
returning it. Rewrite the code to allow to return original pattern.
GLOB_ERR and gl_errfunc are supposed to work only for real directories
per POSIX, so don't act on missing or plain files for ENOENT or ENOTDIR
(as TODO in the code suggested).
Remove the hack in the manpage describing how to skip ENOENT and ENOTDIR
in gl_errfunc, it is unneeded now.
Per POSIX GLOB_ERR must be considered even if gl_errfunc is not set,
old code skips it in that case.
2) For near MAXPATHLEN long pathes old glob(3) code can operate on
truncated results, prevent it in several places.
3) Results was not sorted according to collate as POSIX requires.
4) globtilde() forget to convert expanded user home dir from multibyte to
wide chars. Moreover, those chars are addded as not protected, so
can be treated as special chars.
5) Backward hack for EILSEQ in g_Ctoc() was not implemented, so all
pathes with illegal byte sequences are skipped as result, implement it now.
6) GLOB_BRACE was somehow broken. First it repeatedly calls glob0() in
globexp1() recursive calls, but glob0() was not supposed to be called
repeatedly in the original code. It finalize results by possible adding
original pattern for no match case, may return GLOB_NOMATCH error and
by sorting all things. Original pattern adding or GLOB_NOMATCH error
can happens each time glob0() called repeatedly, and sorting happens
for one item only, all things are never sorted. Second, f.e. "a{a"
pattern does not match "a{a" file but match "a" file instead.
Third, some errors (f.e. for limits or overflow) can be ignored
by GLOB_BRACE code because it forces return (0).
Add non-finalizing flag to glob0() and make globexp0() wrapper around
recursively called globexp1() to finalize things like glob0() does.
Reorganize braces code to work correctly.
7) Don't allow MB_CUR_MAX * strlen overallocation hits GLOB_LIMIT_STRING
(ARG_MAX) limit, use final string length, not malloced space for it.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a mask of optional ptrace() events.
302900:
Add a test for user signal delivery.
This test verifies we get the correct ptrace event details when a signal
is posted to a traced process from userland.
302902:
Add a mask of optional ptrace() events.
ptrace() now stores a mask of optional events in p_ptevents. Currently
this mask is a single integer, but it can be expanded into an array of
integers in the future.
Two new ptrace requests can be used to manipulate the event mask:
PT_GET_EVENT_MASK fetches the current event mask and PT_SET_EVENT_MASK
sets the current event mask.
The current set of events include:
- PTRACE_EXEC: trace calls to execve().
- PTRACE_SCE: trace system call entries.
- PTRACE_SCX: trace syscam call exits.
- PTRACE_FORK: trace forks and auto-attach to new child processes.
- PTRACE_LWP: trace LWP events.
The S_PT_SCX and S_PT_SCE events in the procfs p_stops flags have
been replaced by PTRACE_SCE and PTRACE_SCX. PTRACE_FORK replaces
P_FOLLOW_FORK and PTRACE_LWP replaces P2_LWP_EVENTS.
The PT_FOLLOW_FORK and PT_LWP_EVENTS ptrace requests remain for
compatibility but now simply toggle corresponding flags in the
event mask.
While here, document that PT_SYSCALL, PT_TO_SCE, and PT_TO_SCX both
modify the event mask and continue the traced process.
302921:
Rename PTRACE_SYSCALL to LINUX_PTRACE_SYSCALL.
303461:
Note that not all optional ptrace events use SIGTRAP.
New child processes attached due to PTRACE_FORK use SIGSTOP instead of
SIGTRAP. All other ptrace events use SIGTRAP.
304009:
Remove description of P_FOLLOWFORK as this flag was removed.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
292894:
Add ptrace(2) reporting for LWP events.
Add two new LWPINFO flags: PL_FLAG_BORN and PL_FLAG_EXITED for reporting
thread creation and destruction. Newly created threads will stop to report
PL_FLAG_BORN before returning to userland and exiting threads will stop to
report PL_FLAG_EXIT before exiting completely. Both of these events are
only enabled and reported if PT_LWP_EVENTS is enabled on a process.
292896:
Document the recently added support for ptrace(2) LWP events.
|
| |
|
|
| |
Fix an infinite loop in setnetgrent(3) with NIS netgroups.
|
| |
|
|
|
|
|
|
|
|
| |
- Add a sigevent(3) manpage to give a general overview of the sigevent
structure and the available notification mechanisms.
- Document that AIO requests contain a nested sigevent structure that can
be used to request completion notification.
- Expand the sigevent details in other manuals to note details such as
the extra values stored in a queued signal's information or in a posted
kevent.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
1) Eliminate possibility to call __*collate_range_cmp() with inclomplete
locale (which cause core dump) by removing whole 'table' argument
by which it passed.
2) Restore __collate_range_cmp() in __sccl().
3) Collating [a-z] range in regcomp() works for single byte locales only
(we can't do it for other ones). In previous state only first 256
wide chars are considered and all others are just silently dropped from the
range.
|
| |
|
|
|
|
|
|
|
| |
Revert r301707
getnetent_p doesn't return NULL like getnetent does. coccinelle got confused and
I didn't verify that it worked before committing the change
Pointyhat to: ngie
|
| |
|
|
|
|
|
| |
Use NULL instead of `0` in _ht_getnetbyname(..)
- getnetent returns NULL on completion/error.
- .h_aliases is NULL terminated.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Let l64a() properly null terminate its result.
Though the buffer used by l64a() is initialized with null bytes,
repetetive calls may end up having trailing garbage of previous
invocations because we don't end up terminating the string.
Instead of importing NetBSD's fix, use this opportunity to simplify this
function dramatically, for example by just storing the Base64 character
set in a string. There is also no need to do the bitmasking, as we can
just use the proper integer type from <stdint.h>.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
libc: regexec(3) adjustment.
Change the behavior of when REG_STARTEND is combined with REG_NOTBOL.
From the original posting[1]:
"Enable the assumption that pmatch[0].rm_so is a continuation offset
to a string and allows us to do a proper assessment of the character
in regards to it's word position ('^' or '\<'), without risking going
into unallocated memory."
This change makes us similar to how glibc handles REG_STARTEND |
REG_NOTBOL, and is closely related to a soon-to-land fix to sed.
Special thanks to Martijn van Duren and Ingo Schwarze for working
out some consistent behaviour.
Differential Revision: https://reviews.freebsd.org/D6257
Taken from: openbsd-tech 2016-05-24 [1] (Martijn van Duren)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Don't leak olinep if malloc() fails.
If malloc() fails to allocate linep, then free olinep (if it exists)
before returning to avoid a memory leak.
Reported by: Coverity
CID: 1016716
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D6755
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Don't leak addrinfo if ai->ai_addrlen <= minsiz test fails.
If the ai->ai_addrlen <= minsiz test fails, then freeaddrinfo()
does not get called to free the memory just allocated by getaddrinfo().
Fix by moving ai->ai_addrlen <= minsiz to a separate nested if
block, and keep freeaddrinfo() in the outer block so that freeaddrinfo()
will be called whenever getaddrinfo() succeeds.
Reported by: Coverity
CID: 1273652
Reviewed by: ume
Differential Revision: https://reviews.freebsd.org/D6756
|
| |
|
|
|
| |
Mark jail(2), and the sysctls that it (and only it) uses as deprecated.
jail(8) has long used jail_set(2), and those sysctl only cause confusion.
|
| |
|
|
| |
Test for strchr(3) returning NULL, not 0
|
| |
|
|
|
|
|
|
|
|
| |
r299511 (by cem):
print_positional_test: Fix misuse of wchar APIs
These APIs take unit length, not byte length parameters.
CIDs: 1338543, 1338544, 1338545
|
| |
|
|
|
|
|
|
|
|
|
| |
r299502 (by cem):
nss/gethostby_test: fix broken vector iteration of gethostbyaddr h_aliases
h_aliases is a NULL-terminated rather than fixed-length array. nitems() is not
a valid way to determine its end; instead, check for NULL.
CID: 1346578
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Fix up r300385
I accidentally glossed over the fact that tmp is manipulated via strchr, so
if we tried to free `tmp` after r300385, it would have crashed.
Create a separate pointer (tmp2) to track the original allocation of `tmp`,
and free `tmp2` if `p->nc_lookups` can't be malloced
CID: 1356026
|
| |
|
|
| |
Don't leak `tmp` if `p->nc_lookups` can't be malloced
|
| |
|
|
|
|
|
| |
Don't leak `handle` if svc_tp_create(..) succeeds and allocating a new
struct xlist object fails
CID: 978277
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
r300387:
getnetid(..): consistently fclose fd at the end of the function
This mutes a false positive with cppcheck, but also helps eliminate future
potential issues with this variable
r300388:
Call endnetconfig on nc_handle sooner to avoid leaking nc_handle if tmpnconf
was NULL
This would theoretically happen if the netconfig protocol family and protocol
semantics were never matched.
CID: 978179
r300389:
nis_rpcent: don't leak resultbuf from yp_first(..)/yp_next(..)
If the buffer couldn't be adequately resized to accomodate an additional "\n",
it would leak resultbuf by breaking from the loop early
CID: 1016702
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
r300620:
Use reallocf instead of malloc to fix leak with outbuf_pmap
The previous code overwrote outbuf_pmap's memory with malloc once per
loop iteration, which leaked its memory; use reallocf instead to ensure
that memory is properly free'd each loop iteration.
Add a outbuf_pmap = NULL in the failure case to avoid a double-free
at the bottom of the function.
CID: 1038776
r300621:
Remove redundant NULLing of outbuf_pmap
If reallocf ever failed, outbuf_pmap would already be NULL
|
| |
|
|
|
|
| |
Don't use fixup for C99 and up, the compiler result is already correct.
Suggested by: bde
|
| |
|
|
|
| |
Reflect error indication according to POSIX and what those functions
currently do.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
1) Unifdef USE_WEAK_SEEDING since it is too obsolete to support and makes
reading hard.
2) Instead of doing range transformation in each and every function here,
do it single time directly in do_rand(). One "mod" operation overhead is not
a big deal, but the code looks nicer and possible future functions additions
or PRNG change do not miss range transformations neither have unneeded ones.
3) Use POSIX argument types for visible functions (cosmetic).
|
| |
|
|
|
| |
can't be merged without conflicts and require merging of other versions
too and I don't want to go deep in that unmerged commits chain.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1) Unifdef USE_WEAK_SEEDING it is too obsolete to support and makes reading
harder.
2) ACM paper require seed to be in [1, 2^31-2] range, so use the same range
shifting as already done for rand(3). Also protect srandomdev() + TYPE_0 case
(non default) from negative seeds.
3) Don't check for valid "type" range in setstate(), it is always valid as
calculated. Instead add a check that rear pointer not exceeed end pointer.
MFC: r300965
Micro optimize: C standard guarantees that right shift for unsigned value
fills left bits with zero, and we have exact 32bit unsigned value
(uint32_t), so there is no reason to add "& 0x7fffffff" here.
|
| |
|
|
| |
FTS: Remove stale reference to nfs4 fs which was removed in r192578.
|
| |
|
|
|
|
|
| |
the character after the one this conversion stopped at.
PR: 209907
Submitted by: Roel Standaert <roel@abittechnical.com> (partially)
|
| |
|
|
|
|
|
|
|
| |
Fix Coverity CID 1016714 Resource leak in process_file_actions_entry()
Don't leak a file descriptor of _dup2() fails (shouldn't happen).
Reported by: Coverity
CID: 1016714
|
| |
|
|
|
|
|
|
|
| |
Fix 1016718 Resource leak.
Don't leak a file descriptor if fchdir() fails.
Reported by: Coverity
CID: 1016718
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
libc/regex: fix two buffer underruns.
Fix some rather complex regex issues found on OpenBSD as part of some
ongoing work to fix a sed(1) bug.
Curiously the OpenBSD tests don't trigger segfaults on FreeBSD but the
bugs were confirmed by running a port of FreeBSD's regex under OpenBSD's
malloc. Huge thanks to Ingo for confirming the behavior.
Obtained from: OpenBSD (CVS 1.20, 1.21)
|
| |
|
|
| |
application code.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
1) POSIX prohibits printing errors to stderr here and require
returning NULL:
"Upon successful completion, initstate() and setstate() shall return a
pointer to the previous state array; otherwise, a null pointer shall
be returned.
Although some implementations of random() have written messages to
standard error, such implementations do not conform to POSIX.1-2008."
2) Move error detections earlier to prevent state modifying.
|
| |
|
|
|
|
|
|
|
| |
Read the contents of the snapshot files properly
- Use fgetln instead of fgets; localize complexity related to fgetln(3)
inside the loop.
- Skip over blank lines.
- Skip over lines (properly) that start with a "#"
|
| |
|
|
|
|
|
|
| |
Don't call free_addrselectpolicy(&policyhead) before policyhead has been
initialized.
Reported by: Coverity
CID: 1018727
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
r299879 | truckman | 2016-05-15 18:30:32 -0700 (Sun, 15 May 2016) | 7 lines
Likely a false positive ... but make sure that -1 can't be used as an
array index by splitting up a test.
r299880 | truckman | 2016-05-15 18:38:24 -0700 (Sun, 15 May 2016) | 8 lines
Since rdata is only used as an argument to the immediately following
call to res_nopt_rdata(), revert r299879 and fix CID 603941 by moving
rdata = &buf[n];
inside the if block.
Reported by: Coverity
CID: 603941
|
| |
|
|
|
|
|
| |
Add EVFILT_VNODE open, read and close notifications.
MFC r298984:
Correct wording.
|
| |
|
|
|
|
| |
Issue NOTE_EXTEND when a directory entry is added to or removed from
the monitored directory as the result of rename(2) operation. The
renames staying in the directory are not reported.
|
| |
|
|
| |
Explain NOTE_LINK reporting for the directories.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Provide an example to the kqueue man page, showing
a basic usage example. Although it is an
untypical example for the use of kqueue, it is
better than nothing and should get people started.
PR: 196844
Submitted by: fernando.apesteguia@gmail.com
Reviewed by: kib
Approved by: kib
Differential Revision: https://reviews.freebsd.org/D6082
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
r298311:
Make sure fmemopen succeeds in :test_append_binary_pos before calling ftell
on the FILE object
This fixes potential null pointer dereferences on failure
CID: 1254952
r298312:
Fix double fclose of `fp1` when freopen fails
freopen handles closing file descriptors on error, with the exception of
fdopen'ed descriptors, so closing an already fclose'd file descriptor is
incorrect
CID: 1338525
|
| |
|
|
|
|
|
|
|
|
|
| |
regex: prevent two improbable signed integer overflows.
In matcher() we used an integer to index nsub of type size_t.
In print() we used an integer to index nstates of type sopno,
typedef'd long.
In both cases the indexes never take negative values.
Match the types to avoid any error.
|
