| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |
| |
| |
| | |
Pointed out by: andrew
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Change the behavior of when REG_STARTEND is combined with REG_NOTBOL.
From the original posting[1]:
"Enable the assumption that pmatch[0].rm_so is a continuation offset
to a string and allows us to do a proper assessment of the character
in regards to it's word position ('^' or '\<'), without risking going
into unallocated memory."
This change makes us similar to how glibc handles REG_STARTEND |
REG_NOTBOL, and is closely related to a soon-to-land fix to sed.
Special thanks to Martijn van Duren and Ingo Schwarze for working
out some consistent behaviour.
Differential Revision: https://reviews.freebsd.org/D6257
Taken from: openbsd-tech 2016-05-24 [1] (Martijn van Duren)
Relnotes: yes
MFC after: 1 month
|
| | |
| |
| |
| |
| |
| | |
Discussed with: andrew
Sponsored by: DARPA, AFRL
Sponsored by: HEIF5
|
| | |
| |
| |
| |
| |
| | |
Reported by: Coverity
CID: 1016697
MFC after: 1 week
|
| | |
| |
| |
| |
| |
| | |
Reported by: Coverity
CID: 1225038
MFC after: 1 week
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Close the socket if connect() fails to avoid leaking it.
Reported by: Coverity
CID: 978183
MFC after: 1 week
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Don't leak a file descriptor of _dup2() fails (shouldn't happen).
Reported by: Coverity
CID: 1016714
MFC after: 1 week
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Don't leak a file descriptor if fchdir() fails.
Reported by: Coverity
CID: 1016718
MFC after: 1 week
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
I accidentally glossed over the fact that tmp is manipulated via strchr, so
if we tried to free `tmp` after r300385, it would have crashed.
Create a separate pointer (tmp2) to track the original allocation of `tmp`,
and free `tmp2` if `p->nc_lookups` can't be malloced
MFC after: 4 days
X-MFC with: r300385
Reported by: Coverity
CID: 1356026
Sponsored by: EMC / Isilon Storage Division
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
If reallocf ever failed, outbuf_pmap would already be NULL
MFC after: 1 week
X-MFC with: r300620
Reported by: cem
Sponsored by: EMC / Isilon Storage Division
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The previous code overwrote outbuf_pmap's memory with malloc once per
loop iteration, which leaked its memory; use reallocf instead to ensure
that memory is properly free'd each loop iteration.
Add a outbuf_pmap = NULL in the failure case to avoid a double-free
at the bottom of the function.
Differential Revision: https://reviews.freebsd.org/D6495
MFC after: 1 week
Reported by: Coverity
CID: 1038776
Reviewed by: markj, pfgj
Sponsored by: EMC / Isilon Storage Division
|
| | |
| |
| |
| | |
MFC after: 1 week
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The currently used idiom for clearing the part of a ccb after its
header generates one or two Coverity errors for each time it is
used. All instances generate an Out-of-bounds access (ARRAY_VS_SINGLETON)
error because of the treatment of the header as a two element array,
with a pointer to the non-existent second element being passed as
the starting address to bzero(). Some instances also alsp generate
Out-of-bounds access (OVERRUN) errors, probably because the space
being cleared is larger than the sizeofstruct ccb_hdr).
In addition, this idiom is difficult for humans to understand and
it is error prone. The user has to chose the proper struct ccb_*
type (which does not appear in the surrounding code) for the sizeof()
in the length calculation. I found several instances where the
length was incorrect, which could cause either an actual out of
bounds write, or incompletely clear the ccb.
A better way is to write the code to clear the ccb itself starting
at sizeof(ccb_hdr) bytes from the start of the ccb, and calculate
the length based on the specific type of struct ccb_* being cleared
as specified by the union ccb member being used. The latter can
normally be seen in the nearby code. This is friendlier for Coverity
and other static analysis tools because they will see that the
intent is to clear the trailing part of the ccb.
Wrap all of the boilerplate code in a convenient macro that only
requires a pointer to the desired union ccb member (or a pointer
to the union ccb itself) as an argument.
Reported by: Coverity
CID: 1007578, 1008684, 1009724, 1009773, 1011304, 1011306
CID: 1011307, 1011308, 1011309, 1011310, 1011311, 1011312
CID: 1011313, 1011314, 1011315, 1011316, 1011317, 1011318
CID: 1011319, 1011320, 1011321, 1011322, 1011324, 1011325
CID: 1011326, 1011327, 1011328, 1011329, 1011330, 1011374
CID: 1011390, 1011391, 1011392, 1011393, 1011394, 1011395
CID: 1011396, 1011397, 1011398, 1011399, 1011400, 1011401
CID: 1011402, 1011403, 1011404, 1011405, 1011406, 1011408
CID: 1011409, 1011410, 1011411, 1011412, 1011413, 1011414
CID: 1017461, 1018387, 1086860, 1086874, 1194257, 1229897
CID: 1229968, 1306229, 1306234, 1331282, 1331283, 1331294
CID: 1331295, 1331535, 1331536, 1331539, 1331540, 1341623
CID: 1341624, 1341637, 1341638, 1355264, 1355324
Reviewed by: scottl, ken, delphij, imp
MFH: 1 month
Differential Revision: https://reviews.freebsd.org/D6496
|
| | |
| |
| |
| | |
MFC after: 1 week
|
| | |
| |
| |
| |
| |
| | |
no longer needed.
Sponsored by: ABT Systems Ltd
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
returning NULL:
"Upon successful completion, initstate() and setstate() shall return a
pointer to the previous state array; otherwise, a null pointer shall
be returned.
Although some implementations of random() have written messages to
standard error, such implementations do not conform to POSIX.1-2008."
2) Move error detections earlier to prevent state modifying.
MFC after: 1 week
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
If the buffer couldn't be adequately resized to accomodate an additional "\n",
it would leak resultbuf by breaking from the loop early
MFC after: 2 weeks
Reported by: Coverity
CID: 1016702
Sponsored by: EMC / Isilon Storage Division
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
was NULL
This would theoretically happen if the netconfig protocol family and protocol
semantics were never matched.
MFC after: 2 weeks
Reported by: Coverity
CID: 978179
Sponsored by: EMC / Isilon Storage Division
|
| | |
| |
| |
| |
| |
| |
| |
| | |
This mutes a false positive with cppcheck, but also helps eliminate future
potential issues with this variable
MFC after: 2 weeks
Sponsored by: EMC / Isilon Storage Division
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
struct xlist object fails
MFC after: 1 week
Reported by: Coverity
CID: 978277
Sponsored by: EMC / Isilon Storage Division
|
| | |
| |
| |
| |
| |
| | |
MFC after: 1 week
Reported by: cppcheck
Sponsored by: EMC / Isilon Storage Division
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fix some rather complex regex issues found on OpenBSD as part of some
ongoing work to fix a sed(1) bug.
Curiously the OpenBSD tests don't trigger segfaults on FreeBSD but the
bugs were confirmed by running a port of FreeBSD's regex under OpenBSD's
malloc. Huge thanks to Ingo for confirming the behavior.
Taken from: Ingo Schwarze (through openbsd-tech 2016-05-15)
MFC after: 1 week
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The WITH_SYSTEM_COMPILER build option will rely on this value to determine what
__FreeBSD_cc_version the source tree will produce. This value will be compared
against the /usr/bin/cc value to determine if a new compiler is needed.
Start with 1100002 which is 1 more than than the value we've had since
3.8.0 to ensure that all changes since then are present.
Reviewed by: dim
Sponsored by: EMC / Isilon Storage Division
|
| | |
| |
| |
| | |
MFC after: 2 weeks
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The density code and bits per mm values were obtained from an
actual drive density report.
The number of tracks were obtained from an LTO-7 hardware
announcement on IBM's web site.
Sponsored by: Spectra Logic
MFC after: 3 days
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Improvements include:
* Add support for reporting and handling a number of new constants in
various tools, including:
* CloudABI OSABI
* DT_TLSDESC_*
* i386, MIPS, SPARC and amd64 relocations
* C++ demangler bug fixes
* Man page updates
* Improved input validation in several tools
This update also reduces diffs against upstream as a number of fixes
included in upstream were previously cherry-picked into FreeBSD.
Sponsored by: The FreeBSD Foundation
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Specification, Version 2, but marked as legacy, and have been removed from
later specifications. After 12 years it is time to remove them from new
architectures when the main use for sbrk is an invalid method to attempt
to find how much memory has been allocated from malloc.
There are a few places in the tree that still call sbrk, however they are
not used on arm64. They will need to be fixed to cross build from arm64,
but these will be fixed in a follow up commit.
Old copies of binutils from ports called into sbrk, however this has been
fixed around 6 weeks ago. It is advised to update binutils on arm64 before
installing a world that includes this change.
Reviewed by: brooks, emaste
Obtained from: brooks
Relnotes: yes
Sponsored by: ABT Systems Ltd
Differential Revision: https://reviews.freebsd.org/D6464
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| | |
In libthr(3), list added knobs.
Reviewed by: emaste
Sponsored by: The FreeBSD Foundation
Differential revision: https://reviews.freebsd.org/D6427
|
| | |
| |
| |
| | |
UFS generation numbers have been unsigned since 2013 (r256435).
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| | |
Allow CPUTYPE=soft to build the current soft-float abi libraries.
Add UPDATING entry to announce this.
Approved by: re@ (gjb)
|
| | |
| |
| |
| | |
use it.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
intention of the POSIX IEEE Std 1003.1TM-2008/Cor 1-2013.
A robust mutex is guaranteed to be cleared by the system upon either
thread or process owner termination while the mutex is held. The next
mutex locker is then notified about inconsistent mutex state and can
execute (or abandon) corrective actions.
The patch mostly consists of small changes here and there, adding
neccessary checks for the inconsistent and abandoned conditions into
existing paths. Additionally, the thread exit handler was extended to
iterate over the userspace-maintained list of owned robust mutexes,
unlocking and marking as terminated each of them.
The list of owned robust mutexes cannot be maintained atomically
synchronous with the mutex lock state (it is possible in kernel, but
is too expensive). Instead, for the duration of lock or unlock
operation, the current mutex is remembered in a special slot that is
also checked by the kernel at thread termination.
Kernel must be aware about the per-thread location of the heads of
robust mutex lists and the current active mutex slot. When a thread
touches a robust mutex for the first time, a new umtx op syscall is
issued which informs about location of lists heads.
The umtx sleep queues for PP and PI mutexes are split between
non-robust and robust.
Somewhat unrelated changes in the patch:
1. Style.
2. The fix for proper tdfind() call use in umtxq_sleep_pi() for shared
pi mutexes.
3. Removal of the userspace struct pthread_mutex m_owner field.
4. The sysctl kern.ipc.umtx_vnode_persistent is added, which controls
the lifetime of the shared mutex associated with a vnode' page.
Reviewed by: jilles (previous version, supposedly the objection was fixed)
Discussed with: brooks, Martin Simmons <martin@lispworks.com> (some aspects)
Tested by: pho
Sponsored by: The FreeBSD Foundation
|
| | |
| |
| |
| |
| | |
Reported by: Coverity
CID: 1193826
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
code that fails to set retval before falling through to the final
return().
Reported by: emaste
Reported by: Coverity
CID: 1018711
MFC after: 1 week
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
pam_sm_chauthtok(). Set user = getlogin() inside the true
branch so that it is initialized for the following PAM_LOG()
call. This is how it is done in pam_sm_authenticate().
Reported by: Coverity
CID: 272498
MFC after: 1 week
|
| | |
| |
| |
| |
| |
| |
| | |
initialized.
Reported by: Coverity
CID: 1018727
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
call to res_nopt_rdata(), revert r299879 and fix CID 603941 by moving
rdata = &buf[n];
inside the if block.
Reported by: Coverity
CID: 603941
|
| | |
| |
| |
| |
| |
| |
| |
| | |
array index by splitting up a test.
Reported by: Coverity
CID: 603941
MFC after: 1 week
|
| | |
| |
| |
| | |
Sponsored by: The FreeBSD Foundation
|
| | |
| |
| |
| |
| | |
MFC after: 2 weeks
Relnotes: yes
|
| | |
| |
| |
| |
| |
| | |
Reviewed by: emaste
Sponsored by: The FreeBSD Foundation
Differential revision: https://reviews.freebsd.org/D6335
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
convname and dst are guaranteed to be non-NULL by iconv_open(3).
src is an array. Remove these tests for NULL pointers.
While I'm here, eliminate a strlcpy with a correct but suspicious-looking
calculation for the third parameter (i.e. not a simple sizeof).
Compare the strings in-place instead of copying.
Found by: bdrewery
Found by: Coverity
CID: 1130050, 1130056
MFC after: 3 days
Sponsored by: Dell Inc.
Differential Revision: https://reviews.freebsd.org/D6338
|
| | |
| |
| |
| |
| |
| |
| |
| | |
This has been compiling without warnings with clang/gcc for a while now
Tested with: clang 3.8.0, gcc 4.2.x, gcc 5.x
MFC after: 3 weeks
Sponsored by: EMC / Isilon Storage Division
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
- Use fgetln instead of fgets; localize complexity related to fgetln(3)
inside the loop.
- Skip over blank lines.
- Skip over lines (properly) that start with a "#"
MFC after: 1 week
Sponsored by: EMC / Isilon Storage Division
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
terminated. Don't bother checking for truncation since the subsequent
stat() call should detect that and fail.
Reported by: Coverity
CID: 1018189
MFC after: 1 week
|
| | |
| |
| |
| |
| |
| | |
A follow-up to r299456.
Sponsored by: EMC / Isilon Storage Division
|
