1. 30 Mar, 2015 37 commits
    • Rich Felker's avatar
      release 1.0.5 · 56be2e4c
      Rich Felker authored
    • Szabolcs Nagy's avatar
      regex: fix character class repetitions · 39e65294
      Szabolcs Nagy authored
      Internally regcomp needs to copy some iteration nodes before
      translating the AST into TNFA representation.
      Literal nodes were not copied correctly: the class type and list
      of negated class types were not copied so classes were ignored
      (in the non-negated case an ignored char class caused the literal
      to match everything).
      This affects iterations when the upper bound is finite, larger
      than one or the lower bound is larger than one. So eg. the EREs
      were treated as
      The fix is done with minimal source modification to copy the
      necessary fields, but the AST preparation and node handling
      code of tre will need to be cleaned up for clarity.
      (cherry picked from commit c498efe1)
    • Rich Felker's avatar
      fix internal buffer overrun in inet_pton · f0a5b139
      Rich Felker authored
      one stop condition for parsing abbreviated ipv6 addressed was missed,
      allowing the internal ip[] buffer to overflow. this patch adds the
      missing stop condition and masks the array index so that, in case
      there are any remaining stop conditions missing, overflowing the
      buffer is not possible.
      (cherry picked from commit fc13acc3)
    • Rich Felker's avatar
      fix regcomp handling of backslash followed by high byte · ee6f8114
      Rich Felker authored
      the regex parser handles the (undefined) case of an unexpected byte
      following a backslash as a literal. however, instead of correctly
      decoding a character, it was treating the byte value itself as a
      character. this was not only semantically unjustified, but turned out
      to be dangerous on archs where plain char is signed: bytes in the
      range 252-255 alias the internal codes -4 through -1 used for special
      types of literal nodes in the AST.
      analogous to commit 39dfd584 in
      mainline. it's unclear whether the same crash that affected mainline
      is possible in the older regcomp code in 1.0.x, but conceptually the
      bug is the same.
    • Rich Felker's avatar
      fix signed left-shift overflow in pthread_condattr_setpshared · 7987653d
      Rich Felker authored
      (cherry picked from commit 380857bf)
    • Rich Felker's avatar
      fix preprocessor error introduced in poll.h in last commit · e060baa0
      Rich Felker authored
      (cherry picked from commit 91a3bd74)
    • Trutz Behn's avatar
      fix POLLWRNORM and POLLWRBAND on mips · 14b14fa7
      Trutz Behn authored
      these macros have the same distinct definition on blackfin, frv, m68k,
      mips, sparc and xtensa kernels. POLLMSG and POLLRDHUP additionally
      differ on sparc.
      (cherry picked from commit f5011c62)
    • Rich Felker's avatar
      fix init race that could lead to deadlock in malloc init code · 99c10bf8
      Rich Felker authored
      the malloc init code provided its own version of pthread_once type
      logic, including the exact same bug that was fixed in pthread_once in
      commit 0d0c2f40.
      since this code is called adjacent to expand_heap, which takes a lock,
      there is no reason to have pthread_once-type initialization. simply
      moving the init code into the interval where expand_heap already holds
      its lock on the brk achieves the same result with much less
      synchronization logic, and allows the buggy code to be eliminated
      rather than just fixed.
      (cherry picked from commit 7a81fe37)
    • Rich Felker's avatar
      avoid malloc failure for small requests when brk can't be extended · fdc39fac
      Rich Felker authored
      this issue mainly affects PIE binaries and execution of programs via
      direct invocation of the dynamic linker binary: depending on kernel
      behavior, in these cases the initial brk may be placed at at location
      where it cannot be extended, due to conflicting adjacent maps.
      when brk fails, mmap is used instead to expand the heap. in order to
      avoid expensive bookkeeping for managing fragmentation by merging
      these new heap regions, the minimum size for new heap regions
      increases exponentially in the number of regions. this limits the
      number of regions, and thereby the number of fixed fragmentation
      points, to a quantity which is logarithmic with respect to the size of
      virtual address space and thus negligible. the exponential growth is
      tuned so as to avoid expanding the heap by more than approximately 50%
      of its current total size.
      (cherry picked from commit 54463033)
    • Rich Felker's avatar
      fix bad character checking in wordexp · e2063ac0
      Rich Felker authored
      the character sequence '$((' was incorrectly interpreted as the
      opening of arithmetic even within single-quoted contexts, thereby
      suppressing the checks for bad characters after the closing quote.
      presently bad character checking is only performed when the WRDE_NOCMD
      is used; this patch only corrects checking in that case.
      (cherry picked from commit 594ffed8)
    • Szabolcs Nagy's avatar
      fix fesetenv(FE_DFL_ENV) on mips · f035f7d9
      Szabolcs Nagy authored
      mips fesetenv did not handle FE_DFL_ENV, now fcsr is cleared in that
      (cherry picked from commit 5fc14878)
    • Rich Felker's avatar
      fix failure of fchmodat to report EOPNOTSUPP in the race path · d670873b
      Rich Felker authored
      in the case where a non-symlink file was replaced by a symlink during
      the fchmodat operation with AT_SYMLINK_NOFOLLOW, mode change on the
      new symlink target was successfully suppressed, but the error was not
      reported. instead, fchmodat simply returned 0.
      (cherry picked from commit 61b1d102)
      (conflicts from commit dd5f50da)
    • Rich Felker's avatar
      fix fd leak race (missing O_CLOEXEC) in fchmodat · c534aad0
      Rich Felker authored
      (cherry picked from commit 2736eb6c)
    • Felix Janda's avatar
      fix typo in x86_64/x32 user_fpregs_struct · 35c19399
      Felix Janda authored
      mxcs_mask should be mxcr_mask
      (cherry picked from commit 4758f056)
    • Rich Felker's avatar
      fix erroneous return of partial username matches by getspnam[_r] · 26049588
      Rich Felker authored
      when using /etc/shadow (rather than tcb) as its backend, getspnam_r
      matched any username starting with the caller-provided string rather
      than requiring an exact match. in practice this seems to have affected
      only systems where one valid username is a prefix for another valid
      username, and where the longer username appears first in the shadow
      (cherry picked from commit ecb60819)
    • Rich Felker's avatar
      check for connect failure in syslog log opening · 5087ba67
      Rich Felker authored
      based on patch by Dima Krasner, with minor improvements for code size.
      connect can fail if there is no listening syslogd, in which case a
      useless socket was kept open, preventing subsequent syslog call from
      attempting to connect again.
      (cherry picked from commit c574321d)
    • Rich Felker's avatar
      fix signedness of WINT_MIN expression · 2c61720d
      Rich Felker authored
      since wint_t is unsigned, WINT_MIN needs to expand to an unsigned zero.
      (cherry picked from commit aee9b152)
    • Rich Felker's avatar
      correctly handle write errors encountered by printf-family functions · 0d418ce6
      Rich Felker authored
      previously, write errors neither stopped further output attempts nor
      caused the function to return an error to the caller. this could
      result in silent loss of output, possibly in the middle of output in
      the event of a non-permanent error.
      the simplest solution is temporarily clearing the error flag for the
      target stream, then suppressing further output when the error flag is
      set and checking/restoring it at the end of the operation to determine
      the correct return value.
      since the wide version of the code internally calls the narrow fprintf
      to perform some of its underlying operations, initial clearing of the
      error flag is suppressed when performing a narrow vfprintf on a
      wide-oriented stream. this is not a problem since the behavior of
      narrow operations on wide-oriented streams is undefined.
      (cherry picked from commit d42269d7)
    • Rich Felker's avatar
      fix return value of pthread_getaffinity_np and pthread_setaffinity_np · 051a8fdd
      Rich Felker authored
      these functions are expected to return an error code rather than
      setting errno and returning -1.
      (cherry picked from commit 66140b0c)
    • Rich Felker's avatar
      fix uninitialized output from sched_getaffinity · 65a0ee3a
      Rich Felker authored
      the sched_getaffinity syscall only fills a cpu set up to the set size
      used/supported by the kernel. the rest is left untouched and userspace
      is responsible for zero-filling it based on the return value of the
      (cherry picked from commit a56e3394)
    • Rich Felker's avatar
      adapt dynamic linker for new binutils versions that omit DT_RPATH · 5c340412
      Rich Felker authored
      the new DT_RUNPATH semantics for search order are always used, and
      since binutils had always set both DT_RPATH and DT_RUNPATH when the
      latter was used, processing only DT_RPATH worked fine. however, recent
      binutils has stopped generating DT_RPATH when DT_RUNPATH is used,
      which broke support for this feature completely.
      (cherry picked from commit d8dc2b7c)
    • Rich Felker's avatar
      fix behavior of printf with alt-form octal, zero precision, zero value · 395e409c
      Rich Felker authored
      in this case there are two conflicting rules in play: that an explicit
      precision of zero with the value zero produces no output, and that the
      '#' modifier for octal increases the precision sufficiently to yield a
      leading zero. ISO C ( paragraph 6 in C99+TC3) includes a
      parenthetical remark to clarify that the precision-increasing behavior
      takes precedence, but the corresponding text in POSIX off of which I
      based the implementation is missing this remark.
      this issue was covered in WG14 DR#151.
      (cherry picked from commit b91cdbe2)
    • Szabolcs Nagy's avatar
      math: fix x86_64 and x32 asm not to use sahf instruction · 8c245bf2
      Szabolcs Nagy authored
      Some early x86_64 cpus (released before 2006) did not support sahf/lahf
      instructions so they should be avoided (intel manual says they are only
      supported if CPUID.80000001H:ECX.LAHF-SAHF[bit 0] = 1).
      The workaround simplifies exp2l and expm1l because fucomip can be
      used instead of the fucomp;fnstsw;sahf sequence copied from i386.
      In fmodl and remainderl sahf is replaced by a simple bit test.
      (cherry picked from commit a732e80d)
    • Rich Felker's avatar
      fix uninitialized mode variable in openat function · e48fff8d
      Rich Felker authored
      this was introduced in commit 2da3ab13
      as an oversight while making the variadic argument access conditional.
      (cherry picked from commit e146e603)
    • Rich Felker's avatar
      fix invalid access by openat to possibly-missing variadic mode argument · 4ab6544a
      Rich Felker authored
      the mode argument is only required to be present when the O_CREAT or
      O_TMPFILE flag is used.
      (cherry picked from commit 2da3ab13)
    • Rich Felker's avatar
      fix missing barrier in pthread_once/call_once shortcut path · e3fa4300
      Rich Felker authored
      these functions need to be fast when the init routine has already run,
      since they may be called very often from code which depends on global
      initialization having taken place. as such, a fast path bypassing
      atomic cas on the once control object was used to avoid heavy memory
      contention. however, on archs with weakly ordered memory, the fast
      path failed to ensure that the caller actually observes the side
      effects of the init routine.
      preliminary performance testing showed that simply removing the fast
      path was not practical; a performance drop of roughly 85x was observed
      with 20 threads hammering the same once control on a 24-core machine.
      so the new explicit barrier operation from atomic.h is used to retain
      the fast path while ensuring memory visibility.
      performance may be reduced on some archs where the barrier actually
      makes a difference, but the previous behavior was unsafe and incorrect
      on these archs. future improvements to the implementation of a_barrier
      should reduce the impact.
      (cherry picked from commit df37d396)
      (edited not to depend on a_barrier, which is not available in 1.0.x)
    • Rich Felker's avatar
      fix handling of negative offsets in timezone spec strings · 02ccece6
      Rich Felker authored
      previously, the hours were considered as a signed quantity while
      minutes and seconds were always treated as positive offsets. however,
      semantically the '-' sign should negate the whole hh:mm:ss offset.
      this bug only affected timezones east of GMT with non-whole-hours
      offsets, such as those used in India and Nepal.
      (cherry picked from commit 08b996d1)
    • Rich Felker's avatar
      fix handling of odd lengths in swab function · 9882dc93
      Rich Felker authored
      this function is specified to leave the last byte with "unspecified
      disposition" when the length is odd, so for the most part correct
      programs should not be calling swab with odd lengths. however, doing
      so is permitted, and should not write past the end of the destination
      (cherry picked from commit dccbf4c8)
    • Rich Felker's avatar
      fix incorrect sequence generation in *rand48 prng functions · 9f93f6d1
      Rich Felker authored
      patch by Jens Gustedt. this fixes a bug reported by Nadav Har'El. the
      underlying issue was that a left-shift by 16 bits after promotion of
      unsigned short to int caused integer overflow. while some compilers
      define this overflow case as "shifting into the sign bit", doing so
      doesn't help; the sign bit then gets extended through the upper bits
      in subsequent arithmetic as unsigned long long. this patch imposes a
      promotion to unsigned prior to the shift, so that the result is
      well-defined and matches the specified behavior.
      (cherry picked from commit 05cef96d)
    • Rich Felker's avatar
      fix overflow corner case in strtoul-family functions · 0a7aca63
      Rich Felker authored
      incorrect behavior occurred only in cases where the input overflows
      unsigned long long, not just the (possibly lower) range limit for the
      result type. in this case, processing of the '-' sign character was
      not suppressed, and the function returned a value of 1 despite setting
      errno to ERANGE.
      (cherry picked from commit e2e1bb81)
    • Szabolcs Nagy's avatar
      fix memory leak in regexec when input contains illegal sequence · 1d19a53b
      Szabolcs Nagy authored
      (cherry picked from commit 546f6b32)
    • Rich Felker's avatar
      fix off-by-one in bounds check in fpathconf · 5a8c6f09
      Rich Felker authored
      this error resulted in an out-of-bounds read, as opposed to a reported
      error, when calling the function with an argument one greater than the
      max valid index.
      (cherry picked from commit 3bed89aa)
    • Rich Felker's avatar
      fix multiple stdio functions' behavior on zero-length operations · f071365e
      Rich Felker authored
      previously, fgets, fputs, fread, and fwrite completely omitted locking
      and access to the FILE object when their arguments yielded a zero
      length read or write operation independent of the FILE state. this
      optimization was invalid; it wrongly skipped marking the stream as
      byte-oriented (a C conformance bug) and exposed observably missing
      synchronization (a POSIX conformance bug) where one of these functions
      could wrongly complete despite another thread provably holding the
      (cherry picked from commit 6e2bb7ac)
    • Rich Felker's avatar
      suppress null termination when fgets reads EOF with no data · 6d14779e
      Rich Felker authored
      the C standard requires that "the contents of the array remain
      unchanged" in this case.
      this patch also changes the behavior on read errors, but in that case
      "the array contents are indeterminate", so the application cannot
      inspect them anyway.
      (cherry picked from commit 402611c3)
    • Szabolcs Nagy's avatar
      fix dn_expand empty name handling and offsets to 0 · 83eb88d6
      Szabolcs Nagy authored
      Empty name was rejected in dn_expand since commit
      which is a regression as reported by Natanael Copa.
      Furthermore if an offset pointer in a compressed name
      pointed to a terminating 0 byte (instead of a label)
      the returned name was not null terminated.
      (cherry picked from commit 49d2c8c6)
    • Rich Felker's avatar
      fix use of uninitialized memory with application-provided thread stacks · 53f270f9
      Rich Felker authored
      the subsequent code in pthread_create and the code which copies TLS
      initialization images to the new thread's TLS space assume that the
      memory provided to them is zero-initialized, which is true when it's
      obtained by pthread_create using mmap. however, when the caller
      provides a stack using pthread_attr_setstack, pthread_create cannot
      make any assumptions about the contents. simply zero-filling the
      relevant memory in this case is the simplest and safest fix.
      (cherry picked from commit a6293285)
    • Szabolcs Nagy's avatar
      fix CPU_EQUAL macro in sched.h · 6f5544ac
      Szabolcs Nagy authored
      (cherry picked from commit d146d4dc)
  2. 01 Aug, 2014 1 commit
  3. 28 Jul, 2014 2 commits