1. 14 Jan, 2015 1 commit
  2. 13 Jan, 2015 1 commit
  3. 12 Jan, 2015 2 commits
    • Rich Felker's avatar
      remove rlimit hacks from multi-threaded set*id() code · 84b5c547
      Rich Felker authored
      the code being removed was introduced to work around "partial failure"
      of multi-threaded set*id() operations, where some threads would
      succeed in changing their ids but an RLIMIT_NPROC setting would
      prevent the rest from succeeding, leaving the process in an
      inconsistent and dangerous state. however, the workaround code did not
      handle important usage cases like swapping real and effective uids
      then restoring their original values, and the wrongful kernel
      enforcement of RLIMIT_NPROC at setuid time was removed in Linux 3.1,
      making the workaround obsolete.
      since the partial failure still is dangerous on old kernels, and could
      in principle happen on post-fix kernels as well if set*id() syscalls
      fail for another spurious reason such as resource-related failures,
      new code is added to detect and forcibly kill the process if/when such
      a situation arises. future documentation releases should be updated to
      reflect that setting RLIMIT_NPROC to RLIM_INFINITY is necessary to
      avoid this forced-kill on old kernels. ideally, at some point the
      kernel will get proper multi-threaded set*id() syscalls capable of
      performing their actions atomically, and all of the userspace code to
      emulate them can be treated as a fallback for outdated kernels.
    • Rich Felker's avatar
      simplify ctermid · 9772eadb
      Rich Felker authored
      opening /dev/tty then using ttyname_r on it does not produce a
      canonical terminal name; it simply yields "/dev/tty".
      it would be possible to make ctermid determine the actual controlling
      terminal device via field 7 of /proc/self/stat, but doing so would
      introduce a buffer overflow into applications built with L_ctermid==9,
      which glibc defines, adversely affecting the quality of ABI compat.
  4. 11 Jan, 2015 1 commit
    • Rich Felker's avatar
      fix regression in getopt_long support for non-option arguments · 699d4532
      Rich Felker authored
      commit b72cd07f added support for a
      this feature in getopt, but it was later broken in the case where
      getopt_long is used as a side effect of the changes made in commit
      91184c4f, which prevented the
      underlying getopt call from seeing the leading '-' or '+' character in
      this commit changes the logic in the getopt_long core to check for a
      leading colon, possibly after the leading '-' or '+', without
      depending on the latter having been skipped by the caller. a minor
      incorrectness in the return value for one error condition in
      getopt_long is also fixed when opterr has been set to zero but
      optstring has no leading ':'.
  5. 09 Jan, 2015 1 commit
    • Rich Felker's avatar
      check for connect failure in syslog log opening · c574321d
      Rich Felker authored
      based on patch by Dima Krasner, with minor improvements for code size.
      connect can fail if there is no listening syslogd, in which case a
      useless socket was kept open, preventing subsequent syslog call from
      attempting to connect again.
  6. 23 Dec, 2014 2 commits
    • Szabolcs Nagy's avatar
      add new prctl command PR_SET_MM_MAP to sys/prctl.h · 11ac2a6e
      Szabolcs Nagy authored
      PR_SET_MM_MAP was introduced as a subcommand for PR_SET_MM in
      linux v3.18 commit f606b77f1a9e362451aca8f81d8f36a3a112139e
      the associated struct type is replicated in sys/prctl.h using
      libc types.
      example usage:
       struct prctl_mm_map *p;
       prctl(PR_SET_MM, PR_SET_MM_MAP, p, sizeof *p);
      the kernel side supported struct size may be queried with
      the PR_SET_MM_MAP_SIZE subcommand.
    • Szabolcs Nagy's avatar
      add new syscall numbers for bpf and kexec_file_load · f90fafea
      Szabolcs Nagy authored
      these syscalls are new in linux v3.18, bpf is present on all
      supported archs except sh, kexec_file_load is only allocted for
      x86_64 and x32 yet.
      bpf was added in linux commit 99c55f7d47c0dc6fc64729f37bf435abf43f4c60
      kexec_file_load syscall number was allocated in commit
  7. 21 Dec, 2014 8 commits
    • Rich Felker's avatar
    • Rich Felker's avatar
      fix signedness of UINT32_MAX and UINT64_MAX at the preprocessor level · dac4fc49
      Rich Felker authored
      per the rules for hexadecimal integer constants, the previous
      definitions were correctly treated as having unsigned type except
      possibly when used in preprocessor conditionals, where all artithmetic
      takes place as intmax_t or uintmax_t. the explicit 'u' suffix ensures
      that they are treated as unsigned in all contexts.
    • Rich Felker's avatar
      overhaul forkpty function using new login_tty · 814aae20
      Rich Felker authored
      based on discussion with and patches by Felix Janda. these changes
      started as an effort to factor forkpty in terms of login_tty, which
      returns an error and skips fd reassignment and closing if setting the
      controlling terminal failed. the previous forkpty code was unable to
      handle errors in the child, and did not attempt to; it just silently
      ignored them. but this would have been unacceptable when switching to
      using login_tty, since the child would start with the wrong stdin,
      stdout, and stderr and thereby clobber the parent's files.
      the new code uses the same technique as the posix_spawn implementation
      to convey any possible error in the child to the parent so that the
      parent can report failure to the caller. it is also safe against
      thread cancellation and against signal delivery in the child prior to
      the determination of success.
    • Rich Felker's avatar
      block pthread cancellation in openpty function · 1227e418
      Rich Felker authored
      being a nonstandard function, this isn't strictly necessary, but it's
      inexpensive and avoids unpleasant surprises. eventually I would like
      all functions in libc to be safe against cancellation, either ignoring
      it or acting on it cleanly.
    • Rich Felker's avatar
      don't write openpty results until success is determined · 3b26a32d
      Rich Felker authored
      not only is this semantically more correct; it also reduces code size
      slightly by eliminating the need for the compiler to assume the
      possibility of aliasing.
    • Felix Janda's avatar
      add login_tty function · 4b2cb377
      Felix Janda authored
    • Rich Felker's avatar
      set optopt in getopt_long · 0217ed72
      Rich Felker authored
      this is undocumented but possibly expected behavior of GNU
      getopt_long, and useful when error message printing has been
    • Rich Felker's avatar
      add error message printing to getopt_long and make related improvements · 91184c4f
      Rich Felker authored
      some related changes are also made to getopt, and the return value of
      getopt_long in the case of missing arguments is fixed.
  8. 20 Dec, 2014 2 commits
  9. 19 Dec, 2014 1 commit
    • Rich Felker's avatar
      use tkill instead of tgkill in implementing raise · 7d351212
      Rich Felker authored
      this shaves off a useless syscall for getting the caller's pid and
      brings raise into alignment with other functions which were adapted to
      use tkill rather than tgkill.
      commit 83dc6eb0 documents the
      rationale for this change, and in particular why the tgkill syscall is
      useless for its designed purpose of avoiding races.
  10. 18 Dec, 2014 2 commits
    • Rich Felker's avatar
      don't suppress sign output for NANs in printf · 0f859fc9
      Rich Felker authored
      formally, it seems a sign is only required when the '+' modifier
      appears in the format specifier, in which case either '+' or '-' must
      be present in the output. but the specification is written such that
      an optional negative sign is part of the output format anyway, and the
      simplest approach to fixing the problem is removing the code that was
      suppressing the sign.
    • Rich Felker's avatar
      fix return value computation in one code path of wcsnrtombs · 2e1ae3b6
      Rich Felker authored
      the affected code was wrongly counting characters instead of bytes.
  11. 17 Dec, 2014 8 commits
    • Rich Felker's avatar
      fix signedness of WINT_MIN expression · aee9b152
      Rich Felker authored
      since wint_t is unsigned, WINT_MIN needs to expand to an unsigned zero.
    • Rich Felker's avatar
      make the definition of _Complex_I explicitly complex · a9c2294e
      Rich Felker authored
      it's unclear whether compilers which provide pure imaginary types
      might produce a pure imaginary expression for 1.0fi. using 0.0f+1.0fi
      ensures that the result is explicitly complex and makes this obvious
      to human readers too.
    • Rich Felker's avatar
      make the result of the cimag macro a non-lvalue · 4075af43
      Rich Felker authored
      this change is not necessary but helps diagnose invalid code. based on
      patch by Jens Gustedt.
    • Rich Felker's avatar
      fix definition of CMPLX macros in complex.h to work in constant expressions · 5ff2a118
      Rich Felker authored
      based on patches by Jens Gustedt. these macros need to be usable in
      static initializers, and the old definitions were not.
      there is no portable way to provide correct definitions for these
      macros unless the compiler supports pure imaginary types. a portable
      definition is provided for this case even though there are presently
      no compilers that can use it. gcc and compatible compilers provide a
      builtin function that can be used, but clang fails to support this and
      instead requires a construct which is a constraint violation and which
      is only a constant expression as a clang-specific extension.
      since these macros are a namespace violation in pre-C11 profiles, and
      since no known pre-C11 compilers provide any way to define them
      correctly anyway, the definitions have been made conditional on C11.
    • Rich Felker's avatar
      provide CMPLX macros in implementation-internal libm.h · a414e837
      Rich Felker authored
      this avoids assuming the presence of C11 macro definitions in the
      public complex.h, which need changes potentially incompatible with the
      way these macros are being used internally.
    • Nagy Szabolcs's avatar
    • Rich Felker's avatar
      add basic dns record parsing functions · aac59c11
      Rich Felker authored
      based on patch by Timo Teräs, with some corrections to bounds checking
      code and other minor changes.
      while they are borderline scope creep, the functions added are fairly
      small and are roughly the minimum code needed to use the results of
      the res_query API without re-implementing error-prone DNS packet
      parsing, and they are used in practice by some kerberos related
      software and possibly other things. at this time there is no intent to
      implement further nameser.h API functions.
    • Rich Felker's avatar
      correctly handle write errors encountered by printf-family functions · d42269d7
      Rich Felker authored
      previously, write errors neither stopped further output attempts nor
      caused the function to return an error to the caller. this could
      result in silent loss of output, possibly in the middle of output in
      the event of a non-permanent error.
      the simplest solution is temporarily clearing the error flag for the
      target stream, then suppressing further output when the error flag is
      set and checking/restoring it at the end of the operation to determine
      the correct return value.
      since the wide version of the code internally calls the narrow fprintf
      to perform some of its underlying operations, initial clearing of the
      error flag is suppressed when performing a narrow vfprintf on a
      wide-oriented stream. this is not a problem since the behavior of
      narrow operations on wide-oriented streams is undefined.
  12. 13 Dec, 2014 2 commits
  13. 11 Dec, 2014 4 commits
  14. 10 Dec, 2014 1 commit
    • Bobby Bingham's avatar
      don't shadow functions with macros in C++ · f164875a
      Bobby Bingham authored
      C++ programmers typically expect something like "::function(x,y)" to work
      and may be surprised to find that "(::function)(x,y)" is actually required
      due to the headers declaring a macro version of some standard functions.
      We already omit function-like macros for C++ in most cases where there is
      a real function available. This commit extends this to the remaining
      function-like macros which have a real function version.
  15. 06 Dec, 2014 2 commits
    • Rich Felker's avatar
      use direct syscall rather than write function in posix_spawn child · 8f7bc690
      Rich Felker authored
      the write function is a cancellation point and accesses thread-local
      state belonging to the calling thread in the parent process. since
      cancellation is blocked for the duration of posix_spawn, this is
      probably safe, but it's fragile and unnecessary. making the syscall
      directly is just as easy and clearly safe.
    • Rich Felker's avatar
      don't fail posix_spawn on failed close · 1c12c243
      Rich Felker authored
      the resolution of austin group issue #370 removes the requirement that
      posix_spawn fail when the close file action is performed on an
      already-closed fd. since there are no other meaningful errors for
      close, just ignoring the return value completely is the simplest fix.
  16. 04 Dec, 2014 1 commit
    • Rich Felker's avatar
      fix getopt handling of ':' modifier for multibyte option characters · 014275b5
      Rich Felker authored
      the previous hard-coded offsets of +1 and +2 contained a hidden
      assumption that the option character matched was single-byte, despite
      this implementation of getopt attempting to support multibyte option
      characters. this patch reworks the matching logic to leave the final
      index pointing just past the matched character so that fixed offsets
      can be used to check for ':'.
  17. 03 Dec, 2014 1 commit