Commit Graph

36 Commits

Author SHA1 Message Date
Rich Felker
ea3b40a321 fix integer overflow in WIFSTOPPED macro
the result of the 0xffff mask with the exit status could have bit 15
set, in which case multiplying by 0x10001 overflows 32-bit signed int.
making the multiply unsigned avoids the overflow. it also changes the
sign extension behavior of the subsequent >> operation, but the
affected bits are all unwanted anyway and all discarded by the cast to
short.
2023-02-08 16:42:28 -05:00
Rich Felker
25e6fee27f remove LFS64 programming interfaces (macro-only) from _GNU_SOURCE
these badly pollute the namespace with macros whenever _GNU_SOURCE is
defined, which is always the case with g++, and especially tends to
interfere with C++ constructs.

as our implementation of these was macro-only, their removal cannot
affect any existing binaries. at the source level, portable software
should be prepared for them not to exist.

for now, they are left in place with explicit _LARGEFILE64_SOURCE.
this provides an easy temporary path for integrators/distributions to
get packages building again right away if they break while working on
a proper, upstreamable fix. the intent is that this be a very
short-term measure and that the macros be removed entirely in the next
release cycle.
2022-10-19 14:01:31 -04:00
Ismael Luceno
98e688a9da define NULL as nullptr when used in C++11 or later
This should be safer for casting and more compatible with existing code
bases that wrongly assume it must be defined as a pointer.
2021-11-29 17:45:21 -05:00
Érico Nogueira
b76f37fd56 add qsort_r and make qsort a wrapper around it
we make qsort a wrapper by providing a wrapper_cmp function that uses
the extra argument as a function pointer. should be optimized to a tail
call on most architectures, as long as it's built with
-fomit-frame-pointer, so the performance impact should be minimal.

to keep the git history clean, for now qsort_r is implemented in qsort.c
and qsort is implemented in qsort_nr.c.  qsort.c also received a few
trivial cleanups, including replacing (*cmp)() calls with cmp().
qsort_nr.c contains only wrapper_cmp and qsort as a qsort_r wrapper
itself.
2021-09-23 20:09:22 -04:00
Ariadne Conill
821083ac7b implement reallocarray
reallocarray is an extension introduced by OpenBSD, which introduces
calloc overflow checking to realloc.

glibc 2.28 introduced support for this function behind _GNU_SOURCE,
while glibc 2.29 allows its usage in _DEFAULT_SOURCE.
2020-11-30 16:49:58 -05:00
Petr Vaněk
7844ecb590 add secure_getenv function
This function is a GNU extension introduced in glibc 2.17.
2019-08-08 11:33:18 -04:00
Rich Felker
2ed4e9d927 remove parameter names from public headers
inclusion of these names was unintentional and in most cases is a
namespace violation. Daniel Sabogal tracked down and reported these.
2016-10-20 17:04:37 -04:00
Rich Felker
f22a9edaf8 byte-based C locale, phase 3: make MB_CUR_MAX variable to activate code
this patch activates the new byte-based C locale (high bytes treated
as abstract code unit "characters" rather than decoded as multibyte
characters) by making the value of MB_CUR_MAX depend on the active
locale. for the C locale, the LC_CTYPE category pointer is null,
yielding a value of 1. all other locales yield a value of 4.
2015-06-16 06:18:00 +00:00
Rich Felker
ab8f6a6e42 fix places where _BSD_SOURCE failed to yield a superset of _XOPEN_SOURCE
the vast majority of these failures seem to have been oversights at
the time _BSD_SOURCE was added, or perhaps shortly afterward. the one
which may have had some reason behind it is omission of setpgrp from
the _BSD_SOURCE feature profile, since the standard setpgrp interface
conflicts with a legacy (pre-POSIX) BSD interface by the same name.
however, such omission is not aligned with our general policy in this
area (for example, handling of similar _GNU_SOURCE cases) and should
not be preserved.
2014-09-10 12:27:33 -04:00
Clément Vasseur
b1ae7b78bd make clearenv available with _BSD_SOURCE
glibc declares clearenv under _BSD_SOURCE, some applications might
depend on it being available this way.
2014-08-08 00:45:42 -04:00
Szabolcs Nagy
aa6ce3d4e3 fix signed and unsigned comparision in macros in public headers
gcc -Wsign-compare warns about expanded macros that were defined in
standard headers (before gcc 4.8) which can make builds fail that
use -Werror. changed macros: WIFSIGNALED, __CPU_op_S
2014-02-11 10:51:16 +01:00
Rich Felker
c8a9c22173 restore type of NULL to void * except when used in C++ programs
unfortunately this eliminates the ability of the compiler to diagnose
some dangerous/incorrect usage, but POSIX requires (as an extension to
the C language, i.e. CX shaded) that NULL have type void *. plain C
allows it to be defined as any null pointer constant.

the definition 0L is preserved for C++ rather than reverting to plain
0 to avoid dangerous behavior in non-conforming programs which use
NULL as a variadic sentinel. (it's impossible to use (void *)0 for C++
since C++ lacks the proper implicit pointer conversions, and other
popular alternatives like the GCC __null extension seem non-conforming
to the standard's requirements.)
2013-11-24 21:42:55 -05:00
Szabolcs Nagy
a516077feb add legacy getloadavg api 2013-11-21 01:59:43 +00:00
Rich Felker
35eb1a1a9b provide declarations for strtod_l and family
these aliases were originally intended to be for ABI compatibility
only, but their presence caused regressions in broken gnulib-based
software whose configure scripts detect the existing of these
functions then use them without declarations, resulting in bogus
return values.
2013-08-13 18:18:44 -04:00
Rich Felker
41c632824c fix definitions of WIFSTOPPED and WIFSIGNALED to support up to signal 127
mips has signal numbers up to 127 (formerly, up to 128, but the last
one never worked right and caused kernel panic when used), so 127 in
the "signal number" field of the wait status is insufficient for
determining that the process was stopped. in addition, a nonzero value
in the upper bits must be present, indicating the signal number which
caused the process to be stopped.

details on this issue can be seen in the email with message id
CAAG0J9-d4BfEhbQovFqUAJ3QoOuXScrpsY1y95PrEPxA5DWedQ@mail.gmail.com on
the linux-mips mailing list, archived at:
http://www.linux-mips.org/archives/linux-mips/2013-06/msg00552.html
and in the associated thread about fixing the mips kernel bug.

commit 4a96b948687166da26a6c327e6c6733ad2336c5c fixed the
corresponding issue in uClibc, but introduced a multiple-evaluation
issue for the WIFSTOPPED macro.

for the most part, none of these issues affected pure musl systems,
since musl has up until now (incorrectly) defined SIGRTMAX as 64 on
all archs, even mips. however, interpreting status of non-musl
programs on mips may have caused problems. with this change, the full
range of signal numbers can be made available on mips.
2013-08-10 23:33:54 -04:00
Rich Felker
2cc63358cd add mkostemp, mkstemps, and mkostemps functions and reorganize temp internals
based on patch contributed by Anthony G. Basile (blueness)

some issues remain with the filename generation algorithm and other
small bugs, but this patch has been sitting around long enough that I
feel it's best to get it committed and then work out any remaining
issues.
2013-02-20 22:43:23 -05:00
Rich Felker
41d7c77d6a use a common definition of NULL as 0L for C and C++
the historical mess of having different definitions for C and C++
comes from the historical C definition as (void *)0 and the fact that
(void *)0 can't be used in C++ because it does not convert to other
pointer types implicitly. however, using plain 0 in C++ exposed bugs
in C++ programs that call variadic functions with NULL as an argument
and (wrongly; this is UB) expect it to arrive as a null pointer. on
64-bit machines, the high bits end up containing junk. glibc dodges
the issue by using a GCC extension __null to define NULL; this is
observably non-conforming because a conforming application could
observe the definition of NULL via stringizing and see that it is
neither an integer constant expression with value zero nor such an
expression cast to void.

switching to 0L eliminates the issue and provides compatibility with
broken applications, since on all musl targets, long and pointers have
the same size, representation, and argument-passing convention. we
could maintain separate C and C++ definitions of NULL (i.e. just use
0L on C++ and use (void *)0 on C) but after careful analysis, it seems
extremely difficult for a C program to even determine whether NULL has
integer or pointer type, much less depend in subtle, unintentional
ways, on whether it does. C89 seems to have no way to make the
distinction. on C99, the fact that (int)(void *)0 is not an integer
constant expression, along with subtle VLA/sizeof semantics, can be
used to make the distinction, but many compilers are non-conforming
and give the wrong result to this test anyway. on C11, _Generic can
trivially make the distinction, but it seems unlikely that code
targetting C11 would be so backwards in caring which definition of
NULL an implementation uses.

as such, the simplest path of using the same definition for NULL in
both C and C++ was chosen. the #undef directive was also removed so
that the compiler can catch and give a warning or error on
redefinition if buggy programs have defined their own versions of
NULL prior to inclusion of standard headers.
2013-01-18 20:35:26 -05:00
Rich Felker
4eb4844b31 fix issues with wait constants in stdlib.h
the W* namespace is not reserved, so the nonstandard ones must be
moved under extension features. also WNOHANG and WUNTRACED were
missing.
2012-10-21 19:15:11 -04:00
Rich Felker
c1a9658bd1 default features: make musl usable without feature test macros
the old behavior of exposing nothing except plain ISO C can be
obtained by defining __STRICT_ANSI__ or using a compiler option (such
as -std=c99) that predefines it. the new default featureset is POSIX
with XSI plus _BSD_SOURCE. any explicit feature test macros will
inhibit the default.

installation docs have also been updated to reflect this change.
2012-09-07 23:13:55 -04:00
Rich Felker
c8ea985748 add _Noreturn function attribute, with fallback for pre-C11 GNUC 2012-09-06 23:12:27 -04:00
Rich Felker
400c5e5c83 use restrict everywhere it's required by c99 and/or posix 2008
to deal with the fact that the public headers may be used with pre-c99
compilers, __restrict is used in place of restrict, and defined
appropriately for any supported compiler. we also avoid the form
[restrict] since older versions of gcc rejected it due to a bug in the
original c99 standard, and instead use the form *restrict.
2012-09-06 22:44:55 -04:00
Rich Felker
9bff7c133e implement "low hanging fruit" from C11
based on Gregor's patch sent to the list. includes:
- stdalign.h
- removing gets in C11 mode
- adding aligned_alloc and adjusting other functions to use it
- adding 'x' flag to fopen for exclusive mode
2012-08-25 23:15:13 -04:00
Rich Felker
b5289fd749 add c11 quick_exit and at_quick_exit functions 2012-08-25 22:49:47 -04:00
Rich Felker
3b94daba71 _GNU_SOURCE is supposed to imply _LARGEFILE64_SOURCE
this is ugly and stupid, but now that the *64 symbol names exist, a
lot of broken GNU software detects them in configure, then either
breaks during build due to missing off64_t definition, or attempts to
compile without function declarations/prototypes. "fixing" it here is
easier than telling everyone to add yet another feature test macro to
their builds.
2012-06-04 08:03:56 -04:00
Rich Felker
419ae6d5c9 support _BSD_SOURCE feature test macro
patch by Isaac Dunham. matched closely (maybe not exact) to glibc's
idea of what _BSD_SOURCE should make visible.
2012-05-22 21:52:08 -04:00
Rich Felker
2dd8d5e1b8 add support for ugly *64 functions with _LARGEFILE64_SOURCE
musl does not support legacy 32-bit-off_t whatsoever. off_t is always
64 bit, and correct programs that use off_t and the standard functions
will just work out of the box. (on glibc, they would require
-D_FILE_OFFSET_BITS=64 to work.) however, some programs instead define
_LARGEFILE64_SOURCE and use alternate versions of all the standard
types and functions with "64" appended to their names.

we do not want code to actually get linked against these functions
(it's ugly and inconsistent), so macros are used instead of prototypes
with weak aliases in the library itself. eventually the weak aliases
may be added at the library level for the sake of using code that was
originally built against glibc, but the macros will still be the
desired solution in the headers.
2012-05-04 00:13:23 -04:00
Rich Felker
3be616c1df fix alloca issue in stdlib.h too
I forgot _GNU_SOURCE also has it declared here...
2012-04-09 16:22:05 -04:00
Rich Felker
f4ad36c4bf add deprecated (removed from posix) [efg]cvt() functions
these have not been heavily tested, but they should work as described
in the old standards. probably broken for non-finite values...
2012-02-06 01:14:23 -05:00
Rich Felker
d4045a1683 declare alloca in stdlib.h when _GNU_SOURCE is defined 2011-09-11 22:43:57 -04:00
Rich Felker
4b5f054098 move wait.h macros out of bits. they do not vary. 2011-04-21 14:27:28 -04:00
Rich Felker
750b738e53 add ptsname_r (nonstandard) and split ptsname (standard) to separate file
this eliminates the ugly static buffer in programs that use ptsname_r.
2011-04-13 08:35:32 -04:00
Rich Felker
a5323c5768 add some missing prototypes for nonstandard functions (strsep, clearenv) 2011-03-30 14:14:26 -04:00
Rich Felker
f451462098 fix the types of some integer constant limits in headers 2011-02-15 19:15:45 -05:00
Rich Felker
6d36c2098b fix missing EXIT_* in stdlib.h after header cleanup 2011-02-15 17:33:52 -05:00
Rich Felker
80695b1d1e begin namespace-cleanup of standard C headers 2011-02-14 05:10:10 -05:00
Rich Felker
0b44a0315b initial check-in, version 0.5.0 2011-02-12 00:22:29 -05:00