Commit Graph

27 Commits

Author SHA1 Message Date
Ismael Luceno
98e688a9da define NULL as nullptr when used in C++11 or later
This should be safer for casting and more compatible with existing code
bases that wrongly assume it must be defined as a pointer.
2021-11-29 17:45:21 -05:00
David Carlier
05ac345f89 add explicit_bzero implementation
maintainer's note: past sentiment was that, despite being imperfect
and unable to force clearing of all possible copies of sensitive data
(e.g. in registers, register spills, signal contexts left on the
stack, etc.) this function would be added if major implementations
agreed on it, which has happened -- several BSDs and glibc all include
it.
2018-06-26 16:59:12 -04:00
Alexander Monakov
bd00cc8781 remove useless declarations in string.h
The two functions str{,n}casecmp_l are specified to be declared in
<strings.h> which is already included from <string.h> under _GNU_SOURCE.
2017-07-04 17:04:21 -04:00
Rich Felker
c8a9c22173 restore type of NULL to void * except when used in C++ programs
unfortunately this eliminates the ability of the compiler to diagnose
some dangerous/incorrect usage, but POSIX requires (as an extension to
the C language, i.e. CX shaded) that NULL have type void *. plain C
allows it to be defined as any null pointer constant.

the definition 0L is preserved for C++ rather than reverting to plain
0 to avoid dangerous behavior in non-conforming programs which use
NULL as a variadic sentinel. (it's impossible to use (void *)0 for C++
since C++ lacks the proper implicit pointer conversions, and other
popular alternatives like the GCC __null extension seem non-conforming
to the standard's requirements.)
2013-11-24 21:42:55 -05:00
Rich Felker
41d7c77d6a use a common definition of NULL as 0L for C and C++
the historical mess of having different definitions for C and C++
comes from the historical C definition as (void *)0 and the fact that
(void *)0 can't be used in C++ because it does not convert to other
pointer types implicitly. however, using plain 0 in C++ exposed bugs
in C++ programs that call variadic functions with NULL as an argument
and (wrongly; this is UB) expect it to arrive as a null pointer. on
64-bit machines, the high bits end up containing junk. glibc dodges
the issue by using a GCC extension __null to define NULL; this is
observably non-conforming because a conforming application could
observe the definition of NULL via stringizing and see that it is
neither an integer constant expression with value zero nor such an
expression cast to void.

switching to 0L eliminates the issue and provides compatibility with
broken applications, since on all musl targets, long and pointers have
the same size, representation, and argument-passing convention. we
could maintain separate C and C++ definitions of NULL (i.e. just use
0L on C++ and use (void *)0 on C) but after careful analysis, it seems
extremely difficult for a C program to even determine whether NULL has
integer or pointer type, much less depend in subtle, unintentional
ways, on whether it does. C89 seems to have no way to make the
distinction. on C99, the fact that (int)(void *)0 is not an integer
constant expression, along with subtle VLA/sizeof semantics, can be
used to make the distinction, but many compilers are non-conforming
and give the wrong result to this test anyway. on C11, _Generic can
trivially make the distinction, but it seems unlikely that code
targetting C11 would be so backwards in caring which definition of
NULL an implementation uses.

as such, the simplest path of using the same definition for NULL in
both C and C++ was chosen. the #undef directive was also removed so
that the compiler can catch and give a warning or error on
redefinition if buggy programs have defined their own versions of
NULL prior to inclusion of standard headers.
2013-01-18 20:35:26 -05:00
Rich Felker
769fd4ce20 feature test macros: make _GNU_SOURCE enable everything
previously, a few BSD features were enabled only by _BSD_SOURCE, not
by _GNU_SOURCE. since _BSD_SOURCE is default in the absence of other
feature test macros, this made adding _GNU_SOURCE to a project not a
purely additive feature test macro; it actually caused some features
to be suppressed.

most of the changes made by this patch actually bring musl in closer
alignment with the glibc behavior for _GNU_SOURCE. the only exceptions
are the added visibility of functions like strlcpy which were BSD-only
due to being disliked/rejected by glibc maintainers. here, I feel the
consistency of having _GNU_SOURCE mean "everything", and especially
the property of it being purely additive, are more valuable than
hiding functions which glibc does not have.
2012-12-03 16:57:01 -05:00
Rich Felker
c86f2974e2 add memmem function (gnu extension)
based on strstr. passes gnulib tests and a few quick checks of my own.
2012-10-15 23:02:57 -04:00
Rich Felker
e2f6a3257e strsep is BSD|GNU, not GNU-only; it's originally from BSD 2012-09-13 21:01:30 -04:00
Rich Felker
c1a9658bd1 default features: make musl usable without feature test macros
the old behavior of exposing nothing except plain ISO C can be
obtained by defining __STRICT_ANSI__ or using a compiler option (such
as -std=c99) that predefines it. the new default featureset is POSIX
with XSI plus _BSD_SOURCE. any explicit feature test macros will
inhibit the default.

installation docs have also been updated to reflect this change.
2012-09-07 23:13:55 -04:00
Rich Felker
400c5e5c83 use restrict everywhere it's required by c99 and/or posix 2008
to deal with the fact that the public headers may be used with pre-c99
compilers, __restrict is used in place of restrict, and defined
appropriately for any supported compiler. we also avoid the form
[restrict] since older versions of gcc rejected it due to a bug in the
original c99 standard, and instead use the form *restrict.
2012-09-06 22:44:55 -04:00
Rich Felker
419ae6d5c9 support _BSD_SOURCE feature test macro
patch by Isaac Dunham. matched closely (maybe not exact) to glibc's
idea of what _BSD_SOURCE should make visible.
2012-05-22 21:52:08 -04:00
Rich Felker
37bb3cce45 omit declaration of basename wrongly interpreted as prototype in C++
the non-prototype declaration of basename in string.h is an ugly
compromise to avoid breaking 2 types of broken software:

1. programs which assume basename is declared in string.h and thus
would suffer from dangerous pointer-truncation if an implicit
declaration were used.

2. programs which include string.h with _GNU_SOURCE defined but then
declare their own prototype for basename using the incorrect GNU
signature for the function (which would clash with a correct
prototype).

however, since C++ does not have non-prototype declarations and
interprets them as prototypes for a function with no arguments, we
must omit it when compiling C++ code. thankfully, all known broken
apps that suffer from the above issues are written in C, not C++.
2012-05-09 11:47:06 -04:00
Rich Felker
06aec8d715 replace prototype for basename in string.h with non-prototype declaration
GNU programs may expect the GNU version of basename, which has a
different prototype (argument is const-qualified) and prototype it
themselves too. of course if they're expecting the GNU behavior for
the function, they'll still run into problems, but at least this
eliminates some compile-time failures.
2012-02-24 23:23:47 -05:00
Rich Felker
1ba28b90d6 declare basename in string.h when _GNU_SOURCE is defined
note that it still will have the standards-conformant behavior, not
the GNU behavior. but at least this prevents broken code from ending
up with truncated pointers due to implicit declarations...
2012-02-07 13:10:30 -05:00
Rich Felker
36bf56940a more locale_t interfaces (string stuff) and header updates
this should be everything except for some functions where the non-_l
version isn't even implemented yet (mainly some non-ISO-C wcs*
functions).
2012-02-06 21:51:02 -05:00
Rich Felker
a6540174be add dummied strverscmp (obnoxious GNU function)
programs that use this tend to horribly botch international text
support, so it's questionable whether we want to support it even in
the long term... for now, it's just a dummy that calls strcmp.
2011-09-11 22:45:56 -04:00
Rich Felker
b5b41212a6 function signature fix: add const qualifier to mempcpy src arg 2011-04-26 12:28:41 -04:00
Rich Felker
32e2c468ba typo in prototype for mempcpy 2011-04-26 08:42:55 -04:00
Rich Felker
d179807f6b prototype for mempcpy 2011-04-26 08:41:54 -04:00
Rich Felker
6597f9ac13 implement memrchr (nonstandard) and optimize strrchr in terms of it 2011-04-13 08:36:29 -04:00
Rich Felker
1fee6186fe fix prototype for strsep 2011-04-06 14:28:29 -04:00
Rich Felker
a5323c5768 add some missing prototypes for nonstandard functions (strsep, clearenv) 2011-03-30 14:14:26 -04:00
Rich Felker
2a195dd31c fix missing prototype for strsignal 2011-02-26 23:50:26 -05:00
Rich Felker
73d310e1d2 apply feature test protection to memccpy 2011-02-24 12:36:04 -05:00
Rich Felker
26f3551419 prototype for gnu strcasestr (currently a stub) 2011-02-15 16:08:19 -05:00
Rich Felker
ca1aa5bae9 more header cleanup and conformance fixes - string.h 2011-02-14 20:53:15 -05:00
Rich Felker
0b44a0315b initial check-in, version 0.5.0 2011-02-12 00:22:29 -05:00