musl/src/stdio, branch v0.9.2

fix fwrite return value when full write does not succeed

2012-06-20T19:04:47+00:00

avoid cancellation in pclose

2012-06-20T18:50:29+00:00

at the point pclose might receive and act on cancellation, it has
already invalidated the FILE passed to it. thus, per musl's QOI
guarantees about cancellation and resource allocation/deallocation,
it's not a candidate for cancellation.

if it were required to be a cancellation point by posix, we would have
to switch the order of deallocation, but somehow still close the pipe
in order to trigger the child process to exit. i looked into doing
this, but the logic gets ugly, and i'm not sure the semantics are
conformant, so i'd rather just leave it alone unless there's a need to
change it.

fix invalid memory access in pclose

2012-06-20T18:47:34+00:00

make popen cancellation-safe

2012-06-20T18:39:50+00:00

close was the only cancellation point called from popen, but it left
popen with major resource leaks if any call to close got cancelled.
the easiest, cheapest fix is just to use a non-cancellable close
function.

popen: handle issues with fd0/1 being closed

2012-06-20T18:32:48+00:00

also check for failure of dup2 and abort the child rather than
reading/writing the wrong file.

fix another oob pointer arithmetic issue in printf floating point

2012-06-20T13:28:54+00:00

this one could never cause any problems unless the compiler/machine
goes to extra trouble to break oob pointer arithmetic, but it's best
to fix it anyway.

minor perror behavior fix

2012-06-20T13:27:28+00:00

patch by nsz

fix pointer overflow bug in floating point printf

2012-06-20T01:41:43+00:00

large precision values could cause out-of-bounds pointer arithmetic in
computing the precision cutoff (used to avoid expensive long-precision
arithmetic when the result will be discarded). per the C standard,
this is undefined behavior. one would expect that it works anyway, and
in fact it did in most real-world cases, but it was randomly
(depending on aslr) crashing in i386 binaries running on x86_64
kernels. this is because linux puts the userspace stack near 4GB
(instead of near 3GB) when the kernel is 64-bit, leading to the
out-of-bounds pointer arithmetic overflowing past the end of address
space and giving a very low pointer value, which then compared lower
than a pointer it should have been higher than.

the new code rearranges the arithmetic so that no overflow can occur.

while this bug could crash printf with memory corruption, it's
unlikely to have security impact in real-world applications since the
ability to provide an extremely large field precision value under
attacker-control is required to trigger the bug.

add new stdio extension functions to make gnulib happy

2012-06-19T05:35:23+00:00

this is mildly ugly, but less ugly than gnulib trying to poke at the
definition of the FILE structure...

stdio: handle file position correctly at program exit

2012-06-19T05:27:26+00:00

for seekable files, posix imposed requirements on the offset of the
underlying open file description after a stream is closed. this was
correctly handled (as a side effect of the unconditional fflush call)
when streams were explicitly closed by fclose, but was not handled
correctly at program exit time, where fflush(0) was being used.

the weak symbol hackery is to pull in __stdio_exit if either of
__toread or __towrite is used, but avoid calling it twice so we don't
have to keep extra state. the new __stdio_exit is a streamlined fflush
variant that avoids performing any unnecessary operations and which
never unlocks the files or open file list, so we can be sure no other
threads write new data to a stream's buffer after it's already
flushed.