musl/src/stdio, branch v1.2.5 musl - an implementation of the standard library for Linux-based systems add framework to support archs without a native wait4 syscall 2024-02-22T23:50:34+00:00 Rich Felker dalias@aerifal.cx 2024-02-22T23:50:34+00:00 19563e1850808af216b1b84263bb7e83cccce506 this commit should make no codegen change for existing archs, but is a prerequisite for new archs including riscv32. the wait4 emulation backend provides both cancellable and non-cancellable variants because waitpid is required to be a cancellation point, but all of our other uses are not, and most of them cannot be. based on patch by Stefan O'Rear. 
this commit should make no codegen change for existing archs, but is a
prerequisite for new archs including riscv32. the wait4 emulation
backend provides both cancellable and non-cancellable variants because
waitpid is required to be a cancellation point, but all of our other
uses are not, and most of them cannot be.

based on patch by Stefan O'Rear.
remove INT_MAX limit on the n argument to snprintf/swprintf 2024-01-17T23:11:58+00:00 Rich Felker dalias@aerifal.cx 2024-01-17T23:11:58+00:00 11fb383275d20f5f94c00425bd888a02ecbd218e this was a POSIX requirement that was always in conflict with ISO C, which specified a well-defined behavior for snprintf and swprintf so long as the actual number of bytes/characters produced did not exceed INT_MAX. I originally raised this conflict for snprintf with the Austin Group as tracker issue 761, which was never resolved. it was later reported again as issue 1219, and as a result the conflicting requirement has been removed. the corresponding issue with swprintf does not seem to have been addressed, but as the same reasoning applies to it, I am removing the limitation on n for swprintf as well. 
this was a POSIX requirement that was always in conflict with ISO C,
which specified a well-defined behavior for snprintf and swprintf so
long as the actual number of bytes/characters produced did not exceed
INT_MAX.

I originally raised this conflict for snprintf with the Austin Group
as tracker issue 761, which was never resolved. it was later reported
again as issue 1219, and as a result the conflicting requirement has
been removed.

the corresponding issue with swprintf does not seem to have been
addressed, but as the same reasoning applies to it, I am removing the
limitation on n for swprintf as well.
byte-based printf family: emit a nul byte for %lc with argument zero 2023-11-06T18:59:06+00:00 Rich Felker dalias@aerifal.cx 2023-11-06T18:59:06+00:00 7b6a6516e133a4154022de4d15b3d5bc800ab3ad this is contrary to the spec as written, which requires %lc to behave as if it were %ls on a 2-wchar_t buffer containing the argument and zero. however, apparently no other implementations conform to the spec as written, and in response to Austin Group issue #1647, WG14 chose to align with existing practice and have %lc produce output for this case. 
this is contrary to the spec as written, which requires %lc to behave
as if it were %ls on a 2-wchar_t buffer containing the argument and
zero. however, apparently no other implementations conform to the spec
as written, and in response to Austin Group issue #1647, WG14 chose to
align with existing practice and have %lc produce output for this case.
printf core: fix gratuitous integer formatting buffer size 2023-06-13T00:04:22+00:00 Rich Felker dalias@aerifal.cx 2023-06-13T00:04:22+00:00 40834f6c1e30cc25c608678c372db498a3d9dbc3 the extra terms 3 and LDBL_MANT_DIG/4 are remnants of a proto-musl implementation of printf where the sign/prefix and floating point conversions were performed naively into this buffer. having them there obscures the actual intended buffer size (sufficient to hold between 2 and 3 octal digits per byte, rounded up to 3 for simplicity) and interferes with upcoming work to add C2x binary formats which would otherwise be stuck having to explain a similar fix to buffer size as part of an unrelated change. 
the extra terms 3 and LDBL_MANT_DIG/4 are remnants of a proto-musl
implementation of printf where the sign/prefix and floating point
conversions were performed naively into this buffer. having them there
obscures the actual intended buffer size (sufficient to hold between 2
and 3 octal digits per byte, rounded up to 3 for simplicity) and
interferes with upcoming work to add C2x binary formats which would
otherwise be stuck having to explain a similar fix to buffer size as
part of an unrelated change.
all printf variants: fix argument type handling for %c and %lc 2023-06-12T23:56:08+00:00 Rich Felker dalias@aerifal.cx 2023-06-12T23:56:08+00:00 3a23cd06b08054f81bf904c414e0d083a56248f2 %c takes an argument of type int, not char, and %lc/%C takes an argument of type wint_t (unsigned), not int. for most cases, this makes no practical difference, but since wide printf variants convert narrow %c format specifiers via btowc, interpreting the promoted-to-int unsigned char value passed in as a (signed, on most archs) char causes 255 to get collapsed to EOF and interpreted as such by btowc. this is only relevant in the byte-based C locale, so prior to commit f22a9edaf8a6f2ca1d314d18b3785558279a5c03, there was no observable distinction in behavior. for UTF-8, all bytes which might be negative when interpreted as char are encoding errors when used with %c/btowc. 
%c takes an argument of type int, not char, and %lc/%C takes an
argument of type wint_t (unsigned), not int.

for most cases, this makes no practical difference, but since wide
printf variants convert narrow %c format specifiers via btowc,
interpreting the promoted-to-int unsigned char value passed in as a
(signed, on most archs) char causes 255 to get collapsed to EOF and
interpreted as such by btowc.

this is only relevant in the byte-based C locale, so prior to commit
f22a9edaf8a6f2ca1d314d18b3785558279a5c03, there was no observable
distinction in behavior. for UTF-8, all bytes which might be negative
when interpreted as char are encoding errors when used with %c/btowc.
fix wide printf numbered argument buffer overflow 2023-04-14T15:19:33+00:00 Gabriel Ravier gabravier@gmail.com 2023-04-14T14:55:42+00:00 4724793f96b163e95cb15e1b7374ff2b0434ed15 The nl_type and nl_arg arrays defined in vfwprintf may be accessed with an index up to and including NL_ARGMAX, but they are only of size NL_ARGMAX, meaning they may be written to or read from 1 element too far. 
The nl_type and nl_arg arrays defined in vfwprintf may be accessed
with an index up to and including NL_ARGMAX, but they are only of size
NL_ARGMAX, meaning they may be written to or read from 1 element too
far.
fix swprintf handling of nul character in output 2023-03-22T16:56:46+00:00 Rich Felker dalias@aerifal.cx 2023-03-22T16:56:46+00:00 1d5750b95c06913a1f18a995481276d698d20fae the buffer-flush function did not account for mbtowc returning 0 rather than 1 when converting the nul character. this prevented advancing past it, instead repeatedly converting it into the output wide character string until the max output length was exhausted. 
the buffer-flush function did not account for mbtowc returning 0
rather than 1 when converting the nul character. this prevented
advancing past it, instead repeatedly converting it into the output
wide character string until the max output length was exhausted.
in printf, use ferror macro rather than directly inspecting flags bit 2023-03-21T13:11:17+00:00 Rich Felker dalias@aerifal.cx 2023-03-20T23:16:21+00:00 0e5234807dcdc76c43f9313c6ba9e2b7da408d8c this is purely aesthetic and should not affect code generation or functionality. 
this is purely aesthetic and should not affect code generation or
functionality.
remove wide printf dependency on ugly hack in vfprintf 2023-03-21T13:11:17+00:00 Rich Felker dalias@aerifal.cx 2023-03-20T22:59:14+00:00 868c96430093cd864512283b43071cb70b39b24e commit d42269d7c85308abdbf8cee38b1a1097249eb38b appropriated the stream error flag temporarily to let the printf family of functions suppress further output attempts after encountering a write error. since the wide printf code relies on (narrow) vfprintf to print padding and numeric conversions, a hack was put in vfprintf not to clear the initial error status unless the stream is narrow oriented. this was okay, because calling vfprintf on a wide-oriented stream (outside of internal use by the implementation) produces undefined behavior. however, it was highly non-obvious to anyone reading the wide printf code, where the calls to fprintf without first checking for error status appeared erroneous. this patch removes all direct use of fprintf from the wide printf core, except in the numeric conversions case where it was already checked before starting processing of the directive that the error status is not set. the other calls, which were performing padding, are replaced by a new pad() helper function, which performs the check and abstracts out the mechanism of writing the padding. direct use of the error flag is also replaced by ferror, which is defined as a macro in stdio_impl.h, expanding directly to the flag check with no call or locking overhead. 
commit d42269d7c85308abdbf8cee38b1a1097249eb38b appropriated the
stream error flag temporarily to let the printf family of functions
suppress further output attempts after encountering a write error.
since the wide printf code relies on (narrow) vfprintf to print
padding and numeric conversions, a hack was put in vfprintf not to
clear the initial error status unless the stream is narrow oriented.
this was okay, because calling vfprintf on a wide-oriented stream
(outside of internal use by the implementation) produces undefined
behavior. however, it was highly non-obvious to anyone reading the
wide printf code, where the calls to fprintf without first checking
for error status appeared erroneous.

this patch removes all direct use of fprintf from the wide printf
core, except in the numeric conversions case where it was already
checked before starting processing of the directive that the error
status is not set. the other calls, which were performing padding, are
replaced by a new pad() helper function, which performs the check and
abstracts out the mechanism of writing the padding.

direct use of the error flag is also replaced by ferror, which is
defined as a macro in stdio_impl.h, expanding directly to the flag
check with no call or locking overhead.
fix (normal, narrow) printf erroneously processing %n after output errors 2023-03-21T13:11:17+00:00 Rich Felker dalias@aerifal.cx 2023-03-20T23:07:54+00:00 3a051769c4a91c3a7d1f1310d888faa4abf363e7 unlike with wide printf variants, encoding errors are not a vector by which this bug is reachable, and the out() helper function already ensured that no further output could be written after an output error, transient or otherwise. however, the %n specifier could still be processed after an error, yielding a side effect that wrongly implied output had succeeded. due to buffering effects, it's still possible for %n to show output as having "succeeded", but for it never to appear on the underlying file due to an error at flush time. this change, however, ensures that processing of %n does not conflict with any error which has already been seen. 
unlike with wide printf variants, encoding errors are not a vector by
which this bug is reachable, and the out() helper function already
ensured that no further output could be written after an output error,
transient or otherwise. however, the %n specifier could still be
processed after an error, yielding a side effect that wrongly implied
output had succeeded.

due to buffering effects, it's still possible for %n to show output as
having "succeeded", but for it never to appear on the underlying file
due to an error at flush time. this change, however, ensures that
processing of %n does not conflict with any error which has already
been seen.