AgeCommit message (Collapse)AuthorLines
2013-06-27disallow creation of objects larger than PTRDIFF_MAX via mmapRich Felker-0/+5
internally, other parts of the library assume sizes don't overflow ssize_t and/or ptrdiff_t, and the way this assumption is made valid is by preventing creating of such large objects. malloc already does so, but the check was missing from mmap. this is also a quality of implementation issue: even if the implementation internally could handle such objects, applications could inadvertently invoke undefined behavior by subtracting pointers within an object. it is very difficult to guard against this in applications, so a good implementation should simply ensure that it does not happen.
2013-06-26fix syscall argument bug in pthread_getschedparamRich Felker-1/+1
the address of the pointer to the sched param, rather than the pointer, was being passed to the kernel.
2013-06-26fix temp file leak in sem_open on successful creation of new semaphoreRich Felker-2/+2
2013-06-26fix bug whereby sem_open leaked its own internal slots on failureRich Felker-3/+6
2013-06-26in sem_open, don't leak vm mapping if fstat failsRich Felker-2/+2
fstat should not fail under normal circumstances, so this fix is mostly theoretical.
2013-06-26fix failure of pthread_setschedparam to pass correct param to kernelRich Felker-1/+1
the address of the pointer, rather than the pointer, was being passed. this was probably a copy-and-paste error from corresponding get code.
2013-06-26document in sysconf and unistd.h that per-thread cpu clocks existRich Felker-1/+2
2013-06-26fix iconv conversion to legacy 8bit codepagesRich Felker-2/+2
this seems to have been a simple copy-and-paste error from the code for converting from legacy codepages.
2013-06-26remove useless conditional before free from dynamic linker path codeRich Felker-1/+1
2013-06-26fix dynamic linker handling of empty path file or error reading path fileRich Felker-4/+3
previously, the path string was being used despite being invalid. with this change, empty path file or error reading the path file is treated as an empty path. this is preferable to falling back to a default path, so that attacks to prevent reading of the path file could not result in loading incorrect and possibly dangerous (outdated or mismatching ABI) libraries from. the code to strip the final newline has also been removed; now that newline is accepted as a delimiter, it's harmless to leave it in place.
2013-06-25respect iso c namespace in stdio.h and wchar.h regarding va_listRich Felker-17/+26
despite declaring functions that take arguments of type va_list, these headers are not permitted by the c standard to expose the definition of va_list, so an alias for the type must be used. the name __isoc_va_list was chosen to convey that the purpose of this alternate name is for iso c conformance, and to avoid the multitude of names which gcc mangles with its hideous "fixincludes" monstrosity, leading to serious header breakage if these "fixes" are run.
2013-06-25make newline-delimited dynamic linker path file actually workRich Felker-1/+1
apparently the original commit was never tested properly, since getline was only ever reading one line. the intent was to read the entire file, so use getdelim with the null byte as delimiter as a cheap way to read a whole file into memory.
2013-06-25implement inet_lnaof, inet_netof, and inet_makeaddrRich Felker-40/+59
also move all legacy inet_* functions into a single file to avoid wasting object file and compile time overhead on them. the added functions are legacy interfaces for working with classful ipv4 network addresses. they have no modern usefulness whatsoever, but some programs unconditionally use them anyway, and they're tiny.
2013-06-25add ether_aton[_r] and ether_ntoa[_r] functionsRich Felker-0/+57
based on patch by Strake with minor stylistic changes, and combined into a single file. this patch remained open for a long time due to some question as to whether ether_aton would be better implemented in terms of sscanf, and it's time something was committed, so here it is.
2013-06-22fix scanf %c conversion wrongly storing a terminating null byteRich Felker-4/+8
this seems to have been a regression from the refactoring which added the 'm' modifier.
2013-06-22fix major scanf breakage with unbuffered streams, fmemopen, etc.Rich Felker-0/+1
the shgetc api, used internally in scanf and int/float scanning code to handle field width limiting and pushback, was designed assuming that pushback could be achieved via a simple decrement on the file buffer pointer. this only worked by chance for regular FILE streams, due to the linux readv bug workaround in __stdio_read which moves the last requested byte through the buffer rather than directly back to the caller. for unbuffered streams and streams not using __stdio_read but some other underlying read function, the first character read could be completely lost, and replaced by whatever junk happened to be in the unget buffer. to fix this, simply have shgetc, when it performs an underlying read operation on the stream, store the character read at the -1 offset from the read buffer pointer. this is valid even for unbuffered streams, as they have an unget buffer located just below the start of the zero-length buffer. the check to avoid storing the character when it is already there is to handle the possibility of read-only buffers. no application-exposed FILE types are allowed to use read-only buffers, but sscanf and strto* may use them internally when calling functions which use the shgetc api.
2013-06-16fix invalid access in aio notificationRich Felker-1/+1
issue found and patch provided by Jens Gustedt. after the atomic store to the error code field of the aiocb, the application is permitted to free or reuse the storage, so further access is invalid. instead, use the local copy that was already made.
2013-06-16fix uninitialized variable in lio (aio) codeRich Felker-1/+1
2013-06-12improve the quality of output from rand_rRich Felker-1/+10
due to the interface requirement of having the full state contained in a single object of type unsigned int, it is difficult to provide a reasonable-quality implementation; most good PRNGs are immediately ruled out because they need larger state. the old rand_r gave very poor output (very short period) in its lower bits; normally, it's desirable to throw away the low bits (as in rand()) when using a LCG, but this is not possible since the state is only 32 bits and we need 31 bits of output. glibc's rand_r uses the same LCG as musl's, but runs it for 3 iterations and only takes 10-11 bits from each iteration to construct the output value. this partially fixes the period issue, but introduces bias: not all outputs have the same frequency, and many do not appear at all. with such a low period, the bias is likely to be observable. I tried many approaches to "fix" rand_r, and the simplest I found which made it pass the "dieharder" tests was applying this transformation to the output. the "temper" function is taken from mersenne twister, where it seems to have been chosen for some rigorous properties; here, the only formal property I'm using is that it's one-to-one and thus avoids introducing bias. should further deficiencies in rand_r be reported, the obvious "best" solution is applying a 32-bit cryptographic block cipher in CTR mode. I identified several possible ciphers that could be used directly or adapted, but as they would be a lot slower and larger, I do not see a justification for using them unless the current rand_r proves deficient for some real-world use.
2013-06-08add clock id macros for a number of new(ish) Linux-specific clocksRich Felker-0/+6
arguably CLOCK_MONOTONIC should be redirected to CLOCK_BOOTTIME with a fallback for old kernels that don't support it, since Linux's CLOCK_BOOTTIME semantics seem to match the spirit of the POSIX requirements for CLOCK_MONOTONIC better than Linux's version of CLOCK_MONOTONIC does. however, this is a change that would require further discussion and research, so for now, I'm simply making them all available.
2013-06-08fix the type of CLOCKS_PER_SEC to match new clock_t typeRich Felker-1/+1
originally it was right on 32-bit archs and wrong on 64-bit, but after recent changes it was wrong everywhere. with this commit, it's now right everywhere.
2013-06-08support cputime clocks for processes/threads other than selfRich Felker-3/+7
apparently these features have been in Linux for a while now, so it makes sense to support them. the bit twiddling seems utterly illogical and wasteful, especially the negation, but that's how the kernel folks chose to encode pids/tids into the clock id.
2013-06-08prng: make rand_r have 2^32 period instead of 2^31Szabolcs Nagy-2/+2
this is a minor fix to increase the period of the obsolete rand_r a bit. an include header in __rand48_step.c is fixed as well.
2013-06-08prng: fix rand() to give good sequence with small stateSzabolcs Nagy-2/+4
some applications rely on the low bits of rand() to be reasonably good quality prng, so now it fixed by using the top bits of a 64 bit LCG, this is simple, has small state and passes statistical tests. D.E. Knuth attributes the multiplier to C.E. Haynes in TAOCP Vol2 3.3.4
2013-06-07fix mixup in previous change to gcc wrapperRich Felker-1/+1
2013-06-07make gcc-specific headers (intrinsics, etc.) available with wrapperRich Felker-2/+2
they are intentionally listed after the libc include directory so that the gcc float.h, etc. don't get used in place of the libc ones.
2013-06-07improve handling of nonstandard fields in struct tmRich Felker-4/+5
defining tm_gmtoff and tm_zone as macros was breaking some application code that used these names for its own purposes.
2013-06-06implement 'm' modifier for wide scanf variantsRich Felker-7/+40
2013-06-05implement the 'm' (malloc) modifier for scanfRich Felker-22/+48
this commit only covers the byte-based scanf-family functions. the wide functions still lack support for the 'm' modifier.
2013-06-05refactor wide-char scanf string handlingRich Felker-55/+32
this brings the wide version of the code into alignment with the byte-based version, in preparation for adding support for the m (malloc) modifier.
2013-06-04simplify some logic in scanf and remove redundant invalid-format checkRich Felker-18/+8
2013-06-04refactor scanf core to use common code path for all string formatsRich Felker-85/+52
the concept here is that %s and %c are essentially special-cases of %[, with some minimal additional special-casing. aside from simplifying the code and reducing the number of complex code-paths that would need changing to make optimizations later, the main purpose of this change is to simplify addition of the 'm' modifier which causes scanf to allocate storage for the string being read.
2013-06-03align stack properly for calling global ctors/dtors on x86[_64]Rich Felker-0/+8
failure to do so was causing crashes on x86_64 when ctors used SSE, which was first observed when ctors called variadic functions due to the SSE prologue code inserted into every variadic function.
2013-06-03ensure that thread dtv pointer is never null to optimize __tls_get_addrRich Felker-4/+6
2013-05-26Merge remote-tracking branch 'nsz/review'Rich Felker-48/+30
2013-05-26fix the prototype of settimeofday to follow the original BSD declarationSzabolcs Nagy-6/+7
2013-05-26fix ioctl _IOR, _IOW, etc macros to avoid signed overflow (2<<30)Szabolcs Nagy-38/+19
2013-05-26on x86_64 use long instead of long long for 64bit posix typesSzabolcs Nagy-4/+4
following glibc use the lowest rank 64bit integer type for ino_t etc. this is eg. useful for printf format compatibility
2013-05-23change underlying type of clock_t to be uniform and match ABIRich Felker-5/+5
previously we were using an unsigned type on 32-bit systems so that subtraction would be well-defined when it wrapped, but since wrapping is non-conforming anyway (when clock() overflows, it has to return -1) the only use of unsigned would be to buy a little bit more time before overflow. this does not seem worth having the type vary per-arch (which leads to more arch-specific bugs) or disagree with the ABI musl (mostly) follows.
2013-05-23fix overflow behavior of clock() functionRich Felker-7/+10
per Austin Group interpretation for issue #686, which cites the requirements of ISO C, clock() cannot wrap. if the result is not representable, it must return (clock_t)-1. in addition, the old code was performing wrapping via signed overflow and thus invoking undefined behavior. since it seems impossible to accurately check for overflow with the old times()-based fallback code, I have simply dropped the fallback code for now, thus always returning -1 on ancient systems. if there's a demand for making it work and somebody comes up with a way, it could be reinstated, but the clock() function is essentially useless on 32-bit system anyway (it overflows in less than an hour). it should be noted that I used LONG_MAX rather than ULONG_MAX, despite 32-bit archs using an unsigned type for clock_t. this discrepency with the glibc/LSB type definitions will be fixed now; since wrapping of clock_t is no longer supported, there's no use in it being unsigned.
2013-05-19math: add fma TODO comments about the underflow issueSzabolcs Nagy-2/+14
The underflow exception is not raised correctly in some cornercases (see previous fma commit), added comments with examples for fmaf, fmal and non-x86 fma. In fmaf store the result before returning so it has the correct precision when FLT_EVAL_METHOD!=0
2013-05-19math: fix two fma issues (only affects non-nearest rounding mode, x86)Szabolcs Nagy-4/+38
1) in downward rounding fma(1,1,-1) should be -0 but it was 0 with gcc, the code was correct but gcc does not support FENV_ACCESS ON so it used common subexpression elimination where it shouldn't have. now volatile memory access is used as a barrier after fesetround. 2) in directed rounding modes there is no double rounding issue so the complicated adjustments done for nearest rounding mode are not needed. the only exception to this rule is raising the underflow flag: assume "small" is an exactly representible subnormal value in double precision and "verysmall" is a much smaller value so that (long double)(small plus verysmall) == small then (double)(small plus verysmall) raises underflow because the result is an inexact subnormal, but (double)(long double)(small plus verysmall) does not because small is not a subnormal in long double precision and it is exact in double precision. now this problem is fixed by checking inexact using fenv when the result is subnormal
2013-05-18Merge remote-tracking branch 'nsz/review'Rich Felker-213/+203
2013-05-18math: sin cos cleanupSzabolcs Nagy-112/+128
* use unsigned arithmetics * use unsigned to store arg reduction quotient (so n&3 is understood) * remove z=0.0 variables, use literal 0 * raise underflow and inexact exceptions properly when x is small * fix spurious underflow in tanl
2013-05-18make err.h functions print __prognameRich Felker-0/+4
patch by Strake. previously is was not feasible to duplicate this functionality of the functions these were modeled on, since argv[0] was not saved at program startup, but now that it's available it's easy to use.
2013-05-18math: tan cleanupsSzabolcs Nagy-106/+80
* use unsigned arithmetics on the representation * store arg reduction quotient in unsigned (so n%2 would work like n&1) * use different convention to pass the arg reduction bit to __tan (this argument used to be 1 for even and -1 for odd reduction which meant obscure bithacks, the new n&1 is cleaner) * raise inexact and underflow flags correctly for small x (tanl(x) may still raise spurious underflow for small but normal x) (this exception raising code increases codesize a bit, similar fixes are needed in many other places, it may worth investigating at some point if the inexact and underflow flags are worth raising correctly as this is not strictly required by the standard) * tanf manual reduction optimization is kept for now * tanl code path is cleaned up to follow similar logic to tan and tanf
2013-05-17add FLT_TRUE_MIN, etc. macros from C11Rich Felker-0/+8
there was some question as to how many decimal places to use, since one decimal place is always sufficient to identify the smallest denormal uniquely. for now, I'm following the example in the C standard which is consistent with the other min/max macros we already had in place.
2013-05-17remove the __STDC_FORMAT_MACROS nonsense from inttypes.hRich Felker-4/+0
somehow I missed this when removing the corresponding __STDC_LIMIT_MACROS and __STDC_CONSTANT_MACROS nonsense from stdint.h. these were all attempts by the C committee to guess what the C++ committee would want, and the guesses turned out to be wrong.
2013-05-16fix mknod and mknodat to accept large dev_t valuesRich Felker-5/+2
support for these was recently added to sysmacros.h. note that the syscall argument is a long, despite dev_t being 64-bit, so on 32-bit archs the high bits will be lost. it appears the high bits are just glibc silliness and not part of the kernel api, anyway, but it's nice that we have them there for future expansion if needed.
2013-05-15math: use double_t for temporaries to avoid stores on i386Szabolcs Nagy-28/+31
When FLT_EVAL_METHOD!=0 (only i386 with x87 fp) the excess precision of an expression must be removed in an assignment. (gcc needs -fexcess-precision=standard or -std=c99 for this) This is done by extra load/store instructions which adds code bloat when lot of temporaries are used and it makes the result less precise in many cases. Using double_t and float_t avoids these issues on i386 and it makes no difference on other archs. For now only a few functions are modified where the excess precision is clearly beneficial (mostly polynomial evaluations with temporaries). object size differences on i386, gcc-4.8: old new __cosdf.o 123 95 __cos.o 199 169 __sindf.o 131 95 __sin.o 225 203 __tandf.o 207 151 __tan.o 605 499 erff.o 1470 1416 erf.o 1703 1649 j0f.o 1779 1745 j0.o 2308 2274 j1f.o 1602 1568 j1.o 2286 2252 tgamma.o 1431 1424 math/*.o 64164 63635