AgeCommit message (Collapse)AuthorLines
2012-07-03jmp_buf overhaul fixing several issuesRich Felker-14/+15
on arm, the location of the saved-signal-mask flag and mask were off by one between sigsetjmp and siglongjmp, causing incorrect behavior restoring the signal mask. this is because the siglongjmp code assumed an extra slot was in the non-sig jmp_buf for the flag, but arm did not have this. now, the extra slot is removed for all archs since it was useless. also, arm eabi requires jmp_buf to have 8-byte alignment. we achieve that using long long as the type rather than with non-portable gcc attribute tags.
2012-07-02fix sigsetjmp on arm (needs asm)Rich Felker-0/+13
no idea why gcc refuses to compile the C code to use a tail call, but it's best to use asm anyway so we don't have to rely on the quality of the compiler's optimizations for correct code.
2012-07-02fix missing function declarations for __stdio_exitRich Felker-0/+4
2012-07-02fix missing prototype and simplify sincosl on ld64 archsRich Felker-4/+2
2012-07-02fix invalid implicit pointer conversion in ld64 modflRich Felker-1/+1
2012-06-29replace old and ugly crypt implementationRich Felker-2574/+1075
the new version is largely the work of Solar Designer, with minor changes for integration with musl. compared to the old code, text size is reduced by about 7k, stack space usage by about 70k, and performance is greatly improved by avoiding expensive calculation of constant tables on each run. this version also adds support for extended des-based password hashes, which allow for unlimited key (password) length and configurable iteration counts. i've also published the interface for crypt_r in a new crypt.h header. especially since this is not a standard interface, i did not feel compelled to match the glibc abi for the crypt_data structure. the glibc structure is way too big to allocate on the stack; in fact it's so big that the first usage may cause the main thread to exceed its pre-committed stack size of 128k and thus could cause the program to crash even on systems with overcommit disabled. the only legitimate use of crypt_data for crypt_r is to store the hash string to return, so i've reserved 256 bytes, which should be more than sufficient (longest known password hashes are ~60 characters, and beyond that is possibly even exceeding some implementations' passwd file field size limit).
2012-06-25fix arm crti/crtn codeRich Felker-0/+4
lr must be saved because init/fini-section code from the compiler clobbers it. this was not a problem when i tested without gcc's crtbegin/crtend files present, but with them, musl on arm fails to work (infinite loop in _init).
2012-06-24release notes for 0.9.2v0.9.2Rich Felker-0/+44
2012-06-23add process_vm_readv and process_vm_writev syscall wrappersRich Felker-0/+22
based on a patch submitted by Kristian L. <>
2012-06-23update syscall defs to latest kernel onesRich Felker-0/+38
patch submitted by Kristian L. <>
2012-06-20proper error handling for fcntl F_GETOWN on modern kernelsRich Felker-1/+29
on old kernels, there's no way to detect errors; we must assume negative syscall return values are pgrp ids. but if the F_GETOWN_EX fcntl works, we can get a reliable answer.
2012-06-20math: fix fma bug on x86 (found by Bruno Haible with gnulib)nsz-2/+10
The long double adjustment was wrong: The usual check is mant_bits & 0x7ff == 0x400 before doing a mant_bits++ or mant_bits-- adjustment since this is the only case when rounding an inexact ld80 into double can go wrong. (only in nearest rounding mode) After such a check the ++ and -- is ok (the mantissa will end in 0x401 or 0x3ff). fma is a bit different (we need to add 3 numbers with correct rounding: hi_xy + lo_xy + z so we should survive two roundings at different places without precision loss) The adjustment in fma only checks for zero low bits mant_bits & 0x3ff == 0 this way the adjusted value is correct when rounded to double or *less* precision. (this is an important piece in the fma puzzle) Unfortunately in this case the -- is not a correct adjustment because mant_bits might underflow so further checks are needed and this was the source of the bug.
2012-06-20fix broken wcwidth tablesRich Felker-7/+8
unicode char data has both "W" and "F" wide types and the old table only included the "W" ones. this omitted U+3000 (ideographic space) and all the wide-ascii, etc.
2012-06-20support ld80 pseudo-denormal invalid bit patterns; treat them as nanRich Felker-2/+5
this is silly, but it makes apps that read binary junk and interpret it as ld80 "safer", and it gets gnulib to stop replacing printf...
2012-06-20fix ptsname_r to conform to the upcoming posix requirementsRich Felker-4/+13
it should return the error code rather than 0/-1 and setting errno.
2012-06-20fix fwrite return value when full write does not succeedRich Felker-1/+1
2012-06-20avoid cancellation in pcloseRich Felker-3/+4
at the point pclose might receive and act on cancellation, it has already invalidated the FILE passed to it. thus, per musl's QOI guarantees about cancellation and resource allocation/deallocation, it's not a candidate for cancellation. if it were required to be a cancellation point by posix, we would have to switch the order of deallocation, but somehow still close the pipe in order to trigger the child process to exit. i looked into doing this, but the logic gets ugly, and i'm not sure the semantics are conformant, so i'd rather just leave it alone unless there's a need to change it.
2012-06-20fix invalid memory access in pcloseRich Felker-1/+2
2012-06-20make popen cancellation-safeRich Felker-0/+7
close was the only cancellation point called from popen, but it left popen with major resource leaks if any call to close got cancelled. the easiest, cheapest fix is just to use a non-cancellable close function.
2012-06-20popen: handle issues with fd0/1 being closedRich Felker-3/+3
also check for failure of dup2 and abort the child rather than reading/writing the wrong file.
2012-06-20duplocale: don't crash when called with LC_GLOBAL_LOCALERich Felker-1/+1
posix has resolved to add this usage; for now, we just avoid writing anything to the new locale object since it's not used anyway.
2012-06-20make strerror_r behave nicer on failureRich Felker-2/+8
if the buffer is too short, at least return a partial string. this is helpful if the caller is lazy and does not check for failure. care is taken to avoid writing anything if the buffer length is zero, and to always null-terminate when the buffer length is non-zero.
2012-06-20fix another oob pointer arithmetic issue in printf floating pointRich Felker-1/+1
this one could never cause any problems unless the compiler/machine goes to extra trouble to break oob pointer arithmetic, but it's best to fix it anyway.
2012-06-20minor perror behavior fixRich Felker-1/+1
patch by nsz
2012-06-19fix localeconv values and implementationRich Felker-15/+28
dynamic-allocation of the structure is not valid; it can crash an application if malloc fails. since localeconv is not specified to have failure conditions, the object needs to have static storage duration. need to review whether all the values are right or not still..
2012-06-19fix mistake in length test in getlogin_rRich Felker-1/+1
this was actually dangerously wrong, but presumably nobody uses this broken function anymore anyway..
2012-06-19fix dummied-out fsyncRich Felker-2/+1
if we eventually have build options, it might be nice to make an option to dummy this out again, in case anybody needs a system-wide disable for disk/ssd-thrashing, etc. that some daemons do when logging...
2012-06-19fix dummied-out fdatasyncRich Felker-1/+1
2012-06-19fix pointer overflow bug in floating point printfRich Felker-3/+3
large precision values could cause out-of-bounds pointer arithmetic in computing the precision cutoff (used to avoid expensive long-precision arithmetic when the result will be discarded). per the C standard, this is undefined behavior. one would expect that it works anyway, and in fact it did in most real-world cases, but it was randomly (depending on aslr) crashing in i386 binaries running on x86_64 kernels. this is because linux puts the userspace stack near 4GB (instead of near 3GB) when the kernel is 64-bit, leading to the out-of-bounds pointer arithmetic overflowing past the end of address space and giving a very low pointer value, which then compared lower than a pointer it should have been higher than. the new code rearranges the arithmetic so that no overflow can occur. while this bug could crash printf with memory corruption, it's unlikely to have security impact in real-world applications since the ability to provide an extremely large field precision value under attacker-control is required to trigger the bug.
2012-06-19add vhangup syscall wrapperRich Felker-0/+8
request/patch by william haddonthethird, slightly modifed to add _GNU_SOURCE feature test macro so that the compiler can verify the prototype matches.
2012-06-19include declarations for new stdio_ext functions (gnulib support)Rich Felker-0/+5
2012-06-19add new stdio extension functions to make gnulib happyRich Felker-0/+24
this is mildly ugly, but less ugly than gnulib trying to poke at the definition of the FILE structure...
2012-06-19stdio: handle file position correctly at program exitRich Felker-6/+40
for seekable files, posix imposed requirements on the offset of the underlying open file description after a stream is closed. this was correctly handled (as a side effect of the unconditional fflush call) when streams were explicitly closed by fclose, but was not handled correctly at program exit time, where fflush(0) was being used. the weak symbol hackery is to pull in __stdio_exit if either of __toread or __towrite is used, but avoid calling it twice so we don't have to keep extra state. the new __stdio_exit is a streamlined fflush variant that avoids performing any unnecessary operations and which never unlocks the files or open file list, so we can be sure no other threads write new data to a stream's buffer after it's already flushed.
2012-06-19minor cleanup in fflushRich Felker-5/+1
2012-06-19remove flush hook cruft that was never used from stdioRich Felker-5/+1
there is no need/use for a flush hook. the write function serves this purpose already. i originally created the hook for implementing mem streams based on a mistaken reading of posix, and later realized it wasn't useful but never removed it until now.
2012-06-18fix multiple iconv bugs reading utf-16/32 and wchar_tRich Felker-8/+8
2012-06-18fix iconv dest utf-16: unavailable chars must be replaced; EILSEQ is wrongRich Felker-2/+2
2012-06-18fix erroneous utf-16 encoding with surrogates in iconvRich Felker-0/+1
apparently this was never tested before.
2012-06-17change stdio_ext __freading/__fwriting semantics slightlyRich Felker-2/+2
the old behavior was to only consider a stream to be "reading" or "writing" if it had buffered, unread/unwritten data. this reportedly differs from the traditional behavior of these functions, which is essentially to return true as much as possible without creating the possibility that both __freading and __fwriting could return true. gnulib expects __fwriting to return true as soon as a file is opened write-only, and possibly expects other cases that depend on the traditional behavior. and since these functions exist mostly for gnulib (does anything else use them??), they should match the expected behavior to avoid even more ugly hacks and workarounds...
2012-06-17fdopen should set errno when it fails due to invalid mode stringRich Felker-1/+4
2012-06-15header file fixes: multiple include guard consistency and correctnessRich Felker-18/+18
one file was reusing another file's macro name, and many had inconsistent underscores and application of SYS prefix, etc. patch by Szabolcs Nagy (nsz)
2012-06-14direct syscall to open in __init_security needs O_LARGEFILERich Felker-1/+1
it probably does not matter for /dev/null, but this should be done consistently anyway.
2012-06-14reorder exit code to defer stdio flush until after dtorsRich Felker-4/+1
this is required in case dtors use stdio. also remove the old comments; one was cruft from when the code used to be using function pointers and conditional calls, and has little motivation now that we're using weak symbols. the other was just complaining about having to support dtors even though the cost was made essentially zero in the non-use case by the way it's done here.
2012-06-13revert one change in time.h; no evidence BSD_SOURCE should expose these..Rich Felker-1/+1
2012-06-13fix feature test macros in time.hRich Felker-5/+2
stime is not _XOPEN_SOURCE, and some functions were missing with _BSD_SOURCE..
2012-06-13add timegm function (inverse of gmtime), nonstandardRich Felker-0/+12
2012-06-13add init_module/delete_module syscall wrappersRich Felker-0/+11
these are not exposed publicly in any header, but the few programs that use them (modutils/kmod, etc.) are declaring the functions themselves rather than making the syscalls directly, and it doesn't really hurt to have them (same as the capset junk).
2012-06-13add (currently stubbed due to stubbed strverscmp) versionsort functionRich Felker-0/+13
based on patch by Emil Renner Berthing, with minor changes to dirent.h for LFS64 and organization of declarations this code should work unmodified once a real strverscmp is added, but I've been hesitant to add it because the GNU strverscmp behavior is harmful in a lot of cases (for instance if you have numeric filenames in hex). at some point I plan on trying to design a variant of the algorithm that behaves better on a mix of filename styles.
2012-06-13add deprecated capabilities functionsRich Felker-0/+11
these were left in glibc for binary compatibility after the public part of the interface was removed, and libcap kept using them (with its own copy of the header files) rather than just making the syscalls directly. might as well add them since they're so small...
2012-06-09fix char signedness bug (arm-specific) in dynamic linkerRich Felker-1/+1