libc: Purge unneeded cdefs.h

These sys/cdefs.h are not needed. Purge them. They are mostly left-over
from the $FreeBSD$ removal. A few in libc are still required for macros
that cdefs.h defines. Kee

libc: Purge unneeded cdefs.h

These sys/cdefs.h are not needed. Purge them. They are mostly left-over
from the $FreeBSD$ removal. A few in libc are still required for macros
that cdefs.h defines. Keep those.

Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D42385

(cherry picked from commit 559a218c9b257775fb249b67945fe4a05b7a6b9f)

show more ...

fflush: correct buffer handling in __sflush

Two additional stdio changes followed 86a16ada1ea6 and need to be
reverted as part of the fflush fix.

This reverts commit 6e13794fbe6e82c21365d0fd66769bf

fflush: correct buffer handling in __sflush

Two additional stdio changes followed 86a16ada1ea6 and need to be
reverted as part of the fflush fix.

This reverts commit 6e13794fbe6e82c21365d0fd66769bf8b19c0197.
This reverts commit bafaa70b6f9098d83d074968c8e6747ecec1e118.

Fixes: d09a3bf72c0b ("fflush: correct buffer handling in __sflush")
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D42491

(cherry picked from commit 4e0e01bf6511c28212d7dff94fe131a502e13026)

Approved by: so

show more ...

libc: remove unused errno.h include

errno.h was added in 44cf1e5eb470, which has been reverted.

Fixes: d09a3bf72c0b ("fflush: correct buffer handling in __sflush")
Sponsored by: The FreeBSD Foundat

libc: remove unused errno.h include

errno.h was added in 44cf1e5eb470, which has been reverted.

Fixes: d09a3bf72c0b ("fflush: correct buffer handling in __sflush")
Sponsored by: The FreeBSD Foundation

(cherry picked from commit 418f026bd5a5084c1c4e2e91ad38051f6caa928c)

Approved by: so

show more ...

fflush: correct buffer handling in __sflush

This fixes CVE-2014-8611 correctly.

The commit that purported to fix CVE-2014-8611 (805288c2f062) only hid
it behind another bug. Two later commits, 86a

fflush: correct buffer handling in __sflush

This fixes CVE-2014-8611 correctly.

The commit that purported to fix CVE-2014-8611 (805288c2f062) only hid
it behind another bug. Two later commits, 86a16ada1ea6 and
44cf1e5eb470, attempted to address this new bug but mostly just confused
the issue. This commit rolls back the three previous changes and fixes
CVE-2014-8611 correctly.

The key to understanding the bug (and the fix) is that `_w` has
different meanings for different stream modes. If the stream is
unbuffered, it is always zero. If the stream is fully buffered, it is
the amount of space remaining in the buffer (equal to the buffer size
when the buffer is empty and zero when the buffer is full). If the
stream is line-buffered, it is a negative number reflecting the amount
of data in the buffer (zero when the buffer is empty and negative buffer
size when the buffer is full).

At the heart of `fflush()`, we call the stream's write function in a
loop, where `t` represents the return value from the last call and `n`
the amount of data that remains to be written. When the write function
fails, we need to move the unwritten data to the top of the buffer
(unless nothing was written) and adjust `_p` (which points to the next
free location in the buffer) and `_w` accordingly. These variables have
already been set to the values they should have after a successful
flush, so instead of adjusting them down to reflect what was written,
we're adjusting them up to reflect what remains.

The bug was that while `_p` was always adjusted, we only adjusted `_w`
if the stream was fully buffered. The fix is to also adjust `_w` for
line-buffered streams. Everything else is just noise.

Fixes: 805288c2f062
Fixes: 86a16ada1ea6
Fixes: 44cf1e5eb470
Sponsored by: Klara, Inc.

(cherry picked from commit d09a3bf72c0b5f1779c52269671872368c99f02a)

Approved by: so

show more ...

Remove $FreeBSD$: one-line .c pattern

Remove /^[\s*]*__FBSDID\("\$FreeBSD\$"\);?\s*\n/

libc/stdio: only roll FILE state back on EINTR

Reported by: JunT <[email protected]>
PR: 266171
Reviewed by: emaste, markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Different

libc/stdio: only roll FILE state back on EINTR

Reported by: JunT <[email protected]>
PR: 266171
Reviewed by: emaste, markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D36427

show more ...

libc __sfvwrite(): roll back FILE buffer pointer on fflush error

__sfvwrite() advances the pointer before calling fflush. If fflush()
fails, it is not enough to roll back inside it, because we can

libc __sfvwrite(): roll back FILE buffer pointer on fflush error

__sfvwrite() advances the pointer before calling fflush. If fflush()
fails, it is not enough to roll back inside it, because we cannot know
how much was advanced by the caller.

Reported by: Peter <[email protected]>
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Fixes: 86a16ada1ea608408cec370171d9f59353e97c77

show more ...

General further adoption of SPDX licensing ID tags.

Mainly focus on files that use BSD 3-Clause license.

The Software Package Data Exchange (SPDX) group provides a specification
to make it easier f

General further adoption of SPDX licensing ID tags.

Mainly focus on files that use BSD 3-Clause license.

The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.

Special thanks to Wind River for providing access to "The Duke of
Highlander" tool: an older (2014) run over FreeBSD tree was useful as a
starting point.

show more ...

Convert libc/stdio from K&R to ANSI C

And add '__restrict' where it appeared in the header prototypes

Renumber clauses to reduce diffs to other versions

NetBSD, OpenBSD, and Android's Bionic all number the clauses 1 through 3,
so follow suit to make comparison easier.

Acked-by: imp@

MFC revs 199781,199782,199784,199785,199786:

Eliminate dead stores.

In __mbsconv(), if prec was zero, nconv could have been used
uninitialized. Initialize it to a safe value so that there's

MFC revs 199781,199782,199784,199785,199786:

Eliminate dead stores.

In __mbsconv(), if prec was zero, nconv could have been used
uninitialized. Initialize it to a safe value so that there's no
chance of returning an error if stack garbage happens to be equal to
(size_t)-1 or (size_t)-2.

In svc_raw_reply(), don't leave stat uninitialized if the MSG_ACCEPTED
&& SUCCESS case succeeds. The stack garbage might be zero.

In clnt_raw_create(), avoid minor race condition initializing the
file-scope variable clntraw_private.

Found by: Clang static analyzer

show more ...

Eliminate dead store.

Found by: Clang static analyzer
MFC after: 7 days

Per Regents of the University of Calfornia letter, remove advertising
clause.

# If I've done so improperly on a file, please let me know.

Rename cantwrite() to prepwrite(). The latter is less confusing,
since the macro isn't really a predicate, and it has side-effects.
Also, don't set errno if prepwrite() fails, since this is done in

Rename cantwrite() to prepwrite(). The latter is less confusing,
since the macro isn't really a predicate, and it has side-effects.
Also, don't set errno if prepwrite() fails, since this is done in
prepwrite() now.

show more ...

If handed a file pointer we can't write to, set errno properly to EBADF
in order to get SUSv2 conformant behavior in higher level calls like
fputs() and puts().

Reviewed by: bde

Fix the style of the SCM ID's.
I believe have made all of libc .c's as consistent as possible.

Remove 'register' keyword.

Re-arrange my funopen(3) fix to minimize differences with original stdio code,
no functional changes.

Add fp->_offset optimization in _SAPP+_SOPT case

Move all stdio internal flags processing and setting out of __sread(),
__swrite() and __sseek() to higher level. According to funopen(3) they all
are just wrappers to something like standard read(2),

Move all stdio internal flags processing and setting out of __sread(),
__swrite() and __sseek() to higher level. According to funopen(3) they all
are just wrappers to something like standard read(2), write(2) and
lseek(2), i.e. must not touch stdio internals because they are replaceable
with any other functions knows nothing about stdio internals. See example
of funopen(3) usage in sendmail sources f.e.

NOTE: this is original stdio bug, not result of my range checkin added.

show more ...

Remove _THREAD_SAFE and make libc thread-safe by default by
adding (weak definitions to) stubs for some of the pthread
functions. If the threads library is linked in, the real
pthread functions will

Remove _THREAD_SAFE and make libc thread-safe by default by
adding (weak definitions to) stubs for some of the pthread
functions. If the threads library is linked in, the real
pthread functions will pulled in.

Use the following convention for system calls wrapped by the
threads library:
__sys_foo - actual system call
_foo - weak definition to __sys_foo
foo - weak definition to __sys_foo

Change all libc uses of system calls wrapped by the threads
library from foo to _foo. In order to define the prototypes
for _foo(), we introduce namespace.h and un-namespace.h
(suggested by bde). All files that need to reference these
system calls, should include namespace.h before any standard
includes, then include un-namespace.h after the standard
includes and before any local includes. <db.h> is an exception
and shouldn't be included in between namespace.h and
un-namespace.h namespace.h will define foo to _foo, and
un-namespace.h will undefine foo.

Try to eliminate some of the recursive calls to MT-safe
functions in libc/stdio in preparation for adding a mutex
to FILE. We have recursive mutexes, but would like to avoid
using them if possible.

Remove uneeded includes of <errno.h> from a few files.

Add $FreeBSD$ to a few files in order to pass commitprep.

Approved by: -arch

show more ...

$Id$ -> $FreeBSD$

Replace memory leaking instances of realloc with non-leaking reallocf.
In some cases replace if (a == null) a = malloc(x); else a =
realloc(a, x); with simple reallocf(a, x). Per ANSI-C, this is
gua

Replace memory leaking instances of realloc with non-leaking reallocf.
In some cases replace if (a == null) a = malloc(x); else a =
realloc(a, x); with simple reallocf(a, x). Per ANSI-C, this is
guaranteed to be the same thing.

I've been running these on my system here w/o ill effects for some
time. However, the CTM-express is at part 6 of 34 for the CAM
changes, so I've not been able to do a build world with the CAM in the
tree with these changes. Shouldn't impact anything, but...

show more ...

Replace my original asprintf() and vasprintf() hacks with something
more cleanly integrated with stdio. This should be faster and cleaner
since it doesn't memcpy() the data into a seperate buffer.

Replace my original asprintf() and vasprintf() hacks with something
more cleanly integrated with stdio. This should be faster and cleaner
since it doesn't memcpy() the data into a seperate buffer. This lets
stdio allocate and manage the buffer and then hand it over to the user.

Obtained from: Todd Miller <[email protected]> via OpenBSD

show more ...

1) Restore back comment about snprintf()
2) Optimize string buffer copy to call memcpy() and update pointers
only for count > 0, it makes snprintf(NULL, 0, ...) more efficient

Remove wrong comment about snprintf:
"return the number of bytes needed, rather the number used"

According to Single Unix specs:

Upon successful completion, these functions return the number of byt

Remove wrong comment about snprintf:
"return the number of bytes needed, rather the number used"

According to Single Unix specs:

Upon successful completion, these functions return the number of bytes
transmitted excluding the terminating null

show more ...