From 4805b60ccfeee32a4ac3547e680c917f9e5c1d39 Mon Sep 17 00:00:00 2001 From: Eric Blake Date: Wed, 25 May 2011 18:41:10 +0000 Subject: [PATCH] strerror: allow user hook to comply with POSIX rules * libc/string/strerror.c (strerror): Split body into... (_strerror_r): ...new reentrant function. * libc/string/u_strerr.c (_user_strerror): Update signature. * libc/include/stdio.h (_strerror_r): New prototype. * libc/posix/collate.c (__collate_err): Adjust callers. * libc/stdio/perror.c (_perror_r): Likewise. * libc/string/strerror_r.c (strerror_r): Likewise. * libc/string/xpg_strerror_r.c (__xpg_strerror_r): Likewise. --- newlib/ChangeLog | 11 ++++++ newlib/libc/include/string.h | 3 ++ newlib/libc/posix/collate.c | 3 +- newlib/libc/stdio/perror.c | 3 +- newlib/libc/string/strerror.c | 61 ++++++++++++++++++++--------- newlib/libc/string/strerror_r.c | 8 ++-- newlib/libc/string/u_strerr.c | 6 ++- newlib/libc/string/xpg_strerror_r.c | 5 ++- 8 files changed, 73 insertions(+), 27 deletions(-) diff --git a/newlib/ChangeLog b/newlib/ChangeLog index cbba19330..cf900e453 100644 --- a/newlib/ChangeLog +++ b/newlib/ChangeLog @@ -1,3 +1,14 @@ +2011-05-25 Eric Blake + + * libc/string/strerror.c (strerror): Split body into... + (_strerror_r): ...new reentrant function. + * libc/string/u_strerr.c (_user_strerror): Update signature. + * libc/include/stdio.h (_strerror_r): New prototype. + * libc/posix/collate.c (__collate_err): Adjust callers. + * libc/stdio/perror.c (_perror_r): Likewise. + * libc/string/strerror_r.c (strerror_r): Likewise. + * libc/string/xpg_strerror_r.c (__xpg_strerror_r): Likewise. + 2011-05-19 Yaakov Selkowitz * libc/include/stdio_ext.h: New header. diff --git a/newlib/libc/include/string.h b/newlib/libc/include/string.h index d83fb8ac9..d565e8e32 100644 --- a/newlib/libc/include/string.h +++ b/newlib/libc/include/string.h @@ -96,6 +96,9 @@ char *_EXFUN(strsignal, (int __signo)); int _EXFUN(strtosigno, (const char *__name)); #endif +/* Recursive version of strerror. */ +char * _EXFUN(_strerror_r, (struct _reent *, int, int, int *)); + /* These function names are used on Windows and perhaps other systems. */ #ifndef strcmpi #define strcmpi strcasecmp diff --git a/newlib/libc/posix/collate.c b/newlib/libc/posix/collate.c index 8af8970c9..6ee455001 100644 --- a/newlib/libc/posix/collate.c +++ b/newlib/libc/posix/collate.c @@ -177,12 +177,13 @@ __collate_err(int ex, const char *f) { const char *s; int serrno = errno; + int dummy; /* Be careful to change write counts if you change the strings */ write(STDERR_FILENO, "collate_error: ", 15); write(STDERR_FILENO, f, strlen(f)); write(STDERR_FILENO, ": ", 2); - s = strerror(serrno); + s = _strerror_r(_REENT, serrno, 1, &dummy); write(STDERR_FILENO, s, strlen(s)); write(STDERR_FILENO, "\n", 1); exit(ex); diff --git a/newlib/libc/stdio/perror.c b/newlib/libc/stdio/perror.c index 5dbf3326c..14b4d2173 100644 --- a/newlib/libc/stdio/perror.c +++ b/newlib/libc/stdio/perror.c @@ -73,6 +73,7 @@ _DEFUN(_perror_r, (ptr, s), _CONST char *s) { char *error; + int dummy; _REENT_SMALL_CHECK_INIT (ptr); if (s != NULL && *s != '\0') @@ -81,7 +82,7 @@ _DEFUN(_perror_r, (ptr, s), fputs (": ", _stderr_r (ptr)); } - if ((error = strerror (ptr->_errno)) != NULL) + if ((error = _strerror_r (ptr, ptr->_errno, 1, &dummy)) != NULL) fputs (error, _stderr_r (ptr)); fputc ('\n', _stderr_r (ptr)); diff --git a/newlib/libc/string/strerror.c b/newlib/libc/string/strerror.c index 61e40ab7a..fd6edd9e2 100644 --- a/newlib/libc/string/strerror.c +++ b/newlib/libc/string/strerror.c @@ -15,6 +15,8 @@ INDEX ANSI_SYNOPSIS #include char *strerror(int <[errnum]>); + char *_strerror_r(struct _reent <[ptr]>, int <[errnum]>, + int <[internal]>, int *<[error]>); TRAD_SYNOPSIS #include @@ -288,6 +290,8 @@ Strings pipe error o- +<<_strerror_r>> is a reentrant version of the above. + RETURNS This function returns a pointer to a string. Your application must not modify that string. @@ -296,10 +300,10 @@ PORTABILITY ANSI C requires <>, but does not specify the strings used for each error number. -Although this implementation of <> is reentrant, ANSI C -declares that subsequent calls to <> may overwrite the -result string; therefore portable code cannot depend on the reentrancy -of this subroutine. +Although this implementation of <> is reentrant (depending +on <<_user_strerror>>), ANSI C declares that subsequent calls to +<> may overwrite the result string; therefore portable +code cannot depend on the reentrancy of this subroutine. Although this implementation of <> guarantees a non-null result with a NUL-terminator, some implementations return <> @@ -317,15 +321,24 @@ extensibility. <> defines <[__ELASTERROR]>, which can be used as a base for user-defined error values. If the user supplies a routine named <<_user_strerror>>, and <[errnum]> passed to <> does not match any of the supported values, -<<_user_strerror>> is called with <[errnum]> as its argument. - -<<_user_strerror>> takes one argument of type <[int]>, and returns a -character pointer. If <[errnum]> is unknown to <<_user_strerror>>, -<<_user_strerror>> returns <[NULL]>. The default <<_user_strerror>> -returns <[NULL]> for all input values. - -Note that <<_user_sterror>> must be thread-safe and not alter <> -if <> is to comply with POSIX. +<<_user_strerror>> is called with three arguments. The first is of +type <[int]>, and is the <[errnum]> value unknown to <>. +The second is of type <[int]>, and matches the <[internal]> argument +of <<_strerror_r>>; this should be zero if called from <> +and non-zero if called from any other function; <<_user_strerror>> can +use this information to satisfy the POSIX rule that no other +standardized function can overwrite a static buffer reused by +<>. The third is of type <[int *]>, and matches the +<[error]> argument of <<_strerror_r>>; if a non-zero value is stored +into that location (usually <[EINVAL]>), then <> will set +<> to that value, and the XPG variant of <> will +return that value instead of zero or <[ERANGE]>. <<_user_strerror>> +returns a <[char *]> value; returning <[NULL]> implies that the user +function did not choose to handle <[errnum]>. The default +<<_user_strerror>> returns <[NULL]> for all input values. Note that +<<_user_sterror>> must be thread-safe, and only denote errors via the +third argument rather than modifying <>, if <> and +<> are are to comply with POSIX. <> requires no supporting OS subroutines. @@ -337,11 +350,14 @@ QUICKREF #include char * -_DEFUN (strerror, (errnum), - int errnum) +_DEFUN (_strerror_r, (ptr, errnum, internal, errptr), + struct _reent *ptr _AND + int errnum _AND + int internal _AND + int *errptr) { char *error; - extern char *_user_strerror _PARAMS ((int)); + extern char *_user_strerror _PARAMS ((int, int, int *)); switch (errnum) { @@ -798,10 +814,19 @@ _DEFUN (strerror, (errnum), break; #endif default: - if ((error = _user_strerror (errnum)) == 0) - error = ""; + if (!errptr) + errptr = &ptr->_errno; + if ((error = _user_strerror (errnum, internal, errptr)) == 0) + error = ""; break; } return error; } + +char * +_DEFUN(strerror, (int), + int errnum) +{ + return _strerror_r (_REENT, errnum, 0, NULL); +} diff --git a/newlib/libc/string/strerror_r.c b/newlib/libc/string/strerror_r.c index c2057b7f0..d26a412a5 100644 --- a/newlib/libc/string/strerror_r.c +++ b/newlib/libc/string/strerror_r.c @@ -43,7 +43,9 @@ PORTABILITY <> with a <[char *]> result is a GNU extension. <> with an <[int]> result is required by POSIX 2001. This function is compliant only if <<_user_strerror>> is not provided, -or if it is thread-safe and does not modify <>. +or if it is thread-safe and uses separate storage according to whether +the second argument of that function is non-zero. For more details +on <<_user_strerror>>, see the <> documentation. POSIX states that the contents of <[buf]> are unspecified on error, although this implementation guarantees a NUL-terminated string for @@ -55,7 +57,7 @@ provides only an empty string (unless you provide <<_user_strerror>>). POSIX also recommends that unknown <[errnum]> fail with EINVAL even when providing such a message, however it is not a requirement and this implementation will return success if <<_user_strerror>> provided -a non-empty alternate string. +a non-empty alternate string without assigning into its third argument. <> requires no supporting OS subroutines. @@ -75,7 +77,7 @@ _DEFUN (strerror_r, (errnum, buffer, n), char *buffer _AND size_t n) { - char *error = strerror (errnum); + char *error = _strerror_r (_REENT, errnum, 1, NULL); if (strlen (error) >= n) return error; diff --git a/newlib/libc/string/u_strerr.c b/newlib/libc/string/u_strerr.c index fa4605c8b..7d902feb7 100644 --- a/newlib/libc/string/u_strerr.c +++ b/newlib/libc/string/u_strerr.c @@ -1,8 +1,10 @@ #include <_ansi.h> char * -_DEFUN(_user_strerror, (errnum), - int errnum) +_DEFUN(_user_strerror, (errnum, internal, errptr), + int errnum _AND + int internal _AND + int *errptr) { return 0; } diff --git a/newlib/libc/string/xpg_strerror_r.c b/newlib/libc/string/xpg_strerror_r.c index ce94bd8a4..e503880b0 100644 --- a/newlib/libc/string/xpg_strerror_r.c +++ b/newlib/libc/string/xpg_strerror_r.c @@ -10,10 +10,11 @@ _DEFUN (__xpg_strerror_r, (errnum, buffer, n), size_t n) { char *error; + int result = 0; if (!n) return ERANGE; - error = strerror (errnum); + error = _strerror_r (_REENT, errnum, 1, &result); if (strlen (error) >= n) { memcpy (buffer, error, n - 1); @@ -21,5 +22,5 @@ _DEFUN (__xpg_strerror_r, (errnum, buffer, n), return ERANGE; } strcpy (buffer, error); - return *error ? 0 : EINVAL; + return (result || *error) ? result : EINVAL; }