Commit Graph

400 Commits

Author SHA1 Message Date
Keith Packard cf86601d98 svfwscanf: Simplify _sungetwc_r to eliminate apparent buffer overflow
svfwscanf replaces getwc and ungetwc_r. The comments in the code talk
about avoiding file operations, but they also need to bypass the
mbtowc calls as svfwscanf operates on wchar_t, not multibyte data,
which is a more important reason here; they would not work correctly
otherwise.

The ungetwc replacement has code which uses the 3 byte FILE _ubuf
field, but if wchar_t is 32-bits, this field is not large enough to
hold even one wchar_t value. Building in this mode generates warnings
about array overflow:

	In file included from ../../newlib/libc/stdio/svfiwscanf.c:35:
	../../newlib/libc/stdio/vfwscanf.c: In function '_sungetwc_r.isra':
	../../newlib/libc/stdio/vfwscanf.c:316:12: warning: array subscript 4294967295 is above array bounds of 'unsigned char[3]' [-Warray-bounds]
	  316 |   fp->_p = &fp->_ubuf[sizeof (fp->_ubuf) - sizeof (wchar_t)];
	      |            ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
	In file included from ../../newlib/libc/stdio/stdio.h:46,
			 from ../../newlib/libc/stdio/vfwscanf.c:82,
			 from ../../newlib/libc/stdio/svfiwscanf.c:35:
	../../newlib/libc/include/sys/reent.h:216:17: note: while referencing '_ubuf'
	  216 |   unsigned char _ubuf[3]; /* guarantee an ungetc() buffer */
	      |                 ^~~~~

However, the vfwscanf code *never* ungets data before the start of the
scanning operation, and *always* ungets data which matches the input
at that point, so the code always hits the block which backs up over
the input data and never hits the block which uses the _ubuf field.

In addition, the svfwscanf code will always start with the unget
buffer empty, so the ungetwc replacement never needs to support an
unget buffer at all.

Simplify the code by removing support for everything other than
backing up over the input data, leaving the check to make sure it
doesn't get underflowed in case the vfscanf code has a bug in it.

Signed-off-by: Keith Packard <keithp@keithp.com>
2021-08-18 10:37:24 +02:00
Keith Packard 92068f4cc5 stdio: Parse 0x0p+00 correctly in scanf
The scanf code was skipping the '0' after the 'x' causing the
resulting buffer to contain an invalid number when passed to strtod.

Signed-off-by: Keith Packard <keithp@keithp.com>
2021-06-18 17:15:37 -04:00
Corinna Vinschen 9c6c2fb0f6 scanf: allow hex float input per POSIX
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2021-04-19 22:00:10 +02:00
Corinna Vinschen 80bd01ef83 Add build mechanism to share common header files between machines
So far the build mechanism in newlib only allowed to either define
machine-specific headers, or headers shared between all machines.
In some cases, architectures are sufficiently alike to share header
files between them, but not with other architectures.  A good example
is ix86 vs. x86_64, which share certain traits with each other, but
not with other architectures.

Introduce a new configure variable called "shared_machine_dir".  This
dir can then be used for headers shared between architectures.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2021-04-13 12:55:33 +02:00
Jozef Lawrynowicz 754386c7f5 Fix warnings when building for msp430-elf
The MSP430 target supports both 16-bit and 20-bit size_t and intptr_t.
Some implicit casts in Newlib expect these types to be
"long", (a 32-bit type on MSP430) which causes warnings during
compilation such as:
  "cast from pointer to integer of different size"
2020-09-03 12:55:32 +02:00
Keith Packard ff24ce9193 Typo in license for newlib/libc/stdio/flags.c
Fix spelling:

	MERCHANT I BILITY -> MERCHANT A BILITY

Signed-off-by: Keith Packard <keithp@keithp.com>
2020-02-06 11:58:50 +01:00
Keith Packard 9042d0ce65 Use remove-advertising-clause script to edit BSD licenses
This edits licenses held by Berkeley and NetBSD, both of which
have removed the advertising requirement from their licenses.

Signed-off-by: Keith Packard <keithp@keithp.com>
2020-01-29 19:03:31 +01:00
Corinna Vinschen 2607f00423 Revert "newlib: fix fseek optimization with SEEK_CUR"
This reverts commit 59362c80e3.

This breaks gnulib's autoconf test for POSIX compatibility of
fflush/fseek.  After fflush/fseek, ftello and lseek are out of
sync, with lseek having the wrong offset.  This breaks backward
compatibility with Cygwin applications.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2020-01-29 18:53:44 +01:00
Bastien Bouclet 59362c80e3 newlib: fix fseek optimization with SEEK_CUR
The call to fflush was invalidating the read buffer, preventing relative
seeks to positions that would have been inside the read buffer from
being optimized. The call to srefill would then re-read mostly the same
data that was initially in the read buffer.
2019-11-18 11:02:52 +01:00
Lucio Andrés Illanes Albornoz d5daede26c Fix vfwscanf(3) assignment suppression flag handling bug
newlib's vfwscanf(3) (or specifically, __SVFWSCANF_R()) fails to correctly set
the assignment-suppressing character (`*') flag[1] which, when present in the
formatting string, results in undefined behaviour comprising retrieving and
dereferencing a pointer that was not supplied by the caller as such or at all.
When compared to the vfscanf(3) implementation, this would appear to be over
the missing goto match_failure statement preceded by the flags test seen below.
Hence, this patch (re)introduces it.

[1] <http://pubs.opengroup.org/onlinepubs/009695399/functions/fwscanf.html>

--
2019-06-03 10:38:40 +02:00
Corinna Vinschen 5fcbbf7ead stdio: drop unused O_TEXT handling on non-Cygwin
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-02-22 21:58:51 +01:00
Jon Beniston b3692aed5e nano-vfprintf_float.c: Fix check if negative for nans. 2018-12-13 13:15:32 +01:00
Keith Packard 2c245028af Use nanf("") instead of nanf(NULL)
Newer GCC versions require a non-NULL argument to this function for
some reason.

Signed-off-by: Keith Packard <keithp@keithp.com>
2018-08-29 15:57:27 +02:00
Corinna Vinschen 2d87d95f12 newlib: fix various gcc warnings
* unused variables
* potentially used uninitialized
* suggested bracketing
* misleading indentation

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2018-08-08 10:50:19 +02:00
Kumar Gala 6d7e0b337c Print sign of NaN values to nano-vfprintf.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
2018-07-17 14:41:59 +02:00
Takashi Yano 6a3e08a53e Fix newlib functions perror()/psignal() not to use writev().
This fix is for some platforms which do not have writev().
*perror.c: Use _write_r() instead of writev().
*psignal.c: Use write() insetad of writev().

Revise commit: d4f4e7ae1b
2018-07-05 15:33:49 -04:00
Takashi Yano d4f4e7ae1b Fix a bug of perror()/psignal() that changes the orientation of stderr.
* perror.c: Fix the problem that perror() changes the orientation
  of stderr to byte-oriented mode if stderr is not oriented yet.
* psignal.c: Ditto.
2018-07-04 14:17:28 +02:00
Our Air Quality b7520b14d5 Add global stdio streams support for reent small. 2018-03-01 18:05:31 -05:00
Jon Beniston b8272e3b8d Fix vprintf and vfscanf for GCC PR 14577 2018-02-01 13:28:28 +01:00
Yaakov Selkowitz 7192f84096 ansification: remove _HAVE_STDC
Signed-off-by: Yaakov Selkowitz <yselkowi@redhat.com>
2018-01-17 11:47:30 -06:00
Yaakov Selkowitz 70ee6b17df ansification: remove _EXFUN, _EXFUN_NOTHROW
Signed-off-by: Yaakov Selkowitz <yselkowi@redhat.com>
2018-01-17 11:47:29 -06:00
Yaakov Selkowitz 77f16db546 ansification: remove _EXFNPTR, _EXPARM
Signed-off-by: Yaakov Selkowitz <yselkowi@redhat.com>
2018-01-17 11:47:27 -06:00
Yaakov Selkowitz 9087163804 ansification: remove _DEFUN
Signed-off-by: Yaakov Selkowitz <yselkowi@redhat.com>
2018-01-17 11:47:26 -06:00
Yaakov Selkowitz 67ee0cac4c ansification: remove _VOID
Signed-off-by: Yaakov Selkowitz <yselkowi@redhat.com>
2018-01-17 11:47:20 -06:00
Yaakov Selkowitz fff27f8429 ansification: remove _DEFUN_VOID
Signed-off-by: Yaakov Selkowitz <yselkowi@redhat.com>
2018-01-17 11:47:19 -06:00
Yaakov Selkowitz 670b01da7f ansification: remove _CAST_VOID
Signed-off-by: Yaakov Selkowitz <yselkowi@redhat.com>
2018-01-17 11:47:17 -06:00
Yaakov Selkowitz e6321aa6a6 ansification: remove _PTR
Signed-off-by: Yaakov Selkowitz <yselkowi@redhat.com>
2018-01-17 11:47:16 -06:00
Yaakov Selkowitz eea249da3b ansification: remove _PARAMS
Signed-off-by: Yaakov Selkowitz <yselkowi@redhat.com>
2018-01-17 11:47:13 -06:00
Yaakov Selkowitz 2310096fbc ansification: remove _DOTS
Signed-off-by: Yaakov Selkowitz <yselkowi@redhat.com>
2018-01-17 11:47:10 -06:00
Yaakov Selkowitz 0bda30e1ff ansification: remove _CONST
Signed-off-by: Yaakov Selkowitz <yselkowi@redhat.com>
2018-01-17 11:47:08 -06:00
Yaakov Selkowitz 6783860a2e ansification: remove _AND
Signed-off-by: Yaakov Selkowitz <yselkowi@redhat.com>
2018-01-17 11:47:05 -06:00
Ivan Grokhotkov 1d01586b62 newlib: fvprintf: fix get_arg for !_MB_CAPABLE
Code path for _MB_CAPABLE scans for the '%' character and advances
'fmt' pointer past '%'. Code path for !_MB_CAPABLE leaved fmt pointing
to '%', which caused the state machine to go from START to DONE state
immediately.
2018-01-09 09:52:18 +01:00
Alexander Fedotov fcd33916ac fix incompatible pointer type for va_list in nano versions of printf and scanf for target like PowerPC 2018-01-08 11:05:05 +01:00
Corinna Vinschen 6e5b39940a newlib: ftello{64}: Handle appending stream without fflushing
Neither upstream FreeBSD nor glibc ever call fflush from ftell
and friends.  In border cases it has the tendency to return
wrong or unexpected values, for instance on block devices.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2017-12-18 20:17:51 +01:00
Corinna Vinschen dc2d175721 newlib: ftello{64}: Fix type of returned value
Especially don't just use -1L since _off_t/_off64_t are not
guaranteed to be of type long.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2017-12-18 20:15:27 +01:00
Jon Turney c006fd459f makedoc: make errors visible
Discard QUICKREF sections, rather than writing them to stderr
Discard MATHREF sections, rather than discarding as an error
Pass NOTES sections through to texinfo, rather than discarding as an error
Don't redirect makedoc stderr to .ref file
Remove makedoc output on error
Remove .ref files from CLEANFILES
Regenerate Makefile.ins

Signed-off-by: Jon Turney <jon.turney@dronecode.org.uk>
2017-12-07 11:54:11 +00:00
Corinna Vinschen 67e628fa33 newlib: vfwscanf: fix negation bug in %[ conversion
Old BSD bug:  While ^ is recognized and the set of matching characters
is negated, the code neglects to increment the pointer pointing to the
matching characters.  Thus, on a negation expression like %[^xyz], the
matching doesn't only stop at x, y, or z, but incorrectly also on ^.

Fix this by setting the start pointer after recognizing the ^.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2017-12-04 17:05:11 +01:00
Corinna Vinschen b7b6b42cd4 newlib: vfscanf: Implement %l[
Just as %lc and %ls, this is only enabled on ELIX_LEVEL >= 2.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2017-12-01 17:53:59 +01:00
Corinna Vinschen a49209d2bc newlib: vf[w]scanf: Fix conversion multibyte <-> wchar_t
* vfscanf: per POSIX, if the target type is wchar_t, the width is
  counted in (multibyte) characters, not in bytes.

* vfscanf: Handle UTF-8 multibyte sequences converted to surrogate
  pairs on UTF-16 systems.

* vfwscanf: Don't count high surrogates in input against field width
  counting.  Per POSIX, input is

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2017-12-01 17:18:26 +01:00
Corinna Vinschen 9638c07527 newlib: vf[w]scanf: Drop width computation mixup
The width value keeps the maximum field width.  This is the maximum
field width of the *input*.  It's *never* to be used in conjunction
with the number of bytes or characters written to the output argument.

However, especially in vfwscanf, the code is partially taken from
NetBSD which erroneously subtracts the number of multibyte chars
written to the argument from the width variable, thus potentially
subtracting up to MB_CUR_MAX from width for a single character in
the input stream.

To make matters worse, the previous patch adding %m added basically
the same mistake for 'c' type input.

Fix it.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2017-12-01 13:47:26 +01:00
Yaakov Selkowitz c7ef9668cf stdio: remove TRAD_SYNOPSIS
Signed-off-by: Yaakov Selkowitz <yselkowi@redhat.com>
2017-12-01 03:41:51 -06:00
Corinna Vinschen d43863f569 newlib: vf[w]scanf: Implement POSIX %m modifier
* The new code is guarded with _WANT_IO_POSIX_EXTENSIONS, but
  this is automatically enabled with _WANT_IO_C99_FORMATS for now.

* vfscanf neglects to implement %l[, so %ml[ is not implemented yet
  either.

* Sidenote: vfwscanf doesn't allow ranges in %[ yet.  Strictly this
  is allowed per POSIX, but it differes from vfscanf as well as from
  glibc.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2017-11-30 21:50:23 +01:00
Corinna Vinschen 7161622514 newlib: vfwscanf: fix miscomputation of max field width in %[] case
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2017-11-30 21:02:38 +01:00
Corinna Vinschen 0fd2c9bd12 newlib: vf[w]scanf: add validity checks
POSIX requires that directive characters appear in a certain sequence:

1. '%' or '%<n>$'
2. optional '*'
3. optional field width digits
4. optional 'm' (not yet implemented)
5. optional length modifier ('l', 'L', 'll', 'h', 'hh', 'j', 't', 'z')
6. conversion specifier ('d', 's', etc)

Add a few basic validity checks to that effect, otherwise reject
directive as match failure.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2017-11-30 11:55:27 +01:00
Corinna Vinschen 31f11d0572 newlib: vf[w]scanf: Use SIZE_MAX rather than ~0
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2017-11-30 11:41:36 +01:00
Corinna Vinschen 5e4a1c9c97 newlib: vfscanf: fix formatting
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2017-11-30 11:41:36 +01:00
Corinna Vinschen 2e328edee4 newlib: vf[w]scanf: Only return from a single point to simplify cleanup
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2017-11-30 11:41:36 +01:00
Corinna Vinschen 1bbdb3c953 newlib: [w]scanf: Fix behaviour on matching failure
The special handling of %\0 in [w]scanf is flawed.  It's just a
matching failure and should be handled as such.  scanf also
fakes an int input value on %X with X being an invalid conversion
char.  This is also just a matching failure and should be handled
the same way as %\0.

There's no indication of the reason for this "disgusting
backwards compatibility hacks" in the logs, given this
code made it into newlib before setting up the CVS repo.

Just handle these cases identically as matching failures.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2017-11-29 15:01:30 +01:00
Sebastian Huber 7dad0e441a stdio: Fix make rule override
The Makefile.am contained two rules for the vfwscanf object.

Signed-off-by: Sebastian Huber <sebastian.huber@embedded-brains.de>
2017-07-28 15:05:54 +02:00
Sebastian Huber d2e256a36a Enable _REENT_GLOBAL_STDIO_STREAMS for RTEMS
Signed-off-by: Sebastian Huber <sebastian.huber@embedded-brains.de>
2017-06-30 07:45:16 +02:00