newlib's vfwscanf(3) (or specifically, __SVFWSCANF_R()) fails to correctly set
the assignment-suppressing character (`*') flag[1] which, when present in the
formatting string, results in undefined behaviour comprising retrieving and
dereferencing a pointer that was not supplied by the caller as such or at all.
When compared to the vfscanf(3) implementation, this would appear to be over
the missing goto match_failure statement preceded by the flags test seen below.
Hence, this patch (re)introduces it.
[1] <http://pubs.opengroup.org/onlinepubs/009695399/functions/fwscanf.html>
--
This fix is for some platforms which do not have writev().
*perror.c: Use _write_r() instead of writev().
*psignal.c: Use write() insetad of writev().
Revise commit: d4f4e7ae1be1bcf8c021f2b0865aafc16b338aa3
Code path for _MB_CAPABLE scans for the '%' character and advances
'fmt' pointer past '%'. Code path for !_MB_CAPABLE leaved fmt pointing
to '%', which caused the state machine to go from START to DONE state
immediately.
Neither upstream FreeBSD nor glibc ever call fflush from ftell
and friends. In border cases it has the tendency to return
wrong or unexpected values, for instance on block devices.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Discard QUICKREF sections, rather than writing them to stderr
Discard MATHREF sections, rather than discarding as an error
Pass NOTES sections through to texinfo, rather than discarding as an error
Don't redirect makedoc stderr to .ref file
Remove makedoc output on error
Remove .ref files from CLEANFILES
Regenerate Makefile.ins
Signed-off-by: Jon Turney <jon.turney@dronecode.org.uk>
Old BSD bug: While ^ is recognized and the set of matching characters
is negated, the code neglects to increment the pointer pointing to the
matching characters. Thus, on a negation expression like %[^xyz], the
matching doesn't only stop at x, y, or z, but incorrectly also on ^.
Fix this by setting the start pointer after recognizing the ^.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
* vfscanf: per POSIX, if the target type is wchar_t, the width is
counted in (multibyte) characters, not in bytes.
* vfscanf: Handle UTF-8 multibyte sequences converted to surrogate
pairs on UTF-16 systems.
* vfwscanf: Don't count high surrogates in input against field width
counting. Per POSIX, input is
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
The width value keeps the maximum field width. This is the maximum
field width of the *input*. It's *never* to be used in conjunction
with the number of bytes or characters written to the output argument.
However, especially in vfwscanf, the code is partially taken from
NetBSD which erroneously subtracts the number of multibyte chars
written to the argument from the width variable, thus potentially
subtracting up to MB_CUR_MAX from width for a single character in
the input stream.
To make matters worse, the previous patch adding %m added basically
the same mistake for 'c' type input.
Fix it.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
* The new code is guarded with _WANT_IO_POSIX_EXTENSIONS, but
this is automatically enabled with _WANT_IO_C99_FORMATS for now.
* vfscanf neglects to implement %l[, so %ml[ is not implemented yet
either.
* Sidenote: vfwscanf doesn't allow ranges in %[ yet. Strictly this
is allowed per POSIX, but it differes from vfscanf as well as from
glibc.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
The special handling of %\0 in [w]scanf is flawed. It's just a
matching failure and should be handled as such. scanf also
fakes an int input value on %X with X being an invalid conversion
char. This is also just a matching failure and should be handled
the same way as %\0.
There's no indication of the reason for this "disgusting
backwards compatibility hacks" in the logs, given this
code made it into newlib before setting up the CVS repo.
Just handle these cases identically as matching failures.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
In Newlib, the stdio streams are defined to thread-specific pointers
_reent::_stdin, _reent::_stdout and _reent::_stderr. In case
_REENT_SMALL is not defined, then these pointers are initialized via
_REENT_INIT_PTR() or _REENT_INIT_PTR_ZEROED() to thread-specific FILE
objects provided via _reent::__sf[3]. There are two problems with this
(at least in case of RTEMS).
(1) The thread-specific FILE objects are closed by _reclaim_reent().
This leads to problems with language run-time libraries that provide
wrappers to the C/POSIX stdio streams (e.g. C++ and Ada), since they
use the thread-specific FILE objects of the initialization thread. In
case the initialization thread is deleted, then they use freed memory.
(2) Since thread-specific FILE objects are used with a common output
device via file descriptors 0, 1 and 2, the locking at FILE object level
cannot ensure atomicity of the output, e.g. a call to printf().
Introduce a new Newlib configuration option _REENT_GLOBAL_STDIO_STREAMS
to enable the use of global stdio FILE objects.
As a side-effect this reduces the size of struct _reent by more than
50%.
The _REENT_GLOBAL_STDIO_STREAMS should not be used without
_STDIO_CLOSE_PER_REENT_STD_STREAMS.
Signed-off-by: Sebastian Huber <sebastian.huber@embedded-brains.de>
Don't over-read memory returned by _DTOA_R, and never write to it
since the result might be a string literal.
For example, when doing:
swprintf(tt, 20, L"%.*f", 6, 0.0);
we will get back "0".
Instead, write the result returned by _DTOA_R to the output buffer.
After this, write the 0 chars directly to the the output buffer
(if there are any). This also has the (marginal) advantage that
we read/write less memory overall.
Some architectures like ARM encode the short enum option state in the
object file and the linker checks that this option is consistent for all
objects of an executable. In case applications use -fno-short-enums,
then this leads to linker warnings. Use the enum __packed attribute for
the relevent enums to avoid the -fshort-enums compiler option. This
attribute is at least available on GCC, LLVM/clang and the Intel
compiler.
Signed-off-by: Sebastian Huber <sebastian.huber@embedded-brains.de>
In preparation for the patch that would allow retargeting of locking
routines, rename all lock objects to follow this pattern:
"__<name>_[recursive_]mutex".
Following locks were renamed:
__dd_hash_lock -> __dd_hash_mutex
__sfp_lock -> __sfp_recursive_mutex
__sinit_lock -> __sinit_recursive_mutex
__atexit_lock -> __atexit_recursive_mutex
_arc4random_mutex -> __arc4random_mutex
__env_lock_object -> __env_recursive_mutex
__malloc_lock_object -> __malloc_recursive_mutex
__atexit_mutex -> __at_quick_exit_mutex
__tz_lock_object -> __tz_mutex