Before commit 44f73c5a6206 ("Cygwin: Fix segfalt when too many command
line args are specified.") we had no actual argument size limit, except
for the fact that the child process created another copy of the argv
array on the stack, which could result in a stack overflow and a
subsequent SEGV. Commit 44f73c5a6206 changed that by allocating the
additional argv array via malloc, and it introduced a new SC_ARG_MAX
limit along the lines of the typical Linux limit.
However, this new limit is artificial. Cygwin allocates all argument
and environment data on the cygheap. We only run out of ARG_MAX space
if we're out of memory resources.
Change argument size handling accordingly:
- Drop the args size check from child_info_spawn::worker.
- Return -1 from sysconf (SC_ARG_MAX), i. e., the argument size limit
is undefined.
- Change argv handling in class av, so that a failing cmalloc is not
fatal. This allows the parent process to return E2BIG if it's out
of cygheap resources.
- In the child, add a check around the new malloc call, so that it
doesn't result in a SEGV if the child process gets unexpectedly into
an ENOMEM situation at this point. In this (unlikely) case, proceed
with the original __argv array instead. Add comment to explain why.
Fixes: 44f73c5a6206 ("Cygwin: Fix segfalt when too many command line args are specified.")
Tested-by: Takashi Yano <takashi.yano@nifty.ne.jp>
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Previously, the number of command line args was not checked for
cygwin process. Due to this, segmentation fault was caused if too
many command line args are specified.
https://cygwin.com/pipermail/cygwin/2023-August/254333.html
Since char *argv[argc + 1] is placed on the stack in dll_crt0_1(),
STATUS_STACK_OVERFLOW occurs if the stack does not have enough
space.
With this patch, char *argv[] is placed in heap instead of stack
and ARG_MAX is increased from 32000 to 2097152 which is default
value of Linux. The argument length is also compared with ARG_MAX
and spawnve() returns E2BIG if it is too long.
Reported-by: Ed Morton
Reviewed-by: Corinna Vinschen <corinna@vinschen.de>
Signed-off-by: Takashi Yano <takashi.yano@nifty.ne.jp>
After the commit fbfea31dd9b9, switch_to_nat_pipe is not cleared
properly when non-cygwin app is terminated in the case where the
pseudo console is disabled. This is because get_winpid_to_hand_over()
sometimes returns PID of cygwin process even though it should return
only PID of non-cygwin process. This patch fixes the issue by adding
a new argument which requests only PID of non-cygwin process to
get_console_process_id().
Fixes: fbfea31dd9b9 ("Cygwin: pty: Avoid cutting the branch the pty master is sitting on.")
Signed-off-by: Takashi Yano <takashi.yano@nifty.ne.jp>
After the commit 93508e5bb841, the access permissions argument passed
to open_shared() is ignored and always replaced with (FILE_MAP_READ |
FILE_MAP_WRITE). This causes the weird behaviour that sshd service
process loses its cygwin PID. This triggers the failure in pty that
transfer_input() does not work properly.
This patch resumes the access permission settings to fix that.
Fixes: 93508e5bb841 ("Cygwin: open_shared: don't reuse shared_locations parameter as output")
Reviewed-by: Corinna Vinschen <corinna@vinschen.de>
Signedd-off-by: Takashi Yano <takashi.yano@nifty.ne.jp>
The commit 10d083c745dd has a bug that lacks a check for pinfo pointer
value for master_pid. This causes segmentation fault if the process
whose pid is master_pid no longer exists. This patch fixes the issue.
Fixes: 10d083c745dd ("Cygwin: pty: Inherit typeahead data between two input pipes.")
Signed-off-by: Takashi Yano <takashi.yano@nifty.ne.jp>
As described in the previous commit b5111e46424b
("struct _reent: add state for unicode functions") every unicode
conversion function has to use their own state object, if the
state parameter is NULL.
Fixes: 4f258c55e87f ("Cygwin: Add ISO C11 functions c16rtomb, c32rtomb, mbrtoc16, mbrtoc32.")
Fixes: c49bc478b4a7 ("Cygwin: Add ISO C2X functions c8rtomb, mbrtoc8")
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Commit 3c75fac130b5 fixed the __restrict definition in sys/cdefs.h,
but uncovered a problem in the definition of lio_listio in Cygwin's
aio.h. It uses the C99 extension of using the restrict keyword
to define non-overlapping arrays. However, this is not allowed in
C++.
Use the newly defined __restrict_arr from commit e66c63be6b80
("sys/cdefs.h: introduce __restrict_arr, as in glibc")
Fixes: 3c75fac130b5 ("sys/cdefs.h: fix for use __restrict in C++"
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Previously, though readahead buffer handling in pty master was not
fully thread-safe, accept_input() was called from peek_pipe() thread
in select.cc. This caused the problem reported in:
https://cygwin.com/pipermail/cygwin/2023-July/253984.html
The mechanism of the problem is:
1) accept_input() which is called from peek_pipe() thread calls
eat_readahead(-1) before reading readahead buffer. This allows
writing to the readahead buffer from another (main) thread.
2) The main thread calls fhandler_pty_master::write() just after
eat_readahead(-1) was called and before reading the readahead
buffer by accept_input() called from peek_pipe() thread. This
overwrites the readahead buffer.
3) The read result from readahead buffer which was overwritten is
sent to the slave.
This patch makes readahead buffer handling fully thread-safe using
input_mutex to resolve this issue.
Fixes: 7b03b0d8cee0 ("select.cc (peek_pipe): Call flush_to_slave whenever we're checking for a pty master.")
Reported-by: Thomas Wolff <towo@towo.net>
Signed-off-by: Takashi Yano <takashi.yano@nifty.ne.jp>
Per C++11, uchar16_t and uchar32_t are defined the same as
uint_least16_t and uint_least32_t. Also, check for the C++
version to make sure that the types are not colliding with
predefined c++ types.
Fixes: 4f258c55e87f ("Cygwin: Add ISO C11 functions c16rtomb, c32rtomb, mbrtoc16, mbrtoc32.")
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
After the commit a4705d387f78, printf() for floating-point values
causes a memory leak. The legacy _ldtoa_r() assumed the char pointer
returned will be free'ed by Bfree(). However, gdtoa-based _ldtoa_r()
returns the pointer returned by gdtoa() which should be free'ed by
freedtoa(). Due to this issue, the caller of _ldtoa_r() fails to free
the allocated char buffer. This is the cause of the said memory leak.
https://cygwin.com/pipermail/cygwin/2023-July/254054.html
This patch makes rv_alloc()/freedtoa() allocate/free the buffer in
a compatible way with legacy _ldtoa_r().
Fixes: a4705d387f78 ("ldtoa: Import gdtoa from OpenBSD.")
Reported-by: natan_b <natan_b@libero.it>
Reviewed-by: Corinna Vinschen <corinna@vinschen.de>
Signed-off-by: Takashi Yano <takashi.yano@nifty.ne.jp>
The FD_WRITE event is a false friend. It indicates ready to write
even if the next send fails with WSAEWOULDBLOCK. *After* the fact,
FD_WRITE will be cleared until sending is again possible, but that
is too late for a select/write loop.
Workaround that by using the WinSock select function when peeking
at a socket and FD_WRITE gets indicated. WinSock select fortunately
indicates writability correctly.
Fixes: 70e476d27be8 ("(peek_socket): Use event handling for peeking socket.")
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
This macro loads and defines a function just as usual, except
that the Windows function is exposed only with the prefix
_win32_. So Windows select (the immediate victim) is only
exposed as _win32_select. That allows to autoload the windows
function without collision with a Cygwin function of the same
name.
For a start, only define the most simple macro, setting all
extensions to 0.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Add uchar.h accordingly.
For the c32 functions, use the internal functions wirtomb and mbrtowi
as base, and convert wirtomb and mbrtowi to inline functions calling
the c32 functions.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
The changes to support GB18030 were insufficient and the underlying
Windows conversion functions just failed. Fix how the Windows functions
are called for GB18030.
Fixes: 5da71b605995 ("Cygwin: add support for GB18030 codeset")
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Commit c743751aafa84 ("Cygwin: Export
posix_spawn_file_actions_add{f}chdir_np")
added two new functions but we forgot to bump the API version.
Catch up.
Fixes: c743751aafa84 ("Cygwin: Export posix_spawn_file_actions_add{f}chdir_np")
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Commit c36064bbd0c5 introduced operating on character pointers
instead of operating on characters, to allow collating symbols.
This patch neglected to change the expression for range
comparison in case we're in the C locale. Thus it suddenly
compared pointers instead of characters. Fix that.
Fixes: c36064bbd0c5 ("Cygwin: fnmatch: support collating symbols in [. .] brackets")
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
The extended _NL_foo names were originally designed after their GLibc
counterparts. However, the OUTDIGIT macros were accidentally defined as
OUTDIGITS, plural. Fix them.
Fixes: d47d5b850bed ("Extend locale support to maintain wide char values of native strings")
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
The GLIBC extension AT_EMPTY_PATH allows the functions fchownat
and fstatat to operate on dirfd alone, if the given pathname is an
empty string. This also allows to operate on any file type, not
only directories.
Commit fa84aa4dd2fb4 broke this. It only allows dirfd to be a
directory in calls to these two functions.
Fix that by handling AT_EMPTY_PATH right in gen_full_path_at.
A valid dirfd and an empty pathname is now a valid combination
and, noticably, this returns a valid path in path_ret. That
in turn allows to remove the additional path generation code
from the callers.
Fixes: fa84aa4dd2fb ("Cygwin: fix errno values set by readlinkat")
Reported-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Tested-by: Johannes Schindelin <Johannes.Schindelin@gmx.de>
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Convert gen_full_path_at to take flag values from the caller, rather
than just a bool indicating that empty paths are allowed. This is in
preparation of a better AT_EMPTY_PATH handling in a followup patch.
Reviewed-by: Johannes Schindelin <Johannes.Schindelin@gmx.de>
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
The check if the local variable p is NULL is useless. The preceeding
code always sets p to a valid pointer, or it crashes if path_ret is
invalid (which would be a bug in Cygwin).
Fixes: c57b57e5c43a ("* cygwin.din: Sort.")
Reviewed-by: Johannes Schindelin <Johannes.Schindelin@gmx.de>
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
When creating the POSIX ACL rewrite, the code merging permissions from
everyone/group to group/user ACEs was accidentally called for newly
generated files as well.
This could result in broken permissions, if umask used unusual values
like "0100", granted permissions to everyone/group not granted to
group/user.
Make sure to skip permission merging if the file got just created and
we only want to set correct permissions for the first time.
Fixes: bc444e5aa4ca ("Reapply POSIX ACL changes.")
Reported-by: Jon Turney <jon.turney@dronecode.org.uk>
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Move strace output to fix uninitalized use of fh introduced in previous commit.
../../../../src/winsup/cygwin/syscalls.cc: In function ‘int stat_worker(path_conv&, stat*)’:
../../../../src/winsup/cygwin/syscalls.cc:1971:69: error: ‘fh’ may be used uninitialized [-Werror=maybe-uninitialized]
Fixes: 42b44044b34d ("Cygwin: Fix Windows file handle leak in stat("file", -1)")
Signed-off-by: Jon Turney <jon.turney@dronecode.org.uk>
Don't leak a Windows file handle if stat() is called with a valid
filename, but invalid stat buffer pointer.
We do not destroy fh (which closes a Windows handle it has opened) if an
exception happens in the __try block.
Avoid this by re-ordering things so that we don't construct the fhandler
object until after we've attempted to use the struct stat buffer.
Fixes: 73151c54d581 ("syscalls.cc (stat_worker): Don't call build_fh_pc with invalid pc.")
Signed-off-by: Jon Turney <jon.turney@dronecode.org.uk>
Starting with commit 42faed412857 ("* thread.h (class pthread): Add bool
member canceled."), pthread::testcancel waits infinitely on cancel_event
after it checked if the canceled variable is set. However, this might
introduce a deadlock, if the thread calling pthread_cancel is terminated
after setting canceled to true, but before calling SetEvent on cancel_event.
In fact, it's not at all necessary to wait infinitely. By definition,
the thread is only canceled if cancel_event is set. The canceled
variable is just a helper to speed up code. We can safely assume that
the thread hasn't been canceled yet, if canceled is set, but cancel_event
isn't.
Fixes: 42faed412857 ("* thread.h (class pthread): Add bool member canceled.")
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Add back the restoration of signal handlers modified during system() on
thread cancellation.
Removed in 3cb9da14 which describes it as 'ill-conceived' (additional
context doesn't appear to be available).
We use the internal implementation helpers for the pthread cleanup
chain, so we can neatly tuck it inside the object, and keep the point
when we restore the signal handlers the same. (The
pthread_cleanup_push/pop() functions are implemented as macros which
must appear in the same lexical scope.)
Fixes: 3cb9da14617c ("Put signals on hold and use system_call_cleanup
class to set and restore signals rather than doing it prior to to
running the program. Remove the ill-conceived pthread_cleanup stuff.")
Signed-off-by: Jon Turney <jon.turney@dronecode.org.uk>
Take note of schedparam in any pthread_attr_t passed to pthread_create.
postcreate() (racily, after the thread is actually created), sets the
scheduling priority if it's inherited, but precreate() doesn't store any
scheduling priority explicitly set via a non-default attr to
pthread_create, so schedparam.sched_priority has the default value of 0.
(I think this is another long-standing bug exposed by 4b51e4c1. Now we
don't lie about the actual thread priority, it's apparent it's not
really being set in this case.)
Fixes testcase priority2.
Signed-off-by: Jon Turney <jon.turney@dronecode.org.uk>
Do some setup in the Cygwin 'installation' at testsuite/testinst/:
* Ensure /tmp exists
* Use BusyBox to provide executables needed by tests which use system()
(sh, sleep, ls)
This enables tests which use system(), or require /tmp to exist to pass.
Signed-off-by: Jon Turney <jon.turney@dronecode.org.uk>
The current version of <sys/cpuset.h> cannot be compiled by Clang due to
the use of builtin versions of malloc, free, and memset. Their presence
here was a dubious optimization anyway, so their usage has been
converted to standard library functions.
The use of __builtin_popcountl remains because Clang implements it just
like gcc does. If/when some other compiler (Rust? Go?) runs into this
issue we can deal with specialized handling then.
The "#include <sys/cdefs>" here to define __inline can be removed since
both of the new includes sub-include it.
Addresses: https://cygwin.com/pipermail/cygwin/2023-July/253927.html
Fixes: 9cc910dd33a5 (Cygwin: Make <sys/cpuset.h> safe for c89 compilations)
Signed-off-by: Mark Geisert <mark@maxrnd.com>
While st_rdev returned by fstat() for /dev/tty should be FH_TTY,
the current cygwin1.dll returns FH_PTYS+minor or FH_CONS+minor.
Similarly, fstat() does not return correct value for /dev/console,
/dev/conout, /dev/conin or /dev/ptmx.
This patch fixes the issue by:
1) Introduce dev_referred_via in fhandler_termios.
2) Add new argument, which has dev_t value referred by open(),
for constructors of fhandler_pty_slave and fhandler_pty_master to
set the value of dev_referred_via.
3) Set st_rdev using dev_referred_via in fhandler_termios::fstat()
if it is available.
Reviewed-by: Corinna Vinschen <corinna@vinschen.de>
Signed-off-by: Takashi Yano <takashi.yano@nifty.ne.jp>
As reported in
https://cygwin.com/pipermail/cygwin/2023-June/253888.html,
"Bad address" error occurs when stat() is called after the commit
3721a756b0d8 ("Cygwin: console: Make the console accessible from
other terminals.").
There are two problems in the current code. One is fhandler_console::
fstat() calls get_ttyp()->getsid(). However, fh_alloc() in dtable.cc
omits to initialize the fhandler_console instance when stat() is
called. Due to this, get_ttyp() returns NULL and access violation
occurs. The other problem is fh_alloc() assigns fhandler_console
even if the CTTY is not a console. So the first problem above occurs
even if the CTTY is a pty.
This patch fixes the issue by:
1) Call set_unit() to initialize _tc if the get_ttyp() returns NULL.
2) Assign fhandler_pty_slave for /dev/tty if CTTY is a pty in fh_alloc().
Fixes: 3721a756b0d8 ("Cygwin: console: Make the console accessible
from other terminals.").
Fixes: 23771fa1f7028 ("dtable.cc (fh_alloc): Make different decisions
when generating fhandler for not-opened devices. Add kludge to deal
with opening /dev/tty.")
Reported-by: Bruce Jerrick <bmj001@gmail.com>
Reviewed-by: Corinna Vinschen <corinna@vinschen.de>
Signed-off-by: Takashi Yano <takashi.yano@nifty.ne.jp>
Four modifications to include/sys/cpuset.h:
* Change C++-style comments to C-style also supported by C++
* Change "inline" to "__inline" on code lines
* Add "#include <sys/cdefs.h>" to make sure __inline is defined
* Don't declare loop variables on for-loop init clauses
Tested by first reproducing the reported issue with home-grown test
programs by compiling with gcc option "-std=c89", then compiling again
using the modified <sys/cpuset.h>. Other "-std=" options tested too.
Addresses: https://cygwin.com/pipermail/cygwin-patches/2023q3/012308.html
Fixes: 315e5fbd99ec ("Cygwin: Fix type mismatch on sys/cpuset.h")
Signed-off-by: Mark Geisert <mark@maxrnd.com>
Currently, _my_tls.tid is set to pthread_null if pthread::self()
is called before pthread::init_mainthread(). As a result, pthread::
init_mainthread() does not set _my_tls.tid appropriately. Due to
this, pthread_join() fails in LDAP environment if the program is
the first program which loads cygwin1.dll.
https://cygwin.com/pipermail/cygwin/2023-June/253792.html
With this patch, _my_tls.tid is re-initialized in pthread::
init_mainthread() if it is pthread_null.
Reported-by: Mümin A. <muminaydin06@gmail.com>
Reviewed-by: Corinna Vinschen <corinna@vinschen.de>
Signed-off-by: Takashi Yano <takashi.yano@nifty.ne.jp>
In test for AMD/Intel Control flow Enforcement Technology user mode
shadow stack support replace Windows version tests with test of wincap
member addition has_user_shstk with Windows version dependent value
Fixes: 41fdb869f998 ("fhandler/proc.cc(format_proc_cpuinfo): Add Linux 6.3 cpuinfo")
Signed-off-by: Brian Inglis <Brian.Inglis@Shaw.ca>