Also simplify trivial one-liners like perror/puts/fputs, and clean up
fread/fwrite slightly.
Fix perror to match POSIX.
Add basic perror and *_unlocked tests.
Bug: N/A
Test: ran tests
Change-Id: I63f83c8e0c15c3c4096509d17421ac331b6fc23d
Move all the new checks over to the existing __fortify_fatal.
Bug: http://b/67455242
Test: ran tests
Change-Id: Idb899c58c32d52d3b423caf1a91feb7defcba9b3
Applications fopening files and then blindly trying to read are
widespread, leading to a recurring problem of SELinux tightening
resulting in segfaults. Add a friendly diagnostic for this case.
Bug: http://b/67455242
Test: bionic-unit-tests32/64 on sailfish
Change-Id: I1734fa94487c4eff9b55a02c6b01baf6b265d236
Implement __freading and __fwriting, and clarify the documentation that was
the cause of these not being implemented for years.
Bug: http://b/17157253
Test: ran tests
Change-Id: I89542c8131b13889e2585417a024050ecf2abcb7
We've never really used __restrict: only <string.h> and <stdio.h> (which
are still very similar to upstream BSD headers) consistently have these
annotations. Neither clang nor GCC warns for trivial cases, and there's
little obvious documentation benefit.
Bug: http://b/30833514
Test: builds
Change-Id: I3e4384281865475d0c55d764b546d8166419ee31
"Although not explicitly required by this volume of POSIX.1-2008, a good
implementation of append (a) mode would cause the O_APPEND flag to be set."
Yeah, about that...
Bug: N/A
Test: ran tests
Change-Id: I23c4bc5c1ebc92e0cb44025d2d313f321f9ffa68
This library is used by a number of different libraries in the system.
Make it easy for platform libraries to use this library and create
an actual exported include file.
Change the names of the functions to reflect the new name of the library.
Run clang_format on the async_safe_log.cpp file since the formatting is
all over the place.
Bug: 31919199
Test: Compiled for angler/bullhead, and booted.
Test: Ran bionic unit tests.
Test: Ran the malloc debug tests.
Change-Id: I8071bf690c17b0ea3bc8dc5749cdd5b6ad58478a
This patch adds clang-style FORTIFY to Bionic. For more information on
FORTIFY, please see https://goo.gl/8HS2dW . This implementation works
for versions of clang that don't support diagnose_if, so please see the
"without diagnose_if" sections. We plan to swap to a diagnose_if-based
FORTIFY later this year (since it doesn't really add any features; it
just simplifies the implementation a lot, and it gives us much prettier
diagnostics)
Bug: 32073964
Test: Builds on angler, bullhead, marlin, sailfish. Bionic CTS tests
pass on Angler and Bullhead.
Change-Id: I607aecbeee81529709b1eee7bef5b0836151eb2b
This wasn't an array of pointers, it was an array of structs.
Unfortunately we need a complete type to index into the struct for
stdin/stdout/stderr, so add a phony struct that matches the size and
alignment of `struct __sFILE`. This property is guaranteed by the
static_asserts in libc/bionic/struct_file_test.cpp.
Test: mma
Bug: http://b/30465923
Change-Id: I8ce851dd64a261703bb44f9b5cd23b7caff4dd68
We need to make a clearer distinction for bionic on the host. This patch
doesn't fully address things like "should host bionic try to talk to netd?"
for now, but is a step in the right direction.
Bug: http://b/31559095
Test: bionic tests.
Change-Id: I49812f8b75d9d78c4fd8a8ddf5df1201d63771d6
The parsefloat routines -- which let us pass NaNs and infinities on to
strto(f|d|ld) -- come from NetBSD.
Also fix LP64's strtold to return a NaN, and fix all the architectures
to return quiet NaNs.
Also fix wcstof/wcstod/wcstold to use parsefloat so they support hex
floats.
Lots of new tests.
Bug: http://b/31101647
Change-Id: Id7d46ac2d8acb8770b5e8c445e87cfabfde6f111
This assumes that it's more likely we're unlinking a file than a directory,
though even if that's not true, as long as a failed unlink(2) is cheaper
than a successful lstat(2) -- which seems likely since there's no data to
copy -- we still win.
Change-Id: I0210e9cd3d31b8cf1813c55c810262ef327382ed
Our fopen/freopen/tmpfile are already always O_LARGEFILE, but let's add
the aliases for _LARGEFILE_SOURCE compatibility.
Bug: http://b/24807045
Change-Id: I5d99b3ef3c9f27ce70f13313f6a92e96c7f21f80
This also lets us test the EOVERFLOW behavior, which pointed out that the
fgetpos/fsetpos return on failure has always been wrong...
Bug: http://b/24807045
Change-Id: I35273eb07c8c9155af858adb27569983397580b6
Move fdopen/fopen/freopen and change them to initialize _seek64 instead
of the legacy _seek. The in-memory streams can stick with _seek for now,
since you're not going to fit a > 4GiB in-memory stream on a 32-bit device
anyway.
Bug: http://b/24807045
Change-Id: I09dcb426817b571415ce24d4d15f364cdda395b3
The first rule of stdio is you never change struct FILE. This broke all
NDK-built apps that used stdin/stdout/stderr. (Which is more than you
might think, given that those streams don't go anywhere useful. Svelte!)
I've added a big code comment because I knew when I removed the field that
doing so was a mistake, but I couldn't think why.
Bug: http://b/24807045
Bug: http://b/26747402
Change-Id: Ie1233586b223bb1cdf8e354c66d5ff23487a833a
BSD doesn't invalidate the fd stored in struct FILE, which can make
it possible (via fileno(3), for example), to perform operations on
an fd you didn't intend to (rather than just failing with EBADF).
Fixing this makes the code slightly simpler anyway, and might help
catch bad code before it ships.
Bug: http://stackoverflow.com/questions/10816837/fclose-works-differently-on-android-and-linux
Change-Id: I9db74584038229499197a2695c70b58ed0372a87
Previously only clang was happy. GCC said:
error: missing initializer for field 'wcio_mbstate_in' of 'struct wchar_io_data'
Change-Id: I25a11b64f4dfa22a5dd5daded152191fe2cfacaf
This reverts commit c8bae05f3f.
We were breaking init (ueventd) because we initialize system properties
before we initialize stdio. The new system property implementation uses
stdio to read from /property_contexts, so we end up touching stdio data
structures before they've been initialized.
This second attempt takes things further by removing the stdio initialization
function altogether. The data structures for stdin/stdout/stderr can be
statically initialized as data, and -- since we already had to give the
atexit implementation a backdoor for stdio -- we can just admit that we
need to clean up stdio, and that we always do so last.
This patch also removes the 17 statically pre-allocated file structures,
so the first fopen will now allocate a block of 10 (the usual overflow
behavior). I did this just to make my life simpler, but it's not actually
necessary to remove it if we want it back.
Change-Id: I936b2eb5e88e4ebaf5516121872b71fc88e5609c
This reverts commit 4371961e00.
This broke booting; ueventd crashes with a null pointer dereference
somewhere in __sfp (but the kernel doesn't unwind, so I don't know
what was calling __sfp).
Change-Id: I65375fdfdf1d339a06558b4057b580cacd6324e2
It is reported by tsan that funlockfile() can unlock an unlocked mutex.
It happens when printf() is called before fopen() or other stdio stuff.
As FLOCKFILE(fp) is called before __sinit(), _stdio_handles_locking is false,
and _FLOCK(fp) will not be locked. But then cantwrite(fp) in __vfprintf()
calls__sinit(), which makes _stdio_handles_locking become true, and
FUNLOCKFILE(fp) unlocks _FLOCK(fp).
Change _stdio_handles_locking into _caller_handles_locking,
so __sinit() won't change its value. Add test due to my previous fault.
Bug: 25392375
Change-Id: I483e3c3cdb28da65e62f1fd9615bf58c5403b4dd
gcov does writes after reads on the same stream, but the bulk read optimization
was clobbering the FILE _flags, causing fwrite to fail.
Bug: 19129055
Change-Id: I9650cb7de4bb173a706b502406266ed0d2b654d7
The old __isthreaded hack was never very useful on Android because all user
code runs in a VM where there are lots of threads running. But __fsetlocking
lets a caller say "I'll worry about the locking for this FILE*", which is
useful for the normal case where you don't share a FILE* between threads
so you don't need any locking.
Bug: 17154740
Bug: 18593728
Change-Id: I2a8dddc29d3edff39a3d7d793387f2253608a68d
bionic/libc/stdio/fread.c:86:27: error: comparison of integers of different signs: 'int' and 'size_t' (aka 'unsigned int') [-Werror,-Wsign-compare]
Change-Id: Ia7e1e053e0cb13113e8f2eede820be013acbab82
This is correctness rather than performance, but found while investigating
performance.
Bug: 18593728
Change-Id: Idbdfed89d1931fcfae65db29d662108d4bbd9b65
This makes us competitive with glibc for fully-buffered and unbuffered reads,
except in single-threaded situations where glibc avoids locking, but since
we're never really single-threaded anyway, that isn't a priority.
Bug: 18593728
Change-Id: Ib776bfba422ccf46209581fc0dc54f3567645b8f
stdin/stdout/stderr are special; their mutexes are initialized by
__sinit. There's no unit test for this, because __sinit has already
been called by the time the first unit test runs, but you could
reproduce this failure with a trivial main() that calls flockfile
or ftrylockfile on one of the standard streams before otherwise
using stdio.
Bug: 18208568
Change-Id: I28d232cf05a9f198a2bed61854d8047b23d2091d
Various C and C++ standards explicitly say that stdin/stdout/stderr
should be macros, but glibc makes them global variables too. This
means it's possible to write code that uses those names as locals,
but that code (toybox being an example) won't build on bionic.
If we'd done this earlier, we could have hidden __sF for LP64, but
it's too late now.
Change-Id: I90cf8c73f52b66e1760b8fa2e135b9f9f9651230
Keeps a variety of apps running.
(cherry-pick of 5def2f5aecd968e4022b0afbe4441fa7ba3e7c7e.)
Bug: 17047819
Change-Id: I55882ec95f2b59a5df76e5a89c23aa315609e01d
The LP64 has a duplicate copy of part of stdio, and relies
on bionic supplying this part. We should remove the hack from
the NDK, at least for LP64, and then revert this.
Bug: 15291317
Change-Id: I75e06e130188ca0aeb9d50dfe3a3e48a1d3968b7
The NDK apparently includes an android_support.a library that
refers to __srefill in its copy of the vsnprintf implementation.
Bug: 15249361
Change-Id: Ic2cf6f21290b3146c42fbe0624f5e4d54f6194b4
Anthony King <anthonydking@slimroms.net> reports that for Grouper the
Nvidia GL blobs need access to __swbuf. This is because the old <stdio.h>
had inline getc and putc implementations that directly referred to these
symbols.
Change-Id: I11a7b5550018ecc93d8f195c99857759669b2906
I've left __sF exposed since that's how the OpenBSD stdin, stdout, stderr
are implemented. Other BSDs and glibc use a separate global for each instead
of an array.
Bug: 11156955
Change-Id: I9f3d2d4314a8d4a78c3197b9acd9258820c5f150
I cleaned up most of our warnings last week but forgot to turn on -Werror,
so of course we're getting new warnings already. I've left -Werror commented
out in those places where we still have warnings to deal with before we can
turn on -Werror.
Change-Id: Ia58ff8b8c1ada4bf81eec6f19ec1d34e133cf4b1
* Register cleanup function with atexit
instead of calling it explicitly on
exit()
* abort() no longer calls _cleanup:
Flushing stdio buffers on abort is no
longer required by POSIX.
* dlmalloc no longer need to reset cleanup
(see above)
* Upstream findfp.c makebuf.c setvbuf.cexit.c
to openbsd versions.
Bug: 14415367
Change-Id: I277058852485a9d3dbb13e5c232db5f9948d78ac
This also gets us the C99 wcstoimax and wcstoumax, and a working fgetwc and
ungetwc, all of which are needed in the implementation.
This also brings several other files closer to upstream.
Change-Id: I23b025a8237a6dbb9aa50d2a96765ea729a85579
Also move isinf and isnan into libc like everyone else.
Also move fpclassify to libc like the BSDs (but unlike glibc). We need
this to be able to upgrade our float/double/long double parsing to gdtoa.
Also add some missing aliases. We now have all of:
isnan, __isnan, isnanf, __isnanf, isnanl, __isnanl,
isinf, __isinf, isinff, __isinff, isinfl, __isinfl,
__fpclassify, __fpclassifyd, __fpclassifyf, __fpclassifyl.
Bug: 13469877
Change-Id: I407ffbac06c765a6c5fffda8106c37d7db04f27d
Currently in bionic free and freedtoa are equivalent, but that's not true
of gdtoa. This makes it easier to test gdtoa without having to replace
everything. (Yes, I found this bug the hard way.)
Change-Id: I290823a2a0a83329def5f2719b349215ad0dbbde
printf("%1$s %1$s\n", "test");
would print garbage instead of the second "test". The problem is __find_arguments
and the patch is a backport of two patches from OpenBSD that fix the issue:
Author: tedu <tedu@cvs.openbsd.org>
Date: Sat Apr 29 23:00:24 2006 +0000
check mmap for failure. the helper functions using it return -1, but
callers do not yet check since printf() for example is not documented
to return an error.
some formatting cleanups.
mostly ok deraadt millert
Author: millert <millert@cvs.openbsd.org>
Date: Fri May 16 14:28:54 2008 +0000
C99 says that for each va_copy() there must be a matching va_end().
Replace the non-portable hackery in __find_arguments() with a union.
From FreeBSD.
Change-Id: I6ea392ce6fcf4a319ae6a67ec58cc52fe7cbe534
Signed-off-by: Alexander Ivchenko <alexander.ivchenko@intel.com>
There are only three users of bionic definition of ALIGN and keeping it
in sys/param.h polutes the namespace.
I inline the definition in the the three places that's used.
Bug: 13400663
Change-Id: I565008e8426c38ffb07422f42cd8e547d53044e9
Also neuter __isthreaded.
We should come back to try to hide struct FILE's internals for LP64.
Bug: 3453512
Bug: 3453550
Change-Id: I7e115329fb4579246a72fea367b9fc8cb6055d18
Also undo some of the mess where we have OpenBSD <stdio.h> but a mix of
different BSD's implementations.
In this first pass, I've only moved easy OpenBSD stuff.
Change-Id: Iae67b02cde6dba9d8d06fedeb53efbfdac0a8cf6
The x86_64 build was failing because clone.S had a call to __thread_entry which
was being added to a different intermediate .a on the way to making libc.so,
and the linker couldn't guarantee statically that such a relocation would be
possible.
ld: error: out/target/product/generic_x86_64/obj/STATIC_LIBRARIES/libc_common_intermediates/libc_common.a(clone.o): requires dynamic R_X86_64_PC32 reloc against '__thread_entry' which may overflow at runtime; recompile with -fPIC
This patch addresses that by ensuring that the caller and callee end up in the
same intermediate .a. While I'm here, I've tried to clean up some of the mess
that led to this situation too. In particular, this removes libc/private/ from
the default include path (except for the DNS code), and splits out the DNS
code into its own library (since it's a weird special case of upstream NetBSD
code that's diverged so heavily it's unlikely ever to get back in sync).
There's more cleanup of the DNS situation possible, but this is definitely a
step in the right direction, and it's more than enough to get x86_64 building
cleanly.
Change-Id: I00425a7245b7a2573df16cc38798187d0729e7c4
This was causing conflicting declarations for the library definitions of
common functions like sprintf(), snprintf(), and strchr().
Change-Id: I5daaa8a58183aa0d4d0fae8a7cb799671810f576
Found by adapting the simple unit tests for libc logging to test
snprintf too. Fix taken from upstream OpenBSD without updating
the rest of stdio.
Change-Id: Ie339a8e9393a36080147aae4d6665118e5d93647
Yet another archaic relic containing bugs that had been fixed years before the
Android project even started...
Bug: 9935113
Change-Id: I3c9d019a216efd609ee568cf8c70bc360f357403
* A dlmalloc usage error shouldn't call abort(3) because we want to
cause a SIGSEGV by writing the address dlmalloc didn't like to an
address the kernel won't like, so that debuggerd will dump the
memory around the address that upset dlmalloc.
* Switch to the simpler FreeBSD/NetBSD style of registering stdio
cleanup. Hopefully this will let us simplify more of the stdio
implementation.
* Clear the stdio cleanup handler before we abort because of a dlmalloc
corruption error. This fixes the reported bug, where we'd hang inside
dlmalloc because the stdio cleanup reentered dlmalloc.
Bug: 9301265
Change-Id: Ief31b389455d6876e5a68f0f5429567d37277dbc
Define the macros ACCESSPERMS, ALLPERMS and DEFFILEMODE.
These macros originates from BSD but has been available in glibc
for quite some time.
Change-Id: I429cd30aa4e73f53b153ee7740070cebba166c57
I'll need at least one more pass, because there's some upstream code
lurking in libc/bionic, but this is still a step in the right direction.
Change-Id: I55927315972da8327ae01c5240ed587db17e8462
