This patch adds clang-style FORTIFY to Bionic. For more information on
FORTIFY, please see https://goo.gl/8HS2dW . This implementation works
for versions of clang that don't support diagnose_if, so please see the
"without diagnose_if" sections. We plan to swap to a diagnose_if-based
FORTIFY later this year (since it doesn't really add any features; it
just simplifies the implementation a lot, and it gives us much prettier
diagnostics)
Bug: 32073964
Test: Builds on angler, bullhead, marlin, sailfish. Bionic CTS tests
pass on Angler and Bullhead.
Change-Id: I607aecbeee81529709b1eee7bef5b0836151eb2b
This wasn't an array of pointers, it was an array of structs.
Unfortunately we need a complete type to index into the struct for
stdin/stdout/stderr, so add a phony struct that matches the size and
alignment of `struct __sFILE`. This property is guaranteed by the
static_asserts in libc/bionic/struct_file_test.cpp.
Test: mma
Bug: http://b/30465923
Change-Id: I8ce851dd64a261703bb44f9b5cd23b7caff4dd68
We need to make a clearer distinction for bionic on the host. This patch
doesn't fully address things like "should host bionic try to talk to netd?"
for now, but is a step in the right direction.
Bug: http://b/31559095
Test: bionic tests.
Change-Id: I49812f8b75d9d78c4fd8a8ddf5df1201d63771d6
The parsefloat routines -- which let us pass NaNs and infinities on to
strto(f|d|ld) -- come from NetBSD.
Also fix LP64's strtold to return a NaN, and fix all the architectures
to return quiet NaNs.
Also fix wcstof/wcstod/wcstold to use parsefloat so they support hex
floats.
Lots of new tests.
Bug: http://b/31101647
Change-Id: Id7d46ac2d8acb8770b5e8c445e87cfabfde6f111
This assumes that it's more likely we're unlinking a file than a directory,
though even if that's not true, as long as a failed unlink(2) is cheaper
than a successful lstat(2) -- which seems likely since there's no data to
copy -- we still win.
Change-Id: I0210e9cd3d31b8cf1813c55c810262ef327382ed
Our fopen/freopen/tmpfile are already always O_LARGEFILE, but let's add
the aliases for _LARGEFILE_SOURCE compatibility.
Bug: http://b/24807045
Change-Id: I5d99b3ef3c9f27ce70f13313f6a92e96c7f21f80
This also lets us test the EOVERFLOW behavior, which pointed out that the
fgetpos/fsetpos return on failure has always been wrong...
Bug: http://b/24807045
Change-Id: I35273eb07c8c9155af858adb27569983397580b6
Move fdopen/fopen/freopen and change them to initialize _seek64 instead
of the legacy _seek. The in-memory streams can stick with _seek for now,
since you're not going to fit a > 4GiB in-memory stream on a 32-bit device
anyway.
Bug: http://b/24807045
Change-Id: I09dcb426817b571415ce24d4d15f364cdda395b3
The first rule of stdio is you never change struct FILE. This broke all
NDK-built apps that used stdin/stdout/stderr. (Which is more than you
might think, given that those streams don't go anywhere useful. Svelte!)
I've added a big code comment because I knew when I removed the field that
doing so was a mistake, but I couldn't think why.
Bug: http://b/24807045
Bug: http://b/26747402
Change-Id: Ie1233586b223bb1cdf8e354c66d5ff23487a833a
BSD doesn't invalidate the fd stored in struct FILE, which can make
it possible (via fileno(3), for example), to perform operations on
an fd you didn't intend to (rather than just failing with EBADF).
Fixing this makes the code slightly simpler anyway, and might help
catch bad code before it ships.
Bug: http://stackoverflow.com/questions/10816837/fclose-works-differently-on-android-and-linux
Change-Id: I9db74584038229499197a2695c70b58ed0372a87
Previously only clang was happy. GCC said:
error: missing initializer for field 'wcio_mbstate_in' of 'struct wchar_io_data'
Change-Id: I25a11b64f4dfa22a5dd5daded152191fe2cfacaf
This reverts commit c8bae05f3f.
We were breaking init (ueventd) because we initialize system properties
before we initialize stdio. The new system property implementation uses
stdio to read from /property_contexts, so we end up touching stdio data
structures before they've been initialized.
This second attempt takes things further by removing the stdio initialization
function altogether. The data structures for stdin/stdout/stderr can be
statically initialized as data, and -- since we already had to give the
atexit implementation a backdoor for stdio -- we can just admit that we
need to clean up stdio, and that we always do so last.
This patch also removes the 17 statically pre-allocated file structures,
so the first fopen will now allocate a block of 10 (the usual overflow
behavior). I did this just to make my life simpler, but it's not actually
necessary to remove it if we want it back.
Change-Id: I936b2eb5e88e4ebaf5516121872b71fc88e5609c
This reverts commit 4371961e00.
This broke booting; ueventd crashes with a null pointer dereference
somewhere in __sfp (but the kernel doesn't unwind, so I don't know
what was calling __sfp).
Change-Id: I65375fdfdf1d339a06558b4057b580cacd6324e2
It is reported by tsan that funlockfile() can unlock an unlocked mutex.
It happens when printf() is called before fopen() or other stdio stuff.
As FLOCKFILE(fp) is called before __sinit(), _stdio_handles_locking is false,
and _FLOCK(fp) will not be locked. But then cantwrite(fp) in __vfprintf()
calls__sinit(), which makes _stdio_handles_locking become true, and
FUNLOCKFILE(fp) unlocks _FLOCK(fp).
Change _stdio_handles_locking into _caller_handles_locking,
so __sinit() won't change its value. Add test due to my previous fault.
Bug: 25392375
Change-Id: I483e3c3cdb28da65e62f1fd9615bf58c5403b4dd
gcov does writes after reads on the same stream, but the bulk read optimization
was clobbering the FILE _flags, causing fwrite to fail.
Bug: 19129055
Change-Id: I9650cb7de4bb173a706b502406266ed0d2b654d7
The old __isthreaded hack was never very useful on Android because all user
code runs in a VM where there are lots of threads running. But __fsetlocking
lets a caller say "I'll worry about the locking for this FILE*", which is
useful for the normal case where you don't share a FILE* between threads
so you don't need any locking.
Bug: 17154740
Bug: 18593728
Change-Id: I2a8dddc29d3edff39a3d7d793387f2253608a68d
bionic/libc/stdio/fread.c:86:27: error: comparison of integers of different signs: 'int' and 'size_t' (aka 'unsigned int') [-Werror,-Wsign-compare]
Change-Id: Ia7e1e053e0cb13113e8f2eede820be013acbab82
This is correctness rather than performance, but found while investigating
performance.
Bug: 18593728
Change-Id: Idbdfed89d1931fcfae65db29d662108d4bbd9b65
This makes us competitive with glibc for fully-buffered and unbuffered reads,
except in single-threaded situations where glibc avoids locking, but since
we're never really single-threaded anyway, that isn't a priority.
Bug: 18593728
Change-Id: Ib776bfba422ccf46209581fc0dc54f3567645b8f
stdin/stdout/stderr are special; their mutexes are initialized by
__sinit. There's no unit test for this, because __sinit has already
been called by the time the first unit test runs, but you could
reproduce this failure with a trivial main() that calls flockfile
or ftrylockfile on one of the standard streams before otherwise
using stdio.
Bug: 18208568
Change-Id: I28d232cf05a9f198a2bed61854d8047b23d2091d
Various C and C++ standards explicitly say that stdin/stdout/stderr
should be macros, but glibc makes them global variables too. This
means it's possible to write code that uses those names as locals,
but that code (toybox being an example) won't build on bionic.
If we'd done this earlier, we could have hidden __sF for LP64, but
it's too late now.
Change-Id: I90cf8c73f52b66e1760b8fa2e135b9f9f9651230
Keeps a variety of apps running.
(cherry-pick of 5def2f5aecd968e4022b0afbe4441fa7ba3e7c7e.)
Bug: 17047819
Change-Id: I55882ec95f2b59a5df76e5a89c23aa315609e01d