14 Commits

Author SHA1 Message Date
Zack Weinberg
4e2f43f842 Use PRINTF_FORTIFY instead of _IO_FLAGS2_FORTIFY (bug 11319)
The _chk variants of all of the printf functions become much simpler.
This is the last thing that we needed _IO_acquire_lock_clear_flags2
for, so it can go as well.  I took the opportunity to make the headers
included and the names of all local variables consistent across all the
affected files.

Since we ultimately want to get rid of __no_long_double as well, it
must be possible to get all of the nontrivial effects of the _chk
functions by calling the _internal functions with appropriate flags.
For most of the __(v)xprintf_chk functions, this is covered by
PRINTF_FORTIFY plus some up-front argument checks that can be
duplicated.  However, __(v)sprintf_chk installs a custom jump table so
that it can crash instead of overflowing the output buffer.  This
functionality is moved to __vsprintf_internal, which now has a
'maxlen' argument like __vsnprintf_internal; to get the unsafe
behavior of ordinary (v)sprintf, pass -1 for that argument.

obstack_printf_chk and obstack_vprintf_chk are no longer in the same
file.

As a side-effect of the unification of both fortified and non-fortified
vdprintf initialization, this patch fixes bug 11319 for __dprintf_chk
and __vdprintf_chk, which was previously fixed only for dprintf and
vdprintf by the commit

commit 7ca890b88e6ab7624afb1742a9fffb37ad5b3fc3
Author: Ulrich Drepper <drepper@redhat.com>
Date:   Wed Feb 24 16:07:57 2010 -0800

    Fix reporting of I/O errors in *dprintf functions.

This patch adds a test case to avoid regressions.

Tested for powerpc and powerpc64le.
2018-12-05 18:15:43 -02:00
Zack Weinberg
698fb75b9f Add __v*printf_internal with flags arguments
There are a lot more printf variants than there are scanf variants,
and the code for setting up and tearing down their custom FILE
variants around the call to __vf(w)printf is more complicated and
variable.  Therefore, I have added _internal versions of all the
v*printf variants, rather than introducing helper routines so that
they can all directly call __vf(w)printf_internal, as was done with
scanf.

As with the scanf changes, in this patch the _internal functions still
look at the environmental mode bits and all callers pass 0 for the
flags parameter.

Several of the affected public functions had _IO_ name aliases that
were not exported (but, in one case, appeared in libio.h anyway);
I was originally planning to leave them as aliases to avoid having
to touch internal callers, but it turns out ldbl_*_alias only work
for exported symbols, so they've all been removed instead.  It also
turns out there were hardly any internal callers.  _IO_vsprintf and
_IO_vfprintf *are* exported, so those two stick around.

Summary for the changes to each of the affected symbols:

  _IO_vfprintf, _IO_vsprintf:
    All internal calls removed, thus the internal declarations, as well
    as uses of libc_hidden_proto and libc_hidden_def, were also removed.
    The external symbol is now exposed via uses of ldbl_strong_alias
    to __vfprintf_internal and __vsprintf_internal, respectively.

  _IO_vasprintf, _IO_vdprintf, _IO_vsnprintf,
  _IO_vfwprintf, _IO_vswprintf,
  _IO_obstack_vprintf, _IO_obstack_printf:
    All internal calls removed, thus declaration in internal headers
    were also removed.  They were never exported, so there are no
    aliases tying them to the internal functions.  I.e.: entirely gone.

  __vsnprintf:
    Internal calls were always preceded by macros such as
      #define __vsnprintf _IO_vsnprintf, and
      #define __vsnprintf vsnprintf
    The macros were removed and their uses replaced with calls to the
    new internal function __vsnprintf_internal.  Since there were no
    internal calls, the internal declaration was also removed.  The
    external symbol is preserved with ldbl_weak_alias to ___vsnprintf.

  __vfwprintf:
    All internal calls converted into calls to __vfwprintf_internal,
    thus the internal declaration was removed.  The function is now a
    wrapper that calls __vfwprintf_internal.  The external symbol is
    preserved.

  __vswprintf:
    Similarly, but no external symbol.

  __vasprintf, __vdprintf, __vfprintf, __vsprintf:
    New internal wrappers.  Not exported.

  vasprintf, vdprintf, vfprintf, vsprintf, vsnprintf,
  vfwprintf, vswprintf,
  obstack_vprintf, obstack_printf:
    These functions used to be aliases to the respective _IO_* function,
    they are now aliases to their respective __* functions.

Tested for powerpc and powerpc64le.
2018-12-05 18:15:42 -02:00
Florian Weimer
4e8a6346cd libio: Avoid _allocate_buffer, _free_buffer function pointers [BZ #23236]
These unmangled function pointers reside on the heap and could
be targeted by exploit writers, effectively bypassing libio vtable
validation.  Instead, we ignore these pointers and always call
malloc or free.

In theory, this is a backwards-incompatible change, but using the
global heap instead of the user-supplied callback functions should
have little application impact.  (The old libstdc++ implementation
exposed this functionality via a public, undocumented constructor
in its strstreambuf class.)
2018-06-01 10:41:03 +02:00
Zack Weinberg
9964a14579 Mechanically remove _IO_ name aliases for types and constants.
This patch mechanically removes all remaining uses, and the
definitions, of the following libio name aliases:

 name                         replaced with
 ----                         -------------
 _IO_FILE                     FILE
 _IO_fpos_t                   __fpos_t
 _IO_fpos64_t                 __fpos64_t
 _IO_size_t                   size_t
 _IO_ssize_t                  ssize_t or __ssize_t
 _IO_off_t                    off_t
 _IO_off64_t                  off64_t
 _IO_pid_t                    pid_t
 _IO_uid_t                    uid_t
 _IO_wint_t                   wint_t
 _IO_va_list                  va_list or __gnuc_va_list
 _IO_BUFSIZ                   BUFSIZ
 _IO_cookie_io_functions_t    cookie_io_functions_t
 __io_read_fn                 cookie_read_function_t
 __io_write_fn                cookie_write_function_t
 __io_seek_fn                 cookie_seek_function_t
 __io_close_fn                cookie_close_function_t

I used __fpos_t and __fpos64_t instead of fpos_t and fpos64_t because
the definitions of fpos_t and fpos64_t depend on the largefile mode.
I used __ssize_t and __gnuc_va_list in a handful of headers where
namespace cleanliness might be relevant even though they're
internal-use-only.  In all other cases, I used the public-namespace
name.

There are a tiny handful of places where I left a use of 'struct _IO_FILE'
alone, because it was being used together with 'struct _IO_FILE_plus'
or 'struct _IO_FILE_complete' in the same arithmetic expression.

Because this patch was almost entirely done with search and replace, I
may have introduced indentation botches.  I did proofread the diff,
but I may have missed something.

The ChangeLog below calls out all of the places where this was not a
pure search-and-replace change.

Installed stripped libraries and executables are unchanged by this patch,
except that some assertions in vfscanf.c change line numbers.

	* libio/libio.h (_IO_FILE): Delete; all uses changed to FILE.
	(_IO_fpos_t): Delete; all uses changed to __fpos_t.
	(_IO_fpos64_t): Delete; all uses changed to __fpos64_t.
	(_IO_size_t): Delete; all uses changed to size_t.
	(_IO_ssize_t): Delete; all uses changed to ssize_t or __ssize_t.
	(_IO_off_t): Delete; all uses changed to off_t.
	(_IO_off64_t): Delete; all uses changed to off64_t.
	(_IO_pid_t): Delete; all uses changed to pid_t.
	(_IO_uid_t): Delete; all uses changed to uid_t.
	(_IO_wint_t): Delete; all uses changed to wint_t.
	(_IO_va_list): Delete; all uses changed to va_list or __gnuc_va_list.
	(_IO_BUFSIZ): Delete; all uses changed to BUFSIZ.
	(_IO_cookie_io_functions_t): Delete; all uses changed to
	cookie_io_functions_t.
	(__io_read_fn): Delete; all uses changed to cookie_read_function_t.
	(__io_write_fn): Delete; all uses changed to cookie_write_function_t.
	(__io_seek_fn): Delete; all uses changed to cookie_seek_function_t.
	(__io_close_fn): Delete: all uses changed to cookie_close_function_t.

	* libio/iofopncook.c: Remove unnecessary forward declarations.
	* libio/iolibio.h: Correct outdated commentary.
	* malloc/malloc.c (__malloc_stats): Remove unnecessary casts.
	* stdio-common/fxprintf.c (__fxprintf_nocancel):
	Remove unnecessary casts.
	* stdio-common/getline.c: Use _IO_getdelim directly.
	Don't redefine ssize_t.
	* stdio-common/printf_fp.c, stdio_common/printf_fphex.c
	* stdio-common/printf_size.c: Don't redefine size_t or FILE.
	Remove outdated comments.
	* stdio-common/vfscanf.c: Don't redefine va_list.
2018-02-21 14:11:05 -05:00
Joseph Myers
688903eb3e Update copyright dates with scripts/update-copyrights.
* All files with FSF copyright notices: Update copyright dates
	using scripts/update-copyrights.
	* locale/programs/charmap-kw.h: Regenerated.
	* locale/programs/locfile-kw.h: Likewise.
2018-01-01 00:32:25 +00:00
Joseph Myers
bfff8b1bec Update copyright dates with scripts/update-copyrights. 2017-01-01 00:14:16 +00:00
Joseph Myers
f7a9f785e5 Update copyright dates with scripts/update-copyrights. 2016-01-04 16:05:18 +00:00
Joseph Myers
b168057aaa Update copyright dates with scripts/update-copyrights. 2015-01-02 16:29:47 +00:00
Allan McRae
d4697bc93d Update copyright notices with scripts/update-copyrights 2014-01-01 22:00:23 +10:00
Joseph Myers
568035b787 Update copyright notices with scripts/update-copyrights. 2013-01-02 19:05:09 +00:00
Andreas Schwab
d18ea0c5e6 Remove use of INTDEF/INTUSE in libio 2012-05-24 23:06:20 +02:00
Paul Eggert
59ba27a63a Replace FSF snail mail address with URLs. 2012-02-09 23:18:22 +00:00
Ulrich Drepper
6cc8844f1d * sysdeps/unix/sysv/linux/dl-osinfo.h (dl_fatal): Remove inline
from definition.

	* sysdeps/x86_64/dl-machine.h (elf_machine_rela): Don't define
	label if it is not used.

	* elf/dl-profile.c (_dl_start_profile): Define real-type variant
	of gmon_hist_hdr and gmon_hdr structures and use them.

	* elf/dl-load.c (open_verify): Add temporary variable to avoid
	warning.

	* nscd/nscd_helper.c (get_mapping): Avoid casts to avoid warnings.

	* sunrpc/clnt_raw.c (clntraw_private_s): Use union in definition
	to avoid cast.

	* inet/rexec.c (rexec_af): Make sa2 a union to avoid warnings.
	* inet/rcmd.c (rcmd_af): Make from a union of the various needed types
	to avoid warnings.
	(iruserok_af): Use ss_family instead of casts.

	* gmon/gmon.c (write_hist): Define real-type variant of
	gmon_hist_hdr structure and use it.
	(write_gmon): Likewise for gmon_hdr.

	* sysdeps/unix/sysv/linux/readv.c: Avoid declaration of replacement
	function if we are not going to define it.
	* sysdeps/unix/sysv/linux/writev.c: Likewise.

	* inet/inet6_option.c (optin_alloc): Add temporary variable to
	avoid warning.

	* libio/strfile.h (struct _IO_streambuf): Use correct type and
	name of VTable element.
	* libio/iovsprintf.c: Avoid casts to avoid warnings.
	* libio/iovsscanf.c: Likewise.
	* libio/vasprintf.c: Likewise.
	* libio/vsnprintf.c: Likewise.
	* stdio-common/isoc99_vsscanf.c: Likewise.
	* stdlib/strfmon_l.c: Likewise.
	* debug/vasprintf_chk.c: Likewise.
	* debug/vsnprintf_chk.c: Likewise.
	* debug/vsprintf_chk.c: Likewise.
2009-04-26 20:12:37 +00:00
Ulrich Drepper
dff3751503 * include/stdio.h (__asprintf_chk, __dprintf_chk,
__obstack_printf_chk): New prototypes.
	(__vasprintf_chk, __vdprintf_chk,
	__obstack_vprintf_chk): Likewise.
	Add libc_hidden_proto.
	* libio/obprintf.c
	(_IO_obstack_jumps): No longer static, add attribute_hidden.
	* libio/bits/stdio-ldbl.h (__asprintf_chk, __dprintf_chk,
	__obstack_printf_chk, __vasprintf_chk, __vdprintf_chk,
	__obstack_vprintf_chk): Add __LDBL_REDIR_DECL.
	* libio/bits/stdio2.h (__asprintf_chk, __dprintf_chk,
	__obstack_printf_chk, __vasprintf_chk, __vdprintf_chk,
	__obstack_vprintf_chk): New prototypes.
	(asprintf, __asprintf, dprintf, obstack_printf, vasprintf, vdprintf,
	obstack_vprintf): New inlines.
	* debug/dprintf_chk.c: New file.
	* debug/vdprintf_chk.c: New file.
	* debug/asprintf_chk.c: New file.
	* debug/vasprintf_chk.c: New file.
	* debug/obprintf_chk.c: New file.
	* debug/tst-chk1.c (do_test): Add asprintf and obstack_printf tests.
	* debug/Versions (__asprintf_chk, __dprintf_chk, __obstack_printf_chk,
	__vasprintf_chk, __vdprintf_chk, __obstack_vprintf_chk): Export
	@@GLIBC_2.8.
	* debug/Makefile: Build asprintf_chk, vasprintf_chk, dprintf_chk,
	vdprintf_chk and obprintf_chk, set CFLAGS for them.
	* sysdeps/ieee754/ldbl-opt/nldbl-compat.c (__nldbl___vasprintf_chk,
	__nldbl___vdprintf_chk, __nldbl___obstack_vprintf_chk): Add
	libc_hidden_proto.
	* sysdeps/ieee754/ldbl-opt/nldbl-compat.h (__nldbl___vasprintf_chk,
	__nldbl___vdprintf_chk, __nldbl___obstack_vprintf_chk): New prototypes.
	* sysdeps/ieee754/ldbl-opt/Versions (__nldbl___asprintf_chk,
	__nldbl___vasprintf_chk, __nldbl___dprintf_chk, __nldbl___vdprintf_chk,
	__nldbl___obstack_printf_chk, __nldbl___obstack_vprintf_chk): Export
	@@GLIBC_2.8.
	* sysdeps/ieee754/ldbl-opt/Makefile (libnldbl-calls): Add asprintf_chk,
	vasprintf_chk, dprintf_chk, vdprintf_chk, obstack_printf_chk and
	obstack_vprintf_chk.
	* sysdeps/ieee754/ldbl-opt/nldbl-obstack_vprintf_chk.c: New file.
	* sysdeps/ieee754/ldbl-opt/nldbl-dprintf_chk.c: New file.
	* sysdeps/ieee754/ldbl-opt/nldbl-obstack_printf_chk.c: New file.
	* sysdeps/ieee754/ldbl-opt/nldbl-asprintf_chk.c: New file.
	* sysdeps/ieee754/ldbl-opt/nldbl-vdprintf_chk.c: New file.
	* sysdeps/ieee754/ldbl-opt/nldbl-vasprintf_chk.c: New file.
2008-03-05 07:05:13 +00:00