IABSD.fr/src/lib/libc/stdlib
Branch :
Log
| Author | Commit | Date | CI | Message |
|---|---|---|---|---|
 |
1c86e9db | 2025-10-23 18:49:46 | Revert r1.286 now that all supported platforms have __builtin_clz. | |
 |
a8274c28 | 2025-08-04 14:11:37 | Sort NAME, RETURN VALUES, ERRORS, and STANDARDS in the same order as SYNOPSIS. Sort HISTORY chronologically. No text change. | |
 |
42a7be81 | 2025-08-04 04:59:30 | Implement the POSIX-2024 close-on-fork flag, but modified to be reset on exec as preserving it across exec is not necessary for its original purpose and has security and usability concerns. Many thanks to Ricardo Branco (rbranco (at) suse.de) who did an independent implementation, caught that /dev/fd/* needed to be handled, and provided a port of the illumos test suite. Thanks to tb@ for assistance with that. ok deraadt@ | |
|
74a1e058 | 2025-06-13 18:34:00 | The mdoc(7) .Ft macro does not need quoting of its arguments, but about 10% of our manual pages using this macro employed useless quoting anyway. Remove these quotes such that they do not incite fear, uncertainty, and doubt in developers who happen to look at these pages. jmc@ and tb@ agree with the direction. | |
 |
f3df33fd | 2025-06-12 16:07:09 | <uvm/uvmexp.h> is clearly only for VM_MALLOC_CONF, but <sys/sysctl.h> takes care of doing that include. | |
 |
ce1bcb34 | 2025-06-04 00:38:01 | Revert 1.144 of lib/libc/stdlib/malloc.3. It was changed by accident by my previous commit. | |
|
4b2686f7 | 2025-06-03 14:15:53 | Again. Make exit(), fclose(), fflush(), and freopen() comply with POSIX-2008 requirements for setting the underlying file position when flushing read-mode streams, and make an fseek()-after-fflush() not change the underlying file position. This commit fixes some minor problems of the previous. previous diff from guenther Much testing, review, assistence form tb@ ok tb@ millert@ for the previous ok asou | |
|
1d215e77 | 2025-05-27 12:40:37 | Delete bad advice about abusing malloc_options = "X" as a production feature to terminate the program when out of memory. Application code should always handle failure of library functions properly. So if you want your program to terminate, write something like | p = malloc(...); | if (p == NULL) | err(1, NULL); and don't abuse malloc_options. Direction suggested by otto@ after anton@ pointed out that this very old text still used an outdated data type for malloc_options and potentially failed to define its value at compile time. OK otto@ | |
|
1884db56 | 2025-05-24 12:47:11 | explain more precisely how to initialize malloc_options; OK deraadt@ | |
|
fb69fb32 | 2025-05-23 00:40:05 | When commons were deprecated, noone noticed that malloc_options in static binaries had become unlinkable. Change the libc definition to weak to solve that, and to "const char * const" so that noone will try to set it late. It must be stable before the first malloc() call, which could be before main()... discussion with otto, kettenis, tedu | |
 |
479c151d | 2024-09-20 02:00:46 | remove unneeded semicolons; checked by millert@ | |
|
0f4fed2b | 2024-08-30 03:44:48 | Revert commitid KcCtsA53F9UQzc0t: "Make exit(), fclose(), fflush(), and freopen() comply with POSIX-2008 requirements for setting the underlying file position when flushing read-mode streams, and make an fseek()-after-fflush() not change the underlying file position." Something isn't correct about it and it breaks at least initdb from the postgresql-server package. discussed with tb@, semarie@, and deraadt@ | |
|
e7b25768 | 2024-08-12 20:53:09 | Make exit(), fclose(), fflush(), and freopen() comply with POSIX-2008 requirements for setting the underlying file position when flushing read-mode streams, and make an fseek()-after-fflush() not change the underlying file position. Much testing, review, and assistance from tb@ ok tb@ millert@ | |
|
dfc5f6fe | 2024-08-03 20:09:24 | mkostemp(3) and reallocarray(3) are in POSIX-2024: adjust #include visibility and update the reallocarray(3) manpage ok millert@ | |
 |
2c55ebb0 | 2024-07-10 14:17:58 | Zap warning against __findenv usage, it is not exported by libc The comment probably made sense before guenther restricted the symbols exported by libc in 2015. | |
|
42a1f524 | 2024-03-30 07:50:39 | In _malloc_init(), round up the region being mprotected RW to the malloc page size, rather than relying upon mprotect to round up to the actual mmu page size. This repairs malloc operation on systems where the malloc page size (1 << _MAX_PAGE_SHIFT) is larger than the mmu page size. ok otto@ | |
 |
1aa88f2b | 2024-03-01 21:30:40 | Add mkdtemps(3), like mkdtemp(3) but with a suffix. OK deraadt@ tb@ | |
|
2ce65aae | 2024-01-19 19:45:02 | Make our mktemp(3) callback-driven and split into multiple files. Previously, calling any of the mktemp(3) family would pull in lstat(2), open(2) and mkdir(2). Now, only the necessary system calls will be reachable from the binary. OK deraadt@ guenther@ | |
|
3cb1b7a6 | 2024-01-19 16:30:28 | Move mktemp.c to stdlib where it belongs. OK deraadt@ | |
 |
8fa61426 | 2023-12-19 06:59:28 | A small cleanup of malloc_bytes(), getting rid of a goto and a tiny bit of optimization; ok tb@ asou@ | |
 |
77bc04ff | 2023-12-04 22:52:41 | zap trailing whitespace | |
|
2a60a4d2 | 2023-12-04 07:01:45 | Save backtraces to show in leak dump. Depth of backtrace set by malloc option D (aka 1), 2, 3 or 4. No performance impact if not used. ok asou@ | |
|
5f3e01b7 | 2023-11-04 11:02:35 | KNF plus fixed a few signed vs unsigned compares (that we actually not real problems) | |
|
53a1814d | 2023-10-26 17:59:16 | A few micro-optimizations; ok asou@ | |
 |
92232a8c | 2023-10-22 14:04:52 | correct Va in previous; | |
|
0778079a | 2023-10-22 12:19:26 | When option D is active, store callers for all chunks; this avoids the 0x0 call sites for leak reports. Also display more info on detected write of free chunks: print the info about where the chunk was allocated, and for the preceding chunk as well. ok asou@ | |
 |
db142dbd | 2023-09-09 06:52:40 | Print waring message when not allocated memory in putleakinfo(). ok otto. | |
|
02a7ea71 | 2023-07-01 18:35:14 | Document that small allocations are initially junked with 0xdf now | |
|
5f0c994b | 2023-06-30 06:24:58 | Recommit "Allow to ask for deeper callers for leak reports using malloc options" Now only enabled for platforms where it's know to work and written as a inline functions instead of a macro. | |
|
e59245c0 | 2023-06-23 05:26:45 | Revert previous, not all platforms allow compiling __builtin_return_address(a) with a != 0. | |
|
1be2752a | 2023-06-22 11:04:16 | Allow to ask for deeper callers for leak reports using malloc options. ok deraadt@ | |
 |
9889fdb6 | 2023-06-07 12:56:22 | Add portable version and m88k-specific version lb() function, because unfortunately gcc3 does not have __builtin_clz(). ok miod@ otto@ | |
|
e78208e2 | 2023-06-04 06:58:33 | More thorough write-afetr-free checks. On free, chunks (the pieces of a pages used for smaller allocations) are junked and then validated after they leave the delayed free list. So after free, a chunk always contains junk bytes. This means that if we start with the right contents for a new page of chunks, we can *validate* instead of *write* junk bytes when (re)-using a chunk. With this, we can detect write-after-free when a chunk is recycled, not justy when a chunk is in the delayed free list. We do a little bit more work on initial allocation of a page of chunks and when re-using (as we validate now even on junk level 1). Also: some extra consistency checks for recallocaray(3) and fixes in error messages to make them more consistent, with man page bits. Plus regress additions. | |
|
d88bac1a | 2023-05-27 04:33:00 | Remove malloc interposition, a workaround that was once needed for emacs ok guenther@ | |
|
170ca6cd | 2023-05-18 16:11:09 | Add PROTO_NORMAL() declarations for the remaining syscalls, to avoid future, inadvertant PLT entries. Move the __getcwd and __realpath declarations to hidden/{stdlib,unistd}.h to consolidate and remove duplication. ok tb@ otto@ deraadt@ | |
|
760f5d48 | 2023-05-10 07:58:06 | As mmap(2) is no longer a LOCK syscall, do away with the extra unlock-lock dance it serves no real purpose any more. Confirmed by a small performance increase in tests. ok @tb | |
|
0eee8115 | 2023-04-21 06:19:40 | remove duplicate include ok otto@ | |
|
b40d7d1d | 2023-04-17 05:45:06 | remove bad Pp; (sorry, otto, for not spotting in the updated diff) | |
|
b8e81c95 | 2023-04-16 19:46:17 | Dump (leak) info using utrace(2) and compile the code always in except for bootblocks. This way we have built-in leak detecction always (if enable by malloc flags). See man pages for details. | |
|
250bcd55 | 2023-04-05 06:25:38 | Introduce variation in location of junked bytes; ok tb@ | |
|
42f826b2 | 2023-04-01 18:47:51 | Check all chunks in the delayed free list for write-after-free. Should catch more of them and closer (in time) to the WAF. ok tb@ | |
|
d7c8d7e7 | 2023-03-25 15:22:06 | Change malloc chunk sizes to be fine grained. The basic idea is simple: one of the reasons the recent sshd bug is potentially exploitable is that a (erroneously) freed malloc chunk gets re-used in a different role. malloc has power of two chunk sizes and so one page of chunks holds many different types of allocations. Userland malloc has no knowledge of types, we only know about sizes. So I changed that to use finer-grained chunk sizes. This has some performance impact as we need to allocate chunk pages in more cases. Gain it back by allocation chunk_info pages in a bundle, and use less buckets is !malloc option S. The chunk sizes used are 16, 32, 48, 64, 80, 96, 112, 128, 160, 192, 224, 256, 320, 384, 448, 512, 640, 768, 896, 1024, 1280, 1536, 1792, 2048 (and a few more for sparc64 with its 8k sized pages and loongson with its 16k pages). If malloc option S (or rather cache size 0) is used we use strict multiple of 16 sized chunks, to get as many buckets as possible. ssh(d) enabled malloc option S, in general security sensitive programs should. See the find_bucket() and bin_of() functions. Thanks to Tony Finch for pointing me to code to compute nice bucket sizes. ok tb@ | |
|
eed1419e | 2023-02-27 06:47:54 | There is no reason to-be-cleared chunks cannot participate in delayed freeing; ok tb@ | |
|
e70a8168 | 2022-12-27 17:31:09 | Change the way malloc_init() works so that the main data structures can be made immutable to provide extra protection. Also init pools on-demand: only pools that are actually used are initialized. Tested by many | |
|
2c53affb | 2022-12-27 17:10:05 | spelling fixes; from paul tagliamonte any changes not taken noted on tech, but chiefly here i did not take the cancelation - cancellation changes; | |
|
60b91d5a | 2022-10-22 15:21:25 | In __cxa_atexit(), there is no need to initialize local pointer before the lock, when it is correctly initialized after the lock ok otto millert | |
|
0b4b01c9 | 2022-10-14 04:38:39 | put the malloc_readonly struct into the "openbsd.mutable" section, so that the kernel and ld.so will know not to mark it immutable. malloc handles the read/write transitions by itself. | |
|
d32639f6 | 2022-09-11 06:38:10 | .Li -> .Vt where appropriate; from josiah frentsos, tweaked by schwarze ok schwarze | |
|
7fd658f2 | 2022-08-08 22:40:03 | For putenv(3), return an error if string starts with a '=' character. Both FreeBSD and NetBSD have this behavior. OK deraadt@ | |
|
6e23b9dc | 2022-08-04 06:20:24 | change some 4.4BSD references to earlier releases ok schwarze@ | |
|
37a8a615 | 2022-07-25 02:25:55 | If a command or interface first appeared in PWB/UNIX, UNIX System III or UNIX System V mention it. Only do so in manual pages with a pre-existing HISTORY section. Prompted by the comparison of System V and BSD commands and interfaces in Sun's "System V Enhancements Overview" document. checked against manuals on bitsavers, TUHS archive and CSRG archive CDs ok jmc@ schwarze@ | |
|
1c17c713 | 2022-06-30 17:15:48 | To figure our whether a large allocation can be grown into the following page(s) we've been first mquery()ing for it, mmapp()ing w/o MAP_FIXED if available, and then munmap()ing if there was a race. Instead, just try it directly with mmap(MAP_FIXED | __MAP_NOREPLACE) tested in snaps for weeks ok deraadt@ | |
|
1e8f9462 | 2022-05-21 00:53:53 | system(3) should ignore SIGINT and SIGQUIT until the shell exits. This got broken when system.c was converted from signal(3) to sigaction(2). Also add SIGINT and SIGQUIT to the set of blocked signals and unblock them in the parent after the signal handlers are installed. Based on a diff from Leon Fischer. OK deraadt@ | |
 |
41ce3b17 | 2022-03-31 17:27:13 | man pages: add missing commas between subordinate and main clauses jmc@ dislikes a comma before "then" in a conditional, so leave those untouched. ok jmc@ | |
|
4bc2832d | 2022-03-29 18:15:52 | man pages: add missing word, The foo() ... -> The foo() function ... ok jmc@ schwarze@ | |
|
799edd11 | 2022-02-26 16:14:42 | Currently malloc caches a number of free'ed regions up to 128k in size. This cache is indexed by size (in # of pages), so it is very quick to check. Some programs allocate and deallocate larger allocations in a frantic way. Accomodate those programs by also keeping a cache of regions between 128k and 2M, in a cache of variable sized regions. Tested by many in snaps; ok deraadt@ | |
|
a4e61cf2 | 2022-02-06 00:29:02 | remove please from manual pages ok jmc@ sthen@ millert@ | |
|
ba09b28a | 2022-01-06 18:58:24 | refer to longindex as an argument, not a field; from uwe@netbsd -r1.22 ok millert | |
 |
0674b982 | 2021-12-08 22:06:28 | lsearch(3): reimplement using lfind(3) lsearch(3) is really just lfind(3) with an additional branch to append the key if lfind(3) fails. If we get rid of the underlying linear_base() function and move the search portion into lfind(3) and the key-copying portion into lsearch(3) we get smaller and simpler code. Misc. notes: - We do not need to keep the historical comment about errno. lsearch(3) is pure computation and does not set errno. That's really all you need to know. The specification reserves no errors, either. - We are using lfind(3) internally now, so it switches from PROTO_DEPRECATED to PROTO_NORMAL in hidden/search.h and needs DEF_WEAK in stdlib/lsearch.c. With advice from guenther@ on symbol housekeeping in libc. Thread: https://marc.info/?l=openbsd-tech&m=163885187632449&w=2 ok millert@ | |
|
087b84e2 | 2021-12-07 04:01:45 | lsearch(3): append key to array with memmove(3) instead of memcpy(3) If the key overlaps the end of the array, memcpy(3) mutates the key and copies a corrupted value into the end of the array. If we use memmove(3) instead we at least end up with a clean copy of the key at the end of the array. This is closer to the intended behavior. With input from millert@ and deraadt@. Thread: https://marc.info/?l=openbsd-tech&m=163880307403606&w=2 ok millert@ | |
|
d10db4f7 | 2021-12-02 20:58:01 | bsearch(3): support arrays with more than INT_MAX elements The "lim" variable needs to be a size_t to match nmemb, otherwise we get undefined behavior when nmemb exceeds INT_MAX. Prompted by a blog post by Joshua Bloch: https://ai.googleblog.com/2006/06/extra-extra-read-all-about-it-nearly.html Fixed by Chris Torek a long time ago: https://svnweb.freebsd.org/csrg/lib/libc/stdlib/bsearch.c?revision=51742&view=markup ok millert@ | |
|
b7041c07 | 2021-10-24 21:24:15 | For open/openat, if the flags parameter does not contain O_CREAT, the 3rd (variadic) mode_t parameter is irrelevant. Many developers in the past have passed mode_t (0, 044, 0644, or such), which might lead future people to copy this broken idiom, and perhaps even believe this parameter has some meaning or implication or application. Delete them all. This comes out of a conversation where tb@ noticed that a strange (but intentional) pledge behaviour is to always knock-out high-bits from mode_t on a number of system calls as a safety factor, and his bewilderment that this appeared to be happening against valid modes (at least visually), but no sorry, they are all irrelevant junk. They could all be 0xdeafbeef. ok millert | |
|
3873297b | 2021-10-24 10:05:22 | ansi ok mpi@ deraadt@ | |
 |
9a9b50ce | 2021-10-13 15:04:53 | Provide realpath(1) A tiny realpath(3) wrapper to make a porter's life easier. Feedback kettenis deraadt cheloha sthen OK cheloha martijn deraadt | |
|
5576bc40 | 2021-09-19 09:15:22 | Switch two calls from memset() to explicit_bzero() This matches the documented behavior more obviously and ensures that these aren't optimized away, although this is unlikely. Discussed with deraadt and otto | |
|
32d8c28b | 2021-09-03 16:51:47 | * add the missing STANDARDS section as noticed by tb@ * mention that the *optionp input string will be modified * clarify that the array of tokens is expected to be NULL-terminated OK millert@ tb@, and the first half of STANDARDS also OK jmc@ | |
|
205367eb | 2021-07-23 18:04:28 | Make MALLOC_STATS compile again; noted by Omar Polo and Joe Nelson | |
|
293988a7 | 2021-04-09 06:05:21 | An extra internal consistency check and a missing stats adjustment. ok tb@ | |
|
853bf09b | 2021-04-09 06:04:15 | Cache implementation has changed, we do not hold on to an exact number of pages anymore, but also cache larger regions; ok tb@ | |
 |
2cb7cdfc | 2021-03-18 11:16:58 | Type-cast getpagesize() from int to size_t for the comparison with d. getpagesize() will only return positive numbers (there is no negative page size system) and it can not fail. Should fix some compiler warnings seen in -portable projects. OK otto@ | |
|
c9c2a8bc | 2021-03-09 07:39:28 | Change the implementation of the malloc cache to keep lists of regions of a given size. In snaps for a while, committing since no issues were reported and a wider audience is good. ok deraadt@ | |
|
19aed9fc | 2021-02-25 15:20:18 | - Make use of the fact that we know how the chunks are aligned, and write 8 bytes at the time by using a uint64_t pointer. For an allocation a max of 4 such uint64_t's are written spread over the allocation. For pages sized and larger, the first page is junked in such a way. - Delayed free of a small chunk checks the corresponiding way. - Pages ending up in the cache are validated upon unmapping or re-use. In snaps for a while | |
|
70d9094f | 2021-02-12 17:03:51 | Some people still argue that rand(3) and random(3) have suitable deterministic use cases, so explain the situation a bit more. Since the 80's, I estimate around 5 algorithm changes, so any chosen seed is unrepeatable UB. +The deterministic sequence algorithm changed a number of times since +original development, is underspecified, and should not be relied upon to +remain consistent between platforms and over time. ok jmc kettenis | |
|
3e142b5f | 2020-11-23 15:42:11 | mapalign() only handles allocations >= a page; problem found by and ok semarie@ | |
|
87afc19e | 2020-10-12 22:08:32 | make fixed-sized fixed-value mib[] arrays be const ok guenther tb millert | |
|
8d0b0dbd | 2020-10-09 16:01:48 | As noted by tb@ previous commit only removed an unused fucntion. So redo previous commit properly: Use random value for canary bytes; ok tb@. | |
|
321ee9bb | 2020-10-06 06:31:14 | Use random value for canary bytes; ok tb@ | |
|
ee0eab5e | 2020-09-06 06:41:03 | For page-sized and larger allocations do not put the pages we're shaving off into the cache but unamp them. Pages in the cache get re-used and then a future grow of the first allocation will be hampered. Also make realloc a no-op for small shrinkage. ok deraadt@ | |
|
0025f5bb | 2020-05-27 22:25:09 | This patch fixes one bug and one instance of undesirable behaviour. The bug, present since 4.4BSD, was that a trailing dash in an option group, when the dash is not permitted as an option letter, resulted in the whole option group being returned as an argument, even though the previous option in the group was already parsed as an option: OPTS=abc ./getopt-test -a- -c arg ===>> OPT(a)ARG(-a-)ARG(-c)ARG(arg). Instead, treat the dash as an invalid option and continue parsing options: ===>> OPT(a)ERR(?-)OPT(c)ARG(arg). The undesirable behaviour was that allowing the dash as an option letter only allowed isolated dashes ("-") and trailing dashes in groups ("-a-"), but neither middle dashes in groups ("-a-b"), even though that already partially worked in 4.4BSD, nor leading dashes in groups ("--a"), even though that works on all other BSDs and on glibc. Also, while POSIX does not require that the dash can be used as an option letter at all, arguably, it encourages that letters either be fully supported or not supported at all. It is dubious whether supporting an option letter in some positions but not in others can be considered conforming. This patch makes OpenBSD behaviour identical to FreeBSD and NetBSD, improves compatibility with glibc (except that glibc does not support isolated "-"), improves compatibility with DragonFly (except that DragonFly is buggy when the dash option letter can take an optional argument but that argument is not present), improves compatibility with Illumos and Solaris 11 (except those do not support "-" and mishandle "--a"), and restores 4.4BSD behaviour for "-a-b". In no respect i'm aware of is compatibility with any other systems reduced. For the full rationale, see my mail to tech@ on 30 Mar 2020 14:26:41 +0200. Part of the problem was originally reported by an anonymous coward on tech@ on 12 Mar 2020 03:40:24 +0200, additional analysis was contributed by martijn@, and then the OP sent the final version of the patch i'm now committing on 17 Mar 2020 19:17:56 +0200. No licensing problem here because after the commit, the file does not contain a single word written by the OP. Also, the OP told me in private mail that he intends to publish the patch under the ISC license already contained in the file and that he wishes to be known by the pseudonym "0xef967c36". OK martijn@, and no objection when shown on tech@, but commit delayed to stay clear of the release. | |
|
88446cb7 | 2020-04-26 16:36:14 | Minimal maintenance to make this mess slightly less confusing: queue -> list; mention "intrusive"; element -> member at one place; delete a bogus remark that maybe referred to a long-gone implementation in VAX assembly code. Much more could be improved, but i don't want to waste too much time here. | |
|
e240c74e | 2020-04-26 13:59:56 | fix the description; from andras farkas ok schwarze kill a Tn while here... | |
 |
54774e46 | 2020-03-30 12:52:58 | "eventually" came and went back in 2004. OK schwarze@ | |
|
01c04610 | 2020-02-08 01:09:57 | correct Research Unix edition "appeared in" use in HISTORY Starting from "Combined Table of Contents" in Doug McIlroy's "A Research UNIX Reader" a table of which edition manuals appeared in. Checked against manuals from bitsavers/TUHS and source from TUHS where available. Ingo points out there are cases where something is included but not documented until a later release. bcd(6) v6 v7 printf(3) v2 v4 abort(3) v5 v6 system(3) v6 v7 fmod(3) v5 v6 ok schwarze@ | |
 |
dd25ef17 | 2020-01-13 18:05:10 | Document how to make getopt_long(3) process arguments in order and stop at the first non-option argument. I had to read source code to figure it out. | |
|
4e9ef723 | 2019-12-20 19:16:40 | drand48(3) returns values in [0.0, 1.0). From j@bitminer.ca with input from Andras Farkas, deraadt, joerg@netbsd "fix however you feel best!" jmc | |
 |
efa53c96 | 2019-12-11 20:01:50 | The file passed to realpath(3) must exists, adjust man page to new behavior. noticed by hshoexer@; OK beck@ | |
|
201844aa | 2019-09-14 13:16:50 | Add comment line saying S is described vaguely on purpose. Prompted by guenther@ | |
|
b8285a3b | 2019-07-05 12:55:36 | improve verb-tense for explaining the calling convention of __ ok guenther jmc | |
|
1409e966 | 2019-07-05 05:04:26 | The last consumer of pre-posix realpath behaviour has stopped requiring it (sftp-server). Remove the /exists///// behaviour from here. The /nonexistant behaviour remains in the kernel and needs to be shot next. There may be ports fallout, but we doubt it. ok beck djm | |
|
00b0b8ba | 2019-06-30 17:31:39 | tweak previous; ok guenther | |
|
71304b6e | 2019-06-29 21:21:27 | Document that getcwd() and realpath() are built on system calls that have a different calling convention than the standard function...as seen in kdump output. ok deraadt@ schwarze@ | |
|
df69c215 | 2019-06-28 13:32:41 | When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future. | |
|
10a3055d | 2019-06-27 16:30:39 | The C89 standard only requires that atexit(3) returns a non-zero value on error, so checking for -1 only is potentially non-portable. Also mention that the C89 standard does not require errno to be set. OK deraadt@ millert@ | |
|
390a7db7 | 2019-06-17 03:13:17 | Remove old realpath(3), and the userland-vs-kernel realpath verification code. We now user the simple userland wrapper on top of __realpath(2). The non-POSIX behaviour still remains, that is the next component to fix. From a diff by beck, but I managed to chainsaw it a bit further. Tested in snaps for a couple of days. ok beck | |
|
2874294b | 2019-06-15 17:06:46 | oops - missing .El in previous; | |
|
d2c05ee5 | 2019-06-15 15:40:44 | realpath(3) doesn't use lstat(2), readlink(2), or getcwd(3) anymore, it is a thin wrapper over the syscall __readlink(2). Improve the list of possible errors. ok millert beck jmc | |
|
5c7d06e5 | 2019-06-02 01:03:01 | Complete the ld.so boot cleanup: move most libc initialization from _csu_finish() to _libc_preinit(), which is an .init_array function in shared libc (and mark it INITFIRST) or a .preinit_array function in static libc, grabbing the _dl_cb callback there from ld.so. Then in _csu_finish(), invoke the dl_clean_boot() callback to free ld.so's startup bits before main() gets control. Other cleanups this permits: - move various startup structures into .data.rel.ro - the dl* stubs in libc can be strong and call the callbacks provided via _dl_cb - no longer need to conditionalize dlctl() calls on presence of _DYNAMIC original concept and full diff ok kettenis@ ok deraadt@ | |
|
1f4d754a | 2019-05-30 13:22:48 | __realpath(2) appears to have improved, so re-enable the code that checks userland-parsing vs kernel parsing, we are hoping to spot another bug.. | |
|
08cf7815 | 2019-05-29 11:54:49 | There are some bugs in __realpath(2) -- it isn't quite ready so disable calling it until those are fixed. | |
 |
70ae68a1 | 2019-05-28 13:08:56 | Enable the use of the kernel __realpath() system call in the libc wrapper. For now, this also still uses the existing realpath implmentation and emits a syslog if we see differening results. Once we have run with that for a little while we will remove the old code ok deraadt@ |