The use of the same name for a local variable combined with passing a
pointer to it to a nested macro call causes the wrong 'err' variable to
be updated in 'read_real', because '&err' is only expanded at '*errp'
evaluation. Consequently the variable defined in 'read_real' is set
rather than one in its 'verify_input' caller as it would be the case
should 'read_real' be a function, leading to invalid input such as:
%a:nan:1:3:nan(:
to be accepted.
Address the issue by renaming the 'err' variable in 'verify_input' to
'errx', causing such input to be correctly rejected:
error: ./tst-scanf-format-skeleton.c:242: input line 1: input data format error
No test case added as it's a test case issue in the first place.
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Verify that . input is rejected by 'f' conversion (and its uppercase
counterpart). Replace 0 input with .0 rather than adding new one,
because the integral part of 0 is already covered by 0.0 data, so
there's no need to keep this duplication.
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Verify that . input is rejected by 'e' conversion (and its uppercase
counterpart). Replace 0e0 input with .0e0 rather than adding new one,
because 0 significand is already covered by 0e+0 data, so there's no
need to keep this duplication.
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Verify that 0x. input is rejected by 'a' and 'g' conversions (and their
uppercase counterparts). Replace 0x0p0 input with 0x.0p0 rather than
adding new one, because 0x0 significand is already covered by 0x0p+0
data, so there's no need to keep this duplication.
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Reject invalid formatted scanf real input data the significand part of
which is comprised of a hexadecimal prefix followed by a decimal point
only, optionally preceded by a sign. Such data is a prefix of, but not
a matching input sequence and it is required by ISO C to cause a
matching failure.
Currently a matching success is instead incorrectly produced along with
the conversion result of zero, with data up to and including the decimal
point consumed from input.
Technically this change also causes lone . to be rejected early, though
it doesn't change semantics, because unlike 0x. it's not valid input to
'strtod', etc. so it gets rejected at actual conversion time later on
anyway.
Test cases follow as separate changes.
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Fix a code pattern that repeats across '__vfscanf_internal' where the
remaining field width of 0 is incorrectly interpreted as no width limit,
which in turn results in reading input beyond the limit requested. The
lack of width limit is indicated by the field width of -1 rather than 0,
set earlier on in the function.
The problematic code pattern is used for both integer and floating-point
conversions, but in the former case a corresponding conditional earlier
on prevents the field width from being 0 when executing the pattern. It
does trigger in the latter case, where the decimal point is a multibyte
character or for multibyte digit characters.
Fix the code pattern by using 'width > 0' comparison, and apply the fix
throughout even to code handling integer conversions so as to interpret
the field width consistently and avoid people's confusion even if width
cannot be 0 at those places.
For multibyte digit characters there is an additional issue that causes
code to push back a partially fetched multibyte character multiple times
as execution proceeds through matching data retrieved against individual
digits that have to be rejected due to the field width limit preventing
the rest of the multibyte character from being retrieved. It is because
code relies on 'ungetc' ignoring a request to push back EOF, however in
the out-of-limit field width condition the data held is not EOF but the
previously retrieved character byte instead.
Fix this issue by artificially assigning EOF to the character byte
storage variable where the out-of-limit field width condition prevents
further processing, and also apply the fix throughout except for the
decimal point/thousands separator case, which uses different code.
Add test cases accordingly.
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
We want tcache_key not to be a commonly-occurring value in memory, so ensure
a minimum amount of one and zero bits.
And we need it non-zero, otherwise even if tcache_double_free_verify sets
e->key to 0 before calling __libc_free, it gets called again by __libc_free,
thus looping indefinitely.
Fixes: c968fe5062 ("malloc: Use tailcalls in __libc_free")
On a Linux system you have two sources for locales: glibc and ICU.
ICU offeres a lot more languages than glibc. Especially when it comes to
en_*.
If you have an English system and want to use ISO8601 for date and time
format there is only one locale which can be used for that: en_SE
However ICU offers en_SE and glibc doesn't. If you set LC_TIME=en_SE a
lot of application wont start, because the locale is not known to glibc.
https://sourceware.org/bugzilla/show_bug.cgi?id=33190
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Mike FABIAN <mfabian@redhat.com>
MALLOC_DEBUG only works on locked arenas, so move the call to
check_inuse_chunk from __libc_free() to _int_free_chunk().
Regress now passes if MALLOC_DEBUG is enabled.
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Arenas support huge pages but not transparent huge pages. Add this by
also checking mp_.thp_pagesize when creating a new arena, and use madvise.
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Remove an odd use of __curbrk and use MORECORE (0) instead.
This fixes Hurd build since it doesn't define this symbol.
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Assembler files may want or need to test for predefined macros which are
set via -m* compiler options, so ensure all -m* options in CFLAGS are passed
to ASFLAGS.
Reviewed-by: Florian Weimer <fweimer@redhat.com>
tst-freopen4-main.c issues a warning message:
warning: could not remove temporary file: /tmp/tst-freopen4potgti: No such file or directory
since chroot makes generated temporary directories inaccessible. Add
special rules for tst-freopen4.out and tst-freopen64-4.out to remove
the temporary directory in warning message from tst-freopen4 and
tst-freopen64-4.
This partially fixes BZ #33182.
Signed-off-by: H.J. Lu <hjl.tools@gmail.com>
Reviewed-by: Sam James <sam@gentoo.org>
Revert commit 6463d4a7b2 to fix
FAIL: stdio-common/tst-freopen4-mem
FAIL: stdio-common/tst-freopen64-4-mem
This fixes BZ #33254.
Reviewed-by: Sam James <sam@gentoo.org>
On some file systems iconv do not follow symlinks. This happens because
read_conf_file() function's directory traversal loop reject symbolic
links and then lstat64() call do not follow symlinks.
This commit fixes the directory traversal loop to accept symbolic links
and then follow the link using stat64().
The test works by creating a temporary directory and placing a symbolic
link inside it that points to a configuration file. It then runs
iconvconfig on this directory.
The test passes if iconvconfig successfully follows the symlink and
generates the cache correctly, confirming that the directory traversal
logic now properly handles symbolic links.
Signed-off-by: Avinal Kumar <avinal.xlvii@gmail.com>
Co-authored-by: Adhemerval Zanella Netto <adhemerval.zanella@linaro.org>
Reviewed-by: Adhemerval Zanella Netto <adhemerval.zanella@linaro.org>
The copy_file_range system call seems to be the only one that can
return an off64_t value. Use FUSE to exercise this, without actually
creating such large files or copying any data. Due to FUSE protocol
limitations, only sizes up to UINT_MAX can be tested, but this is
sufficient to check for the presence of bug 33245.
The FUSE protocol limitations are raised here:
copy_file_range return value on FUSE
<https://lore.kernel.org/all/lhuh5ynl8z5.fsf@oldenburg.str.redhat.com/>
Reviewed-by: Sam James <sam@gentoo.org>
Reviewed-by: Collin Funk <collin.funk1@gmail.com>
Commit 10a66a8e42 ("Remove <libc-tsd.h>") removed the TLS initial-exec
(IE) model attribute from the __libc_tsd_CTYPE_* thread variable declarations
and definitions. Commit a894f04d87 ("Optimize __libc_tsd_* thread
variable access") restored it on declarations.
Restore the TLS initial-exec model attribute on __libc_tsd_CTYPE_* thread
variable definitions.
This resolves test tst-locale1 failure on s390 32-bit, when using a
GNU linker without the fix from GNU binutils commit aefebe82dc89
("IBM zSystems: Fix offset relative to static TLS").
Reviewed-by: Florian Weimer <fweimer@redhat.com>
Update tst-env-setuid.c to delete LD_DEBUG_OUTPUT output, instead of
leaving it behind.
This partially fixes BZ #33182.
Signed-off-by: H.J. Lu <hjl.tools@gmail.com>
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Update tst-freopen4-main.c to call support_capture_subprocess with chroot,
which makes temporary files inaccessible, so that temporary files can be
deleted.
This partially fixes BZ #33182.
Signed-off-by: H.J. Lu <hjl.tools@gmail.com>
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Update tst-fopen-threaded.c to call support_create_temp_directory to
create a temporary directory and open "file" in the temporary directory,
instead of using /tmp/openclosetest and leaving it behind.
This partially fixes BZ #33182.
Signed-off-by: H.J. Lu <hjl.tools@gmail.com>
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Call support_delete_temp_files to delete temporary files before exit in
support_subprocess.
This partially fixes BZ #33182.
Signed-off-by: H.J. Lu <hjl.tools@gmail.com>
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
The select function, fd_set, and FD_* macros were standardized by POSIX
in the sys/select.h header. They are still defined in sys/types.h if
__USE_MISC is defined, but we should recommend the more portable and
standardized sys/select.h.
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
The original example works on glibc since sys/time.h includes
sys/select.h. However, since POSIX requires that select is defined in
sys/select.h this change makes the example more portable.
Reported by Gavin Smith <gavinsmith0123@gmail.com> in:
<https://lists.gnu.org/archive/html/bug-texinfo/2025-07/msg00091.html>.
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
The getsubopt function was an XSI extension since POSIX issue 4 until it
was added to Base in POSIX Issue 7. This also adds the 'restrict'
qualifier to the arguments as done in POSIX.1-2024, and has been the
case in glibc.
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Secure mode is enabled only if SGID actually provides a new privilege,
so we have to drop it before gaining it again.
Fixes commit 3a3fb2ed83
("Fix error reporting (false negatives) in SGID tests")
Cleanup sysmalloc_mmap - simplify padding since it is always a constant.
Remove av parameter which is only used in do_check_chunk, but since it may be
NULL for mmap, it will cause a crash in checking mode. Remove the odd check
on mmap in do_check_chunk.
Reviewed-by: DJ Delorie <dj@redhat.com>
Change checked_request2size to return SIZE_MAX for huge inputs. This
ensures large allocation requests stay large and can't be confused with a
small allocation. As a result several existing checks against PTRDIFF_MAX
become redundant.
Reviewed-by: DJ Delorie <dj@redhat.com>
Wilco Dijkstra
Maciej W. Rozycki
Samuel Thibault
Andreas Schneider
Sachin Monga
H.J. Lu
Avinal Kumar
Florian Weimer
Jens Remus
Collin Funk
Luca Boccassi