From: Koen Vandeputte Date: Thu, 22 Dec 2016 16:17:04 +0000 (+0100) Subject: musl: backport various post-1.1.15 fixes X-Git-Tag: v17.01.0-rc1~362 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=2912f9f2a2e5997df069d38e20d85ff4cc51acef;p=oweals%2Fopenwrt.git musl: backport various post-1.1.15 fixes Backport most important fixes up to latest HEAD - Taken post-commit reverts/fixes into account Compile tested Run-tested on cns3xxx & imx6 targets Signed-off-by: Koen Vandeputte --- diff --git a/toolchain/musl/patches/005-fix-asctime-day-month-names-not-to-vary-by-locale.patch b/toolchain/musl/patches/005-fix-asctime-day-month-names-not-to-vary-by-locale.patch new file mode 100644 index 0000000000..c0e0238171 --- /dev/null +++ b/toolchain/musl/patches/005-fix-asctime-day-month-names-not-to-vary-by-locale.patch @@ -0,0 +1,41 @@ +From 6399fa9d29ea83de4735680b77d457bd59606532 Mon Sep 17 00:00:00 2001 +From: Rich Felker +Date: Thu, 7 Jul 2016 16:51:37 -0400 +Subject: fix asctime day/month names not to vary by locale + +the FIXME comment here was overlooked at the time locale support was +added. +--- + src/time/__asctime.c | 9 ++++----- + 1 file changed, 4 insertions(+), 5 deletions(-) + +diff --git a/src/time/__asctime.c b/src/time/__asctime.c +index e7e7f07..f114dfe 100644 +--- a/src/time/__asctime.c ++++ b/src/time/__asctime.c +@@ -1,17 +1,16 @@ + #include + #include + #include ++#include "locale_impl.h" + #include "atomic.h" + +-const char *__nl_langinfo(nl_item); ++const char *__nl_langinfo_l(nl_item, locale_t); + + char *__asctime(const struct tm *restrict tm, char *restrict buf) + { +- /* FIXME: change __nl_langinfo to __nl_langinfo_l with explicit C +- * locale once we have locales */ + if (snprintf(buf, 26, "%.3s %.3s%3d %.2d:%.2d:%.2d %d\n", +- __nl_langinfo(ABDAY_1+tm->tm_wday), +- __nl_langinfo(ABMON_1+tm->tm_mon), ++ __nl_langinfo_l(ABDAY_1+tm->tm_wday, C_LOCALE), ++ __nl_langinfo_l(ABMON_1+tm->tm_mon, C_LOCALE), + tm->tm_mday, tm->tm_hour, + tm->tm_min, tm->tm_sec, + 1900 + tm->tm_year) >= 26) +-- +cgit v0.11.2 + + diff --git a/toolchain/musl/patches/015-fix-pread-pwrite-syscall-calling-convention-on-sh.patch b/toolchain/musl/patches/015-fix-pread-pwrite-syscall-calling-convention-on-sh.patch new file mode 100644 index 0000000000..b4b20d8ae2 --- /dev/null +++ b/toolchain/musl/patches/015-fix-pread-pwrite-syscall-calling-convention-on-sh.patch @@ -0,0 +1,71 @@ +From 7cc3a28eed7e3b72a1ce4568fb55154bb0540726 Mon Sep 17 00:00:00 2001 +From: Rich Felker +Date: Thu, 11 Aug 2016 18:36:46 -0400 +Subject: fix pread/pwrite syscall calling convention on sh + +despite sh not generally using register-pair alignment for 64-bit +syscall arguments, there are arch-specific versions of the syscall +entry points for pread and pwrite which include a dummy argument for +alignment before the 64-bit offset argument. +--- + arch/sh/syscall_arch.h | 1 + + src/internal/syscall.h | 4 ++++ + src/unistd/pread.c | 2 +- + src/unistd/pwrite.c | 2 +- + 4 files changed, 7 insertions(+), 2 deletions(-) + +diff --git a/arch/sh/syscall_arch.h b/arch/sh/syscall_arch.h +index f63675a..84758fe 100644 +--- a/arch/sh/syscall_arch.h ++++ b/arch/sh/syscall_arch.h +@@ -2,6 +2,7 @@ + ((union { long long ll; long l[2]; }){ .ll = x }).l[0], \ + ((union { long long ll; long l[2]; }){ .ll = x }).l[1] + #define __SYSCALL_LL_O(x) __SYSCALL_LL_E((x)) ++#define __SYSCALL_LL_PRW(x) 0, __SYSCALL_LL_E((x)) + + /* The extra OR instructions are to work around a hardware bug: + * http://documentation.renesas.com/doc/products/mpumcu/tu/tnsh7456ae.pdf +diff --git a/src/internal/syscall.h b/src/internal/syscall.h +index ff3cf53..6d378a8 100644 +--- a/src/internal/syscall.h ++++ b/src/internal/syscall.h +@@ -12,6 +12,10 @@ + #define SYSCALL_MMAP2_UNIT 4096ULL + #endif + ++#ifndef __SYSCALL_LL_PRW ++#define __SYSCALL_LL_PRW(x) __SYSCALL_LL_O(x) ++#endif ++ + #ifndef __scc + #define __scc(X) ((long) (X)) + typedef long syscall_arg_t; +diff --git a/src/unistd/pread.c b/src/unistd/pread.c +index 3d2799f..5483eb9 100644 +--- a/src/unistd/pread.c ++++ b/src/unistd/pread.c +@@ -4,7 +4,7 @@ + + ssize_t pread(int fd, void *buf, size_t size, off_t ofs) + { +- return syscall_cp(SYS_pread, fd, buf, size, __SYSCALL_LL_O(ofs)); ++ return syscall_cp(SYS_pread, fd, buf, size, __SYSCALL_LL_PRW(ofs)); + } + + LFS64(pread); +diff --git a/src/unistd/pwrite.c b/src/unistd/pwrite.c +index bbe4c34..4bf3d7d 100644 +--- a/src/unistd/pwrite.c ++++ b/src/unistd/pwrite.c +@@ -4,7 +4,7 @@ + + ssize_t pwrite(int fd, const void *buf, size_t size, off_t ofs) + { +- return syscall_cp(SYS_pwrite, fd, buf, size, __SYSCALL_LL_O(ofs)); ++ return syscall_cp(SYS_pwrite, fd, buf, size, __SYSCALL_LL_PRW(ofs)); + } + + LFS64(pwrite); +-- +cgit v0.11.2 diff --git a/toolchain/musl/patches/020-verify-that-ttyname-refers-to-the-same-file-as-the-fd.patch b/toolchain/musl/patches/020-verify-that-ttyname-refers-to-the-same-file-as-the-fd.patch new file mode 100644 index 0000000000..d9cd0b397b --- /dev/null +++ b/toolchain/musl/patches/020-verify-that-ttyname-refers-to-the-same-file-as-the-fd.patch @@ -0,0 +1,49 @@ +From 0a950dcf15bb9f7274c804dca490e9e20e475f3e Mon Sep 17 00:00:00 2001 +From: Szabolcs Nagy +Date: Sat, 20 Aug 2016 21:04:31 +0200 +Subject: verify that ttyname refers to the same file as the fd + +linux containers use separate mount namespace so the /proc +symlink might not point to the right device if the fd was +opened in the parent namespace, in this case return ENOENT. +--- + src/unistd/ttyname_r.c | 15 +++++++++++---- + 1 file changed, 11 insertions(+), 4 deletions(-) + +diff --git a/src/unistd/ttyname_r.c b/src/unistd/ttyname_r.c +index 8bac7b2..a38ba4f 100644 +--- a/src/unistd/ttyname_r.c ++++ b/src/unistd/ttyname_r.c +@@ -1,10 +1,12 @@ + #include + #include ++#include + + void __procfdname(char *, unsigned); + + int ttyname_r(int fd, char *name, size_t size) + { ++ struct stat st1, st2; + char procname[sizeof "/proc/self/fd/" + 3*sizeof(int) + 2]; + ssize_t l; + +@@ -15,8 +17,13 @@ int ttyname_r(int fd, char *name, size_t size) + + if (l < 0) return errno; + else if (l == size) return ERANGE; +- else { +- name[l] = 0; +- return 0; +- } ++ ++ name[l] = 0; ++ ++ if (stat(name, &st1) || fstat(fd, &st2)) ++ return errno; ++ if (st1.st_dev != st2.st_dev || st1.st_ino != st2.st_ino) ++ return ENOENT; ++ ++ return 0; + } +-- +cgit v0.11.2 diff --git a/toolchain/musl/patches/025-fix-ffsync-by-changing-it-to-osync.patch b/toolchain/musl/patches/025-fix-ffsync-by-changing-it-to-osync.patch new file mode 100644 index 0000000000..fc7334d512 --- /dev/null +++ b/toolchain/musl/patches/025-fix-ffsync-by-changing-it-to-osync.patch @@ -0,0 +1,25 @@ +From c1f4ed150137d793c9d07356305a89e8785e7e02 Mon Sep 17 00:00:00 2001 +From: Duncan Overbruck +Date: Thu, 18 Aug 2016 17:06:16 +0200 +Subject: fix FFSYNC by changing it to O_SYNC + +O_FSYNC was never defined and is legacy/wrong, nothing seems to use it. +--- + include/fcntl.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/include/fcntl.h b/include/fcntl.h +index e683e4d..0e165ca 100644 +--- a/include/fcntl.h ++++ b/include/fcntl.h +@@ -99,7 +99,7 @@ int posix_fallocate(int, off_t, off_t); + #define AT_EMPTY_PATH 0x1000 + + #define FAPPEND O_APPEND +-#define FFSYNC O_FSYNC ++#define FFSYNC O_SYNC + #define FASYNC O_ASYNC + #define FNONBLOCK O_NONBLOCK + #define FNDELAY O_NDELAY +-- +cgit v0.11.2 diff --git a/toolchain/musl/patches/028-fix-printf-regression-with-alt-form-octal-zero-flag-and-field-width.patch b/toolchain/musl/patches/028-fix-printf-regression-with-alt-form-octal-zero-flag-and-field-width.patch new file mode 100644 index 0000000000..aa0c2cfdd6 --- /dev/null +++ b/toolchain/musl/patches/028-fix-printf-regression-with-alt-form-octal-zero-flag-and-field-width.patch @@ -0,0 +1,31 @@ +From 78897b0dc00b7cd5c29af5e0b7eebf2396d8dce0 Mon Sep 17 00:00:00 2001 +From: Rich Felker +Date: Fri, 16 Sep 2016 17:40:08 -0400 +Subject: fix printf regression with alt-form octal, zero flag, and field width + +commit b91cdbe2bc8b626aa04dc6e3e84345accf34e4b1, in fixing another +issue, changed the logic for how alt-form octal adds the leading zero +to adjust the precision rather than using a prefix character. this +wrongly suppressed the zero flag by mimicing an explicit precision +given by the format string. switch back to using a prefix character. + +based on bug report and patch by Dmitry V. Levin, but simplified. +--- + src/stdio/vfprintf.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/stdio/vfprintf.c b/src/stdio/vfprintf.c +index 2ecf769..e439a07 100644 +--- a/src/stdio/vfprintf.c ++++ b/src/stdio/vfprintf.c +@@ -570,7 +570,7 @@ static int printf_core(FILE *f, const char *fmt, va_list *ap, union arg *nl_arg, + if (0) { + case 'o': + a = fmt_o(arg.i, z); +- if ((fl&ALT_FORM) && p +Date: Fri, 16 Sep 2016 13:34:24 -0400 +Subject: fix ifru_data and ifcu_buf types in net/if.h + +glibc, freebsd, and openbsd use character pointers (caddr_t) for +these fields. only linux uses void pointer for the ifru_data type. +--- + include/net/if.h | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/include/net/if.h b/include/net/if.h +index 1a4059d..2f2fcc1 100644 +--- a/include/net/if.h ++++ b/include/net/if.h +@@ -89,7 +89,7 @@ struct ifreq { + struct ifmap ifru_map; + char ifru_slave[IFNAMSIZ]; + char ifru_newname[IFNAMSIZ]; +- void *ifru_data; ++ char *ifru_data; + } ifr_ifru; + }; + +@@ -116,7 +116,7 @@ struct ifreq { + struct ifconf { + int ifc_len; + union { +- void *ifcu_buf; ++ char *ifcu_buf; + struct ifreq *ifcu_req; + } ifc_ifcu; + }; +-- +cgit v0.11.2 diff --git a/toolchain/musl/patches/030-fix-if_indextoname-error-case.patch b/toolchain/musl/patches/030-fix-if_indextoname-error-case.patch new file mode 100644 index 0000000000..d680d4eb3f --- /dev/null +++ b/toolchain/musl/patches/030-fix-if_indextoname-error-case.patch @@ -0,0 +1,36 @@ +From 32055d52ca43d867d6dbb763dc5213a8d3536a23 Mon Sep 17 00:00:00 2001 +From: Daniel Sabogal +Date: Thu, 15 Sep 2016 11:27:30 -0400 +Subject: fix if_indextoname error case + +posix requires errno to be set to ENXIO if the interface does not exist. +linux returns ENODEV instead so we handle this. +--- + src/network/if_indextoname.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/src/network/if_indextoname.c b/src/network/if_indextoname.c +index 6ee7f13..3b368bf 100644 +--- a/src/network/if_indextoname.c ++++ b/src/network/if_indextoname.c +@@ -3,6 +3,7 @@ + #include + #include + #include ++#include + #include "syscall.h" + + char *if_indextoname(unsigned index, char *name) +@@ -14,5 +15,9 @@ char *if_indextoname(unsigned index, char *name) + ifr.ifr_ifindex = index; + r = ioctl(fd, SIOCGIFNAME, &ifr); + __syscall(SYS_close, fd); +- return r < 0 ? 0 : strncpy(name, ifr.ifr_name, IF_NAMESIZE); ++ if (r < 0) { ++ if (errno == ENODEV) errno = ENXIO; ++ return 0; ++ } ++ return strncpy(name, ifr.ifr_name, IF_NAMESIZE); + } +-- +cgit v0.11.2 diff --git a/toolchain/musl/patches/031-add-missing-unlocked-and-wcsftime_l-prototypes-to-wchar-header.patch b/toolchain/musl/patches/031-add-missing-unlocked-and-wcsftime_l-prototypes-to-wchar-header.patch new file mode 100644 index 0000000000..077afe8a68 --- /dev/null +++ b/toolchain/musl/patches/031-add-missing-unlocked-and-wcsftime_l-prototypes-to-wchar-header.patch @@ -0,0 +1,38 @@ +From 5505f6afae9acf37ef565c68a07ca3df7b1ae2cb Mon Sep 17 00:00:00 2001 +From: Daniel Sabogal +Date: Fri, 9 Sep 2016 21:23:17 -0400 +Subject: add missing *_unlocked and wcsftime_l prototypes to wchar.h + +these functions had been implemented, but prototypes were not made available +--- + include/wchar.h | 15 +++++++++++++++ + 1 file changed, 15 insertions(+) + +diff --git a/include/wchar.h b/include/wchar.h +index 0167dce..3e6db5f 100644 +--- a/include/wchar.h ++++ b/include/wchar.h +@@ -136,6 +136,21 @@ size_t wcsftime (wchar_t *__restrict, size_t, const wchar_t *__restrict, const s + + #undef iswdigit + ++#if defined(_GNU_SOURCE) ++wint_t fgetwc_unlocked (FILE *); ++wint_t getwc_unlocked (FILE *); ++wint_t getwchar_unlocked (void); ++wint_t fputwc_unlocked (wchar_t, FILE *); ++wint_t putwc_unlocked (wchar_t, FILE *); ++wint_t putwchar_unlocked (wchar_t); ++wchar_t *fgetws_unlocked (wchar_t *__restrict, int, FILE *__restrict); ++int fputws_unlocked (const wchar_t *__restrict, FILE *__restrict); ++#endif ++ ++#if defined(_GNU_SOURCE) || defined(_BSD_SOURCE) ++size_t wcsftime_l (wchar_t *__restrict, size_t, const wchar_t *__restrict, const struct tm *__restrict, locale_t); ++#endif ++ + #if defined(_POSIX_SOURCE) || defined(_POSIX_C_SOURCE) \ + || defined(_XOPEN_SOURCE) || defined(_GNU_SOURCE) || defined(_BSD_SOURCE) + FILE *open_wmemstream(wchar_t **, size_t *); +-- +cgit v0.11.2 diff --git a/toolchain/musl/patches/033-fix-undefined-behavior-in-sched.h-cpu_set_t-usage.patch b/toolchain/musl/patches/033-fix-undefined-behavior-in-sched.h-cpu_set_t-usage.patch new file mode 100644 index 0000000000..c634d59e4b --- /dev/null +++ b/toolchain/musl/patches/033-fix-undefined-behavior-in-sched.h-cpu_set_t-usage.patch @@ -0,0 +1,43 @@ +From 66570ec9c465e3c6c5d6dbd7dd42e45041a39288 Mon Sep 17 00:00:00 2001 +From: Rich Felker +Date: Mon, 19 Sep 2016 11:15:51 -0400 +Subject: fix undefined behavior in sched.h cpu_set_t usage + +since cpu sets can be dynamically allocated and have variable size, +accessing their contents via ->__bits is not valid; performing pointer +arithmetic outside the range of the size of the declared __bits array +results in undefined beahavior. instead, only use cpu_set_t for +fixed-size cpu set objects (instantiated by the caller) and as an +abstract pointer type for dynamically allocated ones. perform all +accesses simply by casting the abstract pointer type cpuset_t * back +to unsigned long *. +--- + include/sched.h | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/include/sched.h b/include/sched.h +index af82d6c..d1cccb7 100644 +--- a/include/sched.h ++++ b/include/sched.h +@@ -82,7 +82,7 @@ int sched_getaffinity(pid_t, size_t, cpu_set_t *); + int sched_setaffinity(pid_t, size_t, const cpu_set_t *); + + #define __CPU_op_S(i, size, set, op) ( (i)/8U >= (size) ? 0 : \ +- ((set)->__bits[(i)/8/sizeof(long)] op (1UL<<((i)%(8*sizeof(long))))) ) ++ (((unsigned long *)(set))[(i)/8/sizeof(long)] op (1UL<<((i)%(8*sizeof(long))))) ) + + #define CPU_SET_S(i, size, set) __CPU_op_S(i, size, set, |=) + #define CPU_CLR_S(i, size, set) __CPU_op_S(i, size, set, &=~) +@@ -94,8 +94,8 @@ static __inline void __CPU_##func##_S(size_t __size, cpu_set_t *__dest, \ + { \ + size_t __i; \ + for (__i=0; __i<__size/sizeof(long); __i++) \ +- __dest->__bits[__i] = __src1->__bits[__i] \ +- op __src2->__bits[__i] ; \ ++ ((unsigned long *)__dest)[__i] = ((unsigned long *)__src1)[__i] \ ++ op ((unsigned long *)__src2)[__i] ; \ + } + + __CPU_op_func_S(AND, &) +-- +cgit v0.11.2 diff --git a/toolchain/musl/patches/035-fix-getservby_r-result-pointer-value-on-error.patch b/toolchain/musl/patches/035-fix-getservby_r-result-pointer-value-on-error.patch new file mode 100644 index 0000000000..67d9c7a4d4 --- /dev/null +++ b/toolchain/musl/patches/035-fix-getservby_r-result-pointer-value-on-error.patch @@ -0,0 +1,41 @@ +From 8d7a3f40c8de414122eb8eb2131291782ee8ed15 Mon Sep 17 00:00:00 2001 +From: Daniel Sabogal +Date: Fri, 23 Sep 2016 21:10:07 -0400 +Subject: fix getservby*_r result pointer value on error + +this is a clone of the fix to the gethostby*_r functions in +commit fe82bb9b921be34370e6b71a1c6f062c20999ae0. the man pages +document that the getservby*_r functions set this pointer to +NULL if there was an error or if no record was found. +--- + src/network/getservbyname_r.c | 2 ++ + src/network/getservbyport_r.c | 1 + + 2 files changed, 3 insertions(+) + +diff --git a/src/network/getservbyname_r.c b/src/network/getservbyname_r.c +index 056c2f3..ad3d616 100644 +--- a/src/network/getservbyname_r.c ++++ b/src/network/getservbyname_r.c +@@ -15,6 +15,8 @@ int getservbyname_r(const char *name, const char *prots, + struct service servs[MAXSERVS]; + int cnt, proto, align; + ++ *res = 0; ++ + /* Align buffer */ + align = -(uintptr_t)buf & ALIGN-1; + if (buflen < 2*sizeof(char *)+align) +diff --git a/src/network/getservbyport_r.c b/src/network/getservbyport_r.c +index a0a7cae..0ae0e41 100644 +--- a/src/network/getservbyport_r.c ++++ b/src/network/getservbyport_r.c +@@ -20,6 +20,7 @@ int getservbyport_r(int port, const char *prots, + if (r) r = getservbyport_r(port, "udp", se, buf, buflen, res); + return r; + } ++ *res = 0; + + /* Align buffer */ + i = (uintptr_t)buf & sizeof(char *)-1; +-- +cgit v0.11.2 diff --git a/toolchain/musl/patches/036-fix-strftime-y-for-negative-tm_year.patch b/toolchain/musl/patches/036-fix-strftime-y-for-negative-tm_year.patch new file mode 100644 index 0000000000..1f7ad5b8e1 --- /dev/null +++ b/toolchain/musl/patches/036-fix-strftime-y-for-negative-tm_year.patch @@ -0,0 +1,23 @@ +From 583ea83541dcc6481c7a1bd1a9b485526bad84a1 Mon Sep 17 00:00:00 2001 +From: Szabolcs Nagy +Date: Tue, 4 Oct 2016 17:14:57 +0000 +Subject: fix strftime %y for negative tm_year + +--- + src/time/strftime.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/time/strftime.c b/src/time/strftime.c +index f1ccc4d..e103e02 100644 +--- a/src/time/strftime.c ++++ b/src/time/strftime.c +@@ -167,6 +167,7 @@ const char *__strftime_fmt_1(char (*s)[100], size_t *l, int f, const struct tm * + goto nl_strftime; + case 'y': + val = tm->tm_year % 100; ++ if (val<0) val += 100; + goto number; + case 'Y': + val = tm->tm_year + 1900LL; +-- +cgit v0.11.2 diff --git a/toolchain/musl/patches/037-fix-missing-integer-overflow-checks-in-regexec-buffer-size-computations.patch b/toolchain/musl/patches/037-fix-missing-integer-overflow-checks-in-regexec-buffer-size-computations.patch new file mode 100644 index 0000000000..9d6e47572a --- /dev/null +++ b/toolchain/musl/patches/037-fix-missing-integer-overflow-checks-in-regexec-buffer-size-computations.patch @@ -0,0 +1,72 @@ +From c3edc06d1e1360f3570db9155d6b318ae0d0f0f7 Mon Sep 17 00:00:00 2001 +From: Rich Felker +Date: Thu, 6 Oct 2016 18:34:58 -0400 +Subject: fix missing integer overflow checks in regexec buffer size + computations + +most of the possible overflows were already ruled out in practice by +regcomp having already succeeded performing larger allocations. +however at least the num_states*num_tags multiplication can clearly +overflow in practice. for safety, check them all, and use the proper +type, size_t, rather than int. + +also improve comments, use calloc in place of malloc+memset, and +remove bogus casts. +--- + src/regex/regexec.c | 23 ++++++++++++++++++----- + 1 file changed, 18 insertions(+), 5 deletions(-) + +diff --git a/src/regex/regexec.c b/src/regex/regexec.c +index 16c5d0a..dd52319 100644 +--- a/src/regex/regexec.c ++++ b/src/regex/regexec.c +@@ -34,6 +34,7 @@ + #include + #include + #include ++#include + + #include + +@@ -206,11 +207,24 @@ tre_tnfa_run_parallel(const tre_tnfa_t *tnfa, const void *string, + + /* Allocate memory for temporary data required for matching. This needs to + be done for every matching operation to be thread safe. This allocates +- everything in a single large block from the stack frame using alloca() +- or with malloc() if alloca is unavailable. */ ++ everything in a single large block with calloc(). */ + { +- int tbytes, rbytes, pbytes, xbytes, total_bytes; ++ size_t tbytes, rbytes, pbytes, xbytes, total_bytes; + char *tmp_buf; ++ ++ /* Ensure that tbytes and xbytes*num_states cannot overflow, and that ++ * they don't contribute more than 1/8 of SIZE_MAX to total_bytes. */ ++ if (num_tags > SIZE_MAX/(8 * sizeof(int) * tnfa->num_states)) ++ goto error_exit; ++ ++ /* Likewise check rbytes. */ ++ if (tnfa->num_states+1 > SIZE_MAX/(8 * sizeof(*reach_next))) ++ goto error_exit; ++ ++ /* Likewise check pbytes. */ ++ if (tnfa->num_states > SIZE_MAX/(8 * sizeof(*reach_pos))) ++ goto error_exit; ++ + /* Compute the length of the block we need. */ + tbytes = sizeof(*tmp_tags) * num_tags; + rbytes = sizeof(*reach_next) * (tnfa->num_states + 1); +@@ -221,10 +235,9 @@ tre_tnfa_run_parallel(const tre_tnfa_t *tnfa, const void *string, + + (rbytes + xbytes * tnfa->num_states) * 2 + tbytes + pbytes; + + /* Allocate the memory. */ +- buf = xmalloc((unsigned)total_bytes); ++ buf = calloc(total_bytes, 1); + if (buf == NULL) + return REG_ESPACE; +- memset(buf, 0, (size_t)total_bytes); + + /* Get the various pointers within tmp_buf (properly aligned). */ + tmp_tags = (void *)buf; +-- +cgit v0.11.2 diff --git a/toolchain/musl/patches/038-fix-regexec-with-haystack-strings-longer-than-int_max.patch b/toolchain/musl/patches/038-fix-regexec-with-haystack-strings-longer-than-int_max.patch new file mode 100644 index 0000000000..a936892174 --- /dev/null +++ b/toolchain/musl/patches/038-fix-regexec-with-haystack-strings-longer-than-int_max.patch @@ -0,0 +1,189 @@ +From aee6abb2400b9a955c2b41166db1c22f63ad42ef Mon Sep 17 00:00:00 2001 +From: Rich Felker +Date: Thu, 6 Oct 2016 12:15:47 -0400 +Subject: fix regexec with haystack strings longer than INT_MAX + +we inherited from TRE regexec code that's utterly wrong with respect +to the integer types it's using. while it doesn't appear that +compilers are producing unsafe output, signed integer overflows seem +to happen, and regexec fails to find matches past offset INT_MAX. + +this patch fixes the type of all variables/fields used to store +offsets in the string from int to regoff_t. after the changes, basic +testing showed that regexec can now find matches past 2GB (INT_MAX) +and past 4GB on x86_64, and code generation is unchanged on i386. +--- + src/regex/regexec.c | 54 +++++++++++++++++++++++++++-------------------------- + 1 file changed, 28 insertions(+), 26 deletions(-) + +diff --git a/src/regex/regexec.c b/src/regex/regexec.c +index dd52319..5c4cb92 100644 +--- a/src/regex/regexec.c ++++ b/src/regex/regexec.c +@@ -44,7 +44,7 @@ + + static void + tre_fill_pmatch(size_t nmatch, regmatch_t pmatch[], int cflags, +- const tre_tnfa_t *tnfa, int *tags, int match_eo); ++ const tre_tnfa_t *tnfa, regoff_t *tags, regoff_t match_eo); + + /*********************************************************************** + from tre-match-utils.h +@@ -97,7 +97,7 @@ tre_fill_pmatch(size_t nmatch, regmatch_t pmatch[], int cflags, + /* Returns 1 if `t1' wins `t2', 0 otherwise. */ + static int + tre_tag_order(int num_tags, tre_tag_direction_t *tag_directions, +- int *t1, int *t2) ++ regoff_t *t1, regoff_t *t2) + { + int i; + for (i = 0; i < num_tags; i++) +@@ -157,25 +157,25 @@ tre_neg_char_classes_match(tre_ctype_t *classes, tre_cint_t wc, int icase) + + typedef struct { + tre_tnfa_transition_t *state; +- int *tags; ++ regoff_t *tags; + } tre_tnfa_reach_t; + + typedef struct { +- int pos; +- int **tags; ++ regoff_t pos; ++ regoff_t **tags; + } tre_reach_pos_t; + + + static reg_errcode_t + tre_tnfa_run_parallel(const tre_tnfa_t *tnfa, const void *string, +- int *match_tags, int eflags, +- int *match_end_ofs) ++ regoff_t *match_tags, int eflags, ++ regoff_t *match_end_ofs) + { + /* State variables required by GET_NEXT_WCHAR. */ + tre_char_t prev_c = 0, next_c = 0; + const char *str_byte = string; +- int pos = -1; +- int pos_add_next = 1; ++ regoff_t pos = -1; ++ regoff_t pos_add_next = 1; + #ifdef TRE_MBSTATE + mbstate_t mbstate; + #endif /* TRE_MBSTATE */ +@@ -191,10 +191,10 @@ tre_tnfa_run_parallel(const tre_tnfa_t *tnfa, const void *string, + int *tag_i; + int num_tags, i; + +- int match_eo = -1; /* end offset of match (-1 if no match found yet) */ ++ regoff_t match_eo = -1; /* end offset of match (-1 if no match found yet) */ + int new_match = 0; +- int *tmp_tags = NULL; +- int *tmp_iptr; ++ regoff_t *tmp_tags = NULL; ++ regoff_t *tmp_iptr; + + #ifdef TRE_MBSTATE + memset(&mbstate, '\0', sizeof(mbstate)); +@@ -214,7 +214,7 @@ tre_tnfa_run_parallel(const tre_tnfa_t *tnfa, const void *string, + + /* Ensure that tbytes and xbytes*num_states cannot overflow, and that + * they don't contribute more than 1/8 of SIZE_MAX to total_bytes. */ +- if (num_tags > SIZE_MAX/(8 * sizeof(int) * tnfa->num_states)) ++ if (num_tags > SIZE_MAX/(8 * sizeof(regoff_t) * tnfa->num_states)) + goto error_exit; + + /* Likewise check rbytes. */ +@@ -229,7 +229,7 @@ tre_tnfa_run_parallel(const tre_tnfa_t *tnfa, const void *string, + tbytes = sizeof(*tmp_tags) * num_tags; + rbytes = sizeof(*reach_next) * (tnfa->num_states + 1); + pbytes = sizeof(*reach_pos) * tnfa->num_states; +- xbytes = sizeof(int) * num_tags; ++ xbytes = sizeof(regoff_t) * num_tags; + total_bytes = + (sizeof(long) - 1) * 4 /* for alignment paddings */ + + (rbytes + xbytes * tnfa->num_states) * 2 + tbytes + pbytes; +@@ -490,12 +490,12 @@ error_exit: + */ + + typedef struct { +- int pos; ++ regoff_t pos; + const char *str_byte; + tre_tnfa_transition_t *state; + int state_id; + int next_c; +- int *tags; ++ regoff_t *tags; + #ifdef TRE_MBSTATE + mbstate_t mbstate; + #endif /* TRE_MBSTATE */ +@@ -591,13 +591,13 @@ typedef struct tre_backtrack_struct { + + static reg_errcode_t + tre_tnfa_run_backtrack(const tre_tnfa_t *tnfa, const void *string, +- int *match_tags, int eflags, int *match_end_ofs) ++ regoff_t *match_tags, int eflags, regoff_t *match_end_ofs) + { + /* State variables required by GET_NEXT_WCHAR. */ + tre_char_t prev_c = 0, next_c = 0; + const char *str_byte = string; +- int pos = 0; +- int pos_add_next = 1; ++ regoff_t pos = 0; ++ regoff_t pos_add_next = 1; + #ifdef TRE_MBSTATE + mbstate_t mbstate; + #endif /* TRE_MBSTATE */ +@@ -610,15 +610,16 @@ tre_tnfa_run_backtrack(const tre_tnfa_t *tnfa, const void *string, + started from. */ + int next_c_start; + const char *str_byte_start; +- int pos_start = -1; ++ regoff_t pos_start = -1; + #ifdef TRE_MBSTATE + mbstate_t mbstate_start; + #endif /* TRE_MBSTATE */ + + /* End offset of best match so far, or -1 if no match found yet. */ +- int match_eo = -1; ++ regoff_t match_eo = -1; + /* Tag arrays. */ +- int *next_tags, *tags = NULL; ++ int *next_tags; ++ regoff_t *tags = NULL; + /* Current TNFA state. */ + tre_tnfa_transition_t *state; + int *states_seen = NULL; +@@ -768,8 +769,9 @@ tre_tnfa_run_backtrack(const tre_tnfa_t *tnfa, const void *string, + /* This is a back reference state. All transitions leaving from + this state have the same back reference "assertion". Instead + of reading the next character, we match the back reference. */ +- int so, eo, bt = trans_i->u.backref; +- int bt_len; ++ regoff_t so, eo; ++ int bt = trans_i->u.backref; ++ regoff_t bt_len; + int result; + + /* Get the substring we need to match against. Remember to +@@ -926,7 +928,7 @@ tre_tnfa_run_backtrack(const tre_tnfa_t *tnfa, const void *string, + endpoint values. */ + static void + tre_fill_pmatch(size_t nmatch, regmatch_t pmatch[], int cflags, +- const tre_tnfa_t *tnfa, int *tags, int match_eo) ++ const tre_tnfa_t *tnfa, regoff_t *tags, regoff_t match_eo) + { + tre_submatch_data_t *submatch_data; + unsigned int i, j; +@@ -996,7 +998,7 @@ regexec(const regex_t *restrict preg, const char *restrict string, + { + tre_tnfa_t *tnfa = (void *)preg->TRE_REGEX_T_FIELD; + reg_errcode_t status; +- int *tags = NULL, eo; ++ regoff_t *tags = NULL, eo; + if (tnfa->cflags & REG_NOSUB) nmatch = 0; + if (tnfa->num_tags > 0 && nmatch > 0) + { +-- +cgit v0.11.2 diff --git a/toolchain/musl/patches/039-fix-integer-overflow-in-float-printf-needed-precision-computation.patch b/toolchain/musl/patches/039-fix-integer-overflow-in-float-printf-needed-precision-computation.patch new file mode 100644 index 0000000000..cfbd94f9a4 --- /dev/null +++ b/toolchain/musl/patches/039-fix-integer-overflow-in-float-printf-needed-precision-computation.patch @@ -0,0 +1,35 @@ +From 70d2687d85c314963cf280759b23fd4573ff0d82 Mon Sep 17 00:00:00 2001 +From: Rich Felker +Date: Wed, 19 Oct 2016 20:17:16 -0400 +Subject: fix integer overflow in float printf needed-precision computation + +if the requested precision is close to INT_MAX, adding +LDBL_MANT_DIG/3+8 overflows. in practice the resulting undefined +behavior manifests as a large negative result, which is then used to +compute the new end pointer (z) with a wildly out-of-bounds value +(more overflow, more undefined behavior). the end result is at least +incorrect output and character count (return value); worse things do +not seem to happen, but detailed analysis has not been done. + +this patch fixes the overflow by performing the intermediate +computation as unsigned; after division by 9, the final result +necessarily fits in int. +--- + src/stdio/vfprintf.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/stdio/vfprintf.c b/src/stdio/vfprintf.c +index e439a07..cd17ad7 100644 +--- a/src/stdio/vfprintf.c ++++ b/src/stdio/vfprintf.c +@@ -312,7 +312,7 @@ static int fmt_fp(FILE *f, long double y, int w, int p, int fl, int t) + } + while (e2<0) { + uint32_t carry=0, *b; +- int sh=MIN(9,-e2), need=1+(p+LDBL_MANT_DIG/3+8)/9; ++ int sh=MIN(9,-e2), need=1+(p+LDBL_MANT_DIG/3U+8)/9; + for (d=a; d>sh) + carry; +-- +cgit v0.11.2 diff --git a/toolchain/musl/patches/040-fix-integer-overflows-and-uncaught-eoverflow-in-printf-core.patch b/toolchain/musl/patches/040-fix-integer-overflows-and-uncaught-eoverflow-in-printf-core.patch new file mode 100644 index 0000000000..837fee9181 --- /dev/null +++ b/toolchain/musl/patches/040-fix-integer-overflows-and-uncaught-eoverflow-in-printf-core.patch @@ -0,0 +1,390 @@ +From 167dfe9672c116b315e72e57a55c7769f180dffa Mon Sep 17 00:00:00 2001 +From: Rich Felker +Date: Thu, 20 Oct 2016 00:22:09 -0400 +Subject: fix integer overflows and uncaught EOVERFLOW in printf core + +this patch fixes a large number of missed internal signed-overflow +checks and errors in determining when the return value (output length) +would exceed INT_MAX, which should result in EOVERFLOW. some of the +issues fixed were reported by Alexander Cherepanov; others were found +in subsequent review of the code. + +aside from the signed overflows being undefined behavior, the +following specific bugs were found to exist in practice: + +- overflows computing length of floating point formats with huge + explicit precisions, integer formats with prefix characters and huge + explicit precisions, or string arguments or format strings longer + than INT_MAX, resulted in wrong return value and wrong %n results. + +- literal width and precision values outside the range of int were + misinterpreted, yielding wrong behavior in at least one well-defined + case: string formats with precision greater than INT_MAX were + sometimes truncated. + +- in cases where EOVERFLOW is produced, incorrect values could be + written for %n specifiers past the point of exceeding INT_MAX. + +in addition to fixing these bugs, we now stop producing output +immediately when output length would exceed INT_MAX, rather than +continuing and returning an error only at the end. +--- + src/stdio/vfprintf.c | 72 +++++++++++++++++++++++++++++++++++---------------- + src/stdio/vfwprintf.c | 63 +++++++++++++++++++++++++++----------------- + 2 files changed, 89 insertions(+), 46 deletions(-) + +diff --git a/src/stdio/vfprintf.c b/src/stdio/vfprintf.c +index cd17ad7..e2ab2dc 100644 +--- a/src/stdio/vfprintf.c ++++ b/src/stdio/vfprintf.c +@@ -272,6 +272,8 @@ static int fmt_fp(FILE *f, long double y, int w, int p, int fl, int t) + if (s-buf==1 && (y||p>0||(fl&ALT_FORM))) *s++='.'; + } while (y); + ++ if (p > INT_MAX-2-(ebuf-estr)-pl) ++ return -1; + if (p && s-buf-2 < p) + l = (p+2) + (ebuf-estr); + else +@@ -383,17 +385,22 @@ static int fmt_fp(FILE *f, long double y, int w, int p, int fl, int t) + p = MIN(p,MAX(0,9*(z-r-1)+e-j)); + } + } ++ if (p > INT_MAX-1-(p || (fl&ALT_FORM))) ++ return -1; + l = 1 + p + (p || (fl&ALT_FORM)); + if ((t|32)=='f') { ++ if (e > INT_MAX-l) return -1; + if (e>0) l+=e; + } else { + estr=fmt_u(e<0 ? -e : e, ebuf); + while(ebuf-estr<2) *--estr='0'; + *--estr = (e<0 ? '-' : '+'); + *--estr = t; ++ if (ebuf-estr > INT_MAX-l) return -1; + l += ebuf-estr; + } + ++ if (l > INT_MAX-pl) return -1; + pad(f, ' ', w, pl+l, fl); + out(f, prefix, pl); + pad(f, '0', w, pl+l, fl^ZERO_PAD); +@@ -437,8 +444,10 @@ static int fmt_fp(FILE *f, long double y, int w, int p, int fl, int t) + + static int getint(char **s) { + int i; +- for (i=0; isdigit(**s); (*s)++) +- i = 10*i + (**s-'0'); ++ for (i=0; isdigit(**s); (*s)++) { ++ if (i > INT_MAX/10U || **s-'0' > INT_MAX-10*i) i = -1; ++ else i = 10*i + (**s-'0'); ++ } + return i; + } + +@@ -446,12 +455,12 @@ static int printf_core(FILE *f, const char *fmt, va_list *ap, union arg *nl_arg, + { + char *a, *z, *s=(char *)fmt; + unsigned l10n=0, fl; +- int w, p; ++ int w, p, xp; + union arg arg; + int argpos; + unsigned st, ps; + int cnt=0, l=0; +- int i; ++ size_t i; + char buf[sizeof(uintmax_t)*3+3+LDBL_MANT_DIG/4]; + const char *prefix; + int t, pl; +@@ -459,18 +468,19 @@ static int printf_core(FILE *f, const char *fmt, va_list *ap, union arg *nl_arg, + char mb[4]; + + for (;;) { ++ /* This error is only specified for snprintf, but since it's ++ * unspecified for other forms, do the same. Stop immediately ++ * on overflow; otherwise %n could produce wrong results. */ ++ if (l > INT_MAX - cnt) goto overflow; ++ + /* Update output count, end loop when fmt is exhausted */ +- if (cnt >= 0) { +- if (l > INT_MAX - cnt) { +- errno = EOVERFLOW; +- cnt = -1; +- } else cnt += l; +- } ++ cnt += l; + if (!*s) break; + + /* Handle literal text and %% format specifiers */ + for (a=s; *s && *s!='%'; s++); + for (z=s; s[0]=='%' && s[1]=='%'; z++, s+=2); ++ if (z-a > INT_MAX-cnt) goto overflow; + l = z-a; + if (f) out(f, a, l); + if (l) continue; +@@ -498,9 +508,9 @@ static int printf_core(FILE *f, const char *fmt, va_list *ap, union arg *nl_arg, + } else if (!l10n) { + w = f ? va_arg(*ap, int) : 0; + s++; +- } else return -1; ++ } else goto inval; + if (w<0) fl|=LEFT_ADJ, w=-w; +- } else if ((w=getint(&s))<0) return -1; ++ } else if ((w=getint(&s))<0) goto overflow; + + /* Read precision */ + if (*s=='.' && s[1]=='*') { +@@ -511,24 +521,29 @@ static int printf_core(FILE *f, const char *fmt, va_list *ap, union arg *nl_arg, + } else if (!l10n) { + p = f ? va_arg(*ap, int) : 0; + s+=2; +- } else return -1; ++ } else goto inval; ++ xp = (p>=0); + } else if (*s=='.') { + s++; + p = getint(&s); +- } else p = -1; ++ xp = 1; ++ } else { ++ p = -1; ++ xp = 0; ++ } + + /* Format specifier state machine */ + st=0; + do { +- if (OOB(*s)) return -1; ++ if (OOB(*s)) goto inval; + ps=st; + st=states[st]S(*s++); + } while (st-1=0) return -1; ++ if (argpos>=0) goto inval; + } else { + if (argpos>=0) nl_type[argpos]=st, arg=nl_arg[argpos]; + else if (f) pop_arg(&arg, st, ap); +@@ -584,6 +599,7 @@ static int printf_core(FILE *f, const char *fmt, va_list *ap, union arg *nl_arg, + case 'u': + a = fmt_u(arg.i, z); + } ++ if (xp && p<0) goto overflow; + if (p>=0) fl &= ~ZERO_PAD; + if (!arg.i && !p) { + a=z; +@@ -599,9 +615,9 @@ static int printf_core(FILE *f, const char *fmt, va_list *ap, union arg *nl_arg, + if (1) a = strerror(errno); else + case 's': + a = arg.p ? arg.p : "(null)"; +- z = memchr(a, 0, p); +- if (!z) z=a+p; +- else p=z-a; ++ z = a + strnlen(a, p<0 ? INT_MAX : p); ++ if (p<0 && *z) goto overflow; ++ p = z-a; + fl &= ~ZERO_PAD; + break; + case 'C': +@@ -611,8 +627,9 @@ static int printf_core(FILE *f, const char *fmt, va_list *ap, union arg *nl_arg, + p = -1; + case 'S': + ws = arg.p; +- for (i=l=0; i<0U+p && *ws && (l=wctomb(mb, *ws++))>=0 && l<=0U+p-i; i+=l); ++ for (i=l=0; i

=0 && l<=p-i; i+=l); + if (l<0) return -1; ++ if (i > INT_MAX) goto overflow; + p = i; + pad(f, ' ', w, p, fl); + ws = arg.p; +@@ -623,12 +640,16 @@ static int printf_core(FILE *f, const char *fmt, va_list *ap, union arg *nl_arg, + continue; + case 'e': case 'f': case 'g': case 'a': + case 'E': case 'F': case 'G': case 'A': ++ if (xp && p<0) goto overflow; + l = fmt_fp(f, arg.f, w, p, fl, t); ++ if (l<0) goto overflow; + continue; + } + + if (p < z-a) p = z-a; ++ if (p > INT_MAX-pl) goto overflow; + if (w < pl+p) w = pl+p; ++ if (w > INT_MAX-cnt) goto overflow; + + pad(f, ' ', w, pl+p, fl); + out(f, prefix, pl); +@@ -646,8 +667,15 @@ static int printf_core(FILE *f, const char *fmt, va_list *ap, union arg *nl_arg, + for (i=1; i<=NL_ARGMAX && nl_type[i]; i++) + pop_arg(nl_arg+i, nl_type[i], ap); + for (; i<=NL_ARGMAX && !nl_type[i]; i++); +- if (i<=NL_ARGMAX) return -1; ++ if (i<=NL_ARGMAX) goto inval; + return 1; ++ ++inval: ++ errno = EINVAL; ++ return -1; ++overflow: ++ errno = EOVERFLOW; ++ return -1; + } + + int vfprintf(FILE *restrict f, const char *restrict fmt, va_list ap) +diff --git a/src/stdio/vfwprintf.c b/src/stdio/vfwprintf.c +index f9f1ecf..b8fff20 100644 +--- a/src/stdio/vfwprintf.c ++++ b/src/stdio/vfwprintf.c +@@ -154,8 +154,10 @@ static void out(FILE *f, const wchar_t *s, size_t l) + + static int getint(wchar_t **s) { + int i; +- for (i=0; iswdigit(**s); (*s)++) +- i = 10*i + (**s-'0'); ++ for (i=0; iswdigit(**s); (*s)++) { ++ if (i > INT_MAX/10U || **s-'0' > INT_MAX-10*i) i = -1; ++ else i = 10*i + (**s-'0'); ++ } + return i; + } + +@@ -168,8 +170,8 @@ static const char sizeprefix['y'-'a'] = { + static int wprintf_core(FILE *f, const wchar_t *fmt, va_list *ap, union arg *nl_arg, int *nl_type) + { + wchar_t *a, *z, *s=(wchar_t *)fmt; +- unsigned l10n=0, litpct, fl; +- int w, p; ++ unsigned l10n=0, fl; ++ int w, p, xp; + union arg arg; + int argpos; + unsigned st, ps; +@@ -181,20 +183,19 @@ static int wprintf_core(FILE *f, const wchar_t *fmt, va_list *ap, union arg *nl_ + wchar_t wc; + + for (;;) { ++ /* This error is only specified for snprintf, but since it's ++ * unspecified for other forms, do the same. Stop immediately ++ * on overflow; otherwise %n could produce wrong results. */ ++ if (l > INT_MAX - cnt) goto overflow; ++ + /* Update output count, end loop when fmt is exhausted */ +- if (cnt >= 0) { +- if (l > INT_MAX - cnt) { +- if (!ferror(f)) errno = EOVERFLOW; +- cnt = -1; +- } else cnt += l; +- } ++ cnt += l; + if (!*s) break; + + /* Handle literal text and %% format specifiers */ + for (a=s; *s && *s!='%'; s++); +- litpct = wcsspn(s, L"%")/2; /* Optimize %%%% runs */ +- z = s+litpct; +- s += 2*litpct; ++ for (z=s; s[0]=='%' && s[1]=='%'; z++, s+=2); ++ if (z-a > INT_MAX-cnt) goto overflow; + l = z-a; + if (f) out(f, a, l); + if (l) continue; +@@ -222,9 +223,9 @@ static int wprintf_core(FILE *f, const wchar_t *fmt, va_list *ap, union arg *nl_ + } else if (!l10n) { + w = f ? va_arg(*ap, int) : 0; + s++; +- } else return -1; ++ } else goto inval; + if (w<0) fl|=LEFT_ADJ, w=-w; +- } else if ((w=getint(&s))<0) return -1; ++ } else if ((w=getint(&s))<0) goto overflow; + + /* Read precision */ + if (*s=='.' && s[1]=='*') { +@@ -235,24 +236,29 @@ static int wprintf_core(FILE *f, const wchar_t *fmt, va_list *ap, union arg *nl_ + } else if (!l10n) { + p = f ? va_arg(*ap, int) : 0; + s+=2; +- } else return -1; ++ } else goto inval; ++ xp = (p>=0); + } else if (*s=='.') { + s++; + p = getint(&s); +- } else p = -1; ++ xp = 1; ++ } else { ++ p = -1; ++ xp = 0; ++ } + + /* Format specifier state machine */ + st=0; + do { +- if (OOB(*s)) return -1; ++ if (OOB(*s)) goto inval; + ps=st; + st=states[st]S(*s++); + } while (st-1=0) return -1; ++ if (argpos>=0) goto inval; + } else { + if (argpos>=0) nl_type[argpos]=st, arg=nl_arg[argpos]; + else if (f) pop_arg(&arg, st, ap); +@@ -285,8 +291,9 @@ static int wprintf_core(FILE *f, const wchar_t *fmt, va_list *ap, union arg *nl_ + continue; + case 'S': + a = arg.p; +- z = wmemchr(a, 0, p); +- if (z) p=z-a; ++ z = a + wcsnlen(a, p<0 ? INT_MAX : p); ++ if (p<0 && *z) goto overflow; ++ p = z-a; + if (w0; bs+=i, l++); ++ for (i=l=0; l<(p<0?INT_MAX:p) && (i=mbtowc(&wc, bs, MB_LEN_MAX))>0; bs+=i, l++); + if (i<0) return -1; ++ if (p<0 && *bs) goto overflow; + p=l; + if (w +Date: Tue, 4 Oct 2016 03:58:56 +0200 +Subject: math: fix pow signed shift ub + +j is int32_t and thus j<<31 is undefined if j==1, so j is changed to +uint32_t locally as a quick fix, the generated code is not affected. + +(this is a strict conformance fix, future c standard may allow 1<<31, +see DR 463. the bug was inherited from freebsd fdlibm, the proper fix +is to use uint32_t for all bit hacks, but that requires more intrusive +changes.) + +reported by Daniel Sabogal +--- + src/math/pow.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/math/pow.c b/src/math/pow.c +index b66f632..3ddc1b6 100644 +--- a/src/math/pow.c ++++ b/src/math/pow.c +@@ -125,11 +125,11 @@ double pow(double x, double y) + else if (iy >= 0x3ff00000) { + k = (iy>>20) - 0x3ff; /* exponent */ + if (k > 20) { +- j = ly>>(52-k); ++ uint32_t j = ly>>(52-k); + if ((j<<(52-k)) == ly) + yisint = 2 - (j&1); + } else if (ly == 0) { +- j = iy>>(20-k); ++ uint32_t j = iy>>(20-k); + if ((j<<(20-k)) == iy) + yisint = 2 - (j&1); + } +-- +cgit v0.11.2 diff --git a/toolchain/musl/patches/049-fix-clock_nanosleep-error-case.patch b/toolchain/musl/patches/049-fix-clock_nanosleep-error-case.patch new file mode 100644 index 0000000000..f57f7a65fb --- /dev/null +++ b/toolchain/musl/patches/049-fix-clock_nanosleep-error-case.patch @@ -0,0 +1,30 @@ +From 3ca2d2d4aef910663785fe232d7d2127a22d8a84 Mon Sep 17 00:00:00 2001 +From: Daniel Sabogal +Date: Sat, 17 Sep 2016 12:05:45 -0400 +Subject: fix clock_nanosleep error case + +posix requires that EINVAL be returned if the first parameter specifies +the cpu-time clock of the calling thread (CLOCK_THREAD_CPUTIME_ID). +linux returns ENOTSUP instead so we handle this. +--- + src/time/clock_nanosleep.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/src/time/clock_nanosleep.c b/src/time/clock_nanosleep.c +index ec87b9e..9e4d9f1 100644 +--- a/src/time/clock_nanosleep.c ++++ b/src/time/clock_nanosleep.c +@@ -1,8 +1,10 @@ + #include ++#include + #include "syscall.h" + #include "libc.h" + + int clock_nanosleep(clockid_t clk, int flags, const struct timespec *req, struct timespec *rem) + { +- return -__syscall_cp(SYS_clock_nanosleep, clk, flags, req, rem); ++ int r = -__syscall_cp(SYS_clock_nanosleep, clk, flags, req, rem); ++ return clk == CLOCK_THREAD_CPUTIME_ID ? EINVAL : r; + } +-- +cgit v0.11.2 diff --git a/toolchain/musl/patches/050-add-pthread_setname_np.patch b/toolchain/musl/patches/050-add-pthread_setname_np.patch new file mode 100644 index 0000000000..9d641a296b --- /dev/null +++ b/toolchain/musl/patches/050-add-pthread_setname_np.patch @@ -0,0 +1,58 @@ +From 8fb28b0b3e7a5e958fb844722a4b2ef9bc244af1 Mon Sep 17 00:00:00 2001 +From: Felix Janda +Date: Fri, 16 Sep 2016 20:54:00 -0400 +Subject: add pthread_setname_np + +the thread name is displayed by gdb's "info threads". +--- + include/pthread.h | 1 + + src/thread/pthread_setname_np.c | 26 ++++++++++++++++++++++++++ + 2 files changed, 27 insertions(+) + create mode 100644 src/thread/pthread_setname_np.c + +diff --git a/include/pthread.h b/include/pthread.h +index 3d2e0c4..94ef919 100644 +--- a/include/pthread.h ++++ b/include/pthread.h +@@ -214,6 +214,7 @@ struct cpu_set_t; + int pthread_getaffinity_np(pthread_t, size_t, struct cpu_set_t *); + int pthread_setaffinity_np(pthread_t, size_t, const struct cpu_set_t *); + int pthread_getattr_np(pthread_t, pthread_attr_t *); ++int pthread_setname_np(pthread_t, const char *); + int pthread_tryjoin_np(pthread_t, void **); + int pthread_timedjoin_np(pthread_t, void **, const struct timespec *); + #endif +diff --git a/src/thread/pthread_setname_np.c b/src/thread/pthread_setname_np.c +new file mode 100644 +index 0000000..82d35e1 +--- /dev/null ++++ b/src/thread/pthread_setname_np.c +@@ -0,0 +1,26 @@ ++#define _GNU_SOURCE ++#include ++#include ++#include ++#include ++ ++#include "pthread_impl.h" ++ ++int pthread_setname_np(pthread_t thread, const char *name) ++{ ++ int fd, cs, status = 0; ++ char f[sizeof "/proc/self/task//comm" + 3*sizeof(int)]; ++ size_t len; ++ ++ if ((len = strnlen(name, 16)) > 15) return ERANGE; ++ ++ if (thread == pthread_self()) ++ return prctl(PR_SET_NAME, (unsigned long)name, 0UL, 0UL, 0UL) ? errno : 0; ++ ++ snprintf(f, sizeof f, "/proc/self/task/%d/comm", thread->tid); ++ pthread_setcancelstate(PTHREAD_CANCEL_DISABLE, &cs); ++ if ((fd = open(f, O_WRONLY)) < 0 || write(fd, name, len) < 0) status = errno; ++ if (fd >= 0) close(fd); ++ pthread_setcancelstate(cs, 0); ++ return status; ++} +-- +cgit v0.11.2 diff --git a/toolchain/musl/patches/051-fix-float-formatting-of-some-exact-halfway-cases.patch b/toolchain/musl/patches/051-fix-float-formatting-of-some-exact-halfway-cases.patch new file mode 100644 index 0000000000..d01a163ce2 --- /dev/null +++ b/toolchain/musl/patches/051-fix-float-formatting-of-some-exact-halfway-cases.patch @@ -0,0 +1,30 @@ +From 51ab6db4ed115d079d7131975e4adb074ba9ef9d Mon Sep 17 00:00:00 2001 +From: Szabolcs Nagy +Date: Wed, 12 Oct 2016 00:49:59 +0200 +Subject: fix float formatting of some exact halfway cases + +in nearest rounding mode exact halfway cases were not following the +round to even rule if the rounding happened at a base 1000000000 digit +boundary of the internal representation and the previous digit was odd. + +e.g. printf("%.0f", 1.5) printed 1 instead of 2. +--- + src/stdio/vfprintf.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/stdio/vfprintf.c b/src/stdio/vfprintf.c +index e2ab2dc..60da14d 100644 +--- a/src/stdio/vfprintf.c ++++ b/src/stdio/vfprintf.c +@@ -345,7 +345,8 @@ static int fmt_fp(FILE *f, long double y, int w, int p, int fl, int t) + if (x || d+1!=z) { + long double round = 2/LDBL_EPSILON; + long double small; +- if (*d/i & 1) round += 2; ++ if ((*d/i & 1) || (i==1000000000 && d>a && (d[-1]&1))) ++ round += 2; + if (x +Date: Thu, 20 Oct 2016 12:13:33 -0400 +Subject: fix getopt_long_only misinterpreting "--" as an option + +--- + src/misc/getopt_long.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/misc/getopt_long.c b/src/misc/getopt_long.c +index 480c001..c6e1462 100644 +--- a/src/misc/getopt_long.c ++++ b/src/misc/getopt_long.c +@@ -53,7 +53,7 @@ static int __getopt_long_core(int argc, char *const *argv, const char *optstring + { + optarg = 0; + if (longopts && argv[optind][0] == '-' && +- ((longonly && argv[optind][1]) || ++ ((longonly && argv[optind][1] && argv[optind][1] != '-') || + (argv[optind][1] == '-' && argv[optind][2]))) + { + int colon = optstring[optstring[0]=='+'||optstring[0]=='-']==':'; +-- +cgit v0.11.2 diff --git a/toolchain/musl/patches/053-fix-gratuitous-undefined-behavior-in-strptime.patch b/toolchain/musl/patches/053-fix-gratuitous-undefined-behavior-in-strptime.patch new file mode 100644 index 0000000000..46920bccfb --- /dev/null +++ b/toolchain/musl/patches/053-fix-gratuitous-undefined-behavior-in-strptime.patch @@ -0,0 +1,33 @@ +From f33b17585058381491e6fda08f491b8e48c7980c Mon Sep 17 00:00:00 2001 +From: Rich Felker +Date: Thu, 20 Oct 2016 13:22:20 -0400 +Subject: fix gratuitous undefined behavior in strptime + +accessing an object of type const char *restrict as if it had type +char * is not defined. +--- + src/time/strptime.c | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +diff --git a/src/time/strptime.c b/src/time/strptime.c +index f41f55f..55c7ed1 100644 +--- a/src/time/strptime.c ++++ b/src/time/strptime.c +@@ -22,8 +22,13 @@ char *strptime(const char *restrict s, const char *restrict f, struct tm *restri + } + f++; + if (*f == '+') f++; +- if (isdigit(*f)) w=strtoul(f, (void *)&f, 10); +- else w=-1; ++ if (isdigit(*f)) { ++ char *new_f; ++ w=strtoul(f, &new_f, 10); ++ f = new_f; ++ } else { ++ w=-1; ++ } + adj=0; + switch (*f++) { + case 'a': case 'A': +-- +cgit v0.11.2 diff --git a/toolchain/musl/patches/054-fix-strtod-and-strtof-rounding-with-many-trailing-zeros.patch b/toolchain/musl/patches/054-fix-strtod-and-strtof-rounding-with-many-trailing-zeros.patch new file mode 100644 index 0000000000..3d9211c022 --- /dev/null +++ b/toolchain/musl/patches/054-fix-strtod-and-strtof-rounding-with-many-trailing-zeros.patch @@ -0,0 +1,36 @@ +From d184a09e0529f33d8ddddb8825039133483a2c41 Mon Sep 17 00:00:00 2001 +From: Szabolcs Nagy +Date: Sun, 4 Sep 2016 04:46:00 +0200 +Subject: fix strtod and strtof rounding with many trailing zeros + +in certain cases excessive trailing zeros could cause incorrect +rounding from long double to double or float in decfloat. + +e.g. in strtof("9444733528689243848704.000000", 0) the argument +is 0x1.000001p+73, exactly halfway between two representible floats, +this incorrectly got rounded to 0x1.000002p+73 instead of 0x1p+73, +but with less trailing 0 the rounding was fine. + +the fix makes sure that the z index always points one past the last +non-zero digit in the base 10^9 representation, this way trailing +zeros don't affect the rounding logic. +--- + src/internal/floatscan.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/src/internal/floatscan.c b/src/internal/floatscan.c +index eef70df..80305ee 100644 +--- a/src/internal/floatscan.c ++++ b/src/internal/floatscan.c +@@ -172,6 +172,9 @@ static long double decfloat(FILE *f, int c, int bits, int emin, int sign, int po + return sign * (long double)x[0] * p10s[rp-10]; + } + ++ /* Drop trailing zeros */ ++ for (; !x[z-1]; z--); ++ + /* Align radix point to B1B digit boundary */ + if (rp % 9) { + int rpm9 = rp>=0 ? rp%9 : rp%9+9; +-- +cgit v0.11.2 diff --git a/toolchain/musl/patches/055-fix-strtod-int-optimization-in-non-nearest-rounding-mode.patch b/toolchain/musl/patches/055-fix-strtod-int-optimization-in-non-nearest-rounding-mode.patch new file mode 100644 index 0000000000..1588b14658 --- /dev/null +++ b/toolchain/musl/patches/055-fix-strtod-int-optimization-in-non-nearest-rounding-mode.patch @@ -0,0 +1,38 @@ +From 6ffdc4579ffb34f4aab69ab4c081badabc7c0a9a Mon Sep 17 00:00:00 2001 +From: Szabolcs Nagy +Date: Sun, 4 Sep 2016 04:51:03 +0200 +Subject: fix strtod int optimization in non-nearest rounding mode + +the mid-sized integer optimization relies on lnz set up properly +to mark the last non-zero decimal digit, but this was not done +if the non-zero digit lied outside the KMAX digits of the base +10^9 number representation. + +so if the fractional part was a very long list of zeros (>2048*9 on +x86) followed by non-zero digits then the integer optimization could +kick in discarding the tiny non-zero fraction which can mean wrong +result on non-nearest rounding mode. + +strtof, strtod and strtold were all affected. +--- + src/internal/floatscan.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/src/internal/floatscan.c b/src/internal/floatscan.c +index 80305ee..ae09852 100644 +--- a/src/internal/floatscan.c ++++ b/src/internal/floatscan.c +@@ -110,7 +110,10 @@ static long double decfloat(FILE *f, int c, int bits, int emin, int sign, int po + gotdig=1; + } else { + dc++; +- if (c!='0') x[KMAX-4] |= 1; ++ if (c!='0') { ++ lnz = (KMAX-4)*9; ++ x[KMAX-4] |= 1; ++ } + } + } + if (!gotrad) lrp=dc; +-- +cgit v0.11.2 diff --git a/toolchain/musl/patches/065-fix-integer-overflow-of-tm_year-in-__secs_to_tm.patch b/toolchain/musl/patches/065-fix-integer-overflow-of-tm_year-in-__secs_to_tm.patch new file mode 100644 index 0000000000..6db6fd8365 --- /dev/null +++ b/toolchain/musl/patches/065-fix-integer-overflow-of-tm_year-in-__secs_to_tm.patch @@ -0,0 +1,39 @@ +From bc1e7731cee963e422575f81048792f4d5db9641 Mon Sep 17 00:00:00 2001 +From: Daniel Sabogal +Date: Wed, 2 Nov 2016 22:29:36 -0400 +Subject: fix integer overflow of tm_year in __secs_to_tm + +the overflow check for years+100 did not account for the extra +year computed from the remaining months. instead, perform this +check after obtaining the final number of years. +--- + src/time/__secs_to_tm.c | 9 +++++---- + 1 file changed, 5 insertions(+), 4 deletions(-) + +diff --git a/src/time/__secs_to_tm.c b/src/time/__secs_to_tm.c +index 3a3123a..093d902 100644 +--- a/src/time/__secs_to_tm.c ++++ b/src/time/__secs_to_tm.c +@@ -60,15 +60,16 @@ int __secs_to_tm(long long t, struct tm *tm) + for (months=0; days_in_month[months] <= remdays; months++) + remdays -= days_in_month[months]; + ++ if (months >= 10) { ++ months -= 12; ++ years++; ++ } ++ + if (years+100 > INT_MAX || years+100 < INT_MIN) + return -1; + + tm->tm_year = years + 100; + tm->tm_mon = months + 2; +- if (tm->tm_mon >= 12) { +- tm->tm_mon -=12; +- tm->tm_year++; +- } + tm->tm_mday = remdays + 1; + tm->tm_wday = wday; + tm->tm_yday = yday; +-- +cgit v0.11.2 diff --git a/toolchain/musl/patches/066-fix-swprintf-internal-buffer-state-and-error-handling.patch b/toolchain/musl/patches/066-fix-swprintf-internal-buffer-state-and-error-handling.patch new file mode 100644 index 0000000000..a6e7c7f5b0 --- /dev/null +++ b/toolchain/musl/patches/066-fix-swprintf-internal-buffer-state-and-error-handling.patch @@ -0,0 +1,36 @@ +From 7442442ccc665641a8827177e8e7ed45bbbd6584 Mon Sep 17 00:00:00 2001 +From: Rich Felker +Date: Mon, 7 Nov 2016 20:39:59 -0500 +Subject: fix swprintf internal buffer state and error handling + +the swprintf write callback never reset its buffer pointers, so after +its 256-byte buffer filled up, it would keep repeating those bytes +over and over in the output until the destination buffer filled up. it +also failed to set the error indicator for the stream on EILSEQ, +potentially allowing output to continue after the error. +--- + src/stdio/vswprintf.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +diff --git a/src/stdio/vswprintf.c b/src/stdio/vswprintf.c +index 7d237ba..6eb2f6a 100644 +--- a/src/stdio/vswprintf.c ++++ b/src/stdio/vswprintf.c +@@ -24,7 +24,14 @@ static size_t sw_write(FILE *f, const unsigned char *s, size_t l) + c->ws++; + } + *c->ws = 0; +- return i<0 ? i : l0; ++ if (i < 0) { ++ f->wpos = f->wbase = f->wend = 0; ++ f->flags |= F_ERR; ++ return i; ++ } ++ f->wend = f->buf + f->buf_size; ++ f->wpos = f->wbase = f->buf; ++ return l0; + } + + int vswprintf(wchar_t *restrict s, size_t n, const wchar_t *restrict fmt, va_list ap) +-- +cgit v0.11.2 diff --git a/toolchain/musl/patches/071-fix-build-regression-on-archs-with-variable-page-size.patch b/toolchain/musl/patches/071-fix-build-regression-on-archs-with-variable-page-size.patch new file mode 100644 index 0000000000..50d23e5056 --- /dev/null +++ b/toolchain/musl/patches/071-fix-build-regression-on-archs-with-variable-page-size.patch @@ -0,0 +1,32 @@ +From 4078a5c31fa67987051c2180db7a07702534032f Mon Sep 17 00:00:00 2001 +From: Rich Felker +Date: Tue, 8 Nov 2016 18:03:42 -0500 +Subject: fix build regression on archs with variable page size + +commit 31fb174dd295e50f7c5cf18d31fcfd5fe5a063b7 used +DEFAULT_GUARD_SIZE from pthread_impl.h in a static initializer, +breaking build on archs where its definition, PAGE_SIZE, is not a +constant. instead, just define DEFAULT_GUARD_SIZE as 4096, the minimal +page size on any arch we support. pthread_create rounds up to whole +pages anyway, so defining it to 1 would also work, but a moderately +meaningful value is nicer to programs that use +pthread_attr_getguardsize on default-initialized attribute objects. +--- + src/internal/pthread_impl.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/internal/pthread_impl.h b/src/internal/pthread_impl.h +index 3890bb5..7a679db 100644 +--- a/src/internal/pthread_impl.h ++++ b/src/internal/pthread_impl.h +@@ -143,7 +143,7 @@ void __block_app_sigs(void *); + void __restore_sigs(void *); + + #define DEFAULT_STACK_SIZE 81920 +-#define DEFAULT_GUARD_SIZE PAGE_SIZE ++#define DEFAULT_GUARD_SIZE 4096 + + #define __ATTRP_C11_THREAD ((void*)(uintptr_t)-1) + +-- +cgit v0.11.2