Age | Commit message (Collapse) | Author |
|
The 'BLT' instruction checks for *signed* values. So if a3, length
parameter of memset, is negative, then value added to the PC will be
large.
memset(buf, 0xaa, 0xffff0000) triggers the bug.
GDB session without the patch:
"""
$ gdb ./main-buggy-memset.elf -q
Reading symbols from ./main-buggy-memset.elf...done.
(gdb) x/i memset
0x8770 <memset>: mov r3, r0
(gdb) r
Starting program: /root/memset/main-buggy-memset.elf
Program received signal SIGSEGV, Segmentation fault.
0x00048808 in ?? ()
"""
The $pc is outside of the memset function because:
"""
(gdb) x/i $pc
=> 0x87e4 <memset+116>: add pc, pc, r2, lsl #2
(gdb) info reg $r2
r2 0x10007 65543
"""
GDB session with the bug fixed (patch applied):
"""
$ gdb ./main-fixed-memset.elf -q
Reading symbols from ./main-fixed-memset.elf...done.
(gdb) x/i memset
0x8770 <memset>: mov r3, r0
(gdb) r
Starting program: /root/memset/main-fixed-memset.elf
Program received signal SIGSEGV, Segmentation fault.
memset () at libc/string/arm/memset.S:92
92 libc/string/arm/memset.S: No such file or directory.
(gdb) x/i $pc
=> 0x87b0 <memset+64>: stmia r3!, {r1, r12}
(gdb) info reg $r3
r3 0x15000 86016
(gdb) info proc mappings
process 5822
Mapped address spaces:
Start Addr End Addr Size Offset objfile
0x8000 0xb000 0x3000 0x0
/root/memset/main-fixed-memset.elf
0x12000 0x15000 0x3000 0x2000
/root/memset/main-fixed-memset.elf
0xb6fff000 0xb7000000 0x1000 0x0 [sigpage]
0xbefdf000 0xbf000000 0x21000 0x0
0xffff0000 0xffff1000 0x1000 0x0 [vectors]
(gdb) info reg $sp
sp 0x14d78 0x14d78
"""
GDB crashes inside the memset function, on the store instruction. This
time the crash is (as expected) because of a memory access imediately
after the memory region that contains the stack -- the buffer that's
being memset'd is allocated on the stack.
Signed-off-by: Lucian Cojocar <lucian.cojocar@vu.nl>
|
|
|
|
Do it by following the trail of the existing commented code, which
implemented it by calling get_phys_pages() and get_avphys_pages().
This patch implements these two functions, which are also glibc
extensions.
Some program/libraries (e.g. libuv) assumes that sysconf(_SC_PHYS_PAGES)
works on linux and never check for -1, thus they report an insane amount
of memory.
Signed-off-by: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
|
|
When a 'hard' error occurs, fwrite reports that all data was written or
buffered even if that is not the case. It should report how much data
was actually written and buffered.
Signed-off-by: Jan Vangorp <jan.vangorp_ext@softathome.com>
|
|
The man page for fopencookie prescribes that custom write functions
should return 0 on error (and should definitely not return a negative
value) [1].
However, the uClibc implementation expects a negative return value in
case of an error (libc/stdio/_WRITE.c). If the write function returns 0
on error, we drop into an infinite loop if the error persists.
This patch wraps the user supplied write function such that a 0 return
value is converted to -1. errno is first set to EAGAIN such that if the
custom write function does not set errno in case of error, this is
treated as a "soft" error.
Custom write functions that cater towards uClibc and _do_ return a
negative value are not affected.
If no custom write function is supplied, set errno to EINVAL such that
this condition is treated as a "hard" error. Previously the behaviour
depended on whether the last error before the write happened to be a "hard"
or a "soft" error.
[1] http://git.kernel.org/cgit/docs/man-pages/man-pages.git/tree/man3/fopencookie.3?id=6c0d0ef0c7a9c4bcf805c6f9e9bc1ef1c3865ea0#n164
Signed-off-by: Jan Vangorp <jan.vangorp_ext@softathome.com>
|
|
Nobody should use gcc 3.3 nowadays.
|
|
These files are not used, no regression found while
running the testsuite.
|
|
Remove ppc64 bits and bytes, as we don't support ppc64 and
it makes the code more readable without the dead code.
|
|
|
|
There exist some problem with the new memcpy/memset functions
imported from GNU libc/newlib. If you have any problem
with the new MIPS optimized assembly try to disable
prefetching support.
Thanks to Rene Nielsen and Matthew Fortune analyzing the
problem so far.
|
|
|
|
Sync mostly with GNU libc implementation of setjmp/longjmp.
Just generate PIC compatible code, so no difference for static
builds are made. Add sysdep.h with some handy assembly macros
used inside setjmp.S/__longjmp.S.
This unbreaks dynamic linker support, first test suite run
only shows 10 errors, which doesn't look so bad.
|
|
Linuxthreads.new isn't really useful with the existence
of NPTL/TLS for well supported architectures. There is no
reason to use LT.new for ARM/MIPS or other architectures
supporting NPTL/TLS. It is not available for noMMU architectures
like Blackfin or FR-V. To simplify the live of the few uClibc-ng
developers, LT.new is removed and LT.old is renamed to LT.
LINUXTHREADS_OLD -> UCLIBC_HAS_LINUXTHREADS
|
|
Ported over from glibc mostly without changes.
Lightly tested with mongrel2 in qemu-system-sparc.
|
|
|
|
License notices in most of the source files refer to an outdated
FSF address. Replace it with URL, like in the rest of the source
files.Signed-off-by: Nikola Forró <nforro@redhat.com>
|
|
Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
|
|
GDB 7.11 does not build if compiled against uclibc-ng (1.0.12 was used,
but the problematic code exists in 1.0.13 as well). The reason is that
GDB release includes its own obstack implementation, but elides the code
if <gnu-versions.h> declares a compatible obstack implementation in
libc. uclibc-ng does claim compatible obstack interface (GDB expects
version 2, but accepts version 1 if sizeof(int) == sizeof(size_t)),
however, uclibc-ng does not provide the _obstack_free symbol that is a
part of the interface (glibc does provide this symbol). This later
causes a link failure.
The attached patch makes uclibc-ng enables an alias _obstack_free ->
obstack_free.
Signed-off-by: Alexey Neyman <stilor@att.net>
|
|
On systems where uClibc doesn't provide an arch specific byteswap.h,
we fall back on bits/byteswap-common.h. However, there is a bug
in this header in the __bswap_constant_64(x) macro. If, for example,
a double is passed, we get 'invalid operands to binary &' in which we
mismatch a 'double' and 'long long unsigned int'. The newer glibc
headers fix this and so we import them. Also, since the inclusion of
byteswap.h is not appropriate for assembly code, we guard a portion
of endian.h which uses byteswap.h from inclusion in any assembly.
This is needed, for example, for f2fs-tools 1.6.0 on 32-bit big
endian PowerPC.
Signed-off-by: Anthony G. Basile <blueness@gentoo.org>
|
|
Currently, the Thumb support on ARM has three related Config.in
options, which are not trivial for users to understand, and are in
fact not needed:
- The USE_BX option is not needed: knowing whether BX is available or
not is easy. If you have an ARM > v4 or ARMv4T, then BX is
available, otherwise it's not. This is the logic used in glibc.
- The USE_LDREXSTREX option is not needed: whenever Thumb2 is
available, ldrex/strex are available, so we can simply rely on
__thumb2__ to determine whether ldrex/strex should be used, without
requiring a Config.in option.
- Once USE_BX and USE_LDREXSTREX are removed, the only thing left
that COMPILE_IN_THUMB does is to set -mthumb. This makes the option
unnecessary, as on ARM at least, the user is already supposed to
pass -march=<foo> or other compiler options tuning the library for
a specific ARM variant. There is no reason to do otherwise for
Thumb, which allows to get rid of the COMPILE_IN_THUMB option.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
|
Register window saving loop in __sigsetjmp incorrectly calculates offset
in the jmp_buf in case it was called with call12. The bug was introduced
in commit f4b1b7ade7971141 "xtensa: fix setjmp that didn't save all
registers correctly".
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
|
|
As recently reported on the Buildroot list:
http://lists.busybox.net/pipermail/buildroot/2016-March/155325.html
DNS lookups with Node.js currently fails on uClibc-ng. The reason for this
is the way AI_V4MAPPED is handled. According to POSIX, AI_V4MAPPED should
be ignored unless ai_family is AF_INET6:
http://pubs.opengroup.org/onlinepubs/9699919799/functions/freeaddrinfo.html
If the AI_V4MAPPED flag is specified along with an ai_family of AF_INET6,
then getaddrinfo() shall return IPv4-mapped IPv6 addresses on finding no
matching IPv6 addresses (ai_addrlen shall be 16). The AI_V4MAPPED flag
shall be ignored unless ai_family equals AF_INET6.
uClibc-ng was also handling AI_V4MAPPED for AF_UNSPEC, fix that.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
|
This lessens the load on upstream DNS servers (and it was just nonsensical).
Signed-off-by: Tim Hockin <thockin@google.com>
|
|
Currently a miss on a search-path entry is counted as a retry. This means that
users with more than (num_nameservers * retries) entries in their search path
list fail before trying all search paths. Concretely, a single nameserver with
4 search paths will never try the 4th search because the default retry is 3.
The code doesn't currently retry a given nameserver in case of an error, so
retries is sort of meaningless (though there are some comments indicating it
might come). This change only treats total failure of a nameserver (try next
server) as a retry.
Signed-off-by: Tim Hockin <thockin@google.com>
|
|
|
|
__JMP_BUF_SP is the index of a stack pointer slot in the __jmp_buf.
According to ARM __sigsetjmp code it does not depend on configuration
parameter __UCLIBC_HAS_FPU__. Make its definition unconditional.
__JMP_BUF_SP is used in the unwind_stop through the
_JMPBUF_CFA_UNWINDS_ADJ macro, this change fixes cleanup routines call
on thread cancellation in configurations with hard FP.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
|
|
For some xtensa cores generated code gets arranged so that
__default_sa_restorer immediately follows preceding function. E.g.:
40a1b: c03340 sub a3, a3, a4
40a1e: f01d retw.n
00040a20 <__default_sa_restorer>:
40a20: e1a022 movi a2, 225
40a23: 005000 syscall
...
Contents of the .eh_frame section:
...
000007f4 00000014 000007f8 FDE cie=00000000 pc=0004076c..00040a20
DW_CFA_advance_loc4: 3 to 0004076f
DW_CFA_def_cfa_offset: 48
Due to the way xtensa libgcc uw_frame_state_for calls _Unwind_Find_FDE
for non-signal frames, FDE for the previous function is found during
thread cancellation signal stack unwinding in that case. Signal stack
frame is not recognized and is not unwound properly, breaking cleanup
routines calling for cancelled thread.
Insert padding before the __default_sa_restorer so that no FDE is found
for it, MD_FALLBACK_FRAME_STATE_FOR is called by uw_frame_state_for and
the frame is correctly recognized as signal frame.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
|
|
on system where resolv.conf is not in /etc .
Signed-off-by: Ubaldo Porcheddu <ubaldo@eja.it>
|
|
portability on system with default shell on a different directory, like for instance on android.
Signed-off-by: Ubaldo Porcheddu <ubaldo@eja.it>
|
|
The FR-V port is really broken, and I have no emulator
or hardware for this platform. I tried to get some hardware
from RedHat, who made the FR-V port initially. Unfortunately
Fujitsi didn't agreed to sent me some of their unused spare
hardware lying @RedHat. As I invested some time to get stuff compiled,
I decided to add the code and may be anytime later I can gain
access to some emulator or hardware.
GDB simulator for FR-V doesn't support booting Linux AFAIK.
|
|
Reported-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
|
|
ISC bind9 uses ptrsize, better use something else.
Reported-By: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Waldemar Brodkorb <wbx@uclibc-ng.org>
|
|
Signed-off-by: Waldemar Brodkorb <wbx@uclibc-ng.org>
|
|
Althought recent versions of sofware don't require it, old ntpd
wants - see http://bugs.ntp.org/show_bug.cgi?id=769
Signed-off-by: Leonid Lisovskiy <lly.dev@gmail.com>
Signed-off-by: Waldemar Brodkorb <wbx@uclibc-ng.org>
|
|
Write a terminating '\0' to dest when the first byte of the encoded data
is 0. This corner case was previously missed.
Signed-off-by: Daniel Fahlgren <daniel@fahlgren.se>
Signed-off-by: Waldemar Brodkorb <wbx@uclibc-ng.org>
|
|
It is possible to get stuck in an infinite loop when receiving a
specially crafted DNS reply. Exit the loop after a number of iteration
and consider the packet invalid.
Signed-off-by: Daniel Fahlgren <daniel@fahlgren.se>
Signed-off-by: Waldemar Brodkorb <wbx@uclibc-ng.org>
|
|
Some software make use of exp10, so add it.
Basic testing with LTP.
Signed-off-by: Waldemar Brodkorb <wbx@uclibc-ng.org>
|
|
At least allow to compile a toolchain targeting nios2 without MMU.
|
|
At least allow to build a toolchain for hppa.
Sync some headers with glibc.
|
|
libc/sysdeps/linux/common/euidaccess.c:1:1: warning: "_GNU_SOURCE" redefined
In file included from <command-line>:0:
./include/libc-symbols.h:52:1: warning: this is the location of the previous definition
Signed-Off-By: Leonid Lisovskiy <lly.dev@gmail.com>
|
|
Different define of latest kernel.
kernel define is
#define O_DIRECT 00040000 /* direct disk access hint */
#define O_DIRECTORY 00200000 /* must be a directory */
Yoshinori Sato <ysato@users.sourceforge.jp>
|
|
The order of special checks seems critical for some applications.
Xorg 1.18.0 fails to start with XNFreallocarray error.
Took me some time to run with MALLOC_DEBUG=2 to find out.
MALLOC_STANDARD is not affected.
|
|
Patch from OpenWrt.
Reported-by: Leonid Lisovskiy <lly.dev@gmail.com>
|
|
Reported-by: Leonid Lisovskiy <lly.dev@gmail.com>
|
|
open_cancel and open2_cancel have diffrent argument on open.
So can't alias this functions.
Signed-off-by: Yoshinori Sato <ysato@users.sourceforge.jp>
|
|
If argument passing to register case (ex. -mregparam=3).
This case set all parameters set to register from caller.
But callee refer to stack. So can't get parameter.
Signed-off-by: Yoshinori Sato <ysato@users.sourceforge.jp>
|
|
Invoke pthread_atfork handler cleanup when removing the associated DSO...
If a program loads a DSO (dlopen) that sets up a pthread_atfork handler(s), and
then subsequently closes the DSO, the handler(s) are left in place. If fork()
is subsequently called, the handlers are invoked even though the DSO has been
removed causing crashes or unpredictable code execution. This is because the
code in __cxa_finalize(atexit.c)to invoke the unregister_atfork() routine is
ifdef'd out with the comment that it hasn't been "looked into this yet...".
Refs.:
http://bugs.busybox.net/show_bug.cgi?id=8211
http://sourceware.org/bugzilla/show_bug.cgi?id=13502
Add test-case, enable cleanup for NPTL only.
Signed-off-by: John Ata <john.ata@baesystems.com>
Signed-off-by: Leonid Lisovskiy <lly.dev@gmail.com>
|
|
Signed-off-by: Yoshinori Sato <ysato@users.sourceforge.jp>
|
|
Signed-off-by: Yoshinori Sato <ysato@users.sourceforge.jp>
|
|
syncfs() was recently added (commit dfa593d4d). But man sync(2) specifies
that syncfs() is Linux-specific. This was overlooked in the original
commit so we add it to the set of Linux-specific functions supported by
uClibc.
Signed-off-by: Anthony G. Basile <blueness@gentoo.org>
|