[v2] libio: Flush stream at freopen (BZ#21037)
Commit Message
On 14/06/2018 13:43, Paul Eggert wrote:
> On 06/14/2018 08:01 AM, Adhemerval Zanella wrote:
>> + char fdfilename[30];
>
> The magic number 30 should be turned into a named constant defined in fd_to_filename.h, to help prevent future mistakes. Once that is done, you can change the signature of fd_to_filename to not pass the size, and to require the caller to pass an array of at least size 30, so that fd_to_filename need not check for buffer overflow (see below for more on this).
>
>> + const char *gfilename;
>> + if (filename == NULL && fd >= 0)
>> + gfilename = fd_to_filename (fd, fdfilename, sizeof fdfilename)
>> + ? fdfilename : NULL;
>> + else
>> + gfilename = filename;
>
> Cleaner would be:
>
> const char *gfilename
> = filename != NULL ? filename : fd_to_filename (fd, fdfilename);
>
> That is, let fd_to_filename worry about what to do with negative fd, and have it return fdfilename or NULL, and don't pass the size (which should be that magic number regardless).
>
>
>> -static inline const char *
>> -fd_to_filename (int fd)
>> +static inline bool
>> +fd_to_filename (int fd, char *buf, size_t len)
>> {
>> - char *ret = malloc (30);
>> + __snprintf (buf, len, "/proc/self/fd/%d", fd);
>> - if (ret != NULL)
>> - {
>> - struct stat64 st;
>> -
>> - *_fitoa_word (fd, __stpcpy (ret, "/proc/self/fd/"), 10, 0) = '\0';
>> -
>> - /* We must make sure the file exists. */
>> - if (__lxstat64 (_STAT_VER, ret, &st) < 0)
>> - {
>> - /* /proc is not mounted or something else happened. Don't
>> - return the file name. */
>> - free (ret);
>> - ret = NULL;
>> - }
>> - }
>> - return ret;
>> + /* We must make sure the file exists. */
>> + if (__lxstat64 (_STAT_VER, buf, & (struct stat64) {}) < 0)
>> + /* /proc is not mounted or something else happened. */
>> + return false;
>> + return true;
>> }
>
> The __snprintf would be quite wrong if the string did not fit. Again, I suggest simply requiring the buffer to be long enough and not checking its length, and sticking with stpcpy + _fitoa_word which should be more efficient than __snprintf anyway (or if you prefer simplicity to speed, just use sprintf).
>
> The '& (struct stat64) {}' construct looks pretty but is less efficient as it makes the compiler zero out the structure unnecessarily, so the code should keep doing that struct the old-fashioned way.
Thanks, fixed based on your review:
---
[BZ #21037]
* libio/Makefile (tests): Add tst-memstream4 and tst-wmemstream4.
* libio/freopen.c (freopen): Sync stream before reopen and adjust to
new fd_to_filename interface.
* libio/freopen64.c (freopen64): Likewise.
* libio/tst-memstream.h: New file.
* libio/tst-memstream4.c: Likewise.
* libio/tst-wmemstream4.c: Likewise.
* sysdeps/generic/fd_to_filename.h (fd_to_filename): Change signature.
* sysdeps/unix/sysv/linux/fd_to_filename.h (fd_to_filename): Likewise
and remove internal dynamic allocation.
---
@@ -59,8 +59,8 @@ tests = tst_swprintf tst_wprintf tst_swscanf tst_wscanf tst_getwc tst_putwc \
tst-mmap-eofsync tst-mmap-fflushsync bug-mmap-fflush \
tst-mmap2-eofsync tst-mmap-offend bug-fopena+ bug-wfflush \
bug-ungetc2 bug-ftell bug-ungetc3 bug-ungetc4 tst-fopenloc2 \
- tst-memstream1 tst-memstream2 tst-memstream3 \
- tst-wmemstream1 tst-wmemstream2 tst-wmemstream3 \
+ tst-memstream1 tst-memstream2 tst-memstream3 tst-memstream4 \
+ tst-wmemstream1 tst-wmemstream2 tst-wmemstream3 tst-wmemstream4 \
bug-memstream1 bug-wmemstream1 \
tst-setvbuf1 tst-popen1 tst-fgetwc bug-wsetpos tst-fseek \
tst-fwrite-error tst-ftell-partial-wide tst-ftell-active-handler \
@@ -24,28 +24,34 @@
This exception applies to code released by its copyright holders
in files containing the exception. */
-#include "libioP.h"
-#include "stdio.h"
+#include <stdio.h>
#include <fcntl.h>
#include <stdlib.h>
#include <unistd.h>
-#include <shlib-compat.h>
+#include <libioP.h>
#include <fd_to_filename.h>
-
-#include <kernel-features.h>
+#include <shlib-compat.h>
FILE *
freopen (const char *filename, const char *mode, FILE *fp)
{
- FILE *result;
+ FILE *result = NULL;
+ char fdfilename[FD_TO_FILENAME_SIZE];
+
CHECK_FILE (fp, NULL);
- if (!(fp->_flags & _IO_IS_FILEBUF))
- return NULL;
+
_IO_acquire_lock (fp);
+ /* First flush the stream (failure should be ignored). */
+ _IO_SYNC (fp);
+
+ if (!(fp->_flags & _IO_IS_FILEBUF))
+ goto end;
+
int fd = _IO_fileno (fp);
- const char *gfilename = (filename == NULL && fd >= 0
- ? fd_to_filename (fd) : filename);
+ const char *gfilename
+ = filename != NULL ? filename : fd_to_filename (fd, fdfilename);
+
fp->_flags2 |= _IO_FLAGS2_NOCLOSE;
#if SHLIB_COMPAT (libc, GLIBC_2_0, GLIBC_2_1)
if (&_IO_stdin_used == NULL)
@@ -101,9 +107,6 @@ freopen (const char *filename, const char *mode, FILE *fp)
__close (fd);
end:
- if (filename == NULL)
- free ((char *) gfilename);
-
_IO_release_lock (fp);
return result;
}
@@ -24,27 +24,33 @@
This exception applies to code released by its copyright holders
in files containing the exception. */
-#include "libioP.h"
-#include "stdio.h"
+#include <stdio.h>
#include <fcntl.h>
#include <stdlib.h>
#include <unistd.h>
+#include <libioP.h>
#include <fd_to_filename.h>
-#include <kernel-features.h>
-
FILE *
freopen64 (const char *filename, const char *mode, FILE *fp)
{
- FILE *result;
+ FILE *result = NULL;
+ char fdfilename[FD_TO_FILENAME_SIZE];
+
CHECK_FILE (fp, NULL);
- if (!(fp->_flags & _IO_IS_FILEBUF))
- return NULL;
+
_IO_acquire_lock (fp);
+ /* First flush the stream (failure should be ignored). */
+ _IO_SYNC (fp);
+
+ if (!(fp->_flags & _IO_IS_FILEBUF))
+ goto end;
+
int fd = _IO_fileno (fp);
- const char *gfilename = (filename == NULL && fd >= 0
- ? fd_to_filename (fd) : filename);
+ const char *gfilename
+ = filename != NULL ? filename : fd_to_filename (fd, fdfilename);
+
fp->_flags2 |= _IO_FLAGS2_NOCLOSE;
_IO_file_close_it (fp);
_IO_JUMPS_FILE_plus (fp) = &_IO_file_jumps;
@@ -84,8 +90,6 @@ freopen64 (const char *filename, const char *mode, FILE *fp)
__close (fd);
end:
- if (filename == NULL)
- free ((char *) gfilename);
_IO_release_lock (fp);
return result;
}
new file mode 100644
@@ -0,0 +1,68 @@
+/* Common definitions for open_memstream tests.
+ Copyright (C) 2018 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <http://www.gnu.org/licenses/>. */
+
+#include <mcheck.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdarg.h>
+#include <errno.h>
+
+#include <support/check.h>
+
+#ifdef TEST_WCHAR
+# include <wchar.h>
+
+/* Straighforward implementation so tst-memstream3 could use check
+ fwrite on open_memstream. */
+static size_t __attribute__ ((used))
+fwwrite (const void *ptr, size_t size, size_t nmemb, FILE *arq)
+{
+ const wchar_t *wcs = (const wchar_t*) (ptr);
+ for (size_t s = 0; s < size; s++)
+ {
+ for (size_t n = 0; n < nmemb; n++)
+ if (fputwc (wcs[n], arq) == WEOF)
+ return n;
+ }
+ return size * nmemb;
+}
+
+# define CHAR_T wchar_t
+# define W(o) L##o
+# define OPEN_MEMSTREAM open_wmemstream
+# define PRINTF wprintf
+# define FWRITE fwwrite
+# define FPUTC fputwc
+# define FPUTS fputws
+# define STRCMP wcscmp
+# define STRLEN wcslen
+#else
+# define CHAR_T char
+# define W(o) o
+# define OPEN_MEMSTREAM open_memstream
+# define PRINTF printf
+# define FWRITE fwrite
+# define FPUTC fputc
+# define FPUTS fputs
+# define STRCMP strcmp
+# define STRLEN strlen
+#endif
+
+#define S(s) S1 (s)
+#define S1(s) #s
new file mode 100644
@@ -0,0 +1,62 @@
+/* Test for open_memstream BZ #21037.
+ Copyright (C) 2018 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <http://www.gnu.org/licenses/>. */
+
+#include "tst-memstream.h"
+
+static void
+mcheck_abort (enum mcheck_status ev)
+{
+ printf ("mecheck failed with status %d\n", (int) ev);
+ exit (1);
+}
+
+static int
+do_test (void)
+{
+ mcheck_pedantic (mcheck_abort);
+
+ /* Check if freopen proper fflush the stream. */
+ {
+ CHAR_T old[] = W("old");
+ CHAR_T *buf = old;
+ size_t size;
+
+ FILE *fp = OPEN_MEMSTREAM (&buf, &size);
+ TEST_VERIFY_EXIT (fp != NULL);
+
+ FPUTS (W("new"), fp);
+ /* The stream buffer pointer should be updated with only a fflush or
+ fclose. */
+ TEST_VERIFY (STRCMP (buf, old) == 0);
+
+ /* The old stream should be fflush the stream, even for an invalid
+ streams. */
+ FILE *nfp = freopen ("invalid-file", "r", fp);
+ TEST_VERIFY (nfp == NULL);
+
+ TEST_VERIFY (STRCMP (buf, W("new")) == 0);
+
+ TEST_VERIFY (fclose (fp) == 0);
+
+ free (buf);
+ }
+
+ return 0;
+}
+
+#include <support/test-driver.c>
new file mode 100644
@@ -0,0 +1,20 @@
+/* Test for open_wmemstream BZ #21037.
+ Copyright (C) 2018 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <http://www.gnu.org/licenses/>. */
+
+#define TEST_WCHAR
+#include <libio/tst-memstream4.c>
@@ -16,10 +16,12 @@
License along with the GNU C Library; if not, see
<http://www.gnu.org/licenses/>. */
+#define FD_TO_FILENAME_SIZE 0
+
/* In general there is no generic way to query filename for an open
file descriptor. */
static inline const char *
-fd_to_filename (int fd)
+fd_to_filename (int fd, char *buf)
{
return NULL;
}
@@ -16,30 +16,21 @@
License along with the GNU C Library; if not, see
<http://www.gnu.org/licenses/>. */
-#include <stdlib.h>
-#include <string.h>
+#include <stdio.h>
#include <sys/stat.h>
-#include <_itoa.h>
+
+#define FD_TO_FILENAME_SIZE ((sizeof ("/proc/self/fd/") - 1) \
+ + (sizeof ("2147483647") - 1) + 1)
static inline const char *
-fd_to_filename (int fd)
+fd_to_filename (int fd, char *buf)
{
- char *ret = malloc (30);
-
- if (ret != NULL)
- {
- struct stat64 st;
-
- *_fitoa_word (fd, __stpcpy (ret, "/proc/self/fd/"), 10, 0) = '\0';
-
- /* We must make sure the file exists. */
- if (__lxstat64 (_STAT_VER, ret, &st) < 0)
- {
- /* /proc is not mounted or something else happened. Don't
- return the file name. */
- free (ret);
- ret = NULL;
- }
- }
- return ret;
+ *_fitoa_word (fd, __stpcpy (buf, "/proc/self/fd/"), 10, 0) = '\0';
+
+ /* We must make sure the file exists. */
+ struct stat64 st;
+ if (__lxstat64 (_STAT_VER, buf, &st) < 0)
+ /* /proc is not mounted or something else happened. */
+ return NULL;
+ return buf;
}