From patchwork Thu Jun 14 18:28:14 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Adhemerval Zanella Netto X-Patchwork-Id: 27854 Received: (qmail 110205 invoked by alias); 14 Jun 2018 18:28:28 -0000 Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: libc-alpha-owner@sourceware.org Delivered-To: mailing list libc-alpha@sourceware.org Received: (qmail 110182 invoked by uid 89); 14 Jun 2018 18:28:27 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-25.4 required=5.0 tests=AWL, BAYES_00, GIT_PATCH_0, GIT_PATCH_1, GIT_PATCH_2, GIT_PATCH_3, KAM_SHORT, RCVD_IN_DNSWL_NONE, SPF_PASS autolearn=ham version=3.3.2 spammy= X-HELO: mail-qt0-f195.google.com X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:openpgp:autocrypt :message-id:date:user-agent:mime-version:in-reply-to :content-language:content-transfer-encoding; bh=PuXAlguJiNsEazoFsZicPaiYw8+BOJYMihKzVW039y0=; b=jCLi1ZBOPG5czm8b6mS4vORX958w4U6l2sBy5340aE5gBDZBnI550MFbeitjYJuqf0 peN7XmvNPR/2HLvTEEI/0HXm1XshZf+MxgPzuwaMS4ZofoDRSmz6pa5q+eAEB/wowmwg Zw4gmvX5xi415JaQGIeN8wZ904Eya2ze3nxzwdYSSVWiFDHOz7H8D+1hPvjabl+pha2R wnJZsKH4TNN+I0VXUn3r+pWP/DrJ/P3qKSIQGoMKQEcUyQytHV6AEoQDAFUkj0BcQcRW 5xC+aWuchnU+atXous+Ij7xDqhyEF+46ecbwRnNYM/nC7cF6dJNAHz7Zb9LsK4aHa7sG EIlw== X-Gm-Message-State: APt69E1msK0vdJo35Y1B7ovqtlW4g+kws2ip72oAXefVYJJMJklNlWPN 321BDxfJF8DDlxt3TmGmQY++pelrImA= X-Google-Smtp-Source: ADUXVKKWXdUHP9kaUq1E7S/wF7slQTk0ekS7SI3C+nQKVxjnWHQ0C3F6FN5YaVMpKp03DIqYxxx7Lg== X-Received: by 2002:ac8:2cf0:: with SMTP id 45-v6mr3357427qtx.236.1529000902653; Thu, 14 Jun 2018 11:28:22 -0700 (PDT) Subject: Re: [PATCH v2] libio: Flush stream at freopen (BZ#21037) To: Paul Eggert , Andreas Schwab Cc: libc-alpha@sourceware.org References: <1528925590-29895-1-git-send-email-adhemerval.zanella@linaro.org> <25a001ee-301f-1af5-20ed-27b883500f04@linaro.org> <2df65bd4-8dfc-187a-c917-87da4510fd15@cs.ucla.edu> From: Adhemerval Zanella Openpgp: preference=signencrypt Message-ID: <7872b4cd-9574-9785-2ff0-873e5a6a1136@linaro.org> Date: Thu, 14 Jun 2018 15:28:14 -0300 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.8.0 MIME-Version: 1.0 In-Reply-To: <2df65bd4-8dfc-187a-c917-87da4510fd15@cs.ucla.edu> On 14/06/2018 13:43, Paul Eggert wrote: > On 06/14/2018 08:01 AM, Adhemerval Zanella wrote: >> + char fdfilename[30]; > > The magic number 30 should be turned into a named constant defined in fd_to_filename.h, to help prevent future mistakes. Once that is done, you can change the signature of fd_to_filename to not pass the size, and to require the caller to pass an array of at least size 30, so that fd_to_filename need not check for buffer overflow (see below for more on this). > >> +  const char *gfilename; >> +  if (filename == NULL && fd >= 0) >> +    gfilename = fd_to_filename (fd, fdfilename, sizeof fdfilename) >> +        ? fdfilename : NULL; >> +  else >> +    gfilename = filename; > > Cleaner would be: > >   const char *gfilename >     = filename != NULL ? filename : fd_to_filename (fd, fdfilename); > > That is, let fd_to_filename worry about what to do with negative fd, and have it return fdfilename or NULL, and don't pass the size (which should be that magic number regardless). > > >> -static inline const char * >> -fd_to_filename (int fd) >> +static inline bool >> +fd_to_filename (int fd, char *buf, size_t len) >>   { >> -  char *ret = malloc (30); >> +  __snprintf (buf, len, "/proc/self/fd/%d", fd); >>   -  if (ret != NULL) >> -    { >> -      struct stat64 st; >> - >> -      *_fitoa_word (fd, __stpcpy (ret, "/proc/self/fd/"), 10, 0) = '\0'; >> - >> -      /* We must make sure the file exists.  */ >> -      if (__lxstat64 (_STAT_VER, ret, &st) < 0) >> -    { >> -      /* /proc is not mounted or something else happened.  Don't >> -         return the file name.  */ >> -      free (ret); >> -      ret = NULL; >> -    } >> -    } >> -  return ret; >> +  /* We must make sure the file exists.  */ >> +  if (__lxstat64 (_STAT_VER, buf, & (struct stat64) {}) < 0) >> +    /* /proc is not mounted or something else happened.  */ >> +    return false; >> +  return true; >>   } > > The __snprintf would be quite wrong if the string did not fit. Again, I suggest simply requiring the buffer to be long enough and not checking its length, and sticking with stpcpy + _fitoa_word which should be more efficient than __snprintf anyway (or if you prefer simplicity to speed, just use sprintf). > > The '& (struct stat64) {}' construct looks pretty but is less efficient as it makes the compiler zero out the structure unnecessarily, so the code should keep doing that struct the old-fashioned way. Thanks, fixed based on your review: --- [BZ #21037] * libio/Makefile (tests): Add tst-memstream4 and tst-wmemstream4. * libio/freopen.c (freopen): Sync stream before reopen and adjust to new fd_to_filename interface. * libio/freopen64.c (freopen64): Likewise. * libio/tst-memstream.h: New file. * libio/tst-memstream4.c: Likewise. * libio/tst-wmemstream4.c: Likewise. * sysdeps/generic/fd_to_filename.h (fd_to_filename): Change signature. * sysdeps/unix/sysv/linux/fd_to_filename.h (fd_to_filename): Likewise and remove internal dynamic allocation. --- diff --git a/libio/Makefile b/libio/Makefile index cbe14a8..077bd40 100644 --- a/libio/Makefile +++ b/libio/Makefile @@ -59,8 +59,8 @@ tests = tst_swprintf tst_wprintf tst_swscanf tst_wscanf tst_getwc tst_putwc \ tst-mmap-eofsync tst-mmap-fflushsync bug-mmap-fflush \ tst-mmap2-eofsync tst-mmap-offend bug-fopena+ bug-wfflush \ bug-ungetc2 bug-ftell bug-ungetc3 bug-ungetc4 tst-fopenloc2 \ - tst-memstream1 tst-memstream2 tst-memstream3 \ - tst-wmemstream1 tst-wmemstream2 tst-wmemstream3 \ + tst-memstream1 tst-memstream2 tst-memstream3 tst-memstream4 \ + tst-wmemstream1 tst-wmemstream2 tst-wmemstream3 tst-wmemstream4 \ bug-memstream1 bug-wmemstream1 \ tst-setvbuf1 tst-popen1 tst-fgetwc bug-wsetpos tst-fseek \ tst-fwrite-error tst-ftell-partial-wide tst-ftell-active-handler \ diff --git a/libio/freopen.c b/libio/freopen.c index abf19e9..6ce74ae 100644 --- a/libio/freopen.c +++ b/libio/freopen.c @@ -24,28 +24,34 @@ This exception applies to code released by its copyright holders in files containing the exception. */ -#include "libioP.h" -#include "stdio.h" +#include #include #include #include -#include +#include #include - -#include +#include FILE * freopen (const char *filename, const char *mode, FILE *fp) { - FILE *result; + FILE *result = NULL; + char fdfilename[FD_TO_FILENAME_SIZE]; + CHECK_FILE (fp, NULL); - if (!(fp->_flags & _IO_IS_FILEBUF)) - return NULL; + _IO_acquire_lock (fp); + /* First flush the stream (failure should be ignored). */ + _IO_SYNC (fp); + + if (!(fp->_flags & _IO_IS_FILEBUF)) + goto end; + int fd = _IO_fileno (fp); - const char *gfilename = (filename == NULL && fd >= 0 - ? fd_to_filename (fd) : filename); + const char *gfilename + = filename != NULL ? filename : fd_to_filename (fd, fdfilename); + fp->_flags2 |= _IO_FLAGS2_NOCLOSE; #if SHLIB_COMPAT (libc, GLIBC_2_0, GLIBC_2_1) if (&_IO_stdin_used == NULL) @@ -101,9 +107,6 @@ freopen (const char *filename, const char *mode, FILE *fp) __close (fd); end: - if (filename == NULL) - free ((char *) gfilename); - _IO_release_lock (fp); return result; } diff --git a/libio/freopen64.c b/libio/freopen64.c index ea7ebd3..d13c70f 100644 --- a/libio/freopen64.c +++ b/libio/freopen64.c @@ -24,27 +24,33 @@ This exception applies to code released by its copyright holders in files containing the exception. */ -#include "libioP.h" -#include "stdio.h" +#include #include #include #include +#include #include -#include - FILE * freopen64 (const char *filename, const char *mode, FILE *fp) { - FILE *result; + FILE *result = NULL; + char fdfilename[FD_TO_FILENAME_SIZE]; + CHECK_FILE (fp, NULL); - if (!(fp->_flags & _IO_IS_FILEBUF)) - return NULL; + _IO_acquire_lock (fp); + /* First flush the stream (failure should be ignored). */ + _IO_SYNC (fp); + + if (!(fp->_flags & _IO_IS_FILEBUF)) + goto end; + int fd = _IO_fileno (fp); - const char *gfilename = (filename == NULL && fd >= 0 - ? fd_to_filename (fd) : filename); + const char *gfilename + = filename != NULL ? filename : fd_to_filename (fd, fdfilename); + fp->_flags2 |= _IO_FLAGS2_NOCLOSE; _IO_file_close_it (fp); _IO_JUMPS_FILE_plus (fp) = &_IO_file_jumps; @@ -84,8 +90,6 @@ freopen64 (const char *filename, const char *mode, FILE *fp) __close (fd); end: - if (filename == NULL) - free ((char *) gfilename); _IO_release_lock (fp); return result; } diff --git a/libio/tst-memstream.h b/libio/tst-memstream.h new file mode 100644 index 0000000..b9b02bd --- /dev/null +++ b/libio/tst-memstream.h @@ -0,0 +1,68 @@ +/* Common definitions for open_memstream tests. + Copyright (C) 2018 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include +#include +#include +#include +#include +#include + +#include + +#ifdef TEST_WCHAR +# include + +/* Straighforward implementation so tst-memstream3 could use check + fwrite on open_memstream. */ +static size_t __attribute__ ((used)) +fwwrite (const void *ptr, size_t size, size_t nmemb, FILE *arq) +{ + const wchar_t *wcs = (const wchar_t*) (ptr); + for (size_t s = 0; s < size; s++) + { + for (size_t n = 0; n < nmemb; n++) + if (fputwc (wcs[n], arq) == WEOF) + return n; + } + return size * nmemb; +} + +# define CHAR_T wchar_t +# define W(o) L##o +# define OPEN_MEMSTREAM open_wmemstream +# define PRINTF wprintf +# define FWRITE fwwrite +# define FPUTC fputwc +# define FPUTS fputws +# define STRCMP wcscmp +# define STRLEN wcslen +#else +# define CHAR_T char +# define W(o) o +# define OPEN_MEMSTREAM open_memstream +# define PRINTF printf +# define FWRITE fwrite +# define FPUTC fputc +# define FPUTS fputs +# define STRCMP strcmp +# define STRLEN strlen +#endif + +#define S(s) S1 (s) +#define S1(s) #s diff --git a/libio/tst-memstream4.c b/libio/tst-memstream4.c new file mode 100644 index 0000000..43082f1 --- /dev/null +++ b/libio/tst-memstream4.c @@ -0,0 +1,62 @@ +/* Test for open_memstream BZ #21037. + Copyright (C) 2018 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include "tst-memstream.h" + +static void +mcheck_abort (enum mcheck_status ev) +{ + printf ("mecheck failed with status %d\n", (int) ev); + exit (1); +} + +static int +do_test (void) +{ + mcheck_pedantic (mcheck_abort); + + /* Check if freopen proper fflush the stream. */ + { + CHAR_T old[] = W("old"); + CHAR_T *buf = old; + size_t size; + + FILE *fp = OPEN_MEMSTREAM (&buf, &size); + TEST_VERIFY_EXIT (fp != NULL); + + FPUTS (W("new"), fp); + /* The stream buffer pointer should be updated with only a fflush or + fclose. */ + TEST_VERIFY (STRCMP (buf, old) == 0); + + /* The old stream should be fflush the stream, even for an invalid + streams. */ + FILE *nfp = freopen ("invalid-file", "r", fp); + TEST_VERIFY (nfp == NULL); + + TEST_VERIFY (STRCMP (buf, W("new")) == 0); + + TEST_VERIFY (fclose (fp) == 0); + + free (buf); + } + + return 0; +} + +#include diff --git a/libio/tst-wmemstream4.c b/libio/tst-wmemstream4.c new file mode 100644 index 0000000..8ff146e --- /dev/null +++ b/libio/tst-wmemstream4.c @@ -0,0 +1,20 @@ +/* Test for open_wmemstream BZ #21037. + Copyright (C) 2018 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#define TEST_WCHAR +#include diff --git a/sysdeps/generic/fd_to_filename.h b/sysdeps/generic/fd_to_filename.h index bacfe5b..d41b345 100644 --- a/sysdeps/generic/fd_to_filename.h +++ b/sysdeps/generic/fd_to_filename.h @@ -16,10 +16,12 @@ License along with the GNU C Library; if not, see . */ +#define FD_TO_FILENAME_SIZE 0 + /* In general there is no generic way to query filename for an open file descriptor. */ static inline const char * -fd_to_filename (int fd) +fd_to_filename (int fd, char *buf) { return NULL; } diff --git a/sysdeps/unix/sysv/linux/fd_to_filename.h b/sysdeps/unix/sysv/linux/fd_to_filename.h index 297716b..ae88ce8 100644 --- a/sysdeps/unix/sysv/linux/fd_to_filename.h +++ b/sysdeps/unix/sysv/linux/fd_to_filename.h @@ -16,30 +16,21 @@ License along with the GNU C Library; if not, see . */ -#include -#include +#include #include -#include <_itoa.h> + +#define FD_TO_FILENAME_SIZE ((sizeof ("/proc/self/fd/") - 1) \ + + (sizeof ("2147483647") - 1) + 1) static inline const char * -fd_to_filename (int fd) +fd_to_filename (int fd, char *buf) { - char *ret = malloc (30); - - if (ret != NULL) - { - struct stat64 st; - - *_fitoa_word (fd, __stpcpy (ret, "/proc/self/fd/"), 10, 0) = '\0'; - - /* We must make sure the file exists. */ - if (__lxstat64 (_STAT_VER, ret, &st) < 0) - { - /* /proc is not mounted or something else happened. Don't - return the file name. */ - free (ret); - ret = NULL; - } - } - return ret; + *_fitoa_word (fd, __stpcpy (buf, "/proc/self/fd/"), 10, 0) = '\0'; + + /* We must make sure the file exists. */ + struct stat64 st; + if (__lxstat64 (_STAT_VER, buf, &st) < 0) + /* /proc is not mounted or something else happened. */ + return NULL; + return buf; }