summaryrefslogtreecommitdiff
path: root/src/lib/libc/stdlib (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* avoid left shift overflow in reallocarray.bcook2014-12-081-2/+2
| | | | | | | | Some 64-bit platforms (e.g. Windows 64) have a 32-bit long. So, shifting 1UL 32-bits to the left causes an overflow. This replaces the constant 1UL with (size_t)1 so that we get the correct constant size for the platform. discussed with tedu@ & deraadt@
* malloc(3) is in the "comp" install set, malloc.conf(5) in "man",schwarze2014-12-062-128/+10
| | | | | | breaking the hardlink between file system entries, confusing apropos(1). Split malloc.conf(5) out of malloc(3) as suggested by deraadt@. Feedback and OK jmc@, OK deraadt@ tedu@ jasper@.
* Replace all 14 instances of .St -ansiC-99 in our tree with .St -isoC-99.schwarze2014-11-3010-30/+30
| | | | | | The former is not used anywhere in NetBSD, FreeBSD, or DragonFly and not supported by groff, so i'm going to delete it from mandoc(1). We don't need two macros for the same thing.
* obvious STANDARDS updateschwarze2014-11-302-14/+10
|
* rand() is a pseudo-random number generatormillert2014-11-251-3/+3
|
* Don't describe random() as "better".millert2014-11-251-5/+5
| | | | | Remove the bug about rand() being faster. Add a bug about historical implementations seeding very poorly.
* Warn people to use arc4random() in DESCRIPTION so they see it usingmillert2014-11-251-5/+8
| | | | the same text from random.3.
* Document behavior of atexit() when called in a DSO that is later unloaded.guenther2014-11-201-2/+14
| | | | | | | | Would be nice to document when/where this originated (in glibc?) if anyone knows... tweaks by schwarze@ ok jmc@ espie@ kettenis@ schwarze@ dimitry(at)google.com
* Reduce instances of `` '' in manuals.bentley2014-11-151-5/+5
| | | | | | | | | | | | troff displays these as typographic quotes, but nroff implementations almost always print them literally, which rarely has the intended effect with modern fonts, even in stock xterm. These uses of `` '' can be replaced either with more semantic alternatives or with Dq, which prints typographic quotes in a UTF-8 locale (but will automatically fall back to `` '' in an ASCII locale). improvements and ok schwarze@
* clean up verbiage around the calculations; ok ingo jmc ottoderaadt2014-10-301-5/+5
|
* Don't mention old systems where realloc(NULL, n) didn't work as wemillert2014-10-301-11/+7
| | | | | don't want to give people the idea that this is non-portable (it has been present since C89). OK deraadt@ schwarze@
* Save space in man page: err() -> errc() and combine vars.doug2014-10-231-18/+11
| | | | | | Suggested by millert@ and schwarze@. OK schwarze@, millert@
* Avoid writing in second person in malloc.3doug2014-10-221-13/+12
| | | | ok deraadt@
* List extensions in the STANDARDS section, replacing some text below CAVEATS.schwarze2014-10-201-33/+30
| | | | | Remove excessive technicalities on zero-sized objects as suggested by deraadt@. contributions and ok deraadt@, ok jmc@ on an earlier version
* make RETURN VALUES more conciseschwarze2014-10-191-77/+28
| | | | | and fix two instances of "new sentence, new line" while here feedback and ok jmc@, ok doug@
* Revamp malloc.3 by reordering the sections and rewriting parts.doug2014-10-191-185/+417
| | | | | | | | | | | | | | | | | | | | | | | | | | | The old man page had a lot of useful information, but it was all mixed together which made it difficult to reference. The main theme in this commit is that the sections are more focused: * DESCRIPTION describes the overall behavior * RETURN VALUES describes what it may return (including implementation defined values) * EXAMPLES shows why we recently started an audit on malloc and realloc usage in the tree. * Added CAVEATS which describes what is implementation defined, gotchas and security implications of misusing these functions * Added IDIOMS which describes how these functions should or should not be used The MALLOC_OPTIONS section was left unchanged. Function names were added to DIAGNOSTICS and STANDARDS. The MALLOC_OPTIONS and DIAGNOSTICS sections were pushed down in the page so more pertinent information is higher up. This has gone through several revisions thanks to input from deraadt@ and schwarze@. Ingo also helped with some of the mandoc formatting. OK schwarze@ (as far as it is a good starting point and the code snippets look ok)
* Revert last commit due to changed semantics found by make release.doug2014-10-191-10/+10
|
* Better POSIX compliance in realpath(3).doug2014-10-181-10/+10
| | | | | | | millert@ made changes to realpath.c based on FreeBSD's version. I merged Todd's changes into dl_realpath.c. ok millert@, guenther@
* remove unused variablechl2014-10-131-3/+1
| | | | ok tedu@
* using reallocarray() gives us multiplicative integer overflow checkingderaadt2014-10-081-3/+3
| | | | | | | | | | in case something wants to create massive amounts of environment, like a bit more than 1/4 of a 32-bit address space. unrealistic -- but why audit one code path, and not treat others the same? then you have to re-engage everytime you see the code. read the news, that isn't what developers do. At least if the code paths look the same, there is hope, because they are easier to verify for correctness. developers need to give other developers a chance to want to care.
* Do not claim that empty numbers set EINVAL, our implementation doesn't.schwarze2014-09-142-37/+61
| | | | | | | Mention that invalid bases do set EINVAL (as required by POSIX); this part of the change uses part of an earlier patch by millert@. Minor mdoc(7) cleanup and sync between the two pages while here. Feedback and ok jmc@ and millert@.
* Make sure that the following functions return 0 and EINVAL asschwarze2014-09-136-20/+60
| | | | | | | | | | required by the C standard when called with an invalid base: strtoll(), strtoimax(), strtoul(), strtoull(), and strtoumax(). Same behaviour for strtoq() and strtouq() even though not standardized. No functional change in strtol(), it was the only one already correct. While here, simplify the conditional expression for checking the base and sync whitespace and comments among the six files. ok millert@
* obvious cases of missing .An;schwarze2014-09-081-3/+3
| | | | | found with the new mandoc(1) MANDOCERR_AN_MISSING warning; no text changes
* a small tweak to improve malloc in multithreaded programs. we don't needtedu2014-08-181-7/+21
| | | | | | | to hold the malloc lock across mmap syscalls in all cases. dropping it allows another thread to access the existing chunk cache if necessary. could be improved to be a bit more aggressive, but i've been testing this simple diff for some time now with good results.
* XPG requires insque() and remque() to work with linear lists and not justguenther2014-08-153-21/+26
| | | | | | | | | circular lists. Amazingly, they managed to extend the requirements to no longer match the behavior of the VAX instructions they were modeled after, so the trivial VAX ASM versions have to go. Nice job breaking it, X/Open! Based on a diff from enh (at) google.com ok miod@
* Only need <stdint.h> and not all of <inttypes.h> hereguenther2014-08-101-2/+2
|
* Remove "const" from the lsearch(3) manual's synopsis too.matthew2014-07-181-3/+3
| | | | Reminded by Rafael Neves
* zap trailing whitespace;jmc2014-07-181-3/+3
|
* Change lsearch()'s "base" argument to require a non-const pointer tomatthew2014-07-181-2/+2
| | | | | | | align with POSIX and other systems. Pointed out by Elliott Hughes on tech ok deraadt
* it is 2014, and we still need to encourage people away from srand()deraadt2014-07-172-5/+14
| | | | and random(). Sigh.
* oops, i deleted the wrong wordtedu2014-07-131-2/+2
|
* remove a lie spotted by guenthertedu2014-07-131-5/+4
|
* once srandomdev() is called, switch to using arc4random() but mask off thetedu2014-07-131-12/+10
| | | | | high bit as required by posix. wouldn't want to break any standards. idea and ok deraadt
* Add locking for __cxa_finalize() as it modifies the page permissions of thekettenis2014-07-111-1/+5
| | | | | | | __atexit tables and touches global variables. From Srinavasa Nagaraju through Android/Elliott Hughes. ok tedu@, guenther@
* better document perils of setuid getenv and xr with issetugidtedu2014-07-111-2/+10
| | | | ok deraadt
* as noted by google/android via kettenis, atexit handlers can install newtedu2014-07-101-1/+8
| | | | | handlers. if this happens, restart the loop. ok kettenis matthew millert miod
* reduce obvious dependency on global g_pool by moving to local aliasestedu2014-07-091-42/+48
| | | | ok otto
* extra evil spaces snuck in over the last whilederaadt2014-06-271-20/+20
|
* Move to a smaller rbytes buffer and skip a random part. Not tootto2014-06-271-3/+4
| | | | | | improve the random stream itself (it doesn't), but to introduce noise in the arc4random calling pattern. Thanks to matthew@ who pointed out bias in a previous diff, ok deraadt@ matthew@
* Always call atexit handlers as if they were registered with __cxa_atexit.kettenis2014-06-182-14/+8
| | | | | | | | | | | The extra argument doesn't hurt genuine atexit handlers and this fixes a bug where we didn't provide the argument (effectively passing garbage) for functions registered with __cxa_atexit in the main executable. Pointed out by Dmitriy Ivanov <dimitry@google.com> and Elliott Hughes <enh@google.com>. ok matthew@
* oops, typo. James Hartley is fast at trying -currentderaadt2014-06-151-2/+2
|
* In srandomdev(), use arc4random_buf() instead of from the kernel.deraadt2014-06-151-4/+3
| | | | discussion with matthew
* use getentropy; from matthewderaadt2014-06-131-5/+2
|
* Disable the "switch to insertion sort" optimization to avoid quadraticmillert2014-06-121-13/+2
| | | | behavior for certain inputs. From NetBSD. OK tedu@
* move random bytes buffer to be part of mmaped pages; ok tedu@otto2014-06-021-21/+18
|
* move all stats collecting under MALLOC_STATS; ok krw@otto2014-05-261-28/+33
|
* fix MALLOC_STATS (not compiled in by default); ok tedu@otto2014-05-211-18/+19
|
* factor out a bit of the chunk index code and use it to make sure that atedu2014-05-181-14/+33
| | | | | freed chunk is actually freeable immediately. catch more errors. hints/ok otto
* stop flushing streams in abort(). it's hackish and unsafe, and no longertedu2014-05-142-21/+13
| | | | | required. try to document this fact and some of the history. with feedback from deraadt guenther millert
* change to having four freelists per size, to reduce another source oftedu2014-05-121-16/+20
| | | | | deterministic behavior. four selected because it's more than three, less than five. i.e., no particular reason.
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-04 23:49:27 +0000