|  | Commit message (Collapse) | Author | Age | Files | Lines | 
|---|
| ... |  | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | The old man page had a lot of useful information, but it was all mixed
together which made it difficult to reference.  The main theme in this
commit is that the sections are more focused:
* DESCRIPTION describes the overall behavior
* RETURN VALUES describes what it may return (including implementation
  defined values)
* EXAMPLES shows why we recently started an audit on malloc and realloc
  usage in the tree.
* Added CAVEATS which describes what is implementation defined, gotchas
  and security implications of misusing these functions
* Added IDIOMS which describes how these functions should or
  should not be used
The MALLOC_OPTIONS section was left unchanged.  Function names were
added to DIAGNOSTICS and STANDARDS.  The MALLOC_OPTIONS and DIAGNOSTICS
sections were pushed down in the page so more pertinent information is
higher up.
This has gone through several revisions thanks to input from deraadt@
and schwarze@.  Ingo also helped with some of the mandoc formatting.
OK schwarze@ (as far as it is a good starting point and the code
snippets look ok) | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| | millert@ made changes to realpath.c based on FreeBSD's version.  I merged
Todd's changes into dl_realpath.c.
ok millert@, guenther@ | 
| | 
| 
| 
| | ok tedu@ | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| | in case something wants to create massive amounts of environment, like
a bit more than 1/4 of a 32-bit address space.  unrealistic -- but why
audit one code path, and not treat others the same?  then you have to
re-engage everytime you see the code.  read the news, that isn't what
developers do.  At least if the code paths look the same, there is hope,
because they are easier to verify for correctness.  developers need
to give other developers a chance to want to care. | 
| | 
| 
| 
| 
| 
| 
| | Mention that invalid bases do set EINVAL (as required by POSIX);
this part of the change uses part of an earlier patch by millert@.
Minor mdoc(7) cleanup and sync between the two pages while here.
Feedback and ok jmc@ and millert@. | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| | required by the C standard when called with an invalid base:
strtoll(), strtoimax(), strtoul(), strtoull(), and strtoumax().
Same behaviour for strtoq() and strtouq() even though not standardized.
No functional change in strtol(), it was the only one already correct.
While here, simplify the conditional expression for checking the base
and sync whitespace and comments among the six files.
ok millert@ | 
| | 
| 
| 
| 
| | found with the new mandoc(1) MANDOCERR_AN_MISSING warning;
no text changes | 
| | 
| 
| 
| 
| 
| 
| | to hold the malloc lock across mmap syscalls in all cases. dropping it
allows another thread to access the existing chunk cache if necessary.
could be improved to be a bit more aggressive, but i've been testing this
simple diff for some time now with good results. | 
| | 
| 
| 
| 
| 
| 
| 
| 
| | circular lists.  Amazingly, they managed to extend the requirements to no
longer match the behavior of the VAX instructions they were modeled after,
so the trivial VAX ASM versions have to go.  Nice job breaking it, X/Open!
Based on a diff from enh (at) google.com
ok miod@ | 
| | |  | 
| | 
| 
| 
| | Reminded by Rafael Neves | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| | align with POSIX and other systems.
Pointed out by Elliott Hughes on tech
ok deraadt | 
| | 
| 
| 
| | and random().  Sigh. | 
| | |  | 
| | |  | 
| | 
| 
| 
| 
| | high bit as required by posix. wouldn't want to break any standards.
idea and ok deraadt | 
| | 
| 
| 
| 
| 
| 
| | __atexit tables and touches global variables.  From Srinavasa Nagaraju
through Android/Elliott Hughes.
ok tedu@, guenther@ | 
| | 
| 
| 
| | ok deraadt | 
| | 
| 
| 
| 
| | handlers. if this happens, restart the loop.
ok kettenis matthew millert miod | 
| | 
| 
| 
| | ok otto | 
| | |  | 
| | 
| 
| 
| 
| 
| | improve the random stream itself (it doesn't), but to introduce
noise in the arc4random calling pattern. Thanks to matthew@ who
pointed out bias in a previous diff, ok deraadt@ matthew@ | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | The extra argument doesn't hurt genuine atexit handlers and this fixes a
bug where we didn't provide the argument (effectively passing garbage) for
functions registered with __cxa_atexit in the main executable.
Pointed out by Dmitriy Ivanov <dimitry@google.com> and Elliott Hughes
<enh@google.com>.
ok matthew@ | 
| | |  | 
| | 
| 
| 
| | discussion with matthew | 
| | |  | 
| | 
| 
| 
| | behavior for certain inputs.  From NetBSD.  OK tedu@ | 
| | |  | 
| | |  | 
| | |  | 
| | 
| 
| 
| 
| | freed chunk is actually freeable immediately. catch more errors.
hints/ok otto | 
| | 
| 
| 
| 
| | required. try to document this fact and some of the history.
with feedback from deraadt guenther millert | 
| | 
| 
| 
| 
| | deterministic behavior. four selected because it's more than three, less
than five. i.e., no particular reason. | 
| | |  | 
| | 
| 
| 
| 
| | can avoid reinventing the wheel
ok guenther schwarze | 
| | 
| 
| 
| | ok crickets@ | 
| | |  | 
| | 
| 
| 
| 
| | a free chunk at random and may allow to increase delayed chunk array.
ok otto | 
| | 
| 
| 
| | default and the new 'j' option to disable this; ok jmc@ | 
| | 
| 
| 
| 
| 
| 
| | we always junk small chunks now, and the first part of pages,
but only after free. J still does the old thing. j disables everything.
Consider experimental as we evaluate performance in the real world.
ok otto | 
| | 
| 
| 
| | okay otto@ | 
| | 
| 
| 
| | Should improve sparc64 and other be archs. ok matthew@ miod@ | 
| | 
| 
| 
| | - use <> | 
| | 
| 
| 
| 
| | malloc can, as always, be emulated via realloc(NULL).
ok deraadt | 
| | |  | 
| | 
| 
| 
| 
| | Like calloc(), except without the cleared-memory gaurantee
ok beck guenther, discussed for more than a year... | 
| | 
| 
| 
| | From Ben Cornett (ben (at) lantern.is) | 
| | |  |