From: Xi Ruoyao <xry111@xry111.site>
To: libc-alpha@sourceware.org
Cc: Adhemerval Zanella Netto <adhemerval.zanella@linaro.org>,
Carlos O'Donell <carlos@redhat.com>,
Alex Colomar <alx.manpages@gmail.com>,
Andreas Schwab <schwab@suse.de>, Xi Ruoyao <xry111@xry111.site>
Subject: [PATCH v4] libio: Add nonnull attribute for most FILE * arguments in stdio.h
Date: Mon, 3 Jul 2023 21:10:16 +0800 [thread overview]
Message-ID: <20230703131059.975829-1-xry111@xry111.site> (raw)
During the review of a GCC analyzer test case, we found most stdio
functions accepting a FILE * argument expect it to be nonnull and just
segfault when the argument is NULL. Add nonnull attribute for them.
fflush and fflush_unlocked are well defined when __stream is NULL so
they are not touched.
For fputs, fgets, fread, fwrite, fprintf, vfprintf, and their unlocked
version, if __stream is empty but there is nothing to read or write,
they did not segfault. But the standard disallow __stream to be empty
here, so nonnull attribute is also added for them. Note that this may
blow up some old code already subtly broken.
Signed-off-by: Xi Ruoyao <xry111@xry111.site>
---
v3 -> v4: Add nonnull attribute for anything the standard disallows
NULL.
libio/stdio.h | 142 +++++++++++++++++++++++++++-----------------------
1 file changed, 76 insertions(+), 66 deletions(-)
diff --git a/libio/stdio.h b/libio/stdio.h
index 4cf9f1c012..c709a65f5e 100644
--- a/libio/stdio.h
+++ b/libio/stdio.h
@@ -278,7 +278,7 @@ extern FILE *__REDIRECT (fopen, (const char *__restrict __filename,
extern FILE *__REDIRECT (freopen, (const char *__restrict __filename,
const char *__restrict __modes,
FILE *__restrict __stream), freopen64)
- __wur;
+ __wur __nonnull ((3));
# else
# define fopen fopen64
# define freopen freopen64
@@ -330,21 +330,22 @@ extern __FILE *open_wmemstream (wchar_t **__bufloc, size_t *__sizeloc) __THROW
/* If BUF is NULL, make STREAM unbuffered.
Else make it use buffer BUF, of size BUFSIZ. */
-extern void setbuf (FILE *__restrict __stream, char *__restrict __buf) __THROW;
+extern void setbuf (FILE *__restrict __stream, char *__restrict __buf) __THROW
+ __nonnull ((1));
/* Make STREAM use buffering mode MODE.
If BUF is not NULL, use N bytes of it for buffering;
else allocate an internal buffer N bytes long. */
extern int setvbuf (FILE *__restrict __stream, char *__restrict __buf,
- int __modes, size_t __n) __THROW;
+ int __modes, size_t __n) __THROW __nonnull ((1));
#ifdef __USE_MISC
/* If BUF is NULL, make STREAM unbuffered.
Else make it use SIZE bytes of BUF for buffering. */
extern void setbuffer (FILE *__restrict __stream, char *__restrict __buf,
- size_t __size) __THROW;
+ size_t __size) __THROW __nonnull ((1));
/* Make STREAM line-buffered. */
-extern void setlinebuf (FILE *__stream) __THROW;
+extern void setlinebuf (FILE *__stream) __THROW __nonnull ((1));
#endif
@@ -353,7 +354,7 @@ extern void setlinebuf (FILE *__stream) __THROW;
This function is a possible cancellation point and therefore not
marked with __THROW. */
extern int fprintf (FILE *__restrict __stream,
- const char *__restrict __format, ...);
+ const char *__restrict __format, ...) __nonnull ((1));
/* Write formatted output to stdout.
This function is a possible cancellation point and therefore not
@@ -368,7 +369,7 @@ extern int sprintf (char *__restrict __s,
This function is a possible cancellation point and therefore not
marked with __THROW. */
extern int vfprintf (FILE *__restrict __s, const char *__restrict __format,
- __gnuc_va_list __arg);
+ __gnuc_va_list __arg) __nonnull ((1));
/* Write formatted output to stdout from argument list ARG.
This function is a possible cancellation point and therefore not
@@ -418,7 +419,7 @@ extern int dprintf (int __fd, const char *__restrict __fmt, ...)
This function is a possible cancellation point and therefore not
marked with __THROW. */
extern int fscanf (FILE *__restrict __stream,
- const char *__restrict __format, ...) __wur;
+ const char *__restrict __format, ...) __wur __nonnull ((1));
/* Read formatted input from stdin.
This function is a possible cancellation point and therefore not
@@ -439,7 +440,7 @@ extern int sscanf (const char *__restrict __s,
# ifdef __REDIRECT
extern int __REDIRECT (fscanf, (FILE *__restrict __stream,
const char *__restrict __format, ...),
- __isoc23_fscanf) __wur;
+ __isoc23_fscanf) __wur __nonnull ((1));
extern int __REDIRECT (scanf, (const char *__restrict __format, ...),
__isoc23_scanf) __wur;
extern int __REDIRECT_NTH (sscanf, (const char *__restrict __s,
@@ -447,7 +448,7 @@ extern int __REDIRECT_NTH (sscanf, (const char *__restrict __s,
__isoc23_sscanf);
# else
extern int __isoc23_fscanf (FILE *__restrict __stream,
- const char *__restrict __format, ...) __wur;
+ const char *__restrict __format, ...) __wur __nonnull ((1));
extern int __isoc23_scanf (const char *__restrict __format, ...) __wur;
extern int __isoc23_sscanf (const char *__restrict __s,
const char *__restrict __format, ...) __THROW;
@@ -459,7 +460,7 @@ extern int __isoc23_sscanf (const char *__restrict __s,
# ifdef __REDIRECT
extern int __REDIRECT (fscanf, (FILE *__restrict __stream,
const char *__restrict __format, ...),
- __isoc99_fscanf) __wur;
+ __isoc99_fscanf) __wur __nonnull ((1));
extern int __REDIRECT (scanf, (const char *__restrict __format, ...),
__isoc99_scanf) __wur;
extern int __REDIRECT_NTH (sscanf, (const char *__restrict __s,
@@ -467,7 +468,7 @@ extern int __REDIRECT_NTH (sscanf, (const char *__restrict __s,
__isoc99_sscanf);
# else
extern int __isoc99_fscanf (FILE *__restrict __stream,
- const char *__restrict __format, ...) __wur;
+ const char *__restrict __format, ...) __wur __nonnull ((1));
extern int __isoc99_scanf (const char *__restrict __format, ...) __wur;
extern int __isoc99_sscanf (const char *__restrict __s,
const char *__restrict __format, ...) __THROW;
@@ -485,7 +486,7 @@ extern int __isoc99_sscanf (const char *__restrict __s,
marked with __THROW. */
extern int vfscanf (FILE *__restrict __s, const char *__restrict __format,
__gnuc_va_list __arg)
- __attribute__ ((__format__ (__scanf__, 2, 0))) __wur;
+ __attribute__ ((__format__ (__scanf__, 2, 0))) __wur __nonnull ((1));
/* Read formatted input from stdin into argument list ARG.
@@ -508,7 +509,7 @@ extern int __REDIRECT (vfscanf,
(FILE *__restrict __s,
const char *__restrict __format, __gnuc_va_list __arg),
__isoc23_vfscanf)
- __attribute__ ((__format__ (__scanf__, 2, 0))) __wur;
+ __attribute__ ((__format__ (__scanf__, 2, 0))) __wur __nonnull ((1));
extern int __REDIRECT (vscanf, (const char *__restrict __format,
__gnuc_va_list __arg), __isoc23_vscanf)
__attribute__ ((__format__ (__scanf__, 1, 0))) __wur;
@@ -520,7 +521,7 @@ extern int __REDIRECT_NTH (vsscanf,
# elif !defined __REDIRECT
extern int __isoc23_vfscanf (FILE *__restrict __s,
const char *__restrict __format,
- __gnuc_va_list __arg) __wur;
+ __gnuc_va_list __arg) __wur __nonnull ((1));
extern int __isoc23_vscanf (const char *__restrict __format,
__gnuc_va_list __arg) __wur;
extern int __isoc23_vsscanf (const char *__restrict __s,
@@ -537,7 +538,7 @@ extern int __REDIRECT (vfscanf,
(FILE *__restrict __s,
const char *__restrict __format, __gnuc_va_list __arg),
__isoc99_vfscanf)
- __attribute__ ((__format__ (__scanf__, 2, 0))) __wur;
+ __attribute__ ((__format__ (__scanf__, 2, 0))) __wur __nonnull ((1));
extern int __REDIRECT (vscanf, (const char *__restrict __format,
__gnuc_va_list __arg), __isoc99_vscanf)
__attribute__ ((__format__ (__scanf__, 1, 0))) __wur;
@@ -549,7 +550,7 @@ extern int __REDIRECT_NTH (vsscanf,
# elif !defined __REDIRECT
extern int __isoc99_vfscanf (FILE *__restrict __s,
const char *__restrict __format,
- __gnuc_va_list __arg) __wur;
+ __gnuc_va_list __arg) __wur __nonnull ((1));
extern int __isoc99_vscanf (const char *__restrict __format,
__gnuc_va_list __arg) __wur;
extern int __isoc99_vsscanf (const char *__restrict __s,
@@ -568,8 +569,8 @@ extern int __isoc99_vsscanf (const char *__restrict __s,
These functions are possible cancellation points and therefore not
marked with __THROW. */
-extern int fgetc (FILE *__stream);
-extern int getc (FILE *__stream);
+extern int fgetc (FILE *__stream) __nonnull ((1));
+extern int getc (FILE *__stream) __nonnull ((1));
/* Read a character from stdin.
@@ -582,7 +583,7 @@ extern int getchar (void);
These functions are possible cancellation points and therefore not
marked with __THROW. */
-extern int getc_unlocked (FILE *__stream);
+extern int getc_unlocked (FILE *__stream) __nonnull ((1));
extern int getchar_unlocked (void);
#endif /* Use POSIX. */
@@ -593,7 +594,7 @@ extern int getchar_unlocked (void);
cancellation point. But due to similarity with an POSIX interface
or due to the implementation it is a cancellation point and
therefore not marked with __THROW. */
-extern int fgetc_unlocked (FILE *__stream);
+extern int fgetc_unlocked (FILE *__stream) __nonnull ((1));
#endif /* Use MISC. */
@@ -604,8 +605,8 @@ extern int fgetc_unlocked (FILE *__stream);
These functions is a possible cancellation point and therefore not
marked with __THROW. */
-extern int fputc (int __c, FILE *__stream);
-extern int putc (int __c, FILE *__stream);
+extern int fputc (int __c, FILE *__stream) __nonnull ((2));
+extern int putc (int __c, FILE *__stream) __nonnull ((2));
/* Write a character to stdout.
@@ -620,7 +621,7 @@ extern int putchar (int __c);
cancellation point. But due to similarity with an POSIX interface
or due to the implementation it is a cancellation point and
therefore not marked with __THROW. */
-extern int fputc_unlocked (int __c, FILE *__stream);
+extern int fputc_unlocked (int __c, FILE *__stream) __nonnull ((2));
#endif /* Use MISC. */
#ifdef __USE_POSIX199506
@@ -628,7 +629,7 @@ extern int fputc_unlocked (int __c, FILE *__stream);
These functions are possible cancellation points and therefore not
marked with __THROW. */
-extern int putc_unlocked (int __c, FILE *__stream);
+extern int putc_unlocked (int __c, FILE *__stream) __nonnull ((2));
extern int putchar_unlocked (int __c);
#endif /* Use POSIX. */
@@ -636,10 +637,10 @@ extern int putchar_unlocked (int __c);
#if defined __USE_MISC \
|| (defined __USE_XOPEN && !defined __USE_XOPEN2K)
/* Get a word (int) from STREAM. */
-extern int getw (FILE *__stream);
+extern int getw (FILE *__stream) __nonnull ((1));
/* Write a word (int) to STREAM. */
-extern int putw (int __w, FILE *__stream);
+extern int putw (int __w, FILE *__stream) __nonnull ((2));
#endif
@@ -648,7 +649,7 @@ extern int putw (int __w, FILE *__stream);
This function is a possible cancellation point and therefore not
marked with __THROW. */
extern char *fgets (char *__restrict __s, int __n, FILE *__restrict __stream)
- __wur __fortified_attr_access (__write_only__, 1, 2);
+ __wur __fortified_attr_access (__write_only__, 1, 2) __nonnull ((3));
#if __GLIBC_USE (DEPRECATED_GETS)
/* Get a newline-terminated string from stdin, removing the newline.
@@ -672,7 +673,7 @@ extern char *gets (char *__s) __wur __attribute_deprecated__;
therefore not marked with __THROW. */
extern char *fgets_unlocked (char *__restrict __s, int __n,
FILE *__restrict __stream) __wur
- __fortified_attr_access (__write_only__, 1, 2);
+ __fortified_attr_access (__write_only__, 1, 2) __nonnull ((3));
#endif
@@ -689,10 +690,10 @@ extern char *fgets_unlocked (char *__restrict __s, int __n,
therefore not marked with __THROW. */
extern __ssize_t __getdelim (char **__restrict __lineptr,
size_t *__restrict __n, int __delimiter,
- FILE *__restrict __stream) __wur;
+ FILE *__restrict __stream) __wur __nonnull ((4));
extern __ssize_t getdelim (char **__restrict __lineptr,
size_t *__restrict __n, int __delimiter,
- FILE *__restrict __stream) __wur;
+ FILE *__restrict __stream) __wur __nonnull ((4));
/* Like `getdelim', but reads up to a newline.
@@ -702,7 +703,7 @@ extern __ssize_t getdelim (char **__restrict __lineptr,
therefore not marked with __THROW. */
extern __ssize_t getline (char **__restrict __lineptr,
size_t *__restrict __n,
- FILE *__restrict __stream) __wur;
+ FILE *__restrict __stream) __wur __nonnull ((3));
#endif
@@ -710,7 +711,8 @@ extern __ssize_t getline (char **__restrict __lineptr,
This function is a possible cancellation point and therefore not
marked with __THROW. */
-extern int fputs (const char *__restrict __s, FILE *__restrict __stream);
+extern int fputs (const char *__restrict __s, FILE *__restrict __stream)
+ __nonnull ((2));
/* Write a string, followed by a newline, to stdout.
@@ -723,7 +725,7 @@ extern int puts (const char *__s);
This function is a possible cancellation point and therefore not
marked with __THROW. */
-extern int ungetc (int __c, FILE *__stream);
+extern int ungetc (int __c, FILE *__stream) __nonnull ((2));
/* Read chunks of generic data from STREAM.
@@ -731,13 +733,14 @@ extern int ungetc (int __c, FILE *__stream);
This function is a possible cancellation point and therefore not
marked with __THROW. */
extern size_t fread (void *__restrict __ptr, size_t __size,
- size_t __n, FILE *__restrict __stream) __wur;
+ size_t __n, FILE *__restrict __stream) __wur
+ __nonnull((4));
/* Write chunks of generic data to STREAM.
This function is a possible cancellation point and therefore not
marked with __THROW. */
extern size_t fwrite (const void *__restrict __ptr, size_t __size,
- size_t __n, FILE *__restrict __s);
+ size_t __n, FILE *__restrict __s) __nonnull((4));
#ifdef __USE_GNU
/* This function does the same as `fputs' but does not lock the stream.
@@ -747,7 +750,7 @@ extern size_t fwrite (const void *__restrict __ptr, size_t __size,
or due to the implementation it is a cancellation point and
therefore not marked with __THROW. */
extern int fputs_unlocked (const char *__restrict __s,
- FILE *__restrict __stream);
+ FILE *__restrict __stream) __nonnull ((2));
#endif
#ifdef __USE_MISC
@@ -758,9 +761,11 @@ extern int fputs_unlocked (const char *__restrict __s,
or due to the implementation they are cancellation points and
therefore not marked with __THROW. */
extern size_t fread_unlocked (void *__restrict __ptr, size_t __size,
- size_t __n, FILE *__restrict __stream) __wur;
+ size_t __n, FILE *__restrict __stream) __wur
+ __nonnull ((4));
extern size_t fwrite_unlocked (const void *__restrict __ptr, size_t __size,
- size_t __n, FILE *__restrict __stream);
+ size_t __n, FILE *__restrict __stream)
+ __nonnull ((4));
#endif
@@ -768,17 +773,17 @@ extern size_t fwrite_unlocked (const void *__restrict __ptr, size_t __size,
This function is a possible cancellation point and therefore not
marked with __THROW. */
-extern int fseek (FILE *__stream, long int __off, int __whence);
+extern int fseek (FILE *__stream, long int __off, int __whence) __nonnull ((1));
/* Return the current position of STREAM.
This function is a possible cancellation point and therefore not
marked with __THROW. */
-extern long int ftell (FILE *__stream) __wur;
+extern long int ftell (FILE *__stream) __wur __nonnull ((1));
/* Rewind to the beginning of STREAM.
This function is a possible cancellation point and therefore not
marked with __THROW. */
-extern void rewind (FILE *__stream);
+extern void rewind (FILE *__stream) __nonnull ((1));
/* The Single Unix Specification, Version 2, specifies an alternative,
more adequate interface for the two functions above which deal with
@@ -791,18 +796,19 @@ extern void rewind (FILE *__stream);
This function is a possible cancellation point and therefore not
marked with __THROW. */
-extern int fseeko (FILE *__stream, __off_t __off, int __whence);
+extern int fseeko (FILE *__stream, __off_t __off, int __whence) __nonnull ((1));
/* Return the current position of STREAM.
This function is a possible cancellation point and therefore not
marked with __THROW. */
-extern __off_t ftello (FILE *__stream) __wur;
+extern __off_t ftello (FILE *__stream) __wur __nonnull ((1));
# else
# ifdef __REDIRECT
extern int __REDIRECT (fseeko,
(FILE *__stream, __off64_t __off, int __whence),
- fseeko64);
-extern __off64_t __REDIRECT (ftello, (FILE *__stream), ftello64);
+ fseeko64) __nonnull ((1));
+extern __off64_t __REDIRECT (ftello, (FILE *__stream), ftello64)
+ __nonnull ((1));
# else
# define fseeko fseeko64
# define ftello ftello64
@@ -815,18 +821,20 @@ extern __off64_t __REDIRECT (ftello, (FILE *__stream), ftello64);
This function is a possible cancellation point and therefore not
marked with __THROW. */
-extern int fgetpos (FILE *__restrict __stream, fpos_t *__restrict __pos);
+extern int fgetpos (FILE *__restrict __stream, fpos_t *__restrict __pos)
+ __nonnull ((1));
/* Set STREAM's position.
This function is a possible cancellation point and therefore not
marked with __THROW. */
-extern int fsetpos (FILE *__stream, const fpos_t *__pos);
+extern int fsetpos (FILE *__stream, const fpos_t *__pos) __nonnull ((1));
#else
# ifdef __REDIRECT
extern int __REDIRECT (fgetpos, (FILE *__restrict __stream,
- fpos_t *__restrict __pos), fgetpos64);
+ fpos_t *__restrict __pos), fgetpos64) __nonnull ((1));
extern int __REDIRECT (fsetpos,
- (FILE *__stream, const fpos_t *__pos), fsetpos64);
+ (FILE *__stream, const fpos_t *__pos), fsetpos64)
+ __nonnull ((1));
# else
# define fgetpos fgetpos64
# define fsetpos fsetpos64
@@ -834,24 +842,26 @@ extern int __REDIRECT (fsetpos,
#endif
#ifdef __USE_LARGEFILE64
-extern int fseeko64 (FILE *__stream, __off64_t __off, int __whence);
-extern __off64_t ftello64 (FILE *__stream) __wur;
-extern int fgetpos64 (FILE *__restrict __stream, fpos64_t *__restrict __pos);
-extern int fsetpos64 (FILE *__stream, const fpos64_t *__pos);
+extern int fseeko64 (FILE *__stream, __off64_t __off, int __whence)
+ __nonnull ((1));
+extern __off64_t ftello64 (FILE *__stream) __wur __nonnull ((1));
+extern int fgetpos64 (FILE *__restrict __stream, fpos64_t *__restrict __pos)
+ __nonnull ((1));
+extern int fsetpos64 (FILE *__stream, const fpos64_t *__pos) __nonnull ((1));
#endif
/* Clear the error and EOF indicators for STREAM. */
-extern void clearerr (FILE *__stream) __THROW;
+extern void clearerr (FILE *__stream) __THROW __nonnull ((1));
/* Return the EOF indicator for STREAM. */
-extern int feof (FILE *__stream) __THROW __wur;
+extern int feof (FILE *__stream) __THROW __wur __nonnull ((1));
/* Return the error indicator for STREAM. */
-extern int ferror (FILE *__stream) __THROW __wur;
+extern int ferror (FILE *__stream) __THROW __wur __nonnull ((1));
#ifdef __USE_MISC
/* Faster versions when locking is not required. */
-extern void clearerr_unlocked (FILE *__stream) __THROW;
-extern int feof_unlocked (FILE *__stream) __THROW __wur;
-extern int ferror_unlocked (FILE *__stream) __THROW __wur;
+extern void clearerr_unlocked (FILE *__stream) __THROW __nonnull ((1));
+extern int feof_unlocked (FILE *__stream) __THROW __wur __nonnull ((1));
+extern int ferror_unlocked (FILE *__stream) __THROW __wur __nonnull ((1));
#endif
@@ -864,12 +874,12 @@ extern void perror (const char *__s) __COLD;
#ifdef __USE_POSIX
/* Return the system file descriptor for STREAM. */
-extern int fileno (FILE *__stream) __THROW __wur;
+extern int fileno (FILE *__stream) __THROW __wur __nonnull ((1));
#endif /* Use POSIX. */
#ifdef __USE_MISC
/* Faster version when locking is not required. */
-extern int fileno_unlocked (FILE *__stream) __THROW __wur;
+extern int fileno_unlocked (FILE *__stream) __THROW __wur __nonnull ((1));
#endif
@@ -878,7 +888,7 @@ extern int fileno_unlocked (FILE *__stream) __THROW __wur;
This function is a possible cancellation point and therefore not
marked with __THROW. */
-extern int pclose (FILE *__stream);
+extern int pclose (FILE *__stream) __nonnull ((1));
/* Create a new stream connected to a pipe running the given command.
@@ -922,14 +932,14 @@ extern int obstack_vprintf (struct obstack *__restrict __obstack,
/* These are defined in POSIX.1:1996. */
/* Acquire ownership of STREAM. */
-extern void flockfile (FILE *__stream) __THROW;
+extern void flockfile (FILE *__stream) __THROW __nonnull ((1));
/* Try to acquire ownership of STREAM but do not block if it is not
possible. */
-extern int ftrylockfile (FILE *__stream) __THROW __wur;
+extern int ftrylockfile (FILE *__stream) __THROW __wur __nonnull ((1));
/* Relinquish the ownership granted for STREAM. */
-extern void funlockfile (FILE *__stream) __THROW;
+extern void funlockfile (FILE *__stream) __THROW __nonnull ((1));
#endif /* POSIX */
#if defined __USE_XOPEN && !defined __USE_XOPEN2K && !defined __USE_GNU
--
2.41.0
next reply other threads:[~2023-07-03 13:11 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-07-03 13:10 Xi Ruoyao [this message]
2023-07-10 14:51 ` Siddhesh Poyarekar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230703131059.975829-1-xry111@xry111.site \
--to=xry111@xry111.site \
--cc=adhemerval.zanella@linaro.org \
--cc=alx.manpages@gmail.com \
--cc=carlos@redhat.com \
--cc=libc-alpha@sourceware.org \
--cc=schwab@suse.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).