From: Adhemerval Zanella <adhemerval.zanella@linaro.org>
To: Paul Eggert <eggert@cs.ucla.edu>, Andreas Schwab <schwab@suse.de>
Cc: libc-alpha@sourceware.org
Subject: Re: [PATCH v2] libio: Flush stream at freopen (BZ#21037)
Date: Thu, 14 Jun 2018 18:28:00 -0000 [thread overview]
Message-ID: <7872b4cd-9574-9785-2ff0-873e5a6a1136@linaro.org> (raw)
In-Reply-To: <2df65bd4-8dfc-187a-c917-87da4510fd15@cs.ucla.edu>
On 14/06/2018 13:43, Paul Eggert wrote:
> On 06/14/2018 08:01 AM, Adhemerval Zanella wrote:
>> + char fdfilename[30];
>
> The magic number 30 should be turned into a named constant defined in fd_to_filename.h, to help prevent future mistakes. Once that is done, you can change the signature of fd_to_filename to not pass the size, and to require the caller to pass an array of at least size 30, so that fd_to_filename need not check for buffer overflow (see below for more on this).
>
>> +Â const char *gfilename;
>> +Â if (filename == NULL && fd >= 0)
>> +Â Â Â gfilename = fd_to_filename (fd, fdfilename, sizeof fdfilename)
>> +Â Â Â Â Â Â Â ? fdfilename : NULL;
>> +Â else
>> +Â Â Â gfilename = filename;
>
> Cleaner would be:
>
> Â const char *gfilename
> Â Â Â = filename != NULL ? filename : fd_to_filename (fd, fdfilename);
>
> That is, let fd_to_filename worry about what to do with negative fd, and have it return fdfilename or NULL, and don't pass the size (which should be that magic number regardless).
>
>
>> -static inline const char *
>> -fd_to_filename (int fd)
>> +static inline bool
>> +fd_to_filename (int fd, char *buf, size_t len)
>> Â {
>> -Â char *ret = malloc (30);
>> +Â __snprintf (buf, len, "/proc/self/fd/%d", fd);
>> Â -Â if (ret != NULL)
>> -Â Â Â {
>> -Â Â Â Â Â struct stat64 st;
>> -
>> -Â Â Â Â Â *_fitoa_word (fd, __stpcpy (ret, "/proc/self/fd/"), 10, 0) = '\0';
>> -
>> -     /* We must make sure the file exists. */
>> -Â Â Â Â Â if (__lxstat64 (_STAT_VER, ret, &st) < 0)
>> -Â Â Â {
>> -     /* /proc is not mounted or something else happened. Don't
>> -        return the file name. */
>> -Â Â Â Â Â free (ret);
>> -Â Â Â Â Â ret = NULL;
>> -Â Â Â }
>> -Â Â Â }
>> -Â return ret;
>> + /* We must make sure the file exists. */
>> +Â if (__lxstat64 (_STAT_VER, buf, & (struct stat64) {}) < 0)
>> +   /* /proc is not mounted or something else happened. */
>> +Â Â Â return false;
>> +Â return true;
>> Â }
>
> The __snprintf would be quite wrong if the string did not fit. Again, I suggest simply requiring the buffer to be long enough and not checking its length, and sticking with stpcpy + _fitoa_word which should be more efficient than __snprintf anyway (or if you prefer simplicity to speed, just use sprintf).
>
> The '& (struct stat64) {}' construct looks pretty but is less efficient as it makes the compiler zero out the structure unnecessarily, so the code should keep doing that struct the old-fashioned way.
Thanks, fixed based on your review:
---
[BZ #21037]
* libio/Makefile (tests): Add tst-memstream4 and tst-wmemstream4.
* libio/freopen.c (freopen): Sync stream before reopen and adjust to
new fd_to_filename interface.
* libio/freopen64.c (freopen64): Likewise.
* libio/tst-memstream.h: New file.
* libio/tst-memstream4.c: Likewise.
* libio/tst-wmemstream4.c: Likewise.
* sysdeps/generic/fd_to_filename.h (fd_to_filename): Change signature.
* sysdeps/unix/sysv/linux/fd_to_filename.h (fd_to_filename): Likewise
and remove internal dynamic allocation.
---
diff --git a/libio/Makefile b/libio/Makefile
index cbe14a8..077bd40 100644
--- a/libio/Makefile
+++ b/libio/Makefile
@@ -59,8 +59,8 @@ tests = tst_swprintf tst_wprintf tst_swscanf tst_wscanf tst_getwc tst_putwc \
tst-mmap-eofsync tst-mmap-fflushsync bug-mmap-fflush \
tst-mmap2-eofsync tst-mmap-offend bug-fopena+ bug-wfflush \
bug-ungetc2 bug-ftell bug-ungetc3 bug-ungetc4 tst-fopenloc2 \
- tst-memstream1 tst-memstream2 tst-memstream3 \
- tst-wmemstream1 tst-wmemstream2 tst-wmemstream3 \
+ tst-memstream1 tst-memstream2 tst-memstream3 tst-memstream4 \
+ tst-wmemstream1 tst-wmemstream2 tst-wmemstream3 tst-wmemstream4 \
bug-memstream1 bug-wmemstream1 \
tst-setvbuf1 tst-popen1 tst-fgetwc bug-wsetpos tst-fseek \
tst-fwrite-error tst-ftell-partial-wide tst-ftell-active-handler \
diff --git a/libio/freopen.c b/libio/freopen.c
index abf19e9..6ce74ae 100644
--- a/libio/freopen.c
+++ b/libio/freopen.c
@@ -24,28 +24,34 @@
This exception applies to code released by its copyright holders
in files containing the exception. */
-#include "libioP.h"
-#include "stdio.h"
+#include <stdio.h>
#include <fcntl.h>
#include <stdlib.h>
#include <unistd.h>
-#include <shlib-compat.h>
+#include <libioP.h>
#include <fd_to_filename.h>
-
-#include <kernel-features.h>
+#include <shlib-compat.h>
FILE *
freopen (const char *filename, const char *mode, FILE *fp)
{
- FILE *result;
+ FILE *result = NULL;
+ char fdfilename[FD_TO_FILENAME_SIZE];
+
CHECK_FILE (fp, NULL);
- if (!(fp->_flags & _IO_IS_FILEBUF))
- return NULL;
+
_IO_acquire_lock (fp);
+ /* First flush the stream (failure should be ignored). */
+ _IO_SYNC (fp);
+
+ if (!(fp->_flags & _IO_IS_FILEBUF))
+ goto end;
+
int fd = _IO_fileno (fp);
- const char *gfilename = (filename == NULL && fd >= 0
- ? fd_to_filename (fd) : filename);
+ const char *gfilename
+ = filename != NULL ? filename : fd_to_filename (fd, fdfilename);
+
fp->_flags2 |= _IO_FLAGS2_NOCLOSE;
#if SHLIB_COMPAT (libc, GLIBC_2_0, GLIBC_2_1)
if (&_IO_stdin_used == NULL)
@@ -101,9 +107,6 @@ freopen (const char *filename, const char *mode, FILE *fp)
__close (fd);
end:
- if (filename == NULL)
- free ((char *) gfilename);
-
_IO_release_lock (fp);
return result;
}
diff --git a/libio/freopen64.c b/libio/freopen64.c
index ea7ebd3..d13c70f 100644
--- a/libio/freopen64.c
+++ b/libio/freopen64.c
@@ -24,27 +24,33 @@
This exception applies to code released by its copyright holders
in files containing the exception. */
-#include "libioP.h"
-#include "stdio.h"
+#include <stdio.h>
#include <fcntl.h>
#include <stdlib.h>
#include <unistd.h>
+#include <libioP.h>
#include <fd_to_filename.h>
-#include <kernel-features.h>
-
FILE *
freopen64 (const char *filename, const char *mode, FILE *fp)
{
- FILE *result;
+ FILE *result = NULL;
+ char fdfilename[FD_TO_FILENAME_SIZE];
+
CHECK_FILE (fp, NULL);
- if (!(fp->_flags & _IO_IS_FILEBUF))
- return NULL;
+
_IO_acquire_lock (fp);
+ /* First flush the stream (failure should be ignored). */
+ _IO_SYNC (fp);
+
+ if (!(fp->_flags & _IO_IS_FILEBUF))
+ goto end;
+
int fd = _IO_fileno (fp);
- const char *gfilename = (filename == NULL && fd >= 0
- ? fd_to_filename (fd) : filename);
+ const char *gfilename
+ = filename != NULL ? filename : fd_to_filename (fd, fdfilename);
+
fp->_flags2 |= _IO_FLAGS2_NOCLOSE;
_IO_file_close_it (fp);
_IO_JUMPS_FILE_plus (fp) = &_IO_file_jumps;
@@ -84,8 +90,6 @@ freopen64 (const char *filename, const char *mode, FILE *fp)
__close (fd);
end:
- if (filename == NULL)
- free ((char *) gfilename);
_IO_release_lock (fp);
return result;
}
diff --git a/libio/tst-memstream.h b/libio/tst-memstream.h
new file mode 100644
index 0000000..b9b02bd
--- /dev/null
+++ b/libio/tst-memstream.h
@@ -0,0 +1,68 @@
+/* Common definitions for open_memstream tests.
+ Copyright (C) 2018 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <http://www.gnu.org/licenses/>. */
+
+#include <mcheck.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdarg.h>
+#include <errno.h>
+
+#include <support/check.h>
+
+#ifdef TEST_WCHAR
+# include <wchar.h>
+
+/* Straighforward implementation so tst-memstream3 could use check
+ fwrite on open_memstream. */
+static size_t __attribute__ ((used))
+fwwrite (const void *ptr, size_t size, size_t nmemb, FILE *arq)
+{
+ const wchar_t *wcs = (const wchar_t*) (ptr);
+ for (size_t s = 0; s < size; s++)
+ {
+ for (size_t n = 0; n < nmemb; n++)
+ if (fputwc (wcs[n], arq) == WEOF)
+ return n;
+ }
+ return size * nmemb;
+}
+
+# define CHAR_T wchar_t
+# define W(o) L##o
+# define OPEN_MEMSTREAM open_wmemstream
+# define PRINTF wprintf
+# define FWRITE fwwrite
+# define FPUTC fputwc
+# define FPUTS fputws
+# define STRCMP wcscmp
+# define STRLEN wcslen
+#else
+# define CHAR_T char
+# define W(o) o
+# define OPEN_MEMSTREAM open_memstream
+# define PRINTF printf
+# define FWRITE fwrite
+# define FPUTC fputc
+# define FPUTS fputs
+# define STRCMP strcmp
+# define STRLEN strlen
+#endif
+
+#define S(s) S1 (s)
+#define S1(s) #s
diff --git a/libio/tst-memstream4.c b/libio/tst-memstream4.c
new file mode 100644
index 0000000..43082f1
--- /dev/null
+++ b/libio/tst-memstream4.c
@@ -0,0 +1,62 @@
+/* Test for open_memstream BZ #21037.
+ Copyright (C) 2018 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <http://www.gnu.org/licenses/>. */
+
+#include "tst-memstream.h"
+
+static void
+mcheck_abort (enum mcheck_status ev)
+{
+ printf ("mecheck failed with status %d\n", (int) ev);
+ exit (1);
+}
+
+static int
+do_test (void)
+{
+ mcheck_pedantic (mcheck_abort);
+
+ /* Check if freopen proper fflush the stream. */
+ {
+ CHAR_T old[] = W("old");
+ CHAR_T *buf = old;
+ size_t size;
+
+ FILE *fp = OPEN_MEMSTREAM (&buf, &size);
+ TEST_VERIFY_EXIT (fp != NULL);
+
+ FPUTS (W("new"), fp);
+ /* The stream buffer pointer should be updated with only a fflush or
+ fclose. */
+ TEST_VERIFY (STRCMP (buf, old) == 0);
+
+ /* The old stream should be fflush the stream, even for an invalid
+ streams. */
+ FILE *nfp = freopen ("invalid-file", "r", fp);
+ TEST_VERIFY (nfp == NULL);
+
+ TEST_VERIFY (STRCMP (buf, W("new")) == 0);
+
+ TEST_VERIFY (fclose (fp) == 0);
+
+ free (buf);
+ }
+
+ return 0;
+}
+
+#include <support/test-driver.c>
diff --git a/libio/tst-wmemstream4.c b/libio/tst-wmemstream4.c
new file mode 100644
index 0000000..8ff146e
--- /dev/null
+++ b/libio/tst-wmemstream4.c
@@ -0,0 +1,20 @@
+/* Test for open_wmemstream BZ #21037.
+ Copyright (C) 2018 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <http://www.gnu.org/licenses/>. */
+
+#define TEST_WCHAR
+#include <libio/tst-memstream4.c>
diff --git a/sysdeps/generic/fd_to_filename.h b/sysdeps/generic/fd_to_filename.h
index bacfe5b..d41b345 100644
--- a/sysdeps/generic/fd_to_filename.h
+++ b/sysdeps/generic/fd_to_filename.h
@@ -16,10 +16,12 @@
License along with the GNU C Library; if not, see
<http://www.gnu.org/licenses/>. */
+#define FD_TO_FILENAME_SIZE 0
+
/* In general there is no generic way to query filename for an open
file descriptor. */
static inline const char *
-fd_to_filename (int fd)
+fd_to_filename (int fd, char *buf)
{
return NULL;
}
diff --git a/sysdeps/unix/sysv/linux/fd_to_filename.h b/sysdeps/unix/sysv/linux/fd_to_filename.h
index 297716b..ae88ce8 100644
--- a/sysdeps/unix/sysv/linux/fd_to_filename.h
+++ b/sysdeps/unix/sysv/linux/fd_to_filename.h
@@ -16,30 +16,21 @@
License along with the GNU C Library; if not, see
<http://www.gnu.org/licenses/>. */
-#include <stdlib.h>
-#include <string.h>
+#include <stdio.h>
#include <sys/stat.h>
-#include <_itoa.h>
+
+#define FD_TO_FILENAME_SIZE ((sizeof ("/proc/self/fd/") - 1) \
+ + (sizeof ("2147483647") - 1) + 1)
static inline const char *
-fd_to_filename (int fd)
+fd_to_filename (int fd, char *buf)
{
- char *ret = malloc (30);
-
- if (ret != NULL)
- {
- struct stat64 st;
-
- *_fitoa_word (fd, __stpcpy (ret, "/proc/self/fd/"), 10, 0) = '\0';
-
- /* We must make sure the file exists. */
- if (__lxstat64 (_STAT_VER, ret, &st) < 0)
- {
- /* /proc is not mounted or something else happened. Don't
- return the file name. */
- free (ret);
- ret = NULL;
- }
- }
- return ret;
+ *_fitoa_word (fd, __stpcpy (buf, "/proc/self/fd/"), 10, 0) = '\0';
+
+ /* We must make sure the file exists. */
+ struct stat64 st;
+ if (__lxstat64 (_STAT_VER, buf, &st) < 0)
+ /* /proc is not mounted or something else happened. */
+ return NULL;
+ return buf;
}
prev parent reply other threads:[~2018-06-14 18:28 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-06-13 21:33 Adhemerval Zanella
2018-06-14 13:20 ` Andreas Schwab
2018-06-14 15:02 ` Adhemerval Zanella
2018-06-14 16:43 ` Paul Eggert
2018-06-14 18:28 ` Adhemerval Zanella [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=7872b4cd-9574-9785-2ff0-873e5a6a1136@linaro.org \
--to=adhemerval.zanella@linaro.org \
--cc=eggert@cs.ucla.edu \
--cc=libc-alpha@sourceware.org \
--cc=schwab@suse.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).