H.J. Lu [Thu, 14 Aug 2025 14:03:20 +0000 (07:03 -0700)]
x86-64: Add GLIBC_ABI_DT_X86_64_PLT [BZ #33212]
When the linker -z mark-plt option is used to add DT_X86_64_PLT,
DT_X86_64_PLTSZ and DT_X86_64_PLTENT, the r_addend field of the
R_X86_64_JUMP_SLOT relocation stores the offset of the indirect
branch instruction. However, glibc versions without the commit:
x86-64: Ignore r_addend for R_X86_64_GLOB_DAT/R_X86_64_JUMP_SLOT
According to x86-64 psABI, r_addend should be ignored for R_X86_64_GLOB_DAT
and R_X86_64_JUMP_SLOT. Since linkers always set their r_addends to 0, we
can ignore their r_addends.
Reviewed-by: Fangrui Song <maskray@google.com>
won't ignore the r_addend value in the R_X86_64_JUMP_SLOT relocation.
Such programs and shared libraries will fail at run-time randomly.
Add GLIBC_ABI_DT_X86_64_PLT version to indicate that glibc is compatible
with DT_X86_64_PLT.
The linker can add the glibc GLIBC_ABI_DT_X86_64_PLT version dependency
whenever -z mark-plt is passed to the linker. The resulting programs and
shared libraries will fail to load at run-time against libc.so without the
GLIBC_ABI_DT_X86_64_PLT version, instead of fail randomly.
This fixes BZ #33212.
Signed-off-by: H.J. Lu <hjl.tools@gmail.com> Reviewed-by: Sam James <sam@gentoo.org>
Add GLIBC_ABI_GNU_TLS version to indicate that glibc has the working
GNU TLS run-time. Linker can add the GLIBC_ABI_GNU_TLS version to
binaries which depend on the working TLS run-time so that such programs
and shared libraries will fail to load and run at run-time against
libc.so without the GLIBC_ABI_GNU_TLS version, instead of fail silently
at random.
This fixes BZ #33221.
Signed-off-by: H.J. Lu <hjl.tools@gmail.com> Reviewed-by: Sam James <sam@gentoo.org>
Add GLIBC_ABI_GNU2_TLS version to indicate that glibc has the working
GNU2 TLS run-time. Linker can add the GLIBC_ABI_GNU2_TLS version to
binaries which depend on the working GNU2 TLS run-time:
so that such programs and shared libraries will fail to load and run at
run-time against libc.so without the GLIBC_ABI_GNU2_TLS version, instead
of fail silently at random.
This fixes BZ #33129.
Signed-off-by: H.J. Lu <hjl.tools@gmail.com> Reviewed-by: Sam James <sam@gentoo.org>
stdio-common: Fix macro parameter shadowing in scanf input specifier tests
The use of the same name for a local variable combined with passing a
pointer to it to a nested macro call causes the wrong 'err' variable to
be updated in 'read_real', because '&err' is only expanded at '*errp'
evaluation. Consequently the variable defined in 'read_real' is set
rather than one in its 'verify_input' caller as it would be the case
should 'read_real' be a function, leading to invalid input such as:
%a:nan:1:3:nan(:
to be accepted.
Address the issue by renaming the 'err' variable in 'verify_input' to
'errx', causing such input to be correctly rejected:
error: ./tst-scanf-format-skeleton.c:242: input line 1: input data format error
No test case added as it's a test case issue in the first place.
Verify that . input is rejected by 'f' conversion (and its uppercase
counterpart). Replace 0 input with .0 rather than adding new one,
because the integral part of 0 is already covered by 0.0 data, so
there's no need to keep this duplication.
Verify that . input is rejected by 'e' conversion (and its uppercase
counterpart). Replace 0e0 input with .0e0 rather than adding new one,
because 0 significand is already covered by 0e+0 data, so there's no
need to keep this duplication.
Verify that 0x. input is rejected by 'a' and 'g' conversions (and their
uppercase counterparts). Replace 0x0p0 input with 0x.0p0 rather than
adding new one, because 0x0 significand is already covered by 0x0p+0
data, so there's no need to keep this duplication.
stdio-common: Reject significands w/o digits in scanf [BZ #12701]
Reject invalid formatted scanf real input data the significand part of
which is comprised of a hexadecimal prefix followed by a decimal point
only, optionally preceded by a sign. Such data is a prefix of, but not
a matching input sequence and it is required by ISO C to cause a
matching failure.
Currently a matching success is instead incorrectly produced along with
the conversion result of zero, with data up to and including the decimal
point consumed from input.
Technically this change also causes lone . to be rejected early, though
it doesn't change semantics, because unlike 0x. it's not valid input to
'strtod', etc. so it gets rejected at actual conversion time later on
anyway.
stdio-common: Don't read real input beyond the field width in scanf
Fix a code pattern that repeats across '__vfscanf_internal' where the
remaining field width of 0 is incorrectly interpreted as no width limit,
which in turn results in reading input beyond the limit requested. The
lack of width limit is indicated by the field width of -1 rather than 0,
set earlier on in the function.
The problematic code pattern is used for both integer and floating-point
conversions, but in the former case a corresponding conditional earlier
on prevents the field width from being 0 when executing the pattern. It
does trigger in the latter case, where the decimal point is a multibyte
character or for multibyte digit characters.
Fix the code pattern by using 'width > 0' comparison, and apply the fix
throughout even to code handling integer conversions so as to interpret
the field width consistently and avoid people's confusion even if width
cannot be 0 at those places.
For multibyte digit characters there is an additional issue that causes
code to push back a partially fetched multibyte character multiple times
as execution proceeds through matching data retrieved against individual
digits that have to be rejected due to the field width limit preventing
the rest of the multibyte character from being retrieved. It is because
code relies on 'ungetc' ignoring a request to push back EOF, however in
the out-of-limit field width condition the data held is not EOF but the
previously retrieved character byte instead.
Fix this issue by artificially assigning EOF to the character byte
storage variable where the out-of-limit field width condition prevents
further processing, and also apply the fix throughout except for the
decimal point/thousands separator case, which uses different code.
Samuel Thibault [Tue, 29 Jul 2025 23:55:22 +0000 (01:55 +0200)]
malloc: Make sure tcache_key is odd enough
We want tcache_key not to be a commonly-occurring value in memory, so ensure
a minimum amount of one and zero bits.
And we need it non-zero, otherwise even if tcache_double_free_verify sets
e->key to 0 before calling __libc_free, it gets called again by __libc_free,
thus looping indefinitely.
Fixes: c968fe50628db74b52124d863cd828225a1d305c ("malloc: Use tailcalls in __libc_free")
Wilco Dijkstra [Fri, 8 Aug 2025 14:00:43 +0000 (14:00 +0000)]
malloc: Fix MALLOC_DEBUG
MALLOC_DEBUG only works on locked arenas, so move the call to
check_inuse_chunk from __libc_free() to _int_free_chunk().
Regress now passes if MALLOC_DEBUG is enabled.
Sachin Monga [Fri, 1 Aug 2025 09:35:11 +0000 (04:35 -0500)]
Filter machine compiler flags into Assembler Flags
Assembler files may want or need to test for predefined macros which are
set via -m* compiler options, so ensure all -m* options in CFLAGS are passed
to ASFLAGS.
H.J. Lu [Tue, 5 Aug 2025 23:17:42 +0000 (16:17 -0700)]
tst-freopen4: Remove temporary directory from warning message
tst-freopen4-main.c issues a warning message:
warning: could not remove temporary file: /tmp/tst-freopen4potgti: No such file or directory
since chroot makes generated temporary directories inaccessible. Add
special rules for tst-freopen4.out and tst-freopen64-4.out to remove
the temporary directory in warning message from tst-freopen4 and
tst-freopen64-4.
This partially fixes BZ #33182.
Signed-off-by: H.J. Lu <hjl.tools@gmail.com> Reviewed-by: Sam James <sam@gentoo.org>
iconv: Fix iconv functions not following symlinks [BZ #32339]
On some file systems iconv do not follow symlinks. This happens because
read_conf_file() function's directory traversal loop reject symbolic
links and then lstat64() call do not follow symlinks.
This commit fixes the directory traversal loop to accept symbolic links
and then follow the link using stat64().
The test works by creating a temporary directory and placing a symbolic
link inside it that points to a configuration file. It then runs
iconvconfig on this directory.
The test passes if iconvconfig successfully follows the symlink and
generates the cache correctly, confirming that the directory traversal
logic now properly handles symbolic links.
Florian Weimer [Sat, 2 Aug 2025 10:44:51 +0000 (12:44 +0200)]
Linux: Add test case for bug 33245
The copy_file_range system call seems to be the only one that can
return an off64_t value. Use FUSE to exercise this, without actually
creating such large files or copying any data. Due to FUSE protocol
limitations, only sizes up to UINT_MAX can be tested, but this is
sufficient to check for the presence of bug 33245.
The FUSE protocol limitations are raised here:
copy_file_range return value on FUSE
<https://lore.kernel.org/all/lhuh5ynl8z5.fsf@oldenburg.str.redhat.com/>
Reviewed-by: Sam James <sam@gentoo.org> Reviewed-by: Collin Funk <collin.funk1@gmail.com>
Use TLS initial-exec model for __libc_tsd_CTYPE_* thread variables [BZ #33234]
Commit 10a66a8e421b ("Remove <libc-tsd.h>") removed the TLS initial-exec
(IE) model attribute from the __libc_tsd_CTYPE_* thread variable declarations
and definitions. Commit a894f04d8776 ("Optimize __libc_tsd_* thread
variable access") restored it on declarations.
Restore the TLS initial-exec model attribute on __libc_tsd_CTYPE_* thread
variable definitions.
This resolves test tst-locale1 failure on s390 32-bit, when using a
GNU linker without the fix from GNU binutils commit aefebe82dc89
("IBM zSystems: Fix offset relative to static TLS").
H.J. Lu [Sat, 19 Jul 2025 14:43:28 +0000 (07:43 -0700)]
tst-freopen4-main.c: Call support_capture_subprocess with chroot
Update tst-freopen4-main.c to call support_capture_subprocess with chroot,
which makes temporary files inaccessible, so that temporary files can be
deleted.
This partially fixes BZ #33182.
Signed-off-by: H.J. Lu <hjl.tools@gmail.com> Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
H.J. Lu [Sat, 19 Jul 2025 14:43:27 +0000 (07:43 -0700)]
tst-fopen-threaded.c: Delete temporary file
Update tst-fopen-threaded.c to call support_create_temp_directory to
create a temporary directory and open "file" in the temporary directory,
instead of using /tmp/openclosetest and leaving it behind.
This partially fixes BZ #33182.
Signed-off-by: H.J. Lu <hjl.tools@gmail.com> Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
manual: Adjust documentation to standardization of select
The select function, fd_set, and FD_* macros were standardized by POSIX
in the sys/select.h header. They are still defined in sys/types.h if
__USE_MISC is defined, but we should recommend the more portable and
standardized sys/select.h.
manual: Use sys/select.h instead of sys/time.h for select example.
The original example works on glibc since sys/time.h includes
sys/select.h. However, since POSIX requires that select is defined in
sys/select.h this change makes the example more portable.
Reported by Gavin Smith <gavinsmith0123@gmail.com> in:
<https://lists.gnu.org/archive/html/bug-texinfo/2025-07/msg00091.html>.
Collin Funk [Sat, 28 Jun 2025 06:13:48 +0000 (23:13 -0700)]
manual: document getsubopt standardization.
The getsubopt function was an XSI extension since POSIX issue 4 until it
was added to Base in POSIX Issue 7. This also adds the 'restrict'
qualifier to the arguments as done in POSIX.1-2024, and has been the
case in glibc. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Wilco Dijkstra [Sat, 2 Aug 2025 15:11:28 +0000 (15:11 +0000)]
malloc: Cleanup sysmalloc_mmap
Cleanup sysmalloc_mmap - simplify padding since it is always a constant.
Remove av parameter which is only used in do_check_chunk, but since it may be
NULL for mmap, it will cause a crash in checking mode. Remove the odd check
on mmap in do_check_chunk.
Wilco Dijkstra [Fri, 6 Jun 2025 17:11:36 +0000 (17:11 +0000)]
malloc: Improve checked_request2size
Change checked_request2size to return SIZE_MAX for huge inputs. This
ensures large allocation requests stay large and can't be confused with a
small allocation. As a result several existing checks against PTRDIFF_MAX
become redundant.
MAX_TCACHE_SMALL_SIZE should use chunk size since it is used after
checked_request2size. Increase limit of tcache_max_bytes by 1 since all
comparisons use '<'. As a result, the last tcache entry is now used as
expected.
nptl: Fix SYSCALL_CANCEL for return values larger than INT_MAX (BZ 33245)
The SYSCALL_CANCEL calls __syscall_cancel, which in turn
calls __internal_syscall_cancel with an 'int' return instead of the
expected 'long int'. This causes issues with syscalls that return
values larger than INT_MAX, such as copy_file_range [1].
Florian Weimer [Fri, 1 Aug 2025 08:20:23 +0000 (10:20 +0200)]
elf: Handle ld.so with LOAD segment gaps in _dl_find_object (bug 31943)
Detect if ld.so not contiguous and handle that case in _dl_find_object.
Set l_find_object_processed even for initially loaded link maps,
otherwise dlopen of an initially loaded object adds it to
_dlfo_loaded_mappings (where maps are expected to be contiguous),
in addition to _dlfo_nodelete_mappings.
Test elf/tst-link-map-contiguous-ldso iterates over the loader
image, reading every word to make sure memory is actually mapped.
It only does that if the l_contiguous flag is set for the link map.
Otherwise, it finds gaps with mmap and checks that _dl_find_object
does not return the ld.so mapping for them.
The test elf/tst-link-map-contiguous-main does the same thing for
the libc.so shared object. This only works if the kernel loaded
the main program because the glibc dynamic loader may fill
the gaps with PROT_NONE mappings in some cases, making it contiguous,
but accesses to individual words may still fault.
Test elf/tst-link-map-contiguous-libc is again slightly different
because the dynamic loader always fills the gaps with PROT_NONE
mappings, so a different form of probing has to be used.
stdlib: resolve a double lock init issue after fork [BZ #32994]
The __abort_fork_reset_child (introduced in d40ac01cbbc66e6d9dbd8e3485605c63b2178251) call resets the lock after the
fork. This causes a DRD regression in valgrind
(https://bugs.kde.org/show_bug.cgi?id=503668), as it's effectively a
double initialization, despite it being actually ok in this case. As
suggested in https://sourceware.org/bugzilla/show_bug.cgi?id=32994#c2
we replace it here with a memcpy of another initialized lock instead,
which makes valgrind happy.
William Hunt [Tue, 29 Jul 2025 15:04:58 +0000 (15:04 +0000)]
malloc: Enable THP always support on hugetlb tunable
Enable support for THP always when glibc.malloc.hugetlb=1, as the tunable
currently only gives explicit support in malloc for the THP madvise mode
by aligning to a huge page size. Add a thp_mode parameter to mp_ and check
in madvise_thp whether the system is using madvise mode, otherwise the
`__madvise` call is useless. Set the thp_mode to be unsupported by default,
but if the hugetlb tunable is set this updates thp_mode. Performance of
xalancbmk improves by 4.9% on Neoverse V2 when THP always mode is set on the
system and glibc.malloc.hugetlb=1.
Paul Zimmermann [Wed, 9 Jul 2025 08:11:23 +0000 (10:11 +0200)]
replace atan2-inputs with more meaningful inputs
Commit 934d88d used inputs with exponent generated at random in the
whole binary64 exponent range, which yields essentially very large
or very small values of |y/x|. Instead, this commit generates x, y at
random in [-10,10], which should better corresponds to real applications. Reviewed-by: Florian Weimer <fweimer@redhat.com>
projects / thirdparty / glibc.git / log
