summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorZack Weinberg <zackw@panix.com>2018-02-21 19:12:51 -0500
committerZack Weinberg <zackw@panix.com>2018-03-13 08:31:56 -0400
commit2cc7bad0ae0a412e75270be5ed41d45c03e7a931 (patch)
treea726dff1dc98e5fabf47685d10f9c681265db95b
parent778f1974863d63e858b6d0105e41d6f0c30732d3 (diff)
[BZ 1190] Make EOF sticky in stdio.
C99 specifies that the EOF condition on a file is "sticky": once EOF has been encountered, all subsequent reads should continue to return EOF until the file is closed or something clears the "end-of-file indicator" (e.g. fseek, clearerr). This is arguably a change from C89, where the wording was ambiguous; the BSDs always had sticky EOF, but the System V lineage would attempt to read from the underlying fd again. GNU libc has followed System V for as long as we've been using libio, but nowadays C99 conformance and BSD compatibility are more important than System V compatibility. You might wonder if changing the _underflow impls is sufficient to apply the C99 semantics to all of the many stdio functions that perform input. It should be enough to cover all paths to _IO_SYSREAD, and the only other functions that call _IO_SYSREAD are the _seekoff impls, which is OK because seeking clears EOF, and the _xsgetn impls, which, as far as I can tell, are unused within glibc. The test programs in this patch use a pseudoterminal to set up the necessary conditions. To facilitate this I added a new test-support function that sets up a pair of pty file descriptors for you; it's almost the same as BSD openpty, the only differences are that it allocates the optionally-returned tty pathname with malloc, and that it crashes if anything goes wrong. [BZ #1190] [BZ #19476] * libio/fileops.c (_IO_new_file_underflow): Return EOF immediately if the _IO_EOF_SEEN bit is already set; update commentary. * libio/oldfileops.c (_IO_old_file_underflow): Likewise. * libio/wfileops.c (_IO_wfile_underflow): Likewise. * support/support_openpty.c, support/tty.h: New files. * support/Makefile (libsupport-routines): Add support_openpty. * libio/tst-fgetc-after-eof.c, wcsmbs/test-fgetwc-after-eof.c: New test cases. * libio/Makefile (tests): Add tst-fgetc-after-eof. * wcsmbs/Makefile (tests): Add tst-fgetwc-after-eof.
-rw-r--r--ChangeLog17
-rw-r--r--NEWS8
-rw-r--r--libio/Makefile3
-rw-r--r--libio/fileops.c7
-rw-r--r--libio/oldfileops.c7
-rw-r--r--libio/tst-fgetc-after-eof.c109
-rw-r--r--libio/wfileops.c4
-rw-r--r--support/Makefile1
-rw-r--r--support/support_openpty.c109
-rw-r--r--support/tty.h45
-rw-r--r--wcsmbs/Makefile2
-rw-r--r--wcsmbs/tst-fgetwc-after-eof.c114
12 files changed, 416 insertions, 10 deletions
diff --git a/ChangeLog b/ChangeLog
index 59ab3efccb..203d274c6c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,20 @@
+2018-03-12 Zack Weinberg <zackw@panix.com>
+
+ [BZ #1190]
+ [BZ #19476]
+ * libio/fileops.c (_IO_new_file_underflow): Return EOF immediately
+ if the _IO_EOF_SEEN bit is already set; update commentary.
+ * libio/oldfileops.c (_IO_old_file_underflow): Likewise.
+ * libio/wfileops.c (_IO_wfile_underflow): Likewise.
+
+ * support/support_openpty.c, support/tty.h: New files.
+ * support/Makefile (libsupport-routines): Add support_openpty.
+
+ * libio/tst-fgetc-after-eof.c, wcsmbs/test-fgetwc-after-eof.c:
+ New test cases.
+ * libio/Makefile (tests): Add tst-fgetc-after-eof.
+ * wcsmbs/Makefile (tests): Add tst-fgetwc-after-eof.
+
2018-03-12 Dmitry V. Levin <ldv@altlinux.org>
* po/pt_BR.po: Update translations.
diff --git a/NEWS b/NEWS
index 60dd2f778d..03330d4132 100644
--- a/NEWS
+++ b/NEWS
@@ -28,6 +28,14 @@ Deprecated and removed features, and other changes affecting compatibility:
investigate using (f)getc_unlocked and (f)putc_unlocked, and, if
necessary, flockfile and funlockfile.
+ * All stdio functions now treat end-of-file as a sticky condition. If you
+ read from a file until EOF, and then the file is enlarged by another
+ process, you must call clearerr or another function with the same effect
+ (e.g. fseek, rewind) before you can read the additional data. This
+ corrects a longstanding C99 conformance bug. It is most likely to affect
+ programs that use stdio to read interactive input from a terminal.
+ (Bug #1190.)
+
* The macros 'major', 'minor', and 'makedev' are now only available from
the header <sys/sysmacros.h>; not from <sys/types.h> or various other
headers that happen to include <sys/types.h>. These macros are rarely
diff --git a/libio/Makefile b/libio/Makefile
index 3e08ed0eeb..cbe14a8e25 100644
--- a/libio/Makefile
+++ b/libio/Makefile
@@ -64,7 +64,8 @@ tests = tst_swprintf tst_wprintf tst_swscanf tst_wscanf tst_getwc tst_putwc \
bug-memstream1 bug-wmemstream1 \
tst-setvbuf1 tst-popen1 tst-fgetwc bug-wsetpos tst-fseek \
tst-fwrite-error tst-ftell-partial-wide tst-ftell-active-handler \
- tst-ftell-append tst-fputws tst-bz22415
+ tst-ftell-append tst-fputws tst-bz22415 tst-fgetc-after-eof
+
ifeq (yes,$(build-shared))
# Add test-fopenloc only if shared library is enabled since it depends on
# shared localedata objects.
diff --git a/libio/fileops.c b/libio/fileops.c
index 79ad15351f..c9c5cbcc3c 100644
--- a/libio/fileops.c
+++ b/libio/fileops.c
@@ -468,11 +468,10 @@ int
_IO_new_file_underflow (FILE *fp)
{
ssize_t count;
-#if 0
- /* SysV does not make this test; take it out for compatibility */
+
+ /* C99 requires EOF to be "sticky". */
if (fp->_flags & _IO_EOF_SEEN)
- return (EOF);
-#endif
+ return EOF;
if (fp->_flags & _IO_NO_READS)
{
diff --git a/libio/oldfileops.c b/libio/oldfileops.c
index 7997ddf90b..5e60c8c168 100644
--- a/libio/oldfileops.c
+++ b/libio/oldfileops.c
@@ -294,11 +294,10 @@ attribute_compat_text_section
_IO_old_file_underflow (FILE *fp)
{
ssize_t count;
-#if 0
- /* SysV does not make this test; take it out for compatibility */
+
+ /* C99 requires EOF to be "sticky". */
if (fp->_flags & _IO_EOF_SEEN)
- return (EOF);
-#endif
+ return EOF;
if (fp->_flags & _IO_NO_READS)
{
diff --git a/libio/tst-fgetc-after-eof.c b/libio/tst-fgetc-after-eof.c
new file mode 100644
index 0000000000..81c9cc9940
--- /dev/null
+++ b/libio/tst-fgetc-after-eof.c
@@ -0,0 +1,109 @@
+/* Bug 1190: EOF conditions are supposed to be sticky.
+ Copyright (C) 2018 Free Software Foundation.
+ Copying and distribution of this file, with or without modification,
+ are permitted in any medium without royalty provided the copyright
+ notice and this notice are preserved. This file is offered as-is,
+ without any warranty. */
+
+/* ISO C1999 specification of fgetc:
+
+ #include <stdio.h>
+ int fgetc (FILE *stream);
+
+ Description
+
+ If the end-of-file indicator for the input stream pointed to by
+ stream is not set and a next character is present, the fgetc
+ function obtains that character as an unsigned char converted to
+ an int and advances the associated file position indicator for
+ the stream (if defined).
+
+ Returns
+
+ If the end-of-file indicator for the stream is set, or if the
+ stream is at end-of-file, the end-of-file indicator for the
+ stream is set and the fgetc function returns EOF. Otherwise, the
+ fgetc function returns the next character from the input stream
+ pointed to by stream. If a read error occurs, the error indicator
+ for the stream is set and the fgetc function returns EOF.
+
+ The requirement to return EOF "if the end-of-file indicator for the
+ stream is set" was new in C99; the language in the 1989 edition of
+ the standard was ambiguous. Historically, BSD-derived Unix always
+ had the C99 behavior, whereas in System V fgetc would attempt to
+ call read() again before returning EOF again. Prior to version 2.28,
+ glibc followed the System V behavior even though this does not
+ comply with C99.
+
+ See
+ <https://sourceware.org/bugzilla/show_bug.cgi?id=1190>,
+ <https://sourceware.org/bugzilla/show_bug.cgi?id=19476>,
+ and the thread at
+ <https://sourceware.org/ml/libc-alpha/2012-09/msg00343.html>
+ for more detail. */
+
+#include <support/tty.h>
+#include <support/check.h>
+
+#include <fcntl.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#define XWRITE(fd, s, msg) do { \
+ if (write (fd, s, sizeof s - 1) != sizeof s - 1) \
+ { \
+ perror ("write " msg); \
+ return 1; \
+ } \
+ } while (0)
+
+int
+do_test (void)
+{
+ /* The easiest way to set up the conditions under which you can
+ notice whether the end-of-file indicator is sticky, is with a
+ pseudo-tty. This is also the case which applications are most
+ likely to care about. And it avoids any question of whether and
+ how it is legitimate to access the same physical file with two
+ independent FILE objects. */
+ int outer_fd, inner_fd;
+ FILE *fp;
+
+ support_openpty (&outer_fd, &inner_fd, 0, 0, 0);
+ fp = fdopen (inner_fd, "r+");
+ if (!fp)
+ {
+ perror ("fdopen");
+ return 1;
+ }
+
+ XWRITE (outer_fd, "abc\n\004", "first line + EOF");
+ TEST_COMPARE (fgetc (fp), 'a');
+ TEST_COMPARE (fgetc (fp), 'b');
+ TEST_COMPARE (fgetc (fp), 'c');
+ TEST_COMPARE (fgetc (fp), '\n');
+ TEST_COMPARE (fgetc (fp), EOF);
+
+ TEST_VERIFY_EXIT (feof (fp));
+ TEST_VERIFY_EXIT (!ferror (fp));
+
+ XWRITE (outer_fd, "d\n", "second line");
+
+ /* At this point, there is a new full line of input waiting in the
+ kernelside input buffer, but we should still observe EOF from
+ stdio, because the end-of-file indicator has not been cleared. */
+ TEST_COMPARE (fgetc (fp), EOF);
+
+ /* Clearing EOF should reveal the next line of input. */
+ clearerr (fp);
+ TEST_COMPARE (fgetc (fp), 'd');
+ TEST_COMPARE (fgetc (fp), '\n');
+
+ fclose (fp);
+ close (outer_fd);
+ return 0;
+}
+
+#include <support/test-driver.c>
diff --git a/libio/wfileops.c b/libio/wfileops.c
index 1dbf72f797..63cb687652 100644
--- a/libio/wfileops.c
+++ b/libio/wfileops.c
@@ -116,6 +116,10 @@ _IO_wfile_underflow (FILE *fp)
enum __codecvt_result status;
ssize_t count;
+ /* C99 requires EOF to be "sticky". */
+ if (fp->_flags & _IO_EOF_SEEN)
+ return WEOF;
+
if (__glibc_unlikely (fp->_flags & _IO_NO_READS))
{
fp->_flags |= _IO_ERR_SEEN;
diff --git a/support/Makefile b/support/Makefile
index 1bda81e55e..c632df6053 100644
--- a/support/Makefile
+++ b/support/Makefile
@@ -52,6 +52,7 @@ libsupport-routines = \
support_format_hostent \
support_format_netent \
support_isolate_in_subprocess \
+ support_openpty \
support_record_failure \
support_run_diff \
support_shared_allocate \
diff --git a/support/support_openpty.c b/support/support_openpty.c
new file mode 100644
index 0000000000..ac779ab91e
--- /dev/null
+++ b/support/support_openpty.c
@@ -0,0 +1,109 @@
+/* Open a pseudoterminal.
+ Copyright (C) 2018 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <http://www.gnu.org/licenses/>. */
+
+#include <support/tty.h>
+#include <support/check.h>
+#include <support/support.h>
+
+#include <errno.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <fcntl.h>
+#include <termios.h>
+#include <sys/ioctl.h>
+#include <unistd.h>
+
+/* As ptsname, but allocates space for an appropriately-sized string
+ using malloc. */
+static char *
+xptsname (int fd)
+{
+ int rv;
+ size_t buf_len = 128;
+ char *buf = xmalloc (buf_len);
+ for (;;)
+ {
+ rv = ptsname_r (fd, buf, buf_len);
+ if (rv)
+ FAIL_EXIT1 ("ptsname_r: %s", strerror (errno));
+
+ if (memchr (buf, '\0', buf_len))
+ return buf; /* ptsname succeeded and the buffer was not truncated */
+
+ buf_len *= 2;
+ buf = xrealloc (buf, buf_len);
+ }
+}
+
+void
+support_openpty (int *a_outer, int *a_inner, char **a_name,
+ const struct termios *termp,
+ const struct winsize *winp)
+{
+ int outer = -1, inner = -1;
+ char *namebuf = 0;
+
+ outer = posix_openpt (O_RDWR | O_NOCTTY);
+ if (outer == -1)
+ FAIL_EXIT1 ("posix_openpt: %s", strerror (errno));
+
+ if (grantpt (outer))
+ FAIL_EXIT1 ("grantpt: %s", strerror (errno));
+
+ if (unlockpt (outer))
+ FAIL_EXIT1 ("unlockpt: %s", strerror (errno));
+
+
+#ifdef TIOCGPTPEER
+ inner = ioctl (outer, TIOCGPTPEER, O_RDWR | O_NOCTTY);
+#endif
+ if (inner == -1)
+ {
+ /* The kernel might not support TIOCGPTPEER, fall back to open
+ by name. */
+ namebuf = xptsname (outer);
+ inner = open (namebuf, O_RDWR | O_NOCTTY);
+ if (inner == -1)
+ FAIL_EXIT1 ("%s: %s", namebuf, strerror (errno));
+ }
+
+ if (termp)
+ {
+ if (tcsetattr (inner, TCSAFLUSH, termp))
+ FAIL_EXIT1 ("tcsetattr: %s", strerror (errno));
+ }
+#ifdef TIOCSWINSZ
+ if (winp)
+ {
+ if (ioctl (inner, TIOCSWINSZ, winp))
+ FAIL_EXIT1 ("TIOCSWINSZ: %s", strerror (errno));
+ }
+#endif
+
+ if (a_name)
+ {
+ if (!namebuf)
+ namebuf = xptsname (outer);
+ *a_name = namebuf;
+ }
+ else
+ free (namebuf);
+ *a_outer = outer;
+ *a_inner = inner;
+}
diff --git a/support/tty.h b/support/tty.h
new file mode 100644
index 0000000000..1d37c42279
--- /dev/null
+++ b/support/tty.h
@@ -0,0 +1,45 @@
+/* Support functions related to (pseudo)terminals.
+ Copyright (C) 2018 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <http://www.gnu.org/licenses/>. */
+
+#ifndef _SUPPORT_TTY_H
+#define _SUPPORT_TTY_H 1
+
+struct termios;
+struct winsize;
+
+/** Open a pseudoterminal pair. The outer fd is written to the address
+ A_OUTER and the inner fd to A_INNER.
+
+ If A_NAME is not NULL, it will be set to point to a string naming
+ the /dev/pts/NNN device corresponding to the inner fd; space for
+ this string is allocated with malloc and should be freed by the
+ caller when no longer needed. (This is different from the libutil
+ function 'openpty'.)
+
+ If TERMP is not NULL, the terminal parameters will be initialized
+ according to the termios structure it points to.
+
+ If WINP is not NULL, the terminal window size will be set
+ accordingly.
+
+ Terminates the process on failure (like xmalloc). */
+extern void support_openpty (int *a_outer, int *a_inner, char **a_name,
+ const struct termios *termp,
+ const struct winsize *winp);
+
+#endif
diff --git a/wcsmbs/Makefile b/wcsmbs/Makefile
index 3ee91d2e1a..63a6fbab58 100644
--- a/wcsmbs/Makefile
+++ b/wcsmbs/Makefile
@@ -50,7 +50,7 @@ strop-tests := wcscmp wcsncmp wmemcmp wcslen wcschr wcsrchr wcscpy wcsnlen \
tests := tst-wcstof wcsmbs-tst1 tst-wcsnlen tst-btowc tst-mbrtowc \
tst-wcrtomb tst-wcpncpy tst-mbsrtowcs tst-wchar-h tst-mbrtowc2 \
tst-c16c32-1 wcsatcliff tst-wcstol-locale tst-wcstod-nan-locale \
- tst-wcstod-round test-char-types \
+ tst-wcstod-round test-char-types tst-fgetwc-after-eof \
$(addprefix test-,$(strop-tests))
include ../Rules
diff --git a/wcsmbs/tst-fgetwc-after-eof.c b/wcsmbs/tst-fgetwc-after-eof.c
new file mode 100644
index 0000000000..9103529246
--- /dev/null
+++ b/wcsmbs/tst-fgetwc-after-eof.c
@@ -0,0 +1,114 @@
+/* Bug 1190: EOF conditions are supposed to be sticky.
+ Copyright (C) 2018 Free Software Foundation.
+ Copying and distribution of this file, with or without modification,
+ are permitted in any medium without royalty provided the copyright
+ notice and this notice are preserved. This file is offered as-is,
+ without any warranty. */
+
+/* ISO C1999 specification of fgetwc:
+
+ #include <stdio.h>
+ #include <wchar.h>
+ wint_t fgetwc (FILE *stream);
+
+ Description
+
+ If the end-of-file indicator for the input stream pointed to by
+ stream is not set and a next wide character is present, the
+ fgetwc function obtains that wide character as a wchar_t
+ converted to a wint_t and advances the associated file position
+ indicator for the stream (if defined).
+
+ Returns
+
+ If the end-of-file indicator for the stream is set, or if the
+ stream is at end-of-file, the end- of-file indicator for the
+ stream is set and the fgetwc function returns WEOF. Otherwise,
+ the fgetwc function returns the next wide character from the
+ input stream pointed to by stream. If a read error occurs, the
+ error indicator for the stream is set and the fgetwc function
+ returns WEOF. If an encoding error occurs (including too few
+ bytes), the value of the macro EILSEQ is stored in errno and the
+ fgetwc function returns WEOF.
+
+ The requirement to return WEOF "if the end-of-file indicator for the
+ stream is set" was new in C99; the language in the 1995 edition of
+ the standard was ambiguous. Historically, BSD-derived Unix always
+ had the C99 behavior, whereas in System V fgetwc would attempt to
+ call read() again before returning EOF again. Prior to version 2.28,
+ glibc followed the System V behavior even though this does not
+ comply with C99.
+
+ See
+ <https://sourceware.org/bugzilla/show_bug.cgi?id=1190>,
+ <https://sourceware.org/bugzilla/show_bug.cgi?id=19476>,
+ and the thread at
+ <https://sourceware.org/ml/libc-alpha/2012-09/msg00343.html>
+ for more detail. */
+
+#include <support/tty.h>
+#include <support/check.h>
+
+#include <fcntl.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <wchar.h>
+
+#define XWRITE(fd, s, msg) do { \
+ if (write (fd, s, sizeof s - 1) != sizeof s - 1) \
+ { \
+ perror ("write " msg); \
+ return 1; \
+ } \
+ } while (0)
+
+int
+do_test (void)
+{
+ /* The easiest way to set up the conditions under which you can
+ notice whether the end-of-file indicator is sticky, is with a
+ pseudo-tty. This is also the case which applications are most
+ likely to care about. And it avoids any question of whether and
+ how it is legitimate to access the same physical file with two
+ independent FILE objects. */
+ int outer_fd, inner_fd;
+ FILE *fp;
+
+ support_openpty (&outer_fd, &inner_fd, 0, 0, 0);
+ fp = fdopen (inner_fd, "r+");
+ if (!fp)
+ {
+ perror ("fdopen");
+ return 1;
+ }
+
+ XWRITE (outer_fd, "abc\n\004", "first line + EOF");
+ TEST_COMPARE (fgetwc (fp), L'a');
+ TEST_COMPARE (fgetwc (fp), L'b');
+ TEST_COMPARE (fgetwc (fp), L'c');
+ TEST_COMPARE (fgetwc (fp), L'\n');
+ TEST_COMPARE (fgetwc (fp), WEOF);
+
+ TEST_VERIFY_EXIT (feof (fp));
+ TEST_VERIFY_EXIT (!ferror (fp));
+
+ XWRITE (outer_fd, "d\n", "second line");
+
+ /* At this point, there is a new full line of input waiting in the
+ kernelside input buffer, but we should still observe EOF from
+ stdio, because the end-of-file indicator has not been cleared. */
+ TEST_COMPARE (fgetwc (fp), WEOF);
+
+ /* Clearing EOF should reveal the next line of input. */
+ clearerr (fp);
+ TEST_COMPARE (fgetwc (fp), L'd');
+ TEST_COMPARE (fgetwc (fp), L'\n');
+
+ fclose (fp);
+ close (outer_fd);
+ return 0;
+}
+
+#include <support/test-driver.c>