① currently: ((cond) ? true : false) but (!!(cond)) and casting to bool,
the latter only if stdbool.h, would also work – which performs best on
(and across) all supported systems?
– possible integer overflows in memory allocation, mostly
‣ multiplication: all are checked now
‣ addition: reviewed them, most were “proven” or guessed to be
“almost” impossible to run over (e.g. when we have a string
whose length is taken it is assumed that the length will be
more than only a few bytes below SIZE_MAX, since code and
stack have to fit); some are checked now (e.g. when one of
the summands is an off_t); most of the unchecked ones are
annotated now
⇒ cost (MirBSD/i386 static): +76 .text
⇒ cost (Debian sid/i386): +779 .text -4 .data
– on Linux targets, setuid() setresuid() setresgid() can fail
with EAGAIN; check for that and, if so, warn once and retry
infinitely (other targets to be added later once we know that
they are “insane”)
⇒ cost (Debian sid/i386): +192 .text (includes .rodata)
• setmode.c: Do overflow checking for realloc() too; switch back
from calloc() to a checked malloc() for simplification while there
• define -DIN_MKSH and let setmode.c look a tad nicer while here
• deactivate %a and %A since our libc doesn’t have it
• rewrite the mksh integration code to use shf instead of stdio, removing
floating point support always in the process, as shf doesn’t support it
⇒ saves 11114 (6706 text, 168 data, 4240 bss) with dietlibc on Debian
• fix -Wall -Wextra -Wformat -Wstrict-aliasing=2 for gcc (Debian 4.4.4-7)
• fix these and -Wc++-compat for gcc version 4.6.0 20100711 (experimental)
[trunk revision 162057] (Debian 20100711-1) except:
– a few enum warnings that relate to eglibc’s {g,s}etrlimit() functions
taking an enum instead of an int because they’re too stupid to adhere
to POSIX interfaces they design by themselves
– all “request for implicit conversion” involving a "void *" on one side
• tweak the manual page somewhat more
concurrently accessing the same $HISTFILE be more synchronised with
each other: empty lines (just pressing Return) and duplicates (that
are split and written twice by the lines loaded from $HISTFILE in
the meantime); requested by Maximilian “mxey” Gaß in #!/bin/mksh
just a "somewhat more POSIX" but also a "/bin/sh legacy kludge" mode
* consistently capitalise POSIX and SUSv3/SUSv4 (same as AT&T ksh) and
Bourne shell
• expose “#ifdef MKSH_MIDNIGHTBSD01ASH_COMPAT” just in case they decide to
require it and show it in the ksh version automatically
• sync the use of non-ASCII characters over files (unification)
fix the regression test’s results while here, which have been
broken since cid 10049D9BE5254CE65B8
• get rid of separate copyright file which was intended for De-
bian; track down commits in all files of oksh-mirbsd and mksh
to get correct copyright years per-file, as is BSD custom
was hard to type and hard to fix, galloc is also hard to fix, and some
things I learned will probably improve things more but make me use the
original form as base (especially for space savings)
* let sizeofN die though, remove even more casts
* optimise, polish
* regen Makefiles
* sprinkle a few /* CONSTCOND */ while here
$ (CCC_LD=mgcc CC=ccc sh Build.sh -r && ./test.sh -v) 2>&1 | tee log
Total failed: 2 (as expected)
Total passed: 278
Just the result is huge, and we could of course build to intermediate
byte code to optimise globally…
• others: fix 6 (!) cases of non-constant or side-effect arguments
to the str_save() or str_nsave() macros, and other abuse of them
• also fix some cosmetics and other un-nice code while here
since mksh(1) did go into an infinite loop if that fails first
bug spotted, initial patch and help drafting a test case
From: Decklin Foster <decklin@red-bean.com>
note there are more instances of unlink(2) and others (like chmod(2), as
spotted by flawfinder) which aren’t checked… but at least the other case
of unlink(2) use in histrap.c doesn’t cause any trouble (I think)
commit inspired by fgsch:
> Log message:
> cast pointer arithmetic to unsigned so we can behave correctly on
> underflows. fixes fc -l 1 in my box where line is 1667511151.
> krw@ ok.
to signed rather. oops.
‣ macro afreechk() is superfluous
• get rid of macro afreechv() by re-doing the “don’t leak that much” code
• some KNF (mostly, whitespace and 80c) while here
any more either, and can make use of code sharing between detection
of sys_siglist and sys_signame (and the underscored variants); nuke
the now-useless signames.c file too (merge struct into histrap.c)
Analysis:
internal_errorf(int, fmt, ...) was only a __dead function if the int argument
was non-0, which the Prevent probably was unable to follow. Change all uses of
internal_errorf(0, fmt, ...) to internal_warningf(fmt, ...); change the pro-
totype of internal_errorf() to internal_errorf(fmt, ...) and all remaining
uses remove the non-0 int argument; add __dead to internal_errorf() proto;
flesh out guts of internal_errorf() and internal_warningf() into a new local
function for optimisation purposes.
Some whitespace cleanup and dead code removal (return after internal_errorf(1))
and have it return an API-correct const char *
• enhance and stylify comments
• a little KNF and simplifications
• #ifdef DEBUG: replace strchr and strstr with ucstrchr and ucstrstr
that take and return a non-const char *, and fix the violations
• new cstrchr, cstrstr (take and give const char *)
• new vstrchr, vstrstr (take const or not, give boolean value)
• new afreechk(x) = afreechv(x,x) = if (x1) afree(x2, ATEMP)
• new ksh_isdash(str) = (str != NULL) && !strcmp(str, "-")
• replace the only use of strrchr with inlined code to shrink
• minor man page fixes
• Minix 3 signames are autogenerated with gcc
• rename strlfun.c to strlcpy.c since we don't do strlcat(3) anyway,
only strlcpy(3), and shorten it
• dot.mkshrc: move MKSH=… down to the export line
to not disturb the PS1 visual impression ☺
• dot.mkshrc: Lstripcom(): optimise
• bump version
¹) side effect from creating API-correct cstrchr, cstrstr, etc.
uses goto so it must be better ☻
tested on mirbsd-current via both Makefile and Build.sh
where we had 'noreturn' etc. but no '__noreturn__')
* Scan for __attribute__((bounded)) and __attribute__((used))
if we have __attribute__((noreturn))
* To be able to scan if certain attributes give warnings,
scan for -Werror with a simple programme which hopefully triggers none
* Convert __attribute__((unused)) to __unused, noreturn -> __dead
* Unify other attributes
* Clean up typography a little more
* 'sigseen' in Build.sh goes away
* Signal name existence is checked in this order:
have our own¹ -> sys_signame[] -> _sys_signame[] -> build our own²
* Signal description existence is checked in this order:
sys_siglist[] -> _sys_siglist[] -> strsignal() -> NULL³
¹ Predefined list of items, for operating systems where we
cannot build² them, i.e. Plan 9 and Minix 3 (e.g. no $CPP -dD)
² The usual cpp(1) stuff
³ Changed later, see below
* Make $CPP test dependent on $NEED_MKSH_SIGNAME (others can
be added here, this is not absolute)
* Make signal name list generation² dependent on $NEED_MKSH_SIGNAME
* Fix check if the generation worked
* Guarantee that sigtraps[*].name and sigtraps[*].mess are valid
C strings; this makes the code shorter *and* removes a few pos-
sible nil pointer dereferences
* Embed autoconf'd usages of sys_sig* / strsignal / mksh_sigpairs
into inittraps()
* Check for each signal 0<=i<=NSIG that
name is not NULL or "" -> replace with ("%d", i)
mess is not NULL or "" -> replace with ("Signal %d", i)
name does not start (case-insensitive) with "SIG" -> name += 3
* In gettrap(), fix check if signal name starts, case-sensitive
or case-insensitive, depending on need, with "SIG" (bug from millert@)
Other changes:
* Build.sh: ac_test[n]() are documented
* Build.sh: ac_test[n]() can have negative prereqs as well now
* Build.sh: use <<-'EOF' consistently
* bump patchlevel to today
return a value in case of an error (0 or the partial result, which
is the full result in case of trailing junk even), using it to rid
atoi() is possible, saving 9t 4d 1i
* edit.c: remove debug stuff again; next time better use shl.c functions ;)
* sh.h: add format attributes to a few shf functions
* histrap.c, var.c: fix format string mistakes
* main.c, sh.h: error_prefix and warningf take bool not int
* misc.c: make chvt() stuff use shf_* functions
* misc.c: rewrite the TIOCSTTY stuff to be better integrated in mksh,
since it originally was an external patch
* misc.c: chvt() no longer fails if e.g. chown fails due to e.g. R/O / fs
* var.c: fix typeset padding for right-justified zero-filled
but sync RCS IDs for easier future adaption:
* Simplify savefd() by removing the "noclose" flag and make noclose
behavior the default. Almost all uses of savefd() are followed
by an implicit or explicit close.
* fix typos
* might as well make ksh_getopt() match real getopt(), ie. get rid of that
stupid EOF concept that was never true. adobriyan@gmail
* use SEEK_* for lseek()
* fix lint comments, no functional changes
* remove excessive optimization; from adobriyan@gmail
* only santa checks things twice; from adobriyan@gmail
* Interpret zero-filled numbers as decimal; PR 4213; from Alexey Dobriyan
tg