– possible integer overflows in memory allocation, mostly
‣ multiplication: all are checked now
‣ addition: reviewed them, most were “proven” or guessed to be
“almost” impossible to run over (e.g. when we have a string
whose length is taken it is assumed that the length will be
more than only a few bytes below SIZE_MAX, since code and
stack have to fit); some are checked now (e.g. when one of
the summands is an off_t); most of the unchecked ones are
annotated now
⇒ cost (MirBSD/i386 static): +76 .text
⇒ cost (Debian sid/i386): +779 .text -4 .data
– on Linux targets, setuid() setresuid() setresgid() can fail
with EAGAIN; check for that and, if so, warn once and retry
infinitely (other targets to be added later once we know that
they are “insane”)
⇒ cost (Debian sid/i386): +192 .text (includes .rodata)
• setmode.c: Do overflow checking for realloc() too; switch back
from calloc() to a checked malloc() for simplification while there
• define -DIN_MKSH and let setmode.c look a tad nicer while here
a string buffer whose window size is currently 32 (initial), your data
is 96 bytes, this routine used to resize the buffer to 64, append your
first 64 bytes to it (no matter if there's already something in it)
and then writes the remaining bytes to stdio fd instead of the string…
if it doesn’t SIGABRT before
discovered by wbx@ – thanks – bug inherited from pdksh 5.2.14 (AD 1999)
I read, IIRC in the Cederqvist, that 'cvs tag' sets a sticky tag onto
the cwd… it doesn’t, apparently. (I actually like it better this way,
but one needs to know!)
fix the regression test’s results while here, which have been
broken since cid 10049D9BE5254CE65B8
• get rid of separate copyright file which was intended for De-
bian; track down commits in all files of oksh-mirbsd and mksh
to get correct copyright years per-file, as is BSD custom
if ((flags & (1 | 2) == 0) || (flags & (1 | 2) == (1 | 2)))
to
if (!(flags & 1) ^ !(flags & 2))
which works because ! returns 1 or 0, making the ^ an ^^, and
because XOR survives NOTting its arguments
on Debian Lenny/amd64 (XXX need more verification; this
can be used for 64 bit arithmetics later too)
PPID, PGRP, RANDOM, USER_ID are now unsigned by default
was hard to type and hard to fix, galloc is also hard to fix, and some
things I learned will probably improve things more but make me use the
original form as base (especially for space savings)
* let sizeofN die though, remove even more casts
* optimise, polish
* regen Makefiles
* sprinkle a few /* CONSTCOND */ while here
fool the compiler into not doing static bounds checking when we do
one-past-the-array-boundary pointer assignments for cases where the
only accesses are like (*--pointer); bump version
‣ macro afreechk() is superfluous
• get rid of macro afreechv() by re-doing the “don’t leak that much” code
• some KNF (mostly, whitespace and 80c) while here
• more int → bool
• more regression tests: check if the utf8-hack flag is really disabled
at non-interactive startup, enabled at interactive startup, if the
current locale is a UTF-8 one
• make the mksh-local multibyte handling functions globally accessible,
change their names, syntax and semantics a little (XXX more work needed)
• optimise
• utf_wctomb: src → dst, as we’re writing to that char array (pasto?)
• edit.c:x_e_getmbc(): if the second byte of a 2- or 3-byte multibyte
sequence is invalid utf-8, ungetc it (not possible for the 3rd byte yet)
• edit.c:x_zotc3(): easier (and faster) handling of UTF-8
• implement, document and test for base-1 numbers: they just get the
ASCII (8-bit) or Unicode (UTF-8) value of the octet(s) after the ‘1#’,
or do the same as print \x## or \u#### (depending on the utf8-hack flag),
plus support the PUA assignment of EF80‥EFFF for the MirBSD encoding “hack”
(print doesn’t, as it has \x## and \u#### to distinguish, but we cannot use
base-0 numbers which I had planned to use for raw octets first, as they are
used internally): http://thread.gmane.org/gmane.os.miros.general/7938
• as an application example, add a hexdumper to the regression tests ☺
Analysis:
internal_errorf(int, fmt, ...) was only a __dead function if the int argument
was non-0, which the Prevent probably was unable to follow. Change all uses of
internal_errorf(0, fmt, ...) to internal_warningf(fmt, ...); change the pro-
totype of internal_errorf() to internal_errorf(fmt, ...) and all remaining
uses remove the non-0 int argument; add __dead to internal_errorf() proto;
flesh out guts of internal_errorf() and internal_warningf() into a new local
function for optimisation purposes.
Some whitespace cleanup and dead code removal (return after internal_errorf(1))
and have it return an API-correct const char *
• enhance and stylify comments
• a little KNF and simplifications
• #ifdef DEBUG: replace strchr and strstr with ucstrchr and ucstrstr
that take and return a non-const char *, and fix the violations
• new cstrchr, cstrstr (take and give const char *)
• new vstrchr, vstrstr (take const or not, give boolean value)
• new afreechk(x) = afreechv(x,x) = if (x1) afree(x2, ATEMP)
• new ksh_isdash(str) = (str != NULL) && !strcmp(str, "-")
• replace the only use of strrchr with inlined code to shrink
• minor man page fixes
• Minix 3 signames are autogenerated with gcc
• rename strlfun.c to strlcpy.c since we don't do strlcat(3) anyway,
only strlcpy(3), and shorten it
• dot.mkshrc: move MKSH=… down to the export line
to not disturb the PS1 visual impression ☺
• dot.mkshrc: Lstripcom(): optimise
• bump version
¹) side effect from creating API-correct cstrchr, cstrstr, etc.
uses goto so it must be better ☻
tested on mirbsd-current via both Makefile and Build.sh
XXX untested, may break things or have side effects
XXX not optimised and ugly as hell, can't we do it better?
XXX do I understand it entirely?
tested on sun4u -m64 only
but sync RCS IDs for easier future adaption:
* Simplify savefd() by removing the "noclose" flag and make noclose
behavior the default. Almost all uses of savefd() are followed
by an implicit or explicit close.
* fix typos
* might as well make ksh_getopt() match real getopt(), ie. get rid of that
stupid EOF concept that was never true. adobriyan@gmail
* use SEEK_* for lseek()
* fix lint comments, no functional changes
* remove excessive optimization; from adobriyan@gmail
* only santa checks things twice; from adobriyan@gmail
* Interpret zero-filled numbers as decimal; PR 4213; from Alexey Dobriyan
sitory whose ChangeLog follows. mksh R21 is licenced under the MirOS li-
cence, shown in "sh.h", and a two-clause UCB-style licence by Marc Espie
as shown in "alloc.c".
This executable is a fair bit smaller and shorter than our /bin/ksh that
it is designed to eventually replace (as /bin/sh hardlink), with the old
/bin/ksh to completely vanish. It is still in beta testing though, and I
don't think it will compile on other operating systems.
mksh R21 is a completely new port, bringing together the OpenBSD-current
/bin/ksh, the MirOS-current /bin/ksh and the older mksh R20 (which still
was portable, ocvs-based).
- expat as discussed with bsiegert@ today on the phone
- ksh as announced earlier on the lists
* un-hook lib/libexpat from make includes
* remove /usr/include/{,open}ssl upgrade workaround from includes/Makefile
* nuke old bin/ksh
* nuke libexpat and xmlwf
tg