Commit Graph

44 Commits

Author SHA1 Message Date
tg 667d792d6a • Address concerns of Chris Palmer from the Android security team
– possible integer overflows in memory allocation, mostly
    ‣ multiplication: all are checked now
    ‣ addition: reviewed them, most were “proven” or guessed to be
      “almost” impossible to run over (e.g. when we have a string
      whose length is taken it is assumed that the length will be
      more than only a few bytes below SIZE_MAX, since code and
      stack have to fit); some are checked now (e.g. when one of
      the summands is an off_t); most of the unchecked ones are
      annotated now
    ⇒ cost (MirBSD/i386 static): +76 .text
    ⇒ cost (Debian sid/i386): +779 .text  -4 .data
  – on Linux targets, setuid() setresuid() setresgid() can fail
    with EAGAIN; check for that and, if so, warn once and retry
    infinitely (other targets to be added later once we know that
    they are “insane”)
    ⇒ cost (Debian sid/i386): +192 .text (includes .rodata)
• setmode.c: Do overflow checking for realloc() too; switch back
  from calloc() to a checked malloc() for simplification while there
• define -DIN_MKSH and let setmode.c look a tad nicer while here
2010-09-14 21:26:19 +00:00
tg 06c6be0a70 shave off another 468 bytes: we’re 300 bytes smaller than BEFORE the
cat builtin was added now… (also removed utf-8 from source files, in
favour of just ASCII)
2010-08-28 20:22:24 +00:00
tg e5e6857c43 (hopefully) fix the substitution thing for good 2010-02-25 20:18:19 +00:00
tg 4eb17f8752 remove some more of this ugliness 2010-01-29 09:34:31 +00:00
tg 0432f97ffe more KNF, mostly whitespace, this time more manual labour applying style(9) 2009-06-10 18:12:51 +00:00
tg 6b2ad96bac some rather mechanical KNF, now that style(9) clarified on the status
of sizeof() as a function-like unary operator; use parenthesēs around
sizeof and return args consistently too
2009-06-08 20:06:50 +00:00
tg b145ca5c9f • sync distrib/special/mksh/Makefile with bin/mksh/Build.sh and
fix the regression test’s results while here, which have been
  broken since cid 10049D9BE5254CE65B8
• get rid of separate copyright file which was intended for De-
  bian; track down commits in all files of oksh-mirbsd and mksh
  to get correct copyright years per-file, as is BSD custom
2009-05-16 16:59:42 +00:00
tg d2b5538f55 some int->bool, KNF, ... 2009-04-07 19:13:11 +00:00
tg 31d1499219 * back out almost all of the memory allocator related changes, as aalloc
was hard to type and hard to fix, galloc is also hard to fix, and some
  things I learned will probably improve things more but make me use the
  original form as base (especially for space savings)
* let sizeofN die though, remove even more casts
* optimise, polish
* regen Makefiles
* sprinkle a few /* CONSTCOND */ while here
2008-12-13 17:02:18 +00:00
tg 4d3fc2413e switch to a (nmemb,size) API from a (nmemb*size) API
cost: text += (308, 256, 4, -100)
2008-11-12 00:54:52 +00:00
tg c80c28633b change use of “Area *” to “PArea” and “struct Area” to “TArea”
no change in size (mgcc and pcc, small and full)
2008-11-11 23:50:31 +00:00
tg 88d7b7d08b • rewrite code to no longer use statements-as-expressions
• optimise a little
• Build.sh: remove HAVE_EXPSTMT test
• Build.sh, */Makefile: sort tests, regenerate
• mksh.hts: sync clog
2008-10-28 14:32:43 +00:00
tg c11187f993 fix some of the things scan-build[1] found (but not some false positives)
10x

From: Elias Pipping <elias@pipping.org>
[1] http://clang.llvm.org/StaticAnalysis.html
2008-10-13 23:06:04 +00:00
tg 7cf56cf53c pull in another fix from oksh:
plug a memleak when freeing io redirection in commands.
the leaked memory is actually reclaimed when the command
finishes but may grow until that happens, e.g. during
command execution.

ok phessler@.
testing sobrado@ jmc@ oga@.
2008-09-14 20:29:13 +00:00
tg ca7cd043db • bump NUFILE and FDBASE, allowing for more than 10 fds used by scripts
• change the code to accept more than a single digit for an fd
2008-07-09 21:32:45 +00:00
tg f17b8b1c8b • alloc() can’t fail, afree() can take NULL
‣ macro afreechk() is superfluous
• get rid of macro afreechv() by re-doing the “don’t leak that much” code
• some KNF (mostly, whitespace and 80c) while here
2008-05-17 18:47:03 +00:00
tg 9b62cf15bf • more unsigned → unsigned int
• more int → bool
• more regression tests: check if the utf8-hack flag is really disabled
  at non-interactive startup, enabled at interactive startup, if the
  current locale is a UTF-8 one
• make the mksh-local multibyte handling functions globally accessible,
  change their names, syntax and semantics a little (XXX more work needed)
• optimise
• utf_wctomb: src → dst, as we’re writing to that char array (pasto?)
• edit.c:x_e_getmbc(): if the second byte of a 2- or 3-byte multibyte
  sequence is invalid utf-8, ungetc it (not possible for the 3rd byte yet)
• edit.c:x_zotc3(): easier (and faster) handling of UTF-8
• implement, document and test for base-1 numbers: they just get the
  ASCII (8-bit) or Unicode (UTF-8) value of the octet(s) after the ‘1#’,
  or do the same as print \x## or \u#### (depending on the utf8-hack flag),
  plus support the PUA assignment of EF80‥EFFF for the MirBSD encoding “hack”
  (print doesn’t, as it has \x## and \u#### to distinguish, but we cannot use
  base-0 numbers which I had planned to use for raw octets first, as they are
  used internally): http://thread.gmane.org/gmane.os.miros.general/7938
• as an application example, add a hexdumper to the regression tests ☺
2008-04-19 22:15:06 +00:00
tg 4912b5cf67 quite a big change, but now the variables expanded are not
scanned for slashes, plus the ADELIM code gets more use and
a bugfix ☺
2008-03-01 21:10:26 +00:00
tg 0f1501326b clean up, optimise, comment code 2008-02-26 21:08:33 +00:00
tg 5ea53a15c7 implement “here strings” 2008-02-26 20:43:11 +00:00
tg 3b5bbaefcb optimise (struct padding, function→macro, etc.) 2007-10-25 15:19:16 +00:00
tg 26a6e5acc9 make this pass varexpand-substr-1 and ‘c’ of varexpand-substr-2
by actually using the lexer and parser for that
2007-07-06 01:53:36 +00:00
tg 0989f7da67 Fix for Coverity CID#2: false bug, but still a problem.
Analysis:
internal_errorf(int, fmt, ...) was only a __dead function if the int argument
was non-0, which the Prevent probably was unable to follow. Change all uses of
internal_errorf(0, fmt, ...) to internal_warningf(fmt, ...); change the pro-
totype of internal_errorf() to internal_errorf(fmt, ...) and all remaining
uses remove the non-0 int argument; add __dead to internal_errorf() proto;
flesh out guts of internal_errorf() and internal_warningf() into a new local
function for optimisation purposes.

Some whitespace cleanup and dead code removal (return after internal_errorf(1))
2007-05-13 17:51:24 +00:00
tg 83c2ee87f4 • remove strcasestr.c, use home-grown implementation¹, call it stricmp,
and have it return an API-correct const char *
• enhance and stylify comments
• a little KNF and simplifications
• #ifdef DEBUG: replace strchr and strstr with ucstrchr and ucstrstr
  that take and return a non-const char *, and fix the violations
• new cstrchr, cstrstr (take and give const char *)
• new vstrchr, vstrstr (take const or not, give boolean value)
• new afreechk(x) = afreechv(x,x) = if (x1) afree(x2, ATEMP)
• new ksh_isdash(str) = (str != NULL) && !strcmp(str, "-")
• replace the only use of strrchr with inlined code to shrink
• minor man page fixes
• Minix 3 signames are autogenerated with gcc
• rename strlfun.c to strlcpy.c since we don't do strlcat(3) anyway,
  only strlcpy(3), and shorten it
• dot.mkshrc: move MKSH=… down to the export line
  to not disturb the PS1 visual impression ☺
• dot.mkshrc: Lstripcom(): optimise
• bump version

¹) side effect from creating API-correct cstrchr, cstrstr, etc.
   uses goto so it must be better ☻

tested on mirbsd-current via both Makefile and Build.sh
2007-03-04 03:04:28 +00:00
tg 62b347a1b0 merge the const branch +- a few 2007-03-04 00:13:17 +00:00
tg 151d913115 remove all but these __CRAZY=Yes build warnings:
main.c: In function 'main':
 main.c:208: warning: cast discards qualifiers from pointer target type
 main.c:329: warning: cast discards qualifiers from pointer target type

no warnings at autoconf time left either; will take care of these two later
(might revisit changes from this commit), maybe change declararion for the
builtins to have their argv[] be const strings, and go through strict type
and qualifier checking again. this'll further improve stability.

XXX these changes might have introduced (more?) memory leaks,
XXX someone who knows about these tools should verify with
XXX automatic memory usage analysers (valgrind?)

still passes testsuite
2006-11-12 14:58:16 +00:00
tg c2aec39358 save 176 text (92 text 32 bss relative to before last commit)
by making correct use of shf_* functions
2006-11-10 00:09:27 +00:00
tg 320f503391 get rid of ulton() - a joke
saves 32 bss, but adds 84 text oO
2006-11-09 23:55:52 +00:00
tg 7672b9b346 apply some fixes from OpenBSD and don't apply some others
but sync RCS IDs for easier future adaption:
* Simplify savefd() by removing the "noclose" flag and make noclose
  behavior the default. Almost all uses of savefd() are followed
  by an implicit or explicit close.
* fix typos
* might as well make ksh_getopt() match real getopt(), ie. get rid of that
  stupid EOF concept that was never true. adobriyan@gmail
* use SEEK_* for lseek()
* fix lint comments, no functional changes
* remove excessive optimization; from adobriyan@gmail
* only santa checks things twice; from adobriyan@gmail
* Interpret zero-filled numbers as decimal; PR 4213; from Alexey Dobriyan
2006-05-10 18:54:13 +00:00
tg 95cfad6339 * only have one $MirOS RCS ID per file to shrink source size
(this is an exception from normal use)
* bump to R26
2005-11-22 18:40:44 +00:00
tg a21be8d676 some lint cleanup 2005-06-08 22:34:03 +00:00
tg cd7b8bd79b Add mirbsdksh R21, which was developed in a temporary external CVS repo-
sitory whose ChangeLog follows. mksh R21 is licenced under the MirOS li-
cence, shown in "sh.h", and a two-clause UCB-style licence by Marc Espie
as shown in "alloc.c".

This executable is a fair bit smaller and shorter than our /bin/ksh that
it is designed to eventually replace (as /bin/sh hardlink), with the old
/bin/ksh to completely vanish. It is still in beta testing though, and I
don't think it will compile on other operating systems.

mksh R21 is a completely new port, bringing together the OpenBSD-current
/bin/ksh, the MirOS-current /bin/ksh and the older mksh R20 (which still
was portable, ocvs-based).
2005-05-23 03:06:10 +00:00
tg d8d708aa45 * un-hook bin/ksh, usr.bin/xmlwf and lib/libexpat from the build
- expat as discussed with bsiegert@ today on the phone
  - ksh as announced earlier on the lists
* un-hook lib/libexpat from make includes
* remove /usr/include/{,open}ssl upgrade workaround from includes/Makefile
* nuke old bin/ksh
* nuke libexpat and xmlwf
2005-10-21 11:33:15 +00:00
tg a90702a5a1 Initial revision 2005-03-06 15:42:55 +00:00
tg d5ff21ea1d (anything *)0 -> NULL 2004-12-18 19:22:30 +00:00
tg 4c4a9323f8 unifdef: KSH
no binary change
2004-12-18 18:58:32 +00:00
tg 97d9512149 bump to mksh R19 2004-12-10 18:12:32 +00:00
tg 7920708324 Initial revision 2004-12-10 18:12:29 +00:00
tg b2de14e57c run GNU protoize
protect header files
nuke some dead code
regenerate configure script
let silly code die
2004-10-28 11:53:44 +00:00
tg 75e25d6e50 de-register, de-inline, de-__P 2004-10-28 11:11:19 +00:00
tg 7ad780aa98 -Wall -Werror -W -pedantic clean 2004-10-28 11:03:24 +00:00
tg ecdd4d5568 unify spacing of RCS IDs 2004-09-21 11:57:17 +00:00
tg 6c8eabf72e polish, mop up whitespace, etc.
passes regressions on MirOS
2004-05-24 19:56:25 +00:00
tg 80609f6010 This commit was generated by cvs2svn to compensate for changes in r2, which
included commits to RCS files with non-trunk default branches.
2003-03-22 17:35:03 +00:00