| History log of /src/lib/libc/gen/ctype_guard.h |
| Revision | | Date | Author | Comments |
| 1.8 |
| 15-Sep-2025 |
riastradh | ctype(3): New environment variable LIBC_ALLOWCTYPEABUSE.
If set, this does not force the ctype(3) functions to crash when
passed invalid inputs -- instead, they will return nonsense results,
and possibly print warnings to stderr, as is their right in
implementing undefined behaviour.
The nature of the nonsense results is unspecified. Currently, is*()
will always return true (even if that leads to mutually contradictory
conclusions, like isalpha and isdigit, or isgraph and isblank), and
tolower/toupper() will always return EOF. But perhaps in the future
the results may be randomized.
This way, if an application like firefox crashes on ctype abuse, you
can opt to accept the consequences of nonsense results instead by
running `env LIBC_ALLOWCTYPEABUSE= firefox' until the application is
fixed.
PR lib/58208: ctype(3) provides poor runtime feedback of abuse
|
| 1.7 |
| 31-Mar-2025 |
riastradh | branches: 1.7.4;
ctype(3): __strong_alias takes no semicolon, apparently.
Pacifies lint complaint:
/home/riastradh/netbsd/current/src/lib/libc/gen/ctype_.c(90): warning: empty declaration [0]
/home/riastradh/netbsd/current/src/lib/libc/gen/ctype_.c(158): warning: empty declaration [0]
(Maybe we should change __strong_alias and __weak_alias so they do
take semicolons like other top-level declarations...)
PR lib/58208: ctype(3) provides poor runtime feedback of abuse
|
| 1.6 |
| 30-Mar-2025 |
riastradh | ctype(3): Sprinkle _C_LABEL_STRING in a few more places.
Mostly for hygiene and to avoid raising questions about inconsistent
usage; this doesn't actually affect the build any more.
PR lib/58208: ctype(3) provides poor runtime feedback of abuse
|
| 1.5 |
| 30-Mar-2025 |
riastradh | ctype(3): Actually conditionalize guard page on shared libc.
Apparently we build the libc .o files with -fPIC too (I guess this is
so that libc.a works in position-independent executables? but why
don't they just use libc_pic.a?), so use a purpose-built cpp macro
_CTYPE_DYNAMIC for this instead of using __PIC__.
Now this shows the right symbol sizes:
$ readelf -s ctype_.pico | grep _C_ctype_tab_guarded_
3: 0000000000000000 4610 OBJECT LOCAL DEFAULT 11 _C_ctype_tab_guarded_
$ readelf -s ctype_.po | grep _C_ctype_tab_guarded_
3: 0000000000000000 514 OBJECT LOCAL DEFAULT 7 _C_ctype_tab_guarded_
$ readelf -s ctype_.o | grep _C_ctype_tab_guarded_
3: 0000000000000000 514 OBJECT LOCAL DEFAULT 7 _C_ctype_tab_guarded_
PR lib/58208: ctype(3) provides poor runtime feedback of abuse
|
| 1.4 |
| 30-Mar-2025 |
riastradh | ctype(3): Disable guard page in static libc.
Adding the guard page may have overflown several small installation
media. Let's try to keep this case small.
Update the tests to detect the cases where we will be running against
a libc without a guard page on the LC_CTYPE=C tables, and skip
testing abuse detection when it would rely on the guard page.
PR lib/58208: ctype(3) provides poor runtime feedback of abuse
|
| 1.3 |
| 30-Mar-2025 |
riastradh | ctype(3): Simplify definitions of ctype/tolower/toupper tables.
Clarify comment while here.
No functional change intended. No change to `readelf -a' output on
amd64 or aarch64.
PR lib/58208: ctype(3) provides poor runtime feedback of abuse
|
| 1.2 |
| 29-Mar-2025 |
riastradh | libc: Restore ELF symbol sizes for _C_ctype_tab_ &c.
This is needed for dynamic position-dependent executables that refer
directly to _C_type_tab_ to get correct copy relocations to see the
table content.
Unfortunately, such executables won't get a guard page.
Fortunately, referring to _C_ctype_tab_ directly (and not the
indirection _ctype_tab_ as the ctype(3) macros do) is very weird and
unlikely to happen in the real world (none of the public interfaces
use it; it is exported for libc++.so/libstdc++.so to use, but those
aren't pies). So missing the guard page in this case is probably not
so bad.
The symbol sizes are also needed for, e.g., gdb to nicely identify
addresses that lie in the table.
PR lib/58208: ctype(3) provides poor runtime feedback of abuse
|
| 1.1 |
| 29-Mar-2025 |
riastradh | ctype(3): Put guard pages before the C ctype/tolower/toupper tables.
This also only affects machines where char is signed for now. (But
maybe it would be worth doing unconditionally; users could still try
to pass in explicit `signed char' inputs.)
PR lib/58208: ctype(3) provides poor runtime feedback of abuse
|
| 1.7.4.2 |
| 02-Aug-2025 |
perseant | Sync with HEAD
|
| 1.7.4.1 |
| 31-Mar-2025 |
perseant | file ctype_guard.h was added on branch perseant-exfatfs on 2025-08-02 05:54:36 +0000
|
