Improve memory safety

This commit makes numerous refinements to cosmopolitan memory handling.

The default stack size has been reduced from 2mb to 128kb. A new macro
is now provided so you can easily reconfigure the stack size to be any
value you want. Work around the breaking change by adding to your main:

    STATIC_STACK_SIZE(0x00200000);  // 2mb stack

If you're not sure how much stack you need, then you can use:

    STATIC_YOINK("stack_usage_logging");

After which you can `sort -nr o/$MODE/stack.log`. Based on the unit test
suite, nothing in the Cosmopolitan repository (except for Python) needs
a stack size greater than 30kb. There are also new macros for detecting
the size and address of the stack at runtime, e.g. GetStackAddr(). We
also now support sigaltstack() so if you want to see nice looking crash
reports whenever a stack overflow happens, you can put this in main():

    ShowCrashReports();

Under `make MODE=dbg` and `make MODE=asan` the unit testing framework
will now automatically print backtraces of memory allocations when
things like memory leaks happen. Bugs are now fixed in ASAN global
variable overrun detection. The memtrack and asan runtimes also handle
edge cases now. The new tools helped to identify a few memory leaks,
which are fixed by this change.

This change should fix an issue reported in #288 with ARG_MAX limits.
Fixing this doubled the performance of MKDEPS.COM and AR.COM yet again.
This commit is contained in:
Justine Tunney 2021-10-13 17:27:13 -07:00
parent a0b39f886c
commit 226aaf3547
317 changed files with 6474 additions and 3993 deletions

View file

@ -17,7 +17,6 @@ COSMOPOLITAN_C_START_
int abs(int) libcesque pureconst;
long labs(long) libcesque pureconst;
long long llabs(long long) libcesque pureconst;
int llog10(unsigned long) libcesque pureconst;
int atoi(const char *) paramsnonnull() libcesque;
long atol(const char *) paramsnonnull() libcesque;
long long atoll(const char *) paramsnonnull() libcesque;

View file

@ -42,6 +42,15 @@
static const char kSpecialFloats[2][2][4] = {{"INF", "inf"}, {"NAN", "nan"}};
static void __fmt_free_dtoa(char **mem) {
if (*mem) {
if (weaken(freedtoa)) {
weaken(freedtoa)(*mem);
}
*mem = 0;
}
}
static int __fmt_atoi(const char **str) {
int i;
for (i = 0; '0' <= **str && **str <= '9'; ++*str) {
@ -135,11 +144,12 @@ hidden int __fmt(void *fn, void *arg, const char *format, va_list va) {
int (*out)(const char *, void *, size_t);
unsigned char signbit, log2base;
int c, d, k, w, n, i1, ui, bw, bex;
char *s, *q, *se, qchar, special[8];
char *s, *q, *se, *mem, qchar, special[8];
int sgn, alt, sign, prec, prec1, flags, width, decpt, lasterr;
lasterr = errno;
out = fn ? fn : (void *)missingno;
mem = 0;
while (*format) {
if (*format != '%') {
@ -388,7 +398,8 @@ hidden int __fmt(void *fn, void *arg, const char *format, va_list va) {
p = "?";
goto FormatThatThing;
}
s = weaken(__fmt_dtoa)(pun.d, 3, prec, &decpt, &sgn, &se);
assert(!mem);
s = mem = weaken(__fmt_dtoa)(pun.d, 3, prec, &decpt, &sgn, &se);
if (decpt == 9999) {
Format9999:
bzero(special, sizeof(special));
@ -402,6 +413,8 @@ hidden int __fmt(void *fn, void *arg, const char *format, va_list va) {
}
memcpy(q, kSpecialFloats[*s == 'N'][d >= 'a'], 4);
FormatThatThing:
__fmt_free_dtoa(&mem);
mem = 0;
prec = alt = 0;
flags &= ~(FLAGS_PRECISION | FLAGS_PLUS | FLAGS_SPACE);
goto FormatString;
@ -462,6 +475,7 @@ hidden int __fmt(void *fn, void *arg, const char *format, va_list va) {
while (--width >= 0) {
PUT(' ');
}
__fmt_free_dtoa(&mem);
continue;
case 'G':
@ -477,7 +491,9 @@ hidden int __fmt(void *fn, void *arg, const char *format, va_list va) {
p = "?";
goto FormatThatThing;
}
s = weaken(__fmt_dtoa)(pun.d, prec ? 2 : 0, prec, &decpt, &sgn, &se);
assert(!mem);
s = mem =
weaken(__fmt_dtoa)(pun.d, prec ? 2 : 0, prec, &decpt, &sgn, &se);
if (decpt == 9999) goto Format9999;
c = se - s;
prec1 = prec;
@ -512,7 +528,8 @@ hidden int __fmt(void *fn, void *arg, const char *format, va_list va) {
p = "?";
goto FormatThatThing;
}
s = weaken(__fmt_dtoa)(pun.d, 2, prec + 1, &decpt, &sgn, &se);
assert(!mem);
s = mem = weaken(__fmt_dtoa)(pun.d, 2, prec + 1, &decpt, &sgn, &se);
if (decpt == 9999) goto Format9999;
FormatExpo:
if (sgn) sign = '-';
@ -547,6 +564,7 @@ hidden int __fmt(void *fn, void *arg, const char *format, va_list va) {
}
PUT(c);
}
__fmt_free_dtoa(&mem);
PUT(d);
if (decpt < 0) {
PUT('-');
@ -721,5 +739,7 @@ hidden int __fmt(void *fn, void *arg, const char *format, va_list va) {
break;
}
}
assert(!mem);
return 0;
}

View file

@ -16,6 +16,10 @@ COSMOPOLITAN_C_START_
- uint128toarray_radix10(0x31337, a) l: 93 (27ns) m: 141 (41ns)
- int128toarray_radix10(0x31337, a) l: 96 (28ns) m: 173 (51ns) */
unsigned LengthInt64(int64_t) pureconst;
unsigned LengthUint64(uint64_t) pureconst;
unsigned LengthInt64Thousands(int64_t) pureconst;
unsigned LengthUint64Thousands(uint64_t) pureconst;
char *FormatInt32(char[hasatleast 12], int32_t);
char *FormatUint32(char[hasatleast 12], uint32_t);
char *FormatInt64(char[hasatleast 21], int64_t);

102
libc/fmt/kdos2errno.S Normal file
View file

@ -0,0 +1,102 @@
/*-*- mode:unix-assembly; indent-tabs-mode:t; tab-width:8; coding:utf-8 -*-│
vi: set et ft=asm ts=8 tw=8 fenc=utf-8 :vi
Copyright 2021 Justine Alexandra Roberts Tunney
Permission to use, copy, modify, and/or distribute this software for
any purpose with or without fee is hereby granted, provided that the
above copyright notice and this permission notice appear in all copies.
THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL
WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE
AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER
TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
PERFORMANCE OF THIS SOFTWARE.
*/
#include "libc/nt/errors.h"
#include "libc/macros.internal.h"
// @fileoverview data structure for __dos2errno()
.macro .e doscode systemv
.short \doscode
.long \systemv - kDos2Errno
.endm
.section .rodata
kDos2Errno:
.e kNtErrorModNotFound,ENOSYS
.e kNtErrorBadCommand,EACCES
.e kNtErrorBadLength,EACCES
.e kNtErrorBadNetpath,ENOENT
.e kNtErrorBadNetName,ENOENT
.e kNtErrorBadNetResp,ENETDOWN
.e kNtErrorBadPathname,ENOENT
.e kNtErrorCannotMake,EACCES
.e kNtErrorCommitmentLimit,ENOMEM
.e kNtErrorConnectionAborted,ECONNABORTED
.e kNtErrorConnectionActive,EISCONN
.e kNtErrorConnectionRefused,ECONNREFUSED
.e kNtErrorCrc,EACCES
.e kNtErrorDirNotEmpty,ENOTEMPTY
.e kNtErrorDupName,EADDRINUSE
.e kNtErrorFilenameExcedRange,ENOENT
.e kNtErrorGenFailure,EACCES
.e kNtErrorGracefulDisconnect,EPIPE
.e kNtErrorHostDown,EHOSTUNREACH
.e kNtErrorHostUnreachable,EHOSTUNREACH
.e kNtErrorInsufficientBuffer,EFAULT
.e kNtErrorInvalidAddress,EADDRNOTAVAIL
.e kNtErrorInvalidFunction,EINVAL
.e kNtErrorInvalidNetname,EADDRNOTAVAIL
.e kNtErrorInvalidUserBuffer,EMSGSIZE
.e kNtErrorIoPending,EINPROGRESS
.e kNtErrorLockViolation,EACCES
.e kNtErrorMoreData,EMSGSIZE
.e kNtErrorNetnameDeleted,ECONNABORTED
.e kNtErrorNetworkAccessDenied,EACCES
.e kNtErrorNetworkBusy,ENETDOWN
.e kNtErrorNetworkUnreachable,ENETUNREACH
.e kNtErrorNoaccess,EFAULT
.e kNtErrorNonpagedSystemResources,ENOMEM
.e kNtErrorNotEnoughMemory,ENOMEM
.e kNtErrorNotEnoughQuota,ENOMEM
.e kNtErrorNotFound,ENOENT
.e kNtErrorNotLocked,EACCES
.e kNtErrorNotReady,EACCES
.e kNtErrorNotSupported,ENOTSUP
.e kNtErrorNoMoreFiles,ENOENT
.e kNtErrorNoSystemResources,ENOMEM
.e kNtErrorOperationAborted,EINTR
.e kNtErrorOutOfPaper,EACCES
.e kNtErrorPagedSystemResources,ENOMEM
.e kNtErrorPagefileQuota,ENOMEM
.e kNtErrorPipeNotConnected,EPIPE
.e kNtErrorPortUnreachable,ECONNRESET
.e kNtErrorProtocolUnreachable,ENETUNREACH
.e kNtErrorRemNotList,ECONNREFUSED
.e kNtErrorRequestAborted,EINTR
.e kNtErrorReqNotAccep,EWOULDBLOCK
.e kNtErrorSectorNotFound,EACCES
.e kNtErrorSemTimeout,ETIMEDOUT
.e kNtErrorSharingViolation,EACCES
.e kNtErrorTooManyNames,ENOMEM
.e kNtErrorUnexpNetErr,ECONNABORTED
.e kNtErrorWorkingSetQuota,ENOMEM
.e kNtErrorWriteProtect,EACCES
.e kNtErrorWrongDisk,EACCES
.e WSAEACCES,EACCES
.e WSAEDISCON,EPIPE
.e WSAEFAULT,EFAULT
.e WSAEINPROGRESS,EBUSY
.e WSAEINVAL,EINVAL
.e WSAEPROCLIM,ENOMEM
.e WSAESHUTDOWN,EPIPE
.e WSANOTINITIALISED,ENETDOWN
.e WSASYSNOTREADY,ENETDOWN
.e WSAVERNOTSUPPORTED,ENOSYS
.short 0
.endobj kDos2Errno,globl,hidden

98
libc/fmt/lengthuint64.c Normal file
View file

@ -0,0 +1,98 @@
/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:2;tab-width:8;coding:utf-8 -*-│
vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi
Copyright 2021 Justine Alexandra Roberts Tunney
Permission to use, copy, modify, and/or distribute this software for
any purpose with or without fee is hereby granted, provided that the
above copyright notice and this permission notice appear in all copies.
THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL
WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE
AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER
TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
PERFORMANCE OF THIS SOFTWARE.
*/
#include "libc/fmt/itoa.h"
static const uint64_t kTens[] = {
1ull,
10ull,
100ull,
1000ull,
10000ull,
100000ull,
1000000ull,
10000000ull,
100000000ull,
1000000000ull,
10000000000ull,
100000000000ull,
1000000000000ull,
10000000000000ull,
100000000000000ull,
1000000000000000ull,
10000000000000000ull,
100000000000000000ull,
1000000000000000000ull,
10000000000000000000ull,
};
static const unsigned char kTensIndex[] = {
0, 0, 0, 1, 1, 1, 2, 2, 2, 3, 3, 3, 3, 4, 4, 4, //
5, 5, 5, 6, 6, 6, 6, 7, 7, 7, 8, 8, 8, 9, 9, 9, //
10, 10, 10, 11, 11, 11, 12, 12, 12, 12, 13, 13, 13, 14, 14, 14, //
15, 15, 15, 15, 16, 16, 16, 17, 17, 17, 18, 18, 18, 18, 19, 19, //
};
/**
* Returns `len(str(x))` where x is an unsigned 64-bit integer.
*/
unsigned LengthUint64(uint64_t x) {
unsigned w;
if (x) {
w = kTensIndex[63 ^ __builtin_clzll(x)];
w += x >= kTens[w];
return w;
} else {
return 1;
}
}
/**
* Returns `len(str(x))` where x is a signed 64-bit integer.
*/
unsigned LengthInt64(int64_t x) {
if (x >= 0) {
return LengthUint64(x);
} else {
return 1 + LengthUint64(-(uint64_t)x);
}
}
/**
* Returns decimal string length of uint64 w/ thousands separators.
*/
unsigned LengthUint64Thousands(uint64_t x) {
unsigned w;
w = LengthUint64(x);
w += (w - 1) / 3;
return w;
}
/**
* Returns decimal string length of int64 w/ thousands separators.
*/
unsigned LengthInt64Thousands(int64_t x) {
unsigned w;
if (x >= 0) {
w = LengthUint64(x);
return w + (w - 1) / 3;
} else {
w = LengthUint64(-(uint64_t)x);
return 1 + w + (w - 1) / 3;
}
}

View file

@ -0,0 +1,41 @@
/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:2;tab-width:8;coding:utf-8 -*-│
vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi
Copyright 2020 Justine Alexandra Roberts Tunney
Permission to use, copy, modify, and/or distribute this software for
any purpose with or without fee is hereby granted, provided that the
above copyright notice and this permission notice appear in all copies.
THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL
WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE
AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER
TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
PERFORMANCE OF THIS SOFTWARE.
*/
#include "libc/errno.h"
#include "libc/nt/errors.h"
#include "libc/sock/sock.h"
struct thatispacked Dos2Errno {
uint16_t doscode;
int32_t systemv;
};
extern const struct Dos2Errno kDos2Errno[];
/**
* Translates Windows error using superset of consts.sh.
*/
textwindows errno_t __dos2errno(uint32_t error) {
int i;
for (i = 0; kDos2Errno[i].doscode; ++i) {
if (error == kDos2Errno[i].doscode) {
return *(const int *)((intptr_t)kDos2Errno + kDos2Errno[i].systemv);
}
}
return error;
}

View file

@ -21,6 +21,7 @@
#include "libc/fmt/conv.h"
#include "libc/fmt/fmts.h"
#include "libc/fmt/internal.h"
#include "libc/limits.h"
#define BUFFER_SIZE 144
@ -31,7 +32,6 @@ static int __fmt_ntoa_format(int out(const char *, void *, size_t), void *arg,
unsigned log2base, unsigned prec, unsigned width,
unsigned char flags) {
unsigned i;
/* pad leading zeros */
if (!(flags & FLAGS_LEFT)) {
if (width && (flags & FLAGS_ZEROPAD) &&
@ -45,7 +45,6 @@ static int __fmt_ntoa_format(int out(const char *, void *, size_t), void *arg,
buf[len++] = '0';
}
}
/* handle hash */
if (flags & FLAGS_HASH) {
if (!(flags & FLAGS_PRECISION) && len &&
@ -64,7 +63,6 @@ static int __fmt_ntoa_format(int out(const char *, void *, size_t), void *arg,
buf[len++] = '0';
}
}
if (len < BUFFER_SIZE) {
if (negative) {
buf[len++] = '-';
@ -74,17 +72,14 @@ static int __fmt_ntoa_format(int out(const char *, void *, size_t), void *arg,
buf[len++] = ' ';
}
}
/* pad spaces up to given width */
if (!(flags & FLAGS_LEFT) && !(flags & FLAGS_ZEROPAD)) {
if (len < width) {
if (__fmt_pad(out, arg, width - len) == -1) return -1;
}
}
reverse(buf, len);
if (out(buf, arg, len) == -1) return -1;
/* append pad spaces up to given width */
if (flags & FLAGS_LEFT) {
if (len < width) {
@ -97,6 +92,7 @@ static int __fmt_ntoa_format(int out(const char *, void *, size_t), void *arg,
int __fmt_ntoa2(int out(const char *, void *, size_t), void *arg,
uintmax_t value, bool neg, unsigned log2base, unsigned prec,
unsigned width, unsigned flags, const char *alphabet) {
uint64_t u64;
uintmax_t remainder;
unsigned len, count, digit;
char buf[BUFFER_SIZE];
@ -105,10 +101,15 @@ int __fmt_ntoa2(int out(const char *, void *, size_t), void *arg,
if (value || !(flags & FLAGS_PRECISION)) {
count = 0;
do {
assert(len < BUFFER_SIZE);
if (!log2base) {
value = __udivmodti4(value, 10, &remainder);
digit = remainder;
if (value <= UINT64_MAX) {
u64 = value;
digit = u64 % 10;
value = u64 / 10;
} else {
value = __udivmodti4(value, 10, &remainder);
digit = remainder;
}
} else {
digit = value;
digit &= (1u << log2base) - 1;
@ -122,6 +123,7 @@ int __fmt_ntoa2(int out(const char *, void *, size_t), void *arg,
}
buf[len++] = alphabet[digit];
} while (value);
assert(count <= BUFFER_SIZE);
}
return __fmt_ntoa_format(out, arg, buf, len, neg, log2base, prec, width,
flags);

View file

@ -22,7 +22,7 @@
* Converts errno value to string non-reentrantly.
* @see strerror_r()
*/
char *strerror(int err) {
noasan char *strerror(int err) {
_Alignas(1) static char buf[512];
strerror_r(err, buf, sizeof(buf));
return buf;

View file

@ -21,11 +21,20 @@
#include "libc/errno.h"
#include "libc/fmt/fmt.h"
#include "libc/fmt/itoa.h"
#include "libc/log/libfatal.internal.h"
#include "libc/macros.internal.h"
#include "libc/nexgen32e/bsr.h"
#include "libc/nt/enum/formatmessageflags.h"
#include "libc/nt/enum/lang.h"
#include "libc/nt/memory.h"
#include "libc/nt/process.h"
#include "libc/nt/runtime.h"
#include "libc/str/str.h"
#include "libc/str/tpenc.h"
#if !IsTiny()
STATIC_YOINK("__dos2errno");
#endif
struct Error {
int x;
@ -35,7 +44,7 @@ struct Error {
extern const struct Error kErrorNames[];
extern const struct Error kErrorNamesLong[];
static const char *GetErrorName(long x) {
noasan static inline const char *GetErrorName(long x) {
int i;
if (x) {
for (i = 0; kErrorNames[i].x; ++i) {
@ -47,7 +56,7 @@ static const char *GetErrorName(long x) {
return "EUNKNOWN";
}
static const char *GetErrorNameLong(long x) {
noasan static inline const char *GetErrorNameLong(long x) {
int i;
if (x) {
for (i = 0; kErrorNamesLong[i].x; ++i) {
@ -65,24 +74,51 @@ static const char *GetErrorNameLong(long x) {
* Converts errno value to string.
* @return 0 on success, or error code
*/
int strerror_r(int err, char *buf, size_t size) {
char *p;
noasan int strerror_r(int err, char *buf, size_t size) {
uint64_t w;
int c, i, n;
char *p, *e;
const char *s;
err &= 0xFFFF;
if (IsTiny()) {
s = GetErrorName(err);
} else {
s = GetErrorNameLong(err);
}
char16_t *ws = 0;
p = buf;
if (strlen(s) + 1 + 5 + 1 + 1 <= size) {
p = stpcpy(p, s);
*p++ = '[';
p += uint64toarray_radix10(err, p);
*p++ = ']';
e = p + size;
err &= 0xFFFF;
s = IsTiny() ? GetErrorName(err) : GetErrorNameLong(err);
while ((c = *s++)) {
if (p + 1 + 1 <= e) *p++ = c;
}
if (p - buf < size) {
*p++ = '\0';
if (!IsTiny()) {
if (p + 1 + 5 + 1 + 1 <= e) {
*p++ = '[';
p = __intcpy(p, err);
*p++ = ']';
}
if (IsWindows()) {
err = GetLastError() & 0xffff;
if ((n = FormatMessage(
kNtFormatMessageAllocateBuffer | kNtFormatMessageFromSystem |
kNtFormatMessageIgnoreInserts,
0, err, MAKELANGID(kNtLangNeutral, kNtSublangDefault),
(char16_t *)&ws, 0, 0))) {
while (n && ws[n - 1] <= L' ' || ws[n - 1] == L'.') --n;
if (p + 1 + 1 <= e) *p++ = '[';
for (i = 0; i < n; ++i) {
w = tpenc(ws[i] & 0xffff);
if (p + (bsrll(w) >> 3) + 1 + 1 <= e) {
do *p++ = w;
while ((w >>= 8));
}
}
if (p + 1 + 1 <= e) *p++ = ']';
LocalFree(ws);
}
if (p + 1 + 5 + 1 + 1 <= e) {
*p++ = '[';
p = __intcpy(p, err);
*p++ = ']';
}
}
}
if (p + 1 <= e) *p = 0;
return 0;
}