Re: bug#8230: touch dumps core on solaris 10

2011-03-12 Thread Bruno Haible 
Paul Eggert wrote:
> That sounds good, but why make Solaris 9 a special case?
> Wouldn't it be simpler to do it for all platforms where gnulib
> defines futimens or utimensat functions?

The functions of the two cycles are available on the following platforms:

Cycle #1:
  futimensAIX 7, Cygwin 1.7, Solaris >= 10
  fdutimens   none
  futimesat   Cygwin 1.7, Solaris >= 9

Cycle #2:
  utimensat   AIX 7, Cygwin 1.7, Solaris >= 10
  utimens none
  futimesat   Cygwin 1.7, Solaris >= 9

On AIX, there's no problem, because AIX does not use the ELF format, therefore
a function definition in an executable cannot change how libc behaves. And on
Cygwin, all functions appeared at the same time.

I'm applying this patch:


2011-03-12  Bruno Haible  

futimens, utimensat: Avoid endless recursion on Solaris 10.
* lib/sys_stat.in.h (futimens, utimensat): Define with rpl_ prefix on
Solaris.
Reported by Ben Walton  via Eric Blake
in .

--- lib/sys_stat.in.h.orig  Sat Mar 12 12:51:25 2011
+++ lib/sys_stat.in.h   Sat Mar 12 12:50:23 2011
@@ -355,7 +355,11 @@
 
 
 #if @GNULIB_FUTIMENS@
-# if @REPLACE_FUTIMENS@
+/* Use the rpl_ prefix also on Solaris <= 9, because on Solaris 9 our futimens
+   implementation relies on futimesat, which on Solaris 10 makes an invocation
+   to futimens that is meant to invoke the libc's futimens(), not gnulib's
+   futimens().  */
+# if @REPLACE_FUTIMENS@ || defined __sun
 #  if !(defined __cplusplus && defined GNULIB_NAMESPACE)
 #   undef futimens
 #   define futimens rpl_futimens
@@ -368,7 +372,9 @@
 #  endif
 _GL_CXXALIAS_SYS (futimens, int, (int fd, struct timespec const times[2]));
 # endif
+# if @HAVE_FUTIMENS@
 _GL_CXXALIASWARN (futimens);
+# endif
 #elif defined GNULIB_POSIXCHECK
 # undef futimens
 # if HAVE_RAW_DECL_FUTIMENS
@@ -612,7 +618,11 @@
 
 
 #if @GNULIB_UTIMENSAT@
-# if @REPLACE_UTIMENSAT@
+/* Use the rpl_ prefix also on Solaris <= 9, because on Solaris 9 our utimensat
+   implementation relies on futimesat, which on Solaris 10 makes an invocation
+   to utimensat that is meant to invoke the libc's utimensat(), not gnulib's
+   utimensat().  */
+# if @REPLACE_UTIMENSAT@ || defined __sun
 #  if !(defined __cplusplus && defined GNULIB_NAMESPACE)
 #   undef utimensat
 #   define utimensat rpl_utimensat
@@ -631,7 +641,9 @@
 _GL_CXXALIAS_SYS (utimensat, int, (int fd, char const *name,
struct timespec const times[2], int flag));
 # endif
+# if @HAVE_UTIMENSAT@
 _GL_CXXALIASWARN (utimensat);
+# endif
 #elif defined GNULIB_POSIXCHECK
 # undef utimensat
 # if HAVE_RAW_DECL_UTIMENSAT
-- 
In memoriam Zoran Djindjić

wcswidth, mbswidth: add overflow check

2011-03-12 Thread Bruno Haible 
Hi,

On 2005-04-09, Jim noticed that mbswidth() can provoke integer overflow [1].
wcswidth() can do the same in gnulib, but the replacement in coreutils has
a safety check against it. Let's do the same in gnulib:

[1] http://lists.gnu.org/archive/html/bug-gnulib/2005-04/msg00022.html


2011-03-12  Bruno Haible  

wcswidth, mbswidth: Avoid integer overflow.
* lib/wcswidth.c: Include .
* lib/wcswidth-impl.h (wcswidth): Avoid 'int' overflow.
* lib/mbswidth.c: Include .
(mbsnwidth): Avoid 'int' overflow.
Reported by Jim Meyering.

--- lib/mbswidth.c.orig Sat Mar 12 13:50:16 2011
+++ lib/mbswidth.c  Sat Mar 12 13:50:11 2011
@@ -35,12 +35,14 @@
 /* Get iswcntrl().  */
 #include 
 
+/* Get INT_MAX.  */
+#include 
+
 /* Returns the number of columns needed to represent the multibyte
character string pointed to by STRING.  If a non-printable character
occurs, and MBSW_REJECT_UNPRINTABLE is specified, -1 is returned.
With flags = MBSW_REJECT_INVALID | MBSW_REJECT_UNPRINTABLE, this is
-   the multibyte analogue of the wcswidth function.
-   If STRING is not of length < INT_MAX / 2, integer overflow can occur.  */
+   the multibyte analogue of the wcswidth function.  */
 int
 mbswidth (const char *string, int flags)
 {
@@ -50,8 +52,7 @@
 /* Returns the number of columns needed to represent the multibyte
character string pointed to by STRING of length NBYTES.  If a
non-printable character occurs, and MBSW_REJECT_UNPRINTABLE is
-   specified, -1 is returned.
-   If NBYTES is not < INT_MAX / 2, integer overflow can occur.  */
+   specified, -1 is returned.  */
 int
 mbsnwidth (const char *string, size_t nbytes, int flags)
 {
@@ -135,11 +136,22 @@
 w = wcwidth (wc);
 if (w >= 0)
   /* A printable multibyte character.  */
-  width += w;
+  {
+if (w > INT_MAX - width)
+  goto overflow;
+width += w;
+  }
 else
   /* An unprintable multibyte character.  */
   if (!(flags & MBSW_REJECT_UNPRINTABLE))
-width += (iswcntrl (wc) ? 0 : 1);
+{
+  if (!iswcntrl (wc))
+{
+  if (width == INT_MAX)
+goto overflow;
+  width++;
+}
+}
   else
 return -1;
 
@@ -157,11 +169,25 @@
   unsigned char c = (unsigned char) *p++;
 
   if (isprint (c))
-width++;
+{
+  if (width == INT_MAX)
+goto overflow;
+  width++;
+}
   else if (!(flags & MBSW_REJECT_UNPRINTABLE))
-width += (iscntrl (c) ? 0 : 1);
+{
+  if (!iscntrl (c))
+{
+  if (width == INT_MAX)
+goto overflow;
+  width++;
+}
+}
   else
 return -1;
 }
   return width;
+
+ overflow:
+  return INT_MAX;
 }
--- lib/wcswidth-impl.h.origSat Mar 12 13:50:16 2011
+++ lib/wcswidth-impl.h Sat Mar 12 13:19:58 2011
@@ -28,6 +28,8 @@
 int width = wcwidth (c);
 if (width < 0)
   goto found_nonprinting;
+if (width > INT_MAX - count)
+  goto overflow;
 count += width;
   }
 }
@@ -35,4 +37,7 @@
 
  found_nonprinting:
   return -1;
+
+ overflow:
+  return INT_MAX;
 }
--- lib/wcswidth.c.orig Sat Mar 12 13:50:16 2011
+++ lib/wcswidth.c  Sat Mar 12 13:20:10 2011
@@ -20,4 +20,6 @@
 /* Specification.  */
 #include 
 
+#include 
+
 #include "wcswidth-impl.h"
-- 
In memoriam Zoran Djindjić

Support for options in valgrind-tests

2011-03-12 Thread Reuben Thomas 
Another day, another nice surprise from gnulib: it supports valgrind,
so I can remove my own code for that...only, no I can't, because I add
options (I add --error-exitcode=1 --leak-check=full).

So, two alternative suggestions:

1. Agree that these options are must-haves (rationale: one's code
shouldn't leak memory, so turn on full leak checking to make sure;
tests that cause valgrind errors should count as failures).

2. Add the possibility for options somehow. Is there a standard way in
which like things are achieved? I would imagine setting VALGRIND to
"VALGRIND -q \$(VALGRIND_OPTIONS)" so then I can just set
VALGRIND_OPTIONS in Makefile.am if I want to pass options, but maybe
that's a bad approach.

-- 
http://rrt.sc3d.org

warnings and -Werror

2011-03-12 Thread Reuben Thomas 
The documentation for the warnings module says:

"It allows to use ‘-Werror’ at ‘make distcheck’ time"

but gives no clue as to how this is done; nor is -Werror mentioned in
warnings.m4. Could we have a hint, please? (The documentation shows
how to make the set of warnings chosen only apply to certain
directories, but not how to make them apply to different targets,
AFAICS.)

-- 
http://rrt.sc3d.org

Re: bug#8230: touch dumps core on solaris 10

2011-03-12 Thread Ben Walton 
Excerpts from Bruno Haible's message of Sat Mar 12 07:11:51 -0500 2011:

Hi Bruno,

> I'm applying this patch:

Thanks for saving me the legwork on this.  The patch does correct the
problem.  I appreciate the quick turnaround on this.

Thanks
-Ben
--
Ben Walton
Systems Programmer - CHASS
University of Toronto
C:416.407.5610 | W:416.978.4302