• Home
  • History
  • Annotate
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*	$OpenBSD: findfp.c,v 1.15 2013/12/17 16:33:27 deraadt Exp $ */
2 /*-
3  * Copyright (c) 1990, 1993
4  *	The Regents of the University of California.  All rights reserved.
5  *
6  * This code is derived from software contributed to Berkeley by
7  * Chris Torek.
8  *
9  * Redistribution and use in source and binary forms, with or without
10  * modification, are permitted provided that the following conditions
11  * are met:
12  * 1. Redistributions of source code must retain the above copyright
13  *    notice, this list of conditions and the following disclaimer.
14  * 2. Redistributions in binary form must reproduce the above copyright
15  *    notice, this list of conditions and the following disclaimer in the
16  *    documentation and/or other materials provided with the distribution.
17  * 3. Neither the name of the University nor the names of its contributors
18  *    may be used to endorse or promote products derived from this software
19  *    without specific prior written permission.
20  *
21  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
22  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
25  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31  * SUCH DAMAGE.
32  */
33 
34 #define __BIONIC_NO_STDIO_FORTIFY
35 #include <stdio.h>
36 
37 #include <errno.h>
38 #include <fcntl.h>
39 #include <limits.h>
40 #include <paths.h>
41 #include <stdlib.h>
42 #include <string.h>
43 #include <sys/param.h>
44 #include <sys/stat.h>
45 #include <unistd.h>
46 
47 #include <async_safe/log.h>
48 
49 #include "local.h"
50 #include "glue.h"
51 #include "private/bionic_fortify.h"
52 #include "private/ErrnoRestorer.h"
53 #include "private/thread_private.h"
54 
55 #define ALIGNBYTES (sizeof(uintptr_t) - 1)
56 #define ALIGN(p) (((uintptr_t)(p) + ALIGNBYTES) &~ ALIGNBYTES)
57 
58 #define	NDYNAMIC 10		/* add ten more whenever necessary */
59 
60 #define PRINTF_IMPL(expr) \
61     va_list ap; \
62     va_start(ap, fmt); \
63     int result = (expr); \
64     va_end(ap); \
65     return result;
66 
67 #define std(flags, file) \
68     {0,0,0,flags,file,{0,0},0,__sF+file,__sclose,__sread,nullptr,__swrite, \
69     {(unsigned char *)(__sFext+file), 0},nullptr,0,{0},{0},{0,0},0,0}
70 
71 _THREAD_PRIVATE_MUTEX(__sfp_mutex);
72 
73 #define SBUF_INIT {}
74 #define WCHAR_IO_DATA_INIT {}
75 
76 static struct __sfileext __sFext[3] = {
77   { SBUF_INIT, WCHAR_IO_DATA_INIT, PTHREAD_RECURSIVE_MUTEX_INITIALIZER_NP, false, __sseek64 },
78   { SBUF_INIT, WCHAR_IO_DATA_INIT, PTHREAD_RECURSIVE_MUTEX_INITIALIZER_NP, false, __sseek64 },
79   { SBUF_INIT, WCHAR_IO_DATA_INIT, PTHREAD_RECURSIVE_MUTEX_INITIALIZER_NP, false, __sseek64 },
80 };
81 
82 // __sF is exported for backwards compatibility. Until M, we didn't have symbols
83 // for stdin/stdout/stderr; they were macros accessing __sF.
84 FILE __sF[3] = {
85   std(__SRD, STDIN_FILENO),
86   std(__SWR, STDOUT_FILENO),
87   std(__SWR|__SNBF, STDERR_FILENO),
88 };
89 
90 FILE* stdin = &__sF[0];
91 FILE* stdout = &__sF[1];
92 FILE* stderr = &__sF[2];
93 
94 struct glue __sglue = { nullptr, 3, __sF };
95 static struct glue* lastglue = &__sglue;
96 
97 class ScopedFileLock {
98  public:
ScopedFileLock(FILE * fp)99   explicit ScopedFileLock(FILE* fp) : fp_(fp) {
100     FLOCKFILE(fp_);
101   }
~ScopedFileLock()102   ~ScopedFileLock() {
103     FUNLOCKFILE(fp_);
104   }
105 
106  private:
107   FILE* fp_;
108 };
109 
moreglue(int n)110 static glue* moreglue(int n) {
111   static FILE empty;
112 
113   char* data = new char[sizeof(glue) + ALIGNBYTES + n * sizeof(FILE) + n * sizeof(__sfileext)];
114   if (data == nullptr) return nullptr;
115 
116   glue* g = reinterpret_cast<glue*>(data);
117   FILE* p = reinterpret_cast<FILE*>(ALIGN(data + sizeof(*g)));
118   __sfileext* pext = reinterpret_cast<__sfileext*>(ALIGN(data + sizeof(*g)) + n * sizeof(FILE));
119   g->next = nullptr;
120   g->niobs = n;
121   g->iobs = p;
122   while (--n >= 0) {
123     *p = empty;
124     _FILEEXT_SETUP(p, pext);
125     p++;
126     pext++;
127   }
128   return g;
129 }
130 
free_fgetln_buffer(FILE * fp)131 static inline void free_fgetln_buffer(FILE* fp) {
132   if (__predict_false(fp->_lb._base != nullptr)) {
133     free(fp->_lb._base);
134     fp->_lb._base = nullptr;
135   }
136 }
137 
138 /*
139  * Find a free FILE for fopen et al.
140  */
__sfp(void)141 FILE* __sfp(void) {
142 	FILE *fp;
143 	int n;
144 	struct glue *g;
145 
146 	_THREAD_PRIVATE_MUTEX_LOCK(__sfp_mutex);
147 	for (g = &__sglue; g != nullptr; g = g->next) {
148 		for (fp = g->iobs, n = g->niobs; --n >= 0; fp++)
149 			if (fp->_flags == 0)
150 				goto found;
151 	}
152 
153 	/* release lock while mallocing */
154 	_THREAD_PRIVATE_MUTEX_UNLOCK(__sfp_mutex);
155 	if ((g = moreglue(NDYNAMIC)) == nullptr) return nullptr;
156 	_THREAD_PRIVATE_MUTEX_LOCK(__sfp_mutex);
157 	lastglue->next = g;
158 	lastglue = g;
159 	fp = g->iobs;
160 found:
161 	fp->_flags = 1;		/* reserve this slot; caller sets real flags */
162 	_THREAD_PRIVATE_MUTEX_UNLOCK(__sfp_mutex);
163 	fp->_p = nullptr;		/* no current pointer */
164 	fp->_w = 0;		/* nothing to read or write */
165 	fp->_r = 0;
166 	fp->_bf._base = nullptr;	/* no buffer */
167 	fp->_bf._size = 0;
168 	fp->_lbfsize = 0;	/* not line buffered */
169 	fp->_file = -1;		/* no file */
170 
171 	fp->_lb._base = nullptr;	/* no line buffer */
172 	fp->_lb._size = 0;
173 
174 	memset(_EXT(fp), 0, sizeof(struct __sfileext));
175 	_FLOCK(fp) = PTHREAD_RECURSIVE_MUTEX_INITIALIZER_NP;
176 	_EXT(fp)->_caller_handles_locking = false;
177 
178 	// Caller sets cookie, _read/_write etc.
179 	// We explicitly clear _seek and _seek64 to prevent subtle bugs.
180 	fp->_seek = nullptr;
181 	_EXT(fp)->_seek64 = nullptr;
182 
183 	return fp;
184 }
185 
__libc_stdio_cleanup(void)186 extern "C" __LIBC_HIDDEN__ void __libc_stdio_cleanup(void) {
187   // Equivalent to fflush(nullptr), but without all the locking since we're shutting down anyway.
188   _fwalk(__sflush);
189 }
190 
__fopen(int fd,int flags)191 static FILE* __fopen(int fd, int flags) {
192 #if !defined(__LP64__)
193   if (fd > SHRT_MAX) {
194     errno = EMFILE;
195     return nullptr;
196   }
197 #endif
198 
199   FILE* fp = __sfp();
200   if (fp != nullptr) {
201     fp->_file = fd;
202     fp->_flags = flags;
203     fp->_cookie = fp;
204     fp->_read = __sread;
205     fp->_write = __swrite;
206     fp->_close = __sclose;
207     _EXT(fp)->_seek64 = __sseek64;
208   }
209   return fp;
210 }
211 
fopen(const char * file,const char * mode)212 FILE* fopen(const char* file, const char* mode) {
213   int mode_flags;
214   int flags = __sflags(mode, &mode_flags);
215   if (flags == 0) return nullptr;
216 
217   int fd = open(file, mode_flags, DEFFILEMODE);
218   if (fd == -1) {
219     return nullptr;
220   }
221 
222   FILE* fp = __fopen(fd, flags);
223   if (fp == nullptr) {
224     ErrnoRestorer errno_restorer;
225     close(fd);
226     return nullptr;
227   }
228 
229   // For append mode, even though we use O_APPEND, we need to seek to the end now.
230   if ((mode_flags & O_APPEND) != 0) __sseek64(fp, 0, SEEK_END);
231   return fp;
232 }
233 __strong_alias(fopen64, fopen);
234 
fdopen(int fd,const char * mode)235 FILE* fdopen(int fd, const char* mode) {
236   int mode_flags;
237   int flags = __sflags(mode, &mode_flags);
238   if (flags == 0) return nullptr;
239 
240   // Make sure the mode the user wants is a subset of the actual mode.
241   int fd_flags = fcntl(fd, F_GETFL, 0);
242   if (fd_flags == -1) return nullptr;
243   int tmp = fd_flags & O_ACCMODE;
244   if (tmp != O_RDWR && (tmp != (mode_flags & O_ACCMODE))) {
245     errno = EINVAL;
246     return nullptr;
247   }
248 
249   // Make sure O_APPEND is set on the underlying fd if our mode has 'a'.
250   // POSIX says we just take the current offset of the underlying fd.
251   if ((mode_flags & O_APPEND) && !(fd_flags & O_APPEND)) {
252     if (fcntl(fd, F_SETFL, fd_flags | O_APPEND) == -1) return nullptr;
253   }
254 
255   // Make sure O_CLOEXEC is set on the underlying fd if our mode has 'x'.
256   if ((mode_flags & O_CLOEXEC) && !((tmp = fcntl(fd, F_GETFD)) & FD_CLOEXEC)) {
257     fcntl(fd, F_SETFD, tmp | FD_CLOEXEC);
258   }
259 
260   return __fopen(fd, flags);
261 }
262 
263 // Re-direct an existing, open (probably) file to some other file.
264 // ANSI is written such that the original file gets closed if at
265 // all possible, no matter what.
266 // TODO: rewrite this mess completely.
freopen(const char * file,const char * mode,FILE * fp)267 FILE* freopen(const char* file, const char* mode, FILE* fp) {
268   CHECK_FP(fp);
269   int mode_flags;
270   int flags = __sflags(mode, &mode_flags);
271   if (flags == 0) {
272     fclose(fp);
273     return nullptr;
274   }
275 
276   ScopedFileLock sfl(fp);
277 
278   // There are actually programs that depend on being able to "freopen"
279   // descriptors that weren't originally open.  Keep this from breaking.
280   // Remember whether the stream was open to begin with, and which file
281   // descriptor (if any) was associated with it.  If it was attached to
282   // a descriptor, defer closing it; freopen("/dev/stdin", "r", stdin)
283   // should work.  This is unnecessary if it was not a Unix file.
284   int isopen, wantfd;
285   if (fp->_flags == 0) {
286     fp->_flags = __SEOF; // Hold on to it.
287     isopen = 0;
288     wantfd = -1;
289   } else {
290     // Flush the stream; ANSI doesn't require this.
291     if (fp->_flags & __SWR) __sflush(fp);
292 
293     // If close is null, closing is a no-op, hence pointless.
294     isopen = (fp->_close != nullptr);
295     if ((wantfd = fp->_file) < 0 && isopen) {
296         (*fp->_close)(fp->_cookie);
297         isopen = 0;
298     }
299   }
300 
301   // Get a new descriptor to refer to the new file.
302   int fd = open(file, mode_flags, DEFFILEMODE);
303   if (fd < 0 && isopen) {
304     // If out of fd's close the old one and try again.
305     if (errno == ENFILE || errno == EMFILE) {
306       (*fp->_close)(fp->_cookie);
307       isopen = 0;
308       fd = open(file, mode_flags, DEFFILEMODE);
309     }
310   }
311 
312   int sverrno = errno;
313 
314   // Finish closing fp.  Even if the open succeeded above, we cannot
315   // keep fp->_base: it may be the wrong size.  This loses the effect
316   // of any setbuffer calls, but stdio has always done this before.
317   if (isopen && fd != wantfd) (*fp->_close)(fp->_cookie);
318   if (fp->_flags & __SMBF) free(fp->_bf._base);
319   fp->_w = 0;
320   fp->_r = 0;
321   fp->_p = nullptr;
322   fp->_bf._base = nullptr;
323   fp->_bf._size = 0;
324   fp->_lbfsize = 0;
325   if (HASUB(fp)) FREEUB(fp);
326   _UB(fp)._size = 0;
327   WCIO_FREE(fp);
328   free_fgetln_buffer(fp);
329   fp->_lb._size = 0;
330 
331   if (fd < 0) { // Did not get it after all.
332     fp->_flags = 0; // Release.
333     errno = sverrno; // Restore errno in case _close clobbered it.
334     return nullptr;
335   }
336 
337   // If reopening something that was open before on a real file, try
338   // to maintain the descriptor.  Various C library routines (perror)
339   // assume stderr is always fd STDERR_FILENO, even if being freopen'd.
340   if (wantfd >= 0 && fd != wantfd) {
341     if (dup3(fd, wantfd, mode_flags & O_CLOEXEC) >= 0) {
342       close(fd);
343       fd = wantfd;
344     }
345   }
346 
347   // _file is only a short.
348   if (fd > SHRT_MAX) {
349       fp->_flags = 0; // Release.
350       errno = EMFILE;
351       return nullptr;
352   }
353 
354   fp->_flags = flags;
355   fp->_file = fd;
356   fp->_cookie = fp;
357   fp->_read = __sread;
358   fp->_write = __swrite;
359   fp->_close = __sclose;
360   _EXT(fp)->_seek64 = __sseek64;
361 
362   // For append mode, even though we use O_APPEND, we need to seek to the end now.
363   if ((mode_flags & O_APPEND) != 0) __sseek64(fp, 0, SEEK_END);
364   return fp;
365 }
366 __strong_alias(freopen64, freopen);
367 
fclose(FILE * fp)368 int fclose(FILE* fp) {
369   CHECK_FP(fp);
370   if (fp->_flags == 0) {
371     // Already freed!
372     errno = EBADF;
373     return EOF;
374   }
375 
376   ScopedFileLock sfl(fp);
377   WCIO_FREE(fp);
378   int r = fp->_flags & __SWR ? __sflush(fp) : 0;
379   if (fp->_close != nullptr && (*fp->_close)(fp->_cookie) < 0) {
380     r = EOF;
381   }
382   if (fp->_flags & __SMBF) free(fp->_bf._base);
383   if (HASUB(fp)) FREEUB(fp);
384   free_fgetln_buffer(fp);
385 
386   // Poison this FILE so accesses after fclose will be obvious.
387   fp->_file = -1;
388   fp->_r = fp->_w = 0;
389 
390   // Release this FILE for reuse.
391   fp->_flags = 0;
392   return r;
393 }
394 
fileno_unlocked(FILE * fp)395 int fileno_unlocked(FILE* fp) {
396   CHECK_FP(fp);
397   int fd = fp->_file;
398   if (fd == -1) {
399     errno = EBADF;
400     return -1;
401   }
402   return fd;
403 }
404 
fileno(FILE * fp)405 int fileno(FILE* fp) {
406   CHECK_FP(fp);
407   ScopedFileLock sfl(fp);
408   return fileno_unlocked(fp);
409 }
410 
clearerr_unlocked(FILE * fp)411 void clearerr_unlocked(FILE* fp) {
412   return __sclearerr(fp);
413 }
414 
clearerr(FILE * fp)415 void clearerr(FILE* fp) {
416   CHECK_FP(fp);
417   ScopedFileLock sfl(fp);
418   clearerr_unlocked(fp);
419 }
420 
feof_unlocked(FILE * fp)421 int feof_unlocked(FILE* fp) {
422   CHECK_FP(fp);
423   return ((fp->_flags & __SEOF) != 0);
424 }
425 
feof(FILE * fp)426 int feof(FILE* fp) {
427   CHECK_FP(fp);
428   ScopedFileLock sfl(fp);
429   return feof_unlocked(fp);
430 }
431 
ferror_unlocked(FILE * fp)432 int ferror_unlocked(FILE* fp) {
433   CHECK_FP(fp);
434   return __sferror(fp);
435 }
436 
ferror(FILE * fp)437 int ferror(FILE* fp) {
438   CHECK_FP(fp);
439   ScopedFileLock sfl(fp);
440   return ferror_unlocked(fp);
441 }
442 
__sflush(FILE * fp)443 int __sflush(FILE* fp) {
444   // Flushing a read-only file is a no-op.
445   if ((fp->_flags & __SWR) == 0) return 0;
446 
447   // Flushing a file without a buffer is a no-op.
448   unsigned char* p = fp->_bf._base;
449   if (p == nullptr) return 0;
450 
451   // Set these immediately to avoid problems with longjmp and to allow
452   // exchange buffering (via setvbuf) in user write function.
453   int n = fp->_p - p;
454   fp->_p = p;
455   fp->_w = (fp->_flags & (__SLBF|__SNBF)) ? 0 : fp->_bf._size;
456 
457   while (n > 0) {
458     int written = (*fp->_write)(fp->_cookie, reinterpret_cast<char*>(p), n);
459     if (written <= 0) {
460       fp->_flags |= __SERR;
461       return EOF;
462     }
463     n -= written, p += written;
464   }
465   return 0;
466 }
467 
__sflush_locked(FILE * fp)468 int __sflush_locked(FILE* fp) {
469   ScopedFileLock sfl(fp);
470   return __sflush(fp);
471 }
472 
__sread(void * cookie,char * buf,int n)473 int __sread(void* cookie, char* buf, int n) {
474   FILE* fp = reinterpret_cast<FILE*>(cookie);
475   return TEMP_FAILURE_RETRY(read(fp->_file, buf, n));
476 }
477 
__swrite(void * cookie,const char * buf,int n)478 int __swrite(void* cookie, const char* buf, int n) {
479   FILE* fp = reinterpret_cast<FILE*>(cookie);
480   return TEMP_FAILURE_RETRY(write(fp->_file, buf, n));
481 }
482 
__sseek(void * cookie,fpos_t offset,int whence)483 fpos_t __sseek(void* cookie, fpos_t offset, int whence) {
484   FILE* fp = reinterpret_cast<FILE*>(cookie);
485   return TEMP_FAILURE_RETRY(lseek(fp->_file, offset, whence));
486 }
487 
__sseek64(void * cookie,off64_t offset,int whence)488 off64_t __sseek64(void* cookie, off64_t offset, int whence) {
489   FILE* fp = reinterpret_cast<FILE*>(cookie);
490   return TEMP_FAILURE_RETRY(lseek64(fp->_file, offset, whence));
491 }
492 
__sclose(void * cookie)493 int __sclose(void* cookie) {
494   FILE* fp = reinterpret_cast<FILE*>(cookie);
495   return close(fp->_file);
496 }
497 
__seek_unlocked(FILE * fp,off64_t offset,int whence)498 static off64_t __seek_unlocked(FILE* fp, off64_t offset, int whence) {
499   // Use `_seek64` if set, but fall back to `_seek`.
500   if (_EXT(fp)->_seek64 != nullptr) {
501     return (*_EXT(fp)->_seek64)(fp->_cookie, offset, whence);
502   } else if (fp->_seek != nullptr) {
503     off64_t result = (*fp->_seek)(fp->_cookie, offset, whence);
504 #if !defined(__LP64__)
505     // Avoid sign extension if off64_t is larger than off_t.
506     if (result != -1) result &= 0xffffffff;
507 #endif
508     return result;
509   } else {
510     errno = ESPIPE;
511     return -1;
512   }
513 }
514 
__ftello64_unlocked(FILE * fp)515 static off64_t __ftello64_unlocked(FILE* fp) {
516   // Find offset of underlying I/O object, then adjust for buffered bytes.
517   __sflush(fp);  // May adjust seek offset on append stream.
518 
519   off64_t result = __seek_unlocked(fp, 0, SEEK_CUR);
520   if (result == -1) {
521     return -1;
522   }
523 
524   if (fp->_flags & __SRD) {
525     // Reading.  Any unread characters (including
526     // those from ungetc) cause the position to be
527     // smaller than that in the underlying object.
528     result -= fp->_r;
529     if (HASUB(fp)) result -= fp->_ur;
530   } else if (fp->_flags & __SWR && fp->_p != nullptr) {
531     // Writing.  Any buffered characters cause the
532     // position to be greater than that in the
533     // underlying object.
534     result += fp->_p - fp->_bf._base;
535   }
536   return result;
537 }
538 
__fseeko64(FILE * fp,off64_t offset,int whence,int off_t_bits)539 int __fseeko64(FILE* fp, off64_t offset, int whence, int off_t_bits) {
540   ScopedFileLock sfl(fp);
541 
542   // Change any SEEK_CUR to SEEK_SET, and check `whence` argument.
543   // After this, whence is either SEEK_SET or SEEK_END.
544   if (whence == SEEK_CUR) {
545     fpos64_t current_offset = __ftello64_unlocked(fp);
546     if (current_offset == -1) {
547       return -1;
548     }
549     offset += current_offset;
550     whence = SEEK_SET;
551   } else if (whence != SEEK_SET && whence != SEEK_END) {
552     errno = EINVAL;
553     return -1;
554   }
555 
556   // If our caller has a 32-bit interface, refuse to go past a 32-bit file offset.
557   if (off_t_bits == 32 && offset > LONG_MAX) {
558     errno = EOVERFLOW;
559     return -1;
560   }
561 
562   if (fp->_bf._base == nullptr) __smakebuf(fp);
563 
564   // Flush unwritten data and attempt the seek.
565   if (__sflush(fp) || __seek_unlocked(fp, offset, whence) == -1) {
566     return -1;
567   }
568 
569   // Success: clear EOF indicator and discard ungetc() data.
570   if (HASUB(fp)) FREEUB(fp);
571   fp->_p = fp->_bf._base;
572   fp->_r = 0;
573   /* fp->_w = 0; */	/* unnecessary (I think...) */
574   fp->_flags &= ~__SEOF;
575   return 0;
576 }
577 
fseeko(FILE * fp,off_t offset,int whence)578 int fseeko(FILE* fp, off_t offset, int whence) {
579   CHECK_FP(fp);
580   static_assert(sizeof(off_t) == sizeof(long), "sizeof(off_t) != sizeof(long)");
581   return __fseeko64(fp, offset, whence, 8*sizeof(off_t));
582 }
583 __strong_alias(fseek, fseeko);
584 
fseeko64(FILE * fp,off64_t offset,int whence)585 int fseeko64(FILE* fp, off64_t offset, int whence) {
586   CHECK_FP(fp);
587   return __fseeko64(fp, offset, whence, 8*sizeof(off64_t));
588 }
589 
fsetpos(FILE * fp,const fpos_t * pos)590 int fsetpos(FILE* fp, const fpos_t* pos) {
591   CHECK_FP(fp);
592   return fseeko(fp, *pos, SEEK_SET);
593 }
594 
fsetpos64(FILE * fp,const fpos64_t * pos)595 int fsetpos64(FILE* fp, const fpos64_t* pos) {
596   CHECK_FP(fp);
597   return fseeko64(fp, *pos, SEEK_SET);
598 }
599 
ftello(FILE * fp)600 off_t ftello(FILE* fp) {
601   CHECK_FP(fp);
602   static_assert(sizeof(off_t) == sizeof(long), "sizeof(off_t) != sizeof(long)");
603   off64_t result = ftello64(fp);
604   if (result > LONG_MAX) {
605     errno = EOVERFLOW;
606     return -1;
607   }
608   return result;
609 }
610 __strong_alias(ftell, ftello);
611 
ftello64(FILE * fp)612 off64_t ftello64(FILE* fp) {
613   CHECK_FP(fp);
614   ScopedFileLock sfl(fp);
615   return __ftello64_unlocked(fp);
616 }
617 
fgetpos(FILE * fp,fpos_t * pos)618 int fgetpos(FILE* fp, fpos_t* pos) {
619   CHECK_FP(fp);
620   *pos = ftello(fp);
621   return (*pos == -1) ? -1 : 0;
622 }
623 
fgetpos64(FILE * fp,fpos64_t * pos)624 int fgetpos64(FILE* fp, fpos64_t* pos) {
625   CHECK_FP(fp);
626   *pos = ftello64(fp);
627   return (*pos == -1) ? -1 : 0;
628 }
629 
__funopen(const void * cookie,int (* read_fn)(void *,char *,int),int (* write_fn)(void *,const char *,int),int (* close_fn)(void *))630 static FILE* __funopen(const void* cookie,
631                        int (*read_fn)(void*, char*, int),
632                        int (*write_fn)(void*, const char*, int),
633                        int (*close_fn)(void*)) {
634   if (read_fn == nullptr && write_fn == nullptr) {
635     errno = EINVAL;
636     return nullptr;
637   }
638 
639   FILE* fp = __sfp();
640   if (fp == nullptr) return nullptr;
641 
642   if (read_fn != nullptr && write_fn != nullptr) {
643     fp->_flags = __SRW;
644   } else if (read_fn != nullptr) {
645     fp->_flags = __SRD;
646   } else if (write_fn != nullptr) {
647     fp->_flags = __SWR;
648   }
649 
650   fp->_file = -1;
651   fp->_cookie = const_cast<void*>(cookie); // The funopen(3) API is incoherent.
652   fp->_read = read_fn;
653   fp->_write = write_fn;
654   fp->_close = close_fn;
655 
656   return fp;
657 }
658 
funopen(const void * cookie,int (* read_fn)(void *,char *,int),int (* write_fn)(void *,const char *,int),fpos_t (* seek_fn)(void *,fpos_t,int),int (* close_fn)(void *))659 FILE* funopen(const void* cookie,
660               int (*read_fn)(void*, char*, int),
661               int (*write_fn)(void*, const char*, int),
662               fpos_t (*seek_fn)(void*, fpos_t, int),
663               int (*close_fn)(void*)) {
664   FILE* fp = __funopen(cookie, read_fn, write_fn, close_fn);
665   if (fp != nullptr) {
666     fp->_seek = seek_fn;
667   }
668   return fp;
669 }
670 
funopen64(const void * cookie,int (* read_fn)(void *,char *,int),int (* write_fn)(void *,const char *,int),fpos64_t (* seek_fn)(void *,fpos64_t,int),int (* close_fn)(void *))671 FILE* funopen64(const void* cookie,
672                 int (*read_fn)(void*, char*, int),
673                 int (*write_fn)(void*, const char*, int),
674                 fpos64_t (*seek_fn)(void*, fpos64_t, int),
675                 int (*close_fn)(void*)) {
676   FILE* fp = __funopen(cookie, read_fn, write_fn, close_fn);
677   if (fp != nullptr) {
678     _EXT(fp)->_seek64 = seek_fn;
679   }
680   return fp;
681 }
682 
asprintf(char ** s,const char * fmt,...)683 int asprintf(char** s, const char* fmt, ...) {
684   PRINTF_IMPL(vasprintf(s, fmt, ap));
685 }
686 
ctermid(char * s)687 char* ctermid(char* s) {
688   return s ? strcpy(s, _PATH_TTY) : const_cast<char*>(_PATH_TTY);
689 }
690 
dprintf(int fd,const char * fmt,...)691 int dprintf(int fd, const char* fmt, ...) {
692   PRINTF_IMPL(vdprintf(fd, fmt, ap));
693 }
694 
fprintf(FILE * fp,const char * fmt,...)695 int fprintf(FILE* fp, const char* fmt, ...) {
696   CHECK_FP(fp);
697   PRINTF_IMPL(vfprintf(fp, fmt, ap));
698 }
699 
fgetc(FILE * fp)700 int fgetc(FILE* fp) {
701   CHECK_FP(fp);
702   return getc(fp);
703 }
704 
fgetc_unlocked(FILE * fp)705 int fgetc_unlocked(FILE* fp) {
706   CHECK_FP(fp);
707   return getc_unlocked(fp);
708 }
709 
710 /*
711  * Read at most n-1 characters from the given file.
712  * Stop when a newline has been read, or the count runs out.
713  * Return first argument, or NULL if no characters were read.
714  * Do not return NULL if n == 1.
715  */
fgets(char * buf,int n,FILE * fp)716 char* fgets(char* buf, int n, FILE* fp) {
717   CHECK_FP(fp);
718   ScopedFileLock sfl(fp);
719   return fgets_unlocked(buf, n, fp);
720 }
721 
fgets_unlocked(char * buf,int n,FILE * fp)722 char* fgets_unlocked(char* buf, int n, FILE* fp) {
723   if (n <= 0) {
724     errno = EINVAL;
725     return nullptr;
726   }
727 
728   _SET_ORIENTATION(fp, -1);
729 
730   char* s = buf;
731   n--; // Leave space for NUL.
732   while (n != 0) {
733     // If the buffer is empty, refill it.
734     if (fp->_r <= 0) {
735       if (__srefill(fp)) {
736         // EOF/error: stop with partial or no line.
737         if (s == buf) return nullptr;
738         break;
739       }
740     }
741     size_t len = fp->_r;
742     unsigned char* p = fp->_p;
743 
744     // Scan through at most n bytes of the current buffer,
745     // looking for '\n'.  If found, copy up to and including
746     // newline, and stop.  Otherwise, copy entire chunk and loop.
747     if (len > static_cast<size_t>(n)) len = n;
748     unsigned char* t = static_cast<unsigned char*>(memchr(p, '\n', len));
749     if (t != nullptr) {
750       len = ++t - p;
751       fp->_r -= len;
752       fp->_p = t;
753       memcpy(s, p, len);
754       s[len] = '\0';
755       return buf;
756     }
757     fp->_r -= len;
758     fp->_p += len;
759     memcpy(s, p, len);
760     s += len;
761     n -= len;
762   }
763   *s = '\0';
764   return buf;
765 }
766 
fputc(int c,FILE * fp)767 int fputc(int c, FILE* fp) {
768   CHECK_FP(fp);
769   return putc(c, fp);
770 }
771 
fputc_unlocked(int c,FILE * fp)772 int fputc_unlocked(int c, FILE* fp) {
773   CHECK_FP(fp);
774   return putc_unlocked(c, fp);
775 }
776 
fputs(const char * s,FILE * fp)777 int fputs(const char* s, FILE* fp) {
778   CHECK_FP(fp);
779   ScopedFileLock sfl(fp);
780   return fputs_unlocked(s, fp);
781 }
782 
fputs_unlocked(const char * s,FILE * fp)783 int fputs_unlocked(const char* s, FILE* fp) {
784   CHECK_FP(fp);
785   size_t length = strlen(s);
786   return (fwrite_unlocked(s, 1, length, fp) == length) ? 0 : EOF;
787 }
788 
fscanf(FILE * fp,const char * fmt,...)789 int fscanf(FILE* fp, const char* fmt, ...) {
790   CHECK_FP(fp);
791   PRINTF_IMPL(vfscanf(fp, fmt, ap));
792 }
793 
fwprintf(FILE * fp,const wchar_t * fmt,...)794 int fwprintf(FILE* fp, const wchar_t* fmt, ...) {
795   CHECK_FP(fp);
796   PRINTF_IMPL(vfwprintf(fp, fmt, ap));
797 }
798 
fwscanf(FILE * fp,const wchar_t * fmt,...)799 int fwscanf(FILE* fp, const wchar_t* fmt, ...) {
800   CHECK_FP(fp);
801   PRINTF_IMPL(vfwscanf(fp, fmt, ap));
802 }
803 
getc(FILE * fp)804 int getc(FILE* fp) {
805   CHECK_FP(fp);
806   ScopedFileLock sfl(fp);
807   return getc_unlocked(fp);
808 }
809 
getc_unlocked(FILE * fp)810 int getc_unlocked(FILE* fp) {
811   CHECK_FP(fp);
812   return __sgetc(fp);
813 }
814 
getchar_unlocked()815 int getchar_unlocked() {
816   return getc_unlocked(stdin);
817 }
818 
getchar()819 int getchar() {
820   return getc(stdin);
821 }
822 
getline(char ** buf,size_t * len,FILE * fp)823 ssize_t getline(char** buf, size_t* len, FILE* fp) {
824   CHECK_FP(fp);
825   return getdelim(buf, len, '\n', fp);
826 }
827 
getwc(FILE * fp)828 wint_t getwc(FILE* fp) {
829   CHECK_FP(fp);
830   return fgetwc(fp);
831 }
832 
getwchar()833 wint_t getwchar() {
834   return fgetwc(stdin);
835 }
836 
perror(const char * msg)837 void perror(const char* msg) {
838   if (msg == nullptr) msg = "";
839   fprintf(stderr, "%s%s%s\n", msg, (*msg == '\0') ? "" : ": ", strerror(errno));
840 }
841 
printf(const char * fmt,...)842 int printf(const char* fmt, ...) {
843   PRINTF_IMPL(vfprintf(stdout, fmt, ap));
844 }
845 
putc(int c,FILE * fp)846 int putc(int c, FILE* fp) {
847   CHECK_FP(fp);
848   ScopedFileLock sfl(fp);
849   return putc_unlocked(c, fp);
850 }
851 
putc_unlocked(int c,FILE * fp)852 int putc_unlocked(int c, FILE* fp) {
853   CHECK_FP(fp);
854   if (cantwrite(fp)) {
855     errno = EBADF;
856     return EOF;
857   }
858   _SET_ORIENTATION(fp, -1);
859   if (--fp->_w >= 0 || (fp->_w >= fp->_lbfsize && c != '\n')) {
860     return (*fp->_p++ = c);
861   }
862   return (__swbuf(c, fp));
863 }
864 
putchar(int c)865 int putchar(int c) {
866   return putc(c, stdout);
867 }
868 
putchar_unlocked(int c)869 int putchar_unlocked(int c) {
870   return putc_unlocked(c, stdout);
871 }
872 
puts(const char * s)873 int puts(const char* s) {
874   size_t length = strlen(s);
875   ScopedFileLock sfl(stdout);
876   return (fwrite_unlocked(s, 1, length, stdout) == length &&
877           putc_unlocked('\n', stdout) != EOF) ? 0 : EOF;
878 }
879 
putwc(wchar_t wc,FILE * fp)880 wint_t putwc(wchar_t wc, FILE* fp) {
881   CHECK_FP(fp);
882   return fputwc(wc, fp);
883 }
884 
putwchar(wchar_t wc)885 wint_t putwchar(wchar_t wc) {
886   return fputwc(wc, stdout);
887 }
888 
remove(const char * path)889 int remove(const char* path) {
890   if (unlink(path) != -1) return 0;
891   if (errno != EISDIR) return -1;
892   return rmdir(path);
893 }
894 
rewind(FILE * fp)895 void rewind(FILE* fp) {
896   CHECK_FP(fp);
897   ScopedFileLock sfl(fp);
898   fseek(fp, 0, SEEK_SET);
899   clearerr_unlocked(fp);
900 }
901 
scanf(const char * fmt,...)902 int scanf(const char* fmt, ...) {
903   PRINTF_IMPL(vfscanf(stdin, fmt, ap));
904 }
905 
setbuf(FILE * fp,char * buf)906 void setbuf(FILE* fp, char* buf) {
907   CHECK_FP(fp);
908   setbuffer(fp, buf, BUFSIZ);
909 }
910 
setbuffer(FILE * fp,char * buf,int size)911 void setbuffer(FILE* fp, char* buf, int size) {
912   CHECK_FP(fp);
913   setvbuf(fp, buf, buf ? _IOFBF : _IONBF, size);
914 }
915 
setlinebuf(FILE * fp)916 int setlinebuf(FILE* fp) {
917   CHECK_FP(fp);
918   return setvbuf(fp, nullptr, _IOLBF, 0);
919 }
920 
snprintf(char * s,size_t n,const char * fmt,...)921 int snprintf(char* s, size_t n, const char* fmt, ...) {
922   PRINTF_IMPL(vsnprintf(s, n, fmt, ap));
923 }
924 
sprintf(char * s,const char * fmt,...)925 int sprintf(char* s, const char* fmt, ...) {
926   PRINTF_IMPL(vsprintf(s, fmt, ap));
927 }
928 
sscanf(const char * s,const char * fmt,...)929 int sscanf(const char* s, const char* fmt, ...) {
930   PRINTF_IMPL(vsscanf(s, fmt, ap));
931 }
932 
swprintf(wchar_t * s,size_t n,const wchar_t * fmt,...)933 int swprintf(wchar_t* s, size_t n, const wchar_t* fmt, ...) {
934   PRINTF_IMPL(vswprintf(s, n, fmt, ap));
935 }
936 
swscanf(const wchar_t * s,const wchar_t * fmt,...)937 int swscanf(const wchar_t* s, const wchar_t* fmt, ...) {
938   PRINTF_IMPL(vswscanf(s, fmt, ap));
939 }
940 
vfprintf(FILE * fp,const char * fmt,va_list ap)941 int vfprintf(FILE* fp, const char* fmt, va_list ap) {
942   ScopedFileLock sfl(fp);
943   return __vfprintf(fp, fmt, ap);
944 }
945 
vfscanf(FILE * fp,const char * fmt,va_list ap)946 int vfscanf(FILE* fp, const char* fmt, va_list ap) {
947   ScopedFileLock sfl(fp);
948   return __svfscanf(fp, fmt, ap);
949 }
950 
vfwprintf(FILE * fp,const wchar_t * fmt,va_list ap)951 int vfwprintf(FILE* fp, const wchar_t* fmt, va_list ap) {
952   ScopedFileLock sfl(fp);
953   return __vfwprintf(fp, fmt, ap);
954 }
955 
vfwscanf(FILE * fp,const wchar_t * fmt,va_list ap)956 int vfwscanf(FILE* fp, const wchar_t* fmt, va_list ap) {
957   ScopedFileLock sfl(fp);
958   return __vfwscanf(fp, fmt, ap);
959 }
960 
vprintf(const char * fmt,va_list ap)961 int vprintf(const char* fmt, va_list ap) {
962   return vfprintf(stdout, fmt, ap);
963 }
964 
vscanf(const char * fmt,va_list ap)965 int vscanf(const char* fmt, va_list ap) {
966   return vfscanf(stdin, fmt, ap);
967 }
968 
vsnprintf(char * s,size_t n,const char * fmt,va_list ap)969 int vsnprintf(char* s, size_t n, const char* fmt, va_list ap) {
970   // stdio internals use int rather than size_t.
971   static_assert(INT_MAX <= SSIZE_MAX, "SSIZE_MAX too large to fit in int");
972 
973   __check_count("vsnprintf", "size", n);
974 
975   // Stdio internals do not deal correctly with zero length buffer.
976   char dummy;
977   if (n == 0) {
978     s = &dummy;
979     n = 1;
980   }
981 
982   FILE f;
983   __sfileext fext;
984   _FILEEXT_SETUP(&f, &fext);
985   f._file = -1;
986   f._flags = __SWR | __SSTR;
987   f._bf._base = f._p = reinterpret_cast<unsigned char*>(s);
988   f._bf._size = f._w = n - 1;
989 
990   int result = __vfprintf(&f, fmt, ap);
991   *f._p = '\0';
992   return result;
993 }
994 
vsprintf(char * s,const char * fmt,va_list ap)995 int vsprintf(char* s, const char* fmt, va_list ap) {
996   return vsnprintf(s, SSIZE_MAX, fmt, ap);
997 }
998 
vwprintf(const wchar_t * fmt,va_list ap)999 int vwprintf(const wchar_t* fmt, va_list ap) {
1000   return vfwprintf(stdout, fmt, ap);
1001 }
1002 
vwscanf(const wchar_t * fmt,va_list ap)1003 int vwscanf(const wchar_t* fmt, va_list ap) {
1004   return vfwscanf(stdin, fmt, ap);
1005 }
1006 
wprintf(const wchar_t * fmt,...)1007 int wprintf(const wchar_t* fmt, ...) {
1008   PRINTF_IMPL(vfwprintf(stdout, fmt, ap));
1009 }
1010 
wscanf(const wchar_t * fmt,...)1011 int wscanf(const wchar_t* fmt, ...) {
1012   PRINTF_IMPL(vfwscanf(stdin, fmt, ap));
1013 }
1014 
fflush_all()1015 static int fflush_all() {
1016   return _fwalk(__sflush_locked);
1017 }
1018 
fflush(FILE * fp)1019 int fflush(FILE* fp) {
1020   if (fp == nullptr) return fflush_all();
1021   ScopedFileLock sfl(fp);
1022   return fflush_unlocked(fp);
1023 }
1024 
fflush_unlocked(FILE * fp)1025 int fflush_unlocked(FILE* fp) {
1026   if (fp == nullptr) return fflush_all();
1027   if ((fp->_flags & (__SWR | __SRW)) == 0) {
1028     errno = EBADF;
1029     return EOF;
1030   }
1031   return __sflush(fp);
1032 }
1033 
fread(void * buf,size_t size,size_t count,FILE * fp)1034 size_t fread(void* buf, size_t size, size_t count, FILE* fp) {
1035   CHECK_FP(fp);
1036   ScopedFileLock sfl(fp);
1037   return fread_unlocked(buf, size, count, fp);
1038 }
1039 
fread_unlocked(void * buf,size_t size,size_t count,FILE * fp)1040 size_t fread_unlocked(void* buf, size_t size, size_t count, FILE* fp) {
1041   CHECK_FP(fp);
1042 
1043   size_t desired_total;
1044   if (__builtin_mul_overflow(size, count, &desired_total)) {
1045     errno = EOVERFLOW;
1046     fp->_flags |= __SERR;
1047     return 0;
1048   }
1049 
1050   size_t total = desired_total;
1051   if (total == 0) return 0;
1052 
1053   _SET_ORIENTATION(fp, -1);
1054 
1055   // TODO: how can this ever happen?!
1056   if (fp->_r < 0) fp->_r = 0;
1057 
1058   // Ensure _bf._size is valid.
1059   if (fp->_bf._base == nullptr) __smakebuf(fp);
1060 
1061   char* dst = static_cast<char*>(buf);
1062 
1063   while (total > 0) {
1064     // Copy data out of the buffer.
1065     size_t buffered_bytes = MIN(static_cast<size_t>(fp->_r), total);
1066     memcpy(dst, fp->_p, buffered_bytes);
1067     fp->_p += buffered_bytes;
1068     fp->_r -= buffered_bytes;
1069     dst += buffered_bytes;
1070     total -= buffered_bytes;
1071 
1072     // Are we done?
1073     if (total == 0) goto out;
1074 
1075     // Do we have so much more to read that we should avoid copying it through the buffer?
1076     if (total > static_cast<size_t>(fp->_bf._size)) break;
1077 
1078     // Less than a buffer to go, so refill the buffer and go around the loop again.
1079     if (__srefill(fp)) goto out;
1080   }
1081 
1082   // Read directly into the caller's buffer.
1083   while (total > 0) {
1084     ssize_t bytes_read = (*fp->_read)(fp->_cookie, dst, total);
1085     if (bytes_read <= 0) {
1086       fp->_flags |= (bytes_read == 0) ? __SEOF : __SERR;
1087       break;
1088     }
1089     dst += bytes_read;
1090     total -= bytes_read;
1091   }
1092 
1093 out:
1094   return ((desired_total - total) / size);
1095 }
1096 
fwrite(const void * buf,size_t size,size_t count,FILE * fp)1097 size_t fwrite(const void* buf, size_t size, size_t count, FILE* fp) {
1098   CHECK_FP(fp);
1099   ScopedFileLock sfl(fp);
1100   return fwrite_unlocked(buf, size, count, fp);
1101 }
1102 
fwrite_unlocked(const void * buf,size_t size,size_t count,FILE * fp)1103 size_t fwrite_unlocked(const void* buf, size_t size, size_t count, FILE* fp) {
1104   CHECK_FP(fp);
1105 
1106   size_t n;
1107   if (__builtin_mul_overflow(size, count, &n)) {
1108     errno = EOVERFLOW;
1109     fp->_flags |= __SERR;
1110     return 0;
1111   }
1112 
1113   if (n == 0) return 0;
1114 
1115   __siov iov = { .iov_base = const_cast<void*>(buf), .iov_len = n };
1116   __suio uio = { .uio_iov = &iov, .uio_iovcnt = 1, .uio_resid = n };
1117 
1118   _SET_ORIENTATION(fp, -1);
1119 
1120   // The usual case is success (__sfvwrite returns 0); skip the divide if this happens,
1121   // since divides are generally slow.
1122   return (__sfvwrite(fp, &uio) == 0) ? count : ((n - uio.uio_resid) / size);
1123 }
1124 
1125 namespace {
1126 
1127 namespace phony {
1128 #include <bits/struct_file.h>
1129 }
1130 
1131 static_assert(sizeof(::__sFILE) == sizeof(phony::__sFILE),
1132               "size mismatch between `struct __sFILE` implementation and public stub");
1133 static_assert(alignof(::__sFILE) == alignof(phony::__sFILE),
1134               "alignment mismatch between `struct __sFILE` implementation and public stub");
1135 
1136 }
1137