[musl] [C23 new stdlib 0/3]

[musl] [C23 new stdlib 0/3]

[Jens Gustedt]

v8, taking into account Rich's feedback

Jens Gustedt (3):
  C23: add the new interfaces free_sized and free_aligned_sized for
    stdlib.h
  C23: add the memalignment function
  C23: implement the new strfrom[dfl] functions

 dynamic.list                    |  2 ++
 include/stdlib.h                |  8 ++++++
 src/malloc/free_aligned_sized.c |  6 +++++
 src/malloc/free_sized.c         |  7 ++++++
 src/stdlib/memalignment.c       |  8 ++++++
 src/stdlib/strfromd.c           | 44 +++++++++++++++++++++++++++++++++
 6 files changed, 75 insertions(+)
 create mode 100644 src/malloc/free_aligned_sized.c
 create mode 100644 src/malloc/free_sized.c
 create mode 100644 src/stdlib/memalignment.c
 create mode 100644 src/stdlib/strfromd.c

-- 
2.34.1

[musl] [C23 new stdlib 1/3] C23: add the new interfaces free_sized and free_aligned_sized for stdlib.h

[Jens Gustedt]

For the moment, these are just trivial wrappers that ignored their
parameters other than the pointer.

The names were not previously reserved, so they could generate naming
conflicts with application code.

The "implementation" is just a trivial wrapper around free. This could
eventually replaced by implementations that are more efficient than
that.
---
 dynamic.list                    | 2 ++
 include/stdlib.h                | 2 ++
 src/malloc/free_aligned_sized.c | 6 ++++++
 src/malloc/free_sized.c         | 7 +++++++
 4 files changed, 17 insertions(+)
 create mode 100644 src/malloc/free_aligned_sized.c
 create mode 100644 src/malloc/free_sized.c

diff --git a/dynamic.list b/dynamic.list
index ee0d363b..f13db826 100644
--- a/dynamic.list
+++ b/dynamic.list
@@ -10,6 +10,8 @@ malloc;
 calloc;
 realloc;
 free;
+free_sized;
+free_aligned_sized;
 memalign;
 posix_memalign;
 aligned_alloc;
diff --git a/include/stdlib.h b/include/stdlib.h
index 037e4dc4..2f46e6aa 100644
--- a/include/stdlib.h
+++ b/include/stdlib.h
@@ -41,6 +41,8 @@ void *malloc (size_t);
 void *calloc (size_t, size_t);
 void *realloc (void *, size_t);
 void free (void *);
+void free_sized (void *, size_t);
+void free_aligned_sized (void *, size_t, size_t);
 void *aligned_alloc(size_t, size_t);
 
 __noreturn void abort (void);
diff --git a/src/malloc/free_aligned_sized.c b/src/malloc/free_aligned_sized.c
new file mode 100644
index 00000000..bdfd0cee
--- /dev/null
+++ b/src/malloc/free_aligned_sized.c
@@ -0,0 +1,6 @@
+#include <stdlib.h>
+
+void free_aligned_sized (void *p, size_t alignment, size_t size)
+{
+	free(p);
+}
diff --git a/src/malloc/free_sized.c b/src/malloc/free_sized.c
new file mode 100644
index 00000000..fbacc516
--- /dev/null
+++ b/src/malloc/free_sized.c
@@ -0,0 +1,7 @@
+#include <stdlib.h>
+
+void free_sized (void *p, size_t size)
+{
+	free(p);
+}
+
-- 
2.34.1

[musl] [C23 new stdlib 2/3] C23: add the memalignment function

[Jens Gustedt]

The name is reserved, so we don't need to protect it via a feature
macro or a weak symbol.
---
 include/stdlib.h          | 2 ++
 src/stdlib/memalignment.c | 8 ++++++++
 2 files changed, 10 insertions(+)
 create mode 100644 src/stdlib/memalignment.c

diff --git a/include/stdlib.h b/include/stdlib.h
index 2f46e6aa..10bdf7f8 100644
--- a/include/stdlib.h
+++ b/include/stdlib.h
@@ -180,6 +180,8 @@ typedef int once_flag;
 void call_once(once_flag *, void (*)(void));
 #endif
 
+size_t memalignment(const void *);
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/src/stdlib/memalignment.c b/src/stdlib/memalignment.c
new file mode 100644
index 00000000..0f87c71b
--- /dev/null
+++ b/src/stdlib/memalignment.c
@@ -0,0 +1,8 @@
+#include <stdlib.h>
+#include <stdint.h>
+
+size_t memalignment(const void *p)
+{
+	uintptr_t bits = (uintptr_t)p;
+	return (bits^(bits-1))&bits;
+}
-- 
2.34.1

[musl] [C23 new stdlib 3/3] C23: implement the new strfrom[dfl] functions

[Jens Gustedt]

These names had been reserved in C17, so it is not necessary to hide
these function in conditionals.

With the exception of strfroml, the implementation is direct because
format strings can be forwarded to snprintf (there is no length
modifier for float or double). For strfroml the format has to be
assembled from the received format to interlace "L".

Because compilers will probably not check their formats for these new
functions for some generations, in general this would be passing an
unsanitized dynamic format string into snprintf. So we do a relatively
simple check before hand, in particular to inhibit appearance of other
"%" specifiers in the string that could be used for attacks.
---
 include/stdlib.h      |  4 ++++
 src/stdlib/strfromd.c | 44 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 48 insertions(+)
 create mode 100644 src/stdlib/strfromd.c

diff --git a/include/stdlib.h b/include/stdlib.h
index 10bdf7f8..72522cd6 100644
--- a/include/stdlib.h
+++ b/include/stdlib.h
@@ -29,6 +29,10 @@ float strtof (const char *__restrict, char **__restrict);
 double strtod (const char *__restrict, char **__restrict);
 long double strtold (const char *__restrict, char **__restrict);
 
+int strfromd(char *restrict, size_t, const char *restrict, double);
+int strfromf(char *restrict, size_t, const char *restrict, float);
+int strfroml(char *restrict, size_t, const char *restrict, long double);
+
 long strtol (const char *__restrict, char **__restrict, int);
 unsigned long strtoul (const char *__restrict, char **__restrict, int);
 long long strtoll (const char *__restrict, char **__restrict, int);
diff --git a/src/stdlib/strfromd.c b/src/stdlib/strfromd.c
new file mode 100644
index 00000000..f5b92956
--- /dev/null
+++ b/src/stdlib/strfromd.c
@@ -0,0 +1,44 @@
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <errno.h>
+#include <limits.h>
+
+static size_t sanitize(const char*format) {
+	size_t slen = format ? strlen(format) : 0;
+	if (format[0] != '%'
+		|| (slen > 2 && format[1] != '.')
+		|| strchr(&format[1], '%')
+		|| (strspn(&format[slen-1], "aAeEfFgG") != 1)) return 0;
+	else return slen;
+}
+
+int strfromd(char *restrict s, size_t n, const char *restrict format, double fp) {
+	return sanitize(format) ? snprintf(s, n, format, fp) : -1;
+}
+
+int strfromf(char *restrict s, size_t n, const char *restrict format, float fp) {
+	return sanitize(format) ? snprintf(s, n, format, fp) : -1;
+}
+
+int strfroml(char *restrict s, size_t n, const char *restrict format, long double fp) {
+	enum { max_len = 1+sizeof "%.18446744073709551615Lg", };
+	char ff[max_len];
+	size_t slen = sanitize(format);
+	if (!slen) return -1;
+	if (slen < max_len-2) {
+		memcpy(ff, format, slen-1);
+		ff[slen-1] = 'L';
+		ff[slen] = format[slen-1];
+		ff[slen+1] = 0;
+	} else {
+		// If the precision is unreasonably long, fallback to
+		// strtoull to parse it, and squeeze it into a
+		// reasonable length, if possible.
+		int eback = errno;
+		unsigned long long prec = strtoull(format+2, NULL, 10);
+		if (prec == ULLONG_MAX) errno = eback;
+		snprintf(ff, max_len, "%%.%lldL%c", prec, format[slen-1]);
+	}
+	return snprintf(s, n, ff, fp);
+}
-- 
2.34.1