* lib/extendbuf.c (xextendbuf): New function; extends the buffer,
but calls xalloc_die on failure. On the the other hand, extendbuf
returns NULL on failure.
(decide_size): If wanted>SIZE_MAX/2, return wanted. This means
that for very large buffers, performance on repeated extension
degrades from linear to quadratic (instead of just failing at that
point, as before).
* lib/savedirinfo.c (xsavedir): Use xextendbuf rather than
extendbuf, now that there is a difference in semantics.
* find/fstype.c (get_mounted_filesystems): If extendbuf returns
NULL, fail (by returning NULL ourselves).
(get_mounted_devices): Likewise.
Signed-off-by: James Youngman <jay@gnu.org>
* lib/regexprops.c: Include "progname.h". Update function
defintions to have a newline before the function name (to comply
with the GNU coding standard). Use set_program_name.
* lib/listfile.c: #include "areadlink.h" but not "dircallback.h",
since we no longer need to use get_link_name_at.
(get_link_name_at): Delete.
(get_link_name_cb): Delete.
(get_link_name): Delete.
* lib/listfile.h: Remove declaration of get_link_name_at.
* find/pred.c (match_lname): Use areadlinkat instead of
get_link_name_at.
Signed-off-by: James Youngman <jay@gnu.org>
Fix open_cloexec on hosts which ignore O_CLOEXEC (i.e. old kernels).
* lib/fdleak.c (o_cloexec_works): New function, detects whether
the open flag O_CLOEXEC has any effect.
(open_cloexec): Call o_cloexec_works, just once, to find out
whether O_CLOEXEC is effective. If not, set the close-on-exec
flag on fds by calling set_cloexec_flag.
Signed-off-by: James Youngman <jay@gnu.org>
Signed-off-by: James Youngman <jay@gnu.org>
* lib/fdleak.h: Correct the format of the copyright statement.
* po/vi.po: Likewise.
* lib/safe-atoi.h: Likewise.
* locate/locate.c: Likewise.
* po/ca.po: Likewise.
* po/gl.po: Likewise.
* po/fi.po: Likewise.
* po/it.po: Likewise.
* po/findutils.pot: Fill in the boilerplate in the header.
Signed-off-by: James Youngman <jay@gnu.org>
Avoid using magic numbers as exit statuses.
* cfg.mk (skip_defer): Enable sc_prohibit_magic_number_exit.
* doc/find-maint.texi (Security): Avoid error (1, ...) in the
example patch.
* find/find.c (main): Use exit status EXIT_FAILURE instead of 1.
(wd_sanity_check): Likewise.
(safely_chdir_lstat): Likewise.
(process_dir): Likewise.
* find/fstype.c (must_read_fs_list): Likewise.
* find/ftsfind.c (main): Likewise.
(main): Likewise.
* find/parser.c (check_option_combinations): Use exit status
EXIT_FAILURE instead of 1.
(parse_group): Likewise.
(parse_help): Use exit status EXIT_SUCCESS instead of 0.
(parse_version): Likewise.
(fnmatch_sanitycheck): Use exit status EXIT_FAILURE instead of 1.
(insert_depthspec): Likewise.
(parse_newerXY): Likewise.
(non_posix_mode): Likewise.
(parse_perm): Likewise.
(insert_regex): Likewise.
(parse_size): Likewise.
(parse_show_control_chars): Likewise.
(parse_used): Likewise.
(parse_user): Likewise.
(parse_context): Likewise.
(insert_type): Likewise.
(insert_fprintf): Likewise.
(make_segment): Likewise.
(check_path_safety): Likewise.
(new_insert_exec_ok): Likewise.
(get_relative_timestamp): Likewise.
(parse_time): Likewise.
* find/tree.c (get_expr): Use exit status EXIT_FAILURE instead of 1.
(scan_rest): Likewise.
(get_pred_cost): Likewise.
(get_pred_cost): Likewise.
(build_expression_tree): Likewise.
(get_new_pred_chk_op): Likewise.
* find/pred.c (launch): Use exit status EXIT_FAILURE instead of 1.
* find/util.c (process_debug_options): Use exit status
EXIT_SUCCESS instead of 0.
(process_optimisation_option): Use exit status EXIT_FAILURE
instead of 1.
(set_option_defaults): Likewise.
* lib/buildcmd.c (exceeds): Likewise.
(bc_do_exec): Likewise.
(bc_push_arg): Likewise.
* lib/nextelem.c: Remove test code.
* lib/safe-atoi.c (safe_atoi): Use exit status EXIT_FAILURE
instead of 1.
* lib/regextype.c (get_regex_type): Use exit status EXIT_FAILURE
instead of 1. Include <stdlib.h>, for EXIT_FAILURE.
* locate/locate.c (set_max_db_age): Use exit status EXIT_FAILURE
instead of 1.
(set_max_db_age): Likewise.
(toolong): Likewise.
(visit_locate02_format): Likewise.
(search_one_database): Likewise.
(drop_privs): Likewise.
* locate/frcode.c (get_seclevel): Use exit status EXIT_FAILURE
instead of 1.
(outerr): Likewise.
(main): Likewise.
* locate/code.c (inerr): Use exit status EXIT_FAILURE instead of
1.
(outerr): Likewise.
* locate/word_io.c (getword): Use exit status EXIT_FAILURE instead of 1.
Use named constants for xargs exit codes.
* xargs/xargs.c (child_error): Use EXIT_SUCCESS instead of 0.
(enum XargsStatusValues): introduce named constants for the
various things that cause speicific exit codes.
(enum ClientStatusValues): Also introduce named constants for the
child's exit status.
(get_char_oct_or_hex_escape): Use EXIT_FAILURE instead of 1.
(get_input_delimiter): Likewise.
(main): Likewise.
(read_line): Likewise.
(read_string): Likewise.
(print_args): Likewise.
(xargs_do_exec): Likewise.
(wait_for_proc): Likewise.
(wait_for_proc): Use enum XargsStatusValues for exit codes.
(parse_num): Use EXIT_FAILURE instead of 1.
Signed-off-by: James Youngman <jay@gnu.org>
* lib/fdleak.c (get_proc_max_fd): Use safe_atoi to do string to
int conversion, instead of sscanf. Skip '.' and '..'.
* find/util.c (set_option_defaults): Avoid false positive with
sc_prohibit_atoi_atof.
(check_nofollow): Likewise.
* cfg.mk (skip_defer): Enable the sc_prohibit_atoi_atof check.
Signed-off-by: James Youngman <jay@gnu.org>
* po/POTFILES.in: Remove dircallback.c, listfile.c.
* lib/listfile.c: Don't include libintl, since there are no
translated messages in this file.
* lib/dircallback.c: Likewise.
Signed-off-by: James Youngman <jay@gnu.org>
* find/parser.c: Include "safe-atoi.h". Remove the body of safe_atoi.
(parse_group): pass options.err_quoting_style to safe_atoi.
(insert_depthspec): Likewise.
(parse_user): Likewise.
* lib/safe-atoi.h: New file.
* lib/safe-atoi.c: New file. Add parameter for quoting style (to
avoid an external reference to the "options"struct).
* lib/Makefile.am (libfind_a_SOURCES): Add safe-atoi.c and
safe-atoi.h.
Signed-off-by: James Youngman <jay@gnu.org>
Eliminate some unused function result warnings.
* lib/unused-result.h: New file, defines function attribute macro
__attribute_warn_unused_result__.
* lib/Makefile.am (EXTRA_DIST): Add unused-result.h.
* find/ftsfind.c (find): Issue a diagnostic if fts_close fails,
change return type to bool and return false for this case. Add
__warn_unused_result__ attribute.
(process_all_startpoints): Likewise (except no need for second
diagnostic).
(main): If process_all_startpoints failed, don't do the cleanup
operations because we don't know what subdirectory we're in.
* find/util.c (fd_leak_check_is_enabled): Avoid implicit
pointer-to-int conversion.
* lib/buildcmd.c: #include <stdlib.h> for declaration of free.
Signed-off-by: James Youngman <jay@gnu.org>
* lib/regextype.c: Don't use HAVE_CONFIG_H.
* doc/find-maint.texi: Remove RCS keywords (they were in an
example security vulnerability announcement).
Signed-off-by: James Youngman <jay@gnu.org>
* NEWS: Update GFDL version.
* README-hacking: Likewise.
* doc/find-maint.texi: Likewise.
* lib/regexprops.c: Likewise (though the license being changed is the
license for the output).
Signed-off-by: James Youngman <jay@gnu.org>
* lib/fdleak.c: Include <stdarg.h> and "cloexec.h".
(open_cloexec): Support O_CREAT. Use O_CLOEXEC if it is available.
(O_CLOEXEC): #define to 0 if not already #defined.
* import-gnulib.config (modules): Import modules open (for
PROMOTED_MODE_T) and stdbool (for 'true').
* lib/fdleak.h: Update prototype of open_cloexec to allow mode to
be passed.
Signed-off-by: James Youngman <jay@gnu.org>
* configure.ac: Check for <sys/resource.h> and the getrusage
function.
* lib/fdleak.c: Don't #include <sys/resource.h> if we don't have it.
(get_max_fd): If neither /proc/self/fd not getrusage is available,
return _POSIX_OPEN_MAX.
(remember_non_cloexec_fds): Also check for leaks in file
descriptors 0, 1, 2, just in case the caller closed them.
(find_first_leaked_fd): Likewise.
(open_cloexec): Make sure we are not creating a file (for some odd
system where O_CREAT is 0).
Signed-off-by: James Youngman <jay@gnu.org>
* import-gnulib.config (gnulib_version): Update to more recent
version of gnulib. Import the cloexec module too.
* lib/fdleak.c: New file; a module for detecting file descriptor
leaks. Also define an open_cloexec() function.
* lib/fdleak.h: Declare the global functions defined in fdleak.c.
* lib/Makefile.am (libfind_a_SOURCES): Add fdleak.c and fdleak.h.
* find/find.c (main): Call remember_non_cloexec_fds in order to
detect file descriptor leaks.
(main): set FD_CLOEXEC on starting_desc.
(safely_chdir_lstat): Likewise for dotfd.
(safely_chdir_nofollow): Likewise for fd.
* find/ftsfind.c (inside_dir): set FD_CLOEXEC on curr_fd.
(main): Call remember_non_cloexec_fds in order to detect file
descriptor leaks.
(main): set FD_CLOEXEC on starting_desc.
* find/pred.c (launch): before we exec the child, call
complain_about_leaky_fds in order to complain about non-FD_CLOEXEC
file descriptors that weren't open when the program was run.
* find/sharefile.c (sharefile_fopen): Set FD_CLOEXEC on the files
we open.
* gnulib-local/lib/save-cwd.c.diff: Patch gnulib to set FD_CLOEXEC
on the file descriptors opened by save_cwd.
* gnulib-local/modules/save-cwd.diff: Hence the save-cwd module
depends on the cloexec module.
* import-gnulib.sh (run_gnulib_tool): Pass the --local-dir option
in order to apply these patches.
Signed-off-by: James Youngman <jay@gnu.org>
2009-11-29 James Youngman <jay@gnu.org>
Fix Savannah bug#27328, segfault if the initial exec for "find
-exec" fails. Also bug #27975: Infinite loop for -exec [..] {} +.
* lib/buildcmd.h (struct buildcmd_state): Introduce
largest_successful_arg_count and smallest_failed_arg_count in
order to avoid an assumption that we understand how the operatingn
system interprets ARG_MAX and the assumption that the compile-time
ARG_MAX value (or the equivalent from sysconf()) is avtually
correct.
(struct buildcmd_control): Change the calling convention of the
exec callback to allow us to pass the argument list separately.
(bc_args_exceed_testing_limit): declare this new funciton.
* lib/buildcmd.c (bc_args_complete): New function, NULL-terminates
the argv list. We use this instead of passing NULL to
bc_push_arg().
(update_limit): New function. Decides how many arguments to
pass to the invoked command on the next attempt.
(copy_args): Build an argument list containing all the initial
arguments plus some of the other args (the number to be used is
decided by update_limit).
(bc_do_exec): Avoid special-casing the first call to exec. Use
update_limit to decide how many arguments to pass and copy_args to
build the argument list. The new form of the loop should fix
Savannah bug #27328.
(bc_push_arg): Drop support for passing NULL as an argument (to
terminate the arg list we just pass in a special argument instead).
(bc_args_exceed_testing_limit): New function, returns nonzero if
the argument list exceeds a testing limit (used for failure
injection by tests).
(exceeds): New support function, implementing part of
bc_args_exceed_testing_limit.
(bc_init_state): Initialise largest_successful_arg_count and
smallest_failed_arg_count.
* find/defs.h (struct exec_val): New member last_child_status.
This stores the status of the most recently completed child.
* find/pred.c (new_impl_pred_exec): Use last_child_status.
(launch): Use the new calling convention for the exec callback.
Set last_child_status. Call bc_args_exceed_testing_limit() to do
failure injection for unit tests.
* find/util.c (do_complete_pending_execdirs): Call bc_do_exec
rather than calling launch directly in order to allow for breaking
the argument list up if it's too long.
* xargs/xargs.c (xargs_do_exec): Update to use the new caling
convention for the exec callback.
Signed-off-by: James Youngman <jay@gnu.org>
* lib/check-regexprops.sh: Portability fixes for FreeBSD (mktemp
requires an argument, dialect differences in sed regexes).
Signed-off-by: James Youngman <jay@gnu.org>
* lib/check-regexprops.sh: New test. Run regexprops as a check,
and compare its output against the contents of doc/regexprops.texi.
If there is a mismatch for regexprops.texi, save the correct version.
* lib/Makefile.am: Run check-regexprops.sh for 'make check'.
* doc/Makefile.am: don't clean regexprops.texi, and don't generate
it automatically.
* doc/regexprops.texi: add into source control.
it automatically.
* doc/.gitignore: don't ignore regexprops.texi
* lib/buildcmd.c (bc_do_exec): Declare variables at the top of the
relevant block, in order to avoid mixing declarations and
statements.
* xargs/xargs.c (main): Likewise.
* NEWS: Mention the fix for bug #22708 in the correct section.
2008-03-23 Leslie Polzer <leslie.polzer@gmx.net>
Merge Leslie Polzer's ARG_MAX enhancements to xargs which were
produced as part of the Google Summer of Code 2007.
These changes fix Savannah bug #22708.
* find/pred.c (launch): The struct buildcmd_control* argument is
no longer const.
* find/defs.h: Likewise
* lib/buildcmd.c (bc_do_insert): The struct buildcmd_control*
argument is no longer const.
(bc_push_arg): Likewise.
(cb_exec_noop): Likewise.
(get_stringv_len): New function; measures the length of
a NULL-terminated argv sequence.
(bc_do_exec): Rename from do_exec, and make global. Modify the
function to react to exec failing with E2BIG by trying again
with fewer arguments.
* xargs/xargs.1: Mention that xargs automatically adopts to the
situation where exec fails with E2BIG.
* xargs/xargs.c: (parent): New variable, the PID of the parent
process.
(main): initialise the variable 'parent'. Don't fail immediately
due to lack of space when the environment is large. Call
xargs_do_exec via bc_do_exec.
(xargs_do_exec): The struct buildcmd_control* argument is no
longer const. When exec fails in the child, communicate the
errno value back to the parent through a pipe which is
close-on-exec; this allows us to accurately determine the cause of
the failure and also to distinguish exec failures from all
possible exit codes in the child.
(wait_for_proc): If the utility cannot be found or cannot be run,
we now find out about this by reading an errno value from the
pipe, so this means that exit codes 126 and 127 in the child no
longer have a special interpretation.
* NEWS: mention these changes.
Remove "lib/wait.h", since gnulib provides <sys/wait.h>.
* lib/Makefile.am (EXTRA_DIST): Remove wait.h, since gnulib
provides it.
* lib/wait.h: Not needed.
* find/pred.c: Include <sys/wait.h> instead of "wait.h".
* lib/waitpid.c: Likewise.
* xargs/xargs.c: Likewise.
Remove unnecessary include guards.
* lib/dircallback.c: gnulib provides <locale.h>, so no need for
include guards.
* locate/locate.c: Likewise.
* lib/listfile.c: Likewise.
* lib/savedirinfo.c: Likewise with <sys/stat.h>
* find/defs.h: gnulib provides <inttypes.h>, so no need for
include guards.
* lib/nextelem.c: Likewise with <string.h> and <stdlib.h>.
* locate/bigram.c: Likewise.
* locate/frcode.c: Likewise.
* lib/buildcmd.c: Likewise with <locale.h> and <wchar.h>
* xargs/xargs.c: Likewise with <locale.h>, <wchar.h> and <stdlib.h>
* import-gnulib.config (modules): Import the mbrtowc and whchar
modules.
* lib/qmark.c (multibyte_qmark_chars): Don't surround with
HAVE_MBRTOWC, since we now have a replacement for mbrtowc.
Likewise, don't protect inclusion of <string.h> with
HAVE_STRING_H. Likewise with <wchar.h>.
(multibyte_qmark_chars): Rename to qmark_chars.
(qmark_chars): Remove old version (since it is replaced by the
function that used to be multibyte_qmark_chars).
* lib/printquoted.c: Don't include <wchar.h>, we don't need it.
Signed-off-by: James Youngman <jay@gnu.org>
Update gnulib version.
* import-gnulib.config (gpl3_update_files): No longer need to
update the licenses of build-aux/mdate-sh, build-aux/texinfo.tex
or build-aux/ylwrap as they are already GPLv3+.
(modules): Use the strdup-posix module instead of strdup, and stop
using the obsolete modules memcmp and memset, since we now assume
those functions will already be present on the host system.
* import-gnulib.sh (rehack): Be more verbose about which files
actually needed a license edit and which did not.
Follow gnulib-tool's Makefile.am edit suggestions.
* find/Makefile.am (LDADD): Use $(LIBINTL) instead of @INTLLIBS@
and use $(LIB_CLOCK_GETTIME) instead of @LIB_CLOCK_GETTIME@.
* lib/Makefile.am: Likewise.
* locate/Makefile.am: Likewise.
* xargs/Makefile.am: Likewise.
* import-gnulib.sh (hack_gnulib_tool_output): Add
m4/gnulib-cache.m4 to EXTRA_DIST in gnulib/Makefile.am, as
gnulib-tool suggests.
* find/pred.c (scan_for_digit_differences): Remove declaration of
unused local, "ok".
(do_time_format): Remove decl of "done"; replace sole use with a
constant, "true". Initialize "i" and "n".
* lib/dircallback.c: Don't include unistd.h. Not needed.
* configure.ac (DEFAULT_ARG_SIZE): Check environment for a default
size override.
* lib/buildcmd.c (bc_use_sensible_arg_max): Use default size from
configure, if requested.
* README (DEFAULT_ARG_SIZE): Mention the ability to tune this at
configure time.
* NEWS: Document the change.
