mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2024-11-10 20:31:27 +01:00
d0b7445904
The immediately obvious and attractive targets from <stdlib.h> are arc4random_buf(3) and realpath(3) -- scraping the header didn't reveal much else of interest. Reviewed by: markj Sponsored by: Klara, Inc. Sponsored by: Stormshield Differential Revision: https://reviews.freebsd.org/D45681
401 lines
13 KiB
C
401 lines
13 KiB
C
/*-
|
|
* SPDX-License-Identifier: BSD-3-Clause
|
|
*
|
|
* Copyright (c) 1990, 1993
|
|
* The Regents of the University of California. All rights reserved.
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted provided that the following conditions
|
|
* are met:
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
* notice, this list of conditions and the following disclaimer.
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
* documentation and/or other materials provided with the distribution.
|
|
* 3. Neither the name of the University nor the names of its contributors
|
|
* may be used to endorse or promote products derived from this software
|
|
* without specific prior written permission.
|
|
*
|
|
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
|
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
* SUCH DAMAGE.
|
|
*/
|
|
|
|
#ifndef _STDLIB_H_
|
|
#define _STDLIB_H_
|
|
|
|
#include <sys/cdefs.h>
|
|
#include <sys/_null.h>
|
|
#include <sys/_types.h>
|
|
|
|
__NULLABILITY_PRAGMA_PUSH
|
|
|
|
#ifndef _SIZE_T_DECLARED
|
|
typedef __size_t size_t;
|
|
#define _SIZE_T_DECLARED
|
|
#endif
|
|
|
|
#ifndef __cplusplus
|
|
#ifndef _WCHAR_T_DECLARED
|
|
typedef ___wchar_t wchar_t;
|
|
#define _WCHAR_T_DECLARED
|
|
#endif
|
|
#endif
|
|
|
|
typedef struct {
|
|
int quot; /* quotient */
|
|
int rem; /* remainder */
|
|
} div_t;
|
|
|
|
typedef struct {
|
|
long quot;
|
|
long rem;
|
|
} ldiv_t;
|
|
|
|
#define EXIT_FAILURE 1
|
|
#define EXIT_SUCCESS 0
|
|
|
|
/*
|
|
* I.e., INT_MAX; rand(3) returns a signed integer but must produce output in
|
|
* the range [0, RAND_MAX], so half of the possible output range is unused.
|
|
*/
|
|
#define RAND_MAX 0x7fffffff
|
|
|
|
#if !defined(_STANDALONE) && defined(_FORTIFY_SOURCE) && _FORTIFY_SOURCE > 0
|
|
#include <ssp/stdlib.h>
|
|
#endif
|
|
|
|
__BEGIN_DECLS
|
|
#ifdef _XLOCALE_H_
|
|
#include <xlocale/_stdlib.h>
|
|
#endif
|
|
extern int __mb_cur_max;
|
|
extern int ___mb_cur_max(void);
|
|
#define MB_CUR_MAX ((size_t)___mb_cur_max())
|
|
|
|
_Noreturn void abort(void) __noexcept;
|
|
int abs(int) __pure2;
|
|
int atexit(void (* _Nonnull)(void)) __noexcept;
|
|
double atof(const char *);
|
|
int atoi(const char *);
|
|
long atol(const char *);
|
|
void *bsearch(const void *, const void *, size_t,
|
|
size_t, int (*)(const void * _Nonnull, const void *));
|
|
void *calloc(size_t, size_t) __malloc_like __result_use_check
|
|
__alloc_size2(1, 2);
|
|
div_t div(int, int) __pure2;
|
|
_Noreturn void exit(int);
|
|
void free(void *);
|
|
char *getenv(const char *);
|
|
long labs(long) __pure2;
|
|
ldiv_t ldiv(long, long) __pure2;
|
|
void *malloc(size_t) __malloc_like __result_use_check __alloc_size(1);
|
|
int mblen(const char *, size_t);
|
|
size_t mbstowcs(wchar_t * __restrict , const char * __restrict, size_t);
|
|
int mbtowc(wchar_t * __restrict, const char * __restrict, size_t);
|
|
void qsort(void *, size_t, size_t,
|
|
int (* _Nonnull)(const void *, const void *));
|
|
int rand(void);
|
|
void *realloc(void *, size_t) __result_use_check __alloc_size(2);
|
|
void srand(unsigned);
|
|
double strtod(const char * __restrict, char ** __restrict);
|
|
float strtof(const char * __restrict, char ** __restrict);
|
|
long strtol(const char * __restrict, char ** __restrict, int);
|
|
long double
|
|
strtold(const char * __restrict, char ** __restrict);
|
|
unsigned long
|
|
strtoul(const char * __restrict, char ** __restrict, int);
|
|
int system(const char *);
|
|
int wctomb(char *, wchar_t);
|
|
size_t wcstombs(char * __restrict, const wchar_t * __restrict, size_t);
|
|
|
|
/*
|
|
* Functions added in C99 which we make conditionally available in the
|
|
* BSD^C89 namespace if the compiler supports `long long'.
|
|
* The #if test is more complicated than it ought to be because
|
|
* __BSD_VISIBLE implies __ISO_C_VISIBLE == 1999 *even if* `long long'
|
|
* is not supported in the compilation environment (which therefore means
|
|
* that it can't really be ISO C99).
|
|
*
|
|
* (The only other extension made by C99 in this header is _Exit().)
|
|
*/
|
|
#if __ISO_C_VISIBLE >= 1999 || defined(__cplusplus)
|
|
#ifdef __LONG_LONG_SUPPORTED
|
|
/* LONGLONG */
|
|
typedef struct {
|
|
long long quot;
|
|
long long rem;
|
|
} lldiv_t;
|
|
|
|
/* LONGLONG */
|
|
long long
|
|
atoll(const char *);
|
|
/* LONGLONG */
|
|
long long
|
|
llabs(long long) __pure2;
|
|
/* LONGLONG */
|
|
lldiv_t lldiv(long long, long long) __pure2;
|
|
/* LONGLONG */
|
|
long long
|
|
strtoll(const char * __restrict, char ** __restrict, int);
|
|
/* LONGLONG */
|
|
unsigned long long
|
|
strtoull(const char * __restrict, char ** __restrict, int);
|
|
#endif /* __LONG_LONG_SUPPORTED */
|
|
|
|
_Noreturn void _Exit(int) __noexcept;
|
|
#endif /* __ISO_C_VISIBLE >= 1999 */
|
|
|
|
/*
|
|
* If we're in a mode greater than C99, expose C11 functions.
|
|
*/
|
|
#if __ISO_C_VISIBLE >= 2011 || __cplusplus >= 201103L
|
|
void * aligned_alloc(size_t, size_t) __malloc_like __alloc_align(1)
|
|
__alloc_size(2);
|
|
int at_quick_exit(void (*)(void)) __noexcept;
|
|
_Noreturn void
|
|
quick_exit(int) /* __noexcept -- not ready ABI issues? */;
|
|
#endif /* __ISO_C_VISIBLE >= 2011 */
|
|
/*
|
|
* Extensions made by POSIX relative to C.
|
|
*/
|
|
#if __POSIX_VISIBLE >= 199506 || __XSI_VISIBLE
|
|
char *realpath(const char * __restrict, char * __restrict);
|
|
#endif
|
|
#if __POSIX_VISIBLE >= 199506
|
|
int rand_r(unsigned *); /* (TSF) */
|
|
#endif
|
|
#if __POSIX_VISIBLE >= 200112
|
|
int posix_memalign(void **, size_t, size_t); /* (ADV) */
|
|
int setenv(const char *, const char *, int);
|
|
int unsetenv(const char *);
|
|
#endif
|
|
|
|
#if __POSIX_VISIBLE >= 200809 || __XSI_VISIBLE
|
|
int getsubopt(char **, char *const *, char **);
|
|
#ifndef _MKDTEMP_DECLARED
|
|
char *mkdtemp(char *);
|
|
#define _MKDTEMP_DECLARED
|
|
#endif
|
|
#ifndef _MKSTEMP_DECLARED
|
|
int mkstemp(char *);
|
|
#define _MKSTEMP_DECLARED
|
|
#endif
|
|
#endif /* __POSIX_VISIBLE >= 200809 || __XSI_VISIBLE */
|
|
|
|
/*
|
|
* The only changes to the XSI namespace in revision 6 were the deletion
|
|
* of the ttyslot() and valloc() functions, which FreeBSD never declared
|
|
* in this header. For revision 7, ecvt(), fcvt(), and gcvt(), which
|
|
* FreeBSD also does not have, and mktemp(), are to be deleted.
|
|
*/
|
|
#if __XSI_VISIBLE
|
|
/* XXX XSI requires pollution from <sys/wait.h> here. We'd rather not. */
|
|
long a64l(const char *);
|
|
double drand48(void);
|
|
/* char *ecvt(double, int, int * __restrict, int * __restrict); */
|
|
double erand48(unsigned short[3]);
|
|
/* char *fcvt(double, int, int * __restrict, int * __restrict); */
|
|
/* char *gcvt(double, int, int * __restrict, int * __restrict); */
|
|
char *initstate(unsigned int, char *, size_t);
|
|
long jrand48(unsigned short[3]);
|
|
char *l64a(long);
|
|
void lcong48(unsigned short[7]);
|
|
long lrand48(void);
|
|
#if !defined(_MKTEMP_DECLARED) && (__BSD_VISIBLE || __XSI_VISIBLE <= 600)
|
|
char *mktemp(char *);
|
|
#define _MKTEMP_DECLARED
|
|
#endif
|
|
long mrand48(void);
|
|
long nrand48(unsigned short[3]);
|
|
int putenv(char *);
|
|
long random(void);
|
|
unsigned short
|
|
*seed48(unsigned short[3]);
|
|
char *setstate(/* const */ char *);
|
|
void srand48(long);
|
|
void srandom(unsigned int);
|
|
#endif /* __XSI_VISIBLE */
|
|
|
|
#if __XSI_VISIBLE
|
|
int grantpt(int);
|
|
int posix_openpt(int);
|
|
char *ptsname(int);
|
|
int unlockpt(int);
|
|
#endif /* __XSI_VISIBLE */
|
|
#if __BSD_VISIBLE
|
|
/* ptsname_r will be included in POSIX issue 8 */
|
|
int ptsname_r(int, char *, size_t);
|
|
#endif
|
|
|
|
#if __BSD_VISIBLE
|
|
extern const char *malloc_conf;
|
|
extern void (*malloc_message)(void *, const char *);
|
|
|
|
/*
|
|
* The alloca() function can't be implemented in C, and on some
|
|
* platforms it can't be implemented at all as a callable function.
|
|
* The GNU C compiler provides a built-in alloca() which we can use.
|
|
* On platforms where alloca() is not in libc, programs which use it
|
|
* will fail to link when compiled with non-GNU compilers.
|
|
*/
|
|
#if __GNUC__ >= 2
|
|
#undef alloca /* some GNU bits try to get cute and define this on their own */
|
|
#define alloca(sz) __builtin_alloca(sz)
|
|
#endif
|
|
|
|
void abort2(const char *, int, void **) __dead2;
|
|
__uint32_t
|
|
arc4random(void);
|
|
void arc4random_buf(void *, size_t);
|
|
__uint32_t
|
|
arc4random_uniform(__uint32_t);
|
|
|
|
#ifdef __BLOCKS__
|
|
int atexit_b(void (^ _Nonnull)(void));
|
|
void *bsearch_b(const void *, const void *, size_t,
|
|
size_t, int (^ _Nonnull)(const void *, const void *));
|
|
#endif
|
|
char *getbsize(int *, long *);
|
|
/* getcap(3) functions */
|
|
char *cgetcap(char *, const char *, int);
|
|
int cgetclose(void);
|
|
int cgetent(char **, char **, const char *);
|
|
int cgetfirst(char **, char **);
|
|
int cgetmatch(const char *, const char *);
|
|
int cgetnext(char **, char **);
|
|
int cgetnum(char *, const char *, long *);
|
|
int cgetset(const char *);
|
|
int cgetstr(char *, const char *, char **);
|
|
int cgetustr(char *, const char *, char **);
|
|
|
|
int clearenv(void);
|
|
|
|
int daemon(int, int);
|
|
int daemonfd(int, int);
|
|
char *devname(__dev_t, __mode_t);
|
|
char *devname_r(__dev_t, __mode_t, char *, int);
|
|
char *fdevname(int);
|
|
char *fdevname_r(int, char *, int);
|
|
int getloadavg(double [], int);
|
|
const char *
|
|
getprogname(void);
|
|
|
|
int heapsort(void *, size_t, size_t,
|
|
int (* _Nonnull)(const void *, const void *));
|
|
#ifdef __BLOCKS__
|
|
int heapsort_b(void *, size_t, size_t,
|
|
int (^ _Nonnull)(const void *, const void *));
|
|
void qsort_b(void *, size_t, size_t,
|
|
int (^ _Nonnull)(const void *, const void *));
|
|
#endif
|
|
int l64a_r(long, char *, int);
|
|
int mergesort(void *, size_t, size_t, int (*)(const void *, const void *));
|
|
#ifdef __BLOCKS__
|
|
int mergesort_b(void *, size_t, size_t, int (^)(const void *, const void *));
|
|
#endif
|
|
int mkostemp(char *, int);
|
|
int mkostemps(char *, int, int);
|
|
int mkostempsat(int, char *, int, int);
|
|
void qsort_r(void *, size_t, size_t,
|
|
int (*)(const void *, const void *, void *), void *);
|
|
int radixsort(const unsigned char **, int, const unsigned char *,
|
|
unsigned);
|
|
void *reallocarray(void *, size_t, size_t) __result_use_check
|
|
__alloc_size2(2, 3);
|
|
void *reallocf(void *, size_t) __result_use_check __alloc_size(2);
|
|
int rpmatch(const char *);
|
|
char *secure_getenv(const char *);
|
|
void setprogname(const char *);
|
|
int sradixsort(const unsigned char **, int, const unsigned char *,
|
|
unsigned);
|
|
void srandomdev(void);
|
|
long long
|
|
strtonum(const char *, long long, long long, const char **);
|
|
|
|
/* Deprecated interfaces, to be removed. */
|
|
__int64_t
|
|
strtoq(const char *, char **, int);
|
|
__uint64_t
|
|
strtouq(const char *, char **, int);
|
|
|
|
/*
|
|
* In FreeBSD 14, the prototype of qsort_r() was modified to comply with
|
|
* POSIX. The standardized qsort_r()'s order of last two parameters was
|
|
* changed, and the comparator function is now taking thunk as its last
|
|
* parameter, and both are different from the ones expected by the historical
|
|
* FreeBSD qsort_r() interface.
|
|
*
|
|
* Apply a workaround where we explicitly link against the historical interface,
|
|
* qsort_r@FBSD_1.0, in case when qsort_r() is called with the last parameter
|
|
* with a function pointer that exactly matches the historical FreeBSD qsort_r()
|
|
* comparator signature, so applications written for the historical interface
|
|
* can continue to work without modification. Toolchains that don't support
|
|
* symbol versioning don't define __sym_compat, so only provide this symbol in
|
|
* supported environments.
|
|
*/
|
|
#ifdef __sym_compat
|
|
#if defined(__generic) || defined(__cplusplus)
|
|
void __qsort_r_compat(void *, size_t, size_t, void *,
|
|
int (*)(void *, const void *, const void *));
|
|
__sym_compat(qsort_r, __qsort_r_compat, FBSD_1.0);
|
|
#endif
|
|
#endif
|
|
#if defined(__generic) && !defined(__cplusplus)
|
|
#define qsort_r(base, nel, width, arg4, arg5) \
|
|
__generic(arg5, int (*)(void *, const void *, const void *), \
|
|
__qsort_r_compat, qsort_r)(base, nel, width, arg4, arg5)
|
|
#elif defined(__cplusplus) && defined(__sym_compat)
|
|
__END_DECLS
|
|
extern "C++" {
|
|
static inline void qsort_r(void *base, size_t nmemb, size_t size,
|
|
void *thunk, int (*compar)(void *, const void *, const void *)) {
|
|
__qsort_r_compat(base, nmemb, size, thunk, compar);
|
|
}
|
|
}
|
|
__BEGIN_DECLS
|
|
#endif
|
|
|
|
extern char *suboptarg; /* getsubopt(3) external variable */
|
|
#endif /* __BSD_VISIBLE */
|
|
|
|
#if __EXT1_VISIBLE
|
|
|
|
#ifndef _RSIZE_T_DEFINED
|
|
#define _RSIZE_T_DEFINED
|
|
typedef size_t rsize_t;
|
|
#endif
|
|
|
|
#ifndef _ERRNO_T_DEFINED
|
|
#define _ERRNO_T_DEFINED
|
|
typedef int errno_t;
|
|
#endif
|
|
|
|
/* K.3.6 */
|
|
typedef void (*constraint_handler_t)(const char * __restrict,
|
|
void * __restrict, errno_t);
|
|
/* K.3.6.1.1 */
|
|
constraint_handler_t set_constraint_handler_s(constraint_handler_t handler);
|
|
/* K.3.6.1.2 */
|
|
_Noreturn void abort_handler_s(const char * __restrict, void * __restrict,
|
|
errno_t);
|
|
/* K3.6.1.3 */
|
|
void ignore_handler_s(const char * __restrict, void * __restrict, errno_t);
|
|
/* K.3.6.3.2 */
|
|
errno_t qsort_s(void *, rsize_t, rsize_t,
|
|
int (*)(const void *, const void *, void *), void *);
|
|
#endif /* __EXT1_VISIBLE */
|
|
|
|
__END_DECLS
|
|
__NULLABILITY_PRAGMA_POP
|
|
|
|
#endif /* !_STDLIB_H_ */
|