sync code with last fixes and improvements from OpenBSD

lib/libc/hidden/stdlib.h

@@ -1,4 +1,4 @@
-/*	$OpenBSD: stdlib.h,v 1.17 2023/05/18 16:11:09 guenther Exp $	*/
+/*	$OpenBSD: stdlib.h,v 1.18 2023/05/27 04:33:00 otto Exp $	*/
 /*	$NetBSD: stdlib.h,v 1.25 1995/12/27 21:19:08 jtc Exp $	*/
 
 /*-
@@ -57,7 +57,7 @@ PROTO_STD_DEPRECATED(_Exit);
 PROTO_DEPRECATED(a64l);
 PROTO_NORMAL(abort);
 PROTO_NORMAL(abs);
-/* PROTO_NORMAL(aligned_alloc)		not yet, breaks emacs */
+PROTO_NORMAL(aligned_alloc);
 PROTO_NORMAL(arc4random);
 PROTO_NORMAL(arc4random_buf);
 PROTO_NORMAL(arc4random_uniform);
@@ -67,7 +67,7 @@ PROTO_NORMAL(atoi);
 PROTO_STD_DEPRECATED(atol);
 PROTO_STD_DEPRECATED(atoll);
 PROTO_STD_DEPRECATED(bsearch);
-/*PROTO_NORMAL(calloc);			not yet, breaks emacs */
+PROTO_NORMAL(calloc);
 PROTO_NORMAL(calloc_conceal);
 PROTO_NORMAL(cgetcap);
 PROTO_NORMAL(cgetclose);
@@ -88,7 +88,7 @@ PROTO_DEPRECATED(ecvt);
 PROTO_NORMAL(erand48);
 PROTO_NORMAL(exit);
 PROTO_DEPRECATED(fcvt);
-/*PROTO_NORMAL(free);			not yet, breaks emacs */
+PROTO_NORMAL(free);
 PROTO_NORMAL(freezero);
 PROTO_DEPRECATED(gcvt);
 PROTO_DEPRECATED(getbsize);
@@ -108,7 +108,7 @@ PROTO_DEPRECATED(ldiv);
 PROTO_STD_DEPRECATED(llabs);
 PROTO_STD_DEPRECATED(lldiv);
 PROTO_DEPRECATED(lrand48);
-/*PROTO_NORMAL(malloc);			not yet, breaks emacs */
+PROTO_NORMAL(malloc);
 PROTO_NORMAL(malloc_conceal);
 PROTO_STD_DEPRECATED(mblen);
 PROTO_STD_DEPRECATED(mbstowcs);
@@ -122,7 +122,7 @@ PROTO_DEPRECATED(mkstemps);
 PROTO_DEPRECATED(mktemp);
 PROTO_DEPRECATED(mrand48);
 PROTO_DEPRECATED(nrand48);
-/*PROTO_NORMAL(posix_memalign);		not yet, breaks emacs */
+PROTO_NORMAL(posix_memalign);
 PROTO_DEPRECATED(posix_openpt);
 PROTO_DEPRECATED(ptsname);
 PROTO_NORMAL(putenv);
@@ -133,7 +133,7 @@ PROTO_DEPRECATED(radixsort);
 PROTO_STD_DEPRECATED(rand);
 PROTO_NORMAL(rand_r);
 PROTO_DEPRECATED(random);
-/*PROTO_NORMAL(realloc);		not yet, breaks emacs */
+PROTO_NORMAL(realloc);
 PROTO_NORMAL(reallocarray);
 PROTO_NORMAL(recallocarray);
 PROTO_DEPRECATED(realpath);

lib/libc/stdlib/malloc.3

@@ -30,9 +30,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"	$OpenBSD: malloc.3,v 1.132 2023/04/17 05:45:06 jmc Exp $
+.\"	$OpenBSD: malloc.3,v 1.133 2023/06/04 06:58:33 otto Exp $
 .\"
-.Dd $Mdocdate: April 17 2023 $
+.Dd $Mdocdate: June 4 2023 $
 .Dt MALLOC 3
 .Os
 .Sh NAME
@@ -314,7 +314,7 @@ Increase the junk level by one if it is smaller than 2.
 Decrease the junk level by one if it is larger than 0.
 Junking writes some junk bytes into the area allocated.
 Junk is bytes of 0xdb when allocating;
-freed chunks are filled with 0xdf.
+freed allocations are filled with 0xdf.
 By default the junk level is 1: after free,
 small chunks are completely junked;
 for pages the first part is junked.
@@ -628,22 +628,24 @@ An attempt to
 .Fn free
 or
 reallocate an unallocated pointer was made.
-.It Dq chunk is already free
-There was an attempt to free a chunk that had already been freed.
+.It Dq double free
+There was an attempt to free an allocation that had already been freed.
 .It Dq write after free
-A chunk has been modified after it was freed.
+An allocation has been modified after it was freed.
 .It Dq modified chunk-pointer
 The pointer passed to
 .Fn free
 or a reallocation function has been modified.
-.It Dq chunk canary corrupted address offset@length
+.It Dq canary corrupted address offset@length
 A byte after the requested size has been overwritten,
 indicating a heap overflow.
 The offset at which corruption was detected is printed before the @,
 and the requested length of the allocation after the @.
-.It Dq recorded old size oldsize != size
+.It Dq recorded size oldsize inconsistent with size
 .Fn recallocarray
-has detected that the given old size does not equal the recorded size in its
+or
+.Fn freezero
+has detected that the given old size does not match the recorded size in its
 meta data.
 Enabling option
 .Cm C

lib/libc/stdlib/malloc.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: malloc.c,v 1.283 2023/05/10 07:58:06 otto Exp $	*/
+/*	$OpenBSD: malloc.c,v 1.286 2023/06/07 12:56:22 aoyama Exp $	*/
 /*
  * Copyright (c) 2008, 2010, 2011, 2016, 2023 Otto Moerbeek <otto@drijf.net>
  * Copyright (c) 2012 Matthew Dempsky <matthew@openbsd.org>
@@ -977,6 +977,10 @@ omalloc_make_chunks(struct dir_info *d, u_int bucket, u_int listnum)
 	    NULL))
 		goto err;
 	LIST_INSERT_HEAD(&d->chunk_dir[bucket][listnum], bp, entries);
+
+	if (bucket > 0 && d->malloc_junk != 0)
+		memset(pp, SOME_FREEJUNK, MALLOC_PAGESIZE);
+
 	return bp;
 
 err:
@@ -984,12 +988,32 @@ err:
 	return NULL;
 }
 
+#if defined(__GNUC__) && __GNUC__ < 4
+static inline unsigned int
+lb(u_int x)
+{
+#if defined(__m88k__)
+	__asm__ __volatile__ ("ff1 %0, %0" : "=r" (x) : "0" (x));
+	return x;
+#else
+	/* portable version */
+	unsigned int count = 0;
+	while ((x & (1U << (sizeof(int) * CHAR_BIT - 1))) == 0) {
+		count++;
+		x <<= 1;
+	}
+	return (sizeof(int) * CHAR_BIT - 1) - count;
+#endif
+}
+#else
+/* using built-in function version */
 static inline unsigned int
 lb(u_int x)
 {
 	/* I need an extension just for integer-length (: */
 	return (sizeof(int) * CHAR_BIT - 1) - __builtin_clz(x);
 }
+#endif
 
 /* https://pvk.ca/Blog/2015/06/27/linear-log-bucketing-fast-versatile-simple/
    via Tony Finch */
@@ -1113,9 +1137,8 @@ found:
 
 	p = (char *)bp->page + k;
 	if (bp->bucket > 0) {
-		if (d->malloc_junk == 2)
-			memset(p, SOME_JUNK, B2SIZE(bp->bucket));
-		else if (mopts.chunk_canaries)
+		validate_junk(d, p, B2SIZE(bp->bucket));
+		if (mopts.chunk_canaries)
 			fill_canary(p, size, B2SIZE(bp->bucket));
 	}
 	return p;
@@ -1134,7 +1157,7 @@ validate_canary(struct dir_info *d, u_char *ptr, size_t sz, size_t allocated)
 
 	while (p < q) {
 		if (*p != (u_char)mopts.chunk_canaries && *p != SOME_JUNK) {
-			wrterror(d, "chunk canary corrupted %p %#tx@%#zx%s",
+			wrterror(d, "canary corrupted %p %#tx@%#zx%s",
 			    ptr, p - ptr, sz,
 			    *p == SOME_FREEJUNK ? " (double free?)" : "");
 		}
@@ -1157,7 +1180,7 @@ find_chunknum(struct dir_info *d, struct chunk_info *info, void *ptr, int check)
 		wrterror(d, "modified chunk-pointer %p", ptr);
 	if (info->bits[chunknum / MALLOC_BITS] &
 	    (1U << (chunknum % MALLOC_BITS)))
-		wrterror(d, "chunk is already free %p", ptr);
+		wrterror(d, "double free %p", ptr);
 	if (check && info->bucket > 0) {
 		validate_canary(d, ptr, info->bits[info->offset + chunknum],
 		    B2SIZE(info->bucket));
@@ -1417,7 +1440,7 @@ malloc(size_t size)
 	EPILOGUE()
 	return r;
 }
-/*DEF_STRONG(malloc);*/
+DEF_STRONG(malloc);
 
 void *
 malloc_conceal(size_t size)
@@ -1620,7 +1643,7 @@ free(void *ptr)
 	_MALLOC_UNLOCK(d->mutex);
 	errno = saved_errno;
 }
-/*DEF_STRONG(free);*/
+DEF_STRONG(free);
 
 static void
 freezero_p(void *ptr, size_t sz)
@@ -1841,7 +1864,7 @@ realloc(void *ptr, size_t size)
 	EPILOGUE()
 	return r;
 }
-/*DEF_STRONG(realloc);*/
+DEF_STRONG(realloc);
 
 /*
  * This is sqrt(SIZE_MAX+1), as s1*s2 <= SIZE_MAX
@@ -1872,7 +1895,7 @@ calloc(size_t nmemb, size_t size)
 	EPILOGUE()
 	return r;
 }
-/*DEF_STRONG(calloc);*/
+DEF_STRONG(calloc);
 
 void *
 calloc_conceal(size_t nmemb, size_t size)
@@ -1924,13 +1947,22 @@ orecallocarray(struct dir_info **argpool, void *p, size_t oldsize,
 			uint32_t chunknum = find_chunknum(pool, info, p, 0);
 
 			if (info->bits[info->offset + chunknum] != oldsize)
-				wrterror(pool, "recorded old size %hu != %zu",
+				wrterror(pool, "recorded size %hu != %zu",
 				    info->bits[info->offset + chunknum],
 				    oldsize);
+		} else {
+			if (sz < oldsize)
+				wrterror(pool, "chunk size %zu < %zu",
+				    sz, oldsize);
 		}
-	} else if (oldsize < (sz - mopts.malloc_guard) / 2)
-		wrterror(pool, "recorded old size %zu != %zu",
-		    sz - mopts.malloc_guard, oldsize);
+	} else {
+		if (sz - mopts.malloc_guard < oldsize)
+			wrterror(pool, "recorded size %zu < %zu",
+			    sz - mopts.malloc_guard, oldsize);
+		if (oldsize < (sz - mopts.malloc_guard) / 2)
+			wrterror(pool, "recorded size %zu inconsistent with %zu",
+			    sz - mopts.malloc_guard, oldsize);
+	}
 
 	newptr = omalloc(pool, newsize, 0, f);
 	if (newptr == NULL)
@@ -2189,7 +2221,7 @@ err:
 	errno = saved_errno;
 	return res;
 }
-/*DEF_STRONG(posix_memalign);*/
+DEF_STRONG(posix_memalign);
 
 void *
 aligned_alloc(size_t alignment, size_t size)
@@ -2214,7 +2246,7 @@ aligned_alloc(size_t alignment, size_t size)
 	EPILOGUE()
 	return r;
 }
-/*DEF_STRONG(aligned_alloc);*/
+DEF_STRONG(aligned_alloc);
 
 #ifdef MALLOC_STATS
 

lib/libc/sys/pledge.2

@@ -1,4 +1,4 @@
-.\" $OpenBSD: pledge.2,v 1.64 2022/07/17 03:12:55 deraadt Exp $
+.\" $OpenBSD: pledge.2,v 1.66 2023/06/02 17:44:29 cheloha Exp $
 .\"
 .\" Copyright (c) 2015 Nicholas Marriott <nicm@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: July 17 2022 $
+.Dd $Mdocdate: June 2 2023 $
 .Dt PLEDGE 2
 .Os
 .Sh NAME
@@ -134,6 +134,8 @@ May open
 .Pa /etc/localtime
 and any files below
 .Pa /usr/share/zoneinfo .
+.It Xr profil 2 :
+Can only disable profiling.
 .It Fn pledge :
 Can only reduce permissions for
 .Fa promises
@@ -209,6 +211,7 @@ As a result, all the expected functionalities of libc stdio work.
 .Xr poll 2 ,
 .Xr pread 2 ,
 .Xr preadv 2 ,
+.Xr profil 2 ,
 .Xr pwrite 2 ,
 .Xr pwritev 2 ,
 .Xr read 2 ,
@@ -227,6 +230,7 @@ As a result, all the expected functionalities of libc stdio work.
 .Xr socketpair 2 ,
 .Xr umask 2 ,
 .Xr wait4 2 ,
+.Xr waitid 2 ,
 .Xr write 2 ,
 .Xr writev 2
 .It Cm rpath