Currently when PATH_MAX is undefined realpath will default to using 4096.
There is a potential stack overflow attack that can be mitigated by having
PATH_MAX defined. This change conservatively errors if a system does not
have PATH_MAX defined.
This change also explicitly includes `limits.h` to ensure that all platforms
have PATH_MAX defined if it is available.
Ref: http://pubs.opengroup.org/onlinepubs/9699919799/functions/realpath.html
Refs: https://github.com/nodejs/node/issues/2680#issuecomment-213521708
PR-URL: https://github.com/libuv/libuv/pull/843
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Saúl Ibarra Corretgé <saghul@gmail.com>
'futimens' is only implemented on AIX 7.1. Other functions like
'utimes' and 'utimes' are merely stub functions that return ENOSYS
on AIX 6.1 and below. Skip test fs_futime for AIX versions below 7.1.
PR-URL: https://github.com/libuv/libuv/pull/811
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
When compiling with bionic, st_atime_nsec (and the other nsec members)
canot be found.
In order to compile uv with both NDK and bionic, tv_nsec should be
accessed from st_atimensec (and the others nsec members).
See "Compatibility with glibc" in stat.h from bionic.
Signed-off-by: Robert Chiras <robert.chiras@intel.com>
PR-URL: https://github.com/libuv/libuv/pull/746
Reviewed-By: Saúl Ibarra Corretgé <saghul@gmail.com>
uv__fs_buf_iter currently sets req->bufs to NULL after it is done, but
if the operation fails with EINTR then it will be retried, at which
point it expects the bufs to not be NULL, causing a seg fault as in
https://github.com/nodejs/node/issues/4291.
uv__fs_buf_iter should not set req->bufs to NULL if the operation
fails with EINTR.
Also, when it sets req->bufs to NULL, it should set req->nbufs to 0 as
well, so we don't have the messy situation of a positive nbufs with no
actual bufs.
PR-URL: https://github.com/libuv/libuv/pull/661
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Equivalent to realpath(3), returns the full resolved absolute path of a
file or directory.
PR-URL: https://github.com/libuv/libuv/pull/531
Reviewed-By: Saúl Ibarra Corretgé <saghul@gmail.com>
The pthread_mutex_lock() and pthread_mutex_unlock() calls logically
cannot fail in uv__fs_write() but let's check the return value anyway:
cosmic rays and memory corruption do happen.
PR-URL: https://github.com/libuv/libuv/pull/603
Reviewed-By: Saúl Ibarra Corretgé <saghul@gmail.com>
Commit 0199955 ("fs: undo uv__req_init when uv__malloc failed")
mistakingly unregisters the requests unconditionally in a few places,
resulting in memory corruption when it hasn't been registered first.
Fixes: https://github.com/libuv/libuv/pull/543
PR-URL: https://github.com/libuv/libuv/pull/567
Reviewed-By: Saúl Ibarra Corretgé <saghul@gmail.com>
The code made an implicit assumption that the 'len` variable passed
to the sendfile(2) syscall is not modified by the operating system
in case of an error other than EAGAIN or EINTR.
The man page leaves this unspecified on FreeBSD, DragonFly and
Darwin, so better check the error code which returns a valid
value in `len` explicitly (only EAGAIN and EINTR).
This fixes the test case for sendfile on DragonFly.
PR-URL: https://github.com/libuv/libuv/pull/466
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Saúl Ibarra Corretgé <saghul@gmail.com>
For synchronous file operation requests (ones without a callback), there
is no need to make a copy of the arguments because they don't outlive
the scope of the function call.
PR-URL: https://github.com/libuv/libuv/pull/479
Reviewed-By: Saúl Ibarra Corretgé <saghul@gmail.com>
The parentheses are unnecessary because what they wrap are not macro
arguments but function arguments that aren't evaluated by the macro.
PR-URL: https://github.com/libuv/libuv/pull/479
Reviewed-By: Saúl Ibarra Corretgé <saghul@gmail.com>
This allows writing and reading any amount of buffers,
regardless of what IOV_MAX may be defined as.
It also moves the IOV_MAX test from stream to core.
This is based on the excellent work of @bwijen in #269.
Refs: https://github.com/libuv/libuv/pull/269
PR-URL: https://github.com/libuv/libuv/pull/448
Reviewed-By: Saúl Ibarra Corretgé <saghul@gmail.com>
Move the logic out of uv__fs_work() and into a function of its own.
PR-URL: https://github.com/libuv/libuv/pull/326
Reviewed-By: Saúl Ibarra Corretgé <saghul@gmail.com>
With uv_replace_allocator, it's possible to override the default
memory allocator's malloc and free calls with functions of the user's
choosing. This allows libuv to interoperate with projects requiring a
custom memory allocator.
Internally, all calls to malloc and free have been replaced with
uv__malloc and uv__free, respectively. The uv__malloc and uv__free
functions call malloc and free unless they have been overridden by a
previous call to uv_replace_allocator.
As part of this change, the special aligned memory allocations
performed in src/win/fs-event.c have been replaced with standard
allocations. The 4-byte alignment being requested in this file was
unnecessary, since standard allocators already guarantee at least an
8-byte alignment.
PR-URL: https://github.com/libuv/libuv/pull/231
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Saúl Ibarra Corretgé <saghul@gmail.com>
The fix from commit 269ff0be is wrong in that it sniffs system headers
to determine if preadv() and pwrite() are supported.
It breaks the fs_write_multiple_bufs test on one of my ARM systems;
its glibc has preadv() and pwritev() wrappers but its kernel has no
support for the corresponding system calls.
Simply try the system call and fall back to a normal read or write
loop if not supported. Move the no_preadv and no_pwritev variables
around to squelch two -Wpedantic warnings about mixing declarations
with code.
PR-URL: https://github.com/libuv/libuv/pull/90
Reviewed-By: Saúl Ibarra Corretgé <saghul@gmail.com>
Introduce:
int uv_fs_readdir_next(uv_fs_t* req, uv_dirent_t* ent);
`uv_fs_readdir()` is not returning a file names list in `req->ptr`
anymore, the proper way to gather them is to call `uv_fs_readdir_next()`
in a callback.
The VirtualBox shared file system doesn't seem to be capable of
`readv()` syscall. Since we don't need them in the most of the cases
anyway, it won't hurt to just use `read()` and `write()` when we are
reading just one buffer.
see https://github.com/joyent/node/issues/7343 for details.
This improves API consistency with uv_read and uv_write and may
improve efficiency for some uses. Vectored IO is emulated when the
requisite system calls are unavailable.
This improves API consistency with uv_read and uv_write and may
improve efficiency for some uses. Vectored IO is emulated when the
requisite system calls are unavailable.
Every file descriptor opened using libuv should be automatically marked
as CLOEXEC to prevent it from leaking to a child process. Note that
since we are opening fds in a thread pool, there is a possible race
condition between `uv_spawn()` and the `open()` + `uv__cloexec()`. The
rwlock was added to avoid it.
see https://github.com/joyent/node/issues/6905
Some scandir implementations allocate the dirent struct even if the
directory is empty, so if `scandir` returns 0 there may still be memory
that needs to get deallocated. I have altered uv__fs_readdir to go to
the "deallocation exit area" when 0 files are found in the directory
and continue to return early on a return value of -1.
I went to add a test for this functionality, but it appears that one
already exists (reading an empty directory), so I imagine that the
valgrind builds must only be happening on linux instead of OSX as well?
I have confirmed manually that a program without this fix will
infinitely leak memory, and with this fix the memory usage stays
constant.
Change the uv_fs_write() prototype so the 'buf' argument is now
`const void*` rather than `void*`.
The argument is stored in a non-const field in the uv_fs_t but that's
inconsequential because the memory it points to is not touched.
Before this commit, uv_fs_chown() and uv_fs_fchown() took the uid and
gid as signed integers which is wrong because uid_t and gid_t are
unsigned on most all platforms and IDs that don't fit in a signed
integer do exist.
This is not an ABI change because the size of the uid and gid arguments
do not change, only their sign.
On Windows, uv_uid_t and uv_gid_t are typedef'd as unsigned char for
reasons that are unclear. It doesn't matter: they get cast to ints when
used as function arguments. The arguments themselves are unused.
Partial fix for joyent/node#5890.
This commit changes the libuv API to return error codes directly rather
than storing them in a loop-global field.
A code snippet like this one:
if (uv_foo(loop) < 0) {
uv_err_t err = uv_last_error(loop);
fprintf(stderr, "%s\n", uv_strerror(err));
}
Should be rewritten like this:
int err = uv_foo(loop);
if (err < 0)
fprintf(stderr, "%s\n", uv_strerror(err));
The rationale for this change is that it should make creating bindings
for other languages a lot easier: dealing with struct return values is
painful with most FFIs and often downright buggy.
The darwin sendfile implementation uses the &len parameter as input
and output. The code was sending 0 (not using the value of req->len)
so the behavior wasn't what the caller was expecting.
This makes sure to initialize len with req->len to ensure that the
caller can send portions of a file (not always everything to the
end of the file).
Clang warns about using `inline`, which is not technically allowed in
C89 mode (libuv compiles with `-std=c89`). It's probably best to leave
it to the compiler to do the inlining anyway.
The sendfile emulation in src/unix/fs.c polls the file descriptor for
write readiness. If POLLERR or POLLHUP is set, it bails out but doesn't
set errno (hence it doesn't report a useful error code). Rectify that.
Fixes#620.
The fallback added in 9d4a16e uses the /proc filesystem to emulate
utimensat().
Translate error codes that indicate no procfs is mounted to ENOSYS.
Letting those error codes through unchecked will only confuse callers.
A common way to check if a uv_fs_t request failed is to check that
req->errorno != 0.
With uv_fs_sendfile(), when the sendfile() syscall fails, req->errorno is set
to (for example) ENOTSOCK, even when the emulation code path succeeds.
Zero errno before the call to uv__fs_sendfile_emul() to prevent that from
happening.
Bert Belder informs me the current approach where a request is immediately
cancelled, is impossible to implement on Windows.
Rework the API to always invoke the "done" callback with an UV_ECANCELED error
code.
Simultaneously writing from multiple threads to the same file descriptor is not
safe on OS X. We already serialized all pwrite() system calls, apply the same
workaround to the write() system call.
Fixes a node.js test, test/simple/test-fs-sir-writes-alot.js, that was failing
because parts of the output file got filled with nul bytes.
The only platforms where the dirent argument is non-const are OS X, OpenBSD
and older versions of FreeBSD (but not FreeBSD 9). Accommodate the first two.
Don't return req->result after posting the work request. It's possible (if
unlikely) for a worker thread to process the request before the main thread
reaches the return statement.
Some platforms don't support sendfile() (netbsd, openbsd), others don't support
arbitrary file descriptors (freebsd, darwin) and yet others have quirks in their
implementation (sunos).
Work around the quirks. If all else fails, fall back to sendfile() emulation.
uv_fs_stat and uv_fs_lstat removed the trailing backslash (if any) from the path
in order to please a test case that was written for Windows. Remove the
compatibility hack and fix the test.
OS X has no public API for fdatasync. And as pointed out in `man fsync(2)`:
For applications that require tighter guarantees about the integrity of
their data, Mac OS X provides the F_FULLFSYNC fcntl. The F_FULLFSYNC
fcntl asks the drive to flush all buffered data to permanent storage.
Applications, such as databases, that require a strict ordering of writes
should use F_FULLFSYNC to ensure that their data is written in the order
they expect. Please see fcntl(2) for more detail.
This commit changes how the event loop determines if it needs to stay alive.
Previously, an internal counter was increased whenever a handle got created
and decreased again when the handle was closed.
While conceptually simple, it turned out hard to work with: you often want
to keep the event loop alive only if the handle is actually doing something.
Stopped or inactive handles were a frequent source of hanging event loops.
That's why this commit changes the reference counting scheme to a model where
a handle only references the event loop when it's active. 'Active' means
different things for different handle types, e.g.:
* timers: ticking
* sockets: reading, writing or listening
* processes: always active (for now, subject to change)
* idle, check, prepare: only active when started
This commit also changes how the uv_ref() and uv_unref() functions work: they
now operate on the level of individual handles, not the whole event loop.
The Windows implementation was done by Bert Belder.
This reverts commit b450d87719.
It turns out that libeio doesn't actually leak memory but it does do an
unnecessary (and confusing!) allocation that is not free'd until after
the user callback returns.
