If an empty string is provided to LogMessageVerbSigSafe, the length of the
printed string is 0.
Read-only access only and the only effect it had was adding a linebreak or not.
X.Org Bug 80890 <http://bugs.freedesktop.org/show_bug.cgi?id=80890>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
If we're smart enough to warn, we should be smart enough to just pass it
through to the right function. Worst case we lose some formatting specifiers
which pnprintf will complain about anyway. And in most cases it won't matter.
This requires renaming pnprintf to vpnprintf and changing the size_t to int to
be compatible with Xvscnprintf. pnprintf is internal only, the others are
exported API so we can't change them as easily.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Keith Packard <keithp@keithp.com>
There's no place to log the message if writing to the log file fails,
and we surely don't want to crash in that case, so just ignore errors
and keep going.
Signed-off-by: Keith Packard <keithp@keithp.com>
Reviewed-by: Jamey Sharp <jamey@minilop.net>
These are generated in code which uses sprintf as a convenient way to
construct strings from various pieces.
Signed-off-by: Keith Packard <keithp@keithp.com>
Reviewed-by: Eric Anholt <eric@anholt.net>
This lets us stop using the 'pointer' typedef in Xdefs.h as 'pointer'
is used throughout the X server for other things, and having duplicate
names generates compiler warnings.
Signed-off-by: Keith Packard <keithp@keithp.com>
Reviewed-by: Eric Anholt <eric@anholt.net>
If we are not backing up logfiles, remove the old logfile before trying to write
a new logfile, as otherwise the operation may fail if the previous logfile was
created by a different user.
This change is useful when:
- The DDX doesn't use the logfile backup mechanism (i.e. not Xorg)
- The DDX is run by a non-root user, and then by a different non-root user
- The logfile directory doesn't have the restricted-deletion flag set
Signed-off-by: Jon TURNEY <jon.turney@dronecode.org.uk>
Acked-by: Yaakov Selkowitz <yselkowitz@users.sourceforge.net>
Reviewed-by: Yaakov Selkowitz <yselkowitz@users.sourceforge.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Backtrace logging etc. is already sigsafe, but the actual FatalError message
in response is not yet, leading to amusing logs like this:
(EE) Segmentation fault at address 0x0
(EE) BUG: triggered 'if (inSignalContext)'
(EE) BUG: log.c:499 in LogVMessageVerb()
(EE) Warning: attempting to log data in a signal unsafe manner while in
signal context.
Please update to check inSignalContext and/or use LogMessageVerbSigSafe() or
ErrorFSigSafe().
The offending log format message is:
Fatal server error:
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Keith Packard <keithp@keithp.com>
Mainly for %ld, smaller than int is propagated anyway, and %lld isn't really
used.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Keith Packard <keithp@keithp.com>
Format strings with length modifiers but missing format specifier like "%0"
will read one byte past the array size.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Keith Packard <keithp@keithp.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
If we're about to abort, we're already in the signal handler and cannot call
down to the default device cleanup routines (which reset, free, alloc, and
do a bunch of other things).
Add a new DEVICE_ABORT mode to signal a driver's DeviceProc that it must
reset the hardware if needed but do nothing else. An actual HW reset is only
required for some drivers dealing with the HW directly.
This is largely backwards-compatible, hence the input ABI minor bump only.
Drivers we care about either return BadValue on a mode that's not
DEVICE_{INIT|ON|OFF|CLOSE} or print an error and return BadValue. Exception
here is vmmouse, which currently ignores it and would not reset anything.
This should be fixed if the reset is required.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Keith Packard <keithp@keithp.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
This is the lazy man's %f support. Print the decimal part of the number,
then append a decimal point, then print the first two digits of the
fractional part. So %f in sigsafe printing is really %.2f.
No boundary checks in place here.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Keith Packard <keithp@keithp.com>
Until we have support for them, ignore any length modifiers so we don't need
to update all callers.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Keith Packard <keithp@keithp.com>
Introduced in 164b38c72f
Reported-by: Jon TURNEY <jon.turney@dronecode.org.uk>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Keith Packard <keithp@keithp.com>
Throw an error into the log file, but continue anyway. And after three
warnings, stop complaining. Not all input drivers will be fixed in time (or
ever) and our printf implementation is vastly inferior, so there is still a
use-case for non-sigsafe logging.
This also adds more linebreaks to the message.
CC: Chase Douglas <chase.douglas@canonical.com>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Chase Douglas <chase.douglas@canonical.com>
The mouse driver uses %i in some debug messages
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Chase Douglas <chase.douglas@canonical.com>
Also, print out the offending message format. This will hopefully help
developers track down unsafe logging.
Signed-off-by: Chase Douglas <chase.douglas@canonical.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
ErrorF() is not signal safe. Use ErrorSigSafe() whenever an error
message may be logged in signal context.
[whot: edited to "ErrorFSigSafe"]
Signed-off-by: Chase Douglas <chase.douglas@canonical.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
[whot: edited to use varargs, squashed commit below]
Signed-off-by: Chase Douglas <chase.douglas@canonical.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
os: fix vararg length calculation
Make %u and %x sizeof(unsigned int), %p sizeof(void*). This is printf
behaviour and we can't guarantee that void* is uint64_t anyway.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Chase Douglas <chase.douglas@canonical.com>
None of the FILE based functions are signal safe, including fileno(), so
we need to save the file descriptor for when we are in signal context.
Signed-off-by: Chase Douglas <chase.douglas@canonical.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
It is not safe to ever use an arbitrary (possibly user supplied) string as
part of the format for a *sprintf() call.
For example:
1. Name a Bluetooth keyboard "%n%n%n%n%n%n%n%n"
2. Pair it with a computer running X and try to use it
3. X is not happy when trying to do the following in xf86-input-evdev:
xf86IDrvMsg(pInfo, X_CONFIG, "Device: \"%s\"\n", device);
because LogVHdrMessageVerb() has put the %n from the device name
into a format string of the form:
"evdev: %n%n%n%n%n%n%n%n: Device: \"%s\"\n"
Instead, build up a log message in place by appending successive formatted
strings by sncprintf'ing to the end of the previous.
Signed-off-by: Daniel Kurtz <djkurtz@chromium.org>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
The current code will write a timestamps into the logFile whenever
the last message ended with a '\n' - even if the verb for that timestamp
is at too high a level. This timestamp will sit there with no matching
message until the next call to LogVWrite with a valid verb.
In other words, in some cases, timestamps in the X.org.log are for some
completely unrelated message that was previously ignored due to
insufficient verbosity, and not for the message that appears next to it
in the log file.
We keep the current policy which appears to be to only apply timestamps if
a message is actually written to a log file. That is, no timestamps on
stderr, or in the mem buffer. Therefore, the timestamp stringification
is moved to the conditional where it is used.
Since logging uses a fixed length buffer, this patch also forces a '\n'
whenever a buffer is terminated due to a too-long write request. This
allows the newline detection to work even on overflow, and also cleans up
the log a bit in the overflow case.
Signed-off-by: Daniel Kurtz <djkurtz@chromium.org>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
* space->tab
* remove comment that doesn't make any sense
Signed-off-by: Daniel Kurtz <djkurtz@chromium.org>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
This is strictly the application of the script 'x-indent-all.sh'
from util/modular. Compared to the patch that Daniel posted in
January, I've added a few indent flags:
-bap
-psl
-T PrivatePtr
-T pmWait
-T _XFUNCPROTOBEGIN
-T _XFUNCPROTOEND
-T _X_EXPORT
The typedefs were needed to make the output of sdksyms.sh match the
previous output, otherwise, the code is formatted badly enough that
sdksyms.sh generates incorrect output.
The generated code was compared with the previous version and found to
be essentially identical -- "assert" line numbers and BUILD_TIME were
the only differences found.
The comparison was done with this script:
dir1=$1
dir2=$2
for dir in $dir1 $dir2; do
(cd $dir && find . -name '*.o' | while read file; do
dir=`dirname $file`
base=`basename $file .o`
dump=$dir/$base.dump
objdump -d $file > $dump
done)
done
find $dir1 -name '*.dump' | while read dump; do
otherdump=`echo $dump | sed "s;$dir1;$dir2;"`
diff -u $dump $otherdump
done
Signed-off-by: Keith Packard <keithp@keithp.com>
Acked-by: Daniel Stone <daniel@fooishbar.org>
Acked-by: Alan Coopersmith <alan.coopersmith@oracle.com>
"log.c", line 382: warning: assignment type mismatch:
pointer to char "=" pointer to const char
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Jeremy Huddleston <jeremyhu@apple.com>
LogVHdrMessageVerb allows a custom header to be inserted in a log message,
between the Log system's MessageType string, and a formatted variable
message body. The custom header can itself be a formatted variable string.
These functions can be used, for example, by driver abstraction layers to
format specific driver messages in a standard format, but do it in a way
that is efficient, obeys the log-layers verbosity settings, and is safe
to use in signal handlers (because they don't call malloc), even for
types besides X_NONE.
Signed-off-by: Daniel Kurtz <djkurtz@chromium.org>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Also, optimize how the type and format strings are combined.
Signed-off-by: Daniel Kurtz <djkurtz@chromium.org>
Reviewed-by: Guillem Jover <guillem@hadrons.org>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Instead of just closing the log when everything is done, put one more
message in stating that we're actually terminating. Users or scripts that
look at the Xorg.log will then know that a) the server has terminated
properly and b) why the server terminated (to some degree, given that most
real-world errors will be caused by AbortServer()).
Acked-by: Gaetan Nadon <memsize@videotron.ca>
Reviewed-by: Daniel Stone <daniel@fooishbar.org>
Tested-by: Jeremy Huddleston <jeremyhu@apple.com>
Reviewed-by: Jeremy Huddleston <jeremyhu@apple.com>
Tested-by: Jon TURNEY <jon.turney@dronecode.org.uk>
Reviewed-by: Jon TURNEY <jon.turney@dronecode.org.uk>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
access.c:1492:20: error: equality comparison with extraneous parentheses [-Werror,-Wparentheses]
if ((host->family == FamilyServerInterpreted)) {
~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~
access.c:1492:20: note: use '=' to turn this equality comparison into an assignment
if ((host->family == FamilyServerInterpreted)) {
^~
=
access.c:1492:20: note: remove extraneous parentheses around the comparison to silence this warning
if ((host->family == FamilyServerInterpreted)) {
~ ^ ~
In file included from xstrans.c:8:
In file included from /usr/X11/include/X11/Xtrans/transport.c:62:
/usr/X11/include/X11/Xtrans/Xtranssock.c:262:5: error: implicit declaration of function 'ErrorF' is invalid in C99
[-Werror,-Wimplicit-function-declaration]
PRMSG (3,"SocketSelectFamily(%s)\n", family, 0, 0);
^
log.c:180:29: error: format string is not a string literal [-Werror,-Wformat-nonliteral]
if (asprintf(&logFileName, fname, display) == -1)
^~~~~
log.c:190:26: error: format string is not a string literal [-Werror,-Wformat-nonliteral]
if ((asprintf(&suffix, backup, display) == -1) ||
^~~~~~
log.c:382:25: error: format string is not a string literal [-Werror,-Wformat-nonliteral]
LogVWrite(verb, tmpBuf, args);
^~~~~~
Signed-off-by: Jeremy Huddleston <jeremyhu@apple.com>
Reviewed-by: Jamey Sharp <jamey@minilop.net>
Doesn't seem to be any reason to just not pass the error string
as another argument directly to LogVWrite()
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Mikhail Gusarov <dottedmag@dottedmag.net>
Reviewed-by: Julien Cristau <jcristau@debian.org>
This patch has been generated by the following Coccinelle semantic patch:
@@
expression E;
@@
- if (E != NULL)
- free(E);
+ free(E);
Signed-off-by: Cyril Brulebois <kibi@debian.org>
Reviewed-by: Matt Turner <mattst88@gmail.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Use the values from xproto rather than duplicating the effort
Signed-off-by: Jeremy Huddleston <jeremyhu@apple.com>
Reviewed-by: Keith Packard <keithp@keithp.com>
Signed-off-by: Keith Packard <keithp@keithp.com>