in the new file i/o functions, my own setting
of errno should be done with set_err. this
avoids clobbering what the real libc set.
Signed-off-by: Leah Rowe <leah@libreboot.org>
i set it to ecanceled before. now i set it more
appropriately, for each type of error.
where a real syscall was called, or my file i/o
functions are used, err() is called with errno
itself as input, to avoid clobbering real errno.
Signed-off-by: Leah Rowe <leah@libreboot.org>
in practise it's ok, but some compilers might complain.
all this change costs is a bit of branching inside a
loop, but compilers will sort that out.
Signed-off-by: Leah Rowe <leah@libreboot.org>
preventative fix, since the values are currently
quite tiny. this new check is the same, but goes
the other way to eliminate overflow.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the old one assumes that ssize_t is signed size_t,
which let's face it, is always true in practise,
but not actually guaranteed!
so now i'm using one that's even more pedantic.
Signed-off-by: Leah Rowe <leah@libreboot.org>
just use errno itself as input to err
if unset, it's set to ECANCELED anyway
i really should rewrite the error handling
to not use errno at some point. it's a bit
unreliable, on some unix systems.
Signed-off-by: Leah Rowe <leah@libreboot.org>
if it resets it on success, that is!
theoretically possible. we must preserve errno.
normally i'm a bit more casual about it, but this
function is replicating libc, so i must be strict
Signed-off-by: Leah Rowe <leah@libreboot.org>
size_t may be unsigned long long, but lu
is for unsigned long. the integer is small
enough that we don't need to worry, so let's
just cast it accordingly (inside err)
Signed-off-by: Leah Rowe <leah@libreboot.org>
always set it. the current logic only sets it if
valid, but invalid doesn't, relying on global
initialisation. this check sets it explicitly.
Signed-off-by: Leah Rowe <leah@libreboot.org>
it currently only does so on success, but errors will
leave the file descriptor corrupted.
reset it accordingly.
Signed-off-by: Leah Rowe <leah@libreboot.org>
currently it returns success, if restoring a
previous offset failed. this leaves descriptor
corrupted when the caller thinks otherwise
return -1 instead, so that the caller can treat
it as an error, relying on whatever lseek had
set for errno
Signed-off-by: Leah Rowe <leah@libreboot.org>
check that it's below len, not above it. that way, it
will now exit if it goes above (which it shouldn't,
but it theoretically could if the code was changed
and there was a regression or subtle edge case)
Signed-off-by: Leah Rowe <leah@libreboot.org>
with the other changes made recently, super old
compilers now work.
yes, i needed to change some specifiers in printf.
typedefs provided for uint, and a define included
X OPEN SOURCE 500. and asserts for integers.
Signed-off-by: Leah Rowe <leah@libreboot.org>
just use /dev/urandom and fall back to /dev/random
this is what i was doing for years. this combined
with other changes, and the new prw() function
for i/o, means portability should be pretty high
now. i will actually start testing nvmutil on old
bsd systems from the 90s later.
Signed-off-by: Leah Rowe <leah@libreboot.org>
in case any stale errors are present.
at this point, we know that the code is likely
safe and that nothing happened, because we quite
obsessively call err() before that point.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the current one assumes two's compliment and no
padding bits. i assert two's compliment earlier
in code, but it doesn't guarantee:
sizeof(ssize_t) == sizeof(size_t)
it's theoretically possible that size_t=64
and ssize_t=32, and then the macro would break.
this new version uses SIZE_MAX instead, without
subtraction, but halves it using a bit shift.
this may still break, but it should work nicely.
Signed-off-by: Leah Rowe <leah@libreboot.org>
