1 const char miscutil_rcs[] = "$Id: miscutil.c,v 1.80 2016/01/16 12:33:36 fabiankeil Exp $";
2 /*********************************************************************
4 * File : $Source: /cvsroot/ijbswa/current/miscutil.c,v $
6 * Purpose : zalloc, hash_string, strcmpic, strncmpic, and
7 * MinGW32 strdup functions. These are each too small
8 * to deserve their own file but don't really fit in
11 * Copyright : Written by and Copyright (C) 2001-2016 the
12 * Privoxy team. http://www.privoxy.org/
14 * Based on the Internet Junkbuster originally written
15 * by and Copyright (C) 1997 Anonymous Coders and
16 * Junkbusters Corporation. http://www.junkbusters.com
18 * The timegm replacement function was taken from GnuPG,
19 * Copyright (C) 2004 Free Software Foundation, Inc.
21 * The snprintf replacement function is written by
22 * Mark Martinec who also holds the copyright. It can be
23 * used under the terms of the GPL or the terms of the
24 * "Frontier Artistic License".
26 * This program is free software; you can redistribute it
27 * and/or modify it under the terms of the GNU General
28 * Public License as published by the Free Software
29 * Foundation; either version 2 of the License, or (at
30 * your option) any later version.
32 * This program is distributed in the hope that it will
33 * be useful, but WITHOUT ANY WARRANTY; without even the
34 * implied warranty of MERCHANTABILITY or FITNESS FOR A
35 * PARTICULAR PURPOSE. See the GNU General Public
36 * License for more details.
38 * The GNU General Public License should be included with
39 * this file. If not, you can view it at
40 * http://www.gnu.org/copyleft/gpl.html
41 * or write to the Free Software Foundation, Inc., 59
42 * Temple Place - Suite 330, Boston, MA 02111-1307, USA.
44 *********************************************************************/
50 #include <sys/types.h>
52 #if !defined(_WIN32) && !defined(__OS2__)
54 #endif /* #if !defined(_WIN32) && !defined(__OS2__) */
59 #if !defined(HAVE_TIMEGM) && defined(HAVE_TZSET) && defined(HAVE_PUTENV)
61 #endif /* !defined(HAVE_TIMEGM) && defined(HAVE_TZSET) && defined(HAVE_PUTENV) */
68 const char miscutil_h_rcs[] = MISCUTIL_H_VERSION;
70 /*********************************************************************
74 * Description : Malloc some memory and set it to '\0'.
77 * 1 : size = Size of memory chunk to return.
79 * Returns : Pointer to newly malloc'd memory chunk.
81 *********************************************************************/
82 void *zalloc(size_t size)
86 if ((ret = (void *)malloc(size)) != NULL)
96 /*********************************************************************
98 * Function : zalloc_or_die
100 * Description : zalloc wrapper that either succeeds or causes
101 * program termination.
103 * Useful in situations were the string length is
104 * "small" and zalloc() failures couldn't be handled
105 * better anyway. In case of debug builds, failures
106 * trigger an assert().
109 * 1 : size = Size of memory chunk to return.
111 * Returns : Pointer to newly malloc'd memory chunk.
113 *********************************************************************/
114 void *zalloc_or_die(size_t size)
118 buffer = zalloc(size);
121 assert(buffer != NULL);
122 log_error(LOG_LEVEL_FATAL, "Out of memory in zalloc_or_die().");
130 /*********************************************************************
132 * Function : strdup_or_die
134 * Description : strdup wrapper that either succeeds or causes
135 * program termination.
137 * Useful in situations were the string length is
138 * "small" and strdup() failures couldn't be handled
139 * better anyway. In case of debug builds, failures
140 * trigger an assert().
143 * 1 : str = String to duplicate
145 * Returns : Pointer to newly strdup'd copy of the string.
147 *********************************************************************/
148 char *strdup_or_die(const char *str)
152 new_str = strdup(str);
156 assert(new_str != NULL);
157 log_error(LOG_LEVEL_FATAL, "Out of memory in strdup_or_die().");
166 /*********************************************************************
168 * Function : malloc_or_die
170 * Description : malloc wrapper that either succeeds or causes
171 * program termination.
173 * Useful in situations were the buffer size is "small"
174 * and malloc() failures couldn't be handled better
175 * anyway. In case of debug builds, failures trigger
179 * 1 : buffer_size = Size of the space to allocate
181 * Returns : Pointer to newly malloc'd memory
183 *********************************************************************/
184 void *malloc_or_die(size_t buffer_size)
188 if (buffer_size == 0)
190 log_error(LOG_LEVEL_ERROR,
191 "malloc_or_die() called with buffer size 0");
192 assert(buffer_size != 0);
196 new_buf = malloc(buffer_size);
200 assert(new_buf != NULL);
201 log_error(LOG_LEVEL_FATAL, "Out of memory in malloc_or_die().");
211 /*********************************************************************
213 * Function : write_pid_file
215 * Description : Writes a pid file with the pid of the main process
221 *********************************************************************/
222 void write_pid_file(void)
227 * If no --pidfile option was given,
228 * we can live without one.
230 if (pidfile == NULL) return;
232 if ((fp = fopen(pidfile, "w")) == NULL)
234 log_error(LOG_LEVEL_INFO, "can't open pidfile '%s': %E", pidfile);
238 fprintf(fp, "%u\n", (unsigned int) getpid());
244 #endif /* def unix */
247 /*********************************************************************
249 * Function : hash_string
251 * Description : Take a string and compute a (hopefuly) unique numeric
252 * integer value. This is useful to "switch" a string.
255 * 1 : s : string to be hashed.
257 * Returns : The string's hash
259 *********************************************************************/
260 unsigned int hash_string(const char* s)
266 h = 5 * h + (unsigned int)*s;
274 /*********************************************************************
276 * Function : strcmpic
278 * Description : Case insensitive string comparison
281 * 1 : s1 = string 1 to compare
282 * 2 : s2 = string 2 to compare
284 * Returns : 0 if s1==s2, Negative if s1<s2, Positive if s1>s2
286 *********************************************************************/
287 int strcmpic(const char *s1, const char *s2)
294 if ((*s1 != *s2) && (privoxy_tolower(*s1) != privoxy_tolower(*s2)))
300 return(privoxy_tolower(*s1) - privoxy_tolower(*s2));
305 /*********************************************************************
307 * Function : strncmpic
309 * Description : Case insensitive string comparison (up to n characters)
312 * 1 : s1 = string 1 to compare
313 * 2 : s2 = string 2 to compare
314 * 3 : n = maximum characters to compare
316 * Returns : 0 if s1==s2, Negative if s1<s2, Positive if s1>s2
318 *********************************************************************/
319 int strncmpic(const char *s1, const char *s2, size_t n)
321 if (n <= (size_t)0) return(0);
327 if ((*s1 != *s2) && (privoxy_tolower(*s1) != privoxy_tolower(*s2)))
332 if (--n <= (size_t)0) break;
336 return(privoxy_tolower(*s1) - privoxy_tolower(*s2));
341 /*********************************************************************
345 * Description : In-situ-eliminate all leading and trailing whitespace
349 * 1 : s : string to be chomped.
351 * Returns : chomped string
353 *********************************************************************/
354 char *chomp(char *string)
359 * strip trailing whitespace
361 p = string + strlen(string);
362 while (p > string && privoxy_isspace(*(p-1)))
369 * find end of leading whitespace
372 while (*q && privoxy_isspace(*q))
378 * if there was any, move the rest forwards
393 /*********************************************************************
395 * Function : string_append
397 * Description : Reallocate target_string and append text to it.
398 * This makes it easier to append to malloc'd strings.
399 * This is similar to the (removed) strsav(), but
400 * running out of memory isn't catastrophic.
404 * The following style provides sufficient error
405 * checking for this routine, with minimal clutter
406 * in the source code. It is recommended if you
407 * have many calls to this function:
409 * char * s = strdup(...); // don't check for error
410 * string_append(&s, ...); // don't check for error
411 * string_append(&s, ...); // don't check for error
412 * string_append(&s, ...); // don't check for error
413 * if (NULL == s) { ... handle error ... }
417 * char * s = strdup(...); // don't check for error
418 * string_append(&s, ...); // don't check for error
419 * string_append(&s, ...); // don't check for error
420 * if (string_append(&s, ...)) {... handle error ...}
423 * 1 : target_string = Pointer to old text that is to be
424 * extended. *target_string will be free()d by this
425 * routine. target_string must be non-NULL.
426 * If *target_string is NULL, this routine will
427 * do nothing and return with an error - this allows
428 * you to make many calls to this routine and only
429 * check for errors after the last one.
430 * 2 : text_to_append = Text to be appended to old.
433 * Returns : JB_ERR_OK on success, and sets *target_string
434 * to newly malloc'ed appended string. Caller
435 * must free(*target_string).
436 * JB_ERR_MEMORY on out-of-memory. (And free()s
437 * *target_string and sets it to NULL).
438 * JB_ERR_MEMORY if *target_string is NULL.
440 *********************************************************************/
441 jb_err string_append(char **target_string, const char *text_to_append)
447 assert(target_string);
448 assert(text_to_append);
450 if (*target_string == NULL)
452 return JB_ERR_MEMORY;
455 if (*text_to_append == '\0')
460 old_len = strlen(*target_string);
462 new_size = strlen(text_to_append) + old_len + 1;
464 if (NULL == (new_string = realloc(*target_string, new_size)))
466 free(*target_string);
468 *target_string = NULL;
469 return JB_ERR_MEMORY;
472 strlcpy(new_string + old_len, text_to_append, new_size - old_len);
474 *target_string = new_string;
479 /*********************************************************************
481 * Function : string_join
483 * Description : Join two strings together. Frees BOTH the original
484 * strings. If either or both input strings are NULL,
485 * fails as if it had run out of memory.
487 * For comparison, string_append requires that the
488 * second string is non-NULL, and doesn't free it.
490 * Rationale: Too often, we want to do
491 * string_append(s, html_encode(s2)). That assert()s
492 * if s2 is NULL or if html_encode() runs out of memory.
493 * It also leaks memory. Proper checking is cumbersome.
494 * The solution: string_join(s, html_encode(s2)) is safe,
495 * and will free the memory allocated by html_encode().
498 * 1 : target_string = Pointer to old text that is to be
499 * extended. *target_string will be free()d by this
500 * routine. target_string must be non-NULL.
501 * 2 : text_to_append = Text to be appended to old.
503 * Returns : JB_ERR_OK on success, and sets *target_string
504 * to newly malloc'ed appended string. Caller
505 * must free(*target_string).
506 * JB_ERR_MEMORY on out-of-memory, or if
507 * *target_string or text_to_append is NULL. (In
508 * this case, frees *target_string and text_to_append,
509 * sets *target_string to NULL).
511 *********************************************************************/
512 jb_err string_join(char **target_string, char *text_to_append)
516 assert(target_string);
518 if (text_to_append == NULL)
520 freez(*target_string);
521 return JB_ERR_MEMORY;
524 err = string_append(target_string, text_to_append);
526 freez(text_to_append);
532 /*********************************************************************
534 * Function : string_toupper
536 * Description : Produce a copy of string with all convertible
537 * characters converted to uppercase.
540 * 1 : string = string to convert
542 * Returns : Uppercase copy of string if possible,
543 * NULL on out-of-memory or if string was NULL.
545 *********************************************************************/
546 char *string_toupper(const char *string)
551 if (!string || ((result = (char *) zalloc(strlen(string) + 1)) == NULL))
561 *p++ = (char)toupper((int) *q++);
569 /*********************************************************************
571 * Function : string_move
573 * Description : memmove wrapper to move the last part of a string
574 * towards the beginning, overwriting the part in
575 * the middle. strlcpy() can't be used here as the
579 * 1 : dst = Destination to overwrite
580 * 2 : src = Source to move.
584 *********************************************************************/
585 void string_move(char *dst, char *src)
589 /* +1 to copy the terminating nul as well. */
590 memmove(dst, src, strlen(src)+1);
594 /*********************************************************************
598 * Description : Duplicate the first n characters of a string that may
599 * contain '\0' characters.
602 * 1 : string = string to be duplicated
603 * 2 : len = number of bytes to duplicate
605 * Returns : pointer to copy, or NULL if failiure
607 *********************************************************************/
608 char *bindup(const char *string, size_t len)
612 duplicate = (char *)malloc(len);
613 if (NULL != duplicate)
615 memcpy(duplicate, string, len);
623 /*********************************************************************
625 * Function : make_path
627 * Description : Takes a directory name and a file name, returns
628 * the complete path. Handles windows/unix differences.
629 * If the file name is already an absolute path, or if
630 * the directory name is NULL or empty, it returns
634 * 1 : dir: Name of directory or NULL for none.
635 * 2 : file: Name of file. Should not be NULL or empty.
637 * Returns : "dir/file" (Or on windows, "dir\file").
638 * It allocates the string on the heap. Caller frees.
639 * Returns NULL in error (i.e. NULL file or out of
642 *********************************************************************/
643 char * make_path(const char * dir, const char * file)
654 strncpy(path,dir+2,512);
658 strncpy(path,dir+1,512);
663 strncpy(path,dir,512);
671 if (AddPart(path,file,512))
679 #else /* ndef AMIGA */
681 if ((file == NULL) || (*file == '\0'))
683 return NULL; /* Error */
686 if ((dir == NULL) || (*dir == '\0') /* No directory specified */
687 #if defined(_WIN32) || defined(__OS2__)
688 || (*file == '\\') || (file[1] == ':') /* Absolute path (DOS) */
689 #else /* ifndef _WIN32 || __OS2__ */
690 || (*file == '/') /* Absolute path (U*ix) */
691 #endif /* ifndef _WIN32 || __OS2__ */
699 size_t path_size = strlen(dir) + strlen(file) + 2; /* +2 for trailing (back)slash and \0 */
702 if (*dir != '/' && basedir && *basedir)
705 * Relative path, so start with the base directory.
707 path_size += strlen(basedir) + 1; /* +1 for the slash */
708 path = malloc(path_size);
709 if (!path) log_error(LOG_LEVEL_FATAL, "malloc failed!");
710 strlcpy(path, basedir, path_size);
711 strlcat(path, "/", path_size);
712 strlcat(path, dir, path_size);
715 #endif /* defined unix */
717 path = malloc(path_size);
718 if (!path) log_error(LOG_LEVEL_FATAL, "malloc failed!");
719 strlcpy(path, dir, path_size);
722 assert(NULL != path);
723 #if defined(_WIN32) || defined(__OS2__)
724 if (path[strlen(path)-1] != '\\')
726 strlcat(path, "\\", path_size);
728 #else /* ifndef _WIN32 || __OS2__ */
729 if (path[strlen(path)-1] != '/')
731 strlcat(path, "/", path_size);
733 #endif /* ifndef _WIN32 || __OS2__ */
734 strlcat(path, file, path_size);
738 #endif /* ndef AMIGA */
742 /*********************************************************************
744 * Function : pick_from_range
746 * Description : Pick a positive number out of a given range.
747 * Should only be used if randomness would be nice,
748 * but isn't really necessary.
751 * 1 : range: Highest possible number to pick.
753 * Returns : Picked number.
755 *********************************************************************/
756 long int pick_from_range(long int range)
760 static unsigned long seed = 0;
761 #endif /* def _WIN32 */
766 if (range <= 0) return 0;
769 number = random() % range + 1;
770 #elif defined(MUTEX_LOCKS_AVAILABLE)
771 privoxy_mutex_lock(&rand_mutex);
775 seed = (unsigned long)(GetCurrentThreadId()+GetTickCount());
778 seed = (unsigned long)((rand() << 16) + rand());
779 #endif /* def _WIN32 */
780 number = (unsigned long)((rand() << 16) + (rand())) % (unsigned long)(range + 1);
781 privoxy_mutex_unlock(&rand_mutex);
784 * XXX: Which platforms reach this and are there
785 * better options than just using rand() and hoping
788 log_error(LOG_LEVEL_INFO, "No thread-safe PRNG available? Header time randomization "
789 "might cause crashes, predictable results or even combine these fine options.");
790 number = rand() % (long int)(range + 1);
792 #endif /* (def HAVE_RANDOM) */
798 #ifdef USE_PRIVOXY_STRLCPY
799 /*********************************************************************
801 * Function : privoxy_strlcpy
803 * Description : strlcpy(3) look-alike for those without decent libc.
806 * 1 : destination: buffer to copy into.
807 * 2 : source: String to copy.
808 * 3 : size: Size of destination buffer.
810 * Returns : The length of the string that privoxy_strlcpy() tried to create.
812 *********************************************************************/
813 size_t privoxy_strlcpy(char *destination, const char *source, const size_t size)
817 snprintf(destination, size, "%s", source);
819 * Platforms that lack strlcpy() also tend to have
820 * a broken snprintf implementation that doesn't
821 * guarantee nul termination.
823 * XXX: the configure script should detect and reject those.
825 destination[size-1] = '\0';
827 return strlen(source);
829 #endif /* def USE_PRIVOXY_STRLCPY */
833 /*********************************************************************
835 * Function : privoxy_strlcat
837 * Description : strlcat(3) look-alike for those without decent libc.
840 * 1 : destination: C string.
841 * 2 : source: String to copy.
842 * 3 : size: Size of destination buffer.
844 * Returns : The length of the string that privoxy_strlcat() tried to create.
846 *********************************************************************/
847 size_t privoxy_strlcat(char *destination, const char *source, const size_t size)
849 const size_t old_length = strlen(destination);
850 return old_length + strlcpy(destination + old_length, source, size - old_length);
852 #endif /* ndef HAVE_STRLCAT */
855 #if !defined(HAVE_TIMEGM) && defined(HAVE_TZSET) && defined(HAVE_PUTENV)
856 /*********************************************************************
860 * Description : libc replacement function for the inverse of gmtime().
861 * Copyright (C) 2004 Free Software Foundation, Inc.
863 * Code originally copied from GnuPG, modifications done
864 * for Privoxy: style changed, #ifdefs for _WIN32 added
865 * to have it work on mingw32.
867 * XXX: It's very unlikely to happen, but if the malloc()
868 * call fails the time zone will be permanently set to UTC.
871 * 1 : tm: Broken-down time struct.
873 * Returns : tm converted into time_t seconds.
875 *********************************************************************/
876 time_t timegm(struct tm *tm)
889 old_zone = malloc(3 + strlen(zone) + 1);
892 strcpy(old_zone, "TZ=");
893 strcat(old_zone, zone);
897 #endif /* def _WIN32 */
904 #elif defined(_WIN32)
914 #endif /* !defined(HAVE_TIMEGM) && defined(HAVE_TZSET) && defined(HAVE_PUTENV) */
917 #ifndef HAVE_SNPRINTF
919 * What follows is a portable snprintf routine, written by Mark Martinec.
920 * See: http://www.ijs.si/software/snprintf/
923 - a portable implementation of snprintf,
924 including vsnprintf.c, asnprintf, vasnprintf, asprintf, vasprintf
926 snprintf is a routine to convert numeric and string arguments to
927 formatted strings. It is similar to sprintf(3) provided in a system's
928 C library, yet it requires an additional argument - the buffer size -
929 and it guarantees never to store anything beyond the given buffer,
930 regardless of the format or arguments to be formatted. Some newer
931 operating systems do provide snprintf in their C library, but many do
932 not or do provide an inadequate (slow or idiosyncratic) version, which
933 calls for a portable implementation of this routine.
937 Mark Martinec <mark.martinec@ijs.si>, April 1999, June 2000
938 Copyright © 1999, Mark Martinec
942 #define PORTABLE_SNPRINTF_VERSION_MAJOR 2
943 #define PORTABLE_SNPRINTF_VERSION_MINOR 2
945 #if defined(NEED_ASPRINTF) || defined(NEED_ASNPRINTF) || defined(NEED_VASPRINTF) || defined(NEED_VASNPRINTF)
946 # if defined(NEED_SNPRINTF_ONLY)
947 # undef NEED_SNPRINTF_ONLY
949 # if !defined(PREFER_PORTABLE_SNPRINTF)
950 # define PREFER_PORTABLE_SNPRINTF
954 #if defined(SOLARIS_BUG_COMPATIBLE) && !defined(SOLARIS_COMPATIBLE)
955 #define SOLARIS_COMPATIBLE
958 #if defined(HPUX_BUG_COMPATIBLE) && !defined(HPUX_COMPATIBLE)
959 #define HPUX_COMPATIBLE
962 #if defined(DIGITAL_UNIX_BUG_COMPATIBLE) && !defined(DIGITAL_UNIX_COMPATIBLE)
963 #define DIGITAL_UNIX_COMPATIBLE
966 #if defined(PERL_BUG_COMPATIBLE) && !defined(PERL_COMPATIBLE)
967 #define PERL_COMPATIBLE
970 #if defined(LINUX_BUG_COMPATIBLE) && !defined(LINUX_COMPATIBLE)
971 #define LINUX_COMPATIBLE
974 #include <sys/types.h>
985 #define isdigit(c) ((c) >= '0' && (c) <= '9')
987 /* For copying strings longer or equal to 'breakeven_point'
988 * it is more efficient to call memcpy() than to do it inline.
989 * The value depends mostly on the processor architecture,
990 * but also on the compiler and its optimization capabilities.
991 * The value is not critical, some small value greater than zero
992 * will be just fine if you don't care to squeeze every drop
993 * of performance out of the code.
995 * Small values favor memcpy, large values favor inline code.
997 #if defined(__alpha__) || defined(__alpha)
998 # define breakeven_point 2 /* AXP (DEC Alpha) - gcc or cc or egcs */
1000 #if defined(__i386__) || defined(__i386)
1001 # define breakeven_point 12 /* Intel Pentium/Linux - gcc 2.96 */
1004 # define breakeven_point 10 /* HP-PA - gcc */
1006 #if defined(__sparc__) || defined(__sparc)
1007 # define breakeven_point 33 /* Sun Sparc 5 - gcc 2.8.1 */
1010 /* some other values of possible interest: */
1011 /* #define breakeven_point 8 */ /* VAX 4000 - vaxc */
1012 /* #define breakeven_point 19 */ /* VAX 4000 - gcc 2.7.0 */
1014 #ifndef breakeven_point
1015 # define breakeven_point 6 /* some reasonable one-size-fits-all value */
1018 #define fast_memcpy(d,s,n) \
1019 { register size_t nn = (size_t)(n); \
1020 if (nn >= breakeven_point) memcpy((d), (s), nn); \
1021 else if (nn > 0) { /* proc call overhead is worth only for large strings*/\
1022 register char *dd; register const char *ss; \
1023 for (ss=(s), dd=(d); nn>0; nn--) *dd++ = *ss++; } }
1025 #define fast_memset(d,c,n) \
1026 { register size_t nn = (size_t)(n); \
1027 if (nn >= breakeven_point) memset((d), (int)(c), nn); \
1028 else if (nn > 0) { /* proc call overhead is worth only for large strings*/\
1029 register char *dd; register const int cc=(int)(c); \
1030 for (dd=(d); nn>0; nn--) *dd++ = cc; } }
1034 #if defined(NEED_ASPRINTF)
1035 int asprintf (char **ptr, const char *fmt, /*args*/ ...);
1037 #if defined(NEED_VASPRINTF)
1038 int vasprintf (char **ptr, const char *fmt, va_list ap);
1040 #if defined(NEED_ASNPRINTF)
1041 int asnprintf (char **ptr, size_t str_m, const char *fmt, /*args*/ ...);
1043 #if defined(NEED_VASNPRINTF)
1044 int vasnprintf (char **ptr, size_t str_m, const char *fmt, va_list ap);
1047 #if defined(HAVE_SNPRINTF)
1048 /* declare our portable snprintf routine under name portable_snprintf */
1049 /* declare our portable vsnprintf routine under name portable_vsnprintf */
1051 /* declare our portable routines under names snprintf and vsnprintf */
1052 #define portable_snprintf snprintf
1053 #if !defined(NEED_SNPRINTF_ONLY)
1054 #define portable_vsnprintf vsnprintf
1058 #if !defined(HAVE_SNPRINTF) || defined(PREFER_PORTABLE_SNPRINTF)
1059 int portable_snprintf(char *str, size_t str_m, const char *fmt, /*args*/ ...);
1060 #if !defined(NEED_SNPRINTF_ONLY)
1061 int portable_vsnprintf(char *str, size_t str_m, const char *fmt, va_list ap);
1067 static char credits[] = "\n\
1068 @(#)snprintf.c, v2.2: Mark Martinec, <mark.martinec@ijs.si>\n\
1069 @(#)snprintf.c, v2.2: Copyright 1999, Mark Martinec. Frontier Artistic License applies.\n\
1070 @(#)snprintf.c, v2.2: http://www.ijs.si/software/snprintf/\n";
1072 #if defined(NEED_ASPRINTF)
1073 int asprintf(char **ptr, const char *fmt, /*args*/ ...) {
1079 va_start(ap, fmt); /* measure the required size */
1080 str_l = portable_vsnprintf(NULL, (size_t)0, fmt, ap);
1082 assert(str_l >= 0); /* possible integer overflow if str_m > INT_MAX */
1083 *ptr = (char *) malloc(str_m = (size_t)str_l + 1);
1084 if (*ptr == NULL) { errno = ENOMEM; str_l = -1; }
1088 str_l2 = portable_vsnprintf(*ptr, str_m, fmt, ap);
1090 assert(str_l2 == str_l);
1096 #if defined(NEED_VASPRINTF)
1097 int vasprintf(char **ptr, const char *fmt, va_list ap) {
1103 va_copy(ap2, ap); /* don't consume the original ap, we'll need it again */
1104 str_l = portable_vsnprintf(NULL, (size_t)0, fmt, ap2);/*get required size*/
1107 assert(str_l >= 0); /* possible integer overflow if str_m > INT_MAX */
1108 *ptr = (char *) malloc(str_m = (size_t)str_l + 1);
1109 if (*ptr == NULL) { errno = ENOMEM; str_l = -1; }
1111 int str_l2 = portable_vsnprintf(*ptr, str_m, fmt, ap);
1112 assert(str_l2 == str_l);
1118 #if defined(NEED_ASNPRINTF)
1119 int asnprintf (char **ptr, size_t str_m, const char *fmt, /*args*/ ...) {
1124 va_start(ap, fmt); /* measure the required size */
1125 str_l = portable_vsnprintf(NULL, (size_t)0, fmt, ap);
1127 assert(str_l >= 0); /* possible integer overflow if str_m > INT_MAX */
1128 if ((size_t)str_l + 1 < str_m) str_m = (size_t)str_l + 1; /* truncate */
1129 /* if str_m is 0, no buffer is allocated, just set *ptr to NULL */
1130 if (str_m == 0) { /* not interested in resulting string, just return size */
1132 *ptr = (char *) malloc(str_m);
1133 if (*ptr == NULL) { errno = ENOMEM; str_l = -1; }
1137 str_l2 = portable_vsnprintf(*ptr, str_m, fmt, ap);
1139 assert(str_l2 == str_l);
1146 #if defined(NEED_VASNPRINTF)
1147 int vasnprintf (char **ptr, size_t str_m, const char *fmt, va_list ap) {
1152 va_copy(ap2, ap); /* don't consume the original ap, we'll need it again */
1153 str_l = portable_vsnprintf(NULL, (size_t)0, fmt, ap2);/*get required size*/
1156 assert(str_l >= 0); /* possible integer overflow if str_m > INT_MAX */
1157 if ((size_t)str_l + 1 < str_m) str_m = (size_t)str_l + 1; /* truncate */
1158 /* if str_m is 0, no buffer is allocated, just set *ptr to NULL */
1159 if (str_m == 0) { /* not interested in resulting string, just return size */
1161 *ptr = (char *) malloc(str_m);
1162 if (*ptr == NULL) { errno = ENOMEM; str_l = -1; }
1164 int str_l2 = portable_vsnprintf(*ptr, str_m, fmt, ap);
1165 assert(str_l2 == str_l);
1173 * If the system does have snprintf and the portable routine is not
1174 * specifically required, this module produces no code for snprintf/vsnprintf.
1176 #if !defined(HAVE_SNPRINTF) || defined(PREFER_PORTABLE_SNPRINTF)
1178 #if !defined(NEED_SNPRINTF_ONLY)
1179 int portable_snprintf(char *str, size_t str_m, const char *fmt, /*args*/ ...) {
1184 str_l = portable_vsnprintf(str, str_m, fmt, ap);
1190 #if defined(NEED_SNPRINTF_ONLY)
1191 int portable_snprintf(char *str, size_t str_m, const char *fmt, /*args*/ ...) {
1193 int portable_vsnprintf(char *str, size_t str_m, const char *fmt, va_list ap) {
1196 #if defined(NEED_SNPRINTF_ONLY)
1200 const char *p = fmt;
1202 /* In contrast with POSIX, the ISO C99 now says
1203 * that str can be NULL and str_m can be 0.
1204 * This is more useful than the old: if (str_m < 1) return -1; */
1206 #if defined(NEED_SNPRINTF_ONLY)
1212 /* if (str_l < str_m) str[str_l++] = *p++; -- this would be sufficient */
1213 /* but the following code achieves better performance for cases
1214 * where format string is long and contains few conversions */
1215 const char *q = strchr(p+1,'%');
1216 size_t n = !q ? strlen(p) : (q-p);
1217 if (str_l < str_m) {
1218 size_t avail = str_m-str_l;
1219 fast_memcpy(str+str_l, p, (n>avail?avail:n));
1223 const char *starting_p;
1224 size_t min_field_width = 0, precision = 0;
1225 int zero_padding = 0, precision_specified = 0, justify_left = 0;
1226 int alternate_form = 0, force_sign = 0;
1227 int space_for_positive = 1; /* If both the ' ' and '+' flags appear,
1228 the ' ' flag should be ignored. */
1229 char length_modifier = '\0'; /* allowed values: \0, h, l, L */
1230 char tmp[32];/* temporary buffer for simple numeric->string conversion */
1232 const char *str_arg; /* string address in case of string argument */
1233 size_t str_arg_l; /* natural field width of arg without padding
1235 unsigned char uchar_arg;
1236 /* unsigned char argument value - only defined for c conversion.
1237 N.B. standard explicitly states the char argument for
1238 the c conversion is unsigned */
1240 size_t number_of_zeros_to_pad = 0;
1241 /* number of zeros to be inserted for numeric conversions
1242 as required by the precision or minimal field width */
1244 size_t zero_padding_insertion_ind = 0;
1245 /* index into tmp where zero padding is to be inserted */
1247 char fmt_spec = '\0';
1248 /* current conversion specifier character */
1250 str_arg = credits;/* just to make compiler happy (defined but not used)*/
1252 starting_p = p; p++; /* skip '%' */
1254 while (*p == '0' || *p == '-' || *p == '+' ||
1255 *p == ' ' || *p == '#' || *p == '\'') {
1257 case '0': zero_padding = 1; break;
1258 case '-': justify_left = 1; break;
1259 case '+': force_sign = 1; space_for_positive = 0; break;
1260 case ' ': force_sign = 1;
1261 /* If both the ' ' and '+' flags appear, the ' ' flag should be ignored */
1262 #ifdef PERL_COMPATIBLE
1263 /* ... but in Perl the last of ' ' and '+' applies */
1264 space_for_positive = 1;
1267 case '#': alternate_form = 1; break;
1272 /* If the '0' and '-' flags both appear, the '0' flag should be ignored. */
1274 /* parse field width */
1277 p++; j = va_arg(ap, int);
1278 if (j >= 0) min_field_width = j;
1279 else { min_field_width = -j; justify_left = 1; }
1280 } else if (isdigit((int)(*p))) {
1281 /* size_t could be wider than unsigned int;
1282 make sure we treat argument like common implementations do */
1283 unsigned int uj = *p++ - '0';
1284 while (isdigit((int)(*p))) uj = 10*uj + (unsigned int)(*p++ - '0');
1285 min_field_width = uj;
1287 /* parse precision */
1289 p++; precision_specified = 1;
1291 int j = va_arg(ap, int);
1293 if (j >= 0) precision = j;
1295 precision_specified = 0; precision = 0;
1297 * Solaris 2.6 man page claims that in this case the precision
1298 * should be set to 0. Digital Unix 4.0, HPUX 10 and BSD man page
1299 * claim that this case should be treated as unspecified precision,
1300 * which is what we do here.
1303 } else if (isdigit((int)(*p))) {
1304 /* size_t could be wider than unsigned int;
1305 make sure we treat argument like common implementations do */
1306 unsigned int uj = *p++ - '0';
1307 while (isdigit((int)(*p))) uj = 10*uj + (unsigned int)(*p++ - '0');
1311 /* parse 'h', 'l' and 'll' length modifiers */
1312 if (*p == 'h' || *p == 'l') {
1313 length_modifier = *p; p++;
1314 if (length_modifier == 'l' && *p == 'l') { /* double l = long long */
1315 #ifdef SNPRINTF_LONGLONG_SUPPORT
1316 length_modifier = '2'; /* double l encoded as '2' */
1318 length_modifier = 'l'; /* treat it as a single 'l' */
1324 /* common synonyms: */
1326 case 'i': fmt_spec = 'd'; break;
1327 case 'D': fmt_spec = 'd'; length_modifier = 'l'; break;
1328 case 'U': fmt_spec = 'u'; length_modifier = 'l'; break;
1329 case 'O': fmt_spec = 'o'; length_modifier = 'l'; break;
1332 /* get parameter value, do initial processing */
1334 case '%': /* % behaves similar to 's' regarding flags and field widths */
1335 case 'c': /* c behaves similar to 's' regarding flags and field widths */
1337 length_modifier = '\0'; /* wint_t and wchar_t not supported */
1338 /* the result of zero padding flag with non-numeric conversion specifier*/
1339 /* is undefined. Solaris and HPUX 10 does zero padding in this case, */
1340 /* Digital Unix and Linux does not. */
1341 #if !defined(SOLARIS_COMPATIBLE) && !defined(HPUX_COMPATIBLE)
1342 zero_padding = 0; /* turn zero padding off for string conversions */
1349 int j = va_arg(ap, int);
1350 uchar_arg = (unsigned char) j; /* standard demands unsigned char */
1351 str_arg = (const char *) &uchar_arg;
1355 str_arg = va_arg(ap, const char *);
1356 if (!str_arg) str_arg_l = 0;
1357 /* make sure not to address string beyond the specified precision !!! */
1358 else if (!precision_specified) str_arg_l = strlen(str_arg);
1359 /* truncate string if necessary as requested by precision */
1360 else if (precision == 0) str_arg_l = 0;
1362 /* memchr on HP does not like n > 2^31 !!! */
1363 const char *q = memchr(str_arg, '\0',
1364 precision <= 0x7fffffff ? precision : 0x7fffffff);
1365 str_arg_l = !q ? precision : (q-str_arg);
1371 case 'd': case 'u': case 'o': case 'x': case 'X': case 'p': {
1372 /* NOTE: the u, o, x, X and p conversion specifiers imply
1373 the value is unsigned; d implies a signed value */
1376 /* 0 if numeric argument is zero (or if pointer is NULL for 'p'),
1377 +1 if greater than zero (or nonzero for unsigned arguments),
1378 -1 if negative (unsigned argument is never negative) */
1380 int int_arg = 0; unsigned int uint_arg = 0;
1381 /* only defined for length modifier h, or for no length modifiers */
1383 long int long_arg = 0; unsigned long int ulong_arg = 0;
1384 /* only defined for length modifier l */
1386 void *ptr_arg = NULL;
1387 /* pointer argument value -only defined for p conversion */
1389 #ifdef SNPRINTF_LONGLONG_SUPPORT
1390 long long int long_long_arg = 0;
1391 unsigned long long int ulong_long_arg = 0;
1392 /* only defined for length modifier ll */
1394 if (fmt_spec == 'p') {
1395 /* HPUX 10: An l, h, ll or L before any other conversion character
1396 * (other than d, i, u, o, x, or X) is ignored.
1398 * not specified, but seems to behave as HPUX does.
1399 * Solaris: If an h, l, or L appears before any other conversion
1400 * specifier (other than d, i, u, o, x, or X), the behavior
1401 * is undefined. (Actually %hp converts only 16-bits of address
1402 * and %llp treats address as 64-bit data which is incompatible
1403 * with (void *) argument on a 32-bit system).
1405 #ifdef SOLARIS_COMPATIBLE
1406 # ifdef SOLARIS_BUG_COMPATIBLE
1407 /* keep length modifiers even if it represents 'll' */
1409 if (length_modifier == '2') length_modifier = '\0';
1412 length_modifier = '\0';
1414 ptr_arg = va_arg(ap, void *);
1415 if (ptr_arg != NULL) arg_sign = 1;
1416 } else if (fmt_spec == 'd') { /* signed */
1417 switch (length_modifier) {
1420 /* It is non-portable to specify a second argument of char or short
1421 * to va_arg, because arguments seen by the called function
1422 * are not char or short. C converts char and short arguments
1423 * to int before passing them to a function.
1425 int_arg = va_arg(ap, int);
1426 if (int_arg > 0) arg_sign = 1;
1427 else if (int_arg < 0) arg_sign = -1;
1430 long_arg = va_arg(ap, long int);
1431 if (long_arg > 0) arg_sign = 1;
1432 else if (long_arg < 0) arg_sign = -1;
1434 #ifdef SNPRINTF_LONGLONG_SUPPORT
1436 long_long_arg = va_arg(ap, long long int);
1437 if (long_long_arg > 0) arg_sign = 1;
1438 else if (long_long_arg < 0) arg_sign = -1;
1442 } else { /* unsigned */
1443 switch (length_modifier) {
1446 uint_arg = va_arg(ap, unsigned int);
1447 if (uint_arg) arg_sign = 1;
1450 ulong_arg = va_arg(ap, unsigned long int);
1451 if (ulong_arg) arg_sign = 1;
1453 #ifdef SNPRINTF_LONGLONG_SUPPORT
1455 ulong_long_arg = va_arg(ap, unsigned long long int);
1456 if (ulong_long_arg) arg_sign = 1;
1461 str_arg = tmp; str_arg_l = 0;
1463 * For d, i, u, o, x, and X conversions, if precision is specified,
1464 * the '0' flag should be ignored. This is so with Solaris 2.6,
1465 * Digital UNIX 4.0, HPUX 10, Linux, FreeBSD, NetBSD; but not with Perl.
1467 #ifndef PERL_COMPATIBLE
1468 if (precision_specified) zero_padding = 0;
1470 if (fmt_spec == 'd') {
1471 if (force_sign && arg_sign >= 0)
1472 tmp[str_arg_l++] = space_for_positive ? ' ' : '+';
1473 /* leave negative numbers for sprintf to handle,
1474 to avoid handling tricky cases like (short int)(-32768) */
1475 #ifdef LINUX_COMPATIBLE
1476 } else if (fmt_spec == 'p' && force_sign && arg_sign > 0) {
1477 tmp[str_arg_l++] = space_for_positive ? ' ' : '+';
1479 } else if (alternate_form) {
1480 if (arg_sign != 0 && (fmt_spec == 'x' || fmt_spec == 'X') )
1481 { tmp[str_arg_l++] = '0'; tmp[str_arg_l++] = fmt_spec; }
1482 /* alternate form should have no effect for p conversion, but ... */
1483 #ifdef HPUX_COMPATIBLE
1484 else if (fmt_spec == 'p'
1485 /* HPUX 10: for an alternate form of p conversion,
1486 * a nonzero result is prefixed by 0x. */
1487 #ifndef HPUX_BUG_COMPATIBLE
1488 /* Actually it uses 0x prefix even for a zero value. */
1491 ) { tmp[str_arg_l++] = '0'; tmp[str_arg_l++] = 'x'; }
1494 zero_padding_insertion_ind = str_arg_l;
1495 if (!precision_specified) precision = 1; /* default precision is 1 */
1496 if (precision == 0 && arg_sign == 0
1497 #if defined(HPUX_BUG_COMPATIBLE) || defined(LINUX_COMPATIBLE)
1499 /* HPUX 10 man page claims: With conversion character p the result of
1500 * converting a zero value with a precision of zero is a null string.
1501 * Actually HP returns all zeroes, and Linux returns "(nil)". */
1504 /* converted to null string */
1505 /* When zero value is formatted with an explicit precision 0,
1506 the resulting formatted string is empty (d, i, u, o, x, X, p). */
1508 char f[5]; int f_l = 0;
1509 f[f_l++] = '%'; /* construct a simple format string for sprintf */
1510 if (!length_modifier) { }
1511 else if (length_modifier=='2') { f[f_l++] = 'l'; f[f_l++] = 'l'; }
1512 else f[f_l++] = length_modifier;
1513 f[f_l++] = fmt_spec; f[f_l++] = '\0';
1514 if (fmt_spec == 'p') str_arg_l += sprintf(tmp+str_arg_l, f, ptr_arg);
1515 else if (fmt_spec == 'd') { /* signed */
1516 switch (length_modifier) {
1518 case 'h': str_arg_l+=sprintf(tmp+str_arg_l, f, int_arg); break;
1519 case 'l': str_arg_l+=sprintf(tmp+str_arg_l, f, long_arg); break;
1520 #ifdef SNPRINTF_LONGLONG_SUPPORT
1521 case '2': str_arg_l+=sprintf(tmp+str_arg_l,f,long_long_arg); break;
1524 } else { /* unsigned */
1525 switch (length_modifier) {
1527 case 'h': str_arg_l+=sprintf(tmp+str_arg_l, f, uint_arg); break;
1528 case 'l': str_arg_l+=sprintf(tmp+str_arg_l, f, ulong_arg); break;
1529 #ifdef SNPRINTF_LONGLONG_SUPPORT
1530 case '2': str_arg_l+=sprintf(tmp+str_arg_l,f,ulong_long_arg);break;
1534 /* include the optional minus sign and possible "0x"
1535 in the region before the zero padding insertion point */
1536 if (zero_padding_insertion_ind < str_arg_l &&
1537 tmp[zero_padding_insertion_ind] == '-') {
1538 zero_padding_insertion_ind++;
1540 if (zero_padding_insertion_ind+1 < str_arg_l &&
1541 tmp[zero_padding_insertion_ind] == '0' &&
1542 (tmp[zero_padding_insertion_ind+1] == 'x' ||
1543 tmp[zero_padding_insertion_ind+1] == 'X') ) {
1544 zero_padding_insertion_ind += 2;
1547 { size_t num_of_digits = str_arg_l - zero_padding_insertion_ind;
1548 if (alternate_form && fmt_spec == 'o'
1549 #ifdef HPUX_COMPATIBLE /* ("%#.o",0) -> "" */
1552 #ifdef DIGITAL_UNIX_BUG_COMPATIBLE /* ("%#o",0) -> "00" */
1554 /* unless zero is already the first character */
1555 && !(zero_padding_insertion_ind < str_arg_l
1556 && tmp[zero_padding_insertion_ind] == '0')
1558 ) { /* assure leading zero for alternate-form octal numbers */
1559 if (!precision_specified || precision < num_of_digits+1) {
1560 /* precision is increased to force the first character to be zero,
1561 except if a zero value is formatted with an explicit precision
1563 precision = num_of_digits+1; precision_specified = 1;
1566 /* zero padding to specified precision? */
1567 if (num_of_digits < precision)
1568 number_of_zeros_to_pad = precision - num_of_digits;
1570 /* zero padding to specified minimal field width? */
1571 if (!justify_left && zero_padding) {
1572 int n = min_field_width - (str_arg_l+number_of_zeros_to_pad);
1573 if (n > 0) number_of_zeros_to_pad += n;
1577 default: /* unrecognized conversion specifier, keep format string as-is*/
1578 zero_padding = 0; /* turn zero padding off for non-numeric convers. */
1579 #ifndef DIGITAL_UNIX_COMPATIBLE
1580 justify_left = 1; min_field_width = 0; /* reset flags */
1582 #if defined(PERL_COMPATIBLE) || defined(LINUX_COMPATIBLE)
1583 /* keep the entire format string unchanged */
1584 str_arg = starting_p; str_arg_l = p - starting_p;
1585 /* well, not exactly so for Linux, which does something between,
1586 * and I don't feel an urge to imitate it: "%+++++hy" -> "%+y" */
1588 /* discard the unrecognized conversion, just keep *
1589 * the unrecognized conversion character */
1590 str_arg = p; str_arg_l = 0;
1592 if (*p) str_arg_l++; /* include invalid conversion specifier unchanged
1593 if not at end-of-string */
1596 if (*p) p++; /* step over the just processed conversion specifier */
1597 /* insert padding to the left as requested by min_field_width;
1598 this does not include the zero padding in case of numerical conversions*/
1599 if (!justify_left) { /* left padding with blank or zero */
1600 int n = min_field_width - (str_arg_l+number_of_zeros_to_pad);
1602 if (str_l < str_m) {
1603 size_t avail = str_m-str_l;
1604 fast_memset(str+str_l, (zero_padding?'0':' '), (n>avail?avail:n));
1609 /* zero padding as requested by the precision or by the minimal field width
1610 * for numeric conversions required? */
1611 if (number_of_zeros_to_pad <= 0) {
1612 /* will not copy first part of numeric right now, *
1613 * force it to be copied later in its entirety */
1614 zero_padding_insertion_ind = 0;
1616 /* insert first part of numerics (sign or '0x') before zero padding */
1617 int n = zero_padding_insertion_ind;
1619 if (str_l < str_m) {
1620 size_t avail = str_m-str_l;
1621 fast_memcpy(str+str_l, str_arg, (n>avail?avail:n));
1625 /* insert zero padding as requested by the precision or min field width */
1626 n = number_of_zeros_to_pad;
1628 if (str_l < str_m) {
1629 size_t avail = str_m-str_l;
1630 fast_memset(str+str_l, '0', (n>avail?avail:n));
1635 /* insert formatted string
1636 * (or as-is conversion specifier for unknown conversions) */
1637 { int n = str_arg_l - zero_padding_insertion_ind;
1639 if (str_l < str_m) {
1640 size_t avail = str_m-str_l;
1641 fast_memcpy(str+str_l, str_arg+zero_padding_insertion_ind,
1647 /* insert right padding */
1648 if (justify_left) { /* right blank padding to the field width */
1649 int n = min_field_width - (str_arg_l+number_of_zeros_to_pad);
1651 if (str_l < str_m) {
1652 size_t avail = str_m-str_l;
1653 fast_memset(str+str_l, ' ', (n>avail?avail:n));
1660 #if defined(NEED_SNPRINTF_ONLY)
1663 if (str_m > 0) { /* make sure the string is null-terminated
1664 even at the expense of overwriting the last character
1665 (shouldn't happen, but just in case) */
1666 str[str_l <= str_m-1 ? str_l : str_m-1] = '\0';
1668 /* Return the number of characters formatted (excluding trailing null
1669 * character), that is, the number of characters that would have been
1670 * written to the buffer if it were large enough.
1672 * The value of str_l should be returned, but str_l is of unsigned type
1673 * size_t, and snprintf is int, possibly leading to an undetected
1674 * integer overflow, resulting in a negative return value, which is illegal.
1675 * Both XSH5 and ISO C99 (at least the draft) are silent on this issue.
1676 * Should errno be set to EOVERFLOW and EOF returned in this case???
1681 #endif /* ndef HAVE_SNPRINTF */