1 /*********************************************************************
3 * File : $Source: /cvsroot/ijbswa/current/miscutil.c,v $
5 * Purpose : zalloc, hash_string, strcmpic, strncmpic, and
6 * MinGW32 strdup functions. These are each too small
7 * to deserve their own file but don't really fit in
10 * Copyright : Written by and Copyright (C) 2001-2016 the
11 * Privoxy team. http://www.privoxy.org/
13 * Based on the Internet Junkbuster originally written
14 * by and Copyright (C) 1997 Anonymous Coders and
15 * Junkbusters Corporation. http://www.junkbusters.com
17 * The timegm replacement function was taken from GnuPG,
18 * Copyright (C) 2004 Free Software Foundation, Inc.
20 * The snprintf replacement function is written by
21 * Mark Martinec who also holds the copyright. It can be
22 * used under the terms of the GPL or the terms of the
23 * "Frontier Artistic License".
25 * This program is free software; you can redistribute it
26 * and/or modify it under the terms of the GNU General
27 * Public License as published by the Free Software
28 * Foundation; either version 2 of the License, or (at
29 * your option) any later version.
31 * This program is distributed in the hope that it will
32 * be useful, but WITHOUT ANY WARRANTY; without even the
33 * implied warranty of MERCHANTABILITY or FITNESS FOR A
34 * PARTICULAR PURPOSE. See the GNU General Public
35 * License for more details.
37 * The GNU General Public License should be included with
38 * this file. If not, you can view it at
39 * http://www.gnu.org/copyleft/gpl.html
40 * or write to the Free Software Foundation, Inc., 59
41 * Temple Place - Suite 330, Boston, MA 02111-1307, USA.
43 *********************************************************************/
49 #include <sys/types.h>
51 #if !defined(_WIN32) && !defined(__OS2__)
53 #endif /* #if !defined(_WIN32) && !defined(__OS2__) */
58 #if !defined(HAVE_TIMEGM) && defined(HAVE_TZSET) && defined(HAVE_PUTENV)
60 #endif /* !defined(HAVE_TIMEGM) && defined(HAVE_TZSET) && defined(HAVE_PUTENV) */
66 /*********************************************************************
70 * Description : Returns allocated memory that is initialized
74 * 1 : size = Size of memory chunk to return.
76 * Returns : Pointer to newly alloc'd memory chunk.
78 *********************************************************************/
79 void *zalloc(size_t size)
84 ret = calloc(1, size);
86 #warning calloc appears to be unavailable. Your platform will become unsupported in the future
87 if ((ret = (void *)malloc(size)) != NULL)
98 /*********************************************************************
100 * Function : zalloc_or_die
102 * Description : zalloc wrapper that either succeeds or causes
103 * program termination.
105 * Useful in situations were the string length is
106 * "small" and zalloc() failures couldn't be handled
107 * better anyway. In case of debug builds, failures
108 * trigger an assert().
111 * 1 : size = Size of memory chunk to return.
113 * Returns : Pointer to newly malloc'd memory chunk.
115 *********************************************************************/
116 void *zalloc_or_die(size_t size)
120 buffer = zalloc(size);
123 assert(buffer != NULL);
124 log_error(LOG_LEVEL_FATAL, "Out of memory in zalloc_or_die().");
132 /*********************************************************************
134 * Function : strdup_or_die
136 * Description : strdup wrapper that either succeeds or causes
137 * program termination.
139 * Useful in situations were the string length is
140 * "small" and strdup() failures couldn't be handled
141 * better anyway. In case of debug builds, failures
142 * trigger an assert().
145 * 1 : str = String to duplicate
147 * Returns : Pointer to newly strdup'd copy of the string.
149 *********************************************************************/
150 char *strdup_or_die(const char *str)
154 new_str = strdup(str);
158 assert(new_str != NULL);
159 log_error(LOG_LEVEL_FATAL, "Out of memory in strdup_or_die().");
168 /*********************************************************************
170 * Function : malloc_or_die
172 * Description : malloc wrapper that either succeeds or causes
173 * program termination.
175 * Useful in situations were the buffer size is "small"
176 * and malloc() failures couldn't be handled better
177 * anyway. In case of debug builds, failures trigger
181 * 1 : buffer_size = Size of the space to allocate
183 * Returns : Pointer to newly malloc'd memory
185 *********************************************************************/
186 void *malloc_or_die(size_t buffer_size)
190 if (buffer_size == 0)
192 log_error(LOG_LEVEL_ERROR,
193 "malloc_or_die() called with buffer size 0");
194 assert(buffer_size != 0);
198 new_buf = malloc(buffer_size);
202 assert(new_buf != NULL);
203 log_error(LOG_LEVEL_FATAL, "Out of memory in malloc_or_die().");
213 /*********************************************************************
215 * Function : write_pid_file
217 * Description : Writes a pid file with the pid of the main process.
218 * Exits if the file can't be opened
221 * 1 : pidfile = Path of the pidfile that gets created.
225 *********************************************************************/
226 void write_pid_file(const char *pidfile)
230 if ((fp = fopen(pidfile, "w")) == NULL)
232 log_error(LOG_LEVEL_FATAL, "can't open pidfile '%s': %E", pidfile);
236 fprintf(fp, "%u\n", (unsigned int) getpid());
242 #endif /* def unix */
245 /*********************************************************************
247 * Function : hash_string
249 * Description : Take a string and compute a (hopefuly) unique numeric
250 * integer value. This is useful to "switch" a string.
253 * 1 : s : string to be hashed.
255 * Returns : The string's hash
257 *********************************************************************/
258 unsigned int hash_string(const char* s)
264 h = 5 * h + (unsigned int)*s;
272 /*********************************************************************
274 * Function : strcmpic
276 * Description : Case insensitive string comparison
279 * 1 : s1 = string 1 to compare
280 * 2 : s2 = string 2 to compare
282 * Returns : 0 if s1==s2, Negative if s1<s2, Positive if s1>s2
284 *********************************************************************/
285 int strcmpic(const char *s1, const char *s2)
292 if ((*s1 != *s2) && (privoxy_tolower(*s1) != privoxy_tolower(*s2)))
298 return(privoxy_tolower(*s1) - privoxy_tolower(*s2));
303 /*********************************************************************
305 * Function : strncmpic
307 * Description : Case insensitive string comparison (up to n characters)
310 * 1 : s1 = string 1 to compare
311 * 2 : s2 = string 2 to compare
312 * 3 : n = maximum characters to compare
314 * Returns : 0 if s1==s2, Negative if s1<s2, Positive if s1>s2
316 *********************************************************************/
317 int strncmpic(const char *s1, const char *s2, size_t n)
319 if (n <= (size_t)0) return(0);
325 if ((*s1 != *s2) && (privoxy_tolower(*s1) != privoxy_tolower(*s2)))
330 if (--n <= (size_t)0) break;
334 return(privoxy_tolower(*s1) - privoxy_tolower(*s2));
339 /*********************************************************************
343 * Description : In-situ-eliminate all leading and trailing whitespace
347 * 1 : s : string to be chomped.
349 * Returns : chomped string
351 *********************************************************************/
352 char *chomp(char *string)
357 * strip trailing whitespace
359 p = string + strlen(string);
360 while (p > string && privoxy_isspace(*(p-1)))
367 * find end of leading whitespace
370 while (*q && privoxy_isspace(*q))
376 * if there was any, move the rest forwards
391 /*********************************************************************
393 * Function : string_append
395 * Description : Reallocate target_string and append text to it.
396 * This makes it easier to append to malloc'd strings.
397 * This is similar to the (removed) strsav(), but
398 * running out of memory isn't catastrophic.
402 * The following style provides sufficient error
403 * checking for this routine, with minimal clutter
404 * in the source code. It is recommended if you
405 * have many calls to this function:
407 * char * s = strdup(...); // don't check for error
408 * string_append(&s, ...); // don't check for error
409 * string_append(&s, ...); // don't check for error
410 * string_append(&s, ...); // don't check for error
411 * if (NULL == s) { ... handle error ... }
415 * char * s = strdup(...); // don't check for error
416 * string_append(&s, ...); // don't check for error
417 * string_append(&s, ...); // don't check for error
418 * if (string_append(&s, ...)) {... handle error ...}
421 * 1 : target_string = Pointer to old text that is to be
422 * extended. *target_string will be free()d by this
423 * routine. target_string must be non-NULL.
424 * If *target_string is NULL, this routine will
425 * do nothing and return with an error - this allows
426 * you to make many calls to this routine and only
427 * check for errors after the last one.
428 * 2 : text_to_append = Text to be appended to old.
431 * Returns : JB_ERR_OK on success, and sets *target_string
432 * to newly malloc'ed appended string. Caller
433 * must free(*target_string).
434 * JB_ERR_MEMORY on out-of-memory. (And free()s
435 * *target_string and sets it to NULL).
436 * JB_ERR_MEMORY if *target_string is NULL.
438 *********************************************************************/
439 jb_err string_append(char **target_string, const char *text_to_append)
445 assert(target_string);
446 assert(text_to_append);
448 if (*target_string == NULL)
450 return JB_ERR_MEMORY;
453 if (*text_to_append == '\0')
458 old_len = strlen(*target_string);
460 new_size = strlen(text_to_append) + old_len + 1;
462 if (NULL == (new_string = realloc(*target_string, new_size)))
464 free(*target_string);
466 *target_string = NULL;
467 return JB_ERR_MEMORY;
470 strlcpy(new_string + old_len, text_to_append, new_size - old_len);
472 *target_string = new_string;
477 /*********************************************************************
479 * Function : string_join
481 * Description : Join two strings together. Frees BOTH the original
482 * strings. If either or both input strings are NULL,
483 * fails as if it had run out of memory.
485 * For comparison, string_append requires that the
486 * second string is non-NULL, and doesn't free it.
488 * Rationale: Too often, we want to do
489 * string_append(s, html_encode(s2)). That assert()s
490 * if s2 is NULL or if html_encode() runs out of memory.
491 * It also leaks memory. Proper checking is cumbersome.
492 * The solution: string_join(s, html_encode(s2)) is safe,
493 * and will free the memory allocated by html_encode().
496 * 1 : target_string = Pointer to old text that is to be
497 * extended. *target_string will be free()d by this
498 * routine. target_string must be non-NULL.
499 * 2 : text_to_append = Text to be appended to old.
501 * Returns : JB_ERR_OK on success, and sets *target_string
502 * to newly malloc'ed appended string. Caller
503 * must free(*target_string).
504 * JB_ERR_MEMORY on out-of-memory, or if
505 * *target_string or text_to_append is NULL. (In
506 * this case, frees *target_string and text_to_append,
507 * sets *target_string to NULL).
509 *********************************************************************/
510 jb_err string_join(char **target_string, char *text_to_append)
514 assert(target_string);
516 if (text_to_append == NULL)
518 freez(*target_string);
519 return JB_ERR_MEMORY;
522 err = string_append(target_string, text_to_append);
524 freez(text_to_append);
530 /*********************************************************************
532 * Function : string_toupper
534 * Description : Produce a copy of string with all convertible
535 * characters converted to uppercase.
538 * 1 : string = string to convert
540 * Returns : Uppercase copy of string if possible,
541 * NULL on out-of-memory or if string was NULL.
543 *********************************************************************/
544 char *string_toupper(const char *string)
549 if (!string || ((result = (char *) zalloc(strlen(string) + 1)) == NULL))
559 *p++ = (char)toupper((int) *q++);
567 /*********************************************************************
569 * Function : string_move
571 * Description : memmove wrapper to move the last part of a string
572 * towards the beginning, overwriting the part in
573 * the middle. strlcpy() can't be used here as the
577 * 1 : dst = Destination to overwrite
578 * 2 : src = Source to move.
582 *********************************************************************/
583 void string_move(char *dst, char *src)
587 /* +1 to copy the terminating nul as well. */
588 memmove(dst, src, strlen(src)+1);
592 /*********************************************************************
596 * Description : Duplicate the first n characters of a string that may
597 * contain '\0' characters.
600 * 1 : string = string to be duplicated
601 * 2 : len = number of bytes to duplicate
603 * Returns : pointer to copy, or NULL if failiure
605 *********************************************************************/
606 char *bindup(const char *string, size_t len)
610 duplicate = (char *)malloc(len);
611 if (NULL != duplicate)
613 memcpy(duplicate, string, len);
621 /*********************************************************************
623 * Function : make_path
625 * Description : Takes a directory name and a file name, returns
626 * the complete path. Handles windows/unix differences.
627 * If the file name is already an absolute path, or if
628 * the directory name is NULL or empty, it returns
632 * 1 : dir: Name of directory or NULL for none.
633 * 2 : file: Name of file. Should not be NULL or empty.
635 * Returns : "dir/file" (Or on windows, "dir\file").
636 * It allocates the string on the heap. Caller frees.
637 * Returns NULL in error (i.e. NULL file or out of
640 *********************************************************************/
641 char * make_path(const char * dir, const char * file)
652 strncpy(path,dir+2,512);
656 strncpy(path,dir+1,512);
661 strncpy(path,dir,512);
669 if (AddPart(path,file,512))
677 #else /* ndef AMIGA */
679 if ((file == NULL) || (*file == '\0'))
681 return NULL; /* Error */
684 if ((dir == NULL) || (*dir == '\0') /* No directory specified */
685 #if defined(_WIN32) || defined(__OS2__)
686 || (*file == '\\') || (file[1] == ':') /* Absolute path (DOS) */
687 #else /* ifndef _WIN32 || __OS2__ */
688 || (*file == '/') /* Absolute path (U*ix) */
689 #endif /* ifndef _WIN32 || __OS2__ */
697 size_t path_size = strlen(dir) + strlen(file) + 2; /* +2 for trailing (back)slash and \0 */
700 if (*dir != '/' && basedir && *basedir)
703 * Relative path, so start with the base directory.
705 path_size += strlen(basedir) + 1; /* +1 for the slash */
706 path = malloc(path_size);
707 if (!path) log_error(LOG_LEVEL_FATAL, "malloc failed!");
708 strlcpy(path, basedir, path_size);
709 strlcat(path, "/", path_size);
710 strlcat(path, dir, path_size);
713 #endif /* defined unix */
715 path = malloc(path_size);
716 if (!path) log_error(LOG_LEVEL_FATAL, "malloc failed!");
717 strlcpy(path, dir, path_size);
720 assert(NULL != path);
721 #if defined(_WIN32) || defined(__OS2__)
722 if (path[strlen(path)-1] != '\\')
724 strlcat(path, "\\", path_size);
726 #else /* ifndef _WIN32 || __OS2__ */
727 if (path[strlen(path)-1] != '/')
729 strlcat(path, "/", path_size);
731 #endif /* ifndef _WIN32 || __OS2__ */
732 strlcat(path, file, path_size);
736 #endif /* ndef AMIGA */
740 /*********************************************************************
742 * Function : pick_from_range
744 * Description : Pick a positive number out of a given range.
745 * Should only be used if randomness would be nice,
746 * but isn't really necessary.
749 * 1 : range: Highest possible number to pick.
751 * Returns : Picked number.
753 *********************************************************************/
754 long int pick_from_range(long int range)
758 static unsigned long seed = 0;
759 #endif /* def _WIN32 */
764 if (range <= 0) return 0;
766 #ifdef HAVE_ARC4RANDOM
767 number = arc4random() % range + 1;
768 #elif defined(HAVE_RANDOM)
769 number = random() % range + 1;
770 #elif defined(MUTEX_LOCKS_AVAILABLE)
771 privoxy_mutex_lock(&rand_mutex);
775 seed = (unsigned long)(GetCurrentThreadId()+GetTickCount());
778 seed = (unsigned long)((rand() << 16) + rand());
779 #endif /* def _WIN32 */
780 number = (unsigned long)((rand() << 16) + (rand())) % (unsigned long)(range + 1);
781 privoxy_mutex_unlock(&rand_mutex);
784 * XXX: Which platforms reach this and are there
785 * better options than just using rand() and hoping
788 log_error(LOG_LEVEL_INFO, "No thread-safe PRNG available? Header time randomization "
789 "might cause crashes, predictable results or even combine these fine options.");
790 number = rand() % (long int)(range + 1);
792 #endif /* (def HAVE_ARC4RANDOM) */
798 #ifdef USE_PRIVOXY_STRLCPY
799 /*********************************************************************
801 * Function : privoxy_strlcpy
803 * Description : strlcpy(3) look-alike for those without decent libc.
806 * 1 : destination: buffer to copy into.
807 * 2 : source: String to copy.
808 * 3 : size: Size of destination buffer.
810 * Returns : The length of the string that privoxy_strlcpy() tried to create.
812 *********************************************************************/
813 size_t privoxy_strlcpy(char *destination, const char *source, const size_t size)
817 snprintf(destination, size, "%s", source);
819 * Platforms that lack strlcpy() also tend to have
820 * a broken snprintf implementation that doesn't
821 * guarantee nul termination.
823 * XXX: the configure script should detect and reject those.
825 destination[size-1] = '\0';
827 return strlen(source);
829 #endif /* def USE_PRIVOXY_STRLCPY */
833 /*********************************************************************
835 * Function : privoxy_strlcat
837 * Description : strlcat(3) look-alike for those without decent libc.
840 * 1 : destination: C string.
841 * 2 : source: String to copy.
842 * 3 : size: Size of destination buffer.
844 * Returns : The length of the string that privoxy_strlcat() tried to create.
846 *********************************************************************/
847 size_t privoxy_strlcat(char *destination, const char *source, const size_t size)
849 const size_t old_length = strlen(destination);
850 return old_length + strlcpy(destination + old_length, source, size - old_length);
852 #endif /* ndef HAVE_STRLCAT */
855 #if !defined(HAVE_TIMEGM) && defined(HAVE_TZSET) && defined(HAVE_PUTENV)
856 /*********************************************************************
860 * Description : libc replacement function for the inverse of gmtime().
861 * Copyright (C) 2004 Free Software Foundation, Inc.
863 * Code originally copied from GnuPG, modifications done
864 * for Privoxy: style changed, #ifdefs for _WIN32 added
865 * to have it work on mingw32.
867 * XXX: It's very unlikely to happen, but if the malloc()
868 * call fails the time zone will be permanently set to UTC.
871 * 1 : tm: Broken-down time struct.
873 * Returns : tm converted into time_t seconds.
875 *********************************************************************/
876 time_t timegm(struct tm *tm)
889 old_zone = malloc(3 + strlen(zone) + 1);
892 strcpy(old_zone, "TZ=");
893 strcat(old_zone, zone);
896 /* http://man7.org/linux/man-pages/man3/putenv.3.html
897 * int putenv(char *string);
898 * The string pointed to by string becomes part of the environment, so altering the
899 * string changes the environment.
900 * In other words, the memory pointed to by *string is used until
901 * a) another call to putenv() with the same e-var name
902 * b) the program exits
904 * Windows e-vars don't work that way, so let's not leak memory.
907 #endif /* def _WIN32 */
914 #elif defined(_WIN32)
924 #endif /* !defined(HAVE_TIMEGM) && defined(HAVE_TZSET) && defined(HAVE_PUTENV) */
927 #ifndef HAVE_SNPRINTF
929 * What follows is a portable snprintf routine, written by Mark Martinec.
930 * See: http://www.ijs.si/software/snprintf/
933 - a portable implementation of snprintf,
934 including vsnprintf.c, asnprintf, vasnprintf, asprintf, vasprintf
936 snprintf is a routine to convert numeric and string arguments to
937 formatted strings. It is similar to sprintf(3) provided in a system's
938 C library, yet it requires an additional argument - the buffer size -
939 and it guarantees never to store anything beyond the given buffer,
940 regardless of the format or arguments to be formatted. Some newer
941 operating systems do provide snprintf in their C library, but many do
942 not or do provide an inadequate (slow or idiosyncratic) version, which
943 calls for a portable implementation of this routine.
947 Mark Martinec <mark.martinec@ijs.si>, April 1999, June 2000
948 Copyright © 1999, Mark Martinec
952 #define PORTABLE_SNPRINTF_VERSION_MAJOR 2
953 #define PORTABLE_SNPRINTF_VERSION_MINOR 2
955 #if defined(NEED_ASPRINTF) || defined(NEED_ASNPRINTF) || defined(NEED_VASPRINTF) || defined(NEED_VASNPRINTF)
956 # if defined(NEED_SNPRINTF_ONLY)
957 # undef NEED_SNPRINTF_ONLY
959 # if !defined(PREFER_PORTABLE_SNPRINTF)
960 # define PREFER_PORTABLE_SNPRINTF
964 #if defined(SOLARIS_BUG_COMPATIBLE) && !defined(SOLARIS_COMPATIBLE)
965 #define SOLARIS_COMPATIBLE
968 #if defined(HPUX_BUG_COMPATIBLE) && !defined(HPUX_COMPATIBLE)
969 #define HPUX_COMPATIBLE
972 #if defined(DIGITAL_UNIX_BUG_COMPATIBLE) && !defined(DIGITAL_UNIX_COMPATIBLE)
973 #define DIGITAL_UNIX_COMPATIBLE
976 #if defined(PERL_BUG_COMPATIBLE) && !defined(PERL_COMPATIBLE)
977 #define PERL_COMPATIBLE
980 #if defined(LINUX_BUG_COMPATIBLE) && !defined(LINUX_COMPATIBLE)
981 #define LINUX_COMPATIBLE
984 #include <sys/types.h>
995 #define isdigit(c) ((c) >= '0' && (c) <= '9')
997 /* For copying strings longer or equal to 'breakeven_point'
998 * it is more efficient to call memcpy() than to do it inline.
999 * The value depends mostly on the processor architecture,
1000 * but also on the compiler and its optimization capabilities.
1001 * The value is not critical, some small value greater than zero
1002 * will be just fine if you don't care to squeeze every drop
1003 * of performance out of the code.
1005 * Small values favor memcpy, large values favor inline code.
1007 #if defined(__alpha__) || defined(__alpha)
1008 # define breakeven_point 2 /* AXP (DEC Alpha) - gcc or cc or egcs */
1010 #if defined(__i386__) || defined(__i386)
1011 # define breakeven_point 12 /* Intel Pentium/Linux - gcc 2.96 */
1014 # define breakeven_point 10 /* HP-PA - gcc */
1016 #if defined(__sparc__) || defined(__sparc)
1017 # define breakeven_point 33 /* Sun Sparc 5 - gcc 2.8.1 */
1020 /* some other values of possible interest: */
1021 /* #define breakeven_point 8 */ /* VAX 4000 - vaxc */
1022 /* #define breakeven_point 19 */ /* VAX 4000 - gcc 2.7.0 */
1024 #ifndef breakeven_point
1025 # define breakeven_point 6 /* some reasonable one-size-fits-all value */
1028 #define fast_memcpy(d,s,n) \
1029 { register size_t nn = (size_t)(n); \
1030 if (nn >= breakeven_point) memcpy((d), (s), nn); \
1031 else if (nn > 0) { /* proc call overhead is worth only for large strings*/\
1032 register char *dd; register const char *ss; \
1033 for (ss=(s), dd=(d); nn>0; nn--) *dd++ = *ss++; } }
1035 #define fast_memset(d,c,n) \
1036 { register size_t nn = (size_t)(n); \
1037 if (nn >= breakeven_point) memset((d), (int)(c), nn); \
1038 else if (nn > 0) { /* proc call overhead is worth only for large strings*/\
1039 register char *dd; register const int cc=(int)(c); \
1040 for (dd=(d); nn>0; nn--) *dd++ = cc; } }
1044 #if defined(NEED_ASPRINTF)
1045 int asprintf (char **ptr, const char *fmt, /*args*/ ...);
1047 #if defined(NEED_VASPRINTF)
1048 int vasprintf (char **ptr, const char *fmt, va_list ap);
1050 #if defined(NEED_ASNPRINTF)
1051 int asnprintf (char **ptr, size_t str_m, const char *fmt, /*args*/ ...);
1053 #if defined(NEED_VASNPRINTF)
1054 int vasnprintf (char **ptr, size_t str_m, const char *fmt, va_list ap);
1057 #if defined(HAVE_SNPRINTF)
1058 /* declare our portable snprintf routine under name portable_snprintf */
1059 /* declare our portable vsnprintf routine under name portable_vsnprintf */
1061 /* declare our portable routines under names snprintf and vsnprintf */
1062 #define portable_snprintf snprintf
1063 #if !defined(NEED_SNPRINTF_ONLY)
1064 #define portable_vsnprintf vsnprintf
1068 #if !defined(HAVE_SNPRINTF) || defined(PREFER_PORTABLE_SNPRINTF)
1069 int portable_snprintf(char *str, size_t str_m, const char *fmt, /*args*/ ...);
1070 #if !defined(NEED_SNPRINTF_ONLY)
1071 int portable_vsnprintf(char *str, size_t str_m, const char *fmt, va_list ap);
1077 static char credits[] = "\n\
1078 @(#)snprintf.c, v2.2: Mark Martinec, <mark.martinec@ijs.si>\n\
1079 @(#)snprintf.c, v2.2: Copyright 1999, Mark Martinec. Frontier Artistic License applies.\n\
1080 @(#)snprintf.c, v2.2: http://www.ijs.si/software/snprintf/\n";
1082 #if defined(NEED_ASPRINTF)
1083 int asprintf(char **ptr, const char *fmt, /*args*/ ...) {
1089 va_start(ap, fmt); /* measure the required size */
1090 str_l = portable_vsnprintf(NULL, (size_t)0, fmt, ap);
1092 assert(str_l >= 0); /* possible integer overflow if str_m > INT_MAX */
1093 *ptr = (char *) malloc(str_m = (size_t)str_l + 1);
1094 if (*ptr == NULL) { errno = ENOMEM; str_l = -1; }
1098 str_l2 = portable_vsnprintf(*ptr, str_m, fmt, ap);
1100 assert(str_l2 == str_l);
1106 #if defined(NEED_VASPRINTF)
1107 int vasprintf(char **ptr, const char *fmt, va_list ap) {
1113 va_copy(ap2, ap); /* don't consume the original ap, we'll need it again */
1114 str_l = portable_vsnprintf(NULL, (size_t)0, fmt, ap2);/*get required size*/
1117 assert(str_l >= 0); /* possible integer overflow if str_m > INT_MAX */
1118 *ptr = (char *) malloc(str_m = (size_t)str_l + 1);
1119 if (*ptr == NULL) { errno = ENOMEM; str_l = -1; }
1121 int str_l2 = portable_vsnprintf(*ptr, str_m, fmt, ap);
1122 assert(str_l2 == str_l);
1128 #if defined(NEED_ASNPRINTF)
1129 int asnprintf (char **ptr, size_t str_m, const char *fmt, /*args*/ ...) {
1134 va_start(ap, fmt); /* measure the required size */
1135 str_l = portable_vsnprintf(NULL, (size_t)0, fmt, ap);
1137 assert(str_l >= 0); /* possible integer overflow if str_m > INT_MAX */
1138 if ((size_t)str_l + 1 < str_m) str_m = (size_t)str_l + 1; /* truncate */
1139 /* if str_m is 0, no buffer is allocated, just set *ptr to NULL */
1140 if (str_m == 0) { /* not interested in resulting string, just return size */
1142 *ptr = (char *) malloc(str_m);
1143 if (*ptr == NULL) { errno = ENOMEM; str_l = -1; }
1147 str_l2 = portable_vsnprintf(*ptr, str_m, fmt, ap);
1149 assert(str_l2 == str_l);
1156 #if defined(NEED_VASNPRINTF)
1157 int vasnprintf (char **ptr, size_t str_m, const char *fmt, va_list ap) {
1162 va_copy(ap2, ap); /* don't consume the original ap, we'll need it again */
1163 str_l = portable_vsnprintf(NULL, (size_t)0, fmt, ap2);/*get required size*/
1166 assert(str_l >= 0); /* possible integer overflow if str_m > INT_MAX */
1167 if ((size_t)str_l + 1 < str_m) str_m = (size_t)str_l + 1; /* truncate */
1168 /* if str_m is 0, no buffer is allocated, just set *ptr to NULL */
1169 if (str_m == 0) { /* not interested in resulting string, just return size */
1171 *ptr = (char *) malloc(str_m);
1172 if (*ptr == NULL) { errno = ENOMEM; str_l = -1; }
1174 int str_l2 = portable_vsnprintf(*ptr, str_m, fmt, ap);
1175 assert(str_l2 == str_l);
1183 * If the system does have snprintf and the portable routine is not
1184 * specifically required, this module produces no code for snprintf/vsnprintf.
1186 #if !defined(HAVE_SNPRINTF) || defined(PREFER_PORTABLE_SNPRINTF)
1188 #if !defined(NEED_SNPRINTF_ONLY)
1189 int portable_snprintf(char *str, size_t str_m, const char *fmt, /*args*/ ...) {
1194 str_l = portable_vsnprintf(str, str_m, fmt, ap);
1200 #if defined(NEED_SNPRINTF_ONLY)
1201 int portable_snprintf(char *str, size_t str_m, const char *fmt, /*args*/ ...) {
1203 int portable_vsnprintf(char *str, size_t str_m, const char *fmt, va_list ap) {
1206 #if defined(NEED_SNPRINTF_ONLY)
1210 const char *p = fmt;
1212 /* In contrast with POSIX, the ISO C99 now says
1213 * that str can be NULL and str_m can be 0.
1214 * This is more useful than the old: if (str_m < 1) return -1; */
1216 #if defined(NEED_SNPRINTF_ONLY)
1222 /* if (str_l < str_m) str[str_l++] = *p++; -- this would be sufficient */
1223 /* but the following code achieves better performance for cases
1224 * where format string is long and contains few conversions */
1225 const char *q = strchr(p+1,'%');
1226 size_t n = !q ? strlen(p) : (q-p);
1227 if (str_l < str_m) {
1228 size_t avail = str_m-str_l;
1229 fast_memcpy(str+str_l, p, (n>avail?avail:n));
1233 const char *starting_p;
1234 size_t min_field_width = 0, precision = 0;
1235 int zero_padding = 0, precision_specified = 0, justify_left = 0;
1236 int alternate_form = 0, force_sign = 0;
1237 int space_for_positive = 1; /* If both the ' ' and '+' flags appear,
1238 the ' ' flag should be ignored. */
1239 char length_modifier = '\0'; /* allowed values: \0, h, l, L */
1240 char tmp[32];/* temporary buffer for simple numeric->string conversion */
1242 const char *str_arg; /* string address in case of string argument */
1243 size_t str_arg_l; /* natural field width of arg without padding
1245 unsigned char uchar_arg;
1246 /* unsigned char argument value - only defined for c conversion.
1247 N.B. standard explicitly states the char argument for
1248 the c conversion is unsigned */
1250 size_t number_of_zeros_to_pad = 0;
1251 /* number of zeros to be inserted for numeric conversions
1252 as required by the precision or minimal field width */
1254 size_t zero_padding_insertion_ind = 0;
1255 /* index into tmp where zero padding is to be inserted */
1257 char fmt_spec = '\0';
1258 /* current conversion specifier character */
1260 str_arg = credits;/* just to make compiler happy (defined but not used)*/
1262 starting_p = p; p++; /* skip '%' */
1264 while (*p == '0' || *p == '-' || *p == '+' ||
1265 *p == ' ' || *p == '#' || *p == '\'') {
1267 case '0': zero_padding = 1; break;
1268 case '-': justify_left = 1; break;
1269 case '+': force_sign = 1; space_for_positive = 0; break;
1270 case ' ': force_sign = 1;
1271 /* If both the ' ' and '+' flags appear, the ' ' flag should be ignored */
1272 #ifdef PERL_COMPATIBLE
1273 /* ... but in Perl the last of ' ' and '+' applies */
1274 space_for_positive = 1;
1277 case '#': alternate_form = 1; break;
1282 /* If the '0' and '-' flags both appear, the '0' flag should be ignored. */
1284 /* parse field width */
1287 p++; j = va_arg(ap, int);
1288 if (j >= 0) min_field_width = j;
1289 else { min_field_width = -j; justify_left = 1; }
1290 } else if (isdigit((int)(*p))) {
1291 /* size_t could be wider than unsigned int;
1292 make sure we treat argument like common implementations do */
1293 unsigned int uj = *p++ - '0';
1294 while (isdigit((int)(*p))) uj = 10*uj + (unsigned int)(*p++ - '0');
1295 min_field_width = uj;
1297 /* parse precision */
1299 p++; precision_specified = 1;
1301 int j = va_arg(ap, int);
1303 if (j >= 0) precision = j;
1305 precision_specified = 0; precision = 0;
1307 * Solaris 2.6 man page claims that in this case the precision
1308 * should be set to 0. Digital Unix 4.0, HPUX 10 and BSD man page
1309 * claim that this case should be treated as unspecified precision,
1310 * which is what we do here.
1313 } else if (isdigit((int)(*p))) {
1314 /* size_t could be wider than unsigned int;
1315 make sure we treat argument like common implementations do */
1316 unsigned int uj = *p++ - '0';
1317 while (isdigit((int)(*p))) uj = 10*uj + (unsigned int)(*p++ - '0');
1321 /* parse 'h', 'l' and 'll' length modifiers */
1322 if (*p == 'h' || *p == 'l') {
1323 length_modifier = *p; p++;
1324 if (length_modifier == 'l' && *p == 'l') { /* double l = long long */
1325 #ifdef SNPRINTF_LONGLONG_SUPPORT
1326 length_modifier = '2'; /* double l encoded as '2' */
1328 length_modifier = 'l'; /* treat it as a single 'l' */
1334 /* common synonyms: */
1336 case 'i': fmt_spec = 'd'; break;
1337 case 'D': fmt_spec = 'd'; length_modifier = 'l'; break;
1338 case 'U': fmt_spec = 'u'; length_modifier = 'l'; break;
1339 case 'O': fmt_spec = 'o'; length_modifier = 'l'; break;
1342 /* get parameter value, do initial processing */
1344 case '%': /* % behaves similar to 's' regarding flags and field widths */
1345 case 'c': /* c behaves similar to 's' regarding flags and field widths */
1347 length_modifier = '\0'; /* wint_t and wchar_t not supported */
1348 /* the result of zero padding flag with non-numeric conversion specifier*/
1349 /* is undefined. Solaris and HPUX 10 does zero padding in this case, */
1350 /* Digital Unix and Linux does not. */
1351 #if !defined(SOLARIS_COMPATIBLE) && !defined(HPUX_COMPATIBLE)
1352 zero_padding = 0; /* turn zero padding off for string conversions */
1359 int j = va_arg(ap, int);
1360 uchar_arg = (unsigned char) j; /* standard demands unsigned char */
1361 str_arg = (const char *) &uchar_arg;
1365 str_arg = va_arg(ap, const char *);
1366 if (!str_arg) str_arg_l = 0;
1367 /* make sure not to address string beyond the specified precision !!! */
1368 else if (!precision_specified) str_arg_l = strlen(str_arg);
1369 /* truncate string if necessary as requested by precision */
1370 else if (precision == 0) str_arg_l = 0;
1372 /* memchr on HP does not like n > 2^31 !!! */
1373 const char *q = memchr(str_arg, '\0',
1374 precision <= 0x7fffffff ? precision : 0x7fffffff);
1375 str_arg_l = !q ? precision : (q-str_arg);
1381 case 'd': case 'u': case 'o': case 'x': case 'X': case 'p': {
1382 /* NOTE: the u, o, x, X and p conversion specifiers imply
1383 the value is unsigned; d implies a signed value */
1386 /* 0 if numeric argument is zero (or if pointer is NULL for 'p'),
1387 +1 if greater than zero (or nonzero for unsigned arguments),
1388 -1 if negative (unsigned argument is never negative) */
1390 int int_arg = 0; unsigned int uint_arg = 0;
1391 /* only defined for length modifier h, or for no length modifiers */
1393 long int long_arg = 0; unsigned long int ulong_arg = 0;
1394 /* only defined for length modifier l */
1396 void *ptr_arg = NULL;
1397 /* pointer argument value -only defined for p conversion */
1399 #ifdef SNPRINTF_LONGLONG_SUPPORT
1400 long long int long_long_arg = 0;
1401 unsigned long long int ulong_long_arg = 0;
1402 /* only defined for length modifier ll */
1404 if (fmt_spec == 'p') {
1405 /* HPUX 10: An l, h, ll or L before any other conversion character
1406 * (other than d, i, u, o, x, or X) is ignored.
1408 * not specified, but seems to behave as HPUX does.
1409 * Solaris: If an h, l, or L appears before any other conversion
1410 * specifier (other than d, i, u, o, x, or X), the behavior
1411 * is undefined. (Actually %hp converts only 16-bits of address
1412 * and %llp treats address as 64-bit data which is incompatible
1413 * with (void *) argument on a 32-bit system).
1415 #ifdef SOLARIS_COMPATIBLE
1416 # ifdef SOLARIS_BUG_COMPATIBLE
1417 /* keep length modifiers even if it represents 'll' */
1419 if (length_modifier == '2') length_modifier = '\0';
1422 length_modifier = '\0';
1424 ptr_arg = va_arg(ap, void *);
1425 if (ptr_arg != NULL) arg_sign = 1;
1426 } else if (fmt_spec == 'd') { /* signed */
1427 switch (length_modifier) {
1430 /* It is non-portable to specify a second argument of char or short
1431 * to va_arg, because arguments seen by the called function
1432 * are not char or short. C converts char and short arguments
1433 * to int before passing them to a function.
1435 int_arg = va_arg(ap, int);
1436 if (int_arg > 0) arg_sign = 1;
1437 else if (int_arg < 0) arg_sign = -1;
1440 long_arg = va_arg(ap, long int);
1441 if (long_arg > 0) arg_sign = 1;
1442 else if (long_arg < 0) arg_sign = -1;
1444 #ifdef SNPRINTF_LONGLONG_SUPPORT
1446 long_long_arg = va_arg(ap, long long int);
1447 if (long_long_arg > 0) arg_sign = 1;
1448 else if (long_long_arg < 0) arg_sign = -1;
1452 } else { /* unsigned */
1453 switch (length_modifier) {
1456 uint_arg = va_arg(ap, unsigned int);
1457 if (uint_arg) arg_sign = 1;
1460 ulong_arg = va_arg(ap, unsigned long int);
1461 if (ulong_arg) arg_sign = 1;
1463 #ifdef SNPRINTF_LONGLONG_SUPPORT
1465 ulong_long_arg = va_arg(ap, unsigned long long int);
1466 if (ulong_long_arg) arg_sign = 1;
1471 str_arg = tmp; str_arg_l = 0;
1473 * For d, i, u, o, x, and X conversions, if precision is specified,
1474 * the '0' flag should be ignored. This is so with Solaris 2.6,
1475 * Digital UNIX 4.0, HPUX 10, Linux, FreeBSD, NetBSD; but not with Perl.
1477 #ifndef PERL_COMPATIBLE
1478 if (precision_specified) zero_padding = 0;
1480 if (fmt_spec == 'd') {
1481 if (force_sign && arg_sign >= 0)
1482 tmp[str_arg_l++] = space_for_positive ? ' ' : '+';
1483 /* leave negative numbers for sprintf to handle,
1484 to avoid handling tricky cases like (short int)(-32768) */
1485 #ifdef LINUX_COMPATIBLE
1486 } else if (fmt_spec == 'p' && force_sign && arg_sign > 0) {
1487 tmp[str_arg_l++] = space_for_positive ? ' ' : '+';
1489 } else if (alternate_form) {
1490 if (arg_sign != 0 && (fmt_spec == 'x' || fmt_spec == 'X') )
1491 { tmp[str_arg_l++] = '0'; tmp[str_arg_l++] = fmt_spec; }
1492 /* alternate form should have no effect for p conversion, but ... */
1493 #ifdef HPUX_COMPATIBLE
1494 else if (fmt_spec == 'p'
1495 /* HPUX 10: for an alternate form of p conversion,
1496 * a nonzero result is prefixed by 0x. */
1497 #ifndef HPUX_BUG_COMPATIBLE
1498 /* Actually it uses 0x prefix even for a zero value. */
1501 ) { tmp[str_arg_l++] = '0'; tmp[str_arg_l++] = 'x'; }
1504 zero_padding_insertion_ind = str_arg_l;
1505 if (!precision_specified) precision = 1; /* default precision is 1 */
1506 if (precision == 0 && arg_sign == 0
1507 #if defined(HPUX_BUG_COMPATIBLE) || defined(LINUX_COMPATIBLE)
1509 /* HPUX 10 man page claims: With conversion character p the result of
1510 * converting a zero value with a precision of zero is a null string.
1511 * Actually HP returns all zeroes, and Linux returns "(nil)". */
1514 /* converted to null string */
1515 /* When zero value is formatted with an explicit precision 0,
1516 the resulting formatted string is empty (d, i, u, o, x, X, p). */
1518 char f[5]; int f_l = 0;
1519 f[f_l++] = '%'; /* construct a simple format string for sprintf */
1520 if (!length_modifier) { }
1521 else if (length_modifier=='2') { f[f_l++] = 'l'; f[f_l++] = 'l'; }
1522 else f[f_l++] = length_modifier;
1523 f[f_l++] = fmt_spec; f[f_l++] = '\0';
1524 if (fmt_spec == 'p') str_arg_l += sprintf(tmp+str_arg_l, f, ptr_arg);
1525 else if (fmt_spec == 'd') { /* signed */
1526 switch (length_modifier) {
1528 case 'h': str_arg_l+=sprintf(tmp+str_arg_l, f, int_arg); break;
1529 case 'l': str_arg_l+=sprintf(tmp+str_arg_l, f, long_arg); break;
1530 #ifdef SNPRINTF_LONGLONG_SUPPORT
1531 case '2': str_arg_l+=sprintf(tmp+str_arg_l,f,long_long_arg); break;
1534 } else { /* unsigned */
1535 switch (length_modifier) {
1537 case 'h': str_arg_l+=sprintf(tmp+str_arg_l, f, uint_arg); break;
1538 case 'l': str_arg_l+=sprintf(tmp+str_arg_l, f, ulong_arg); break;
1539 #ifdef SNPRINTF_LONGLONG_SUPPORT
1540 case '2': str_arg_l+=sprintf(tmp+str_arg_l,f,ulong_long_arg);break;
1544 /* include the optional minus sign and possible "0x"
1545 in the region before the zero padding insertion point */
1546 if (zero_padding_insertion_ind < str_arg_l &&
1547 tmp[zero_padding_insertion_ind] == '-') {
1548 zero_padding_insertion_ind++;
1550 if (zero_padding_insertion_ind+1 < str_arg_l &&
1551 tmp[zero_padding_insertion_ind] == '0' &&
1552 (tmp[zero_padding_insertion_ind+1] == 'x' ||
1553 tmp[zero_padding_insertion_ind+1] == 'X') ) {
1554 zero_padding_insertion_ind += 2;
1557 { size_t num_of_digits = str_arg_l - zero_padding_insertion_ind;
1558 if (alternate_form && fmt_spec == 'o'
1559 #ifdef HPUX_COMPATIBLE /* ("%#.o",0) -> "" */
1562 #ifdef DIGITAL_UNIX_BUG_COMPATIBLE /* ("%#o",0) -> "00" */
1564 /* unless zero is already the first character */
1565 && !(zero_padding_insertion_ind < str_arg_l
1566 && tmp[zero_padding_insertion_ind] == '0')
1568 ) { /* assure leading zero for alternate-form octal numbers */
1569 if (!precision_specified || precision < num_of_digits+1) {
1570 /* precision is increased to force the first character to be zero,
1571 except if a zero value is formatted with an explicit precision
1573 precision = num_of_digits+1; precision_specified = 1;
1576 /* zero padding to specified precision? */
1577 if (num_of_digits < precision)
1578 number_of_zeros_to_pad = precision - num_of_digits;
1580 /* zero padding to specified minimal field width? */
1581 if (!justify_left && zero_padding) {
1582 int n = min_field_width - (str_arg_l+number_of_zeros_to_pad);
1583 if (n > 0) number_of_zeros_to_pad += n;
1587 default: /* unrecognized conversion specifier, keep format string as-is*/
1588 zero_padding = 0; /* turn zero padding off for non-numeric convers. */
1589 #ifndef DIGITAL_UNIX_COMPATIBLE
1590 justify_left = 1; min_field_width = 0; /* reset flags */
1592 #if defined(PERL_COMPATIBLE) || defined(LINUX_COMPATIBLE)
1593 /* keep the entire format string unchanged */
1594 str_arg = starting_p; str_arg_l = p - starting_p;
1595 /* well, not exactly so for Linux, which does something between,
1596 * and I don't feel an urge to imitate it: "%+++++hy" -> "%+y" */
1598 /* discard the unrecognized conversion, just keep *
1599 * the unrecognized conversion character */
1600 str_arg = p; str_arg_l = 0;
1602 if (*p) str_arg_l++; /* include invalid conversion specifier unchanged
1603 if not at end-of-string */
1606 if (*p) p++; /* step over the just processed conversion specifier */
1607 /* insert padding to the left as requested by min_field_width;
1608 this does not include the zero padding in case of numerical conversions*/
1609 if (!justify_left) { /* left padding with blank or zero */
1610 int n = min_field_width - (str_arg_l+number_of_zeros_to_pad);
1612 if (str_l < str_m) {
1613 size_t avail = str_m-str_l;
1614 fast_memset(str+str_l, (zero_padding?'0':' '), (n>avail?avail:n));
1619 /* zero padding as requested by the precision or by the minimal field width
1620 * for numeric conversions required? */
1621 if (number_of_zeros_to_pad <= 0) {
1622 /* will not copy first part of numeric right now, *
1623 * force it to be copied later in its entirety */
1624 zero_padding_insertion_ind = 0;
1626 /* insert first part of numerics (sign or '0x') before zero padding */
1627 int n = zero_padding_insertion_ind;
1629 if (str_l < str_m) {
1630 size_t avail = str_m-str_l;
1631 fast_memcpy(str+str_l, str_arg, (n>avail?avail:n));
1635 /* insert zero padding as requested by the precision or min field width */
1636 n = number_of_zeros_to_pad;
1638 if (str_l < str_m) {
1639 size_t avail = str_m-str_l;
1640 fast_memset(str+str_l, '0', (n>avail?avail:n));
1645 /* insert formatted string
1646 * (or as-is conversion specifier for unknown conversions) */
1647 { int n = str_arg_l - zero_padding_insertion_ind;
1649 if (str_l < str_m) {
1650 size_t avail = str_m-str_l;
1651 fast_memcpy(str+str_l, str_arg+zero_padding_insertion_ind,
1657 /* insert right padding */
1658 if (justify_left) { /* right blank padding to the field width */
1659 int n = min_field_width - (str_arg_l+number_of_zeros_to_pad);
1661 if (str_l < str_m) {
1662 size_t avail = str_m-str_l;
1663 fast_memset(str+str_l, ' ', (n>avail?avail:n));
1670 #if defined(NEED_SNPRINTF_ONLY)
1673 if (str_m > 0) { /* make sure the string is null-terminated
1674 even at the expense of overwriting the last character
1675 (shouldn't happen, but just in case) */
1676 str[str_l <= str_m-1 ? str_l : str_m-1] = '\0';
1678 /* Return the number of characters formatted (excluding trailing null
1679 * character), that is, the number of characters that would have been
1680 * written to the buffer if it were large enough.
1682 * The value of str_l should be returned, but str_l is of unsigned type
1683 * size_t, and snprintf is int, possibly leading to an undetected
1684 * integer overflow, resulting in a negative return value, which is illegal.
1685 * Both XSH5 and ISO C99 (at least the draft) are silent on this issue.
1686 * Should errno be set to EOVERFLOW and EOF returned in this case???
1691 #endif /* ndef HAVE_SNPRINTF */