1 const char miscutil_rcs[] = "$Id: miscutil.c,v 1.85 2017/06/08 13:11:08 fabiankeil Exp $";
2 /*********************************************************************
4 * File : $Source: /cvsroot/ijbswa/current/miscutil.c,v $
6 * Purpose : zalloc, hash_string, strcmpic, strncmpic, and
7 * MinGW32 strdup functions. These are each too small
8 * to deserve their own file but don't really fit in
11 * Copyright : Written by and Copyright (C) 2001-2016 the
12 * Privoxy team. http://www.privoxy.org/
14 * Based on the Internet Junkbuster originally written
15 * by and Copyright (C) 1997 Anonymous Coders and
16 * Junkbusters Corporation. http://www.junkbusters.com
18 * The timegm replacement function was taken from GnuPG,
19 * Copyright (C) 2004 Free Software Foundation, Inc.
21 * The snprintf replacement function is written by
22 * Mark Martinec who also holds the copyright. It can be
23 * used under the terms of the GPL or the terms of the
24 * "Frontier Artistic License".
26 * This program is free software; you can redistribute it
27 * and/or modify it under the terms of the GNU General
28 * Public License as published by the Free Software
29 * Foundation; either version 2 of the License, or (at
30 * your option) any later version.
32 * This program is distributed in the hope that it will
33 * be useful, but WITHOUT ANY WARRANTY; without even the
34 * implied warranty of MERCHANTABILITY or FITNESS FOR A
35 * PARTICULAR PURPOSE. See the GNU General Public
36 * License for more details.
38 * The GNU General Public License should be included with
39 * this file. If not, you can view it at
40 * http://www.gnu.org/copyleft/gpl.html
41 * or write to the Free Software Foundation, Inc., 59
42 * Temple Place - Suite 330, Boston, MA 02111-1307, USA.
44 *********************************************************************/
50 #include <sys/types.h>
52 #if !defined(_WIN32) && !defined(__OS2__)
54 #endif /* #if !defined(_WIN32) && !defined(__OS2__) */
59 #if !defined(HAVE_TIMEGM) && defined(HAVE_TZSET) && defined(HAVE_PUTENV)
61 #endif /* !defined(HAVE_TIMEGM) && defined(HAVE_TZSET) && defined(HAVE_PUTENV) */
68 const char miscutil_h_rcs[] = MISCUTIL_H_VERSION;
70 /*********************************************************************
74 * Description : Returns allocated memory that is initialized
78 * 1 : size = Size of memory chunk to return.
80 * Returns : Pointer to newly alloc'd memory chunk.
82 *********************************************************************/
83 void *zalloc(size_t size)
88 ret = calloc(1, size);
90 #warning calloc appears to be unavailable. Your platform will become unsupported in the future
91 if ((ret = (void *)malloc(size)) != NULL)
102 /*********************************************************************
104 * Function : zalloc_or_die
106 * Description : zalloc wrapper that either succeeds or causes
107 * program termination.
109 * Useful in situations were the string length is
110 * "small" and zalloc() failures couldn't be handled
111 * better anyway. In case of debug builds, failures
112 * trigger an assert().
115 * 1 : size = Size of memory chunk to return.
117 * Returns : Pointer to newly malloc'd memory chunk.
119 *********************************************************************/
120 void *zalloc_or_die(size_t size)
124 buffer = zalloc(size);
127 assert(buffer != NULL);
128 log_error(LOG_LEVEL_FATAL, "Out of memory in zalloc_or_die().");
136 /*********************************************************************
138 * Function : strdup_or_die
140 * Description : strdup wrapper that either succeeds or causes
141 * program termination.
143 * Useful in situations were the string length is
144 * "small" and strdup() failures couldn't be handled
145 * better anyway. In case of debug builds, failures
146 * trigger an assert().
149 * 1 : str = String to duplicate
151 * Returns : Pointer to newly strdup'd copy of the string.
153 *********************************************************************/
154 char *strdup_or_die(const char *str)
158 new_str = strdup(str);
162 assert(new_str != NULL);
163 log_error(LOG_LEVEL_FATAL, "Out of memory in strdup_or_die().");
172 /*********************************************************************
174 * Function : malloc_or_die
176 * Description : malloc wrapper that either succeeds or causes
177 * program termination.
179 * Useful in situations were the buffer size is "small"
180 * and malloc() failures couldn't be handled better
181 * anyway. In case of debug builds, failures trigger
185 * 1 : buffer_size = Size of the space to allocate
187 * Returns : Pointer to newly malloc'd memory
189 *********************************************************************/
190 void *malloc_or_die(size_t buffer_size)
194 if (buffer_size == 0)
196 log_error(LOG_LEVEL_ERROR,
197 "malloc_or_die() called with buffer size 0");
198 assert(buffer_size != 0);
202 new_buf = malloc(buffer_size);
206 assert(new_buf != NULL);
207 log_error(LOG_LEVEL_FATAL, "Out of memory in malloc_or_die().");
217 /*********************************************************************
219 * Function : write_pid_file
221 * Description : Writes a pid file with the pid of the main process.
222 * Exits if the file can't be opened
228 *********************************************************************/
229 void write_pid_file(void)
234 * If no --pidfile option was given,
235 * we can live without one.
237 if (pidfile == NULL) return;
239 if ((fp = fopen(pidfile, "w")) == NULL)
241 log_error(LOG_LEVEL_FATAL, "can't open pidfile '%s': %E", pidfile);
245 fprintf(fp, "%u\n", (unsigned int) getpid());
251 #endif /* def unix */
254 /*********************************************************************
256 * Function : hash_string
258 * Description : Take a string and compute a (hopefuly) unique numeric
259 * integer value. This is useful to "switch" a string.
262 * 1 : s : string to be hashed.
264 * Returns : The string's hash
266 *********************************************************************/
267 unsigned int hash_string(const char* s)
273 h = 5 * h + (unsigned int)*s;
281 /*********************************************************************
283 * Function : strcmpic
285 * Description : Case insensitive string comparison
288 * 1 : s1 = string 1 to compare
289 * 2 : s2 = string 2 to compare
291 * Returns : 0 if s1==s2, Negative if s1<s2, Positive if s1>s2
293 *********************************************************************/
294 int strcmpic(const char *s1, const char *s2)
301 if ((*s1 != *s2) && (privoxy_tolower(*s1) != privoxy_tolower(*s2)))
307 return(privoxy_tolower(*s1) - privoxy_tolower(*s2));
312 /*********************************************************************
314 * Function : strncmpic
316 * Description : Case insensitive string comparison (up to n characters)
319 * 1 : s1 = string 1 to compare
320 * 2 : s2 = string 2 to compare
321 * 3 : n = maximum characters to compare
323 * Returns : 0 if s1==s2, Negative if s1<s2, Positive if s1>s2
325 *********************************************************************/
326 int strncmpic(const char *s1, const char *s2, size_t n)
328 if (n <= (size_t)0) return(0);
334 if ((*s1 != *s2) && (privoxy_tolower(*s1) != privoxy_tolower(*s2)))
339 if (--n <= (size_t)0) break;
343 return(privoxy_tolower(*s1) - privoxy_tolower(*s2));
348 /*********************************************************************
352 * Description : In-situ-eliminate all leading and trailing whitespace
356 * 1 : s : string to be chomped.
358 * Returns : chomped string
360 *********************************************************************/
361 char *chomp(char *string)
366 * strip trailing whitespace
368 p = string + strlen(string);
369 while (p > string && privoxy_isspace(*(p-1)))
376 * find end of leading whitespace
379 while (*q && privoxy_isspace(*q))
385 * if there was any, move the rest forwards
400 /*********************************************************************
402 * Function : string_append
404 * Description : Reallocate target_string and append text to it.
405 * This makes it easier to append to malloc'd strings.
406 * This is similar to the (removed) strsav(), but
407 * running out of memory isn't catastrophic.
411 * The following style provides sufficient error
412 * checking for this routine, with minimal clutter
413 * in the source code. It is recommended if you
414 * have many calls to this function:
416 * char * s = strdup(...); // don't check for error
417 * string_append(&s, ...); // don't check for error
418 * string_append(&s, ...); // don't check for error
419 * string_append(&s, ...); // don't check for error
420 * if (NULL == s) { ... handle error ... }
424 * char * s = strdup(...); // don't check for error
425 * string_append(&s, ...); // don't check for error
426 * string_append(&s, ...); // don't check for error
427 * if (string_append(&s, ...)) {... handle error ...}
430 * 1 : target_string = Pointer to old text that is to be
431 * extended. *target_string will be free()d by this
432 * routine. target_string must be non-NULL.
433 * If *target_string is NULL, this routine will
434 * do nothing and return with an error - this allows
435 * you to make many calls to this routine and only
436 * check for errors after the last one.
437 * 2 : text_to_append = Text to be appended to old.
440 * Returns : JB_ERR_OK on success, and sets *target_string
441 * to newly malloc'ed appended string. Caller
442 * must free(*target_string).
443 * JB_ERR_MEMORY on out-of-memory. (And free()s
444 * *target_string and sets it to NULL).
445 * JB_ERR_MEMORY if *target_string is NULL.
447 *********************************************************************/
448 jb_err string_append(char **target_string, const char *text_to_append)
454 assert(target_string);
455 assert(text_to_append);
457 if (*target_string == NULL)
459 return JB_ERR_MEMORY;
462 if (*text_to_append == '\0')
467 old_len = strlen(*target_string);
469 new_size = strlen(text_to_append) + old_len + 1;
471 if (NULL == (new_string = realloc(*target_string, new_size)))
473 free(*target_string);
475 *target_string = NULL;
476 return JB_ERR_MEMORY;
479 strlcpy(new_string + old_len, text_to_append, new_size - old_len);
481 *target_string = new_string;
486 /*********************************************************************
488 * Function : string_join
490 * Description : Join two strings together. Frees BOTH the original
491 * strings. If either or both input strings are NULL,
492 * fails as if it had run out of memory.
494 * For comparison, string_append requires that the
495 * second string is non-NULL, and doesn't free it.
497 * Rationale: Too often, we want to do
498 * string_append(s, html_encode(s2)). That assert()s
499 * if s2 is NULL or if html_encode() runs out of memory.
500 * It also leaks memory. Proper checking is cumbersome.
501 * The solution: string_join(s, html_encode(s2)) is safe,
502 * and will free the memory allocated by html_encode().
505 * 1 : target_string = Pointer to old text that is to be
506 * extended. *target_string will be free()d by this
507 * routine. target_string must be non-NULL.
508 * 2 : text_to_append = Text to be appended to old.
510 * Returns : JB_ERR_OK on success, and sets *target_string
511 * to newly malloc'ed appended string. Caller
512 * must free(*target_string).
513 * JB_ERR_MEMORY on out-of-memory, or if
514 * *target_string or text_to_append is NULL. (In
515 * this case, frees *target_string and text_to_append,
516 * sets *target_string to NULL).
518 *********************************************************************/
519 jb_err string_join(char **target_string, char *text_to_append)
523 assert(target_string);
525 if (text_to_append == NULL)
527 freez(*target_string);
528 return JB_ERR_MEMORY;
531 err = string_append(target_string, text_to_append);
533 freez(text_to_append);
539 /*********************************************************************
541 * Function : string_toupper
543 * Description : Produce a copy of string with all convertible
544 * characters converted to uppercase.
547 * 1 : string = string to convert
549 * Returns : Uppercase copy of string if possible,
550 * NULL on out-of-memory or if string was NULL.
552 *********************************************************************/
553 char *string_toupper(const char *string)
558 if (!string || ((result = (char *) zalloc(strlen(string) + 1)) == NULL))
568 *p++ = (char)toupper((int) *q++);
576 /*********************************************************************
578 * Function : string_move
580 * Description : memmove wrapper to move the last part of a string
581 * towards the beginning, overwriting the part in
582 * the middle. strlcpy() can't be used here as the
586 * 1 : dst = Destination to overwrite
587 * 2 : src = Source to move.
591 *********************************************************************/
592 void string_move(char *dst, char *src)
596 /* +1 to copy the terminating nul as well. */
597 memmove(dst, src, strlen(src)+1);
601 /*********************************************************************
605 * Description : Duplicate the first n characters of a string that may
606 * contain '\0' characters.
609 * 1 : string = string to be duplicated
610 * 2 : len = number of bytes to duplicate
612 * Returns : pointer to copy, or NULL if failiure
614 *********************************************************************/
615 char *bindup(const char *string, size_t len)
619 duplicate = (char *)malloc(len);
620 if (NULL != duplicate)
622 memcpy(duplicate, string, len);
630 /*********************************************************************
632 * Function : make_path
634 * Description : Takes a directory name and a file name, returns
635 * the complete path. Handles windows/unix differences.
636 * If the file name is already an absolute path, or if
637 * the directory name is NULL or empty, it returns
641 * 1 : dir: Name of directory or NULL for none.
642 * 2 : file: Name of file. Should not be NULL or empty.
644 * Returns : "dir/file" (Or on windows, "dir\file").
645 * It allocates the string on the heap. Caller frees.
646 * Returns NULL in error (i.e. NULL file or out of
649 *********************************************************************/
650 char * make_path(const char * dir, const char * file)
661 strncpy(path,dir+2,512);
665 strncpy(path,dir+1,512);
670 strncpy(path,dir,512);
678 if (AddPart(path,file,512))
686 #else /* ndef AMIGA */
688 if ((file == NULL) || (*file == '\0'))
690 return NULL; /* Error */
693 if ((dir == NULL) || (*dir == '\0') /* No directory specified */
694 #if defined(_WIN32) || defined(__OS2__)
695 || (*file == '\\') || (file[1] == ':') /* Absolute path (DOS) */
696 #else /* ifndef _WIN32 || __OS2__ */
697 || (*file == '/') /* Absolute path (U*ix) */
698 #endif /* ifndef _WIN32 || __OS2__ */
706 size_t path_size = strlen(dir) + strlen(file) + 2; /* +2 for trailing (back)slash and \0 */
709 if (*dir != '/' && basedir && *basedir)
712 * Relative path, so start with the base directory.
714 path_size += strlen(basedir) + 1; /* +1 for the slash */
715 path = malloc(path_size);
716 if (!path) log_error(LOG_LEVEL_FATAL, "malloc failed!");
717 strlcpy(path, basedir, path_size);
718 strlcat(path, "/", path_size);
719 strlcat(path, dir, path_size);
722 #endif /* defined unix */
724 path = malloc(path_size);
725 if (!path) log_error(LOG_LEVEL_FATAL, "malloc failed!");
726 strlcpy(path, dir, path_size);
729 assert(NULL != path);
730 #if defined(_WIN32) || defined(__OS2__)
731 if (path[strlen(path)-1] != '\\')
733 strlcat(path, "\\", path_size);
735 #else /* ifndef _WIN32 || __OS2__ */
736 if (path[strlen(path)-1] != '/')
738 strlcat(path, "/", path_size);
740 #endif /* ifndef _WIN32 || __OS2__ */
741 strlcat(path, file, path_size);
745 #endif /* ndef AMIGA */
749 /*********************************************************************
751 * Function : pick_from_range
753 * Description : Pick a positive number out of a given range.
754 * Should only be used if randomness would be nice,
755 * but isn't really necessary.
758 * 1 : range: Highest possible number to pick.
760 * Returns : Picked number.
762 *********************************************************************/
763 long int pick_from_range(long int range)
767 static unsigned long seed = 0;
768 #endif /* def _WIN32 */
773 if (range <= 0) return 0;
775 #ifdef HAVE_ARC4RANDOM
776 number = arc4random() % range + 1;
777 #elif defined(HAVE_RANDOM)
778 number = random() % range + 1;
779 #elif defined(MUTEX_LOCKS_AVAILABLE)
780 privoxy_mutex_lock(&rand_mutex);
784 seed = (unsigned long)(GetCurrentThreadId()+GetTickCount());
787 seed = (unsigned long)((rand() << 16) + rand());
788 #endif /* def _WIN32 */
789 number = (unsigned long)((rand() << 16) + (rand())) % (unsigned long)(range + 1);
790 privoxy_mutex_unlock(&rand_mutex);
793 * XXX: Which platforms reach this and are there
794 * better options than just using rand() and hoping
797 log_error(LOG_LEVEL_INFO, "No thread-safe PRNG available? Header time randomization "
798 "might cause crashes, predictable results or even combine these fine options.");
799 number = rand() % (long int)(range + 1);
801 #endif /* (def HAVE_ARC4RANDOM) */
807 #ifdef USE_PRIVOXY_STRLCPY
808 /*********************************************************************
810 * Function : privoxy_strlcpy
812 * Description : strlcpy(3) look-alike for those without decent libc.
815 * 1 : destination: buffer to copy into.
816 * 2 : source: String to copy.
817 * 3 : size: Size of destination buffer.
819 * Returns : The length of the string that privoxy_strlcpy() tried to create.
821 *********************************************************************/
822 size_t privoxy_strlcpy(char *destination, const char *source, const size_t size)
826 snprintf(destination, size, "%s", source);
828 * Platforms that lack strlcpy() also tend to have
829 * a broken snprintf implementation that doesn't
830 * guarantee nul termination.
832 * XXX: the configure script should detect and reject those.
834 destination[size-1] = '\0';
836 return strlen(source);
838 #endif /* def USE_PRIVOXY_STRLCPY */
842 /*********************************************************************
844 * Function : privoxy_strlcat
846 * Description : strlcat(3) look-alike for those without decent libc.
849 * 1 : destination: C string.
850 * 2 : source: String to copy.
851 * 3 : size: Size of destination buffer.
853 * Returns : The length of the string that privoxy_strlcat() tried to create.
855 *********************************************************************/
856 size_t privoxy_strlcat(char *destination, const char *source, const size_t size)
858 const size_t old_length = strlen(destination);
859 return old_length + strlcpy(destination + old_length, source, size - old_length);
861 #endif /* ndef HAVE_STRLCAT */
864 #if !defined(HAVE_TIMEGM) && defined(HAVE_TZSET) && defined(HAVE_PUTENV)
865 /*********************************************************************
869 * Description : libc replacement function for the inverse of gmtime().
870 * Copyright (C) 2004 Free Software Foundation, Inc.
872 * Code originally copied from GnuPG, modifications done
873 * for Privoxy: style changed, #ifdefs for _WIN32 added
874 * to have it work on mingw32.
876 * XXX: It's very unlikely to happen, but if the malloc()
877 * call fails the time zone will be permanently set to UTC.
880 * 1 : tm: Broken-down time struct.
882 * Returns : tm converted into time_t seconds.
884 *********************************************************************/
885 time_t timegm(struct tm *tm)
898 old_zone = malloc(3 + strlen(zone) + 1);
901 strcpy(old_zone, "TZ=");
902 strcat(old_zone, zone);
905 /* http://man7.org/linux/man-pages/man3/putenv.3.html
906 * int putenv(char *string);
907 * The string pointed to by string becomes part of the environment, so altering the
908 * string changes the environment.
909 * In other words, the memory pointed to by *string is used until
910 * a) another call to putenv() with the same e-var name
911 * b) the program exits
913 * Windows e-vars don't work that way, so let's not leak memory.
916 #endif /* def _WIN32 */
923 #elif defined(_WIN32)
933 #endif /* !defined(HAVE_TIMEGM) && defined(HAVE_TZSET) && defined(HAVE_PUTENV) */
936 #ifndef HAVE_SNPRINTF
938 * What follows is a portable snprintf routine, written by Mark Martinec.
939 * See: http://www.ijs.si/software/snprintf/
942 - a portable implementation of snprintf,
943 including vsnprintf.c, asnprintf, vasnprintf, asprintf, vasprintf
945 snprintf is a routine to convert numeric and string arguments to
946 formatted strings. It is similar to sprintf(3) provided in a system's
947 C library, yet it requires an additional argument - the buffer size -
948 and it guarantees never to store anything beyond the given buffer,
949 regardless of the format or arguments to be formatted. Some newer
950 operating systems do provide snprintf in their C library, but many do
951 not or do provide an inadequate (slow or idiosyncratic) version, which
952 calls for a portable implementation of this routine.
956 Mark Martinec <mark.martinec@ijs.si>, April 1999, June 2000
957 Copyright © 1999, Mark Martinec
961 #define PORTABLE_SNPRINTF_VERSION_MAJOR 2
962 #define PORTABLE_SNPRINTF_VERSION_MINOR 2
964 #if defined(NEED_ASPRINTF) || defined(NEED_ASNPRINTF) || defined(NEED_VASPRINTF) || defined(NEED_VASNPRINTF)
965 # if defined(NEED_SNPRINTF_ONLY)
966 # undef NEED_SNPRINTF_ONLY
968 # if !defined(PREFER_PORTABLE_SNPRINTF)
969 # define PREFER_PORTABLE_SNPRINTF
973 #if defined(SOLARIS_BUG_COMPATIBLE) && !defined(SOLARIS_COMPATIBLE)
974 #define SOLARIS_COMPATIBLE
977 #if defined(HPUX_BUG_COMPATIBLE) && !defined(HPUX_COMPATIBLE)
978 #define HPUX_COMPATIBLE
981 #if defined(DIGITAL_UNIX_BUG_COMPATIBLE) && !defined(DIGITAL_UNIX_COMPATIBLE)
982 #define DIGITAL_UNIX_COMPATIBLE
985 #if defined(PERL_BUG_COMPATIBLE) && !defined(PERL_COMPATIBLE)
986 #define PERL_COMPATIBLE
989 #if defined(LINUX_BUG_COMPATIBLE) && !defined(LINUX_COMPATIBLE)
990 #define LINUX_COMPATIBLE
993 #include <sys/types.h>
1004 #define isdigit(c) ((c) >= '0' && (c) <= '9')
1006 /* For copying strings longer or equal to 'breakeven_point'
1007 * it is more efficient to call memcpy() than to do it inline.
1008 * The value depends mostly on the processor architecture,
1009 * but also on the compiler and its optimization capabilities.
1010 * The value is not critical, some small value greater than zero
1011 * will be just fine if you don't care to squeeze every drop
1012 * of performance out of the code.
1014 * Small values favor memcpy, large values favor inline code.
1016 #if defined(__alpha__) || defined(__alpha)
1017 # define breakeven_point 2 /* AXP (DEC Alpha) - gcc or cc or egcs */
1019 #if defined(__i386__) || defined(__i386)
1020 # define breakeven_point 12 /* Intel Pentium/Linux - gcc 2.96 */
1023 # define breakeven_point 10 /* HP-PA - gcc */
1025 #if defined(__sparc__) || defined(__sparc)
1026 # define breakeven_point 33 /* Sun Sparc 5 - gcc 2.8.1 */
1029 /* some other values of possible interest: */
1030 /* #define breakeven_point 8 */ /* VAX 4000 - vaxc */
1031 /* #define breakeven_point 19 */ /* VAX 4000 - gcc 2.7.0 */
1033 #ifndef breakeven_point
1034 # define breakeven_point 6 /* some reasonable one-size-fits-all value */
1037 #define fast_memcpy(d,s,n) \
1038 { register size_t nn = (size_t)(n); \
1039 if (nn >= breakeven_point) memcpy((d), (s), nn); \
1040 else if (nn > 0) { /* proc call overhead is worth only for large strings*/\
1041 register char *dd; register const char *ss; \
1042 for (ss=(s), dd=(d); nn>0; nn--) *dd++ = *ss++; } }
1044 #define fast_memset(d,c,n) \
1045 { register size_t nn = (size_t)(n); \
1046 if (nn >= breakeven_point) memset((d), (int)(c), nn); \
1047 else if (nn > 0) { /* proc call overhead is worth only for large strings*/\
1048 register char *dd; register const int cc=(int)(c); \
1049 for (dd=(d); nn>0; nn--) *dd++ = cc; } }
1053 #if defined(NEED_ASPRINTF)
1054 int asprintf (char **ptr, const char *fmt, /*args*/ ...);
1056 #if defined(NEED_VASPRINTF)
1057 int vasprintf (char **ptr, const char *fmt, va_list ap);
1059 #if defined(NEED_ASNPRINTF)
1060 int asnprintf (char **ptr, size_t str_m, const char *fmt, /*args*/ ...);
1062 #if defined(NEED_VASNPRINTF)
1063 int vasnprintf (char **ptr, size_t str_m, const char *fmt, va_list ap);
1066 #if defined(HAVE_SNPRINTF)
1067 /* declare our portable snprintf routine under name portable_snprintf */
1068 /* declare our portable vsnprintf routine under name portable_vsnprintf */
1070 /* declare our portable routines under names snprintf and vsnprintf */
1071 #define portable_snprintf snprintf
1072 #if !defined(NEED_SNPRINTF_ONLY)
1073 #define portable_vsnprintf vsnprintf
1077 #if !defined(HAVE_SNPRINTF) || defined(PREFER_PORTABLE_SNPRINTF)
1078 int portable_snprintf(char *str, size_t str_m, const char *fmt, /*args*/ ...);
1079 #if !defined(NEED_SNPRINTF_ONLY)
1080 int portable_vsnprintf(char *str, size_t str_m, const char *fmt, va_list ap);
1086 static char credits[] = "\n\
1087 @(#)snprintf.c, v2.2: Mark Martinec, <mark.martinec@ijs.si>\n\
1088 @(#)snprintf.c, v2.2: Copyright 1999, Mark Martinec. Frontier Artistic License applies.\n\
1089 @(#)snprintf.c, v2.2: http://www.ijs.si/software/snprintf/\n";
1091 #if defined(NEED_ASPRINTF)
1092 int asprintf(char **ptr, const char *fmt, /*args*/ ...) {
1098 va_start(ap, fmt); /* measure the required size */
1099 str_l = portable_vsnprintf(NULL, (size_t)0, fmt, ap);
1101 assert(str_l >= 0); /* possible integer overflow if str_m > INT_MAX */
1102 *ptr = (char *) malloc(str_m = (size_t)str_l + 1);
1103 if (*ptr == NULL) { errno = ENOMEM; str_l = -1; }
1107 str_l2 = portable_vsnprintf(*ptr, str_m, fmt, ap);
1109 assert(str_l2 == str_l);
1115 #if defined(NEED_VASPRINTF)
1116 int vasprintf(char **ptr, const char *fmt, va_list ap) {
1122 va_copy(ap2, ap); /* don't consume the original ap, we'll need it again */
1123 str_l = portable_vsnprintf(NULL, (size_t)0, fmt, ap2);/*get required size*/
1126 assert(str_l >= 0); /* possible integer overflow if str_m > INT_MAX */
1127 *ptr = (char *) malloc(str_m = (size_t)str_l + 1);
1128 if (*ptr == NULL) { errno = ENOMEM; str_l = -1; }
1130 int str_l2 = portable_vsnprintf(*ptr, str_m, fmt, ap);
1131 assert(str_l2 == str_l);
1137 #if defined(NEED_ASNPRINTF)
1138 int asnprintf (char **ptr, size_t str_m, const char *fmt, /*args*/ ...) {
1143 va_start(ap, fmt); /* measure the required size */
1144 str_l = portable_vsnprintf(NULL, (size_t)0, fmt, ap);
1146 assert(str_l >= 0); /* possible integer overflow if str_m > INT_MAX */
1147 if ((size_t)str_l + 1 < str_m) str_m = (size_t)str_l + 1; /* truncate */
1148 /* if str_m is 0, no buffer is allocated, just set *ptr to NULL */
1149 if (str_m == 0) { /* not interested in resulting string, just return size */
1151 *ptr = (char *) malloc(str_m);
1152 if (*ptr == NULL) { errno = ENOMEM; str_l = -1; }
1156 str_l2 = portable_vsnprintf(*ptr, str_m, fmt, ap);
1158 assert(str_l2 == str_l);
1165 #if defined(NEED_VASNPRINTF)
1166 int vasnprintf (char **ptr, size_t str_m, const char *fmt, va_list ap) {
1171 va_copy(ap2, ap); /* don't consume the original ap, we'll need it again */
1172 str_l = portable_vsnprintf(NULL, (size_t)0, fmt, ap2);/*get required size*/
1175 assert(str_l >= 0); /* possible integer overflow if str_m > INT_MAX */
1176 if ((size_t)str_l + 1 < str_m) str_m = (size_t)str_l + 1; /* truncate */
1177 /* if str_m is 0, no buffer is allocated, just set *ptr to NULL */
1178 if (str_m == 0) { /* not interested in resulting string, just return size */
1180 *ptr = (char *) malloc(str_m);
1181 if (*ptr == NULL) { errno = ENOMEM; str_l = -1; }
1183 int str_l2 = portable_vsnprintf(*ptr, str_m, fmt, ap);
1184 assert(str_l2 == str_l);
1192 * If the system does have snprintf and the portable routine is not
1193 * specifically required, this module produces no code for snprintf/vsnprintf.
1195 #if !defined(HAVE_SNPRINTF) || defined(PREFER_PORTABLE_SNPRINTF)
1197 #if !defined(NEED_SNPRINTF_ONLY)
1198 int portable_snprintf(char *str, size_t str_m, const char *fmt, /*args*/ ...) {
1203 str_l = portable_vsnprintf(str, str_m, fmt, ap);
1209 #if defined(NEED_SNPRINTF_ONLY)
1210 int portable_snprintf(char *str, size_t str_m, const char *fmt, /*args*/ ...) {
1212 int portable_vsnprintf(char *str, size_t str_m, const char *fmt, va_list ap) {
1215 #if defined(NEED_SNPRINTF_ONLY)
1219 const char *p = fmt;
1221 /* In contrast with POSIX, the ISO C99 now says
1222 * that str can be NULL and str_m can be 0.
1223 * This is more useful than the old: if (str_m < 1) return -1; */
1225 #if defined(NEED_SNPRINTF_ONLY)
1231 /* if (str_l < str_m) str[str_l++] = *p++; -- this would be sufficient */
1232 /* but the following code achieves better performance for cases
1233 * where format string is long and contains few conversions */
1234 const char *q = strchr(p+1,'%');
1235 size_t n = !q ? strlen(p) : (q-p);
1236 if (str_l < str_m) {
1237 size_t avail = str_m-str_l;
1238 fast_memcpy(str+str_l, p, (n>avail?avail:n));
1242 const char *starting_p;
1243 size_t min_field_width = 0, precision = 0;
1244 int zero_padding = 0, precision_specified = 0, justify_left = 0;
1245 int alternate_form = 0, force_sign = 0;
1246 int space_for_positive = 1; /* If both the ' ' and '+' flags appear,
1247 the ' ' flag should be ignored. */
1248 char length_modifier = '\0'; /* allowed values: \0, h, l, L */
1249 char tmp[32];/* temporary buffer for simple numeric->string conversion */
1251 const char *str_arg; /* string address in case of string argument */
1252 size_t str_arg_l; /* natural field width of arg without padding
1254 unsigned char uchar_arg;
1255 /* unsigned char argument value - only defined for c conversion.
1256 N.B. standard explicitly states the char argument for
1257 the c conversion is unsigned */
1259 size_t number_of_zeros_to_pad = 0;
1260 /* number of zeros to be inserted for numeric conversions
1261 as required by the precision or minimal field width */
1263 size_t zero_padding_insertion_ind = 0;
1264 /* index into tmp where zero padding is to be inserted */
1266 char fmt_spec = '\0';
1267 /* current conversion specifier character */
1269 str_arg = credits;/* just to make compiler happy (defined but not used)*/
1271 starting_p = p; p++; /* skip '%' */
1273 while (*p == '0' || *p == '-' || *p == '+' ||
1274 *p == ' ' || *p == '#' || *p == '\'') {
1276 case '0': zero_padding = 1; break;
1277 case '-': justify_left = 1; break;
1278 case '+': force_sign = 1; space_for_positive = 0; break;
1279 case ' ': force_sign = 1;
1280 /* If both the ' ' and '+' flags appear, the ' ' flag should be ignored */
1281 #ifdef PERL_COMPATIBLE
1282 /* ... but in Perl the last of ' ' and '+' applies */
1283 space_for_positive = 1;
1286 case '#': alternate_form = 1; break;
1291 /* If the '0' and '-' flags both appear, the '0' flag should be ignored. */
1293 /* parse field width */
1296 p++; j = va_arg(ap, int);
1297 if (j >= 0) min_field_width = j;
1298 else { min_field_width = -j; justify_left = 1; }
1299 } else if (isdigit((int)(*p))) {
1300 /* size_t could be wider than unsigned int;
1301 make sure we treat argument like common implementations do */
1302 unsigned int uj = *p++ - '0';
1303 while (isdigit((int)(*p))) uj = 10*uj + (unsigned int)(*p++ - '0');
1304 min_field_width = uj;
1306 /* parse precision */
1308 p++; precision_specified = 1;
1310 int j = va_arg(ap, int);
1312 if (j >= 0) precision = j;
1314 precision_specified = 0; precision = 0;
1316 * Solaris 2.6 man page claims that in this case the precision
1317 * should be set to 0. Digital Unix 4.0, HPUX 10 and BSD man page
1318 * claim that this case should be treated as unspecified precision,
1319 * which is what we do here.
1322 } else if (isdigit((int)(*p))) {
1323 /* size_t could be wider than unsigned int;
1324 make sure we treat argument like common implementations do */
1325 unsigned int uj = *p++ - '0';
1326 while (isdigit((int)(*p))) uj = 10*uj + (unsigned int)(*p++ - '0');
1330 /* parse 'h', 'l' and 'll' length modifiers */
1331 if (*p == 'h' || *p == 'l') {
1332 length_modifier = *p; p++;
1333 if (length_modifier == 'l' && *p == 'l') { /* double l = long long */
1334 #ifdef SNPRINTF_LONGLONG_SUPPORT
1335 length_modifier = '2'; /* double l encoded as '2' */
1337 length_modifier = 'l'; /* treat it as a single 'l' */
1343 /* common synonyms: */
1345 case 'i': fmt_spec = 'd'; break;
1346 case 'D': fmt_spec = 'd'; length_modifier = 'l'; break;
1347 case 'U': fmt_spec = 'u'; length_modifier = 'l'; break;
1348 case 'O': fmt_spec = 'o'; length_modifier = 'l'; break;
1351 /* get parameter value, do initial processing */
1353 case '%': /* % behaves similar to 's' regarding flags and field widths */
1354 case 'c': /* c behaves similar to 's' regarding flags and field widths */
1356 length_modifier = '\0'; /* wint_t and wchar_t not supported */
1357 /* the result of zero padding flag with non-numeric conversion specifier*/
1358 /* is undefined. Solaris and HPUX 10 does zero padding in this case, */
1359 /* Digital Unix and Linux does not. */
1360 #if !defined(SOLARIS_COMPATIBLE) && !defined(HPUX_COMPATIBLE)
1361 zero_padding = 0; /* turn zero padding off for string conversions */
1368 int j = va_arg(ap, int);
1369 uchar_arg = (unsigned char) j; /* standard demands unsigned char */
1370 str_arg = (const char *) &uchar_arg;
1374 str_arg = va_arg(ap, const char *);
1375 if (!str_arg) str_arg_l = 0;
1376 /* make sure not to address string beyond the specified precision !!! */
1377 else if (!precision_specified) str_arg_l = strlen(str_arg);
1378 /* truncate string if necessary as requested by precision */
1379 else if (precision == 0) str_arg_l = 0;
1381 /* memchr on HP does not like n > 2^31 !!! */
1382 const char *q = memchr(str_arg, '\0',
1383 precision <= 0x7fffffff ? precision : 0x7fffffff);
1384 str_arg_l = !q ? precision : (q-str_arg);
1390 case 'd': case 'u': case 'o': case 'x': case 'X': case 'p': {
1391 /* NOTE: the u, o, x, X and p conversion specifiers imply
1392 the value is unsigned; d implies a signed value */
1395 /* 0 if numeric argument is zero (or if pointer is NULL for 'p'),
1396 +1 if greater than zero (or nonzero for unsigned arguments),
1397 -1 if negative (unsigned argument is never negative) */
1399 int int_arg = 0; unsigned int uint_arg = 0;
1400 /* only defined for length modifier h, or for no length modifiers */
1402 long int long_arg = 0; unsigned long int ulong_arg = 0;
1403 /* only defined for length modifier l */
1405 void *ptr_arg = NULL;
1406 /* pointer argument value -only defined for p conversion */
1408 #ifdef SNPRINTF_LONGLONG_SUPPORT
1409 long long int long_long_arg = 0;
1410 unsigned long long int ulong_long_arg = 0;
1411 /* only defined for length modifier ll */
1413 if (fmt_spec == 'p') {
1414 /* HPUX 10: An l, h, ll or L before any other conversion character
1415 * (other than d, i, u, o, x, or X) is ignored.
1417 * not specified, but seems to behave as HPUX does.
1418 * Solaris: If an h, l, or L appears before any other conversion
1419 * specifier (other than d, i, u, o, x, or X), the behavior
1420 * is undefined. (Actually %hp converts only 16-bits of address
1421 * and %llp treats address as 64-bit data which is incompatible
1422 * with (void *) argument on a 32-bit system).
1424 #ifdef SOLARIS_COMPATIBLE
1425 # ifdef SOLARIS_BUG_COMPATIBLE
1426 /* keep length modifiers even if it represents 'll' */
1428 if (length_modifier == '2') length_modifier = '\0';
1431 length_modifier = '\0';
1433 ptr_arg = va_arg(ap, void *);
1434 if (ptr_arg != NULL) arg_sign = 1;
1435 } else if (fmt_spec == 'd') { /* signed */
1436 switch (length_modifier) {
1439 /* It is non-portable to specify a second argument of char or short
1440 * to va_arg, because arguments seen by the called function
1441 * are not char or short. C converts char and short arguments
1442 * to int before passing them to a function.
1444 int_arg = va_arg(ap, int);
1445 if (int_arg > 0) arg_sign = 1;
1446 else if (int_arg < 0) arg_sign = -1;
1449 long_arg = va_arg(ap, long int);
1450 if (long_arg > 0) arg_sign = 1;
1451 else if (long_arg < 0) arg_sign = -1;
1453 #ifdef SNPRINTF_LONGLONG_SUPPORT
1455 long_long_arg = va_arg(ap, long long int);
1456 if (long_long_arg > 0) arg_sign = 1;
1457 else if (long_long_arg < 0) arg_sign = -1;
1461 } else { /* unsigned */
1462 switch (length_modifier) {
1465 uint_arg = va_arg(ap, unsigned int);
1466 if (uint_arg) arg_sign = 1;
1469 ulong_arg = va_arg(ap, unsigned long int);
1470 if (ulong_arg) arg_sign = 1;
1472 #ifdef SNPRINTF_LONGLONG_SUPPORT
1474 ulong_long_arg = va_arg(ap, unsigned long long int);
1475 if (ulong_long_arg) arg_sign = 1;
1480 str_arg = tmp; str_arg_l = 0;
1482 * For d, i, u, o, x, and X conversions, if precision is specified,
1483 * the '0' flag should be ignored. This is so with Solaris 2.6,
1484 * Digital UNIX 4.0, HPUX 10, Linux, FreeBSD, NetBSD; but not with Perl.
1486 #ifndef PERL_COMPATIBLE
1487 if (precision_specified) zero_padding = 0;
1489 if (fmt_spec == 'd') {
1490 if (force_sign && arg_sign >= 0)
1491 tmp[str_arg_l++] = space_for_positive ? ' ' : '+';
1492 /* leave negative numbers for sprintf to handle,
1493 to avoid handling tricky cases like (short int)(-32768) */
1494 #ifdef LINUX_COMPATIBLE
1495 } else if (fmt_spec == 'p' && force_sign && arg_sign > 0) {
1496 tmp[str_arg_l++] = space_for_positive ? ' ' : '+';
1498 } else if (alternate_form) {
1499 if (arg_sign != 0 && (fmt_spec == 'x' || fmt_spec == 'X') )
1500 { tmp[str_arg_l++] = '0'; tmp[str_arg_l++] = fmt_spec; }
1501 /* alternate form should have no effect for p conversion, but ... */
1502 #ifdef HPUX_COMPATIBLE
1503 else if (fmt_spec == 'p'
1504 /* HPUX 10: for an alternate form of p conversion,
1505 * a nonzero result is prefixed by 0x. */
1506 #ifndef HPUX_BUG_COMPATIBLE
1507 /* Actually it uses 0x prefix even for a zero value. */
1510 ) { tmp[str_arg_l++] = '0'; tmp[str_arg_l++] = 'x'; }
1513 zero_padding_insertion_ind = str_arg_l;
1514 if (!precision_specified) precision = 1; /* default precision is 1 */
1515 if (precision == 0 && arg_sign == 0
1516 #if defined(HPUX_BUG_COMPATIBLE) || defined(LINUX_COMPATIBLE)
1518 /* HPUX 10 man page claims: With conversion character p the result of
1519 * converting a zero value with a precision of zero is a null string.
1520 * Actually HP returns all zeroes, and Linux returns "(nil)". */
1523 /* converted to null string */
1524 /* When zero value is formatted with an explicit precision 0,
1525 the resulting formatted string is empty (d, i, u, o, x, X, p). */
1527 char f[5]; int f_l = 0;
1528 f[f_l++] = '%'; /* construct a simple format string for sprintf */
1529 if (!length_modifier) { }
1530 else if (length_modifier=='2') { f[f_l++] = 'l'; f[f_l++] = 'l'; }
1531 else f[f_l++] = length_modifier;
1532 f[f_l++] = fmt_spec; f[f_l++] = '\0';
1533 if (fmt_spec == 'p') str_arg_l += sprintf(tmp+str_arg_l, f, ptr_arg);
1534 else if (fmt_spec == 'd') { /* signed */
1535 switch (length_modifier) {
1537 case 'h': str_arg_l+=sprintf(tmp+str_arg_l, f, int_arg); break;
1538 case 'l': str_arg_l+=sprintf(tmp+str_arg_l, f, long_arg); break;
1539 #ifdef SNPRINTF_LONGLONG_SUPPORT
1540 case '2': str_arg_l+=sprintf(tmp+str_arg_l,f,long_long_arg); break;
1543 } else { /* unsigned */
1544 switch (length_modifier) {
1546 case 'h': str_arg_l+=sprintf(tmp+str_arg_l, f, uint_arg); break;
1547 case 'l': str_arg_l+=sprintf(tmp+str_arg_l, f, ulong_arg); break;
1548 #ifdef SNPRINTF_LONGLONG_SUPPORT
1549 case '2': str_arg_l+=sprintf(tmp+str_arg_l,f,ulong_long_arg);break;
1553 /* include the optional minus sign and possible "0x"
1554 in the region before the zero padding insertion point */
1555 if (zero_padding_insertion_ind < str_arg_l &&
1556 tmp[zero_padding_insertion_ind] == '-') {
1557 zero_padding_insertion_ind++;
1559 if (zero_padding_insertion_ind+1 < str_arg_l &&
1560 tmp[zero_padding_insertion_ind] == '0' &&
1561 (tmp[zero_padding_insertion_ind+1] == 'x' ||
1562 tmp[zero_padding_insertion_ind+1] == 'X') ) {
1563 zero_padding_insertion_ind += 2;
1566 { size_t num_of_digits = str_arg_l - zero_padding_insertion_ind;
1567 if (alternate_form && fmt_spec == 'o'
1568 #ifdef HPUX_COMPATIBLE /* ("%#.o",0) -> "" */
1571 #ifdef DIGITAL_UNIX_BUG_COMPATIBLE /* ("%#o",0) -> "00" */
1573 /* unless zero is already the first character */
1574 && !(zero_padding_insertion_ind < str_arg_l
1575 && tmp[zero_padding_insertion_ind] == '0')
1577 ) { /* assure leading zero for alternate-form octal numbers */
1578 if (!precision_specified || precision < num_of_digits+1) {
1579 /* precision is increased to force the first character to be zero,
1580 except if a zero value is formatted with an explicit precision
1582 precision = num_of_digits+1; precision_specified = 1;
1585 /* zero padding to specified precision? */
1586 if (num_of_digits < precision)
1587 number_of_zeros_to_pad = precision - num_of_digits;
1589 /* zero padding to specified minimal field width? */
1590 if (!justify_left && zero_padding) {
1591 int n = min_field_width - (str_arg_l+number_of_zeros_to_pad);
1592 if (n > 0) number_of_zeros_to_pad += n;
1596 default: /* unrecognized conversion specifier, keep format string as-is*/
1597 zero_padding = 0; /* turn zero padding off for non-numeric convers. */
1598 #ifndef DIGITAL_UNIX_COMPATIBLE
1599 justify_left = 1; min_field_width = 0; /* reset flags */
1601 #if defined(PERL_COMPATIBLE) || defined(LINUX_COMPATIBLE)
1602 /* keep the entire format string unchanged */
1603 str_arg = starting_p; str_arg_l = p - starting_p;
1604 /* well, not exactly so for Linux, which does something between,
1605 * and I don't feel an urge to imitate it: "%+++++hy" -> "%+y" */
1607 /* discard the unrecognized conversion, just keep *
1608 * the unrecognized conversion character */
1609 str_arg = p; str_arg_l = 0;
1611 if (*p) str_arg_l++; /* include invalid conversion specifier unchanged
1612 if not at end-of-string */
1615 if (*p) p++; /* step over the just processed conversion specifier */
1616 /* insert padding to the left as requested by min_field_width;
1617 this does not include the zero padding in case of numerical conversions*/
1618 if (!justify_left) { /* left padding with blank or zero */
1619 int n = min_field_width - (str_arg_l+number_of_zeros_to_pad);
1621 if (str_l < str_m) {
1622 size_t avail = str_m-str_l;
1623 fast_memset(str+str_l, (zero_padding?'0':' '), (n>avail?avail:n));
1628 /* zero padding as requested by the precision or by the minimal field width
1629 * for numeric conversions required? */
1630 if (number_of_zeros_to_pad <= 0) {
1631 /* will not copy first part of numeric right now, *
1632 * force it to be copied later in its entirety */
1633 zero_padding_insertion_ind = 0;
1635 /* insert first part of numerics (sign or '0x') before zero padding */
1636 int n = zero_padding_insertion_ind;
1638 if (str_l < str_m) {
1639 size_t avail = str_m-str_l;
1640 fast_memcpy(str+str_l, str_arg, (n>avail?avail:n));
1644 /* insert zero padding as requested by the precision or min field width */
1645 n = number_of_zeros_to_pad;
1647 if (str_l < str_m) {
1648 size_t avail = str_m-str_l;
1649 fast_memset(str+str_l, '0', (n>avail?avail:n));
1654 /* insert formatted string
1655 * (or as-is conversion specifier for unknown conversions) */
1656 { int n = str_arg_l - zero_padding_insertion_ind;
1658 if (str_l < str_m) {
1659 size_t avail = str_m-str_l;
1660 fast_memcpy(str+str_l, str_arg+zero_padding_insertion_ind,
1666 /* insert right padding */
1667 if (justify_left) { /* right blank padding to the field width */
1668 int n = min_field_width - (str_arg_l+number_of_zeros_to_pad);
1670 if (str_l < str_m) {
1671 size_t avail = str_m-str_l;
1672 fast_memset(str+str_l, ' ', (n>avail?avail:n));
1679 #if defined(NEED_SNPRINTF_ONLY)
1682 if (str_m > 0) { /* make sure the string is null-terminated
1683 even at the expense of overwriting the last character
1684 (shouldn't happen, but just in case) */
1685 str[str_l <= str_m-1 ? str_l : str_m-1] = '\0';
1687 /* Return the number of characters formatted (excluding trailing null
1688 * character), that is, the number of characters that would have been
1689 * written to the buffer if it were large enough.
1691 * The value of str_l should be returned, but str_l is of unsigned type
1692 * size_t, and snprintf is int, possibly leading to an undetected
1693 * integer overflow, resulting in a negative return value, which is illegal.
1694 * Both XSH5 and ISO C99 (at least the draft) are silent on this issue.
1695 * Should errno be set to EOVERFLOW and EOF returned in this case???
1700 #endif /* ndef HAVE_SNPRINTF */