/** * ========================================================================= * File : string_s.cpp * Project : 0 A.D. * Description : implementation of proposed CRT safe string functions * * @author Jan.Wassenberg@stud.uni-karlsruhe.de * ========================================================================= */ /* * Copyright (c) 2005 Jan Wassenberg * * Redistribution and/or modification are also permitted under the * terms of the GNU General Public License as published by the * Free Software Foundation (version 2 or later, at your option). * * This program is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ #include "precompiled.h" #include #include "lib.h" #include "posix.h" // SIZE_MAX // written against http://std.dkuug.dk/jtc1/sc22/wg14/www/docs/n1031.pdf . // optimized for size - e.g. strcpy calls strncpy with n = SIZE_MAX. // since char and wide versions of these functions are basically the same, // this source file implements generic versions and bridges the differences // with these macros. wstring_s.cpp #defines WSTRING_S and includes this file. #ifdef WSTRING_S # define tchar wchar_t # define T(string_literal) L ## string_literal # define tnlen wcsnlen # define tncpy_s wcsncpy_s # define tcpy_s wcscpy_s # define tncat_s wcsncat_s # define tcat_s wcscat_s # define tcmp wcscmp # define tcpy wcscpy #else # define tchar char # define T(string_literal) string_literal # define tnlen strnlen # define tncpy_s strncpy_s # define tcpy_s strcpy_s # define tncat_s strncat_s # define tcat_s strcat_s # define tcmp strcmp # define tcpy strcpy #endif // return and raise an assertion if doesn't hold. // usable as a statement. #define ENFORCE(condition, err_to_warn, retval) STMT(\ if(!(condition)) \ { \ DEBUG_WARN_ERR(err_to_warn); \ return retval; \ } \ ) // raise a debug warning if is the size of a pointer. // catches bugs such as: tchar* s = ..; tcpy_s(s, sizeof(s), T("..")); // if warnings get annoying, replace with debug_printf. usable as a statement. #define WARN_IF_PTR_LEN(len) STMT( \ if(len == sizeof(char*)) \ debug_warn("make sure string buffer size is correct");\ ) // skip our implementation if already available, but not the // self-test and the t* defines (needed for test). #if !HAVE_STRING_S // return length [in characters] of a string, not including the trailing // null character. to protect against access violations, only the // first characters are examined; if the null character is // not encountered by then, is returned. size_t tnlen(const tchar* str, size_t max_len) { // note: we can't bail - what would the return value be? debug_assert(str != 0); WARN_IF_PTR_LEN(max_len); size_t len; for(len = 0; len < max_len; len++) if(*str++ == '\0') break; return len; } // copy at most (not including trailing null) from // into , which must not overlap. // if thereby (including null) would be exceeded, // is set to the empty string and ERANGE returned; otherwise, // 0 is returned to indicate success and that is null-terminated. // // note: padding with zeroes is not called for by NG1031. int tncpy_s(tchar* dst, size_t max_dst_chars, const tchar* src, size_t max_src_chars) { // the MS implementation returns EINVAL and allows dst = 0 if // max_dst_chars = max_src_chars = 0. no mention of this in // 3.6.2.1.1, so don't emulate that behavior. ENFORCE(dst != 0, ERR_INVALID_PARAM, EINVAL); ENFORCE(max_dst_chars != 0, ERR_INVALID_PARAM, ERANGE); *dst = '\0'; // in case src ENFORCE is triggered ENFORCE(src != 0, ERR_INVALID_PARAM, EINVAL); WARN_IF_PTR_LEN(max_dst_chars); WARN_IF_PTR_LEN(max_src_chars); // copy string until null character encountered or limit reached. // optimized for size (less comparisons than MS impl) and // speed (due to well-predicted jumps; we don't bother unrolling). tchar* p = dst; size_t chars_left = MIN(max_dst_chars, max_src_chars); while(chars_left != 0) { // success: reached end of string normally. if((*p++ = *src++) == '\0') return 0; chars_left--; } // which limit did we hit? // .. dst, and last character wasn't null: overflow. if(max_dst_chars <= max_src_chars) { *dst = '\0'; ENFORCE(0, ERR_BUF_SIZE, ERANGE); } // .. source: success, but still need to null-terminate the destination. *p = '\0'; return 0; } // copy (including trailing null) into , which must not overlap. // if thereby (including null) would be exceeded, // is set to the empty string and ERANGE returned; otherwise, // 0 is returned to indicate success and that is null-terminated. int tcpy_s(tchar* dst, size_t max_dst_chars, const tchar* src) { return tncpy_s(dst, max_dst_chars, src, SIZE_MAX); } // append to , which must not overlap. // if thereby (including null) would be exceeded, // is set to the empty string and ERANGE returned; otherwise, // 0 is returned to indicate success and that is null-terminated. int tncat_s(tchar* dst, size_t max_dst_chars, const tchar* src, size_t max_src_chars) { ENFORCE(dst != 0, ERR_INVALID_PARAM, EINVAL); ENFORCE(max_dst_chars != 0, ERR_INVALID_PARAM, ERANGE); // src is checked in tncpy_s // WARN_IF_PTR_LEN not necessary: both max_dst_chars and max_src_chars // are checked by tnlen / tncpy_s (respectively). const size_t dst_len = tnlen(dst, max_dst_chars); if(dst_len == max_dst_chars) { *dst = '\0'; ENFORCE(0, ERR_STRING_NOT_TERMINATED, ERANGE); } tchar* const end = dst+dst_len; const size_t chars_left = max_dst_chars-dst_len; int ret = tncpy_s(end, chars_left, src, max_src_chars); // if tncpy_s overflowed, we need to clear the start of our string // (not just the appended part). can't do that by default, because // the beginning of dst is not changed in normal operation. if(ret != 0) *dst = '\0'; return ret; } // append to , which must not overlap. // if thereby (including null) would be exceeded, // is set to the empty string and ERANGE returned; otherwise, // 0 is returned to indicate success and that is null-terminated. // // note: implemented as tncat_s(dst, max_dst_chars, src, SIZE_MAX) int tcat_s(tchar* dst, size_t max_dst_chars, const tchar* src) { return tncat_s(dst, max_dst_chars, src, SIZE_MAX); } #endif // #if !HAVE_STRING_S