1 /* vsprintf with automatic memory allocation.
2 Copyright (C) 1999, 2002-2005 Free Software Foundation, Inc.
4 This program is free software; you can redistribute it and/or modify
5 it under the terms of the GNU General Public License as published by
6 the Free Software Foundation; either version 2, or (at your option)
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
14 You should have received a copy of the GNU General Public License along
15 with this program; if not, write to the Free Software Foundation,
16 Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */
18 /* Tell glibc's <stdio.h> to provide a prototype for snprintf().
19 This must come before <config.h> because <config.h> may include
20 <features.h>, and once <features.h> has been included, it's too late. */
22 # define _GNU_SOURCE 1
36 # include "vasnwprintf.h"
38 # include "vasnprintf.h"
41 #include <stdio.h> /* snprintf(), sprintf() */
42 #include <stdlib.h> /* abort(), malloc(), realloc(), free() */
43 #include <string.h> /* memcpy(), strlen() */
44 #include <errno.h> /* errno */
45 #include <limits.h> /* CHAR_BIT, INT_MAX */
46 #include <float.h> /* DBL_MAX_EXP, LDBL_MAX_EXP */
48 # include "wprintf-parse.h"
50 # include "printf-parse.h"
53 /* Checked size_t computations. */
56 /* Some systems, like OSF/1 4.0 and Woe32, don't have EOVERFLOW. */
58 # define EOVERFLOW E2BIG
63 # define local_wcslen wcslen
65 /* Solaris 2.5.1 has wcslen() in a separate library libw.so. To avoid
66 a dependency towards this library, here is a local substitute.
67 Define this substitute only once, even if this file is included
68 twice in the same compilation unit. */
69 # ifndef local_wcslen_defined
70 # define local_wcslen_defined 1
72 local_wcslen (const wchar_t *s)
76 for (ptr = s; *ptr != (wchar_t) 0; ptr++)
85 # define VASNPRINTF vasnwprintf
86 # define CHAR_T wchar_t
87 # define DIRECTIVE wchar_t_directive
88 # define DIRECTIVES wchar_t_directives
89 # define PRINTF_PARSE wprintf_parse
90 # define USE_SNPRINTF 1
91 # if HAVE_DECL__SNWPRINTF
92 /* On Windows, the function swprintf() has a different signature than
93 on Unix; we use the _snwprintf() function instead. */
94 # define SNPRINTF _snwprintf
97 # define SNPRINTF swprintf
100 # define VASNPRINTF vasnprintf
102 # define DIRECTIVE char_directive
103 # define DIRECTIVES char_directives
104 # define PRINTF_PARSE printf_parse
106 /* disabled for security reasons, to avoid having %n in writable memory */
107 # define USE_SNPRINTF (HAVE_DECL__SNPRINTF || HAVE_SNPRINTF)
109 # define USE_SNPRINTF 0
111 # if HAVE_DECL__SNPRINTF
113 # define SNPRINTF _snprintf
116 # define SNPRINTF snprintf
121 VASNPRINTF (CHAR_T *resultbuf, size_t *lengthp, const CHAR_T *format, va_list args)
126 if (PRINTF_PARSE (format, &d, &a) < 0)
137 if (printf_fetchargs (args, &a) < 0)
145 size_t buf_neededlength;
147 CHAR_T *buf_malloced;
151 /* Output string accumulator. */
156 /* Allocate a small buffer that will hold a directive passed to
157 sprintf or snprintf. */
159 xsum4 (7, d.max_width_length, d.max_precision_length, 6);
161 if (buf_neededlength < 4000 / sizeof (CHAR_T))
163 buf = (CHAR_T *) alloca (buf_neededlength * sizeof (CHAR_T));
169 size_t buf_memsize = xtimes (buf_neededlength, sizeof (CHAR_T));
170 if (size_overflow_p (buf_memsize))
171 goto out_of_memory_1;
172 buf = (CHAR_T *) malloc (buf_memsize);
174 goto out_of_memory_1;
178 if (resultbuf != NULL)
181 allocated = *lengthp;
190 result is either == resultbuf or == NULL or malloc-allocated.
191 If length > 0, then result != NULL. */
193 /* Ensures that allocated >= needed. Aborts through a jump to
194 out_of_memory if needed is SIZE_MAX or otherwise too big. */
195 #define ENSURE_ALLOCATION(needed) \
196 if ((needed) > allocated) \
198 size_t memory_size; \
201 allocated = (allocated > 0 ? xtimes (allocated, 2) : 12); \
202 if ((needed) > allocated) \
203 allocated = (needed); \
204 memory_size = xtimes (allocated, sizeof (CHAR_T)); \
205 if (size_overflow_p (memory_size)) \
206 goto out_of_memory; \
207 if (result == resultbuf || result == NULL) \
208 memory = (CHAR_T *) malloc (memory_size); \
210 memory = (CHAR_T *) realloc (result, memory_size); \
211 if (memory == NULL) \
212 goto out_of_memory; \
213 if (result == resultbuf && length > 0) \
214 memcpy (memory, result, length * sizeof (CHAR_T)); \
218 for (cp = format, i = 0, dp = &d.dir[0]; ; cp = dp->dir_end, i++, dp++)
220 if (cp != dp->dir_start)
222 size_t n = dp->dir_start - cp;
223 size_t augmented_length = xsum (length, n);
225 ENSURE_ALLOCATION (augmented_length);
226 memcpy (result + length, cp, n * sizeof (CHAR_T));
227 length = augmented_length;
232 /* Execute a single directive. */
233 if (dp->conversion == '%')
235 size_t augmented_length;
237 if (!(dp->arg_index == ARG_NONE))
239 augmented_length = xsum (length, 1);
240 ENSURE_ALLOCATION (augmented_length);
241 result[length] = '%';
242 length = augmented_length;
246 if (!(dp->arg_index != ARG_NONE))
249 if (dp->conversion == 'n')
251 switch (a.arg[dp->arg_index].type)
253 case TYPE_COUNT_SCHAR_POINTER:
254 *a.arg[dp->arg_index].a.a_count_schar_pointer = length;
256 case TYPE_COUNT_SHORT_POINTER:
257 *a.arg[dp->arg_index].a.a_count_short_pointer = length;
259 case TYPE_COUNT_INT_POINTER:
260 *a.arg[dp->arg_index].a.a_count_int_pointer = length;
262 case TYPE_COUNT_LONGINT_POINTER:
263 *a.arg[dp->arg_index].a.a_count_longint_pointer = length;
265 #ifdef HAVE_LONG_LONG
266 case TYPE_COUNT_LONGLONGINT_POINTER:
267 *a.arg[dp->arg_index].a.a_count_longlongint_pointer = length;
276 arg_type type = a.arg[dp->arg_index].type;
278 unsigned int prefix_count;
285 /* Allocate a temporary buffer of sufficient size for calling
292 if (dp->width_start != dp->width_end)
294 if (dp->width_arg_index != ARG_NONE)
298 if (!(a.arg[dp->width_arg_index].type == TYPE_INT))
300 arg = a.arg[dp->width_arg_index].a.a_int;
301 width = (arg < 0 ? (unsigned int) (-arg) : arg);
305 const CHAR_T *digitp = dp->width_start;
308 width = xsum (xtimes (width, 10), *digitp++ - '0');
309 while (digitp != dp->width_end);
314 if (dp->precision_start != dp->precision_end)
316 if (dp->precision_arg_index != ARG_NONE)
320 if (!(a.arg[dp->precision_arg_index].type == TYPE_INT))
322 arg = a.arg[dp->precision_arg_index].a.a_int;
323 precision = (arg < 0 ? 0 : arg);
327 const CHAR_T *digitp = dp->precision_start + 1;
330 while (digitp != dp->precision_end)
331 precision = xsum (xtimes (precision, 10), *digitp++ - '0');
335 switch (dp->conversion)
338 case 'd': case 'i': case 'u':
339 # ifdef HAVE_LONG_LONG
340 if (type == TYPE_LONGLONGINT || type == TYPE_ULONGLONGINT)
342 (unsigned int) (sizeof (unsigned long long) * CHAR_BIT
343 * 0.30103 /* binary -> decimal */
344 * 2 /* estimate for FLAG_GROUP */
346 + 1 /* turn floor into ceil */
347 + 1; /* account for leading sign */
350 if (type == TYPE_LONGINT || type == TYPE_ULONGINT)
352 (unsigned int) (sizeof (unsigned long) * CHAR_BIT
353 * 0.30103 /* binary -> decimal */
354 * 2 /* estimate for FLAG_GROUP */
356 + 1 /* turn floor into ceil */
357 + 1; /* account for leading sign */
360 (unsigned int) (sizeof (unsigned int) * CHAR_BIT
361 * 0.30103 /* binary -> decimal */
362 * 2 /* estimate for FLAG_GROUP */
364 + 1 /* turn floor into ceil */
365 + 1; /* account for leading sign */
369 # ifdef HAVE_LONG_LONG
370 if (type == TYPE_LONGLONGINT || type == TYPE_ULONGLONGINT)
372 (unsigned int) (sizeof (unsigned long long) * CHAR_BIT
373 * 0.333334 /* binary -> octal */
375 + 1 /* turn floor into ceil */
376 + 1; /* account for leading sign */
379 if (type == TYPE_LONGINT || type == TYPE_ULONGINT)
381 (unsigned int) (sizeof (unsigned long) * CHAR_BIT
382 * 0.333334 /* binary -> octal */
384 + 1 /* turn floor into ceil */
385 + 1; /* account for leading sign */
388 (unsigned int) (sizeof (unsigned int) * CHAR_BIT
389 * 0.333334 /* binary -> octal */
391 + 1 /* turn floor into ceil */
392 + 1; /* account for leading sign */
396 # ifdef HAVE_LONG_LONG
397 if (type == TYPE_LONGLONGINT || type == TYPE_ULONGLONGINT)
399 (unsigned int) (sizeof (unsigned long long) * CHAR_BIT
400 * 0.25 /* binary -> hexadecimal */
402 + 1 /* turn floor into ceil */
403 + 2; /* account for leading sign or alternate form */
406 if (type == TYPE_LONGINT || type == TYPE_ULONGINT)
408 (unsigned int) (sizeof (unsigned long) * CHAR_BIT
409 * 0.25 /* binary -> hexadecimal */
411 + 1 /* turn floor into ceil */
412 + 2; /* account for leading sign or alternate form */
415 (unsigned int) (sizeof (unsigned int) * CHAR_BIT
416 * 0.25 /* binary -> hexadecimal */
418 + 1 /* turn floor into ceil */
419 + 2; /* account for leading sign or alternate form */
423 # ifdef HAVE_LONG_DOUBLE
424 if (type == TYPE_LONGDOUBLE)
426 (unsigned int) (LDBL_MAX_EXP
427 * 0.30103 /* binary -> decimal */
428 * 2 /* estimate for FLAG_GROUP */
430 + 1 /* turn floor into ceil */
431 + 10; /* sign, decimal point etc. */
435 (unsigned int) (DBL_MAX_EXP
436 * 0.30103 /* binary -> decimal */
437 * 2 /* estimate for FLAG_GROUP */
439 + 1 /* turn floor into ceil */
440 + 10; /* sign, decimal point etc. */
441 tmp_length = xsum (tmp_length, precision);
444 case 'e': case 'E': case 'g': case 'G':
447 12; /* sign, decimal point, exponent etc. */
448 tmp_length = xsum (tmp_length, precision);
452 # if defined HAVE_WINT_T && !WIDE_CHAR_VERSION
453 if (type == TYPE_WIDE_CHAR)
454 tmp_length = MB_CUR_MAX;
462 if (type == TYPE_WIDE_STRING)
465 local_wcslen (a.arg[dp->arg_index].a.a_wide_string);
467 # if !WIDE_CHAR_VERSION
468 tmp_length = xtimes (tmp_length, MB_CUR_MAX);
473 tmp_length = strlen (a.arg[dp->arg_index].a.a_string);
478 (unsigned int) (sizeof (void *) * CHAR_BIT
479 * 0.25 /* binary -> hexadecimal */
481 + 1 /* turn floor into ceil */
482 + 2; /* account for leading 0x */
489 if (tmp_length < width)
492 tmp_length = xsum (tmp_length, 1); /* account for trailing NUL */
495 if (tmp_length <= sizeof (tmpbuf) / sizeof (CHAR_T))
499 size_t tmp_memsize = xtimes (tmp_length, sizeof (CHAR_T));
501 if (size_overflow_p (tmp_memsize))
502 /* Overflow, would lead to out of memory. */
504 tmp = (CHAR_T *) malloc (tmp_memsize);
511 /* Construct the format string for calling snprintf or
515 if (dp->flags & FLAG_GROUP)
517 if (dp->flags & FLAG_LEFT)
519 if (dp->flags & FLAG_SHOWSIGN)
521 if (dp->flags & FLAG_SPACE)
523 if (dp->flags & FLAG_ALT)
525 if (dp->flags & FLAG_ZERO)
527 if (dp->width_start != dp->width_end)
529 size_t n = dp->width_end - dp->width_start;
530 memcpy (p, dp->width_start, n * sizeof (CHAR_T));
533 if (dp->precision_start != dp->precision_end)
535 size_t n = dp->precision_end - dp->precision_start;
536 memcpy (p, dp->precision_start, n * sizeof (CHAR_T));
542 #ifdef HAVE_LONG_LONG
543 case TYPE_LONGLONGINT:
544 case TYPE_ULONGLONGINT:
554 case TYPE_WIDE_STRING:
558 #ifdef HAVE_LONG_DOUBLE
559 case TYPE_LONGDOUBLE:
575 /* Construct the arguments for calling snprintf or sprintf. */
577 if (dp->width_arg_index != ARG_NONE)
579 if (!(a.arg[dp->width_arg_index].type == TYPE_INT))
581 prefixes[prefix_count++] = a.arg[dp->width_arg_index].a.a_int;
583 if (dp->precision_arg_index != ARG_NONE)
585 if (!(a.arg[dp->precision_arg_index].type == TYPE_INT))
587 prefixes[prefix_count++] = a.arg[dp->precision_arg_index].a.a_int;
591 /* Prepare checking whether snprintf returns the count
593 ENSURE_ALLOCATION (xsum (length, 1));
594 result[length] = '\0';
605 maxlen = allocated - length;
609 # define SNPRINTF_BUF(arg) \
610 switch (prefix_count) \
613 retcount = SNPRINTF (result + length, maxlen, buf, \
617 retcount = SNPRINTF (result + length, maxlen, buf, \
618 prefixes[0], arg, &count); \
621 retcount = SNPRINTF (result + length, maxlen, buf, \
622 prefixes[0], prefixes[1], arg, \
629 # define SNPRINTF_BUF(arg) \
630 switch (prefix_count) \
633 count = sprintf (tmp, buf, arg); \
636 count = sprintf (tmp, buf, prefixes[0], arg); \
639 count = sprintf (tmp, buf, prefixes[0], prefixes[1],\
651 int arg = a.arg[dp->arg_index].a.a_schar;
657 unsigned int arg = a.arg[dp->arg_index].a.a_uchar;
663 int arg = a.arg[dp->arg_index].a.a_short;
669 unsigned int arg = a.arg[dp->arg_index].a.a_ushort;
675 int arg = a.arg[dp->arg_index].a.a_int;
681 unsigned int arg = a.arg[dp->arg_index].a.a_uint;
687 long int arg = a.arg[dp->arg_index].a.a_longint;
693 unsigned long int arg = a.arg[dp->arg_index].a.a_ulongint;
697 #ifdef HAVE_LONG_LONG
698 case TYPE_LONGLONGINT:
700 long long int arg = a.arg[dp->arg_index].a.a_longlongint;
704 case TYPE_ULONGLONGINT:
706 unsigned long long int arg = a.arg[dp->arg_index].a.a_ulonglongint;
713 double arg = a.arg[dp->arg_index].a.a_double;
717 #ifdef HAVE_LONG_DOUBLE
718 case TYPE_LONGDOUBLE:
720 long double arg = a.arg[dp->arg_index].a.a_longdouble;
727 int arg = a.arg[dp->arg_index].a.a_char;
734 wint_t arg = a.arg[dp->arg_index].a.a_wide_char;
741 const char *arg = a.arg[dp->arg_index].a.a_string;
746 case TYPE_WIDE_STRING:
748 const wchar_t *arg = a.arg[dp->arg_index].a.a_wide_string;
755 void *arg = a.arg[dp->arg_index].a.a_pointer;
764 /* Portability: Not all implementations of snprintf()
765 are ISO C 99 compliant. Determine the number of
766 bytes that snprintf() has produced or would have
770 /* Verify that snprintf() has NUL-terminated its
772 if (count < maxlen && result[length + count] != '\0')
774 /* Portability hack. */
775 if (retcount > count)
780 /* snprintf() doesn't understand the '%n'
784 /* Don't use the '%n' directive; instead, look
785 at the snprintf() return value. */
791 /* Look at the snprintf() return value. */
794 /* HP-UX 10.20 snprintf() is doubly deficient:
795 It doesn't understand the '%n' directive,
796 *and* it returns -1 (rather than the length
797 that would have been required) when the
798 buffer is too small. */
800 xsum (xtimes (allocated, 2), 12);
801 ENSURE_ALLOCATION (bigger_need);
810 /* Attempt to handle failure. */
813 if (!(result == resultbuf || result == NULL))
815 if (buf_malloced != NULL)
823 if (count >= tmp_length)
824 /* tmp_length was incorrectly calculated - fix the
829 /* Make room for the result. */
832 /* Need at least count bytes. But allocate
833 proportionally, to avoid looping eternally if
834 snprintf() reports a too small count. */
836 xmax (xsum (length, count), xtimes (allocated, 2));
838 ENSURE_ALLOCATION (n);
845 /* The snprintf() result did fit. */
847 /* Append the sprintf() result. */
848 memcpy (result + length, tmp, count * sizeof (CHAR_T));
860 /* Add the final NUL. */
861 ENSURE_ALLOCATION (xsum (length, 1));
862 result[length] = '\0';
864 if (result != resultbuf && length + 1 < allocated)
866 /* Shrink the allocated memory if possible. */
869 memory = (CHAR_T *) realloc (result, (length + 1) * sizeof (CHAR_T));
874 if (buf_malloced != NULL)
878 if (length > INT_MAX)
879 goto length_overflow;
883 /* We could produce such a big string, but its length doesn't fit into
884 an 'int'. POSIX says that snprintf() fails with errno = EOVERFLOW in
886 if (result != resultbuf)
892 if (!(result == resultbuf || result == NULL))
894 if (buf_malloced != NULL)