/src/Python-3.8.3/Python/mysnprintf.c
Line | Count | Source (jump to first uncovered line) |
1 | | #include "Python.h" |
2 | | |
3 | | /* snprintf() wrappers. If the platform has vsnprintf, we use it, else we |
4 | | emulate it in a half-hearted way. Even if the platform has it, we wrap |
5 | | it because platforms differ in what vsnprintf does in case the buffer |
6 | | is too small: C99 behavior is to return the number of characters that |
7 | | would have been written had the buffer not been too small, and to set |
8 | | the last byte of the buffer to \0. At least MS _vsnprintf returns a |
9 | | negative value instead, and fills the entire buffer with non-\0 data. |
10 | | |
11 | | The wrappers ensure that str[size-1] is always \0 upon return. |
12 | | |
13 | | PyOS_snprintf and PyOS_vsnprintf never write more than size bytes |
14 | | (including the trailing '\0') into str. |
15 | | |
16 | | If the platform doesn't have vsnprintf, and the buffer size needed to |
17 | | avoid truncation exceeds size by more than 512, Python aborts with a |
18 | | Py_FatalError. |
19 | | |
20 | | Return value (rv): |
21 | | |
22 | | When 0 <= rv < size, the output conversion was unexceptional, and |
23 | | rv characters were written to str (excluding a trailing \0 byte at |
24 | | str[rv]). |
25 | | |
26 | | When rv >= size, output conversion was truncated, and a buffer of |
27 | | size rv+1 would have been needed to avoid truncation. str[size-1] |
28 | | is \0 in this case. |
29 | | |
30 | | When rv < 0, "something bad happened". str[size-1] is \0 in this |
31 | | case too, but the rest of str is unreliable. It could be that |
32 | | an error in format codes was detected by libc, or on platforms |
33 | | with a non-C99 vsnprintf simply that the buffer wasn't big enough |
34 | | to avoid truncation, or on platforms without any vsnprintf that |
35 | | PyMem_Malloc couldn't obtain space for a temp buffer. |
36 | | |
37 | | CAUTION: Unlike C99, str != NULL and size > 0 are required. |
38 | | */ |
39 | | |
40 | | int |
41 | | PyOS_snprintf(char *str, size_t size, const char *format, ...) |
42 | 28 | { |
43 | 28 | int rc; |
44 | 28 | va_list va; |
45 | | |
46 | 28 | va_start(va, format); |
47 | 28 | rc = PyOS_vsnprintf(str, size, format, va); |
48 | 28 | va_end(va); |
49 | 28 | return rc; |
50 | 28 | } |
51 | | |
52 | | int |
53 | | PyOS_vsnprintf(char *str, size_t size, const char *format, va_list va) |
54 | 28 | { |
55 | 28 | int len; /* # bytes written, excluding \0 */ |
56 | 28 | #ifdef HAVE_SNPRINTF |
57 | 28 | #define _PyOS_vsnprintf_EXTRA_SPACE 1 |
58 | | #else |
59 | | #define _PyOS_vsnprintf_EXTRA_SPACE 512 |
60 | | char *buffer; |
61 | | #endif |
62 | 28 | assert(str != NULL); |
63 | 28 | assert(size > 0); |
64 | 28 | assert(format != NULL); |
65 | | /* We take a size_t as input but return an int. Sanity check |
66 | | * our input so that it won't cause an overflow in the |
67 | | * vsnprintf return value or the buffer malloc size. */ |
68 | 28 | if (size > INT_MAX - _PyOS_vsnprintf_EXTRA_SPACE) { |
69 | 0 | len = -666; |
70 | 0 | goto Done; |
71 | 0 | } |
72 | | |
73 | 28 | #ifdef HAVE_SNPRINTF |
74 | 28 | len = vsnprintf(str, size, format, va); |
75 | | #else |
76 | | /* Emulate it. */ |
77 | | buffer = PyMem_MALLOC(size + _PyOS_vsnprintf_EXTRA_SPACE); |
78 | | if (buffer == NULL) { |
79 | | len = -666; |
80 | | goto Done; |
81 | | } |
82 | | |
83 | | len = vsprintf(buffer, format, va); |
84 | | if (len < 0) |
85 | | /* ignore the error */; |
86 | | |
87 | | else if ((size_t)len >= size + _PyOS_vsnprintf_EXTRA_SPACE) |
88 | | Py_FatalError("Buffer overflow in PyOS_snprintf/PyOS_vsnprintf"); |
89 | | |
90 | | else { |
91 | | const size_t to_copy = (size_t)len < size ? |
92 | | (size_t)len : size - 1; |
93 | | assert(to_copy < size); |
94 | | memcpy(str, buffer, to_copy); |
95 | | str[to_copy] = '\0'; |
96 | | } |
97 | | PyMem_FREE(buffer); |
98 | | #endif |
99 | 28 | Done: |
100 | 28 | if (size > 0) |
101 | 28 | str[size-1] = '\0'; |
102 | 28 | return len; |
103 | 28 | #undef _PyOS_vsnprintf_EXTRA_SPACE |
104 | 28 | } |