diff --git a/config.h.in b/config.h.in index 52edebe54..ef1282c04 100644 --- a/config.h.in +++ b/config.h.in @@ -1089,9 +1089,6 @@ /* Define to 1 if you want sudo to set $HOME in shell mode. */ #undef SHELL_SETS_HOME -/* The size of `long int', as computed by sizeof. */ -#undef SIZEOF_LONG_INT - /* Define to 1 to compile the sudoers plugin statically into the sudo binary. */ #undef STATIC_SUDOERS_PLUGIN @@ -1175,12 +1172,18 @@ /* Define to `unsigned int' if does not define. */ #undef ino_t +/* Define to `long long' if does not define. */ +#undef intmax_t + /* Define to `int' if does not define. */ #undef mode_t /* Define to an OS-specific initialization function or `os_init_common'. */ #undef os_init +/* Define to `long' if does not define. */ +#undef ptrdiff_t + /* Define to `size_t' if does not define. */ #undef rsize_t @@ -1208,6 +1211,9 @@ /* Define to `unsigned char' if does not define. */ #undef uint8_t +/* Define to `unsigned long long' if does not define. */ +#undef uintmax_t + /* Define to empty if the keyword `volatile' does not work. Warning: valid code using `volatile' can become incorrect without. Disable with care. */ #undef volatile diff --git a/configure b/configure index f9b9c34d8..b2dd6d877 100755 --- a/configure +++ b/configure @@ -2352,189 +2352,6 @@ $as_echo "$ac_res" >&6; } eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno } # ac_fn_c_check_member - -# ac_fn_c_compute_int LINENO EXPR VAR INCLUDES -# -------------------------------------------- -# Tries to find the compile-time value of EXPR in a program that includes -# INCLUDES, setting VAR accordingly. Returns whether the value could be -# computed -ac_fn_c_compute_int () -{ - as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - if test "$cross_compiling" = yes; then - # Depending upon the size, compute the lo and hi bounds. -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -$4 -int -main () -{ -static int test_array [1 - 2 * !(($2) >= 0)]; -test_array [0] = 0; -return test_array [0]; - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_lo=0 ac_mid=0 - while :; do - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -$4 -int -main () -{ -static int test_array [1 - 2 * !(($2) <= $ac_mid)]; -test_array [0] = 0; -return test_array [0]; - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_hi=$ac_mid; break -else - as_fn_arith $ac_mid + 1 && ac_lo=$as_val - if test $ac_lo -le $ac_mid; then - ac_lo= ac_hi= - break - fi - as_fn_arith 2 '*' $ac_mid + 1 && ac_mid=$as_val -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - done -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -$4 -int -main () -{ -static int test_array [1 - 2 * !(($2) < 0)]; -test_array [0] = 0; -return test_array [0]; - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_hi=-1 ac_mid=-1 - while :; do - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -$4 -int -main () -{ -static int test_array [1 - 2 * !(($2) >= $ac_mid)]; -test_array [0] = 0; -return test_array [0]; - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_lo=$ac_mid; break -else - as_fn_arith '(' $ac_mid ')' - 1 && ac_hi=$as_val - if test $ac_mid -le $ac_hi; then - ac_lo= ac_hi= - break - fi - as_fn_arith 2 '*' $ac_mid && ac_mid=$as_val -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - done -else - ac_lo= ac_hi= -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -# Binary search between lo and hi bounds. -while test "x$ac_lo" != "x$ac_hi"; do - as_fn_arith '(' $ac_hi - $ac_lo ')' / 2 + $ac_lo && ac_mid=$as_val - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -$4 -int -main () -{ -static int test_array [1 - 2 * !(($2) <= $ac_mid)]; -test_array [0] = 0; -return test_array [0]; - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_hi=$ac_mid -else - as_fn_arith '(' $ac_mid ')' + 1 && ac_lo=$as_val -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -done -case $ac_lo in #(( -?*) eval "$3=\$ac_lo"; ac_retval=0 ;; -'') ac_retval=1 ;; -esac - else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -$4 -static long int longval () { return $2; } -static unsigned long int ulongval () { return $2; } -#include -#include -int -main () -{ - - FILE *f = fopen ("conftest.val", "w"); - if (! f) - return 1; - if (($2) < 0) - { - long int i = longval (); - if (i != ($2)) - return 1; - fprintf (f, "%ld", i); - } - else - { - unsigned long int i = ulongval (); - if (i != ($2)) - return 1; - fprintf (f, "%lu", i); - } - /* Do not output a trailing newline, as this causes \r\n confusion - on some platforms. */ - return ferror (f) || fclose (f) != 0; - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_run "$LINENO"; then : - echo >>conftest.val; read $3 config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. @@ -17756,39 +17573,6 @@ $as_echo "#define HAVE_LONG_LONG_INT 1" >>confdefs.h if test X"$ac_cv_type_long_long_int" != X"yes"; then as_fn_error $? "\"C compiler does not appear to support the long long int type\"" "$LINENO" 5 fi -# The cast to long int works around a bug in the HP C Compiler -# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects -# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. -# This bug is HP SR number 8606223364. -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of long int" >&5 -$as_echo_n "checking size of long int... " >&6; } -if ${ac_cv_sizeof_long_int+:} false; then : - $as_echo_n "(cached) " >&6 -else - if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (long int))" "ac_cv_sizeof_long_int" "$ac_includes_default"; then : - -else - if test "$ac_cv_type_long_int" = yes; then - { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error 77 "cannot compute sizeof (long int) -See \`config.log' for more details" "$LINENO" 5; } - else - ac_cv_sizeof_long_int=0 - fi -fi - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_long_int" >&5 -$as_echo "$ac_cv_sizeof_long_int" >&6; } - - - -cat >>confdefs.h <<_ACEOF -#define SIZEOF_LONG_INT $ac_cv_sizeof_long_int -_ACEOF - - ac_fn_c_check_type "$LINENO" "id_t" "ac_cv_type_id_t" "$ac_includes_default" if test "x$ac_cv_type_id_t" = xyes; then : @@ -17844,6 +17628,39 @@ _ACEOF fi +ac_fn_c_check_type "$LINENO" "ptrdiff_t" "ac_cv_type_ptrdiff_t" "$ac_includes_default" +if test "x$ac_cv_type_ptrdiff_t" = xyes; then : + +else + +cat >>confdefs.h <<_ACEOF +#define ptrdiff_t long +_ACEOF + +fi + +ac_fn_c_check_type "$LINENO" "intmax_t" "ac_cv_type_intmax_t" "$ac_includes_default" +if test "x$ac_cv_type_intmax_t" = xyes; then : + +else + +cat >>confdefs.h <<_ACEOF +#define intmax_t long long +_ACEOF + +fi + +ac_fn_c_check_type "$LINENO" "uintmax_t" "ac_cv_type_uintmax_t" "$ac_includes_default" +if test "x$ac_cv_type_uintmax_t" = xyes; then : + +else + +cat >>confdefs.h <<_ACEOF +#define uintmax_t unsigned long long +_ACEOF + +fi + ac_fn_c_check_type "$LINENO" "uint8_t" "ac_cv_type_uint8_t" "$ac_includes_default" if test "x$ac_cv_type_uint8_t" = xyes; then : diff --git a/configure.ac b/configure.ac index 10b7a2049..6aac79dce 100644 --- a/configure.ac +++ b/configure.ac @@ -2284,12 +2284,14 @@ AC_TYPE_LONG_LONG_INT if test X"$ac_cv_type_long_long_int" != X"yes"; then AC_MSG_ERROR(["C compiler does not appear to support the long long int type"]) fi -AC_CHECK_SIZEOF([long int]) AC_CHECK_TYPE(id_t, unsigned int) AC_CHECK_TYPE(size_t, unsigned int) AC_CHECK_TYPE(ssize_t, int) AC_CHECK_TYPE(dev_t, int) AC_CHECK_TYPE(ino_t, unsigned int) +AC_CHECK_TYPE(ptrdiff_t, long) +AC_CHECK_TYPE(intmax_t, long long) +AC_CHECK_TYPE(uintmax_t, unsigned long long) AC_CHECK_TYPE(uint8_t, unsigned char) AC_CHECK_TYPE(uint32_t, unsigned int) AC_CHECK_TYPE(uint64_t, unsigned long long) diff --git a/lib/util/snprintf.c b/lib/util/snprintf.c index 4987f516b..5cda8e2b6 100644 --- a/lib/util/snprintf.c +++ b/lib/util/snprintf.c @@ -1,6 +1,7 @@ -/* - * Copyright (c) 1999-2005, 2008, 2010-2014 - * Todd C. Miller +/* $OpenBSD: vfprintf.c,v 1.67 2014/12/21 00:23:30 daniel Exp $ */ +/*- + * Copyright (c) 1999-2005, 2008, 2010-2015 + * Todd C. Miller * Copyright (c) 1990, 1993 * The Regents of the University of California. All rights reserved. * @@ -31,12 +32,11 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * From: @(#)vfprintf.c 8.1 (Berkeley) 6/4/93 + * From: @(#)vfprintf.c 8.1 (Berkeley) 6/4/93 */ /* - * v?snprintf/v?asprintf based on 4.4BSD stdio. - * NOTE: does not support floating point. + * v?snprintf/v?asprintf based on OpenBSD vfprintf.c. */ #include @@ -46,11 +46,17 @@ defined(PREFER_PORTABLE_SNPRINTF) #include +#include -#include +#include +#ifdef HAVE_NL_LANGINFO +# include +#endif +#include +#include #ifdef STDC_HEADERS -# include # include +# include #else # ifdef HAVE_STDLIB_H # include @@ -61,6 +67,7 @@ #elif defined(HAVE_INTTYPES_H) # include #endif +#include #ifdef HAVE_STRING_H # if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS) # include @@ -73,13 +80,180 @@ #if defined(HAVE_MALLOC_H) && !defined(STDC_HEADERS) # include #endif /* HAVE_MALLOC_H && !STDC_HEADERS */ -#include -#include +#include +#ifdef PRINTF_WIDE_CHAR +# include +#endif #include "sudo_compat.h" +/* Avoid printf format attacks by ignoring the %n escape. */ +#define NO_PRINTF_PERCENT_N + +union arg { + int intarg; + unsigned int uintarg; + long longarg; + unsigned long ulongarg; + long long longlongarg; + unsigned long long ulonglongarg; + ptrdiff_t ptrdiffarg; + size_t sizearg; + ssize_t ssizearg; + intmax_t intmaxarg; + uintmax_t uintmaxarg; + void *pvoidarg; + char *pchararg; + signed char *pschararg; + short *pshortarg; + int *pintarg; + long *plongarg; + long long *plonglongarg; + ptrdiff_t *pptrdiffarg; + ssize_t *pssizearg; + intmax_t *pintmaxarg; +#ifdef FLOATING_POINT + double doublearg; + long double longdoublearg; +#endif +#ifdef PRINTF_WIDE_CHAR + wint_t wintarg; + wchar_t *pwchararg; +#endif +}; + +static int __find_arguments(const char *fmt0, va_list ap, union arg **argtable, + size_t *argtablesiz); +static int __grow_type_table(unsigned char **typetable, int *tablesize); static int xxxprintf(char **, size_t, int, const char *, va_list); +#if !defined(MAP_ANON) && defined(MAP_ANONYMOUS) +# define MAP_ANON MAP_ANONYMOUS +#endif + +/* + * Allocate "size" bytes via mmap. + */ +static void * +mmap_alloc(size_t size) +{ + void *p; +#ifndef MAP_ANON + int fd; + + if ((fd = open("/dev/zero", O_RDWR)) == -1) + return NULL; + p = mmap(NULL, size, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0); + close(fd); +#else + p = mmap(NULL, size, PROT_READ | PROT_WRITE, MAP_PRIVATE|MAP_ANON, -1, 0); +#endif + if (p == MAP_FAILED) + return NULL; + return p; +} + +/* + * Unmap "size" bytes of the ptr. + */ +static void +mmap_free(void *ptr, size_t size) +{ + if (ptr != NULL) + munmap(ptr, size); +} + +#ifdef PRINTF_WIDE_CHAR +/* + * Convert a wide character string argument for the %ls format to a multibyte + * string representation. If not -1, prec specifies the maximum number of + * bytes to output, and also means that we can't assume that the wide char + * string is null-terminated. + */ +static char * +__wcsconv(wchar_t *wcsarg, int prec) +{ + mbstate_t mbs; + char buf[MB_LEN_MAX]; + wchar_t *p; + char *convbuf; + size_t clen, nbytes; + + /* Allocate space for the maximum number of bytes we could output. */ + if (prec < 0) { + memset(&mbs, 0, sizeof(mbs)); + p = wcsarg; + nbytes = wcsrtombs(NULL, (const wchar_t **)&p, 0, &mbs); + if (nbytes == (size_t)-1) { + errno = EILSEQ; + return NULL; + } + } else { + /* + * Optimisation: if the output precision is small enough, + * just allocate enough memory for the maximum instead of + * scanning the string. + */ + if (prec < 128) + nbytes = prec; + else { + nbytes = 0; + p = wcsarg; + memset(&mbs, 0, sizeof(mbs)); + for (;;) { + clen = wcrtomb(buf, *p++, &mbs); + if (clen == 0 || clen == (size_t)-1 || + nbytes + clen > (size_t)prec) + break; + nbytes += clen; + } + if (clen == (size_t)-1) { + errno = EILSEQ; + return NULL; + } + } + } + if ((convbuf = malloc(nbytes + 1)) == NULL) + return NULL; + + /* Fill the output buffer. */ + p = wcsarg; + memset(&mbs, 0, sizeof(mbs)); + if ((nbytes = wcsrtombs(convbuf, (const wchar_t **)&p, + nbytes, &mbs)) == (size_t)-1) { + free(convbuf); + errno = EILSEQ; + return NULL; + } + convbuf[nbytes] = '\0'; + return convbuf; +} +#endif + +#ifdef FLOATING_POINT +#include +#include +#include +#include "floatio.h" +#include "gdtoa.h" + +#define DEFPREC 6 + +static int exponent(char *, int, int); +#endif /* FLOATING_POINT */ + +/* + * The size of the buffer we use as scratch space for integer + * conversions, among other things. Technically, we would need the + * most space for base 10 conversions with thousands' grouping + * characters between each pair of digits. 100 bytes is a + * conservative overestimate even for a 128-bit uintmax_t. + */ +#define BUF 100 + +#define STATIC_ARG_TBL_SIZE 8 /* Size of static argument table. */ + + /* * Macros for converting digits to letters and vice versa */ @@ -90,159 +264,89 @@ static int xxxprintf(char **, size_t, int, const char *, va_list); /* * Flags used during conversion. */ -#define ALT 0x001 /* alternate form */ -#define HEXPREFIX 0x002 /* add 0x or 0X prefix */ -#define LADJUST 0x004 /* left adjustment */ -#define LONGDBL 0x008 /* long double; unimplemented */ -#define LONGINT 0x010 /* long integer */ -#define LLONGINT 0x020 /* quad integer */ -#define SHORTINT 0x040 /* short integer */ -#define ZEROPAD 0x080 /* zero (as opposed to blank) pad */ - -#define BUF 68 - -/* - * Convert an unsigned long to ASCII for printf purposes, returning - * a pointer to the first character of the string representation. - * Octal numbers can be forced to have a leading zero; hex numbers - * use the given digits. - */ -static char * -__ultoa(unsigned long val, char *endp, int base, int octzero, char *xdigs) -{ - char *cp = endp; - long sval; - - /* - * Handle the three cases separately, in the hope of getting - * better/faster code. - */ - switch (base) { - case 10: - if (val < 10) { /* many numbers are 1 digit */ - *--cp = to_char(val); - return cp; - } - /* - * On many machines, unsigned arithmetic is harder than - * signed arithmetic, so we do at most one unsigned mod and - * divide; this is sufficient to reduce the range of - * the incoming value to where signed arithmetic works. - */ - if (val > LONG_MAX) { - *--cp = to_char(val % 10); - sval = val / 10; - } else - sval = val; - do { - *--cp = to_char(sval % 10); - sval /= 10; - } while (sval != 0); - break; - - case 8: - do { - *--cp = to_char(val & 7); - val >>= 3; - } while (val); - if (octzero && *cp != '0') - *--cp = '0'; - break; - - case 16: - do { - *--cp = xdigs[val & 15]; - val >>= 4; - } while (val); - break; - - default: /* oops */ - abort(); - } - return cp; -} - -/* Identical to __ultoa, but for quads. */ -#if SIZEOF_LONG_INT == 8 -# define __ulltoa(v, e, b, o, x) __ultoa((unsigned long)(v), (e), (b), (o), (x)) -#else -static char * -__ulltoa(unsigned long long val, char *endp, int base, int octzero, char *xdigs) -{ - char *cp = endp; - long long sval; - - /* quick test for small values; __ultoa is typically much faster */ - /* (perhaps instead we should run until small, then call __ultoa?) */ - if (val <= (unsigned long long)ULONG_MAX) - return __ultoa((unsigned long)val, endp, base, octzero, xdigs); - switch (base) { - case 10: - if (val < 10) { - *--cp = to_char(val % 10); - return cp; - } - if (val > LLONG_MAX) { - *--cp = to_char(val % 10); - sval = val / 10; - } else - sval = val; - do { - *--cp = to_char(sval % 10); - sval /= 10; - } while (sval != 0); - break; - - case 8: - do { - *--cp = to_char(val & 7); - val >>= 3; - } while (val); - if (octzero && *cp != '0') - *--cp = '0'; - break; - - case 16: - do { - *--cp = xdigs[val & 15]; - val >>= 4; - } while (val); - break; - - default: /* oops */ - abort(); - } - return cp; -} -#endif /* !SIZEOF_LONG_INT */ +#define ALT 0x0001 /* alternate form */ +#define LADJUST 0x0004 /* left adjustment */ +#define LONGDBL 0x0008 /* long double */ +#define LONGINT 0x0010 /* long integer */ +#define LLONGINT 0x0020 /* long long integer */ +#define SHORTINT 0x0040 /* short integer */ +#define ZEROPAD 0x0080 /* zero (as opposed to blank) pad */ +#define FPT 0x0100 /* Floating point number */ +#define PTRINT 0x0200 /* (unsigned) ptrdiff_t */ +#define SIZEINT 0x0400 /* (signed) size_t */ +#define CHARINT 0x0800 /* 8 bit integer */ +#undef MAXINT /* Also defined by HP-UX param.h... */ +#define MAXINT 0x1000 /* largest integer size (intmax_t) */ /* * Actual printf innards. - */ + */ static int xxxprintf(char **strp, size_t strsize, int alloc, const char *fmt0, va_list ap) { char *fmt; /* format string */ int ch; /* character from fmt */ - int n; /* handy integer (short term usage) */ + int n, n2; /* handy integers (short term usage) */ char *cp; /* handy char pointer (short term usage) */ int flags; /* flags as above */ int ret; /* return value accumulator */ int width; /* width from format (%8d), or 0 */ - int prec; /* precision from format (%.3d), or -1 */ + int prec; /* precision from format; <0 for N/A */ char sign; /* sign prefix (' ', '+', '-', or \0) */ - unsigned long ulval = 0; /* integer arguments %[diouxX] */ - unsigned long long ullval = 0; /* long long arguments %ll[diouxX] */ - int base; /* base for [diouxX] conversion */ - int dprec; /* a copy of prec if [diouxX], 0 otherwise */ - int fieldsz; /* field size expanded by sign, etc */ +#ifdef FLOATING_POINT + /* + * We can decompose the printed representation of floating + * point numbers into several parts, some of which may be empty: + * + * [+|-| ] [0x|0X] MMM . NNN [e|E|p|P] [+|-] ZZ + * A B ---C--- D E F + * + * A: 'sign' holds this value if present; '\0' otherwise + * B: ox[1] holds the 'x' or 'X'; '\0' if not hexadecimal + * C: cp points to the string MMMNNN. Leading and trailing + * zeros are not in the string and must be added. + * D: expchar holds this character; '\0' if no exponent, e.g. %f + * F: at least two digits for decimal, at least one digit for hex + */ +#ifdef HAVE_NL_LANGINFO + const char *decimal_point = NULL; +#else + const char *decimal_point = "."; +#endif + int signflag; /* true if float is negative */ + union { /* floating point arguments %[aAeEfFgG] */ + double dbl; + long double ldbl; + } fparg; + int expt; /* integer value of exponent */ + char expchar; /* exponent character: [eEpP\0] */ + char *dtoaend; /* pointer to end of converted digits */ + int expsize; /* character count for expstr */ + int lead; /* sig figs before decimal or group sep */ + int ndig; /* actual number of digits returned by dtoa */ + char expstr[MAXEXPDIG+2]; /* buffer for exponent string: e+ZZZ */ + char *dtoaresult = NULL; +#endif + + uintmax_t _umax; /* integer arguments %[diouxX] */ + enum { OCT, DEC, HEX } base; /* base for %[diouxX] conversion */ + int dprec; /* a copy of prec if %[diouxX], 0 otherwise */ int realsz; /* field size expanded by dprec */ int size; /* size of converted field or string */ - char *xdigs = ""; /* digits for [xX] conversion */ - char buf[BUF]; /* space for %c, %[diouxX], %[eEfgG] */ - char ox[2]; /* space for 0x hex-prefix */ + const char *xdigs = ""; /* digits for %[xX] conversion */ +#define NIOV 8 + char buf[BUF]; /* buffer with space for digits of uintmax_t */ + char ox[2]; /* space for 0x; ox[1] is either x, X, or \0 */ char *str; /* pointer to string to fill */ char *estr; /* pointer to last char in str */ + union arg *argtable; /* args, built due to positional arg */ + union arg statargtable[STATIC_ARG_TBL_SIZE]; + size_t argtablesiz; + int nextarg; /* 1-based argument index */ + va_list orgap; /* original argument pointer */ +#ifdef PRINTF_WIDE_CHAR + char *convbuf; /* buffer for wide to multi-byte conversion */ +#endif /* * Choose PADSIZE to trade efficiency vs. size. If larger printf @@ -255,6 +359,9 @@ xxxprintf(char **strp, size_t strsize, int alloc, const char *fmt0, va_list ap) static char zeroes[PADSIZE] = {'0','0','0','0','0','0','0','0','0','0','0','0','0','0','0','0'}; + static const char xdigs_lower[16] = "0123456789abcdef"; + static const char xdigs_upper[16] = "0123456789ABCDEF"; + /* Print chars to "str", (allocate as needed if alloc is set). */ #define PRINT(ptr, len) do { \ const char *p = ptr; \ @@ -277,7 +384,7 @@ xxxprintf(char **strp, size_t strsize, int alloc, const char *fmt0, va_list ap) } \ } while (0) - /* BEWARE, PAD uses `n'. */ + /* BEWARE, PAD uses `n' and PRINTANDPAD uses `n2'. */ #define PAD(plen, pstr) do { \ if ((n = (plen)) > 0) { \ while (n > PADSIZE) { \ @@ -287,26 +394,96 @@ xxxprintf(char **strp, size_t strsize, int alloc, const char *fmt0, va_list ap) PRINT(pstr, n); \ } \ } while (0) +#define PRINTANDPAD(p, ep, len, with) do { \ + n2 = (ep) - (p); \ + if (n2 > (len)) \ + n2 = (len); \ + if (n2 > 0) \ + PRINT((p), n2); \ + PAD((len) - (n2 > 0 ? n2 : 0), (with)); \ +} while(0) /* * To extend shorts properly, we need both signed and unsigned * argument extraction methods. */ #define SARG() \ - (flags&LONGINT ? va_arg(ap, long) : \ - flags&SHORTINT ? (long)(short)va_arg(ap, int) : \ - (long)va_arg(ap, int)) + ((intmax_t)(flags&MAXINT ? GETARG(intmax_t) : \ + flags&LLONGINT ? GETARG(long long) : \ + flags&LONGINT ? GETARG(long) : \ + flags&PTRINT ? GETARG(ptrdiff_t) : \ + flags&SIZEINT ? GETARG(ssize_t) : \ + flags&SHORTINT ? (short)GETARG(int) : \ + flags&CHARINT ? (signed char)GETARG(int) : \ + GETARG(int))) #define UARG() \ - (flags&LONGINT ? va_arg(ap, unsigned long) : \ - flags&SHORTINT ? (unsigned long)(unsigned short)va_arg(ap, int) : \ - (unsigned long)va_arg(ap, unsigned int)) + ((uintmax_t)(flags&MAXINT ? GETARG(uintmax_t) : \ + flags&LLONGINT ? GETARG(unsigned long long) : \ + flags&LONGINT ? GETARG(unsigned long) : \ + flags&PTRINT ? (uintptr_t)GETARG(ptrdiff_t) : /* XXX */ \ + flags&SIZEINT ? GETARG(size_t) : \ + flags&SHORTINT ? (unsigned short)GETARG(int) : \ + flags&CHARINT ? (unsigned char)GETARG(int) : \ + GETARG(unsigned int))) + + /* + * Append a digit to a value and check for overflow. + */ +#define APPEND_DIGIT(val, dig) do { \ + if ((val) > INT_MAX / 10) \ + goto overflow; \ + (val) *= 10; \ + if ((val) > INT_MAX - to_digit((dig))) \ + goto overflow; \ + (val) += to_digit((dig)); \ +} while (0) + + /* + * Get * arguments, including the form *nn$. Preserve the nextarg + * that the argument can be gotten once the type is determined. + */ +#define GETASTER(val) \ + n2 = 0; \ + cp = fmt; \ + while (is_digit(*cp)) { \ + APPEND_DIGIT(n2, *cp); \ + cp++; \ + } \ + if (*cp == '$') { \ + int hold = nextarg; \ + if (argtable == NULL) { \ + argtable = statargtable; \ + __find_arguments(fmt0, orgap, &argtable, &argtablesiz); \ + } \ + nextarg = n2; \ + val = GETARG(int); \ + nextarg = hold; \ + fmt = ++cp; \ + } else { \ + val = GETARG(int); \ + } + +/* +* Get the argument indexed by nextarg. If the argument table is +* built, use it to get the argument. If its not, get the next +* argument (and arguments must be gotten sequentially). +*/ +#define GETARG(type) \ + ((argtable != NULL) ? *((type*)(&argtable[nextarg++])) : \ + (nextarg++, va_arg(ap, type))) fmt = (char *)fmt0; + argtable = NULL; + nextarg = 1; + va_copy(orgap, ap); ret = 0; +#ifdef PRINTF_WIDE_CHAR + convbuf = NULL; +#endif if (alloc) { strsize = 128; - *strp = str = (char *)malloc(strsize); + *strp = str = malloc(strsize); if (str == NULL) { ret = -1; goto done; @@ -327,6 +504,8 @@ xxxprintf(char **strp, size_t strsize, int alloc, const char *fmt0, va_list ap) for (cp = fmt; (ch = *fmt) != '\0' && ch != '%'; fmt++) /* void */; if ((n = fmt - cp) != 0) { + if (n > INT_MAX - ret) + goto overflow; PRINT(cp, n); ret += n; } @@ -339,6 +518,7 @@ xxxprintf(char **strp, size_t strsize, int alloc, const char *fmt0, va_list ap) width = 0; prec = -1; sign = '\0'; + ox[1] = '\0'; rflag: ch = *fmt++; reswitch: switch (ch) { @@ -354,6 +534,9 @@ reswitch: switch (ch) { case '#': flags |= ALT; goto rflag; + case '\'': + /* grouping not implemented */ + goto rflag; case '*': /* * ``A negative field width argument is taken as a @@ -361,8 +544,11 @@ reswitch: switch (ch) { * -- ANSI X3J11 * They don't exclude field widths read from args. */ - if ((width = va_arg(ap, int)) >= 0) + GETASTER(width); + if (width >= 0) goto rflag; + if (width == INT_MIN) + goto overflow; width = -width; /* FALLTHROUGH */ case '-': @@ -373,16 +559,25 @@ reswitch: switch (ch) { goto rflag; case '.': if ((ch = *fmt++) == '*') { - n = va_arg(ap, int); + GETASTER(n); prec = n < 0 ? -1 : n; goto rflag; } n = 0; while (is_digit(ch)) { - n = 10 * n + to_digit(ch); + APPEND_DIGIT(n, ch); ch = *fmt++; } - prec = n < 0 ? -1 : n; + if (ch == '$') { + nextarg = n; + if (argtable == NULL) { + argtable = statargtable; + __find_arguments(fmt0, orgap, + &argtable, &argtablesiz); + } + goto rflag; + } + prec = n; goto reswitch; case '0': /* @@ -396,13 +591,35 @@ reswitch: switch (ch) { case '5': case '6': case '7': case '8': case '9': n = 0; do { - n = 10 * n + to_digit(ch); + APPEND_DIGIT(n, ch); ch = *fmt++; } while (is_digit(ch)); + if (ch == '$') { + nextarg = n; + if (argtable == NULL) { + argtable = statargtable; + __find_arguments(fmt0, orgap, + &argtable, &argtablesiz); + } + goto rflag; + } width = n; goto reswitch; +#ifdef FLOATING_POINT + case 'L': + flags |= LONGDBL; + goto rflag; +#endif case 'h': - flags |= SHORTINT; + if (*fmt == 'h') { + fmt++; + flags |= CHARINT; + } else { + flags |= SHORTINT; + } + goto rflag; + case 'j': + flags |= MAXINT; goto rflag; case 'l': if (*fmt == 'l') { @@ -412,9 +629,37 @@ reswitch: switch (ch) { flags |= LONGINT; } goto rflag; + case 'q': + flags |= LLONGINT; + goto rflag; + case 't': + flags |= PTRINT; + goto rflag; + case 'z': + flags |= SIZEINT; + goto rflag; case 'c': - *(cp = buf) = va_arg(ap, int); - size = 1; +#ifdef PRINTF_WIDE_CHAR + if (flags & LONGINT) { + mbstate_t mbs; + size_t mbseqlen; + + memset(&mbs, 0, sizeof(mbs)); + mbseqlen = wcrtomb(buf, + (wchar_t)GETARG(wint_t), &mbs); + if (mbseqlen == (size_t)-1) { + errno = EILSEQ; + goto done; + } + cp = buf; + size = (int)mbseqlen; + } else { +#endif + *(cp = buf) = GETARG(int); + size = 1; +#ifdef PRINTF_WIDE_CHAR + } +#endif sign = '\0'; break; case 'D': @@ -422,40 +667,173 @@ reswitch: switch (ch) { /*FALLTHROUGH*/ case 'd': case 'i': - if (flags & LLONGINT) { - ullval = va_arg(ap, long long); - if ((long long)ullval < 0) { - ullval = -ullval; - sign = '-'; + _umax = SARG(); + if ((intmax_t)_umax < 0) { + _umax = -_umax; + sign = '-'; + } + base = DEC; + goto number; +#ifdef FLOATING_POINT + case 'a': + case 'A': + if (ch == 'a') { + ox[1] = 'x'; + xdigs = xdigs_lower; + expchar = 'p'; + } else { + ox[1] = 'X'; + xdigs = xdigs_upper; + expchar = 'P'; + } + if (prec >= 0) + prec++; + if (dtoaresult) + __freedtoa(dtoaresult); + if (flags & LONGDBL) { + fparg.ldbl = GETARG(long double); + dtoaresult = cp = + __hldtoa(fparg.ldbl, xdigs, prec, + &expt, &signflag, &dtoaend); + if (dtoaresult == NULL) { + errno = ENOMEM; + goto done; } } else { - ulval = SARG(); - if ((long)ulval < 0) { - ulval = -ulval; - sign = '-'; + fparg.dbl = GETARG(double); + dtoaresult = cp = + __hdtoa(fparg.dbl, xdigs, prec, + &expt, &signflag, &dtoaend); + if (dtoaresult == NULL) { + errno = ENOMEM; + goto done; } } - base = 10; - goto number; + if (prec < 0) + prec = dtoaend - cp; + if (expt == INT_MAX) + ox[1] = '\0'; + goto fp_common; + case 'e': + case 'E': + expchar = ch; + if (prec < 0) /* account for digit before decpt */ + prec = DEFPREC + 1; + else + prec++; + goto fp_begin; + case 'f': + case 'F': + expchar = '\0'; + goto fp_begin; + case 'g': + case 'G': + expchar = ch - ('g' - 'e'); + if (prec == 0) + prec = 1; +fp_begin: + if (prec < 0) + prec = DEFPREC; + if (dtoaresult) + __freedtoa(dtoaresult); + if (flags & LONGDBL) { + fparg.ldbl = GETARG(long double); + dtoaresult = cp = + __ldtoa(&fparg.ldbl, expchar ? 2 : 3, prec, + &expt, &signflag, &dtoaend); + if (dtoaresult == NULL) { + errno = ENOMEM; + goto done; + } + } else { + fparg.dbl = GETARG(double); + dtoaresult = cp = + __dtoa(fparg.dbl, expchar ? 2 : 3, prec, + &expt, &signflag, &dtoaend); + if (dtoaresult == NULL) { + errno = ENOMEM; + goto done; + } + if (expt == 9999) + expt = INT_MAX; + } +fp_common: + if (signflag) + sign = '-'; + if (expt == INT_MAX) { /* inf or nan */ + if (*cp == 'N') + cp = (ch >= 'a') ? "nan" : "NAN"; + else + cp = (ch >= 'a') ? "inf" : "INF"; + size = 3; + flags &= ~ZEROPAD; + break; + } + flags |= FPT; + ndig = dtoaend - cp; + if (ch == 'g' || ch == 'G') { + if (expt > -4 && expt <= prec) { + /* Make %[gG] smell like %[fF] */ + expchar = '\0'; + if (flags & ALT) + prec -= expt; + else + prec = ndig - expt; + if (prec < 0) + prec = 0; + } else { + /* + * Make %[gG] smell like %[eE], but + * trim trailing zeroes if no # flag. + */ + if (!(flags & ALT)) + prec = ndig; + } + } + if (expchar) { + expsize = exponent(expstr, expt - 1, expchar); + size = expsize + prec; + if (prec > 1 || flags & ALT) + ++size; + } else { + /* space for digits before decimal point */ + if (expt > 0) + size = expt; + else /* "0" */ + size = 1; + /* space for decimal pt and following digits */ + if (prec || flags & ALT) + size += prec + 1; + lead = expt; + } + break; +#endif /* FLOATING_POINT */ +#ifndef NO_PRINTF_PERCENT_N case 'n': if (flags & LLONGINT) - *va_arg(ap, long long *) = ret; + *GETARG(long long *) = ret; else if (flags & LONGINT) - *va_arg(ap, long *) = ret; + *GETARG(long *) = ret; else if (flags & SHORTINT) - *va_arg(ap, short *) = ret; + *GETARG(short *) = ret; + else if (flags & CHARINT) + *GETARG(signed char *) = ret; + else if (flags & PTRINT) + *GETARG(ptrdiff_t *) = ret; + else if (flags & SIZEINT) + *GETARG(ssize_t *) = ret; + else if (flags & MAXINT) + *GETARG(intmax_t *) = ret; else - *va_arg(ap, int *) = ret; + *GETARG(int *) = ret; continue; /* no output */ +#endif /* NO_PRINTF_PERCENT_N */ case 'O': flags |= LONGINT; /*FALLTHROUGH*/ case 'o': - if (flags & LLONGINT) - ullval = va_arg(ap, unsigned long long); - else - ulval = UARG(); - base = 8; + _umax = UARG(); + base = OCT; goto nosign; case 'p': /* @@ -465,14 +843,32 @@ reswitch: switch (ch) { * defined manner.'' * -- ANSI X3J11 */ - ulval = (unsigned long)va_arg(ap, void *); - base = 16; - xdigs = "0123456789abcdef"; - flags = (flags & ~LLONGINT) | HEXPREFIX; - ch = 'x'; + /* NOSTRICT */ + _umax = (u_long)GETARG(void *); + base = HEX; + xdigs = xdigs_lower; + ox[1] = 'x'; goto nosign; case 's': - if ((cp = va_arg(ap, char *)) == NULL) +#ifdef PRINTF_WIDE_CHAR + if (flags & LONGINT) { + wchar_t *wcp; + + if (convbuf != NULL) { + free(convbuf); + convbuf = NULL; + } + if ((wcp = GETARG(wchar_t *)) == NULL) { + cp = "(null)"; + } else { + convbuf = __wcsconv(wcp, prec); + if (convbuf == NULL) + goto done; + cp = convbuf; + } + } else +#endif /* PRINTF_WIDE_CHAR */ + if ((cp = GETARG(char *)) == NULL) cp = "(null)"; if (prec >= 0) { /* @@ -482,41 +878,33 @@ reswitch: switch (ch) { */ char *p = memchr(cp, 0, prec); - if (p != NULL) { - size = p - cp; - if (size > prec) - size = prec; - } else - size = prec; - } else - size = strlen(cp); + size = p ? (p - cp) : prec; + } else { + size_t len; + + if ((len = strlen(cp)) > INT_MAX) + goto overflow; + size = (int)len; + } sign = '\0'; break; case 'U': flags |= LONGINT; /*FALLTHROUGH*/ case 'u': - if (flags & LLONGINT) - ullval = va_arg(ap, unsigned long long); - else - ulval = UARG(); - base = 10; + _umax = UARG(); + base = DEC; goto nosign; case 'X': - xdigs = "0123456789ABCDEF"; + xdigs = xdigs_upper; goto hex; case 'x': - xdigs = "0123456789abcdef"; -hex: - if (flags & LLONGINT) - ullval = va_arg(ap, unsigned long long); - else - ulval = UARG(); - base = 16; + xdigs = xdigs_lower; +hex: _umax = UARG(); + base = HEX; /* leading 0x/X only if non-zero */ - if (flags & ALT && - (flags & LLONGINT ? ullval != 0 : ulval != 0)) - flags |= HEXPREFIX; + if (flags & ALT && _umax != 0) + ox[1] = ch; /* unsigned conversions */ nosign: sign = '\0'; @@ -534,16 +922,49 @@ number: if ((dprec = prec) >= 0) * -- ANSI X3J11 */ cp = buf + BUF; - if (flags & LLONGINT) { - if (ullval != 0 || prec != 0) - cp = __ulltoa(ullval, cp, base, - flags & ALT, xdigs); - } else { - if (ulval != 0 || prec != 0) - cp = __ultoa(ulval, cp, base, - flags & ALT, xdigs); + if (_umax != 0 || prec != 0) { + /* + * Unsigned mod is hard, and unsigned mod + * by a constant is easier than that by + * a variable; hence this switch. + */ + switch (base) { + case OCT: + do { + *--cp = to_char(_umax & 7); + _umax >>= 3; + } while (_umax); + /* handle octal leading 0 */ + if (flags & ALT && *cp != '0') + *--cp = '0'; + break; + + case DEC: + /* many numbers are 1 digit */ + while (_umax >= 10) { + *--cp = to_char(_umax % 10); + _umax /= 10; + } + *--cp = to_char(_umax); + break; + + case HEX: + do { + *--cp = xdigs[_umax & 15]; + _umax >>= 4; + } while (_umax); + break; + + default: + cp = "bug in vfprintf: bad base"; + size = strlen(cp); + goto skipsize; + } } size = buf + BUF - cp; + if (size > BUF) /* should never happen */ + abort(); + skipsize: break; default: /* "%?" prints ?, unless ? is NUL */ if (ch == '\0') @@ -563,30 +984,28 @@ number: if ((dprec = prec) >= 0) * first be prefixed by any sign or other prefix; otherwise, * it should be blank padded before the prefix is emitted. * After any left-hand padding and prefixing, emit zeroes - * required by a decimal [diouxX] precision, then print the + * required by a decimal %[diouxX] precision, then print the * string proper, then emit zeroes required by any leftover * floating precision; finally, if LADJUST, pad with blanks. * * Compute actual size, so we know how much to pad. - * fieldsz excludes decimal prec; realsz includes it. + * size excludes decimal prec; realsz includes it. */ - fieldsz = size; + realsz = dprec > size ? dprec : size; if (sign) - fieldsz++; - else if (flags & HEXPREFIX) - fieldsz += 2; - realsz = dprec > fieldsz ? dprec : fieldsz; + realsz++; + if (ox[1]) + realsz+= 2; /* right-adjusting blank padding */ if ((flags & (LADJUST|ZEROPAD)) == 0) PAD(width - realsz, blanks); /* prefix */ - if (sign) { + if (sign) PRINT(&sign, 1); - } else if (flags & HEXPREFIX) { + if (ox[1]) { /* ox[1] is either x, X, or \0 */ ox[0] = '0'; - ox[1] = ch; PRINT(ox, 2); } @@ -595,25 +1014,531 @@ number: if ((dprec = prec) >= 0) PAD(width - realsz, zeroes); /* leading zeroes from decimal precision */ - PAD(dprec - fieldsz, zeroes); + PAD(dprec - size, zeroes); /* the string or number proper */ +#ifdef FLOATING_POINT + if ((flags & FPT) == 0) { + PRINT(cp, size); + } else { /* glue together f_p fragments */ +#ifdef HAVE_NL_LANGINFO + if (decimal_point == NULL) + decimal_point = nl_langinfo(RADIXCHAR); +#endif + if (!expchar) { /* %[fF] or sufficiently short %[gG] */ + if (expt <= 0) { + PRINT(zeroes, 1); + if (prec || flags & ALT) + PRINT(decimal_point, 1); + PAD(-expt, zeroes); + /* already handled initial 0's */ + prec += expt; + } else { + PRINTANDPAD(cp, dtoaend, lead, zeroes); + cp += lead; + if (prec || flags & ALT) + PRINT(decimal_point, 1); + } + PRINTANDPAD(cp, dtoaend, prec, zeroes); + } else { /* %[eE] or sufficiently long %[gG] */ + if (prec > 1 || flags & ALT) { + buf[0] = *cp++; + buf[1] = *decimal_point; + PRINT(buf, 2); + PRINT(cp, ndig-1); + PAD(prec - ndig, zeroes); + } else { /* XeYYY */ + PRINT(cp, 1); + } + PRINT(expstr, expsize); + } + } +#else PRINT(cp, size); - +#endif /* left-adjusting padding (always blank) */ if (flags & LADJUST) PAD(width - realsz, blanks); /* finally, adjust ret */ - ret += width > realsz ? width : realsz; + if (width < realsz) + width = realsz; + if (width > INT_MAX - ret) + goto overflow; + ret += width; } done: + va_end(orgap); if (strsize) *str = '\0'; + goto finish; + +overflow: + errno = ENOMEM; + ret = -1; + +finish: +#ifdef PRINTF_WIDE_CHAR + if (convbuf) + free(convbuf); +#endif +#ifdef FLOATING_POINT + if (dtoaresult) + __freedtoa(dtoaresult); +#endif + if (argtable != NULL && argtable != statargtable) { + mmap_free(argtable, argtablesiz); + argtable = NULL; + } return ret; - /* NOTREACHED */ } +/* + * Type ids for argument type table. + */ +#define T_UNUSED 0 +#define T_SHORT 1 +#define T_U_SHORT 2 +#define TP_SHORT 3 +#define T_INT 4 +#define T_U_INT 5 +#define TP_INT 6 +#define T_LONG 7 +#define T_U_LONG 8 +#define TP_LONG 9 +#define T_LLONG 10 +#define T_U_LLONG 11 +#define TP_LLONG 12 +#define T_DOUBLE 13 +#define T_LONG_DOUBLE 14 +#define TP_CHAR 15 +#define TP_VOID 16 +#define T_PTRINT 17 +#define TP_PTRINT 18 +#define T_SIZEINT 19 +#define T_SSIZEINT 20 +#define TP_SSIZEINT 21 +#define T_MAXINT 22 +#define T_MAXUINT 23 +#define TP_MAXINT 24 +#define T_CHAR 25 +#define T_U_CHAR 26 +#define T_WINT 27 +#define TP_WCHAR 28 + +/* + * Find all arguments when a positional parameter is encountered. Returns a + * table, indexed by argument number, of pointers to each arguments. The + * initial argument table should be an array of STATIC_ARG_TBL_SIZE entries. + * It will be replaced with a mmap-ed one if it overflows (malloc cannot be + * used since we are attempting to make snprintf thread safe, and alloca is + * problematic since we have nested functions..) + */ +static int +__find_arguments(const char *fmt0, va_list ap, union arg **argtable, + size_t *argtablesiz) +{ + char *fmt; /* format string */ + int ch; /* character from fmt */ + int n, n2; /* handy integer (short term usage) */ + char *cp; /* handy char pointer (short term usage) */ + int flags; /* flags as above */ + unsigned char *typetable; /* table of types */ + unsigned char stattypetable[STATIC_ARG_TBL_SIZE]; + int tablesize; /* current size of type table */ + int tablemax; /* largest used index in table */ + int nextarg; /* 1-based argument index */ + int ret = 0; /* return value */ + + /* + * Add an argument type to the table, expanding if necessary. + */ +#define ADDTYPE(type) \ + ((nextarg >= tablesize) ? \ + __grow_type_table(&typetable, &tablesize) : 0, \ + (nextarg > tablemax) ? tablemax = nextarg : 0, \ + typetable[nextarg++] = type) + +#define ADDSARG() \ + ((flags&MAXINT) ? ADDTYPE(T_MAXINT) : \ + ((flags&PTRINT) ? ADDTYPE(T_PTRINT) : \ + ((flags&SIZEINT) ? ADDTYPE(T_SSIZEINT) : \ + ((flags&LLONGINT) ? ADDTYPE(T_LLONG) : \ + ((flags&LONGINT) ? ADDTYPE(T_LONG) : \ + ((flags&SHORTINT) ? ADDTYPE(T_SHORT) : \ + ((flags&CHARINT) ? ADDTYPE(T_CHAR) : ADDTYPE(T_INT)))))))) + +#define ADDUARG() \ + ((flags&MAXINT) ? ADDTYPE(T_MAXUINT) : \ + ((flags&PTRINT) ? ADDTYPE(T_PTRINT) : \ + ((flags&SIZEINT) ? ADDTYPE(T_SIZEINT) : \ + ((flags&LLONGINT) ? ADDTYPE(T_U_LLONG) : \ + ((flags&LONGINT) ? ADDTYPE(T_U_LONG) : \ + ((flags&SHORTINT) ? ADDTYPE(T_U_SHORT) : \ + ((flags&CHARINT) ? ADDTYPE(T_U_CHAR) : ADDTYPE(T_U_INT)))))))) + + /* + * Add * arguments to the type array. + */ +#define ADDASTER() \ + n2 = 0; \ + cp = fmt; \ + while (is_digit(*cp)) { \ + APPEND_DIGIT(n2, *cp); \ + cp++; \ + } \ + if (*cp == '$') { \ + int hold = nextarg; \ + nextarg = n2; \ + ADDTYPE(T_INT); \ + nextarg = hold; \ + fmt = ++cp; \ + } else { \ + ADDTYPE(T_INT); \ + } + fmt = (char *)fmt0; + typetable = stattypetable; + tablesize = STATIC_ARG_TBL_SIZE; + tablemax = 0; + nextarg = 1; + memset(typetable, T_UNUSED, STATIC_ARG_TBL_SIZE); + + /* + * Scan the format for conversions (`%' character). + */ + for (;;) { + for (cp = fmt; (ch = *fmt) != '\0' && ch != '%'; fmt++) + /* void */; + fmt++; /* skip over '%' */ + + flags = 0; + +rflag: ch = *fmt++; +reswitch: switch (ch) { + case ' ': + case '#': + case '\'': + goto rflag; + case '*': + ADDASTER(); + goto rflag; + case '-': + case '+': + goto rflag; + case '.': + if ((ch = *fmt++) == '*') { + ADDASTER(); + goto rflag; + } + while (is_digit(ch)) { + ch = *fmt++; + } + goto reswitch; + case '0': + goto rflag; + case '1': case '2': case '3': case '4': + case '5': case '6': case '7': case '8': case '9': + n = 0; + do { + APPEND_DIGIT(n ,ch); + ch = *fmt++; + } while (is_digit(ch)); + if (ch == '$') { + nextarg = n; + goto rflag; + } + goto reswitch; +#ifdef FLOATING_POINT + case 'L': + flags |= LONGDBL; + goto rflag; +#endif + case 'h': + if (*fmt == 'h') { + fmt++; + flags |= CHARINT; + } else { + flags |= SHORTINT; + } + goto rflag; + case 'j': + flags |= MAXINT; + goto rflag; + case 'l': + if (*fmt == 'l') { + fmt++; + flags |= LLONGINT; + } else { + flags |= LONGINT; + } + goto rflag; + case 'q': + flags |= LLONGINT; + goto rflag; + case 't': + flags |= PTRINT; + goto rflag; + case 'z': + flags |= SIZEINT; + goto rflag; + case 'c': +#ifdef PRINTF_WIDE_CHAR + if (flags & LONGINT) + ADDTYPE(T_WINT); + else +#endif + ADDTYPE(T_INT); + break; + case 'D': + flags |= LONGINT; + /*FALLTHROUGH*/ + case 'd': + case 'i': + ADDSARG(); + break; +#ifdef FLOATING_POINT + case 'a': + case 'A': + case 'e': + case 'E': + case 'f': + case 'F': + case 'g': + case 'G': + if (flags & LONGDBL) + ADDTYPE(T_LONG_DOUBLE); + else + ADDTYPE(T_DOUBLE); + break; +#endif /* FLOATING_POINT */ +#ifndef NO_PRINTF_PERCENT_N + case 'n': + if (flags & LLONGINT) + ADDTYPE(TP_LLONG); + else if (flags & LONGINT) + ADDTYPE(TP_LONG); + else if (flags & SHORTINT) + ADDTYPE(TP_SHORT); + else if (flags & PTRINT) + ADDTYPE(TP_PTRINT); + else if (flags & SIZEINT) + ADDTYPE(TP_SSIZEINT); + else if (flags & MAXINT) + ADDTYPE(TP_MAXINT); + else + ADDTYPE(TP_INT); + continue; /* no output */ +#endif /* NO_PRINTF_PERCENT_N */ + case 'O': + flags |= LONGINT; + /*FALLTHROUGH*/ + case 'o': + ADDUARG(); + break; + case 'p': + ADDTYPE(TP_VOID); + break; + case 's': +#ifdef PRINTF_WIDE_CHAR + if (flags & LONGINT) + ADDTYPE(TP_WCHAR); + else +#endif + ADDTYPE(TP_CHAR); + break; + case 'U': + flags |= LONGINT; + /*FALLTHROUGH*/ + case 'u': + case 'X': + case 'x': + ADDUARG(); + break; + default: /* "%?" prints ?, unless ? is NUL */ + if (ch == '\0') + goto done; + break; + } + } +done: + /* + * Build the argument table. + */ + if (tablemax >= STATIC_ARG_TBL_SIZE) { + *argtablesiz = sizeof(union arg) * (tablemax + 1); + *argtable = mmap_alloc(*argtablesiz); + if (*argtable == NULL) + return -1; + } + + for (n = 1; n <= tablemax; n++) { + switch (typetable[n]) { + case T_UNUSED: + case T_CHAR: + case T_U_CHAR: + case T_SHORT: + case T_U_SHORT: + case T_INT: + (*argtable)[n].intarg = va_arg(ap, int); + break; + case TP_SHORT: + (*argtable)[n].pshortarg = va_arg(ap, short *); + break; + case T_U_INT: + (*argtable)[n].uintarg = va_arg(ap, unsigned int); + break; + case TP_INT: + (*argtable)[n].pintarg = va_arg(ap, int *); + break; + case T_LONG: + (*argtable)[n].longarg = va_arg(ap, long); + break; + case T_U_LONG: + (*argtable)[n].ulongarg = va_arg(ap, unsigned long); + break; + case TP_LONG: + (*argtable)[n].plongarg = va_arg(ap, long *); + break; + case T_LLONG: + (*argtable)[n].longlongarg = va_arg(ap, long long); + break; + case T_U_LLONG: + (*argtable)[n].ulonglongarg = va_arg(ap, unsigned long long); + break; + case TP_LLONG: + (*argtable)[n].plonglongarg = va_arg(ap, long long *); + break; +#ifdef FLOATING_POINT + case T_DOUBLE: + (*argtable)[n].doublearg = va_arg(ap, double); + break; + case T_LONG_DOUBLE: + (*argtable)[n].longdoublearg = va_arg(ap, long double); + break; +#endif + case TP_CHAR: + (*argtable)[n].pchararg = va_arg(ap, char *); + break; + case TP_VOID: + (*argtable)[n].pvoidarg = va_arg(ap, void *); + break; + case T_PTRINT: + (*argtable)[n].ptrdiffarg = va_arg(ap, ptrdiff_t); + break; + case TP_PTRINT: + (*argtable)[n].pptrdiffarg = va_arg(ap, ptrdiff_t *); + break; + case T_SIZEINT: + (*argtable)[n].sizearg = va_arg(ap, size_t); + break; + case T_SSIZEINT: + (*argtable)[n].ssizearg = va_arg(ap, ssize_t); + break; + case TP_SSIZEINT: + (*argtable)[n].pssizearg = va_arg(ap, ssize_t *); + break; + case T_MAXINT: + (*argtable)[n].intmaxarg = va_arg(ap, intmax_t); + break; + case T_MAXUINT: + (*argtable)[n].uintmaxarg = va_arg(ap, uintmax_t); + break; + case TP_MAXINT: + (*argtable)[n].pintmaxarg = va_arg(ap, intmax_t *); + break; +#ifdef PRINTF_WIDE_CHAR + case T_WINT: + (*argtable)[n].wintarg = va_arg(ap, wint_t); + break; + case TP_WCHAR: + (*argtable)[n].pwchararg = va_arg(ap, wchar_t *); + break; +#endif + } + } + goto finish; + +overflow: + errno = ENOMEM; + ret = -1; + +finish: + if (typetable != NULL && typetable != stattypetable) { + mmap_free(typetable, *argtablesiz); + typetable = NULL; + } + return ret; +} + +/* + * Increase the size of the type table. + */ +static int +__grow_type_table(unsigned char **typetable, int *tablesize) +{ + unsigned char *oldtable = *typetable; + int newsize = *tablesize * 2; + + if (newsize < sysconf(_SC_PAGESIZE)) + newsize = sysconf(_SC_PAGESIZE); + + if (*tablesize == STATIC_ARG_TBL_SIZE) { + *typetable = mmap_alloc(newsize); + if (*typetable == NULL) + return -1; + memcpy(*typetable, oldtable, *tablesize); + } else { + unsigned char *new = mmap_alloc(newsize); + if (new == NULL) + return -1; + memmove(new, *typetable, *tablesize); + mmap_free(*typetable, *tablesize); + *typetable = new; + } + memset(*typetable + *tablesize, T_UNUSED, (newsize - *tablesize)); + + *tablesize = newsize; + return 0; +} + + +#ifdef FLOATING_POINT +static int +exponent(char *p0, int exp, int fmtch) +{ + char *p, *t; + char expbuf[MAXEXPDIG]; + + p = p0; + *p++ = fmtch; + if (exp < 0) { + exp = -exp; + *p++ = '-'; + } else + *p++ = '+'; + t = expbuf + MAXEXPDIG; + if (exp > 9) { + do { + *--t = to_char(exp % 10); + } while ((exp /= 10) > 9); + *--t = to_char(exp); + for (; t < expbuf + MAXEXPDIG; *p++ = *t++) + /* nothing */; + } else { + /* + * Exponents for decimal floating point conversions + * (%[eEgG]) must be at least two characters long, + * whereas exponents for hexadecimal conversions can + * be only one character long. + */ + if (fmtch == 'e' || fmtch == 'E') + *p++ = '0'; + *p++ = to_char(exp); + } + return p - p0; +} +#endif /* FLOATING_POINT */ + #if !defined(HAVE_VSNPRINTF) || defined(PREFER_PORTABLE_SNPRINTF) int sudo_vsnprintf(char *str, size_t n, const char *fmt, va_list ap)