101 lines
3.2 KiB
C
Vendored
101 lines
3.2 KiB
C
Vendored
/*
|
|
Copyright (c) 2021, David Anderson
|
|
All rights reserved.
|
|
|
|
Redistribution and use in source and binary forms, with
|
|
or without modification, are permitted provided that the
|
|
following conditions are met:
|
|
|
|
Redistributions of source code must retain the above
|
|
copyright notice, this list of conditions and the following
|
|
disclaimer.
|
|
|
|
Redistributions in binary form must reproduce the above
|
|
copyright notice, this list of conditions and the following
|
|
disclaimer in the documentation and/or other materials
|
|
provided with the distribution.
|
|
|
|
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
|
|
CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
|
|
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
|
OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
|
|
CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
|
NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
|
LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
|
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
|
|
OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
|
|
EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
*/
|
|
|
|
#include <config.h>
|
|
#include <stddef.h> /* NULL size_t */
|
|
#include "dwarf_safe_strcpy.h"
|
|
|
|
/* An strcpy/strncpy which ensures NUL terminated string
|
|
and never overruns the output.
|
|
inlen is strlen() size of in_s
|
|
outlen is buffer and has to have space
|
|
for the NUL in in_s to avoid truncation.
|
|
So typically outlen == (inlen+1).
|
|
|
|
If outlen is 0 it quietly returns.
|
|
If outlen is 1 it assigns a NUL byte to *out and returns.
|
|
If outlen > 0 then this function always writes
|
|
a trailing NUL byte.
|
|
|
|
ISO C 9899:1990 specifies that if outlen has extra space
|
|
that the function zeroes the extra bytes.
|
|
And if outlen is too small no NUL byte is written
|
|
to out.
|
|
|
|
This function writes only one NUL byte, the rest of
|
|
the 'out' buffer is untouched. Sometimes our callers
|
|
do not have a narrow bound to outlen, so zeroing
|
|
all the unused bytes is wasteful (hence we do not
|
|
do that here).
|
|
|
|
If an input is only partly copied due to limited
|
|
target space this may destroy the
|
|
correctness of a multi-byte-string (UTF-8).
|
|
Note that this will not harm dwarfdump as
|
|
dwarfdump 'sanitizes' all printf output
|
|
in a uri-style. So it only prints true ASCII characters
|
|
in the printable range.
|
|
|
|
PRECONDITION:
|
|
The pointer arguments are required to be non-null.
|
|
*/
|
|
void
|
|
_dwarf_safe_strcpy(char *out,
|
|
size_t outlen,
|
|
const char *in_s,
|
|
size_t inlen)
|
|
{
|
|
size_t full_inlen = inlen+1;
|
|
char *cpo = 0;
|
|
const char *cpi= 0;
|
|
const char *cpiend = 0;
|
|
|
|
if (full_inlen >= outlen) {
|
|
if (!outlen) {
|
|
return;
|
|
}
|
|
cpo = out;
|
|
cpi= in_s;
|
|
cpiend = in_s +(outlen-1);
|
|
} else {
|
|
/* If outlen is very large
|
|
strncpy is very wasteful. */
|
|
cpo = out;
|
|
cpi= in_s;
|
|
cpiend = in_s +inlen;
|
|
}
|
|
for ( ; *cpi && cpi < cpiend ; ++cpo, ++cpi) {
|
|
*cpo = *cpi;
|
|
}
|
|
*cpo = 0;
|
|
}
|