mirror of
https://sourceware.org/git/glibc.git
synced 2024-12-22 19:00:07 +00:00
135ffda8b8
With help from Paul Eggert, Carlos O'Donell, and Roland McGrath. * stdio-common/printf-parse.h (read_int): Change return type to 'int', return -1 on INT_MAX overflow. * stdio-common/vfprintf.c (vfprintf): Validate width and precision against overflow of INT_MAX. Set errno to EOVERFLOW when 'done' overflows INT_MAX. Check for overflow of in-format-string precision values properly. Use EOVERFLOW rather than ERANGE throughout. Use SIZE_MAX not INT_MAX for integer overflow test. * stdio-common/printf-parsemb.c: If read_int signals an overflow, skip the construct in the format string but do not record anything. * stdio-common/bug22.c: Adjust to test both width/prevision INT_MAX overflow as well as total length INT_MAX overflow. Check explicitly for proper errno values.
146 lines
4.4 KiB
C
146 lines
4.4 KiB
C
/* Internal header for parsing printf format strings.
|
|
Copyright (C) 1995-1999, 2000, 2002, 2003, 2007, 2009
|
|
Free Software Foundation, Inc.
|
|
This file is part of th GNU C Library.
|
|
|
|
The GNU C Library is free software; you can redistribute it and/or
|
|
modify it under the terms of the GNU Lesser General Public
|
|
License as published by the Free Software Foundation; either
|
|
version 2.1 of the License, or (at your option) any later version.
|
|
|
|
The GNU C Library is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
Lesser General Public License for more details.
|
|
|
|
You should have received a copy of the GNU Lesser General Public
|
|
License along with the GNU C Library; if not, see
|
|
<http://www.gnu.org/licenses/>. */
|
|
|
|
#include <printf.h>
|
|
#include <stdint.h>
|
|
#include <stddef.h>
|
|
#include <string.h>
|
|
#include <wchar.h>
|
|
|
|
|
|
struct printf_spec
|
|
{
|
|
/* Information parsed from the format spec. */
|
|
struct printf_info info;
|
|
|
|
/* Pointers into the format string for the end of this format
|
|
spec and the next (or to the end of the string if no more). */
|
|
const UCHAR_T *end_of_fmt, *next_fmt;
|
|
|
|
/* Position of arguments for precision and width, or -1 if `info' has
|
|
the constant value. */
|
|
int prec_arg, width_arg;
|
|
|
|
int data_arg; /* Position of data argument. */
|
|
int data_arg_type; /* Type of first argument. */
|
|
/* Number of arguments consumed by this format specifier. */
|
|
size_t ndata_args;
|
|
/* Size of the parameter for PA_USER type. */
|
|
int size;
|
|
};
|
|
|
|
|
|
/* The various kinds off arguments that can be passed to printf. */
|
|
union printf_arg
|
|
{
|
|
wchar_t pa_wchar;
|
|
int pa_int;
|
|
long int pa_long_int;
|
|
long long int pa_long_long_int;
|
|
unsigned int pa_u_int;
|
|
unsigned long int pa_u_long_int;
|
|
unsigned long long int pa_u_long_long_int;
|
|
double pa_double;
|
|
long double pa_long_double;
|
|
const char *pa_string;
|
|
const wchar_t *pa_wstring;
|
|
void *pa_pointer;
|
|
void *pa_user;
|
|
};
|
|
|
|
|
|
#ifndef DONT_NEED_READ_INT
|
|
/* Read a simple integer from a string and update the string pointer.
|
|
It is assumed that the first character is a digit. */
|
|
static int
|
|
read_int (const UCHAR_T * *pstr)
|
|
{
|
|
int retval = **pstr - L_('0');
|
|
|
|
while (ISDIGIT (*++(*pstr)))
|
|
if (retval >= 0)
|
|
{
|
|
if (INT_MAX / 10 < retval)
|
|
retval = -1;
|
|
else
|
|
{
|
|
int digit = **pstr - L_('0');
|
|
|
|
retval *= 10;
|
|
if (INT_MAX - digit < retval)
|
|
retval = -1;
|
|
else
|
|
retval += digit;
|
|
}
|
|
}
|
|
|
|
return retval;
|
|
}
|
|
#endif
|
|
|
|
|
|
/* These are defined in reg-printf.c. */
|
|
extern printf_arginfo_size_function **__printf_arginfo_table attribute_hidden;
|
|
extern printf_function **__printf_function_table attribute_hidden;
|
|
extern printf_va_arg_function **__printf_va_arg_table attribute_hidden;
|
|
|
|
|
|
/* Find the next spec in FORMAT, or the end of the string. Returns
|
|
a pointer into FORMAT, to a '%' or a '\0'. */
|
|
__extern_always_inline const unsigned char *
|
|
__find_specmb (const unsigned char *format)
|
|
{
|
|
return (const unsigned char *) __strchrnul ((const char *) format, '%');
|
|
}
|
|
|
|
__extern_always_inline const unsigned int *
|
|
__find_specwc (const unsigned int *format)
|
|
{
|
|
return (const unsigned int *) __wcschrnul ((const wchar_t *) format, L'%');
|
|
}
|
|
|
|
|
|
/* FORMAT must point to a '%' at the beginning of a spec. Fills in *SPEC
|
|
with the parsed details. POSN is the number of arguments already
|
|
consumed. At most MAXTYPES - POSN types are filled in TYPES. Return
|
|
the number of args consumed by this spec; *MAX_REF_ARG is updated so it
|
|
remains the highest argument index used. */
|
|
extern size_t __parse_one_specmb (const unsigned char *format, size_t posn,
|
|
struct printf_spec *spec,
|
|
size_t *max_ref_arg) attribute_hidden;
|
|
|
|
extern size_t __parse_one_specwc (const unsigned int *format, size_t posn,
|
|
struct printf_spec *spec,
|
|
size_t *max_ref_arg) attribute_hidden;
|
|
|
|
|
|
|
|
/* This variable is defined in reg-modifier.c. */
|
|
struct printf_modifier_record;
|
|
extern struct printf_modifier_record **__printf_modifier_table
|
|
attribute_hidden;
|
|
|
|
/* Handle registered modifiers. */
|
|
extern int __handle_registered_modifier_mb (const unsigned char **format,
|
|
struct printf_info *info)
|
|
attribute_hidden;
|
|
extern int __handle_registered_modifier_wc (const unsigned int **format,
|
|
struct printf_info *info)
|
|
attribute_hidden;
|