From 3a93dcc5923619cd4e4ba1e6b8eb31b8963ca84e Mon Sep 17 00:00:00 2001 From: Tomas Winkler Date: Mon, 28 Jan 2019 11:08:32 +0200 Subject: [PATCH 1/3] safestringlib: unify line breaks in files Some files were CRLF formatted and some LF. This create issues when checking out files with older versions of git. Unify the formatting via dos2unix utility. Signed-off-by: Tomas Winkler --- include/safe_types.h | 136 ++-- safeclib/memcpy16_s.c | 302 ++++---- safeclib/memcpy32_s.c | 300 ++++---- safeclib/memcpy_s.c | 326 ++++----- safeclib/memmove16_s.c | 302 ++++---- safeclib/memmove32_s.c | 300 ++++---- safeclib/memmove_s.c | 298 ++++---- safeclib/safe_str_constraint.c | 292 ++++---- safeclib/strcat_s.c | 464 ++++++------ safeclib/strncat_s.c | 530 +++++++------- safeclib/strncpy_s.c | 476 ++++++------- safeclib/strtok_s.c | 650 ++++++++--------- safeclib/wcscat_s.c | 452 ++++++------ safeclib/wcsncat_s.c | 538 +++++++------- safeclib/wmemcpy_s.c | 316 ++++----- safeclib/wmemmove_s.c | 300 ++++---- unittests/test_stpncpy_s.c | 1220 ++++++++++++++++---------------- unittests/test_strcasestr_s.c | 868 +++++++++++------------ unittests/test_wcpcpy_s.c | 1032 +++++++++++++-------------- 19 files changed, 4551 insertions(+), 4551 deletions(-) diff --git a/include/safe_types.h b/include/safe_types.h index c168a49..dba7474 100644 --- a/include/safe_types.h +++ b/include/safe_types.h @@ -1,68 +1,68 @@ -/*------------------------------------------------------------------ - * safe_types.h - C99 std types & defs or Linux kernel equivalents - * - * March 2007, Bo Berry - * Modified 2012, Jonathan Toppins - * - * Copyright (c) 2007-2013 by Cisco Systems, Inc - * All rights reserved. - * - * Permission is hereby granted, free of charge, to any person - * obtaining a copy of this software and associated documentation - * files (the "Software"), to deal in the Software without - * restriction, including without limitation the rights to use, - * copy, modify, merge, publish, distribute, sublicense, and/or - * sell copies of the Software, and to permit persons to whom the - * Software is furnished to do so, subject to the following - * conditions: - * - * The above copyright notice and this permission notice shall be - * included in all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES - * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND - * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT - * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, - * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING - * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR - * OTHER DEALINGS IN THE SOFTWARE. - *------------------------------------------------------------------ - */ - -#ifndef __SAFE_TYPES_H__ -#define __SAFE_TYPES_H__ - -#ifdef __KERNEL__ -/* linux kernel environment */ - -#include -#include -#include - -/* errno_t isn't defined in the kernel */ -typedef int errno_t; - -#else - -#include - -/* For systems without sys/types.h, prefer to get size_t from stdlib.h */ -/* some armcc environments don't have a sys/types.h in the environment */ -#ifdef _USE_STDLIB -#include -#include -#else -#include -#endif - -#include -#include -#include - -typedef int errno_t; - -#include - -#endif /* __KERNEL__ */ -#endif /* __SAFE_TYPES_H__ */ +/*------------------------------------------------------------------ + * safe_types.h - C99 std types & defs or Linux kernel equivalents + * + * March 2007, Bo Berry + * Modified 2012, Jonathan Toppins + * + * Copyright (c) 2007-2013 by Cisco Systems, Inc + * All rights reserved. + * + * Permission is hereby granted, free of charge, to any person + * obtaining a copy of this software and associated documentation + * files (the "Software"), to deal in the Software without + * restriction, including without limitation the rights to use, + * copy, modify, merge, publish, distribute, sublicense, and/or + * sell copies of the Software, and to permit persons to whom the + * Software is furnished to do so, subject to the following + * conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES + * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT + * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, + * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING + * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR + * OTHER DEALINGS IN THE SOFTWARE. + *------------------------------------------------------------------ + */ + +#ifndef __SAFE_TYPES_H__ +#define __SAFE_TYPES_H__ + +#ifdef __KERNEL__ +/* linux kernel environment */ + +#include +#include +#include + +/* errno_t isn't defined in the kernel */ +typedef int errno_t; + +#else + +#include + +/* For systems without sys/types.h, prefer to get size_t from stdlib.h */ +/* some armcc environments don't have a sys/types.h in the environment */ +#ifdef _USE_STDLIB +#include +#include +#else +#include +#endif + +#include +#include +#include + +typedef int errno_t; + +#include + +#endif /* __KERNEL__ */ +#endif /* __SAFE_TYPES_H__ */ diff --git a/safeclib/memcpy16_s.c b/safeclib/memcpy16_s.c index a8c31ca..aed0a2e 100644 --- a/safeclib/memcpy16_s.c +++ b/safeclib/memcpy16_s.c @@ -1,151 +1,151 @@ -/*------------------------------------------------------------------ - * memcpy16_s - * - * October 2008, Bo Berry - * - * Copyright (c) 2008-2011 Cisco Systems - * All rights reserved. - * - * Permission is hereby granted, free of charge, to any person - * obtaining a copy of this software and associated documentation - * files (the "Software"), to deal in the Software without - * restriction, including without limitation the rights to use, - * copy, modify, merge, publish, distribute, sublicense, and/or - * sell copies of the Software, and to permit persons to whom the - * Software is furnished to do so, subject to the following - * conditions: - * - * The above copyright notice and this permission notice shall be - * included in all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES - * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND - * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT - * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, - * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING - * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR - * OTHER DEALINGS IN THE SOFTWARE. - *------------------------------------------------------------------ - */ - -#include "safeclib_private.h" -#include "safe_mem_constraint.h" -#include "mem_primitives_lib.h" -#include "safe_mem_lib.h" - - -/** - * NAME - * memcpy16_s - * - * SYNOPSIS - * #include "safe_mem_lib.h" - * errno_t - * memcpy16_s(uint16_t *dest, rsize_t dmax, - * const uint16_t *src, rsize_t smax) - * - * DESCRIPTION - * This function copies at most smax uint16_ts from src to dest, up to - * dmax. - * - * EXTENSION TO - * ISO/IEC JTC1 SC22 WG14 N1172, Programming languages, environments - * and system software interfaces, Extensions to the C Library, - * Part I: Bounds-checking interfaces - * - * INPUT PARAMETERS - * dest pointer to memory that will be replaced by src. - * - * dmax maximum length of the resulting dest - * - * src pointer to the memory that will be copied to dest - * - * smax maximum number uint16_t of src to copy - * - * - * OUTPUT PARAMETERS - * dest is updated - * - * RUNTIME CONSTRAINTS - * Neither dest nor src shall be a null pointer. - * Neither dmax nor smax shall be 0. - * dmax shall not be greater than RSIZE_MAX_MEM16. - * smax shall not be greater than dmax. - * Copying shall not take place between objects that overlap. - * If there is a runtime-constraint violation, the memcpy_s function stores - * zeros in the first dmax bytes of the object pointed to by dest - * if dest is not a null pointer and smax is valid. - * - * RETURN VALUE - * EOK successful operation - * ESNULLP NULL pointer - * ESZEROL zero length - * ESLEMAX length exceeds max limit - * ESOVRLP source memory overlaps destination - * - * ALSO SEE - * memcpy_s(), memcpy32_s(), memmove_s(), memmove16_s(), memmove32_s() - * - */ -errno_t -memcpy16_s (uint16_t *dest, rsize_t dmax, const uint16_t *src, rsize_t smax) -{ - if (dest == NULL) { - invoke_safe_mem_constraint_handler("memcpy16_s: dest is NULL", - NULL, ESNULLP); - return (RCNEGATE(ESNULLP)); - } - - if (dmax == 0) { - invoke_safe_mem_constraint_handler("memcpy16_s: dmax is 0", - NULL, ESZEROL); - return (RCNEGATE(ESZEROL)); - } - - if (dmax > RSIZE_MAX_MEM16) { - invoke_safe_mem_constraint_handler("memcpy16_s: dmax exceeds max", - NULL, ESLEMAX); - return (RCNEGATE(ESLEMAX)); - } - - if (smax == 0) { - mem_prim_set16(dest, dmax, 0); - invoke_safe_mem_constraint_handler("memcpy16_s: smax is 0", - NULL, ESZEROL); - return (RCNEGATE(ESZEROL)); - } - - if (smax > dmax) { - mem_prim_set16(dest, dmax, 0); - invoke_safe_mem_constraint_handler("memcpy16_s: smax exceeds dmax", - NULL, ESLEMAX); - return (RCNEGATE(ESLEMAX)); - } - - if (src == NULL) { - mem_prim_set16(dest, dmax, 0); - invoke_safe_mem_constraint_handler("memcpy16_s: src is NULL", - NULL, ESNULLP); - return (RCNEGATE(ESNULLP)); - } - - /* - * overlap is undefined behavior, do not allow - */ - if( ((dest > src) && (dest < (src+smax))) || - ((src > dest) && (src < (dest+dmax))) ) { - mem_prim_set16(dest, dmax, 0); - invoke_safe_mem_constraint_handler("memcpy16_s: overlap undefined", - NULL, ESOVRLP); - return (RCNEGATE(ESOVRLP)); - } - - /* - * now perform the copy - */ - mem_prim_move16(dest, src, smax); - - return (RCNEGATE(EOK)); -} -EXPORT_SYMBOL(memcpy16_s) +/*------------------------------------------------------------------ + * memcpy16_s + * + * October 2008, Bo Berry + * + * Copyright (c) 2008-2011 Cisco Systems + * All rights reserved. + * + * Permission is hereby granted, free of charge, to any person + * obtaining a copy of this software and associated documentation + * files (the "Software"), to deal in the Software without + * restriction, including without limitation the rights to use, + * copy, modify, merge, publish, distribute, sublicense, and/or + * sell copies of the Software, and to permit persons to whom the + * Software is furnished to do so, subject to the following + * conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES + * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT + * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, + * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING + * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR + * OTHER DEALINGS IN THE SOFTWARE. + *------------------------------------------------------------------ + */ + +#include "safeclib_private.h" +#include "safe_mem_constraint.h" +#include "mem_primitives_lib.h" +#include "safe_mem_lib.h" + + +/** + * NAME + * memcpy16_s + * + * SYNOPSIS + * #include "safe_mem_lib.h" + * errno_t + * memcpy16_s(uint16_t *dest, rsize_t dmax, + * const uint16_t *src, rsize_t smax) + * + * DESCRIPTION + * This function copies at most smax uint16_ts from src to dest, up to + * dmax. + * + * EXTENSION TO + * ISO/IEC JTC1 SC22 WG14 N1172, Programming languages, environments + * and system software interfaces, Extensions to the C Library, + * Part I: Bounds-checking interfaces + * + * INPUT PARAMETERS + * dest pointer to memory that will be replaced by src. + * + * dmax maximum length of the resulting dest + * + * src pointer to the memory that will be copied to dest + * + * smax maximum number uint16_t of src to copy + * + * + * OUTPUT PARAMETERS + * dest is updated + * + * RUNTIME CONSTRAINTS + * Neither dest nor src shall be a null pointer. + * Neither dmax nor smax shall be 0. + * dmax shall not be greater than RSIZE_MAX_MEM16. + * smax shall not be greater than dmax. + * Copying shall not take place between objects that overlap. + * If there is a runtime-constraint violation, the memcpy_s function stores + * zeros in the first dmax bytes of the object pointed to by dest + * if dest is not a null pointer and smax is valid. + * + * RETURN VALUE + * EOK successful operation + * ESNULLP NULL pointer + * ESZEROL zero length + * ESLEMAX length exceeds max limit + * ESOVRLP source memory overlaps destination + * + * ALSO SEE + * memcpy_s(), memcpy32_s(), memmove_s(), memmove16_s(), memmove32_s() + * + */ +errno_t +memcpy16_s (uint16_t *dest, rsize_t dmax, const uint16_t *src, rsize_t smax) +{ + if (dest == NULL) { + invoke_safe_mem_constraint_handler("memcpy16_s: dest is NULL", + NULL, ESNULLP); + return (RCNEGATE(ESNULLP)); + } + + if (dmax == 0) { + invoke_safe_mem_constraint_handler("memcpy16_s: dmax is 0", + NULL, ESZEROL); + return (RCNEGATE(ESZEROL)); + } + + if (dmax > RSIZE_MAX_MEM16) { + invoke_safe_mem_constraint_handler("memcpy16_s: dmax exceeds max", + NULL, ESLEMAX); + return (RCNEGATE(ESLEMAX)); + } + + if (smax == 0) { + mem_prim_set16(dest, dmax, 0); + invoke_safe_mem_constraint_handler("memcpy16_s: smax is 0", + NULL, ESZEROL); + return (RCNEGATE(ESZEROL)); + } + + if (smax > dmax) { + mem_prim_set16(dest, dmax, 0); + invoke_safe_mem_constraint_handler("memcpy16_s: smax exceeds dmax", + NULL, ESLEMAX); + return (RCNEGATE(ESLEMAX)); + } + + if (src == NULL) { + mem_prim_set16(dest, dmax, 0); + invoke_safe_mem_constraint_handler("memcpy16_s: src is NULL", + NULL, ESNULLP); + return (RCNEGATE(ESNULLP)); + } + + /* + * overlap is undefined behavior, do not allow + */ + if( ((dest > src) && (dest < (src+smax))) || + ((src > dest) && (src < (dest+dmax))) ) { + mem_prim_set16(dest, dmax, 0); + invoke_safe_mem_constraint_handler("memcpy16_s: overlap undefined", + NULL, ESOVRLP); + return (RCNEGATE(ESOVRLP)); + } + + /* + * now perform the copy + */ + mem_prim_move16(dest, src, smax); + + return (RCNEGATE(EOK)); +} +EXPORT_SYMBOL(memcpy16_s) diff --git a/safeclib/memcpy32_s.c b/safeclib/memcpy32_s.c index ce3d380..3ad1d9a 100644 --- a/safeclib/memcpy32_s.c +++ b/safeclib/memcpy32_s.c @@ -1,150 +1,150 @@ -/*------------------------------------------------------------------ - * memcpy32_s - * - * October 2008, Bo Berry - * - * Copyright (c) 2008-2011 Cisco Systems - * All rights reserved. - * - * Permission is hereby granted, free of charge, to any person - * obtaining a copy of this software and associated documentation - * files (the "Software"), to deal in the Software without - * restriction, including without limitation the rights to use, - * copy, modify, merge, publish, distribute, sublicense, and/or - * sell copies of the Software, and to permit persons to whom the - * Software is furnished to do so, subject to the following - * conditions: - * - * The above copyright notice and this permission notice shall be - * included in all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES - * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND - * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT - * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, - * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING - * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR - * OTHER DEALINGS IN THE SOFTWARE. - *------------------------------------------------------------------ - */ - -#include "safeclib_private.h" -#include "safe_mem_constraint.h" -#include "mem_primitives_lib.h" -#include "safe_mem_lib.h" - - -/** - * NAME - * memcpy32_s - * - * SYNOPSIS - * #include "safe_mem_lib.h" - * errno_t - * memcpy32_s(uint32_t *dest, rsize_t dmax, - * const uint32_t *src, rsize_t smax) - * - * DESCRIPTION - * This function copies at most smax uint32_ts from src to dest, up to - * dmax. - * - * EXTENSION TO - * ISO/IEC JTC1 SC22 WG14 N1172, Programming languages, environments - * and system software interfaces, Extensions to the C Library, - * Part I: Bounds-checking interfaces - * - * INPUT PARAMETERS - * dest pointer to memory that will be replaced by src. - * - * dmax maximum length of the resulting dest - * - * src pointer to the memory that will be copied to dest - * - * smax maximum number uint32_t of src to copy - * - * OUTPUT PARAMETERS - * dest is updated - * - * RUNTIME CONSTRAINTS - * Neither dest nor src shall be a null pointer. - * Neither dmax nor smax shall be 0. - * dmax shall not be greater than RSIZE_MAX_MEM32. - * smax shall not be greater than dmax. - * Copying shall not take place between objects that overlap. - * If there is a runtime-constraint violation, the memcpy_s function stores - * zeros in the first dmax bytes of the object pointed to by dest - * if dest is not a null pointer and smax is valid. - * - * RETURN VALUE - * EOK operation sucessful - * ESNULLP NULL pointer - * ESZEROL length was zero - * ESLEMAX length exceeds max - * ESOVRLP source memory overlaps destination - * - * ALSO SEE - * memcpy_s(), memcpy16_s(), memmove_s(), memmove16_s(), memmove32_s() - * - */ -errno_t -memcpy32_s (uint32_t *dest, rsize_t dmax, const uint32_t *src, rsize_t smax) -{ - if (dest == NULL) { - invoke_safe_mem_constraint_handler("memcpy32_s: dest is NULL", - NULL, ESNULLP); - return (RCNEGATE(ESNULLP)); - } - - if (dmax == 0) { - invoke_safe_mem_constraint_handler("memcpy32_s: dmax is 0", - NULL, ESZEROL); - return (RCNEGATE(ESZEROL)); - } - - if (dmax > RSIZE_MAX_MEM32) { - invoke_safe_mem_constraint_handler("memcpy32_s: dmax exceeds max", - NULL, ESLEMAX); - return (RCNEGATE(ESLEMAX)); - } - - if (smax == 0) { - mem_prim_set32(dest, dmax, 0); - invoke_safe_mem_constraint_handler("memcpy32_s: smax is 0", - NULL, ESZEROL); - return (RCNEGATE(ESZEROL)); - } - - if (smax > dmax) { - mem_prim_set32(dest, dmax, 0); - invoke_safe_mem_constraint_handler("memcpy32_s: smax exceeds dmax", - NULL, ESLEMAX); - return (RCNEGATE(ESLEMAX)); - } - - if (src == NULL) { - mem_prim_set32(dest, dmax, 0); - invoke_safe_mem_constraint_handler("memcpy32_s: src is NULL", - NULL, ESNULLP); - return (RCNEGATE(ESNULLP)); - } - - /* - * overlap is undefined behavior, do not allow - */ - if( ((dest > src) && (dest < (src+smax))) || - ((src > dest) && (src < (dest+dmax))) ) { - mem_prim_set32(dest, dmax, 0); - invoke_safe_mem_constraint_handler("memcpy32_s: overlap undefined", - NULL, ESOVRLP); - return (RCNEGATE(ESOVRLP)); - } - - /* - * now perform the copy - */ - mem_prim_move32(dest, src, smax); - - return (RCNEGATE(EOK)); -} -EXPORT_SYMBOL(memcpy32_s) +/*------------------------------------------------------------------ + * memcpy32_s + * + * October 2008, Bo Berry + * + * Copyright (c) 2008-2011 Cisco Systems + * All rights reserved. + * + * Permission is hereby granted, free of charge, to any person + * obtaining a copy of this software and associated documentation + * files (the "Software"), to deal in the Software without + * restriction, including without limitation the rights to use, + * copy, modify, merge, publish, distribute, sublicense, and/or + * sell copies of the Software, and to permit persons to whom the + * Software is furnished to do so, subject to the following + * conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES + * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT + * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, + * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING + * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR + * OTHER DEALINGS IN THE SOFTWARE. + *------------------------------------------------------------------ + */ + +#include "safeclib_private.h" +#include "safe_mem_constraint.h" +#include "mem_primitives_lib.h" +#include "safe_mem_lib.h" + + +/** + * NAME + * memcpy32_s + * + * SYNOPSIS + * #include "safe_mem_lib.h" + * errno_t + * memcpy32_s(uint32_t *dest, rsize_t dmax, + * const uint32_t *src, rsize_t smax) + * + * DESCRIPTION + * This function copies at most smax uint32_ts from src to dest, up to + * dmax. + * + * EXTENSION TO + * ISO/IEC JTC1 SC22 WG14 N1172, Programming languages, environments + * and system software interfaces, Extensions to the C Library, + * Part I: Bounds-checking interfaces + * + * INPUT PARAMETERS + * dest pointer to memory that will be replaced by src. + * + * dmax maximum length of the resulting dest + * + * src pointer to the memory that will be copied to dest + * + * smax maximum number uint32_t of src to copy + * + * OUTPUT PARAMETERS + * dest is updated + * + * RUNTIME CONSTRAINTS + * Neither dest nor src shall be a null pointer. + * Neither dmax nor smax shall be 0. + * dmax shall not be greater than RSIZE_MAX_MEM32. + * smax shall not be greater than dmax. + * Copying shall not take place between objects that overlap. + * If there is a runtime-constraint violation, the memcpy_s function stores + * zeros in the first dmax bytes of the object pointed to by dest + * if dest is not a null pointer and smax is valid. + * + * RETURN VALUE + * EOK operation sucessful + * ESNULLP NULL pointer + * ESZEROL length was zero + * ESLEMAX length exceeds max + * ESOVRLP source memory overlaps destination + * + * ALSO SEE + * memcpy_s(), memcpy16_s(), memmove_s(), memmove16_s(), memmove32_s() + * + */ +errno_t +memcpy32_s (uint32_t *dest, rsize_t dmax, const uint32_t *src, rsize_t smax) +{ + if (dest == NULL) { + invoke_safe_mem_constraint_handler("memcpy32_s: dest is NULL", + NULL, ESNULLP); + return (RCNEGATE(ESNULLP)); + } + + if (dmax == 0) { + invoke_safe_mem_constraint_handler("memcpy32_s: dmax is 0", + NULL, ESZEROL); + return (RCNEGATE(ESZEROL)); + } + + if (dmax > RSIZE_MAX_MEM32) { + invoke_safe_mem_constraint_handler("memcpy32_s: dmax exceeds max", + NULL, ESLEMAX); + return (RCNEGATE(ESLEMAX)); + } + + if (smax == 0) { + mem_prim_set32(dest, dmax, 0); + invoke_safe_mem_constraint_handler("memcpy32_s: smax is 0", + NULL, ESZEROL); + return (RCNEGATE(ESZEROL)); + } + + if (smax > dmax) { + mem_prim_set32(dest, dmax, 0); + invoke_safe_mem_constraint_handler("memcpy32_s: smax exceeds dmax", + NULL, ESLEMAX); + return (RCNEGATE(ESLEMAX)); + } + + if (src == NULL) { + mem_prim_set32(dest, dmax, 0); + invoke_safe_mem_constraint_handler("memcpy32_s: src is NULL", + NULL, ESNULLP); + return (RCNEGATE(ESNULLP)); + } + + /* + * overlap is undefined behavior, do not allow + */ + if( ((dest > src) && (dest < (src+smax))) || + ((src > dest) && (src < (dest+dmax))) ) { + mem_prim_set32(dest, dmax, 0); + invoke_safe_mem_constraint_handler("memcpy32_s: overlap undefined", + NULL, ESOVRLP); + return (RCNEGATE(ESOVRLP)); + } + + /* + * now perform the copy + */ + mem_prim_move32(dest, src, smax); + + return (RCNEGATE(EOK)); +} +EXPORT_SYMBOL(memcpy32_s) diff --git a/safeclib/memcpy_s.c b/safeclib/memcpy_s.c index a2f7990..a5c77b7 100644 --- a/safeclib/memcpy_s.c +++ b/safeclib/memcpy_s.c @@ -1,163 +1,163 @@ -/*------------------------------------------------------------------ - * memcpy_s - * - * October 2008, Bo Berry - * - * Copyright (c) 2008-2011 Cisco Systems - * All rights reserved. - * - * Permission is hereby granted, free of charge, to any person - * obtaining a copy of this software and associated documentation - * files (the "Software"), to deal in the Software without - * restriction, including without limitation the rights to use, - * copy, modify, merge, publish, distribute, sublicense, and/or - * sell copies of the Software, and to permit persons to whom the - * Software is furnished to do so, subject to the following - * conditions: - * - * The above copyright notice and this permission notice shall be - * included in all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES - * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND - * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT - * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, - * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING - * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR - * OTHER DEALINGS IN THE SOFTWARE. - *------------------------------------------------------------------ - */ - -#include "safeclib_private.h" -#include "safe_mem_constraint.h" -#include "mem_primitives_lib.h" -#include "safe_mem_lib.h" - - -/** - * NAME - * memcpy_s - * - * SYNOPSIS - * #include "safe_mem_lib.h" - * errno_t - * memcpy_s(void *dest, rsize_t dmax, const void *src, rsize_t smax) - * - * DESCRIPTION - * This function copies at most smax bytes from src to dest, up to - * dmax. The size values are unsigned values. - * - * AR: Dave - verify ISO spec requires unsigned - * - * SPECIFIED IN - * ISO/IEC JTC1 SC22 WG14 N1172, Programming languages, environments - * and system software interfaces, Extensions to the C Library, - * Part I: Bounds-checking interfaces - * - * INPUT PARAMETERS - * dest pointer to memory that will be replaced by src. - * - * dmax maximum length of the resulting dest - * - * src pointer to the memory that will be copied to dest - * - * smax maximum number bytes of src to copy - * - * OUTPUT PARAMETERS - * dest is updated - * - * RUNTIME CONSTRAINTS - * Neither dest nor src shall be a null pointer. - * Neither dmax nor smax shall be zero. - * dmax shall not be greater than RSIZE_MAX_MEM. - * smax shall not be greater than dmax. - * Copying shall not take place between regions that overlap. - * If there is a runtime-constraint violation, the memcpy_s function - * stores zeros in the first dmax bytes of the region pointed to - * by dest if dest is not a null pointer and smax is valid. - * - * RETURN VALUE - * EOK successful operation - * ESNULLP NULL pointer - * ESZEROL zero length - * ESLEMAX length exceeds max limit - * ESOVRLP source memory overlaps destination - * - * ALSO SEE - * memcpy16_s(), memcpy32_s(), memmove_s(), memmove16_s(), - * memmove32_s() - * - */ -errno_t -memcpy_s (void *dest, rsize_t dmax, const void *src, rsize_t smax) -{ - uint8_t *dp; - const uint8_t *sp; - - dp = dest; - sp = src; - - if (dp == NULL) { - invoke_safe_mem_constraint_handler("memcpy_s: dest is NULL", - NULL, ESNULLP); - return RCNEGATE(ESNULLP); - } - - if (dmax == 0) { - invoke_safe_mem_constraint_handler("memcpy_s: dmax is 0", - NULL, ESZEROL); - return RCNEGATE(ESZEROL); - } - - if (dmax > RSIZE_MAX_MEM) { - invoke_safe_mem_constraint_handler("memcpy_s: dmax exceeds max", - NULL, ESLEMAX); - return RCNEGATE(ESLEMAX); - } - - // AR: This is not a requirement according to the ISO spec - Change? - // AR: documentation needed on use of the error handlers - - // AR: default err handler should output to stderr on DEBUG - // AR: update docs to define return RCNEGATE of the error number - if (smax == 0) { - mem_prim_set(dp, dmax, 0); - invoke_safe_mem_constraint_handler("memcpy_s: smax is 0", - NULL, ESZEROL); - return RCNEGATE(ESZEROL); - } - - if (smax > dmax) { - mem_prim_set(dp, dmax, 0); - invoke_safe_mem_constraint_handler("memcpy_s: smax exceeds dmax", - NULL, ESLEMAX); - return RCNEGATE(ESLEMAX); - } - - if (sp == NULL) { - mem_prim_set(dp, dmax, 0); - invoke_safe_mem_constraint_handler("memcpy_s: src is NULL", - NULL, ESNULLP); - return RCNEGATE(ESNULLP); - } - - - /* - * overlap is undefined behavior, do not allow - */ - if( ((dp > sp) && (dp < (sp+smax))) || - ((sp > dp) && (sp < (dp+dmax))) ) { - mem_prim_set(dp, dmax, 0); - invoke_safe_mem_constraint_handler("memcpy_s: overlap undefined", - NULL, ESOVRLP); - return RCNEGATE(ESOVRLP); - } - - /* - * now perform the copy - */ - mem_prim_move(dp, sp, smax); - - return RCNEGATE(EOK); -} -EXPORT_SYMBOL(memcpy_s) +/*------------------------------------------------------------------ + * memcpy_s + * + * October 2008, Bo Berry + * + * Copyright (c) 2008-2011 Cisco Systems + * All rights reserved. + * + * Permission is hereby granted, free of charge, to any person + * obtaining a copy of this software and associated documentation + * files (the "Software"), to deal in the Software without + * restriction, including without limitation the rights to use, + * copy, modify, merge, publish, distribute, sublicense, and/or + * sell copies of the Software, and to permit persons to whom the + * Software is furnished to do so, subject to the following + * conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES + * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT + * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, + * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING + * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR + * OTHER DEALINGS IN THE SOFTWARE. + *------------------------------------------------------------------ + */ + +#include "safeclib_private.h" +#include "safe_mem_constraint.h" +#include "mem_primitives_lib.h" +#include "safe_mem_lib.h" + + +/** + * NAME + * memcpy_s + * + * SYNOPSIS + * #include "safe_mem_lib.h" + * errno_t + * memcpy_s(void *dest, rsize_t dmax, const void *src, rsize_t smax) + * + * DESCRIPTION + * This function copies at most smax bytes from src to dest, up to + * dmax. The size values are unsigned values. + * + * AR: Dave - verify ISO spec requires unsigned + * + * SPECIFIED IN + * ISO/IEC JTC1 SC22 WG14 N1172, Programming languages, environments + * and system software interfaces, Extensions to the C Library, + * Part I: Bounds-checking interfaces + * + * INPUT PARAMETERS + * dest pointer to memory that will be replaced by src. + * + * dmax maximum length of the resulting dest + * + * src pointer to the memory that will be copied to dest + * + * smax maximum number bytes of src to copy + * + * OUTPUT PARAMETERS + * dest is updated + * + * RUNTIME CONSTRAINTS + * Neither dest nor src shall be a null pointer. + * Neither dmax nor smax shall be zero. + * dmax shall not be greater than RSIZE_MAX_MEM. + * smax shall not be greater than dmax. + * Copying shall not take place between regions that overlap. + * If there is a runtime-constraint violation, the memcpy_s function + * stores zeros in the first dmax bytes of the region pointed to + * by dest if dest is not a null pointer and smax is valid. + * + * RETURN VALUE + * EOK successful operation + * ESNULLP NULL pointer + * ESZEROL zero length + * ESLEMAX length exceeds max limit + * ESOVRLP source memory overlaps destination + * + * ALSO SEE + * memcpy16_s(), memcpy32_s(), memmove_s(), memmove16_s(), + * memmove32_s() + * + */ +errno_t +memcpy_s (void *dest, rsize_t dmax, const void *src, rsize_t smax) +{ + uint8_t *dp; + const uint8_t *sp; + + dp = dest; + sp = src; + + if (dp == NULL) { + invoke_safe_mem_constraint_handler("memcpy_s: dest is NULL", + NULL, ESNULLP); + return RCNEGATE(ESNULLP); + } + + if (dmax == 0) { + invoke_safe_mem_constraint_handler("memcpy_s: dmax is 0", + NULL, ESZEROL); + return RCNEGATE(ESZEROL); + } + + if (dmax > RSIZE_MAX_MEM) { + invoke_safe_mem_constraint_handler("memcpy_s: dmax exceeds max", + NULL, ESLEMAX); + return RCNEGATE(ESLEMAX); + } + + // AR: This is not a requirement according to the ISO spec - Change? + // AR: documentation needed on use of the error handlers - + // AR: default err handler should output to stderr on DEBUG + // AR: update docs to define return RCNEGATE of the error number + if (smax == 0) { + mem_prim_set(dp, dmax, 0); + invoke_safe_mem_constraint_handler("memcpy_s: smax is 0", + NULL, ESZEROL); + return RCNEGATE(ESZEROL); + } + + if (smax > dmax) { + mem_prim_set(dp, dmax, 0); + invoke_safe_mem_constraint_handler("memcpy_s: smax exceeds dmax", + NULL, ESLEMAX); + return RCNEGATE(ESLEMAX); + } + + if (sp == NULL) { + mem_prim_set(dp, dmax, 0); + invoke_safe_mem_constraint_handler("memcpy_s: src is NULL", + NULL, ESNULLP); + return RCNEGATE(ESNULLP); + } + + + /* + * overlap is undefined behavior, do not allow + */ + if( ((dp > sp) && (dp < (sp+smax))) || + ((sp > dp) && (sp < (dp+dmax))) ) { + mem_prim_set(dp, dmax, 0); + invoke_safe_mem_constraint_handler("memcpy_s: overlap undefined", + NULL, ESOVRLP); + return RCNEGATE(ESOVRLP); + } + + /* + * now perform the copy + */ + mem_prim_move(dp, sp, smax); + + return RCNEGATE(EOK); +} +EXPORT_SYMBOL(memcpy_s) diff --git a/safeclib/memmove16_s.c b/safeclib/memmove16_s.c index 49d05e1..14885e8 100644 --- a/safeclib/memmove16_s.c +++ b/safeclib/memmove16_s.c @@ -1,151 +1,151 @@ -/*------------------------------------------------------------------ - * memmove16_s.c - * - * October 2008, Bo Berry - * - * Copyright (c) 2008-2011 Cisco Systems - * All rights reserved. - * - * Permission is hereby granted, free of charge, to any person - * obtaining a copy of this software and associated documentation - * files (the "Software"), to deal in the Software without - * restriction, including without limitation the rights to use, - * copy, modify, merge, publish, distribute, sublicense, and/or - * sell copies of the Software, and to permit persons to whom the - * Software is furnished to do so, subject to the following - * conditions: - * - * The above copyright notice and this permission notice shall be - * included in all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES - * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND - * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT - * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, - * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING - * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR - * OTHER DEALINGS IN THE SOFTWARE. - *------------------------------------------------------------------ - */ - -#include "safeclib_private.h" -#include "safe_mem_constraint.h" -#include "mem_primitives_lib.h" -#include "safe_mem_lib.h" - - -/** - * NAME - * memmove16_s - * - * SYNOPSIS - * #include "safe_mem_lib.h" - * errno_t - * memmove16_s(uint16_t *dest, rsize_t dmax, - * const uint16_t *src, rsize_t smax) - * - * DESCRIPTION - * The memmove16_s function copies smax uint16_t from the region - * pointed to by src into the region pointed to by dest. This - * copying takes place as if the smax uint16_t from the region - * pointed to by src are first copied into a temporary array of - * smax uint16_t that does not overlap the regions pointed to - * by dest or src, and then the smax uint16_t from the temporary - * array are copied into the region pointed to by dest. - * - * EXTENSION TO - * ISO/IEC JTC1 SC22 WG14 N1172, Programming languages, environments - * and system software interfaces, Extensions to the C Library, - * Part I: Bounds-checking interfaces - * - * INPUT PARAMETERS - * dest pointer to the memory that will be replaced by src. - * - * dmax maximum length of the resulting dest, in uint16_t - * - * src pointer to the memory that will be copied - * to dest - * - * smax maximum number uint16_t of src that can be copied - * - * OUTPUT PARAMETERS - * dest is updated - * - * RUNTIME CONSTRAINTS - * Neither dest nor src shall be a null pointer. - * Neither dmax nor smax shall be 0. - * dmax shall not be greater than RSIZE_MAX_MEM. - * smax shall not be greater than dmax. - * If there is a runtime-constraint violation, the memmove_s function - * stores zeros in the first dmax characters of the regionpointed to - * by dest if dest is not a null pointer and dmax is not greater - * than RSIZE_MAX_MEM. - * - * RETURN VALUE - * EOK successful operation - * ESNULLP NULL pointer - * ESZEROL zero length - * ESLEMAX length exceeds max limit - * - * ALSO SEE - * memmove_s(), memmove32_s(), memcpy_s(), memcpy16_s() memcpy32_s() - * - */ -errno_t -memmove16_s (uint16_t *dest, rsize_t dmax, const uint16_t *src, rsize_t smax) -{ - uint16_t *dp; - const uint16_t *sp; - - dp= dest; - sp = src; - - if (dp == NULL) { - invoke_safe_mem_constraint_handler("memove16_s: dest is null", - NULL, ESNULLP); - return (RCNEGATE(ESNULLP)); - } - - if (dmax == 0) { - invoke_safe_mem_constraint_handler("memove16_s: dmax is 0", - NULL, ESZEROL); - return (RCNEGATE(ESZEROL)); - } - - if (dmax > RSIZE_MAX_MEM16) { - invoke_safe_mem_constraint_handler("memove16_s: dmax exceeds max", - NULL, ESLEMAX); - return (RCNEGATE(ESLEMAX)); - } - - if (smax == 0) { - mem_prim_set16(dp, dmax, 0); - invoke_safe_mem_constraint_handler("memove16_s: smax is 0", - NULL, ESZEROL); - return (RCNEGATE(ESZEROL)); - } - - if (smax > dmax) { - mem_prim_set16(dp, dmax, 0); - invoke_safe_mem_constraint_handler("memove16_s: smax exceeds dmax", - NULL, ESLEMAX); - return (RCNEGATE(ESLEMAX)); - } - - if (sp == NULL) { - mem_prim_set16(dp, dmax, 0); - invoke_safe_mem_constraint_handler("memove16_s: src is null", - NULL, ESNULLP); - return (RCNEGATE(ESNULLP)); - } - - - /* - * now perform the copy - */ - mem_prim_move16(dp, sp, smax); - - return (RCNEGATE(EOK)); -} -EXPORT_SYMBOL(memmove16_s) +/*------------------------------------------------------------------ + * memmove16_s.c + * + * October 2008, Bo Berry + * + * Copyright (c) 2008-2011 Cisco Systems + * All rights reserved. + * + * Permission is hereby granted, free of charge, to any person + * obtaining a copy of this software and associated documentation + * files (the "Software"), to deal in the Software without + * restriction, including without limitation the rights to use, + * copy, modify, merge, publish, distribute, sublicense, and/or + * sell copies of the Software, and to permit persons to whom the + * Software is furnished to do so, subject to the following + * conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES + * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT + * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, + * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING + * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR + * OTHER DEALINGS IN THE SOFTWARE. + *------------------------------------------------------------------ + */ + +#include "safeclib_private.h" +#include "safe_mem_constraint.h" +#include "mem_primitives_lib.h" +#include "safe_mem_lib.h" + + +/** + * NAME + * memmove16_s + * + * SYNOPSIS + * #include "safe_mem_lib.h" + * errno_t + * memmove16_s(uint16_t *dest, rsize_t dmax, + * const uint16_t *src, rsize_t smax) + * + * DESCRIPTION + * The memmove16_s function copies smax uint16_t from the region + * pointed to by src into the region pointed to by dest. This + * copying takes place as if the smax uint16_t from the region + * pointed to by src are first copied into a temporary array of + * smax uint16_t that does not overlap the regions pointed to + * by dest or src, and then the smax uint16_t from the temporary + * array are copied into the region pointed to by dest. + * + * EXTENSION TO + * ISO/IEC JTC1 SC22 WG14 N1172, Programming languages, environments + * and system software interfaces, Extensions to the C Library, + * Part I: Bounds-checking interfaces + * + * INPUT PARAMETERS + * dest pointer to the memory that will be replaced by src. + * + * dmax maximum length of the resulting dest, in uint16_t + * + * src pointer to the memory that will be copied + * to dest + * + * smax maximum number uint16_t of src that can be copied + * + * OUTPUT PARAMETERS + * dest is updated + * + * RUNTIME CONSTRAINTS + * Neither dest nor src shall be a null pointer. + * Neither dmax nor smax shall be 0. + * dmax shall not be greater than RSIZE_MAX_MEM. + * smax shall not be greater than dmax. + * If there is a runtime-constraint violation, the memmove_s function + * stores zeros in the first dmax characters of the regionpointed to + * by dest if dest is not a null pointer and dmax is not greater + * than RSIZE_MAX_MEM. + * + * RETURN VALUE + * EOK successful operation + * ESNULLP NULL pointer + * ESZEROL zero length + * ESLEMAX length exceeds max limit + * + * ALSO SEE + * memmove_s(), memmove32_s(), memcpy_s(), memcpy16_s() memcpy32_s() + * + */ +errno_t +memmove16_s (uint16_t *dest, rsize_t dmax, const uint16_t *src, rsize_t smax) +{ + uint16_t *dp; + const uint16_t *sp; + + dp= dest; + sp = src; + + if (dp == NULL) { + invoke_safe_mem_constraint_handler("memove16_s: dest is null", + NULL, ESNULLP); + return (RCNEGATE(ESNULLP)); + } + + if (dmax == 0) { + invoke_safe_mem_constraint_handler("memove16_s: dmax is 0", + NULL, ESZEROL); + return (RCNEGATE(ESZEROL)); + } + + if (dmax > RSIZE_MAX_MEM16) { + invoke_safe_mem_constraint_handler("memove16_s: dmax exceeds max", + NULL, ESLEMAX); + return (RCNEGATE(ESLEMAX)); + } + + if (smax == 0) { + mem_prim_set16(dp, dmax, 0); + invoke_safe_mem_constraint_handler("memove16_s: smax is 0", + NULL, ESZEROL); + return (RCNEGATE(ESZEROL)); + } + + if (smax > dmax) { + mem_prim_set16(dp, dmax, 0); + invoke_safe_mem_constraint_handler("memove16_s: smax exceeds dmax", + NULL, ESLEMAX); + return (RCNEGATE(ESLEMAX)); + } + + if (sp == NULL) { + mem_prim_set16(dp, dmax, 0); + invoke_safe_mem_constraint_handler("memove16_s: src is null", + NULL, ESNULLP); + return (RCNEGATE(ESNULLP)); + } + + + /* + * now perform the copy + */ + mem_prim_move16(dp, sp, smax); + + return (RCNEGATE(EOK)); +} +EXPORT_SYMBOL(memmove16_s) diff --git a/safeclib/memmove32_s.c b/safeclib/memmove32_s.c index 8f95e33..18e8543 100644 --- a/safeclib/memmove32_s.c +++ b/safeclib/memmove32_s.c @@ -1,150 +1,150 @@ -/*------------------------------------------------------------------ - * memmove32_s.c - * - * October 2008, Bo Berry - * - * Copyright (c) 2008-2011 Cisco Systems - * All rights reserved. - * - * Permission is hereby granted, free of charge, to any person - * obtaining a copy of this software and associated documentation - * files (the "Software"), to deal in the Software without - * restriction, including without limitation the rights to use, - * copy, modify, merge, publish, distribute, sublicense, and/or - * sell copies of the Software, and to permit persons to whom the - * Software is furnished to do so, subject to the following - * conditions: - * - * The above copyright notice and this permission notice shall be - * included in all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES - * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND - * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT - * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, - * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING - * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR - * OTHER DEALINGS IN THE SOFTWARE. - *------------------------------------------------------------------ - */ - -#include "safeclib_private.h" -#include "safe_mem_constraint.h" -#include "mem_primitives_lib.h" -#include "safe_mem_lib.h" - - -/** - * NAME - * memmove32_s - * - * SYNOPSIS - * #include "safe_mem_lib.h" - * errno_t - * memmove32_s(uint32_t *dest, rsize_t dmax, - * const uint32_t *src, rsize_t smax) - * - * DESCRIPTION - * The memmove32_s function copies smax uint32_ts from the region - * pointed to by src into the region pointed to by dest. This - * copying takes place as if the smax uint32_ts from the region - * pointed to by src are first copied into a temporary array of - * smax uint32_ts that does not overlap the regions pointed to - * by dest or src, and then the smax uint32_ts from the temporary - * array are copied into the region pointed to by dest. - * - * EXTENSION TO - * ISO/IEC JTC1 SC22 WG14 N1172, Programming languages, environments - * and system software interfaces, Extensions to the C Library, - * Part I: Bounds-checking interfaces - * - * INPUT PARAMETERS - * dest pointer to the memory that will be replaced by src. - * - * dmax maximum length of the resulting dest, in uint32_t - * - * src pointer to the memory that will be copied - * to dest - * - * smax maximum number uint32_t of src that can be copied - * - * OUTPUT PARAMETERS - * dest is updated - * - * RUNTIME CONSTRAINTS - * Neither dest nor src shall be a null pointer. - * Neither dmax nor smax shall be 0. - * dmax shall not be greater than RSIZE_MAX_MEM. - * smax shall not be greater than dmax. - * If there is a runtime-constraint violation, the memmove_s function - * stores zeros in the first dmax characters of the regionpointed to - * by dest if dest is not a null pointer and dmax is not greater - * than RSIZE_MAX_MEM. - * - * RETURN VALUE - * EOK successful operation - * ESNULLP NULL pointer - * ESZEROL zero length - * ESLEMAX length exceeds max limit - * - * ALSO SEE - * memmove_s(), memmove16_s(), memcpy_s(), memcpy16_s() memcpy32_s() - * - */ -errno_t -memmove32_s (uint32_t *dest, rsize_t dmax, const uint32_t *src, rsize_t smax) -{ - uint32_t *dp; - const uint32_t *sp; - - dp= dest; - sp = src; - - if (dp == NULL) { - invoke_safe_mem_constraint_handler("memove32_s: dest is null", - NULL, ESNULLP); - return (RCNEGATE(ESNULLP)); - } - - if (dmax == 0) { - invoke_safe_mem_constraint_handler("memove32_s: dest is zero", - NULL, ESZEROL); - return (RCNEGATE(ESZEROL)); - } - - if (dmax > RSIZE_MAX_MEM32) { - invoke_safe_mem_constraint_handler("memove32_s: dmax exceeds max", - NULL, ESLEMAX); - return (RCNEGATE(ESLEMAX)); - } - - if (smax == 0) { - mem_prim_set32(dp, dmax, 0); - invoke_safe_mem_constraint_handler("memove32_s: smax is 0", - NULL, ESZEROL); - return (RCNEGATE(ESZEROL)); - } - - if (smax > dmax) { - mem_prim_set32(dp, dmax, 0); - invoke_safe_mem_constraint_handler("memove32_s: smax exceeds dmax", - NULL, ESLEMAX); - return (RCNEGATE(ESLEMAX)); - } - - if (sp == NULL) { - mem_prim_set32(dp, dmax, 0); - invoke_safe_mem_constraint_handler("memove32_s: src is null", - NULL, ESNULLP); - return (RCNEGATE(ESNULLP)); - } - - /* - * now perform the copy - */ - mem_prim_move32(dp, sp, smax); - - return (RCNEGATE(EOK)); -} -EXPORT_SYMBOL(memmove32_s) +/*------------------------------------------------------------------ + * memmove32_s.c + * + * October 2008, Bo Berry + * + * Copyright (c) 2008-2011 Cisco Systems + * All rights reserved. + * + * Permission is hereby granted, free of charge, to any person + * obtaining a copy of this software and associated documentation + * files (the "Software"), to deal in the Software without + * restriction, including without limitation the rights to use, + * copy, modify, merge, publish, distribute, sublicense, and/or + * sell copies of the Software, and to permit persons to whom the + * Software is furnished to do so, subject to the following + * conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES + * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT + * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, + * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING + * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR + * OTHER DEALINGS IN THE SOFTWARE. + *------------------------------------------------------------------ + */ + +#include "safeclib_private.h" +#include "safe_mem_constraint.h" +#include "mem_primitives_lib.h" +#include "safe_mem_lib.h" + + +/** + * NAME + * memmove32_s + * + * SYNOPSIS + * #include "safe_mem_lib.h" + * errno_t + * memmove32_s(uint32_t *dest, rsize_t dmax, + * const uint32_t *src, rsize_t smax) + * + * DESCRIPTION + * The memmove32_s function copies smax uint32_ts from the region + * pointed to by src into the region pointed to by dest. This + * copying takes place as if the smax uint32_ts from the region + * pointed to by src are first copied into a temporary array of + * smax uint32_ts that does not overlap the regions pointed to + * by dest or src, and then the smax uint32_ts from the temporary + * array are copied into the region pointed to by dest. + * + * EXTENSION TO + * ISO/IEC JTC1 SC22 WG14 N1172, Programming languages, environments + * and system software interfaces, Extensions to the C Library, + * Part I: Bounds-checking interfaces + * + * INPUT PARAMETERS + * dest pointer to the memory that will be replaced by src. + * + * dmax maximum length of the resulting dest, in uint32_t + * + * src pointer to the memory that will be copied + * to dest + * + * smax maximum number uint32_t of src that can be copied + * + * OUTPUT PARAMETERS + * dest is updated + * + * RUNTIME CONSTRAINTS + * Neither dest nor src shall be a null pointer. + * Neither dmax nor smax shall be 0. + * dmax shall not be greater than RSIZE_MAX_MEM. + * smax shall not be greater than dmax. + * If there is a runtime-constraint violation, the memmove_s function + * stores zeros in the first dmax characters of the regionpointed to + * by dest if dest is not a null pointer and dmax is not greater + * than RSIZE_MAX_MEM. + * + * RETURN VALUE + * EOK successful operation + * ESNULLP NULL pointer + * ESZEROL zero length + * ESLEMAX length exceeds max limit + * + * ALSO SEE + * memmove_s(), memmove16_s(), memcpy_s(), memcpy16_s() memcpy32_s() + * + */ +errno_t +memmove32_s (uint32_t *dest, rsize_t dmax, const uint32_t *src, rsize_t smax) +{ + uint32_t *dp; + const uint32_t *sp; + + dp= dest; + sp = src; + + if (dp == NULL) { + invoke_safe_mem_constraint_handler("memove32_s: dest is null", + NULL, ESNULLP); + return (RCNEGATE(ESNULLP)); + } + + if (dmax == 0) { + invoke_safe_mem_constraint_handler("memove32_s: dest is zero", + NULL, ESZEROL); + return (RCNEGATE(ESZEROL)); + } + + if (dmax > RSIZE_MAX_MEM32) { + invoke_safe_mem_constraint_handler("memove32_s: dmax exceeds max", + NULL, ESLEMAX); + return (RCNEGATE(ESLEMAX)); + } + + if (smax == 0) { + mem_prim_set32(dp, dmax, 0); + invoke_safe_mem_constraint_handler("memove32_s: smax is 0", + NULL, ESZEROL); + return (RCNEGATE(ESZEROL)); + } + + if (smax > dmax) { + mem_prim_set32(dp, dmax, 0); + invoke_safe_mem_constraint_handler("memove32_s: smax exceeds dmax", + NULL, ESLEMAX); + return (RCNEGATE(ESLEMAX)); + } + + if (sp == NULL) { + mem_prim_set32(dp, dmax, 0); + invoke_safe_mem_constraint_handler("memove32_s: src is null", + NULL, ESNULLP); + return (RCNEGATE(ESNULLP)); + } + + /* + * now perform the copy + */ + mem_prim_move32(dp, sp, smax); + + return (RCNEGATE(EOK)); +} +EXPORT_SYMBOL(memmove32_s) diff --git a/safeclib/memmove_s.c b/safeclib/memmove_s.c index 3b6dc4b..d040d05 100644 --- a/safeclib/memmove_s.c +++ b/safeclib/memmove_s.c @@ -1,149 +1,149 @@ -/*------------------------------------------------------------------ - * memmove_s.c - * - * October 2008, Bo Berry - * - * Copyright (c) 2008-2011 Cisco Systems - * All rights reserved. - * - * Permission is hereby granted, free of charge, to any person - * obtaining a copy of this software and associated documentation - * files (the "Software"), to deal in the Software without - * restriction, including without limitation the rights to use, - * copy, modify, merge, publish, distribute, sublicense, and/or - * sell copies of the Software, and to permit persons to whom the - * Software is furnished to do so, subject to the following - * conditions: - * - * The above copyright notice and this permission notice shall be - * included in all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES - * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND - * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT - * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, - * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING - * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR - * OTHER DEALINGS IN THE SOFTWARE. - *------------------------------------------------------------------ - */ - -#include "safeclib_private.h" -#include "safe_mem_constraint.h" -#include "mem_primitives_lib.h" -#include "safe_mem_lib.h" - - -/** - * NAME - * memmove_s - * - * SYNOPSIS - * #include "safe_mem_lib.h" - * errno_t - * memmove_s(void *dest, rsize_t dmax, - * const void *src, rsize_t smax) - * - * DESCRIPTION - * The memmove_s function copies smax bytes from the region pointed - * to by src into the region pointed to by dest. This copying takes place - * as if the smax bytes from the region pointed to by src are first copied - * into a temporary array of smax bytes that does not overlap the region - * pointed to by dest or src, and then the smax bytes from the temporary - * array are copied into the object region to by dest. - * - * SPECIFIED IN - * ISO/IEC TR 24731, Programming languages, environments - * and system software interfaces, Extensions to the C Library, - * Part I: Bounds-checking interfaces - * - * INPUT PARAMETERS - * dest pointer to the memory that will be replaced by src. - * - * dmax maximum length of the resulting dest, in bytes - * - * src pointer to the memory that will be copied - * to dest - * - * smax maximum number bytes of src that can be copied - * - * OUTPUT PARAMETERS - * dest is updated - * - * RUNTIME CONSTRAINTS - * Neither dest nor src shall be a null pointer. - * Neither dmax nor smax shall be 0. - * dmax shall not be greater than RSIZE_MAX_MEM. - * smax shall not be greater than dmax. - * If there is a runtime-constraint violation, the memmove_s function - * stores zeros in the first dmax characters of the regionpointed to - * by dest if dest is not a null pointer and dmax is not greater - * than RSIZE_MAX_MEM. - * - * RETURN VALUE - * EOK successful operation - * ESNULLP NULL pointer - * ESZEROL zero length - * ESLEMAX length exceeds max limit - * - * ALSO SEE - * memmove16_s(), memmove32_s(), memcpy_s(), memcpy16_s() memcpy32_s() - * - */ -errno_t -memmove_s (void *dest, rsize_t dmax, const void *src, rsize_t smax) -{ - uint8_t *dp; - const uint8_t *sp; - - dp= dest; - sp = src; - - if (dp == NULL) { - invoke_safe_mem_constraint_handler("memmove_s: dest is null", - NULL, ESNULLP); - return (RCNEGATE(ESNULLP)); - } - - if (dmax == 0) { - invoke_safe_mem_constraint_handler("memmove_s: dmax is 0", - NULL, ESZEROL); - return (RCNEGATE(ESZEROL)); - } - - if (dmax > RSIZE_MAX_MEM) { - invoke_safe_mem_constraint_handler("memmove_s: dmax exceeds max", - NULL, ESLEMAX); - return (RCNEGATE(ESLEMAX)); - } - - if (smax == 0) { - mem_prim_set(dp, dmax, 0); - invoke_safe_mem_constraint_handler("memmove_s: smax is 0", - NULL, ESZEROL); - return (RCNEGATE(ESZEROL)); - } - - if (smax > dmax) { - mem_prim_set(dp, dmax, 0); - invoke_safe_mem_constraint_handler("memmove_s: smax exceeds max", - NULL, ESLEMAX); - return (RCNEGATE(ESLEMAX)); - } - - if (sp == NULL) { - mem_prim_set(dp, dmax, 0); - invoke_safe_mem_constraint_handler("memmove_s: src is null", - NULL, ESNULLP); - return (RCNEGATE(ESNULLP)); - } - - /* - * now perform the copy - */ - mem_prim_move(dp, sp, smax); - - return (RCNEGATE(EOK)); -} -EXPORT_SYMBOL(memmove_s) +/*------------------------------------------------------------------ + * memmove_s.c + * + * October 2008, Bo Berry + * + * Copyright (c) 2008-2011 Cisco Systems + * All rights reserved. + * + * Permission is hereby granted, free of charge, to any person + * obtaining a copy of this software and associated documentation + * files (the "Software"), to deal in the Software without + * restriction, including without limitation the rights to use, + * copy, modify, merge, publish, distribute, sublicense, and/or + * sell copies of the Software, and to permit persons to whom the + * Software is furnished to do so, subject to the following + * conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES + * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT + * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, + * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING + * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR + * OTHER DEALINGS IN THE SOFTWARE. + *------------------------------------------------------------------ + */ + +#include "safeclib_private.h" +#include "safe_mem_constraint.h" +#include "mem_primitives_lib.h" +#include "safe_mem_lib.h" + + +/** + * NAME + * memmove_s + * + * SYNOPSIS + * #include "safe_mem_lib.h" + * errno_t + * memmove_s(void *dest, rsize_t dmax, + * const void *src, rsize_t smax) + * + * DESCRIPTION + * The memmove_s function copies smax bytes from the region pointed + * to by src into the region pointed to by dest. This copying takes place + * as if the smax bytes from the region pointed to by src are first copied + * into a temporary array of smax bytes that does not overlap the region + * pointed to by dest or src, and then the smax bytes from the temporary + * array are copied into the object region to by dest. + * + * SPECIFIED IN + * ISO/IEC TR 24731, Programming languages, environments + * and system software interfaces, Extensions to the C Library, + * Part I: Bounds-checking interfaces + * + * INPUT PARAMETERS + * dest pointer to the memory that will be replaced by src. + * + * dmax maximum length of the resulting dest, in bytes + * + * src pointer to the memory that will be copied + * to dest + * + * smax maximum number bytes of src that can be copied + * + * OUTPUT PARAMETERS + * dest is updated + * + * RUNTIME CONSTRAINTS + * Neither dest nor src shall be a null pointer. + * Neither dmax nor smax shall be 0. + * dmax shall not be greater than RSIZE_MAX_MEM. + * smax shall not be greater than dmax. + * If there is a runtime-constraint violation, the memmove_s function + * stores zeros in the first dmax characters of the regionpointed to + * by dest if dest is not a null pointer and dmax is not greater + * than RSIZE_MAX_MEM. + * + * RETURN VALUE + * EOK successful operation + * ESNULLP NULL pointer + * ESZEROL zero length + * ESLEMAX length exceeds max limit + * + * ALSO SEE + * memmove16_s(), memmove32_s(), memcpy_s(), memcpy16_s() memcpy32_s() + * + */ +errno_t +memmove_s (void *dest, rsize_t dmax, const void *src, rsize_t smax) +{ + uint8_t *dp; + const uint8_t *sp; + + dp= dest; + sp = src; + + if (dp == NULL) { + invoke_safe_mem_constraint_handler("memmove_s: dest is null", + NULL, ESNULLP); + return (RCNEGATE(ESNULLP)); + } + + if (dmax == 0) { + invoke_safe_mem_constraint_handler("memmove_s: dmax is 0", + NULL, ESZEROL); + return (RCNEGATE(ESZEROL)); + } + + if (dmax > RSIZE_MAX_MEM) { + invoke_safe_mem_constraint_handler("memmove_s: dmax exceeds max", + NULL, ESLEMAX); + return (RCNEGATE(ESLEMAX)); + } + + if (smax == 0) { + mem_prim_set(dp, dmax, 0); + invoke_safe_mem_constraint_handler("memmove_s: smax is 0", + NULL, ESZEROL); + return (RCNEGATE(ESZEROL)); + } + + if (smax > dmax) { + mem_prim_set(dp, dmax, 0); + invoke_safe_mem_constraint_handler("memmove_s: smax exceeds max", + NULL, ESLEMAX); + return (RCNEGATE(ESLEMAX)); + } + + if (sp == NULL) { + mem_prim_set(dp, dmax, 0); + invoke_safe_mem_constraint_handler("memmove_s: src is null", + NULL, ESNULLP); + return (RCNEGATE(ESNULLP)); + } + + /* + * now perform the copy + */ + mem_prim_move(dp, sp, smax); + + return (RCNEGATE(EOK)); +} +EXPORT_SYMBOL(memmove_s) diff --git a/safeclib/safe_str_constraint.c b/safeclib/safe_str_constraint.c index 69782c2..d57058f 100644 --- a/safeclib/safe_str_constraint.c +++ b/safeclib/safe_str_constraint.c @@ -1,146 +1,146 @@ -/*------------------------------------------------------------------ - * safe_str_constraint.c - * - * October 2008, Bo Berry - * 2012, Jonathan Toppins - * - * Copyright (c) 2008, 2009, 2012 Cisco Systems - * All rights reserved. - * - * Permission is hereby granted, free of charge, to any person - * obtaining a copy of this software and associated documentation - * files (the "Software"), to deal in the Software without - * restriction, including without limitation the rights to use, - * copy, modify, merge, publish, distribute, sublicense, and/or - * sell copies of the Software, and to permit persons to whom the - * Software is furnished to do so, subject to the following - * conditions: - * - * The above copyright notice and this permission notice shall be - * included in all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES - * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND - * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT - * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, - * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING - * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR - * OTHER DEALINGS IN THE SOFTWARE. - *------------------------------------------------------------------ - */ - -#include "safeclib_private.h" -#include "safe_str_constraint.h" -#include "safe_str_lib.h" - - -static constraint_handler_t str_handler = NULL; - - -/** - * NAME - * set_str_constraint_handler_s - * - * SYNOPSIS - * #include "safe_str_lib.h" - * constraint_handler_t - * set_str_constraint_handler_s(constraint_handler_t handler) - * - * DESCRIPTION - * The set_str_constraint_handler_s function sets the runtime-constraint - * handler to be handler. The runtime-constraint handler is the function to - * be called when a library function detects a runtime-constraint - * violation. Only the most recent handler registered with - * set_str_constraint_handler_s is called when a runtime-constraint - * violation occurs. - * When the handler is called, it is passed the following arguments in - * the following order: - * 1. A pointer to a character string describing the - * runtime-constraint violation. - * 2. A null pointer or a pointer to an implementation defined - * object. - * 3. If the function calling the handler has a return type declared - * as errno_t, the return value of the function is passed. - * Otherwise, a positive value of type errno_t is passed. - * The implementation has a default constraint handler that is used if no - * calls to the set_constraint_handler_s function have been made. The - * behavior of the default handler is implementation-defined, and it may - * cause the program to exit or abort. If the handler argument to - * set_constraint_handler_s is a null pointer, the implementation default - * handler becomes the current constraint handler. - * - * SPECIFIED IN - * ISO/IEC JTC1 SC22 WG14 N1172, Programming languages, environments - * and system software interfaces, Extensions to the C Library, - * Part I: Bounds-checking interfaces - * - * INPUT PARAMETERS - * *msg Pointer to the message describing the error - * - * *ptr Pointer to aassociated data. Can be NULL. - * - * error The error code encountered. - * - * OUTPUT PARAMETERS - * none - * - * RETURN VALUE - * none - * - * ALSO SEE - * set_str_constraint_handler_s() - */ -constraint_handler_t -set_str_constraint_handler_s (constraint_handler_t handler) -{ - constraint_handler_t prev_handler = str_handler; - if (NULL == handler) { - str_handler = sl_default_handler; - } else { - str_handler = handler; - } - return prev_handler; -} -EXPORT_SYMBOL(set_str_constraint_handler_s) - - -/** - * NAME - * invoke_safe_str_constraint_handler - * - * SYNOPSIS - * #include "safe_str_constraint.h" - * void - * invoke_safe_str_constraint_handler (const char *msg, - * void *ptr, - * errno_t error) - * - * DESCRIPTION - * Invokes the currently set constraint handler or the default. - * - * INPUT PARAMETERS - * *msg Pointer to the message describing the error - * - * *ptr Pointer to aassociated data. Can be NULL. - * - * error The error code encountered. - * - * OUTPUT PARAMETERS - * none - * - * RETURN VALUE - * none - * - */ -void -invoke_safe_str_constraint_handler (const char *msg, - void *ptr, - errno_t error) -{ - if (NULL != str_handler) { - str_handler(msg, ptr, error); - } else { - sl_default_handler(msg, ptr, error); - } -} +/*------------------------------------------------------------------ + * safe_str_constraint.c + * + * October 2008, Bo Berry + * 2012, Jonathan Toppins + * + * Copyright (c) 2008, 2009, 2012 Cisco Systems + * All rights reserved. + * + * Permission is hereby granted, free of charge, to any person + * obtaining a copy of this software and associated documentation + * files (the "Software"), to deal in the Software without + * restriction, including without limitation the rights to use, + * copy, modify, merge, publish, distribute, sublicense, and/or + * sell copies of the Software, and to permit persons to whom the + * Software is furnished to do so, subject to the following + * conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES + * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT + * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, + * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING + * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR + * OTHER DEALINGS IN THE SOFTWARE. + *------------------------------------------------------------------ + */ + +#include "safeclib_private.h" +#include "safe_str_constraint.h" +#include "safe_str_lib.h" + + +static constraint_handler_t str_handler = NULL; + + +/** + * NAME + * set_str_constraint_handler_s + * + * SYNOPSIS + * #include "safe_str_lib.h" + * constraint_handler_t + * set_str_constraint_handler_s(constraint_handler_t handler) + * + * DESCRIPTION + * The set_str_constraint_handler_s function sets the runtime-constraint + * handler to be handler. The runtime-constraint handler is the function to + * be called when a library function detects a runtime-constraint + * violation. Only the most recent handler registered with + * set_str_constraint_handler_s is called when a runtime-constraint + * violation occurs. + * When the handler is called, it is passed the following arguments in + * the following order: + * 1. A pointer to a character string describing the + * runtime-constraint violation. + * 2. A null pointer or a pointer to an implementation defined + * object. + * 3. If the function calling the handler has a return type declared + * as errno_t, the return value of the function is passed. + * Otherwise, a positive value of type errno_t is passed. + * The implementation has a default constraint handler that is used if no + * calls to the set_constraint_handler_s function have been made. The + * behavior of the default handler is implementation-defined, and it may + * cause the program to exit or abort. If the handler argument to + * set_constraint_handler_s is a null pointer, the implementation default + * handler becomes the current constraint handler. + * + * SPECIFIED IN + * ISO/IEC JTC1 SC22 WG14 N1172, Programming languages, environments + * and system software interfaces, Extensions to the C Library, + * Part I: Bounds-checking interfaces + * + * INPUT PARAMETERS + * *msg Pointer to the message describing the error + * + * *ptr Pointer to aassociated data. Can be NULL. + * + * error The error code encountered. + * + * OUTPUT PARAMETERS + * none + * + * RETURN VALUE + * none + * + * ALSO SEE + * set_str_constraint_handler_s() + */ +constraint_handler_t +set_str_constraint_handler_s (constraint_handler_t handler) +{ + constraint_handler_t prev_handler = str_handler; + if (NULL == handler) { + str_handler = sl_default_handler; + } else { + str_handler = handler; + } + return prev_handler; +} +EXPORT_SYMBOL(set_str_constraint_handler_s) + + +/** + * NAME + * invoke_safe_str_constraint_handler + * + * SYNOPSIS + * #include "safe_str_constraint.h" + * void + * invoke_safe_str_constraint_handler (const char *msg, + * void *ptr, + * errno_t error) + * + * DESCRIPTION + * Invokes the currently set constraint handler or the default. + * + * INPUT PARAMETERS + * *msg Pointer to the message describing the error + * + * *ptr Pointer to aassociated data. Can be NULL. + * + * error The error code encountered. + * + * OUTPUT PARAMETERS + * none + * + * RETURN VALUE + * none + * + */ +void +invoke_safe_str_constraint_handler (const char *msg, + void *ptr, + errno_t error) +{ + if (NULL != str_handler) { + str_handler(msg, ptr, error); + } else { + sl_default_handler(msg, ptr, error); + } +} diff --git a/safeclib/strcat_s.c b/safeclib/strcat_s.c index 4c55e11..16db8a7 100644 --- a/safeclib/strcat_s.c +++ b/safeclib/strcat_s.c @@ -1,232 +1,232 @@ -/*------------------------------------------------------------------ - * strcat_s.c - * - * October 2008, Bo Berry - * - * Copyright (c) 2008-2011 by Cisco Systems, Inc - * All rights reserved. - * - * Permission is hereby granted, free of charge, to any person - * obtaining a copy of this software and associated documentation - * files (the "Software"), to deal in the Software without - * restriction, including without limitation the rights to use, - * copy, modify, merge, publish, distribute, sublicense, and/or - * sell copies of the Software, and to permit persons to whom the - * Software is furnished to do so, subject to the following - * conditions: - * - * The above copyright notice and this permission notice shall be - * included in all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES - * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND - * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT - * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, - * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING - * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR - * OTHER DEALINGS IN THE SOFTWARE. - *------------------------------------------------------------------ - */ - -#include "safeclib_private.h" -#include "safe_str_constraint.h" -#include "safe_str_lib.h" - - -/** - * NAME - * strcat_s - * - * SYNOPSIS - * #include "safe_str_lib.h" - * errno_t - * strcat_s(char *dest, rsize_t dmax, const char *src) - * - * DESCRIPTION - * The strcat_s function appends a copy of the string pointed - * to by src (including the terminating null character) to the - * end of the string pointed to by dest. The initial character - * from src overwrites the null character at the end ofdest. - * - * All elements following the terminating null character (if - * any) written by strcat_s in the array of dmax characters - * pointed to by dest take unspecified values when strcat_s - * returns. - * - * SPECIFIED IN - * ISO/IEC TR 24731, Programming languages, environments - * and system software interfaces, Extensions to the C Library, - * Part I: Bounds-checking interfaces - * - * INPUT PARAMETERS - * dest pointer to string that will be extended by src - * if dmax allows. The string is null terminated. - * If the resulting concatenated string is less - * than dmax, the remaining slack space is nulled. - * - * dmax restricted maximum length of the resulting dest, - * including the null - * - * src pointer to the string that will be concatenaed - * to string dest - * - * OUTPUT PARAMETERS - * dest is updated - * - * RUNTIME CONSTRAINTS - * Neither dest nor src shall be a null pointer - * dmax shall not equal zero - * dmax shall not be greater than RSIZE_MAX_STR - * dmax shall be greater than strnlen_s(src,m). - * Copying shall not takeplace between objects that overlap - * If there is a runtime-constraint violation, then if dest is - * not a null pointer and dmax is greater than zero and not - * greater than RSIZE_MAX_STR, then strcat_s nulls dest. - * - * RETURN VALUE - * EOK successful operation, all the characters from src - * were appended to dest and the result in dest is - * null terminated. - * ESNULLP NULL pointer - * ESZEROL zero length - * ESLEMAX length exceeds max - * ESUNTERM dest not terminated - * - * ALSO SEE - * strncat_s(), strcpy_s(), strncpy_s() - * - */ -errno_t -strcat_s (char *dest, rsize_t dmax, const char *src) -{ - rsize_t orig_dmax; - char *orig_dest; - const char *overlap_bumper; - - if (dest == NULL) { - invoke_safe_str_constraint_handler("strcat_s: dest is null", - NULL, ESNULLP); - return RCNEGATE(ESNULLP); - } - - if (src == NULL) { - invoke_safe_str_constraint_handler("strcat_s: src is null", - NULL, ESNULLP); - return RCNEGATE(ESNULLP); - } - - if (dmax == 0) { - invoke_safe_str_constraint_handler("strcat_s: dmax is 0", - NULL, ESZEROL); - return RCNEGATE(ESZEROL); - } - - if (dmax > RSIZE_MAX_STR) { - invoke_safe_str_constraint_handler("strcat_s: dmax exceeds max", - NULL, ESLEMAX); - return RCNEGATE(ESLEMAX); - } - - /* hold base of dest in case src was not copied */ - orig_dmax = dmax; - orig_dest = dest; - - if (dest < src) { - overlap_bumper = src; - - /* Find the end of dest */ - while (*dest != '\0') { - - if (dest == overlap_bumper) { - handle_error(orig_dest, orig_dmax, "strcat_s: " - "overlapping objects", - ESOVRLP); - return RCNEGATE(ESOVRLP); - } - - dest++; - dmax--; - if (dmax == 0) { - handle_error(orig_dest, orig_dmax, "strcat_s: " - "dest unterminated", - ESUNTERM); - return RCNEGATE(ESUNTERM); - } - } - - while (dmax > 0) { - if (dest == overlap_bumper) { - handle_error(orig_dest, orig_dmax, "strcat_s: " - "overlapping objects", - ESOVRLP); - return RCNEGATE(ESOVRLP); - } - - *dest = *src; - if (*dest == '\0') { -#ifdef SAFECLIB_STR_NULL_SLACK - /* null slack to clear any data */ - while (dmax) { *dest = '\0'; dmax--; dest++; } -#endif - return RCNEGATE(EOK); - } - - dmax--; - dest++; - src++; - } - - } else { - overlap_bumper = dest; - - /* Find the end of dest */ - while (*dest != '\0') { - - /* - * NOTE: no need to check for overlap here since src comes first - * in memory and we're not incrementing src here. - */ - dest++; - dmax--; - if (dmax == 0) { - handle_error(orig_dest, orig_dmax, "strcat_s: " - "dest unterminated", - ESUNTERM); - return RCNEGATE(ESUNTERM); - } - } - - while (dmax > 0) { - if (src == overlap_bumper) { - handle_error(orig_dest, orig_dmax, "strcat_s: " - "overlapping objects", - ESOVRLP); - return RCNEGATE(ESOVRLP); - } - - *dest = *src; - if (*dest == '\0') { -#ifdef SAFECLIB_STR_NULL_SLACK - /* null slack to clear any data */ - while (dmax) { *dest = '\0'; dmax--; dest++; } -#endif - return RCNEGATE(EOK); - } - - dmax--; - dest++; - src++; - } - } - - /* - * the entire src was not copied, so null the string - */ - handle_error(orig_dest, orig_dmax, "strcat_s: not enough " - "space for src", - ESNOSPC); - - return RCNEGATE(ESNOSPC); -} -EXPORT_SYMBOL(strcat_s) +/*------------------------------------------------------------------ + * strcat_s.c + * + * October 2008, Bo Berry + * + * Copyright (c) 2008-2011 by Cisco Systems, Inc + * All rights reserved. + * + * Permission is hereby granted, free of charge, to any person + * obtaining a copy of this software and associated documentation + * files (the "Software"), to deal in the Software without + * restriction, including without limitation the rights to use, + * copy, modify, merge, publish, distribute, sublicense, and/or + * sell copies of the Software, and to permit persons to whom the + * Software is furnished to do so, subject to the following + * conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES + * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT + * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, + * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING + * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR + * OTHER DEALINGS IN THE SOFTWARE. + *------------------------------------------------------------------ + */ + +#include "safeclib_private.h" +#include "safe_str_constraint.h" +#include "safe_str_lib.h" + + +/** + * NAME + * strcat_s + * + * SYNOPSIS + * #include "safe_str_lib.h" + * errno_t + * strcat_s(char *dest, rsize_t dmax, const char *src) + * + * DESCRIPTION + * The strcat_s function appends a copy of the string pointed + * to by src (including the terminating null character) to the + * end of the string pointed to by dest. The initial character + * from src overwrites the null character at the end ofdest. + * + * All elements following the terminating null character (if + * any) written by strcat_s in the array of dmax characters + * pointed to by dest take unspecified values when strcat_s + * returns. + * + * SPECIFIED IN + * ISO/IEC TR 24731, Programming languages, environments + * and system software interfaces, Extensions to the C Library, + * Part I: Bounds-checking interfaces + * + * INPUT PARAMETERS + * dest pointer to string that will be extended by src + * if dmax allows. The string is null terminated. + * If the resulting concatenated string is less + * than dmax, the remaining slack space is nulled. + * + * dmax restricted maximum length of the resulting dest, + * including the null + * + * src pointer to the string that will be concatenaed + * to string dest + * + * OUTPUT PARAMETERS + * dest is updated + * + * RUNTIME CONSTRAINTS + * Neither dest nor src shall be a null pointer + * dmax shall not equal zero + * dmax shall not be greater than RSIZE_MAX_STR + * dmax shall be greater than strnlen_s(src,m). + * Copying shall not takeplace between objects that overlap + * If there is a runtime-constraint violation, then if dest is + * not a null pointer and dmax is greater than zero and not + * greater than RSIZE_MAX_STR, then strcat_s nulls dest. + * + * RETURN VALUE + * EOK successful operation, all the characters from src + * were appended to dest and the result in dest is + * null terminated. + * ESNULLP NULL pointer + * ESZEROL zero length + * ESLEMAX length exceeds max + * ESUNTERM dest not terminated + * + * ALSO SEE + * strncat_s(), strcpy_s(), strncpy_s() + * + */ +errno_t +strcat_s (char *dest, rsize_t dmax, const char *src) +{ + rsize_t orig_dmax; + char *orig_dest; + const char *overlap_bumper; + + if (dest == NULL) { + invoke_safe_str_constraint_handler("strcat_s: dest is null", + NULL, ESNULLP); + return RCNEGATE(ESNULLP); + } + + if (src == NULL) { + invoke_safe_str_constraint_handler("strcat_s: src is null", + NULL, ESNULLP); + return RCNEGATE(ESNULLP); + } + + if (dmax == 0) { + invoke_safe_str_constraint_handler("strcat_s: dmax is 0", + NULL, ESZEROL); + return RCNEGATE(ESZEROL); + } + + if (dmax > RSIZE_MAX_STR) { + invoke_safe_str_constraint_handler("strcat_s: dmax exceeds max", + NULL, ESLEMAX); + return RCNEGATE(ESLEMAX); + } + + /* hold base of dest in case src was not copied */ + orig_dmax = dmax; + orig_dest = dest; + + if (dest < src) { + overlap_bumper = src; + + /* Find the end of dest */ + while (*dest != '\0') { + + if (dest == overlap_bumper) { + handle_error(orig_dest, orig_dmax, "strcat_s: " + "overlapping objects", + ESOVRLP); + return RCNEGATE(ESOVRLP); + } + + dest++; + dmax--; + if (dmax == 0) { + handle_error(orig_dest, orig_dmax, "strcat_s: " + "dest unterminated", + ESUNTERM); + return RCNEGATE(ESUNTERM); + } + } + + while (dmax > 0) { + if (dest == overlap_bumper) { + handle_error(orig_dest, orig_dmax, "strcat_s: " + "overlapping objects", + ESOVRLP); + return RCNEGATE(ESOVRLP); + } + + *dest = *src; + if (*dest == '\0') { +#ifdef SAFECLIB_STR_NULL_SLACK + /* null slack to clear any data */ + while (dmax) { *dest = '\0'; dmax--; dest++; } +#endif + return RCNEGATE(EOK); + } + + dmax--; + dest++; + src++; + } + + } else { + overlap_bumper = dest; + + /* Find the end of dest */ + while (*dest != '\0') { + + /* + * NOTE: no need to check for overlap here since src comes first + * in memory and we're not incrementing src here. + */ + dest++; + dmax--; + if (dmax == 0) { + handle_error(orig_dest, orig_dmax, "strcat_s: " + "dest unterminated", + ESUNTERM); + return RCNEGATE(ESUNTERM); + } + } + + while (dmax > 0) { + if (src == overlap_bumper) { + handle_error(orig_dest, orig_dmax, "strcat_s: " + "overlapping objects", + ESOVRLP); + return RCNEGATE(ESOVRLP); + } + + *dest = *src; + if (*dest == '\0') { +#ifdef SAFECLIB_STR_NULL_SLACK + /* null slack to clear any data */ + while (dmax) { *dest = '\0'; dmax--; dest++; } +#endif + return RCNEGATE(EOK); + } + + dmax--; + dest++; + src++; + } + } + + /* + * the entire src was not copied, so null the string + */ + handle_error(orig_dest, orig_dmax, "strcat_s: not enough " + "space for src", + ESNOSPC); + + return RCNEGATE(ESNOSPC); +} +EXPORT_SYMBOL(strcat_s) diff --git a/safeclib/strncat_s.c b/safeclib/strncat_s.c index a367e52..9b73da6 100644 --- a/safeclib/strncat_s.c +++ b/safeclib/strncat_s.c @@ -1,265 +1,265 @@ -/*------------------------------------------------------------------ - * strncat_s.c - * - * October 2008, Bo Berry - * - * Copyright (c) 2008-2011 by Cisco Systems, Inc - * All rights reserved. - * - * Permission is hereby granted, free of charge, to any person - * obtaining a copy of this software and associated documentation - * files (the "Software"), to deal in the Software without - * restriction, including without limitation the rights to use, - * copy, modify, merge, publish, distribute, sublicense, and/or - * sell copies of the Software, and to permit persons to whom the - * Software is furnished to do so, subject to the following - * conditions: - * - * The above copyright notice and this permission notice shall be - * included in all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES - * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND - * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT - * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, - * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING - * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR - * OTHER DEALINGS IN THE SOFTWARE. - *------------------------------------------------------------------ - */ - -#include "safeclib_private.h" -#include "safe_str_constraint.h" -#include "safe_str_lib.h" - - -/** - * NAME - * strncat_s - * - * SYNOPSIS - * #include "safe_str_lib.h" - * errno_t - * strncat_s(char *dest, rsize_t dmax, const char *src, rsize_t slen) - * - * DESCRIPTION - * The strncat_s function appends a copy of the string pointed - * to by src (including the terminating null character) to the - * end of the string pointed to by dest. The initial character - * from src overwrites the null character at the end of dest. - * - * All elements following the terminating null character (if - * any) written by strncat_s in the array of dmax characters - * pointed to by dest take unspecified values when strncat_s returns. - * - * SPECIFIED IN - * ISO/IEC TR 24731, Programming languages, environments - * and system software interfaces, Extensions to the C Library, - * Part I: Bounds-checking interfaces - * - * INPUT PARAMETERS - * dest pointer to string that will be extended by src - * if dmax allows. The string is null terminated. - * If the resulting concatenated string is less - * than dmax, the remaining slack space is nulled. - * - * dmax restricted maximum length of the resulting dest, - * including the null - * - * src pointer to the string that will be concatenaed - * to string dest - * - * slen maximum characters to append - * - * OUTPUT PARAMETERS - * dest updated string - * - * RUNTIME CONSTRAINTS - * Neither dest nor src shall be a null pointer - * dmax shall not equal zero - * dmax shall not be greater than RSIZE_STR_MAX - * dmax shall be greater than strnlen_s(src,m). - * Copying shall not takeplace between objects that overlap - * If there is a runtime-constraint violation, then if dest is - * not a null pointer and dmax is greater than zero and not - * greater thanRSIZE_MAX, then strncat_s sets dest[0] to the - * null character. - * - * RETURN VALUE - * EOK successful operation, all the characters from src - * were appended to dest and the result in dest is - * null terminated. - * ESNULLP NULL pointer - * ESZEROL zero length - * ESLEMAX length exceeds max limit - * ESUNTERM dest not terminated - * - * - */ -errno_t -strncat_s (char *dest, rsize_t dmax, const char *src, rsize_t slen) -{ - rsize_t orig_dmax; - char *orig_dest; - const char *overlap_bumper; - - if (dest == NULL) { - invoke_safe_str_constraint_handler("strncat_s: dest is null", - NULL, ESNULLP); - return RCNEGATE(ESNULLP); - } - - if (src == NULL) { - invoke_safe_str_constraint_handler("strncat_s: src is null", - NULL, ESNULLP); - return RCNEGATE(ESNULLP); - } - - if (slen > RSIZE_MAX_STR) { - invoke_safe_str_constraint_handler("strncat_s: slen exceeds max", - NULL, ESLEMAX); - return RCNEGATE(ESLEMAX); - } - - if (dmax == 0) { - invoke_safe_str_constraint_handler("strncat_s: dmax is 0", - NULL, ESZEROL); - return RCNEGATE(ESZEROL); - } - - if (dmax > RSIZE_MAX_STR) { - invoke_safe_str_constraint_handler("strncat_s: dmax exceeds max", - NULL, ESLEMAX); - return RCNEGATE(ESLEMAX); - } - - /* hold base of dest in case src was not copied */ - orig_dmax = dmax; - orig_dest = dest; - - if (dest < src) { - overlap_bumper = src; - - /* Find the end of dest */ - while (*dest != '\0') { - - if (dest == overlap_bumper) { - handle_error(orig_dest, orig_dmax, "strncat_s: " - "overlapping objects", - ESOVRLP); - return RCNEGATE(ESOVRLP); - } - - dest++; - dmax--; - if (dmax == 0) { - handle_error(orig_dest, orig_dmax, "strncat_s: " - "dest unterminated", - ESUNTERM); - return RCNEGATE(ESUNTERM); - } - } - - while (dmax > 0) { - if (dest == overlap_bumper) { - handle_error(orig_dest, orig_dmax, "strncat_s: " - "overlapping objects", - ESOVRLP); - return RCNEGATE(ESOVRLP); - } - - /* - * Copying truncated before the source null is encountered - */ - if (slen == 0) { -#ifdef SAFECLIB_STR_NULL_SLACK - /* null remaining string */ - while (dmax) { *dest = '\0'; dmax--; dest++; } -#else - *dest = '\0'; -#endif - return RCNEGATE(EOK); - } - - *dest = *src; - if (*dest == '\0') { -#ifdef SAFECLIB_STR_NULL_SLACK - /* null slack to clear data */ - while (dmax) { *dest = '\0'; dmax--; dest++; } -#endif - return RCNEGATE(EOK); - } - - dmax--; - slen--; - dest++; - src++; - } - - } else { - overlap_bumper = dest; - - /* Find the end of dest */ - while (*dest != '\0') { - - /* - * NOTE: no need to check for overlap here since src comes first - * in memory and we're not incrementing src here. - */ - dest++; - dmax--; - if (dmax == 0) { - handle_error(orig_dest, orig_dmax, "strncat_s: " - "dest unterminated", - ESUNTERM); - return RCNEGATE(ESUNTERM); - } - } - - while (dmax > 0) { - if (src == overlap_bumper) { - handle_error(orig_dest, orig_dmax, "strncat_s: " - "overlapping objects", - ESOVRLP); - return RCNEGATE(ESOVRLP); - } - - /* - * Copying truncated - */ - if (slen == 0) { -#ifdef SAFECLIB_STR_NULL_SLACK - /* null remaining string */ - while (dmax) { *dest = '\0'; dmax--; dest++; } -#else - *dest = '\0'; -#endif - return RCNEGATE(EOK); - } - - *dest = *src; - if (*dest == '\0') { -#ifdef SAFECLIB_STR_NULL_SLACK - /* null slack to clear any data */ - while (dmax) { *dest = '\0'; dmax--; dest++; } -#endif - return RCNEGATE(EOK); - } - - dmax--; - slen--; - dest++; - src++; - } - } - - /* - * the entire src was not copied, so the string will be nulled. - */ - handle_error(orig_dest, orig_dmax, "strncat_s: not enough " - "space for src", - ESNOSPC); - return RCNEGATE(ESNOSPC); -} -EXPORT_SYMBOL(strncat_s) +/*------------------------------------------------------------------ + * strncat_s.c + * + * October 2008, Bo Berry + * + * Copyright (c) 2008-2011 by Cisco Systems, Inc + * All rights reserved. + * + * Permission is hereby granted, free of charge, to any person + * obtaining a copy of this software and associated documentation + * files (the "Software"), to deal in the Software without + * restriction, including without limitation the rights to use, + * copy, modify, merge, publish, distribute, sublicense, and/or + * sell copies of the Software, and to permit persons to whom the + * Software is furnished to do so, subject to the following + * conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES + * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT + * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, + * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING + * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR + * OTHER DEALINGS IN THE SOFTWARE. + *------------------------------------------------------------------ + */ + +#include "safeclib_private.h" +#include "safe_str_constraint.h" +#include "safe_str_lib.h" + + +/** + * NAME + * strncat_s + * + * SYNOPSIS + * #include "safe_str_lib.h" + * errno_t + * strncat_s(char *dest, rsize_t dmax, const char *src, rsize_t slen) + * + * DESCRIPTION + * The strncat_s function appends a copy of the string pointed + * to by src (including the terminating null character) to the + * end of the string pointed to by dest. The initial character + * from src overwrites the null character at the end of dest. + * + * All elements following the terminating null character (if + * any) written by strncat_s in the array of dmax characters + * pointed to by dest take unspecified values when strncat_s returns. + * + * SPECIFIED IN + * ISO/IEC TR 24731, Programming languages, environments + * and system software interfaces, Extensions to the C Library, + * Part I: Bounds-checking interfaces + * + * INPUT PARAMETERS + * dest pointer to string that will be extended by src + * if dmax allows. The string is null terminated. + * If the resulting concatenated string is less + * than dmax, the remaining slack space is nulled. + * + * dmax restricted maximum length of the resulting dest, + * including the null + * + * src pointer to the string that will be concatenaed + * to string dest + * + * slen maximum characters to append + * + * OUTPUT PARAMETERS + * dest updated string + * + * RUNTIME CONSTRAINTS + * Neither dest nor src shall be a null pointer + * dmax shall not equal zero + * dmax shall not be greater than RSIZE_STR_MAX + * dmax shall be greater than strnlen_s(src,m). + * Copying shall not takeplace between objects that overlap + * If there is a runtime-constraint violation, then if dest is + * not a null pointer and dmax is greater than zero and not + * greater thanRSIZE_MAX, then strncat_s sets dest[0] to the + * null character. + * + * RETURN VALUE + * EOK successful operation, all the characters from src + * were appended to dest and the result in dest is + * null terminated. + * ESNULLP NULL pointer + * ESZEROL zero length + * ESLEMAX length exceeds max limit + * ESUNTERM dest not terminated + * + * + */ +errno_t +strncat_s (char *dest, rsize_t dmax, const char *src, rsize_t slen) +{ + rsize_t orig_dmax; + char *orig_dest; + const char *overlap_bumper; + + if (dest == NULL) { + invoke_safe_str_constraint_handler("strncat_s: dest is null", + NULL, ESNULLP); + return RCNEGATE(ESNULLP); + } + + if (src == NULL) { + invoke_safe_str_constraint_handler("strncat_s: src is null", + NULL, ESNULLP); + return RCNEGATE(ESNULLP); + } + + if (slen > RSIZE_MAX_STR) { + invoke_safe_str_constraint_handler("strncat_s: slen exceeds max", + NULL, ESLEMAX); + return RCNEGATE(ESLEMAX); + } + + if (dmax == 0) { + invoke_safe_str_constraint_handler("strncat_s: dmax is 0", + NULL, ESZEROL); + return RCNEGATE(ESZEROL); + } + + if (dmax > RSIZE_MAX_STR) { + invoke_safe_str_constraint_handler("strncat_s: dmax exceeds max", + NULL, ESLEMAX); + return RCNEGATE(ESLEMAX); + } + + /* hold base of dest in case src was not copied */ + orig_dmax = dmax; + orig_dest = dest; + + if (dest < src) { + overlap_bumper = src; + + /* Find the end of dest */ + while (*dest != '\0') { + + if (dest == overlap_bumper) { + handle_error(orig_dest, orig_dmax, "strncat_s: " + "overlapping objects", + ESOVRLP); + return RCNEGATE(ESOVRLP); + } + + dest++; + dmax--; + if (dmax == 0) { + handle_error(orig_dest, orig_dmax, "strncat_s: " + "dest unterminated", + ESUNTERM); + return RCNEGATE(ESUNTERM); + } + } + + while (dmax > 0) { + if (dest == overlap_bumper) { + handle_error(orig_dest, orig_dmax, "strncat_s: " + "overlapping objects", + ESOVRLP); + return RCNEGATE(ESOVRLP); + } + + /* + * Copying truncated before the source null is encountered + */ + if (slen == 0) { +#ifdef SAFECLIB_STR_NULL_SLACK + /* null remaining string */ + while (dmax) { *dest = '\0'; dmax--; dest++; } +#else + *dest = '\0'; +#endif + return RCNEGATE(EOK); + } + + *dest = *src; + if (*dest == '\0') { +#ifdef SAFECLIB_STR_NULL_SLACK + /* null slack to clear data */ + while (dmax) { *dest = '\0'; dmax--; dest++; } +#endif + return RCNEGATE(EOK); + } + + dmax--; + slen--; + dest++; + src++; + } + + } else { + overlap_bumper = dest; + + /* Find the end of dest */ + while (*dest != '\0') { + + /* + * NOTE: no need to check for overlap here since src comes first + * in memory and we're not incrementing src here. + */ + dest++; + dmax--; + if (dmax == 0) { + handle_error(orig_dest, orig_dmax, "strncat_s: " + "dest unterminated", + ESUNTERM); + return RCNEGATE(ESUNTERM); + } + } + + while (dmax > 0) { + if (src == overlap_bumper) { + handle_error(orig_dest, orig_dmax, "strncat_s: " + "overlapping objects", + ESOVRLP); + return RCNEGATE(ESOVRLP); + } + + /* + * Copying truncated + */ + if (slen == 0) { +#ifdef SAFECLIB_STR_NULL_SLACK + /* null remaining string */ + while (dmax) { *dest = '\0'; dmax--; dest++; } +#else + *dest = '\0'; +#endif + return RCNEGATE(EOK); + } + + *dest = *src; + if (*dest == '\0') { +#ifdef SAFECLIB_STR_NULL_SLACK + /* null slack to clear any data */ + while (dmax) { *dest = '\0'; dmax--; dest++; } +#endif + return RCNEGATE(EOK); + } + + dmax--; + slen--; + dest++; + src++; + } + } + + /* + * the entire src was not copied, so the string will be nulled. + */ + handle_error(orig_dest, orig_dmax, "strncat_s: not enough " + "space for src", + ESNOSPC); + return RCNEGATE(ESNOSPC); +} +EXPORT_SYMBOL(strncat_s) diff --git a/safeclib/strncpy_s.c b/safeclib/strncpy_s.c index 0e3691b..1fcdf6f 100644 --- a/safeclib/strncpy_s.c +++ b/safeclib/strncpy_s.c @@ -1,238 +1,238 @@ -/*------------------------------------------------------------------ - * strncpy_s.c - * - * October 2008, Bo Berry - * - * Copyright (c) 2008-2011 by Cisco Systems, Inc - * All rights reserved. - * - * Permission is hereby granted, free of charge, to any person - * obtaining a copy of this software and associated documentation - * files (the "Software"), to deal in the Software without - * restriction, including without limitation the rights to use, - * copy, modify, merge, publish, distribute, sublicense, and/or - * sell copies of the Software, and to permit persons to whom the - * Software is furnished to do so, subject to the following - * conditions: - * - * The above copyright notice and this permission notice shall be - * included in all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES - * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND - * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT - * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, - * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING - * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR - * OTHER DEALINGS IN THE SOFTWARE. - *------------------------------------------------------------------ - */ - -#include "safeclib_private.h" -#include "safe_str_constraint.h" -#include "safe_str_lib.h" - - -/* - * NAME - * strncpy_s - * - * SYNOPSIS - * #include "safe_str_lib.h" - * errno_t - * strncpy_s(char *dest, rsize_t dmax, const char *src, rsize_t slen) - * - * DESCRIPTION - * The strncpy_s function copies not more than slen successive characters - * (characters that follow a null character are not copied) from the - * array pointed to by src to the array pointed to by dest. If no null - * character was copied from src, then dest[n] is set to a null character. - * - * All elements following the terminating null character (if any) - * written by strncpy_s in the array of dmax characters pointed to - * by dest take on the null value when strncpy_s returns. - * - * Specicified in: - * ISO/IEC TR 24731-1, Programming languages, environments - * and system software interfaces, Extensions to the C Library, - * Part I: Bounds-checking interfaces - * - * INPUT PARAMETERS - * dest pointer to string that will be replaced by src. - * The resulting string is null terminated. - * - * dmax restricted maximum length of the resulting dest, - * including the null - * - * src pointer to the string that will be copied - * to string dest - * - * slen the maximum number of characters to copy from src - * - * OUTPUT PARAMETERS - * dest updated with src string - * - * RUNTIME CONSTRAINTS - * Neither dmax nor slen shall be equal to zero. - * Neither dmax nor slen shall be equal zero. - * Neither dmax nor slen shall be greater than RSIZE_MAX_STR. - * If slen is either greater than or equal to dmax, then dmax - * should be more than strnlen_s(src,dmax) - * Copying shall not take place between objects that overlap. - * If there is a runtime-constraint violation, then if dest - * is not a null pointer and dmax greater than RSIZE_MAX_STR, - * then strncpy_s nulls dest. - * - * RETURN VALUE - * EOK successful operation, the characters in src were copied - * to dest and the result is null terminated. - * ESNULLP NULL pointer - * ESZEROL zero length - * ESLEMAX length exceeds max limit - * ESOVRLP strings overlap - * ESNOSPC not enough space to copy src - * - * ALSO SEE - * strcat_s(), strncat_s(), strcpy_s() - *- - */ -errno_t -strncpy_s (char *dest, rsize_t dmax, const char *src, rsize_t slen) -{ - rsize_t orig_dmax; - char *orig_dest; - const char *overlap_bumper; - - if (dest == NULL) { - invoke_safe_str_constraint_handler("strncpy_s: dest is null", - NULL, ESNULLP); - return RCNEGATE(ESNULLP); - } - - if (dmax == 0) { - invoke_safe_str_constraint_handler("strncpy_s: dmax is 0", - NULL, ESZEROL); - return RCNEGATE(ESZEROL); - } - - if (dmax > RSIZE_MAX_STR) { - invoke_safe_str_constraint_handler("strncpy_s: dmax exceeds max", - NULL, ESLEMAX); - return RCNEGATE(ESLEMAX); - } - - /* hold base in case src was not copied */ - orig_dmax = dmax; - orig_dest = dest; - - if (src == NULL) { - handle_error(orig_dest, orig_dmax, "strncpy_s: " - "src is null", - ESNULLP); - return RCNEGATE(ESNULLP); - } - - if (slen == 0) { - handle_error(orig_dest, orig_dmax, "strncpy_s: " - "slen is zero", - ESZEROL); - return RCNEGATE(ESZEROL); - } - - if (slen > RSIZE_MAX_STR) { - handle_error(orig_dest, orig_dmax, "strncpy_s: " - "slen exceeds max", - ESLEMAX); - return RCNEGATE(ESLEMAX); - } - - - if (dest < src) { - overlap_bumper = src; - - while (dmax > 0) { - if (dest == overlap_bumper) { - handle_error(orig_dest, orig_dmax, "strncpy_s: " - "overlapping objects", - ESOVRLP); - return RCNEGATE(ESOVRLP); - } - - if (slen == 0) { - /* - * Copying truncated to slen chars. Note that the TR says to - * copy slen chars plus the null char. We null the slack. - */ -#ifdef SAFECLIB_STR_NULL_SLACK - while (dmax) { *dest = '\0'; dmax--; dest++; } -#else - *dest = '\0'; -#endif - return RCNEGATE(EOK); - } - - *dest = *src; - if (*dest == '\0') { -#ifdef SAFECLIB_STR_NULL_SLACK - /* null slack */ - while (dmax) { *dest = '\0'; dmax--; dest++; } -#endif - return RCNEGATE(EOK); - } - - dmax--; - slen--; - dest++; - src++; - } - - } else { - overlap_bumper = dest; - - while (dmax > 0) { - if (src == overlap_bumper) { - handle_error(orig_dest, orig_dmax, "strncpy_s: " - "overlapping objects", - ESOVRLP); - return RCNEGATE(ESOVRLP); - } - - if (slen == 0) { - /* - * Copying truncated to slen chars. Note that the TR says to - * copy slen chars plus the null char. We null the slack. - */ -#ifdef SAFECLIB_STR_NULL_SLACK - while (dmax) { *dest = '\0'; dmax--; dest++; } -#else - *dest = '\0'; -#endif - return RCNEGATE(EOK); - } - - *dest = *src; - if (*dest == '\0') { -#ifdef SAFECLIB_STR_NULL_SLACK - /* null slack */ - while (dmax) { *dest = '\0'; dmax--; dest++; } -#endif - return RCNEGATE(EOK); - } - - dmax--; - slen--; - dest++; - src++; - } - } - - /* - * the entire src was not copied, so zero the string - */ - handle_error(orig_dest, orig_dmax, "strncpy_s: not enough " - "space for src", - ESNOSPC); - return RCNEGATE(ESNOSPC); -} -EXPORT_SYMBOL(strncpy_s) +/*------------------------------------------------------------------ + * strncpy_s.c + * + * October 2008, Bo Berry + * + * Copyright (c) 2008-2011 by Cisco Systems, Inc + * All rights reserved. + * + * Permission is hereby granted, free of charge, to any person + * obtaining a copy of this software and associated documentation + * files (the "Software"), to deal in the Software without + * restriction, including without limitation the rights to use, + * copy, modify, merge, publish, distribute, sublicense, and/or + * sell copies of the Software, and to permit persons to whom the + * Software is furnished to do so, subject to the following + * conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES + * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT + * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, + * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING + * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR + * OTHER DEALINGS IN THE SOFTWARE. + *------------------------------------------------------------------ + */ + +#include "safeclib_private.h" +#include "safe_str_constraint.h" +#include "safe_str_lib.h" + + +/* + * NAME + * strncpy_s + * + * SYNOPSIS + * #include "safe_str_lib.h" + * errno_t + * strncpy_s(char *dest, rsize_t dmax, const char *src, rsize_t slen) + * + * DESCRIPTION + * The strncpy_s function copies not more than slen successive characters + * (characters that follow a null character are not copied) from the + * array pointed to by src to the array pointed to by dest. If no null + * character was copied from src, then dest[n] is set to a null character. + * + * All elements following the terminating null character (if any) + * written by strncpy_s in the array of dmax characters pointed to + * by dest take on the null value when strncpy_s returns. + * + * Specicified in: + * ISO/IEC TR 24731-1, Programming languages, environments + * and system software interfaces, Extensions to the C Library, + * Part I: Bounds-checking interfaces + * + * INPUT PARAMETERS + * dest pointer to string that will be replaced by src. + * The resulting string is null terminated. + * + * dmax restricted maximum length of the resulting dest, + * including the null + * + * src pointer to the string that will be copied + * to string dest + * + * slen the maximum number of characters to copy from src + * + * OUTPUT PARAMETERS + * dest updated with src string + * + * RUNTIME CONSTRAINTS + * Neither dmax nor slen shall be equal to zero. + * Neither dmax nor slen shall be equal zero. + * Neither dmax nor slen shall be greater than RSIZE_MAX_STR. + * If slen is either greater than or equal to dmax, then dmax + * should be more than strnlen_s(src,dmax) + * Copying shall not take place between objects that overlap. + * If there is a runtime-constraint violation, then if dest + * is not a null pointer and dmax greater than RSIZE_MAX_STR, + * then strncpy_s nulls dest. + * + * RETURN VALUE + * EOK successful operation, the characters in src were copied + * to dest and the result is null terminated. + * ESNULLP NULL pointer + * ESZEROL zero length + * ESLEMAX length exceeds max limit + * ESOVRLP strings overlap + * ESNOSPC not enough space to copy src + * + * ALSO SEE + * strcat_s(), strncat_s(), strcpy_s() + *- + */ +errno_t +strncpy_s (char *dest, rsize_t dmax, const char *src, rsize_t slen) +{ + rsize_t orig_dmax; + char *orig_dest; + const char *overlap_bumper; + + if (dest == NULL) { + invoke_safe_str_constraint_handler("strncpy_s: dest is null", + NULL, ESNULLP); + return RCNEGATE(ESNULLP); + } + + if (dmax == 0) { + invoke_safe_str_constraint_handler("strncpy_s: dmax is 0", + NULL, ESZEROL); + return RCNEGATE(ESZEROL); + } + + if (dmax > RSIZE_MAX_STR) { + invoke_safe_str_constraint_handler("strncpy_s: dmax exceeds max", + NULL, ESLEMAX); + return RCNEGATE(ESLEMAX); + } + + /* hold base in case src was not copied */ + orig_dmax = dmax; + orig_dest = dest; + + if (src == NULL) { + handle_error(orig_dest, orig_dmax, "strncpy_s: " + "src is null", + ESNULLP); + return RCNEGATE(ESNULLP); + } + + if (slen == 0) { + handle_error(orig_dest, orig_dmax, "strncpy_s: " + "slen is zero", + ESZEROL); + return RCNEGATE(ESZEROL); + } + + if (slen > RSIZE_MAX_STR) { + handle_error(orig_dest, orig_dmax, "strncpy_s: " + "slen exceeds max", + ESLEMAX); + return RCNEGATE(ESLEMAX); + } + + + if (dest < src) { + overlap_bumper = src; + + while (dmax > 0) { + if (dest == overlap_bumper) { + handle_error(orig_dest, orig_dmax, "strncpy_s: " + "overlapping objects", + ESOVRLP); + return RCNEGATE(ESOVRLP); + } + + if (slen == 0) { + /* + * Copying truncated to slen chars. Note that the TR says to + * copy slen chars plus the null char. We null the slack. + */ +#ifdef SAFECLIB_STR_NULL_SLACK + while (dmax) { *dest = '\0'; dmax--; dest++; } +#else + *dest = '\0'; +#endif + return RCNEGATE(EOK); + } + + *dest = *src; + if (*dest == '\0') { +#ifdef SAFECLIB_STR_NULL_SLACK + /* null slack */ + while (dmax) { *dest = '\0'; dmax--; dest++; } +#endif + return RCNEGATE(EOK); + } + + dmax--; + slen--; + dest++; + src++; + } + + } else { + overlap_bumper = dest; + + while (dmax > 0) { + if (src == overlap_bumper) { + handle_error(orig_dest, orig_dmax, "strncpy_s: " + "overlapping objects", + ESOVRLP); + return RCNEGATE(ESOVRLP); + } + + if (slen == 0) { + /* + * Copying truncated to slen chars. Note that the TR says to + * copy slen chars plus the null char. We null the slack. + */ +#ifdef SAFECLIB_STR_NULL_SLACK + while (dmax) { *dest = '\0'; dmax--; dest++; } +#else + *dest = '\0'; +#endif + return RCNEGATE(EOK); + } + + *dest = *src; + if (*dest == '\0') { +#ifdef SAFECLIB_STR_NULL_SLACK + /* null slack */ + while (dmax) { *dest = '\0'; dmax--; dest++; } +#endif + return RCNEGATE(EOK); + } + + dmax--; + slen--; + dest++; + src++; + } + } + + /* + * the entire src was not copied, so zero the string + */ + handle_error(orig_dest, orig_dmax, "strncpy_s: not enough " + "space for src", + ESNOSPC); + return RCNEGATE(ESNOSPC); +} +EXPORT_SYMBOL(strncpy_s) diff --git a/safeclib/strtok_s.c b/safeclib/strtok_s.c index b71797f..2b5f29a 100644 --- a/safeclib/strtok_s.c +++ b/safeclib/strtok_s.c @@ -1,325 +1,325 @@ -/*------------------------------------------------------------------ - * strtok_s.c - * - * October 2008, Bo Berry - * - * Copyright (c) 2008-2011 by Cisco Systems, Inc - * All rights reserved. - * - * Permission is hereby granted, free of charge, to any person - * obtaining a copy of this software and associated documentation - * files (the "Software"), to deal in the Software without - * restriction, including without limitation the rights to use, - * copy, modify, merge, publish, distribute, sublicense, and/or - * sell copies of the Software, and to permit persons to whom the - * Software is furnished to do so, subject to the following - * conditions: - * - * The above copyright notice and this permission notice shall be - * included in all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES - * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND - * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT - * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, - * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING - * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR - * OTHER DEALINGS IN THE SOFTWARE. - *------------------------------------------------------------------ - */ - -#include "safeclib_private.h" -#include "safe_str_constraint.h" -#include "safe_str_lib.h" - - -/** - * NAME - * strtok_s - * - * SYNOPSIS - * #include "safe_str_lib.h" - * char * - * strtok_s(char *dest, rsize_t *dmax, char *src, char **ptr) - * - * DESCRIPTION - * A sequence of calls to the strtok_s function breaks the string - * pointed to by dest into a sequence of tokens, each of which is - * delimited by a character from the string pointed to by src. The - * fourth argument points to a caller-provided char pointer into - * which the strtok_s function stores information necessary for - * it to continue scanning the same string. - * - * The first call in a sequence has a non-null first argument and - * dmax points to an object whose value is the number of elements - * in the character array pointed to by the first argument. The - * first call stores an initial value in the object pointed to by - * ptr and updates the value pointed to by dmax to reflect the - * number of elements that remain in relation to ptr. Subsequent - * calls in the sequence have a null first argument and the objects - * pointed to by dmax and ptr are required to have the values - * stored by the previous call in the sequence, which are then - * updated. The separator string pointed to by src may be different - * from call to call. - * - * The first call in the sequence searches the string pointed to - * by dest for the first character that is not contained in the - * current separator string pointed to by src. If no such character - * is found, then there are no tokens in the string pointed to - * by dest and the strtok_s function returns a null pointer. If - * such a character is found, it is the start of the first token. - * - * The strtok_s function then searches from there for the first - * character in dest that is contained in the current separator - * string. If no such character is found, the current token - * extends to the end of the string pointed to by dest, and - * subsequent searches in the same string for a token return - * a null pointer. If such a character is found, it is - * overwritten by a null character, which terminates the - * current token. - * - * In all cases, the strtok_s function stores sufficient information - * in the pointer pointed to by ptr so that subsequent calls, - * with a null pointer for dest and the unmodified pointer value - * for ptr, shall start searching just past the element overwritten - * by a null character (if any). - * - * SPECIFIED IN - * ISO/IEC TR 24731-1, Programming languages, environments - * and system software interfaces, Extensions to the C Library, - * Part I: Bounds-checking interfaces - * - * INPUT PARAMETERS - * dest pointer to string to tokenize - * - * dmax restricted maximum length of dest string - * - * src pointer to delimiter string (len < 255) - * - * ptr returned pointer to token - * - * OUTPUT PARAMETERS - * dmax update length - * - * ptr update pointer to token - * - * RUNTIME CONSTRAINTS - * src shall not be a null pointer. - * ptr shall not be a null pointer. - * dmax shall not be a null pointer. - * *dmax shall not be 0. - * - * If dest is a null pointer, then *ptr shall not be a null pointer. - * - * dest must not be unterminated. - * - * The value of *dmax shall not be greater than RSIZE_MAX_STR. The - * end of the token found shall occur within the first *dmax - * characters of dest for the first call, and shall occur within - * the first *dmax characters of where searching resumes on - * subsequent calls. - * - * RETURN VALUE - * The strtok_s function returns a pointer to the first character - * of a token; or a null pointer if there is no token or there - * is a runtime-constraint violation. - * - * EOK - * ESNULLP NULL pointer - * ESZEROL zero length - * ESLEMAX length exceeds max limit - * ESUNTERM unterminated string - * - * EXAMPLES - * [1] Sequencial strtok_s() calls to tokenize a string - * - * String to tokenize str1 = ",.:*one,two;three,;four*.*.five-six***" - * len=38 - * String of delimiters str2 = ",.;*" - * - * p2tok = strtok_s(str1, &len, str2, &p2str); - * token -one- remaining -two;three,;four*.*.five-six***- len=30 - * - * p2tok = strtok_s(NULL, &len, str2, &p2str); - * token -two- remaining -three,;four*.*.five-six***- len=26 - * - * p2tok = strtok_s(NULL, &len, str2, &p2str); - * token -three- remaining -;four*.*.five-six***- len=20 - * - * p2tok = strtok_s(NULL, &len, str2, &p2str); - * token -four- remaining -.*.five-six***- len=14 - * - * p2tok = strtok_s(NULL, &len, str2, &p2str); - * token -five-six- remaining -**- len=2 - * - * p2tok = strtok_s(NULL, &len, str2, &p2str); - * token -(null)- remaining -**- len=0 - * - * - * [2] While loop with same entry data as [1] - * - * p2tok = str1; - * while (p2tok && len) { - * p2tok = strtok_s(NULL, &len, str2, &p2str); - * printf(" token -- remaining -- len=0 \n", - * p2tok, p2str, (int)len ); - * } - * - *- - */ -char * -strtok_s(char *dest, rsize_t *dmax, const char *src, char **ptr) -{ - -/* - * CONFIGURE: The spec does not call out a maximum for the src - * string, so one is defined here. - */ -#define STRTOK_DELIM_MAX_LEN ( 16 ) - - - const char *pt; - char *ptoken; - rsize_t dlen; - rsize_t slen; - - if (dmax == NULL) { - invoke_safe_str_constraint_handler("strtok_s: dmax is NULL", - NULL, ESNULLP); - return (NULL); - } - - if (*dmax == 0) { - invoke_safe_str_constraint_handler("strtok_s: dmax is 0", - NULL, ESZEROL); - return (NULL); - } - - if (*dmax > RSIZE_MAX_STR) { - invoke_safe_str_constraint_handler("strtok_s: dmax exceeds max", - NULL, ESLEMAX); - return (NULL); - } - - if (src == NULL) { - invoke_safe_str_constraint_handler("strtok_s: src is null", - NULL, ESNULLP); - return (NULL); - } - - if (ptr == NULL) { - invoke_safe_str_constraint_handler("strtok_s: ptr is null", - NULL, ESNULLP); - return (NULL); - } - - /* if the source was NULL, use the tokenizer context */ - if (dest == NULL) { - dest = *ptr; - } - - /* - * scan dest for a delimiter - */ - dlen = *dmax; - ptoken = NULL; - while (*dest != '\0' && !ptoken) { - - if (dlen == 0) { - *ptr = NULL; - invoke_safe_str_constraint_handler( - "strtok_s: dest is unterminated", - NULL, ESUNTERM); - return (NULL); - } - - /* - * must scan the entire delimiter list - * ISO should have included a delimiter string limit!! - */ - slen = STRTOK_DELIM_MAX_LEN; - pt = src; - while (*pt != '\0') { - - if (slen == 0) { - *ptr = NULL; - invoke_safe_str_constraint_handler( - "strtok_s: src is unterminated", - NULL, ESUNTERM); - return (NULL); - } - slen--; - - if (*dest == *pt) { - ptoken = NULL; - break; - } else { - pt++; - ptoken = dest; - } - } - dest++; - dlen--; - } - - /* - * if the beginning of a token was not found, then no - * need to continue the scan. - */ - if (ptoken == NULL) { - *dmax = dlen; - return (ptoken); - } - - /* - * Now we need to locate the end of the token - */ - while (*dest != '\0') { - - if (dlen == 0) { - *ptr = NULL; - invoke_safe_str_constraint_handler( - "strtok_s: dest is unterminated", - NULL, ESUNTERM); - return (NULL); - } - - slen = STRTOK_DELIM_MAX_LEN; - pt = src; - while (*pt != '\0') { - - if (slen == 0) { - *ptr = NULL; - invoke_safe_str_constraint_handler( - "strtok_s: src is unterminated", - NULL, ESUNTERM); - return (NULL); - } - slen--; - - if (*dest == *pt) { - /* - * found a delimiter, set to null - * and return context ptr to next char - */ - *dest = '\0'; - *ptr = (dest + 1); /* return pointer for next scan */ - *dmax = dlen - 1; /* account for the nulled delimiter */ - return (ptoken); - } else { - /* - * simply scanning through the delimiter string - */ - pt++; - } - } - dest++; - dlen--; - } - - *dmax = dlen; - return (ptoken); -} -EXPORT_SYMBOL(strtok_s) - +/*------------------------------------------------------------------ + * strtok_s.c + * + * October 2008, Bo Berry + * + * Copyright (c) 2008-2011 by Cisco Systems, Inc + * All rights reserved. + * + * Permission is hereby granted, free of charge, to any person + * obtaining a copy of this software and associated documentation + * files (the "Software"), to deal in the Software without + * restriction, including without limitation the rights to use, + * copy, modify, merge, publish, distribute, sublicense, and/or + * sell copies of the Software, and to permit persons to whom the + * Software is furnished to do so, subject to the following + * conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES + * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT + * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, + * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING + * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR + * OTHER DEALINGS IN THE SOFTWARE. + *------------------------------------------------------------------ + */ + +#include "safeclib_private.h" +#include "safe_str_constraint.h" +#include "safe_str_lib.h" + + +/** + * NAME + * strtok_s + * + * SYNOPSIS + * #include "safe_str_lib.h" + * char * + * strtok_s(char *dest, rsize_t *dmax, char *src, char **ptr) + * + * DESCRIPTION + * A sequence of calls to the strtok_s function breaks the string + * pointed to by dest into a sequence of tokens, each of which is + * delimited by a character from the string pointed to by src. The + * fourth argument points to a caller-provided char pointer into + * which the strtok_s function stores information necessary for + * it to continue scanning the same string. + * + * The first call in a sequence has a non-null first argument and + * dmax points to an object whose value is the number of elements + * in the character array pointed to by the first argument. The + * first call stores an initial value in the object pointed to by + * ptr and updates the value pointed to by dmax to reflect the + * number of elements that remain in relation to ptr. Subsequent + * calls in the sequence have a null first argument and the objects + * pointed to by dmax and ptr are required to have the values + * stored by the previous call in the sequence, which are then + * updated. The separator string pointed to by src may be different + * from call to call. + * + * The first call in the sequence searches the string pointed to + * by dest for the first character that is not contained in the + * current separator string pointed to by src. If no such character + * is found, then there are no tokens in the string pointed to + * by dest and the strtok_s function returns a null pointer. If + * such a character is found, it is the start of the first token. + * + * The strtok_s function then searches from there for the first + * character in dest that is contained in the current separator + * string. If no such character is found, the current token + * extends to the end of the string pointed to by dest, and + * subsequent searches in the same string for a token return + * a null pointer. If such a character is found, it is + * overwritten by a null character, which terminates the + * current token. + * + * In all cases, the strtok_s function stores sufficient information + * in the pointer pointed to by ptr so that subsequent calls, + * with a null pointer for dest and the unmodified pointer value + * for ptr, shall start searching just past the element overwritten + * by a null character (if any). + * + * SPECIFIED IN + * ISO/IEC TR 24731-1, Programming languages, environments + * and system software interfaces, Extensions to the C Library, + * Part I: Bounds-checking interfaces + * + * INPUT PARAMETERS + * dest pointer to string to tokenize + * + * dmax restricted maximum length of dest string + * + * src pointer to delimiter string (len < 255) + * + * ptr returned pointer to token + * + * OUTPUT PARAMETERS + * dmax update length + * + * ptr update pointer to token + * + * RUNTIME CONSTRAINTS + * src shall not be a null pointer. + * ptr shall not be a null pointer. + * dmax shall not be a null pointer. + * *dmax shall not be 0. + * + * If dest is a null pointer, then *ptr shall not be a null pointer. + * + * dest must not be unterminated. + * + * The value of *dmax shall not be greater than RSIZE_MAX_STR. The + * end of the token found shall occur within the first *dmax + * characters of dest for the first call, and shall occur within + * the first *dmax characters of where searching resumes on + * subsequent calls. + * + * RETURN VALUE + * The strtok_s function returns a pointer to the first character + * of a token; or a null pointer if there is no token or there + * is a runtime-constraint violation. + * + * EOK + * ESNULLP NULL pointer + * ESZEROL zero length + * ESLEMAX length exceeds max limit + * ESUNTERM unterminated string + * + * EXAMPLES + * [1] Sequencial strtok_s() calls to tokenize a string + * + * String to tokenize str1 = ",.:*one,two;three,;four*.*.five-six***" + * len=38 + * String of delimiters str2 = ",.;*" + * + * p2tok = strtok_s(str1, &len, str2, &p2str); + * token -one- remaining -two;three,;four*.*.five-six***- len=30 + * + * p2tok = strtok_s(NULL, &len, str2, &p2str); + * token -two- remaining -three,;four*.*.five-six***- len=26 + * + * p2tok = strtok_s(NULL, &len, str2, &p2str); + * token -three- remaining -;four*.*.five-six***- len=20 + * + * p2tok = strtok_s(NULL, &len, str2, &p2str); + * token -four- remaining -.*.five-six***- len=14 + * + * p2tok = strtok_s(NULL, &len, str2, &p2str); + * token -five-six- remaining -**- len=2 + * + * p2tok = strtok_s(NULL, &len, str2, &p2str); + * token -(null)- remaining -**- len=0 + * + * + * [2] While loop with same entry data as [1] + * + * p2tok = str1; + * while (p2tok && len) { + * p2tok = strtok_s(NULL, &len, str2, &p2str); + * printf(" token -- remaining -- len=0 \n", + * p2tok, p2str, (int)len ); + * } + * + *- + */ +char * +strtok_s(char *dest, rsize_t *dmax, const char *src, char **ptr) +{ + +/* + * CONFIGURE: The spec does not call out a maximum for the src + * string, so one is defined here. + */ +#define STRTOK_DELIM_MAX_LEN ( 16 ) + + + const char *pt; + char *ptoken; + rsize_t dlen; + rsize_t slen; + + if (dmax == NULL) { + invoke_safe_str_constraint_handler("strtok_s: dmax is NULL", + NULL, ESNULLP); + return (NULL); + } + + if (*dmax == 0) { + invoke_safe_str_constraint_handler("strtok_s: dmax is 0", + NULL, ESZEROL); + return (NULL); + } + + if (*dmax > RSIZE_MAX_STR) { + invoke_safe_str_constraint_handler("strtok_s: dmax exceeds max", + NULL, ESLEMAX); + return (NULL); + } + + if (src == NULL) { + invoke_safe_str_constraint_handler("strtok_s: src is null", + NULL, ESNULLP); + return (NULL); + } + + if (ptr == NULL) { + invoke_safe_str_constraint_handler("strtok_s: ptr is null", + NULL, ESNULLP); + return (NULL); + } + + /* if the source was NULL, use the tokenizer context */ + if (dest == NULL) { + dest = *ptr; + } + + /* + * scan dest for a delimiter + */ + dlen = *dmax; + ptoken = NULL; + while (*dest != '\0' && !ptoken) { + + if (dlen == 0) { + *ptr = NULL; + invoke_safe_str_constraint_handler( + "strtok_s: dest is unterminated", + NULL, ESUNTERM); + return (NULL); + } + + /* + * must scan the entire delimiter list + * ISO should have included a delimiter string limit!! + */ + slen = STRTOK_DELIM_MAX_LEN; + pt = src; + while (*pt != '\0') { + + if (slen == 0) { + *ptr = NULL; + invoke_safe_str_constraint_handler( + "strtok_s: src is unterminated", + NULL, ESUNTERM); + return (NULL); + } + slen--; + + if (*dest == *pt) { + ptoken = NULL; + break; + } else { + pt++; + ptoken = dest; + } + } + dest++; + dlen--; + } + + /* + * if the beginning of a token was not found, then no + * need to continue the scan. + */ + if (ptoken == NULL) { + *dmax = dlen; + return (ptoken); + } + + /* + * Now we need to locate the end of the token + */ + while (*dest != '\0') { + + if (dlen == 0) { + *ptr = NULL; + invoke_safe_str_constraint_handler( + "strtok_s: dest is unterminated", + NULL, ESUNTERM); + return (NULL); + } + + slen = STRTOK_DELIM_MAX_LEN; + pt = src; + while (*pt != '\0') { + + if (slen == 0) { + *ptr = NULL; + invoke_safe_str_constraint_handler( + "strtok_s: src is unterminated", + NULL, ESUNTERM); + return (NULL); + } + slen--; + + if (*dest == *pt) { + /* + * found a delimiter, set to null + * and return context ptr to next char + */ + *dest = '\0'; + *ptr = (dest + 1); /* return pointer for next scan */ + *dmax = dlen - 1; /* account for the nulled delimiter */ + return (ptoken); + } else { + /* + * simply scanning through the delimiter string + */ + pt++; + } + } + dest++; + dlen--; + } + + *dmax = dlen; + return (ptoken); +} +EXPORT_SYMBOL(strtok_s) + diff --git a/safeclib/wcscat_s.c b/safeclib/wcscat_s.c index 8b31748..19363df 100644 --- a/safeclib/wcscat_s.c +++ b/safeclib/wcscat_s.c @@ -1,226 +1,226 @@ -/*------------------------------------------------------------------ - * wcscat_s.c - * - * August 2014, D Wheeler - * - * Copyright (c) 2014 by Intel Corp - * All rights reserved. - * - * Permission is hereby granted, free of charge, to any person - * obtaining a copy of this software and associated documentation - * files (the "Software"), to deal in the Software without - * restriction, including without limitation the rights to use, - * copy, modify, merge, publish, distribute, sublicense, and/or - * sell copies of the Software, and to permit persons to whom the - * Software is furnished to do so, subject to the following - * conditions: - * - * The above copyright notice and this permission notice shall be - * included in all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES - * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND - * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT - * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, - * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING - * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR - * OTHER DEALINGS IN THE SOFTWARE. - *------------------------------------------------------------------ - */ - -#include "safeclib_private.h" -#include "safe_str_constraint.h" -#include "safe_str_lib.h" - - -/** - * NAME - * wcscat_s - * - * SYNOPSIS - * #include "safe_str_lib.h" - * errno_t - * wcscat_s(wchar_t* dest, rsize_t dmax, const wchar_t* src) - * - * DESCRIPTION - * The wcscat_s function appends a copy of the wide character string pointed - * to by src (including the terminating null character) to the - * end of the string pointed to by dest. The initial wide character - * from src overwrites the null character at the end of dest. - * - * All elements following the terminating null character (if - * any) written by strcat_s in the array of dmax characters - * pointed to by dest take unspecified values when strcat_s - * returns. - * - * SPECIFIED IN - * ISO/IEC TR 24731, Programming languages, environments - * and system software interfaces, Extensions to the C Library, - * Part I: Bounds-checking interfaces - * - * INPUT PARAMETERS - * dest pointer to wide character string that will be extended by src - * if dmax allows. The string is null terminated. - * If the resulting concatenated string is less - * than dmax, the remaining slack space is nulled. - * - * dmax restricted maximum length of the resulting dest, - * including the null - * - * src pointer to the string that will be concatenaed - * to string dest - * - * OUTPUT PARAMETERS - * dest is updated - * - * RUNTIME CONSTRAINTS - * Neither dest nor src shall be a null pointer - * dmax shall not equal zero - * dmax shall not be greater than RSIZE_MAX_STR - * dmax shall be greater than strnlen_s(src,m). - * Copying shall not takeplace between objects that overlap - * If there is a runtime-constraint violation, then if dest is - * not a null pointer and dmax is greater than zero and not - * greater than RSIZE_MAX_STR, then strcat_s nulls dest. - * - * RETURN VALUE - * EOK successful operation, all the characters from src - * were appended to dest and the result in dest is - * null terminated. - * ESNULLP NULL pointer - * ESZEROL zero length - * ESLEMAX length exceeds max - * ESUNTERM dest not terminated - * - * ALSO SEE - * strcat_s, strncat_s(), strcpy_s(), strncpy_s() - * - */ -errno_t -wcscat_s(wchar_t* dest, rsize_t dmax, const wchar_t* src) -{ - rsize_t orig_dmax; - wchar_t *orig_dest; - const wchar_t *overlap_bumper; - - if (dest == NULL) { - invoke_safe_str_constraint_handler("wcscat_s: dest is null", - NULL, ESNULLP); - return RCNEGATE(ESNULLP); - } - - if (src == NULL) { - invoke_safe_str_constraint_handler("wcscat_s: src is null", - NULL, ESNULLP); - return RCNEGATE(ESNULLP); - } - - if (dmax == 0) { - invoke_safe_str_constraint_handler("wcscat_s: dmax is 0", - NULL, ESZEROL); - return RCNEGATE(ESZEROL); - } - - if (dmax*sizeof(wchar_t) > RSIZE_MAX_STR) { - invoke_safe_str_constraint_handler("wcscat_s: dmax exceeds max", - NULL, ESLEMAX); - return RCNEGATE(ESLEMAX); - } - - /* hold base of dest in case src was not copied */ - orig_dmax = dmax; - orig_dest = dest; - - if (dest < src) { - overlap_bumper = src; - - /* Find the end of dest */ - while (*dest != L'\0') { - - if (dest == overlap_bumper) { - handle_wc_error(orig_dest, orig_dmax, "wcscat_s: overlapping objects", - ESOVRLP); - return RCNEGATE(ESOVRLP); - } - - dest++; - dmax--; - if (dmax == 0) { - handle_wc_error(orig_dest, orig_dmax, "wcscat_s: dest unterminated", - ESUNTERM); - return RCNEGATE(ESUNTERM); - } - } - - while (dmax > 0) { - if (dest == overlap_bumper) { - handle_wc_error(orig_dest, orig_dmax, "wcscat_s: overlapping objects", - ESOVRLP); - return RCNEGATE(ESOVRLP); - } - - *dest = *src; - if (*dest == L'\0') { -#ifdef SAFECLIB_STR_NULL_SLACK - /* null slack to clear any data */ - while (dmax) { *dest = L'\0'; dmax--; dest++; } -#endif - return RCNEGATE(EOK); - } - - dmax--; - dest++; - src++; - } - - } else { - overlap_bumper = dest; - - /* Find the end of dest */ - while (*dest != L'\0') { - - /* - * NOTE: no need to check for overlap here since src comes first - * in memory and we're not incrementing src here. - */ - dest++; - dmax--; - if (dmax == 0) { - handle_wc_error(orig_dest, orig_dmax, "wcscat_s: dest unterminated", - ESUNTERM); - return RCNEGATE(ESUNTERM); - } - } - - while (dmax > 0) { - if (src == overlap_bumper) { - handle_wc_error(orig_dest, orig_dmax, "wcscat_s: overlapping objects", - ESOVRLP); - return RCNEGATE(ESOVRLP); - } - - *dest = *src; - if (*dest == L'\0') { -#ifdef SAFECLIB_STR_NULL_SLACK - /* null slack to clear any data */ - while (dmax) { *dest = L'\0'; dmax--; dest++; } -#endif - return RCNEGATE(EOK); - } - - dmax--; - dest++; - src++; - } - } - - /* - * the entire src was not copied, so null the string - */ - handle_wc_error(orig_dest, orig_dmax, "wcscat_s: not enough space for src", - ESNOSPC); - - return RCNEGATE(ESNOSPC); -} -EXPORT_SYMBOL(wcscat_s) +/*------------------------------------------------------------------ + * wcscat_s.c + * + * August 2014, D Wheeler + * + * Copyright (c) 2014 by Intel Corp + * All rights reserved. + * + * Permission is hereby granted, free of charge, to any person + * obtaining a copy of this software and associated documentation + * files (the "Software"), to deal in the Software without + * restriction, including without limitation the rights to use, + * copy, modify, merge, publish, distribute, sublicense, and/or + * sell copies of the Software, and to permit persons to whom the + * Software is furnished to do so, subject to the following + * conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES + * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT + * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, + * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING + * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR + * OTHER DEALINGS IN THE SOFTWARE. + *------------------------------------------------------------------ + */ + +#include "safeclib_private.h" +#include "safe_str_constraint.h" +#include "safe_str_lib.h" + + +/** + * NAME + * wcscat_s + * + * SYNOPSIS + * #include "safe_str_lib.h" + * errno_t + * wcscat_s(wchar_t* dest, rsize_t dmax, const wchar_t* src) + * + * DESCRIPTION + * The wcscat_s function appends a copy of the wide character string pointed + * to by src (including the terminating null character) to the + * end of the string pointed to by dest. The initial wide character + * from src overwrites the null character at the end of dest. + * + * All elements following the terminating null character (if + * any) written by strcat_s in the array of dmax characters + * pointed to by dest take unspecified values when strcat_s + * returns. + * + * SPECIFIED IN + * ISO/IEC TR 24731, Programming languages, environments + * and system software interfaces, Extensions to the C Library, + * Part I: Bounds-checking interfaces + * + * INPUT PARAMETERS + * dest pointer to wide character string that will be extended by src + * if dmax allows. The string is null terminated. + * If the resulting concatenated string is less + * than dmax, the remaining slack space is nulled. + * + * dmax restricted maximum length of the resulting dest, + * including the null + * + * src pointer to the string that will be concatenaed + * to string dest + * + * OUTPUT PARAMETERS + * dest is updated + * + * RUNTIME CONSTRAINTS + * Neither dest nor src shall be a null pointer + * dmax shall not equal zero + * dmax shall not be greater than RSIZE_MAX_STR + * dmax shall be greater than strnlen_s(src,m). + * Copying shall not takeplace between objects that overlap + * If there is a runtime-constraint violation, then if dest is + * not a null pointer and dmax is greater than zero and not + * greater than RSIZE_MAX_STR, then strcat_s nulls dest. + * + * RETURN VALUE + * EOK successful operation, all the characters from src + * were appended to dest and the result in dest is + * null terminated. + * ESNULLP NULL pointer + * ESZEROL zero length + * ESLEMAX length exceeds max + * ESUNTERM dest not terminated + * + * ALSO SEE + * strcat_s, strncat_s(), strcpy_s(), strncpy_s() + * + */ +errno_t +wcscat_s(wchar_t* dest, rsize_t dmax, const wchar_t* src) +{ + rsize_t orig_dmax; + wchar_t *orig_dest; + const wchar_t *overlap_bumper; + + if (dest == NULL) { + invoke_safe_str_constraint_handler("wcscat_s: dest is null", + NULL, ESNULLP); + return RCNEGATE(ESNULLP); + } + + if (src == NULL) { + invoke_safe_str_constraint_handler("wcscat_s: src is null", + NULL, ESNULLP); + return RCNEGATE(ESNULLP); + } + + if (dmax == 0) { + invoke_safe_str_constraint_handler("wcscat_s: dmax is 0", + NULL, ESZEROL); + return RCNEGATE(ESZEROL); + } + + if (dmax*sizeof(wchar_t) > RSIZE_MAX_STR) { + invoke_safe_str_constraint_handler("wcscat_s: dmax exceeds max", + NULL, ESLEMAX); + return RCNEGATE(ESLEMAX); + } + + /* hold base of dest in case src was not copied */ + orig_dmax = dmax; + orig_dest = dest; + + if (dest < src) { + overlap_bumper = src; + + /* Find the end of dest */ + while (*dest != L'\0') { + + if (dest == overlap_bumper) { + handle_wc_error(orig_dest, orig_dmax, "wcscat_s: overlapping objects", + ESOVRLP); + return RCNEGATE(ESOVRLP); + } + + dest++; + dmax--; + if (dmax == 0) { + handle_wc_error(orig_dest, orig_dmax, "wcscat_s: dest unterminated", + ESUNTERM); + return RCNEGATE(ESUNTERM); + } + } + + while (dmax > 0) { + if (dest == overlap_bumper) { + handle_wc_error(orig_dest, orig_dmax, "wcscat_s: overlapping objects", + ESOVRLP); + return RCNEGATE(ESOVRLP); + } + + *dest = *src; + if (*dest == L'\0') { +#ifdef SAFECLIB_STR_NULL_SLACK + /* null slack to clear any data */ + while (dmax) { *dest = L'\0'; dmax--; dest++; } +#endif + return RCNEGATE(EOK); + } + + dmax--; + dest++; + src++; + } + + } else { + overlap_bumper = dest; + + /* Find the end of dest */ + while (*dest != L'\0') { + + /* + * NOTE: no need to check for overlap here since src comes first + * in memory and we're not incrementing src here. + */ + dest++; + dmax--; + if (dmax == 0) { + handle_wc_error(orig_dest, orig_dmax, "wcscat_s: dest unterminated", + ESUNTERM); + return RCNEGATE(ESUNTERM); + } + } + + while (dmax > 0) { + if (src == overlap_bumper) { + handle_wc_error(orig_dest, orig_dmax, "wcscat_s: overlapping objects", + ESOVRLP); + return RCNEGATE(ESOVRLP); + } + + *dest = *src; + if (*dest == L'\0') { +#ifdef SAFECLIB_STR_NULL_SLACK + /* null slack to clear any data */ + while (dmax) { *dest = L'\0'; dmax--; dest++; } +#endif + return RCNEGATE(EOK); + } + + dmax--; + dest++; + src++; + } + } + + /* + * the entire src was not copied, so null the string + */ + handle_wc_error(orig_dest, orig_dmax, "wcscat_s: not enough space for src", + ESNOSPC); + + return RCNEGATE(ESNOSPC); +} +EXPORT_SYMBOL(wcscat_s) diff --git a/safeclib/wcsncat_s.c b/safeclib/wcsncat_s.c index 8584544..73596cd 100644 --- a/safeclib/wcsncat_s.c +++ b/safeclib/wcsncat_s.c @@ -1,269 +1,269 @@ -/*------------------------------------------------------------------ - * wcsncat_s.c - * - * August 2014, D Wheeler - * - * Copyright (c) 2014 by Intel Corp - * All rights reserved. - * - * Permission is hereby granted, free of charge, to any person - * obtaining a copy of this software and associated documentation - * files (the "Software"), to deal in the Software without - * restriction, including without limitation the rights to use, - * copy, modify, merge, publish, distribute, sublicense, and/or - * sell copies of the Software, and to permit persons to whom the - * Software is furnished to do so, subject to the following - * conditions: - * - * The above copyright notice and this permission notice shall be - * included in all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES - * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND - * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT - * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, - * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING - * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR - * OTHER DEALINGS IN THE SOFTWARE. - *------------------------------------------------------------------ - */ - -#include "safeclib_private.h" -#include "safe_str_constraint.h" -#include "safe_str_lib.h" - - -/** - * NAME - * wcsncat_s - * - * SYNOPSIS - * #include "safe_str_lib.h" - * errno_t - * wcsncat_s(wchar_t *dest, rsize_t dmax, const wchar_t *src, rsize_t slen) - * - * DESCRIPTION - * The wcsncat_s function appends a copy of (at most) the - * first slen wide characters pointed to by src to the - * end of the string pointed to by dest and terminates the - * string with the null character. If less than slen wide - * characters are in the string src, the function stops - * copying after the null terminator is copied to dest. - * The initial character from src overwrites the null - * character at the end of dest. - * - * All elements following the terminating null character (if - * any) written by strncat_s in the array of dmax characters - * pointed to by dest take unspecified values when strncat_s returns. - * - * SPECIFIED IN - * ISO/IEC TR 24731, Programming languages, environments - * and system software interfaces, Extensions to the C Library, - * Part I: Bounds-checking interfaces - * - * INPUT PARAMETERS - * dest pointer to string that will be extended by src - * if dmax allows. The string is null terminated. - * If the resulting concatenated string is less - * than dmax, the remaining slack space is nulled. - * - * dmax restricted maximum length of the resulting dest, - * including the null - * - * src pointer to the string that will be concatenaed - * to string dest - * - * slen maximum characters to append - * - * OUTPUT PARAMETERS - * dest updated string - * - * RUNTIME CONSTRAINTS - * Neither dest nor src shall be a null pointer - * dmax shall not equal zero - * dmax shall not be greater than RSIZE_STR_MAX - * dmax shall be greater than strnlen_s(src,m). - * Copying shall not takeplace between objects that overlap - * If there is a runtime-constraint violation, then if dest is - * not a null pointer and dmax is greater than zero and not - * greater thanRSIZE_MAX, then strncat_s sets dest[0] to the - * null character. - * - * RETURN VALUE - * EOK successful operation, all the characters from src - * were appended to dest and the result in dest is - * null terminated. - * ESNULLP NULL pointer - * ESZEROL zero length - * ESLEMAX length exceeds max limit - * ESUNTERM dest not terminated - * - * - */ -errno_t -wcsncat_s (wchar_t *dest, rsize_t dmax, const wchar_t *src, rsize_t slen) -{ - rsize_t orig_dmax; - wchar_t *orig_dest; - const wchar_t *overlap_bumper; - - if (dest == NULL) { - invoke_safe_str_constraint_handler("wcsncat_s: dest is null", - NULL, ESNULLP); - return RCNEGATE(ESNULLP); - } - - if (src == NULL) { - invoke_safe_str_constraint_handler("wcsncat_s: src is null", - NULL, ESNULLP); - return RCNEGATE(ESNULLP); - } - - if (slen*sizeof(wchar_t) > RSIZE_MAX_STR) { - invoke_safe_str_constraint_handler("wcsncat_s: slen exceeds max", - NULL, ESLEMAX); - return RCNEGATE(ESLEMAX); - } - - if (dmax == 0) { - invoke_safe_str_constraint_handler("wcsncat_s: dmax is 0", - NULL, ESZEROL); - return RCNEGATE(ESZEROL); - } - - if (dmax*sizeof(wchar_t) > RSIZE_MAX_STR) { - invoke_safe_str_constraint_handler("wcsncat_s: dmax exceeds max", - NULL, ESLEMAX); - return RCNEGATE(ESLEMAX); - } - - /* hold base of dest in case src was not copied */ - orig_dmax = dmax; - orig_dest = dest; - - if (dest < src) { - overlap_bumper = src; - - /* Find the end of dest */ - while (*dest != L'\0') { - - if (dest == overlap_bumper) { - handle_wc_error(orig_dest, orig_dmax, "wcsncat_s: " - "overlapping objects", - ESOVRLP); - return RCNEGATE(ESOVRLP); - } - - dest++; - dmax--; - if (dmax == 0) { - handle_wc_error(orig_dest, orig_dmax, "wcsncat_s: " - "dest unterminated", - ESUNTERM); - return RCNEGATE(ESUNTERM); - } - } - - while (dmax > 0) { - if (dest == overlap_bumper) { - handle_wc_error(orig_dest, orig_dmax, "wcsncat_s: " - "overlapping objects", - ESOVRLP); - return RCNEGATE(ESOVRLP); - } - - /* - * Copying truncated before the source null is encountered - */ - /* TODO: test if this copies at most slen characters including NULL */ - if (slen == 0) { -#ifdef SAFECLIB_STR_NULL_SLACK - /* null remaining string */ - while (dmax) { *dest = L'\0'; dmax--; dest++; } -#else - *dest = L'\0'; -#endif - return RCNEGATE(EOK); - } - - *dest = *src; - if (*dest == L'\0') { -#ifdef SAFECLIB_STR_NULL_SLACK - /* null slack to clear data */ - while (dmax) { *dest = L'\0'; dmax--; dest++; } -#endif - return RCNEGATE(EOK); - } - - dmax--; - slen--; - dest++; - src++; - } - - } else { - overlap_bumper = dest; - - /* Find the end of dest */ - while (*dest != L'\0') { - - /* - * NOTE: no need to check for overlap here since src comes first - * in memory and we're not incrementing src here. - */ - dest++; - dmax--; - if (dmax == 0) { - handle_wc_error(orig_dest, orig_dmax, "wcsncat_s: " - "dest unterminated", - ESUNTERM); - return RCNEGATE(ESUNTERM); - } - } - - while (dmax > 0) { - if (src == overlap_bumper) { - handle_wc_error(orig_dest, orig_dmax, "wcsncat_s: " - "overlapping objects", - ESOVRLP); - return RCNEGATE(ESOVRLP); - } - - /* - * Copying truncated - */ - if (slen == 0) { -#ifdef SAFECLIB_STR_NULL_SLACK - /* null remaining string */ - while (dmax) { *dest = L'\0'; dmax--; dest++; } -#else - *dest = L'\0'; -#endif - return RCNEGATE(EOK); - } - - *dest = *src; - if (*dest == L'\0') { -#ifdef SAFECLIB_STR_NULL_SLACK - /* null slack to clear any data */ - while (dmax) { *dest = L'\0'; dmax--; dest++; } -#endif - return RCNEGATE(EOK); - } - - dmax--; - slen--; - dest++; - src++; - } - } - - /* - * the entire src was not copied, so the string will be nulled. - */ - handle_wc_error(orig_dest, orig_dmax, "wcsncat_s: not enough space for src", - ESNOSPC); - return RCNEGATE(ESNOSPC); -} -EXPORT_SYMBOL(wcsncat_s) +/*------------------------------------------------------------------ + * wcsncat_s.c + * + * August 2014, D Wheeler + * + * Copyright (c) 2014 by Intel Corp + * All rights reserved. + * + * Permission is hereby granted, free of charge, to any person + * obtaining a copy of this software and associated documentation + * files (the "Software"), to deal in the Software without + * restriction, including without limitation the rights to use, + * copy, modify, merge, publish, distribute, sublicense, and/or + * sell copies of the Software, and to permit persons to whom the + * Software is furnished to do so, subject to the following + * conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES + * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT + * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, + * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING + * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR + * OTHER DEALINGS IN THE SOFTWARE. + *------------------------------------------------------------------ + */ + +#include "safeclib_private.h" +#include "safe_str_constraint.h" +#include "safe_str_lib.h" + + +/** + * NAME + * wcsncat_s + * + * SYNOPSIS + * #include "safe_str_lib.h" + * errno_t + * wcsncat_s(wchar_t *dest, rsize_t dmax, const wchar_t *src, rsize_t slen) + * + * DESCRIPTION + * The wcsncat_s function appends a copy of (at most) the + * first slen wide characters pointed to by src to the + * end of the string pointed to by dest and terminates the + * string with the null character. If less than slen wide + * characters are in the string src, the function stops + * copying after the null terminator is copied to dest. + * The initial character from src overwrites the null + * character at the end of dest. + * + * All elements following the terminating null character (if + * any) written by strncat_s in the array of dmax characters + * pointed to by dest take unspecified values when strncat_s returns. + * + * SPECIFIED IN + * ISO/IEC TR 24731, Programming languages, environments + * and system software interfaces, Extensions to the C Library, + * Part I: Bounds-checking interfaces + * + * INPUT PARAMETERS + * dest pointer to string that will be extended by src + * if dmax allows. The string is null terminated. + * If the resulting concatenated string is less + * than dmax, the remaining slack space is nulled. + * + * dmax restricted maximum length of the resulting dest, + * including the null + * + * src pointer to the string that will be concatenaed + * to string dest + * + * slen maximum characters to append + * + * OUTPUT PARAMETERS + * dest updated string + * + * RUNTIME CONSTRAINTS + * Neither dest nor src shall be a null pointer + * dmax shall not equal zero + * dmax shall not be greater than RSIZE_STR_MAX + * dmax shall be greater than strnlen_s(src,m). + * Copying shall not takeplace between objects that overlap + * If there is a runtime-constraint violation, then if dest is + * not a null pointer and dmax is greater than zero and not + * greater thanRSIZE_MAX, then strncat_s sets dest[0] to the + * null character. + * + * RETURN VALUE + * EOK successful operation, all the characters from src + * were appended to dest and the result in dest is + * null terminated. + * ESNULLP NULL pointer + * ESZEROL zero length + * ESLEMAX length exceeds max limit + * ESUNTERM dest not terminated + * + * + */ +errno_t +wcsncat_s (wchar_t *dest, rsize_t dmax, const wchar_t *src, rsize_t slen) +{ + rsize_t orig_dmax; + wchar_t *orig_dest; + const wchar_t *overlap_bumper; + + if (dest == NULL) { + invoke_safe_str_constraint_handler("wcsncat_s: dest is null", + NULL, ESNULLP); + return RCNEGATE(ESNULLP); + } + + if (src == NULL) { + invoke_safe_str_constraint_handler("wcsncat_s: src is null", + NULL, ESNULLP); + return RCNEGATE(ESNULLP); + } + + if (slen*sizeof(wchar_t) > RSIZE_MAX_STR) { + invoke_safe_str_constraint_handler("wcsncat_s: slen exceeds max", + NULL, ESLEMAX); + return RCNEGATE(ESLEMAX); + } + + if (dmax == 0) { + invoke_safe_str_constraint_handler("wcsncat_s: dmax is 0", + NULL, ESZEROL); + return RCNEGATE(ESZEROL); + } + + if (dmax*sizeof(wchar_t) > RSIZE_MAX_STR) { + invoke_safe_str_constraint_handler("wcsncat_s: dmax exceeds max", + NULL, ESLEMAX); + return RCNEGATE(ESLEMAX); + } + + /* hold base of dest in case src was not copied */ + orig_dmax = dmax; + orig_dest = dest; + + if (dest < src) { + overlap_bumper = src; + + /* Find the end of dest */ + while (*dest != L'\0') { + + if (dest == overlap_bumper) { + handle_wc_error(orig_dest, orig_dmax, "wcsncat_s: " + "overlapping objects", + ESOVRLP); + return RCNEGATE(ESOVRLP); + } + + dest++; + dmax--; + if (dmax == 0) { + handle_wc_error(orig_dest, orig_dmax, "wcsncat_s: " + "dest unterminated", + ESUNTERM); + return RCNEGATE(ESUNTERM); + } + } + + while (dmax > 0) { + if (dest == overlap_bumper) { + handle_wc_error(orig_dest, orig_dmax, "wcsncat_s: " + "overlapping objects", + ESOVRLP); + return RCNEGATE(ESOVRLP); + } + + /* + * Copying truncated before the source null is encountered + */ + /* TODO: test if this copies at most slen characters including NULL */ + if (slen == 0) { +#ifdef SAFECLIB_STR_NULL_SLACK + /* null remaining string */ + while (dmax) { *dest = L'\0'; dmax--; dest++; } +#else + *dest = L'\0'; +#endif + return RCNEGATE(EOK); + } + + *dest = *src; + if (*dest == L'\0') { +#ifdef SAFECLIB_STR_NULL_SLACK + /* null slack to clear data */ + while (dmax) { *dest = L'\0'; dmax--; dest++; } +#endif + return RCNEGATE(EOK); + } + + dmax--; + slen--; + dest++; + src++; + } + + } else { + overlap_bumper = dest; + + /* Find the end of dest */ + while (*dest != L'\0') { + + /* + * NOTE: no need to check for overlap here since src comes first + * in memory and we're not incrementing src here. + */ + dest++; + dmax--; + if (dmax == 0) { + handle_wc_error(orig_dest, orig_dmax, "wcsncat_s: " + "dest unterminated", + ESUNTERM); + return RCNEGATE(ESUNTERM); + } + } + + while (dmax > 0) { + if (src == overlap_bumper) { + handle_wc_error(orig_dest, orig_dmax, "wcsncat_s: " + "overlapping objects", + ESOVRLP); + return RCNEGATE(ESOVRLP); + } + + /* + * Copying truncated + */ + if (slen == 0) { +#ifdef SAFECLIB_STR_NULL_SLACK + /* null remaining string */ + while (dmax) { *dest = L'\0'; dmax--; dest++; } +#else + *dest = L'\0'; +#endif + return RCNEGATE(EOK); + } + + *dest = *src; + if (*dest == L'\0') { +#ifdef SAFECLIB_STR_NULL_SLACK + /* null slack to clear any data */ + while (dmax) { *dest = L'\0'; dmax--; dest++; } +#endif + return RCNEGATE(EOK); + } + + dmax--; + slen--; + dest++; + src++; + } + } + + /* + * the entire src was not copied, so the string will be nulled. + */ + handle_wc_error(orig_dest, orig_dmax, "wcsncat_s: not enough space for src", + ESNOSPC); + return RCNEGATE(ESNOSPC); +} +EXPORT_SYMBOL(wcsncat_s) diff --git a/safeclib/wmemcpy_s.c b/safeclib/wmemcpy_s.c index 54cac21..b140132 100644 --- a/safeclib/wmemcpy_s.c +++ b/safeclib/wmemcpy_s.c @@ -1,158 +1,158 @@ -/*------------------------------------------------------------------ - * wmemcpy_s - * - * AUgust 2014, D. Wheeler - * - * Copyright (c) 2014 Intel Corp - * All rights reserved. - * - * Permission is hereby granted, free of charge, to any person - * obtaining a copy of this software and associated documentation - * files (the "Software"), to deal in the Software without - * restriction, including without limitation the rights to use, - * copy, modify, merge, publish, distribute, sublicense, and/or - * sell copies of the Software, and to permit persons to whom the - * Software is furnished to do so, subject to the following - * conditions: - * - * The above copyright notice and this permission notice shall be - * included in all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES - * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND - * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT - * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, - * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING - * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR - * OTHER DEALINGS IN THE SOFTWARE. - *------------------------------------------------------------------ - */ - -#include "safeclib_private.h" -#include "safe_mem_constraint.h" -#include "mem_primitives_lib.h" -#include "safe_mem_lib.h" -#include - - -/** - * NAME - * wmemcpy_s - * - * SYNOPSIS - * #include "safe_mem_lib.h" - * errno_t - * wmemcpy_s(wchar_t* dest, rsize_t dmax, const wchar_t* src, rsize_t smax) - * - * DESCRIPTION - * This function copies at most smax wide characters from src to dest, up to - * dmax. - * - * SPECIFIED IN - * ISO/IEC JTC1 SC22 WG14 N1172, Programming languages, environments - * and system software interfaces, Extensions to the C Library, - * Part I: Bounds-checking interfaces - * - * INPUT PARAMETERS - * dest pointer to memory that will be replaced by src. - * - * dmax maximum length of the resulting dest - * - * src pointer to the memory that will be copied to dest - * - * smax maximum number bytes of src to copy - * - * OUTPUT PARAMETERS - * dest is updated - * - * RUNTIME CONSTRAINTS - * Neither dest nor src shall be a null pointer. - * Neither dmax nor smax shall be zero. - * dmax shall not be greater than RSIZE_MAX_MEM. - * smax shall not be greater than dmax. - * Copying shall not take place between regions that overlap. - * If there is a runtime-constraint violation, the memcpy_s function - * stores zeros in the first dmax bytes of the region pointed to - * by dest if dest is not a null pointer and smax is valid. - * - * RETURN VALUE - * EOK successful operation - * ESNULLP NULL pointer - * ESZEROL zero length - * ESLEMAX length exceeds max limit - * ESOVRLP source memory overlaps destination - * - * ALSO SEE - * memcpy16_s(), memcpy32_s(), memcpy_s(), - * wmemmove_s(), memmove_s(), memmove16_s(), memmove32_s(), - * - */ -errno_t -wmemcpy_s(wchar_t* dest, rsize_t dmax, const wchar_t* src, rsize_t smax) -{ - wchar_t *dp; - const wchar_t *sp; - - dp = dest; - sp = src; - - if (dp == NULL) { - invoke_safe_mem_constraint_handler("wmemcpy_s: dest is NULL", - NULL, ESNULLP); - return RCNEGATE(ESNULLP); - } - - if (dmax == 0) { - invoke_safe_mem_constraint_handler("wmemcpy_s: dmax is 0", - NULL, ESZEROL); - return RCNEGATE(ESZEROL); - } - - if (dmax > RSIZE_MAX_MEM) { - invoke_safe_mem_constraint_handler("wmemcpy_s: dmax exceeds max", - NULL, ESLEMAX); - return RCNEGATE(ESLEMAX); - } - - if (smax == 0) { - mem_prim_set(dp, dmax*sizeof(wchar_t), 0); - invoke_safe_mem_constraint_handler("wmemcpy_s: smax is 0", - NULL, ESZEROL); - return RCNEGATE(ESZEROL); - } - - if (smax > dmax) { - mem_prim_set(dp, dmax*sizeof(wchar_t), 0); - invoke_safe_mem_constraint_handler("wmemcpy_s: smax exceeds dmax", - NULL, ESLEMAX); - return RCNEGATE(ESLEMAX); - } - - if (sp == NULL) { - mem_prim_set(dp, dmax*sizeof(wchar_t), 0); - invoke_safe_mem_constraint_handler("wmemcpy_s: src is NULL", - NULL, ESNULLP); - return RCNEGATE(ESNULLP); - } - - - /* - * overlap is undefined behavior, do not allow - */ - if( ((dp > sp) && (dp < (sp+smax))) || - ((sp > dp) && (sp < (dp+dmax))) ) { - mem_prim_set(dp, dmax*sizeof(wchar_t), 0); - invoke_safe_mem_constraint_handler("wmemcpy_s: overlap undefined", - NULL, ESOVRLP); - return RCNEGATE(ESOVRLP); - } - - /* - * now perform the copy - */ - mem_prim_move(dp, sp, smax*sizeof(wchar_t)); - - return RCNEGATE(EOK); -} -EXPORT_SYMBOL(wmemcpy_s) +/*------------------------------------------------------------------ + * wmemcpy_s + * + * AUgust 2014, D. Wheeler + * + * Copyright (c) 2014 Intel Corp + * All rights reserved. + * + * Permission is hereby granted, free of charge, to any person + * obtaining a copy of this software and associated documentation + * files (the "Software"), to deal in the Software without + * restriction, including without limitation the rights to use, + * copy, modify, merge, publish, distribute, sublicense, and/or + * sell copies of the Software, and to permit persons to whom the + * Software is furnished to do so, subject to the following + * conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES + * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT + * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, + * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING + * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR + * OTHER DEALINGS IN THE SOFTWARE. + *------------------------------------------------------------------ + */ + +#include "safeclib_private.h" +#include "safe_mem_constraint.h" +#include "mem_primitives_lib.h" +#include "safe_mem_lib.h" +#include + + +/** + * NAME + * wmemcpy_s + * + * SYNOPSIS + * #include "safe_mem_lib.h" + * errno_t + * wmemcpy_s(wchar_t* dest, rsize_t dmax, const wchar_t* src, rsize_t smax) + * + * DESCRIPTION + * This function copies at most smax wide characters from src to dest, up to + * dmax. + * + * SPECIFIED IN + * ISO/IEC JTC1 SC22 WG14 N1172, Programming languages, environments + * and system software interfaces, Extensions to the C Library, + * Part I: Bounds-checking interfaces + * + * INPUT PARAMETERS + * dest pointer to memory that will be replaced by src. + * + * dmax maximum length of the resulting dest + * + * src pointer to the memory that will be copied to dest + * + * smax maximum number bytes of src to copy + * + * OUTPUT PARAMETERS + * dest is updated + * + * RUNTIME CONSTRAINTS + * Neither dest nor src shall be a null pointer. + * Neither dmax nor smax shall be zero. + * dmax shall not be greater than RSIZE_MAX_MEM. + * smax shall not be greater than dmax. + * Copying shall not take place between regions that overlap. + * If there is a runtime-constraint violation, the memcpy_s function + * stores zeros in the first dmax bytes of the region pointed to + * by dest if dest is not a null pointer and smax is valid. + * + * RETURN VALUE + * EOK successful operation + * ESNULLP NULL pointer + * ESZEROL zero length + * ESLEMAX length exceeds max limit + * ESOVRLP source memory overlaps destination + * + * ALSO SEE + * memcpy16_s(), memcpy32_s(), memcpy_s(), + * wmemmove_s(), memmove_s(), memmove16_s(), memmove32_s(), + * + */ +errno_t +wmemcpy_s(wchar_t* dest, rsize_t dmax, const wchar_t* src, rsize_t smax) +{ + wchar_t *dp; + const wchar_t *sp; + + dp = dest; + sp = src; + + if (dp == NULL) { + invoke_safe_mem_constraint_handler("wmemcpy_s: dest is NULL", + NULL, ESNULLP); + return RCNEGATE(ESNULLP); + } + + if (dmax == 0) { + invoke_safe_mem_constraint_handler("wmemcpy_s: dmax is 0", + NULL, ESZEROL); + return RCNEGATE(ESZEROL); + } + + if (dmax > RSIZE_MAX_MEM) { + invoke_safe_mem_constraint_handler("wmemcpy_s: dmax exceeds max", + NULL, ESLEMAX); + return RCNEGATE(ESLEMAX); + } + + if (smax == 0) { + mem_prim_set(dp, dmax*sizeof(wchar_t), 0); + invoke_safe_mem_constraint_handler("wmemcpy_s: smax is 0", + NULL, ESZEROL); + return RCNEGATE(ESZEROL); + } + + if (smax > dmax) { + mem_prim_set(dp, dmax*sizeof(wchar_t), 0); + invoke_safe_mem_constraint_handler("wmemcpy_s: smax exceeds dmax", + NULL, ESLEMAX); + return RCNEGATE(ESLEMAX); + } + + if (sp == NULL) { + mem_prim_set(dp, dmax*sizeof(wchar_t), 0); + invoke_safe_mem_constraint_handler("wmemcpy_s: src is NULL", + NULL, ESNULLP); + return RCNEGATE(ESNULLP); + } + + + /* + * overlap is undefined behavior, do not allow + */ + if( ((dp > sp) && (dp < (sp+smax))) || + ((sp > dp) && (sp < (dp+dmax))) ) { + mem_prim_set(dp, dmax*sizeof(wchar_t), 0); + invoke_safe_mem_constraint_handler("wmemcpy_s: overlap undefined", + NULL, ESOVRLP); + return RCNEGATE(ESOVRLP); + } + + /* + * now perform the copy + */ + mem_prim_move(dp, sp, smax*sizeof(wchar_t)); + + return RCNEGATE(EOK); +} +EXPORT_SYMBOL(wmemcpy_s) diff --git a/safeclib/wmemmove_s.c b/safeclib/wmemmove_s.c index 3c610ea..56d3dd6 100644 --- a/safeclib/wmemmove_s.c +++ b/safeclib/wmemmove_s.c @@ -1,150 +1,150 @@ -/*------------------------------------------------------------------ - * wmemmove_s.c - * - * August 2014, D Wheeler - * - * Copyright (c) 2014 Intel Corp - * All rights reserved. - * - * Permission is hereby granted, free of charge, to any person - * obtaining a copy of this software and associated documentation - * files (the "Software"), to deal in the Software without - * restriction, including without limitation the rights to use, - * copy, modify, merge, publish, distribute, sublicense, and/or - * sell copies of the Software, and to permit persons to whom the - * Software is furnished to do so, subject to the following - * conditions: - * - * The above copyright notice and this permission notice shall be - * included in all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES - * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND - * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT - * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, - * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING - * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR - * OTHER DEALINGS IN THE SOFTWARE. - *------------------------------------------------------------------ - */ - -#include "safeclib_private.h" -#include "safe_mem_constraint.h" -#include "mem_primitives_lib.h" -#include "safe_mem_lib.h" -#include - -/** - * NAME - * wmemmove_s - * - * SYNOPSIS - * #include "safe_mem_lib.h" - * errno_t - * wmemmove_s(wchar_t* dest, rsize_t dmax, - * const wchar_t* src, size_t smax) - * - * DESCRIPTION - * The wmemmove_s function copies smax wide characters from the region pointed - * to by src into the region pointed to by dest. This copying takes place - * as if the smax wide characters from the region pointed to by src are first copied - * into a temporary array of smax bytes that does not overlap the region - * pointed to by dest or src, and then the smax bytes from the temporary - * array are copied into the object region to by dest. - * - * SPECIFIED IN - * ISO/IEC TR 24731, Programming languages, environments - * and system software interfaces, Extensions to the C Library, - * Part I: Bounds-checking interfaces - * - * INPUT PARAMETERS - * dest pointer to the memory that will be replaced by src. - * - * dmax maximum number of resulting wide characters in dest - * - * src pointer to the memory that will be copied - * to dest - * - * smax maximum number wide characters of src that can be copied - * - * OUTPUT PARAMETERS - * dest is updated - * - * RUNTIME CONSTRAINTS - * Neither dest nor src shall be a null pointer. - * Neither dmax nor smax shall be 0. - * dmax shall not be greater than RSIZE_MAX_MEM/sizeof(wchar_t). - * smax shall not be greater than dmax. - * If there is a runtime-constraint violation, the wmemmove_s function - * stores zeros in the first dmax characters of the region pointed to - * by dest if dest is not a null pointer and dmax is not greater - * than RSIZE_MAX_MEM/sizeof(wchar_t). - * - * RETURN VALUE - * EOK successful operation - * ESNULLP NULL pointer - * ESZEROL zero length - * ESLEMAX length exceeds max limit - * - * ALSO SEE - * memmove16_s(), memmove32_s(), memcpy_s(), memcpy16_s() memcpy32_s() - * wmemcpy_s() - * - */ -errno_t -wmemmove_s(wchar_t* dest, rsize_t dmax, const wchar_t* src, size_t smax) -{ - wchar_t *dp; - const wchar_t *sp; - - dp= dest; - sp = src; - - if (dp == NULL) { - invoke_safe_mem_constraint_handler("wmemmove_s: dest is null", - NULL, ESNULLP); - return (RCNEGATE(ESNULLP)); - } - - if (dmax == 0) { - invoke_safe_mem_constraint_handler("wmemmove_s: dmax is 0", - NULL, ESZEROL); - return (RCNEGATE(ESZEROL)); - } - - if (dmax*sizeof(wchar_t) > RSIZE_MAX_MEM) { - invoke_safe_mem_constraint_handler("wmemmove_s: dmax exceeds max", - NULL, ESLEMAX); - return (RCNEGATE(ESLEMAX)); - } - - if (smax == 0) { - mem_prim_set(dp, dmax*sizeof(wchar_t), 0); - invoke_safe_mem_constraint_handler("wmemmove_s: smax is 0", - NULL, ESZEROL); - return (RCNEGATE(ESZEROL)); - } - - if (smax > dmax) { - mem_prim_set(dp, dmax*sizeof(wchar_t), 0); - invoke_safe_mem_constraint_handler("wmemmove_s: smax exceeds max", - NULL, ESLEMAX); - return (RCNEGATE(ESLEMAX)); - } - - if (sp == NULL) { - mem_prim_set(dp, dmax*sizeof(wchar_t), 0); - invoke_safe_mem_constraint_handler("wmemmove_s: src is null", - NULL, ESNULLP); - return (RCNEGATE(ESNULLP)); - } - - /* - * now perform the copy - */ - mem_prim_move(dp, sp, smax*sizeof(wchar_t)); - - return (RCNEGATE(EOK)); -} -EXPORT_SYMBOL(wmemmove_s) +/*------------------------------------------------------------------ + * wmemmove_s.c + * + * August 2014, D Wheeler + * + * Copyright (c) 2014 Intel Corp + * All rights reserved. + * + * Permission is hereby granted, free of charge, to any person + * obtaining a copy of this software and associated documentation + * files (the "Software"), to deal in the Software without + * restriction, including without limitation the rights to use, + * copy, modify, merge, publish, distribute, sublicense, and/or + * sell copies of the Software, and to permit persons to whom the + * Software is furnished to do so, subject to the following + * conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES + * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT + * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, + * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING + * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR + * OTHER DEALINGS IN THE SOFTWARE. + *------------------------------------------------------------------ + */ + +#include "safeclib_private.h" +#include "safe_mem_constraint.h" +#include "mem_primitives_lib.h" +#include "safe_mem_lib.h" +#include + +/** + * NAME + * wmemmove_s + * + * SYNOPSIS + * #include "safe_mem_lib.h" + * errno_t + * wmemmove_s(wchar_t* dest, rsize_t dmax, + * const wchar_t* src, size_t smax) + * + * DESCRIPTION + * The wmemmove_s function copies smax wide characters from the region pointed + * to by src into the region pointed to by dest. This copying takes place + * as if the smax wide characters from the region pointed to by src are first copied + * into a temporary array of smax bytes that does not overlap the region + * pointed to by dest or src, and then the smax bytes from the temporary + * array are copied into the object region to by dest. + * + * SPECIFIED IN + * ISO/IEC TR 24731, Programming languages, environments + * and system software interfaces, Extensions to the C Library, + * Part I: Bounds-checking interfaces + * + * INPUT PARAMETERS + * dest pointer to the memory that will be replaced by src. + * + * dmax maximum number of resulting wide characters in dest + * + * src pointer to the memory that will be copied + * to dest + * + * smax maximum number wide characters of src that can be copied + * + * OUTPUT PARAMETERS + * dest is updated + * + * RUNTIME CONSTRAINTS + * Neither dest nor src shall be a null pointer. + * Neither dmax nor smax shall be 0. + * dmax shall not be greater than RSIZE_MAX_MEM/sizeof(wchar_t). + * smax shall not be greater than dmax. + * If there is a runtime-constraint violation, the wmemmove_s function + * stores zeros in the first dmax characters of the region pointed to + * by dest if dest is not a null pointer and dmax is not greater + * than RSIZE_MAX_MEM/sizeof(wchar_t). + * + * RETURN VALUE + * EOK successful operation + * ESNULLP NULL pointer + * ESZEROL zero length + * ESLEMAX length exceeds max limit + * + * ALSO SEE + * memmove16_s(), memmove32_s(), memcpy_s(), memcpy16_s() memcpy32_s() + * wmemcpy_s() + * + */ +errno_t +wmemmove_s(wchar_t* dest, rsize_t dmax, const wchar_t* src, size_t smax) +{ + wchar_t *dp; + const wchar_t *sp; + + dp= dest; + sp = src; + + if (dp == NULL) { + invoke_safe_mem_constraint_handler("wmemmove_s: dest is null", + NULL, ESNULLP); + return (RCNEGATE(ESNULLP)); + } + + if (dmax == 0) { + invoke_safe_mem_constraint_handler("wmemmove_s: dmax is 0", + NULL, ESZEROL); + return (RCNEGATE(ESZEROL)); + } + + if (dmax*sizeof(wchar_t) > RSIZE_MAX_MEM) { + invoke_safe_mem_constraint_handler("wmemmove_s: dmax exceeds max", + NULL, ESLEMAX); + return (RCNEGATE(ESLEMAX)); + } + + if (smax == 0) { + mem_prim_set(dp, dmax*sizeof(wchar_t), 0); + invoke_safe_mem_constraint_handler("wmemmove_s: smax is 0", + NULL, ESZEROL); + return (RCNEGATE(ESZEROL)); + } + + if (smax > dmax) { + mem_prim_set(dp, dmax*sizeof(wchar_t), 0); + invoke_safe_mem_constraint_handler("wmemmove_s: smax exceeds max", + NULL, ESLEMAX); + return (RCNEGATE(ESLEMAX)); + } + + if (sp == NULL) { + mem_prim_set(dp, dmax*sizeof(wchar_t), 0); + invoke_safe_mem_constraint_handler("wmemmove_s: src is null", + NULL, ESNULLP); + return (RCNEGATE(ESNULLP)); + } + + /* + * now perform the copy + */ + mem_prim_move(dp, sp, smax*sizeof(wchar_t)); + + return (RCNEGATE(EOK)); +} +EXPORT_SYMBOL(wmemmove_s) diff --git a/unittests/test_stpncpy_s.c b/unittests/test_stpncpy_s.c index aecbbfd..52658b9 100644 --- a/unittests/test_stpncpy_s.c +++ b/unittests/test_stpncpy_s.c @@ -1,610 +1,610 @@ -/*------------------------------------------------------------------ - * test_stpncpy_s - * - * September 2014, D Wheeler - * - * Copyright (c) 2014 by Intel Corp - * All rights reserved. - * - * Permission is hereby granted, free of charge, to any person - * obtaining a copy of this software and associated documentation - * files (the "Software"), to deal in the Software without - * restriction, including without limitation the rights to use, - * copy, modify, merge, publish, distribute, sublicense, and/or - * sell copies of the Software, and to permit persons to whom the - * Software is furnished to do so, subject to the following - * conditions: - * - * The above copyright notice and this permission notice shall be - * included in all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES - * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND - * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT - * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, - * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING - * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR - * OTHER DEALINGS IN THE SOFTWARE. - *------------------------------------------------------------------ - *------------------------------------------------------------------ - * TEST COVERAGE NOTES - * - * The following notes describe the purpose of the test cases in - * order to ensure full coverage of all return paths in the code to - * be tested, as well as test for security concerns in the target. - * The test methodology is to perfrom branch-coverage testing to ensure - * all exit paths from the code have been tested. Additional tests are added to - * perform some corner case validation of certain more complex branches - * to verify no side-effects or missing corners are introduced in the code. - * - * BASIC PARAMETER VALIDATION - * TC 1: Test for first parameter, destination char string, being sent in as NULL - * TC 2: Test for second parameter, dest maximum length (dmax), being sent in as zero - * TC 3: Test for second parameter, dest maximum length (dmax), being larger than the maximum allowed size - * TC 4: Test for third parameter, source char string, being sent in as NULL - * - * TEST WHEN SRC & DEST ARE THE SAME - * TC 5: Test for src=dest, but string too long for dmax - * TC 6: Test for src=dest, proper return - * - * TEST WHEN DEST BUFFER < SOURCE BUFFER - * TC 7: Test for overlap of dest buffer into src buffer (src string too long) - * TC12: Test for proper substring copy of string over long string (limited by smax) - * TC13: Test for accurate String copy over existing string, filling dest with dmax with NULLs - * TC14: Test for accurate subString copy over existing string (limited by smax), filling dest wtih dmax nulls - * TC15: Test for accurate subString copy (limited by smax) and adding null terminator, replacing existing string - * TC16: Test copy but not enough space in destination - * TC17: Test for not enough space in destination for null terminator - * TC18: Test for just enough space in destination - * TC19: Test copy short string over long string - * - * - * TEST NON-STANDARD FAILURE CONDITIONS FOR NULL DEST STRINGS - * TC 9: Test copy null string over destination string (dest < src) - * TC10: Test copy NULL string over existing string (dest > src) - * TC11: Test copy string over NULL string (dest < src) - * - * TEST WHEN DEST BUFFER >= SOURCE BUFFER - * TC 8: Test src buffer runs into beginning of dest buffer (src buffer is unterminated or been destroyed by copy) - * - * - * - *------------------------------------------------------------------ - */ - - -#include "test_private.h" -#include "safe_str_lib.h" - -#define MAX ( 128 ) -#define LEN ( 128 ) - -static char str1[LEN]; -static char str2[LEN]; - -extern char *stpncpy_s(char *dest, rsize_t dmax, const char *src, rsize_t smax, errno_t *err); - - -int test_stpncpy_s (void) -{ - char *ret; - errno_t rc; - uint32_t i; - int32_t ind; - rsize_t sz; - unsigned int testno = 0; - - - printf("\nTesting stpncpy_s:\n"); -/*--------------------------------------------------*/ -/* 1 Test for NULL destination check */ -printf("Test #%d:\n", ++testno); - - ret = stpncpy_s(NULL, LEN, str2, LEN, &rc); - if (rc != ESNULLP) { - printf("%s %u Error rc=%u \n", - __FUNCTION__, __LINE__, rc ); - } - - if (ret != NULL) { - printf("Returned pointer incorrect: %s %u Error rc=%u \n", - __FUNCTION__, __LINE__, rc ); - } - -/*--------------------------------------------------*/ -/* 2 Test for zero length destination */ - printf("Test #%d:\n", ++testno); - - ret = stpncpy_s(str1, 0, str2, LEN, &rc); - if (rc != ESZEROL) { - printf("%s %u Error rc=%u \n", - __FUNCTION__, __LINE__, rc ); - } - if (ret != NULL) { - printf("Returned pointer incorrect: %s %u Error rc=%u \n", - __FUNCTION__, __LINE__, rc ); - } - - -/*--------------------------------------------------*/ -/* 3 Test for too large destination size */ - printf("Test #%d:\n", ++testno); - - ret = stpncpy_s(str1, (RSIZE_MAX_STR+1), str2, LEN, &rc); - if (rc != ESLEMAX) { - printf("%s %u Error rc=%u \n", - __FUNCTION__, __LINE__, rc ); - } - if (ret != NULL) { - printf("Returned pointer incorrect: %s %u Error rc=%u \n", - __FUNCTION__, __LINE__, rc ); - } - -/*--------------------------------------------------*/ -/* 4 Test for NULL source check */ - printf("Test #%d:\n", ++testno); - - strcpy(str1, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"); - - ret = stpncpy_s(str1, 5, NULL, LEN, &rc); - if (rc != ESNULLP) { - printf("%s %u Error rc=%u \n", - __FUNCTION__, __LINE__, rc ); - } - - if (ret != NULL) { - printf("Returned pointer incorrect: %s %u Error rc=%u \n", - __FUNCTION__, __LINE__, rc ); - } - -#ifdef SAFE_LIB_STR_NULL_SLACK - for (i=0; i<5; i++) { - if (str1[i] != '\0') { - printf("%s %u Error rc=%u \n", - __FUNCTION__, __LINE__, rc ); - } - } -#else - if (str1[0] != '\0') { - printf("%s %u Error rc=%u \n", - __FUNCTION__, __LINE__, rc ); - } -#endif - - -/*--------------------------------------------------*/ -/* 5 Test for Src is same as dest, but source too long */ - printf("Test #%d:\n", ++testno); - - strcpy(str1, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"); - - sz = strnlen_s(str1, LEN); - ret = stpncpy_s(str1, 5, str1, sz, &rc); - if (rc != ESNOSPC) { - printf("%s %u Error rc=%u \n", - __FUNCTION__, __LINE__, rc ); - } - - - if (ret != NULL) { - printf("Returned pointer incorrect: %s %u Error rc=%u \n", - __FUNCTION__, __LINE__, rc ); - } - - -/*--------------------------------------------------*/ -/* 6 Test copy the same string onto itself */ - printf("Test #%d:\n", ++testno); - - strcpy(str1, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"); - - sz = strnlen_s(str1, LEN); - ret = stpncpy_s(str1, LEN, str1, sz, &rc); - if (rc != EOK) { - printf("%s %u Error rc=%u \n", - __FUNCTION__, __LINE__, rc ); - } - - if (ret == NULL || ret[0] != '\0' || ret != str1+strnlen_s(str1, LEN) ) { - printf("Returned pointer incorrect: %s %u Error rc=%u \n", - __FUNCTION__, __LINE__, rc ); - } - -/*--------------------------------------------------*/ -/* 7 Test for string overlap, destination < src, and - * dest overlaps onto the src string, so a copy would - * change the src string */ - printf("Test #%d:\n", ++testno); - - strcpy(&str1[0], "keep it simple"); - sz = strnlen_s(str1, LEN); - ret = stpncpy_s(&str1[0], LEN, &str1[5], sz, &rc); - if (rc != ESOVRLP) { - printf("%s %u Error rc=%u \n", - __FUNCTION__, __LINE__, rc ); - } - if (ret != NULL) { - printf("Returned pointer incorrect: %s %u Error rc=%u \n", - __FUNCTION__, __LINE__, rc ); - } - -#ifdef SAFE_LIB_STR_NULL_SLACK - for (i=0; i src, and - * src overlaps onto the dest string, so a copy would - * result in an infinite copy operation */ - printf("Test #%d:\n", ++testno); - - strcpy(&str1[0], "keep it simple"); - sz = strnlen_s(str1, LEN); - ret = stpncpy_s(&str1[5], LEN, &str1[0], sz, &rc); - if (rc != ESOVRLP) { - printf("%s %u Error rc=%u \n", - __FUNCTION__, __LINE__, rc ); - } - if (ret != NULL) { - printf("Returned pointer incorrect: %s %u Error rc=%u \n", - __FUNCTION__, __LINE__, rc ); - } - -#ifdef SAFE_LIB_STR_NULL_SLACK - for (i=0; i -%s- (smax=%d) Error rc=%u \n", - __FUNCTION__, __LINE__, str1, str2, sz, rc ); - } - - if (ret == NULL || ret[0] != '\0' || ret != str1+strnlen_s(str1, LEN) ) { - printf("Returned pointer incorrect: %s %u Error rc=%u \n", - __FUNCTION__, __LINE__, rc ); - } - -/*--------------------------------------------------*/ -/* 12 Test for accurate subString copy over existing string */ - printf("Test #%d:\n", ++testno); - - strcpy(str1, "xxxxxxxxxx"); - strcpy(str2, "abcde"); - - ret = stpncpy_s(str1, LEN, str2, 3, &rc); - if (rc != EOK) { - printf("%s %u Error rc=%u \n", - __FUNCTION__, __LINE__, rc ); - } - - if (ret == NULL || ret[0] != '\0' || ret != str1+strnlen_s(str1, LEN) ) { - printf("Returned pointer incorrect: %s %u Error rc=%u \n", - __FUNCTION__, __LINE__, rc ); - } else { - - /* be sure the results are the same as strcmp */ - sz = strnlen_s(str1, LEN); - ind = strncmp(str1, str2, sz); - if (ind != 0 || sz != 3) { - printf("%s %u -%s- <> -%s- (smax=%d) Error rc=%u \n", - __FUNCTION__, __LINE__, str1, str2, sz, rc ); - } - /* be sure that the slack is correct */ - for (i=1; i<6; i++) { - if (ret[i] != 'x') { - printf("%s %u Incorrect Slack at returned ptr index %d Error rc=%u \n", - __FUNCTION__, __LINE__, i, rc ); - } - } - } - -/*--------------------------------------------------*/ -/* 13 Test for accurate String copy with extra nulls over existing string */ - printf("Test #%d:\n", ++testno); - - strcpy(str1, "xxxxxxxxxxxxxxxxxxxx"); - strcpy(str2, "abcde"); - - ret = stpncpy_s(str1, LEN, str2, 10, &rc); - if (rc != EOK) { - printf("%s %u Error rc=%u \n", - __FUNCTION__, __LINE__, rc ); - } - - if (ret == NULL || ret[0] != '\0' || ret != str1+strnlen_s(str1, LEN) ) { - printf("Returned pointer incorrect: %s %u Error rc=%u \n", - __FUNCTION__, __LINE__, rc ); - } else { - - /* be sure the results are the same as strcmp */ - ind = strcmp(str1, str2); - if (ind != 0) { - printf("%s %u -%s- Error rc=%u \n", - __FUNCTION__, __LINE__, str1, rc ); - } else { - /* be sure that the nulls are correct */ - for (i=0; i<5; i++) { - if (ret[i] != '\0') { - printf("%s %u Incorrect NULL fill at returned ptr index %d Error rc=%u \n", - __FUNCTION__, __LINE__, i, rc ); - } - } - /* be sure that the slack is correct */ - for (; i<15; i++) { - if (ret[i] != 'x') { - printf("%s %u Incorrect Slack at returned ptr index %d Error rc=%u \n", - __FUNCTION__, __LINE__, i, rc ); - } - } - } - } - -/*--------------------------------------------------*/ -/* 14 Test for accurate String copy and added null over existing string */ - printf("Test #%d:\n", ++testno); - - strcpy(str1, "xxxxxxxxxx"); - strcpy(str2, "abcde"); - - ret = stpncpy_s(str1, LEN, str2, 5, &rc); - if (rc != EOK) { - printf("%s %u Error rc=%u \n", - __FUNCTION__, __LINE__, rc ); - } - - if (ret == NULL || ret[0] != '\0' || ret != str1+strnlen_s(str1, LEN) ) { - printf("Returned pointer incorrect: %s %u Error rc=%u \n", - __FUNCTION__, __LINE__, rc ); - } else { - - /* be sure the results are the same as strcmp */ - ind = strcmp(str1, str2); - if (ind != 0) { - printf("%s %u -%s- Error rc=%u \n", - __FUNCTION__, __LINE__, str1, rc ); - } else { - /* be sure that the slack is correct */ - for (i=1; i<5; i++) { - if (ret[i] != 'x') { - printf("%s %u Incorrect Slack at returned ptr index %d Error rc=%u \n", - __FUNCTION__, __LINE__, i, rc ); - } - } - } - } - -/*--------------------------------------------------*/ -/* 15 Test for accurate String copy and added null over existing string */ - printf("Test #%d:\n", ++testno); - - strcpy(str1, "xxxxxxxxxx"); - strcpy(str2, "abcde"); - - ret = stpncpy_s(str1, LEN, str2, 6, &rc); - if (rc != EOK) { - printf("%s %u Error rc=%u \n", - __FUNCTION__, __LINE__, rc ); - } - - if (ret == NULL || ret[0] != '\0' || ret != str1+strnlen_s(str1, LEN) ) { - printf("Returned pointer incorrect: %s %u Error rc=%u \n", - __FUNCTION__, __LINE__, rc ); - } else { - - /* be sure the results are the same as strcmp */ - ind = strcmp(str1, str2); - if (ind != 0) { - printf("%s %u -%s- Error rc=%u \n", - __FUNCTION__, __LINE__, str1, rc ); - } else { - /* be sure that the slack is correct */ - for (i=1; i<5; i++) { - if (ret[i] != 'x') { - printf("%s %u Incorrect Slack at returned ptr index %d Error rc=%u \n", - __FUNCTION__, __LINE__, i, rc ); - } - } - } - } - -/*--------------------------------------------------*/ -/* 16 Test for not enough space in destination */ - printf("Test #%d:\n", ++testno); - - strcpy(str1, "qqweqeqeqeq"); - strcpy(str2, "keep it simple"); - sz = strnlen_s(str2, LEN); - - ret = stpncpy_s(str1, 1, str2, sz, &rc); - if (rc != ESNOSPC) { - printf("%s %u Error rc=%u \n", - __FUNCTION__, __LINE__, rc ); - } - if (ret != NULL) { - printf("Returned pointer incorrect: %s %u Error rc=%u \n", - __FUNCTION__, __LINE__, rc ); - } - - if (*str1 != '\0') { - printf("%s %u -%s- Error rc=%u \n", - __FUNCTION__, __LINE__, str1, rc ); - } - -/*--------------------------------------------------*/ -/* 17 Test for not enough space in destination for null terminator */ - printf("Test #%d:\n", ++testno); - - strcpy(str1, "qqweqeqeqeq"); - strcpy(str2, "keep it simple"); - sz = strnlen_s(str2, LEN); - - ret = stpncpy_s(str1, 14, str2, sz, &rc); - if (rc != ESNOSPC) { - printf("%s %u Error rc=%u \n", - __FUNCTION__, __LINE__, rc ); - } - if (ret != NULL) { - printf("Returned pointer incorrect: %s %u Error rc=%u \n", - __FUNCTION__, __LINE__, rc ); - } - - if (*str1 != '\0') { - printf("%s %u -%s- Error rc=%u \n", - __FUNCTION__, __LINE__, str1, rc ); - } - -/*--------------------------------------------------*/ -/* 18: Test for just enough space in destination */ - printf("Test #%d:\n", ++testno); - - strcpy(str1, "qqweqeqeqeq"); - strcpy(str2, "it"); - sz = strnlen_s(str2, LEN); - - ret = stpncpy_s(str1, 3, str2, sz, &rc); - if (rc != EOK) { - printf("%s %u Error rc=%u \n", - __FUNCTION__, __LINE__, rc ); - } - - /* be sure the results are the same as strcmp */ - ind = strcmp(str1, str2); - if (ind != 0) { - printf("%s %u -%s- Error rc=%u \n", - __FUNCTION__, __LINE__, str1, rc ); - } - if (ret == NULL || ret[0] != '\0' || ret != str1+strnlen_s(str1, LEN) ) { - printf("Returned pointer incorrect: %s %u Error rc=%u \n", - __FUNCTION__, __LINE__, rc ); - } - -/*--------------------------------------------------*/ -/* 19: Test copy short string over long string */ - printf("Test #%d:\n", ++testno); - - strcpy(str1, "qq12345weqeqeqeq"); - strcpy(str2, "it"); - - ret = stpncpy_s(str1, 10, str2, 2, &rc); - if (rc != EOK) { - printf("%s %u Error rc=%u \n", - __FUNCTION__, __LINE__, rc ); - } - if (ret == NULL || ret[0] != '\0' || ret != str1+strnlen_s(str1, LEN) ) { - printf("Returned pointer incorrect: %s %u Error rc=%u \n", - __FUNCTION__, __LINE__, rc ); - } - - /* be sure the results are the same as strcpy */ - ind = strcmp(str1, str2); - if (ind != 0) { - printf("%s %u -%s- Error rc=%u \n", - __FUNCTION__, __LINE__, str1, rc ); - } - - /*--------------------------------------------------*/ - - return (0); -} - +/*------------------------------------------------------------------ + * test_stpncpy_s + * + * September 2014, D Wheeler + * + * Copyright (c) 2014 by Intel Corp + * All rights reserved. + * + * Permission is hereby granted, free of charge, to any person + * obtaining a copy of this software and associated documentation + * files (the "Software"), to deal in the Software without + * restriction, including without limitation the rights to use, + * copy, modify, merge, publish, distribute, sublicense, and/or + * sell copies of the Software, and to permit persons to whom the + * Software is furnished to do so, subject to the following + * conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES + * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT + * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, + * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING + * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR + * OTHER DEALINGS IN THE SOFTWARE. + *------------------------------------------------------------------ + *------------------------------------------------------------------ + * TEST COVERAGE NOTES + * + * The following notes describe the purpose of the test cases in + * order to ensure full coverage of all return paths in the code to + * be tested, as well as test for security concerns in the target. + * The test methodology is to perfrom branch-coverage testing to ensure + * all exit paths from the code have been tested. Additional tests are added to + * perform some corner case validation of certain more complex branches + * to verify no side-effects or missing corners are introduced in the code. + * + * BASIC PARAMETER VALIDATION + * TC 1: Test for first parameter, destination char string, being sent in as NULL + * TC 2: Test for second parameter, dest maximum length (dmax), being sent in as zero + * TC 3: Test for second parameter, dest maximum length (dmax), being larger than the maximum allowed size + * TC 4: Test for third parameter, source char string, being sent in as NULL + * + * TEST WHEN SRC & DEST ARE THE SAME + * TC 5: Test for src=dest, but string too long for dmax + * TC 6: Test for src=dest, proper return + * + * TEST WHEN DEST BUFFER < SOURCE BUFFER + * TC 7: Test for overlap of dest buffer into src buffer (src string too long) + * TC12: Test for proper substring copy of string over long string (limited by smax) + * TC13: Test for accurate String copy over existing string, filling dest with dmax with NULLs + * TC14: Test for accurate subString copy over existing string (limited by smax), filling dest wtih dmax nulls + * TC15: Test for accurate subString copy (limited by smax) and adding null terminator, replacing existing string + * TC16: Test copy but not enough space in destination + * TC17: Test for not enough space in destination for null terminator + * TC18: Test for just enough space in destination + * TC19: Test copy short string over long string + * + * + * TEST NON-STANDARD FAILURE CONDITIONS FOR NULL DEST STRINGS + * TC 9: Test copy null string over destination string (dest < src) + * TC10: Test copy NULL string over existing string (dest > src) + * TC11: Test copy string over NULL string (dest < src) + * + * TEST WHEN DEST BUFFER >= SOURCE BUFFER + * TC 8: Test src buffer runs into beginning of dest buffer (src buffer is unterminated or been destroyed by copy) + * + * + * + *------------------------------------------------------------------ + */ + + +#include "test_private.h" +#include "safe_str_lib.h" + +#define MAX ( 128 ) +#define LEN ( 128 ) + +static char str1[LEN]; +static char str2[LEN]; + +extern char *stpncpy_s(char *dest, rsize_t dmax, const char *src, rsize_t smax, errno_t *err); + + +int test_stpncpy_s (void) +{ + char *ret; + errno_t rc; + uint32_t i; + int32_t ind; + rsize_t sz; + unsigned int testno = 0; + + + printf("\nTesting stpncpy_s:\n"); +/*--------------------------------------------------*/ +/* 1 Test for NULL destination check */ +printf("Test #%d:\n", ++testno); + + ret = stpncpy_s(NULL, LEN, str2, LEN, &rc); + if (rc != ESNULLP) { + printf("%s %u Error rc=%u \n", + __FUNCTION__, __LINE__, rc ); + } + + if (ret != NULL) { + printf("Returned pointer incorrect: %s %u Error rc=%u \n", + __FUNCTION__, __LINE__, rc ); + } + +/*--------------------------------------------------*/ +/* 2 Test for zero length destination */ + printf("Test #%d:\n", ++testno); + + ret = stpncpy_s(str1, 0, str2, LEN, &rc); + if (rc != ESZEROL) { + printf("%s %u Error rc=%u \n", + __FUNCTION__, __LINE__, rc ); + } + if (ret != NULL) { + printf("Returned pointer incorrect: %s %u Error rc=%u \n", + __FUNCTION__, __LINE__, rc ); + } + + +/*--------------------------------------------------*/ +/* 3 Test for too large destination size */ + printf("Test #%d:\n", ++testno); + + ret = stpncpy_s(str1, (RSIZE_MAX_STR+1), str2, LEN, &rc); + if (rc != ESLEMAX) { + printf("%s %u Error rc=%u \n", + __FUNCTION__, __LINE__, rc ); + } + if (ret != NULL) { + printf("Returned pointer incorrect: %s %u Error rc=%u \n", + __FUNCTION__, __LINE__, rc ); + } + +/*--------------------------------------------------*/ +/* 4 Test for NULL source check */ + printf("Test #%d:\n", ++testno); + + strcpy(str1, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"); + + ret = stpncpy_s(str1, 5, NULL, LEN, &rc); + if (rc != ESNULLP) { + printf("%s %u Error rc=%u \n", + __FUNCTION__, __LINE__, rc ); + } + + if (ret != NULL) { + printf("Returned pointer incorrect: %s %u Error rc=%u \n", + __FUNCTION__, __LINE__, rc ); + } + +#ifdef SAFE_LIB_STR_NULL_SLACK + for (i=0; i<5; i++) { + if (str1[i] != '\0') { + printf("%s %u Error rc=%u \n", + __FUNCTION__, __LINE__, rc ); + } + } +#else + if (str1[0] != '\0') { + printf("%s %u Error rc=%u \n", + __FUNCTION__, __LINE__, rc ); + } +#endif + + +/*--------------------------------------------------*/ +/* 5 Test for Src is same as dest, but source too long */ + printf("Test #%d:\n", ++testno); + + strcpy(str1, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"); + + sz = strnlen_s(str1, LEN); + ret = stpncpy_s(str1, 5, str1, sz, &rc); + if (rc != ESNOSPC) { + printf("%s %u Error rc=%u \n", + __FUNCTION__, __LINE__, rc ); + } + + + if (ret != NULL) { + printf("Returned pointer incorrect: %s %u Error rc=%u \n", + __FUNCTION__, __LINE__, rc ); + } + + +/*--------------------------------------------------*/ +/* 6 Test copy the same string onto itself */ + printf("Test #%d:\n", ++testno); + + strcpy(str1, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"); + + sz = strnlen_s(str1, LEN); + ret = stpncpy_s(str1, LEN, str1, sz, &rc); + if (rc != EOK) { + printf("%s %u Error rc=%u \n", + __FUNCTION__, __LINE__, rc ); + } + + if (ret == NULL || ret[0] != '\0' || ret != str1+strnlen_s(str1, LEN) ) { + printf("Returned pointer incorrect: %s %u Error rc=%u \n", + __FUNCTION__, __LINE__, rc ); + } + +/*--------------------------------------------------*/ +/* 7 Test for string overlap, destination < src, and + * dest overlaps onto the src string, so a copy would + * change the src string */ + printf("Test #%d:\n", ++testno); + + strcpy(&str1[0], "keep it simple"); + sz = strnlen_s(str1, LEN); + ret = stpncpy_s(&str1[0], LEN, &str1[5], sz, &rc); + if (rc != ESOVRLP) { + printf("%s %u Error rc=%u \n", + __FUNCTION__, __LINE__, rc ); + } + if (ret != NULL) { + printf("Returned pointer incorrect: %s %u Error rc=%u \n", + __FUNCTION__, __LINE__, rc ); + } + +#ifdef SAFE_LIB_STR_NULL_SLACK + for (i=0; i src, and + * src overlaps onto the dest string, so a copy would + * result in an infinite copy operation */ + printf("Test #%d:\n", ++testno); + + strcpy(&str1[0], "keep it simple"); + sz = strnlen_s(str1, LEN); + ret = stpncpy_s(&str1[5], LEN, &str1[0], sz, &rc); + if (rc != ESOVRLP) { + printf("%s %u Error rc=%u \n", + __FUNCTION__, __LINE__, rc ); + } + if (ret != NULL) { + printf("Returned pointer incorrect: %s %u Error rc=%u \n", + __FUNCTION__, __LINE__, rc ); + } + +#ifdef SAFE_LIB_STR_NULL_SLACK + for (i=0; i -%s- (smax=%d) Error rc=%u \n", + __FUNCTION__, __LINE__, str1, str2, sz, rc ); + } + + if (ret == NULL || ret[0] != '\0' || ret != str1+strnlen_s(str1, LEN) ) { + printf("Returned pointer incorrect: %s %u Error rc=%u \n", + __FUNCTION__, __LINE__, rc ); + } + +/*--------------------------------------------------*/ +/* 12 Test for accurate subString copy over existing string */ + printf("Test #%d:\n", ++testno); + + strcpy(str1, "xxxxxxxxxx"); + strcpy(str2, "abcde"); + + ret = stpncpy_s(str1, LEN, str2, 3, &rc); + if (rc != EOK) { + printf("%s %u Error rc=%u \n", + __FUNCTION__, __LINE__, rc ); + } + + if (ret == NULL || ret[0] != '\0' || ret != str1+strnlen_s(str1, LEN) ) { + printf("Returned pointer incorrect: %s %u Error rc=%u \n", + __FUNCTION__, __LINE__, rc ); + } else { + + /* be sure the results are the same as strcmp */ + sz = strnlen_s(str1, LEN); + ind = strncmp(str1, str2, sz); + if (ind != 0 || sz != 3) { + printf("%s %u -%s- <> -%s- (smax=%d) Error rc=%u \n", + __FUNCTION__, __LINE__, str1, str2, sz, rc ); + } + /* be sure that the slack is correct */ + for (i=1; i<6; i++) { + if (ret[i] != 'x') { + printf("%s %u Incorrect Slack at returned ptr index %d Error rc=%u \n", + __FUNCTION__, __LINE__, i, rc ); + } + } + } + +/*--------------------------------------------------*/ +/* 13 Test for accurate String copy with extra nulls over existing string */ + printf("Test #%d:\n", ++testno); + + strcpy(str1, "xxxxxxxxxxxxxxxxxxxx"); + strcpy(str2, "abcde"); + + ret = stpncpy_s(str1, LEN, str2, 10, &rc); + if (rc != EOK) { + printf("%s %u Error rc=%u \n", + __FUNCTION__, __LINE__, rc ); + } + + if (ret == NULL || ret[0] != '\0' || ret != str1+strnlen_s(str1, LEN) ) { + printf("Returned pointer incorrect: %s %u Error rc=%u \n", + __FUNCTION__, __LINE__, rc ); + } else { + + /* be sure the results are the same as strcmp */ + ind = strcmp(str1, str2); + if (ind != 0) { + printf("%s %u -%s- Error rc=%u \n", + __FUNCTION__, __LINE__, str1, rc ); + } else { + /* be sure that the nulls are correct */ + for (i=0; i<5; i++) { + if (ret[i] != '\0') { + printf("%s %u Incorrect NULL fill at returned ptr index %d Error rc=%u \n", + __FUNCTION__, __LINE__, i, rc ); + } + } + /* be sure that the slack is correct */ + for (; i<15; i++) { + if (ret[i] != 'x') { + printf("%s %u Incorrect Slack at returned ptr index %d Error rc=%u \n", + __FUNCTION__, __LINE__, i, rc ); + } + } + } + } + +/*--------------------------------------------------*/ +/* 14 Test for accurate String copy and added null over existing string */ + printf("Test #%d:\n", ++testno); + + strcpy(str1, "xxxxxxxxxx"); + strcpy(str2, "abcde"); + + ret = stpncpy_s(str1, LEN, str2, 5, &rc); + if (rc != EOK) { + printf("%s %u Error rc=%u \n", + __FUNCTION__, __LINE__, rc ); + } + + if (ret == NULL || ret[0] != '\0' || ret != str1+strnlen_s(str1, LEN) ) { + printf("Returned pointer incorrect: %s %u Error rc=%u \n", + __FUNCTION__, __LINE__, rc ); + } else { + + /* be sure the results are the same as strcmp */ + ind = strcmp(str1, str2); + if (ind != 0) { + printf("%s %u -%s- Error rc=%u \n", + __FUNCTION__, __LINE__, str1, rc ); + } else { + /* be sure that the slack is correct */ + for (i=1; i<5; i++) { + if (ret[i] != 'x') { + printf("%s %u Incorrect Slack at returned ptr index %d Error rc=%u \n", + __FUNCTION__, __LINE__, i, rc ); + } + } + } + } + +/*--------------------------------------------------*/ +/* 15 Test for accurate String copy and added null over existing string */ + printf("Test #%d:\n", ++testno); + + strcpy(str1, "xxxxxxxxxx"); + strcpy(str2, "abcde"); + + ret = stpncpy_s(str1, LEN, str2, 6, &rc); + if (rc != EOK) { + printf("%s %u Error rc=%u \n", + __FUNCTION__, __LINE__, rc ); + } + + if (ret == NULL || ret[0] != '\0' || ret != str1+strnlen_s(str1, LEN) ) { + printf("Returned pointer incorrect: %s %u Error rc=%u \n", + __FUNCTION__, __LINE__, rc ); + } else { + + /* be sure the results are the same as strcmp */ + ind = strcmp(str1, str2); + if (ind != 0) { + printf("%s %u -%s- Error rc=%u \n", + __FUNCTION__, __LINE__, str1, rc ); + } else { + /* be sure that the slack is correct */ + for (i=1; i<5; i++) { + if (ret[i] != 'x') { + printf("%s %u Incorrect Slack at returned ptr index %d Error rc=%u \n", + __FUNCTION__, __LINE__, i, rc ); + } + } + } + } + +/*--------------------------------------------------*/ +/* 16 Test for not enough space in destination */ + printf("Test #%d:\n", ++testno); + + strcpy(str1, "qqweqeqeqeq"); + strcpy(str2, "keep it simple"); + sz = strnlen_s(str2, LEN); + + ret = stpncpy_s(str1, 1, str2, sz, &rc); + if (rc != ESNOSPC) { + printf("%s %u Error rc=%u \n", + __FUNCTION__, __LINE__, rc ); + } + if (ret != NULL) { + printf("Returned pointer incorrect: %s %u Error rc=%u \n", + __FUNCTION__, __LINE__, rc ); + } + + if (*str1 != '\0') { + printf("%s %u -%s- Error rc=%u \n", + __FUNCTION__, __LINE__, str1, rc ); + } + +/*--------------------------------------------------*/ +/* 17 Test for not enough space in destination for null terminator */ + printf("Test #%d:\n", ++testno); + + strcpy(str1, "qqweqeqeqeq"); + strcpy(str2, "keep it simple"); + sz = strnlen_s(str2, LEN); + + ret = stpncpy_s(str1, 14, str2, sz, &rc); + if (rc != ESNOSPC) { + printf("%s %u Error rc=%u \n", + __FUNCTION__, __LINE__, rc ); + } + if (ret != NULL) { + printf("Returned pointer incorrect: %s %u Error rc=%u \n", + __FUNCTION__, __LINE__, rc ); + } + + if (*str1 != '\0') { + printf("%s %u -%s- Error rc=%u \n", + __FUNCTION__, __LINE__, str1, rc ); + } + +/*--------------------------------------------------*/ +/* 18: Test for just enough space in destination */ + printf("Test #%d:\n", ++testno); + + strcpy(str1, "qqweqeqeqeq"); + strcpy(str2, "it"); + sz = strnlen_s(str2, LEN); + + ret = stpncpy_s(str1, 3, str2, sz, &rc); + if (rc != EOK) { + printf("%s %u Error rc=%u \n", + __FUNCTION__, __LINE__, rc ); + } + + /* be sure the results are the same as strcmp */ + ind = strcmp(str1, str2); + if (ind != 0) { + printf("%s %u -%s- Error rc=%u \n", + __FUNCTION__, __LINE__, str1, rc ); + } + if (ret == NULL || ret[0] != '\0' || ret != str1+strnlen_s(str1, LEN) ) { + printf("Returned pointer incorrect: %s %u Error rc=%u \n", + __FUNCTION__, __LINE__, rc ); + } + +/*--------------------------------------------------*/ +/* 19: Test copy short string over long string */ + printf("Test #%d:\n", ++testno); + + strcpy(str1, "qq12345weqeqeqeq"); + strcpy(str2, "it"); + + ret = stpncpy_s(str1, 10, str2, 2, &rc); + if (rc != EOK) { + printf("%s %u Error rc=%u \n", + __FUNCTION__, __LINE__, rc ); + } + if (ret == NULL || ret[0] != '\0' || ret != str1+strnlen_s(str1, LEN) ) { + printf("Returned pointer incorrect: %s %u Error rc=%u \n", + __FUNCTION__, __LINE__, rc ); + } + + /* be sure the results are the same as strcpy */ + ind = strcmp(str1, str2); + if (ind != 0) { + printf("%s %u -%s- Error rc=%u \n", + __FUNCTION__, __LINE__, str1, rc ); + } + + /*--------------------------------------------------*/ + + return (0); +} + diff --git a/unittests/test_strcasestr_s.c b/unittests/test_strcasestr_s.c index 1e64885..7d831df 100644 --- a/unittests/test_strcasestr_s.c +++ b/unittests/test_strcasestr_s.c @@ -1,434 +1,434 @@ -/*------------------------------------------------------------------ - * test_strcasestr_s - * - * - *------------------------------------------------------------------ - */ - -#include "test_private.h" -#include "safe_str_lib.h" - -#define LEN ( 128 ) -#define SHORT_LEN ( 5 ) - -extern errno_t strcasestr_s (char *dest, rsize_t dmax, const char *src, rsize_t slen, char **substring); - -int test_strcasestr_s() -{ - errno_t rc; - char *sub; - char *std_sub; - - rsize_t len1; - rsize_t len2; - - char str1[LEN]; - char str2[LEN]; - - -/*--------------------------------------------------*/ - - rc = strcasestr_s(NULL, LEN, str2, LEN, &sub); - if (rc != ESNULLP) { - printf("%s %u Error rc=%d \n", - __FUNCTION__, __LINE__, rc); - } - - if (sub) { - printf("%s %u Error rc=%d \n", - __FUNCTION__, __LINE__, rc); - } - -/*--------------------------------------------------*/ - - rc = strcasestr_s(str1, LEN, NULL, LEN, &sub); - if (rc != ESNULLP) { - printf("%s %u Error rc=%d \n", - __FUNCTION__, __LINE__, rc); - } - - if (sub) { - printf("%s %u Error rc=%d \n", - __FUNCTION__, __LINE__, rc); - } - -/*--------------------------------------------------*/ - - rc = strcasestr_s(str1, LEN, str2, LEN, NULL); - if (rc != ESNULLP) { - printf("%s %u Error rc=%d \n", - __FUNCTION__, __LINE__, rc); - } - -/*--------------------------------------------------*/ - - rc = strcasestr_s(str1, 0, str2, LEN, &sub); - if (rc != ESZEROL) { - printf("%s %u Error rc=%d \n", - __FUNCTION__, __LINE__, rc); - } - - if (sub) { - printf("%s %u Error rc=%d \n", - __FUNCTION__, __LINE__, rc); - } - -/*--------------------------------------------------*/ - - rc = strcasestr_s(str1, RSIZE_MAX_STR+1, str2, LEN, &sub); - if (rc != ESLEMAX) { - printf("%s %u Error rc=%d \n", - __FUNCTION__, __LINE__, rc); - } - - if (sub) { - printf("%s %u Error rc=%d \n", - __FUNCTION__, __LINE__, rc); - } - -/*--------------------------------------------------*/ - - rc = strcasestr_s(str1, LEN, str2, 0, &sub); - if (rc != ESZEROL) { - printf("%s %u Error rc=%d \n", - __FUNCTION__, __LINE__, rc); - } - - if (sub) { - printf("%s %u Error rc=%d \n", - __FUNCTION__, __LINE__, rc); - } - -/*--------------------------------------------------*/ - - rc = strcasestr_s(str1, LEN, str2, RSIZE_MAX_STR+1, &sub); - if (rc != ESLEMAX) { - printf("%s %u Error rc=%d \n", - __FUNCTION__, __LINE__, rc); - } - - if (sub) { - printf("%s %u Error rc=%d \n", - __FUNCTION__, __LINE__, rc); - } - -/*--------------------------------------------------*/ - - *str1 = '\0'; - *str2 = '\0'; - - rc = strcasestr_s(str1, LEN, str2, LEN, &sub); - if (rc != EOK) { - printf("%s %u Error rc=%d \n", - __FUNCTION__, __LINE__, rc); - } - - if (sub != str1) { - printf("%s %u Error rc=%d \n", - __FUNCTION__, __LINE__, rc); - } - - /* compare to legacy */ - std_sub = strcasestr(str1, str2); - if ((int)sub != (int)std_sub) { // comparison to handle 32-bit library return and 64-bit library return - printf("%s %u Error strcasestr_s() does not have same return as strcasestr() when str1 & str2 are zero length strings. rc=%u \n", - __FUNCTION__, __LINE__, rc); - printf("str1:[%s]\n", str1); - printf("str2:[%s]\n", str2); - printf("strcasestr_s returns:[%x]\n", sub); - printf("strcasestr returns:[%x]\n\n", std_sub); - } - -/*--------------------------------------------------*/ - - *str1 = '\0'; - strcpy(str1, "key"); - - rc = strcasestr_s(str1, LEN, str2, LEN, &sub); - if (rc != EOK) { - printf("%s %u Error rc=%d \n", - __FUNCTION__, __LINE__, rc); - } - - if (sub != str1) { - printf("%s %u Error rc=%d \n", - __FUNCTION__, __LINE__, rc); - } - - /* compare to legacy */ - std_sub = strcasestr(str1, str2); - if ((int)sub != (int)std_sub) { // comparison to handle 32-bit library return and 64-bit library return - printf("%s %u Error strcasestr_s() does not have same return value as strcasestr() when str2 is zero length string. rc=%u \n", - __FUNCTION__, __LINE__, rc); - printf("str1:[%s]\n", str1); - printf("str2:[%s]\n", str2); - printf("strcasestr_s returns:[%x]\n", sub); - printf("strcasestr returns:[%x]\n\n", std_sub); - } - -/*--------------------------------------------------*/ - - strcpy(str1, "keep it all together"); - *str2 = '\0'; - - /* str2 being empty, must return str1 */ - rc = strcasestr_s(str1, LEN, str2, LEN, &sub); - if (rc != EOK) { - printf("%s %u Error rc=%d \n", - __FUNCTION__, __LINE__, rc); - } - - if (sub != str1) { - printf("%s %u Error rc=%d \n", - __FUNCTION__, __LINE__, rc); - } - - /* compare to legacy */ - std_sub = strcasestr(str1, str2); - if ((int)sub != (int)std_sub) { // comparison to handle 32-bit library return and 64-bit library return - printf("%s %u Error strcasestr_s() does not have same return value as strcasestr() when str2 is zero length string. rc=%u \n", - __FUNCTION__, __LINE__, rc); - printf("str1:[%s]\n", str1); - printf("str2:[%s]\n", str2); - printf("strcasestr_s returns:[%p]\n", sub); - printf("strcasestr returns:[%p]\n\n", std_sub); - } - -/*--------------------------------------------------*/ - - strcpy(str1, "keep it all together"); - strcpy(str2, "kee"); - - /* substring at beginning */ - rc = strcasestr_s(str1, LEN, str2, LEN, &sub); - if (rc != EOK) { - printf("%s %u Error rc=%d \n", - __FUNCTION__, __LINE__, rc); - } - - if (sub != &str1[0]) { - printf("%s %u Error rc=%d \n", - __FUNCTION__, __LINE__, rc); - } - -/*--------------------------------------------------*/ - - strcpy(str1, "keep it all together"); - strcpy(str2, "eep it"); - - /* substring in the middle */ - rc = strcasestr_s(str1, LEN, str2, LEN, &sub); - if (rc != EOK) { - printf("%s %u Error rc=%d \n", - __FUNCTION__, __LINE__, rc); - } - - if (sub != &str1[1]) { - printf("%s %u Error rc=%d \n", - __FUNCTION__, __LINE__, rc); - } - -/*--------------------------------------------------*/ - - strcpy(str1, "keep it all together"); - strcpy(str2, "ethe"); - - /* substring in the middle */ - rc = strcasestr_s(str1, LEN, str2, LEN, &sub); - if (rc != EOK) { - printf("%s %u Error rc=%d \n", - __FUNCTION__, __LINE__, rc); - } - - if (sub != &str1[15]) { - printf("%s %u Error rc=%d \n", - __FUNCTION__, __LINE__, rc); - } - -/*--------------------------------------------------*/ - - strcpy(str1, "keep it all together"); - strcpy(str2, "er"); - - len1 = strlen(str1); - len2 = strlen(str2); - - /* substring at the end */ - rc = strcasestr_s(str1, len1, str2, len2, &sub); - if (rc != EOK) { - printf("%s %u Error rc=%d \n", - __FUNCTION__, __LINE__, rc); - } - - if (sub != &str1[18]) { - printf("%s %u Error rc=%d \n", - __FUNCTION__, __LINE__, rc); - } - - /* compare to legacy */ - std_sub = strcasestr(str1, str2); - if ((int)sub != (int)std_sub) { // comparison to handle 32-bit library return and 64-bit library return - printf("%s %u Error strcasestr_s() does not have same return value as strcasestr() when str2 is substring of the end of str1. rc=%u \n", - __FUNCTION__, __LINE__, rc); - printf("str1:[%s]\n", str1); - printf("str2:[%s]\n", str2); - printf("strcasestr_s returns:[%p]\n", sub); - printf("strcasestr returns:[%p]\n\n", std_sub); - } - -/*--------------------------------------------------*/ - - strcpy(str1, "keep it all together"); - strcpy(str2, "er"); - - len1 = strlen(str1); - len2 = strlen(str2); - - /* substring at the end */ - rc = strcasestr_s(str1, len1, str2, 2, &sub); - if (rc != EOK) { - printf("%s %u Error rc=%d \n", - __FUNCTION__, __LINE__, rc); - } - - if (sub != &str1[18]) { - printf("%s %u Error rc=%d \n", - __FUNCTION__, __LINE__, rc); - } - - /* compare to legacy */ - std_sub = strcasestr(str1, str2); - if ((int)sub != (int)std_sub) { // comparison to handle 32-bit library return and 64-bit library return - printf("%s %u Error strcasestr_s() does not have same return value as strcasestr() when str2 is substring of middle of str1. rc=%u \n", - __FUNCTION__, __LINE__, rc); - printf("str1:[%s]\n", str1); - printf("str2:[%s]\n", str2); - printf("strcasestr_s returns:[%p]\n", sub); - printf("strcasestr returns:[%p]\n\n", std_sub); - } - -/*--------------------------------------------------*/ - - strcpy(str1, "keep it all together"); - strcpy(str2, "it all"); - - rc = strcasestr_s(str1, 3, str2, LEN, &sub); - if (rc != ESNOTFND) { - printf("%s %u Error rc=%d \n", - __FUNCTION__, __LINE__, rc); - } - - if (sub != NULL) { - printf("%s %u Error rc=%d \n", - __FUNCTION__, __LINE__, rc); - } - -/*--------------------------------------------------*/ - - strcpy(str1, "keep it all together"); - strcpy(str2, "it all"); - - rc = strcasestr_s(str1, LEN, str2, 1, &sub); - if (rc != EOK) { - printf("%s %u Error rc=%d \n", - __FUNCTION__, __LINE__, rc); - } - - if (sub != &str1[5]) { - printf("%s %u Error rc=%d \n", - __FUNCTION__, __LINE__, rc); - } - -/*--------------------------------------------------*/ - - strcpy(str1, "keep it all together"); - strcpy(str2, "it all"); - - rc = strcasestr_s(str1, LEN, str2, 2, &sub); - if (rc != EOK) { - printf("%s %u Error rc=%d \n", - __FUNCTION__, __LINE__, rc); - } - - if (sub != &str1[5]) { - printf("%s %u Error rc=%d \n", - __FUNCTION__, __LINE__, rc); - } - -/*--------------------------------------------------*/ - - strcpy(str1, "keep it all together"); - strcpy(str2, "it all"); - - rc = strcasestr_s(str1, LEN, str2, 5, &sub); - if (rc != EOK) { - printf("%s %u Error rc=%d \n", - __FUNCTION__, __LINE__, rc); - } - - if (sub != &str1[5]) { - printf("%s %u Error rc=%d \n", - __FUNCTION__, __LINE__, rc); - } - -/*--------------------------------------------------*/ - - strcpy(str1, "keep it all together"); - strcpy(str2, "1234"); - - len1 = strlen(str1); - rc = strcasestr_s(str1, len1, str2, LEN, &sub); - if (rc != ESNOTFND) { - printf("%s %u Error rc=%d \n", - __FUNCTION__, __LINE__, rc); - } - - if (sub != NULL) { - printf("%s %u Error rc=%d \n", - __FUNCTION__, __LINE__, rc); - } - -/*--------------------------------------------------*/ - - strcpy(str1, "keep it all together"); - strcpy(str2, "IT ALL"); - - rc = strcasestr_s(str1, LEN, str2, LEN, &sub); - if (rc != EOK) { - printf("%s %u Error rc=%d \n", - __FUNCTION__, __LINE__, rc); - } - - if (sub != &str1[5]) { - printf("%s %u Error rc=%d \n", - __FUNCTION__, __LINE__, rc); - } - -/*--------------------------------------------------*/ - - strcpy(str1, "keep it all together"); - strcpy(str2, "EEP"); - - /* validate */ - rc = strcasestr_s(str1, LEN, str2, LEN, &sub); - if (rc != EOK) { - printf("%s %u Error rc=%u \n", - __FUNCTION__, __LINE__, rc); - } - - if (sub != &str1[1]) { - printf("%s %u Error rc=%u \n", - __FUNCTION__, __LINE__, rc); - } - - /* compare to legacy */ - std_sub = strcasestr(str1, str2); - if ((int)sub != (int)std_sub) { // comparison to handle 32-bit library return and 64-bit library return - printf("%s %u Error rc=%u \n", - __FUNCTION__, __LINE__, rc); - } - -/*--------------------------------------------------*/ - - return (0); -} +/*------------------------------------------------------------------ + * test_strcasestr_s + * + * + *------------------------------------------------------------------ + */ + +#include "test_private.h" +#include "safe_str_lib.h" + +#define LEN ( 128 ) +#define SHORT_LEN ( 5 ) + +extern errno_t strcasestr_s (char *dest, rsize_t dmax, const char *src, rsize_t slen, char **substring); + +int test_strcasestr_s() +{ + errno_t rc; + char *sub; + char *std_sub; + + rsize_t len1; + rsize_t len2; + + char str1[LEN]; + char str2[LEN]; + + +/*--------------------------------------------------*/ + + rc = strcasestr_s(NULL, LEN, str2, LEN, &sub); + if (rc != ESNULLP) { + printf("%s %u Error rc=%d \n", + __FUNCTION__, __LINE__, rc); + } + + if (sub) { + printf("%s %u Error rc=%d \n", + __FUNCTION__, __LINE__, rc); + } + +/*--------------------------------------------------*/ + + rc = strcasestr_s(str1, LEN, NULL, LEN, &sub); + if (rc != ESNULLP) { + printf("%s %u Error rc=%d \n", + __FUNCTION__, __LINE__, rc); + } + + if (sub) { + printf("%s %u Error rc=%d \n", + __FUNCTION__, __LINE__, rc); + } + +/*--------------------------------------------------*/ + + rc = strcasestr_s(str1, LEN, str2, LEN, NULL); + if (rc != ESNULLP) { + printf("%s %u Error rc=%d \n", + __FUNCTION__, __LINE__, rc); + } + +/*--------------------------------------------------*/ + + rc = strcasestr_s(str1, 0, str2, LEN, &sub); + if (rc != ESZEROL) { + printf("%s %u Error rc=%d \n", + __FUNCTION__, __LINE__, rc); + } + + if (sub) { + printf("%s %u Error rc=%d \n", + __FUNCTION__, __LINE__, rc); + } + +/*--------------------------------------------------*/ + + rc = strcasestr_s(str1, RSIZE_MAX_STR+1, str2, LEN, &sub); + if (rc != ESLEMAX) { + printf("%s %u Error rc=%d \n", + __FUNCTION__, __LINE__, rc); + } + + if (sub) { + printf("%s %u Error rc=%d \n", + __FUNCTION__, __LINE__, rc); + } + +/*--------------------------------------------------*/ + + rc = strcasestr_s(str1, LEN, str2, 0, &sub); + if (rc != ESZEROL) { + printf("%s %u Error rc=%d \n", + __FUNCTION__, __LINE__, rc); + } + + if (sub) { + printf("%s %u Error rc=%d \n", + __FUNCTION__, __LINE__, rc); + } + +/*--------------------------------------------------*/ + + rc = strcasestr_s(str1, LEN, str2, RSIZE_MAX_STR+1, &sub); + if (rc != ESLEMAX) { + printf("%s %u Error rc=%d \n", + __FUNCTION__, __LINE__, rc); + } + + if (sub) { + printf("%s %u Error rc=%d \n", + __FUNCTION__, __LINE__, rc); + } + +/*--------------------------------------------------*/ + + *str1 = '\0'; + *str2 = '\0'; + + rc = strcasestr_s(str1, LEN, str2, LEN, &sub); + if (rc != EOK) { + printf("%s %u Error rc=%d \n", + __FUNCTION__, __LINE__, rc); + } + + if (sub != str1) { + printf("%s %u Error rc=%d \n", + __FUNCTION__, __LINE__, rc); + } + + /* compare to legacy */ + std_sub = strcasestr(str1, str2); + if ((int)sub != (int)std_sub) { // comparison to handle 32-bit library return and 64-bit library return + printf("%s %u Error strcasestr_s() does not have same return as strcasestr() when str1 & str2 are zero length strings. rc=%u \n", + __FUNCTION__, __LINE__, rc); + printf("str1:[%s]\n", str1); + printf("str2:[%s]\n", str2); + printf("strcasestr_s returns:[%x]\n", sub); + printf("strcasestr returns:[%x]\n\n", std_sub); + } + +/*--------------------------------------------------*/ + + *str1 = '\0'; + strcpy(str1, "key"); + + rc = strcasestr_s(str1, LEN, str2, LEN, &sub); + if (rc != EOK) { + printf("%s %u Error rc=%d \n", + __FUNCTION__, __LINE__, rc); + } + + if (sub != str1) { + printf("%s %u Error rc=%d \n", + __FUNCTION__, __LINE__, rc); + } + + /* compare to legacy */ + std_sub = strcasestr(str1, str2); + if ((int)sub != (int)std_sub) { // comparison to handle 32-bit library return and 64-bit library return + printf("%s %u Error strcasestr_s() does not have same return value as strcasestr() when str2 is zero length string. rc=%u \n", + __FUNCTION__, __LINE__, rc); + printf("str1:[%s]\n", str1); + printf("str2:[%s]\n", str2); + printf("strcasestr_s returns:[%x]\n", sub); + printf("strcasestr returns:[%x]\n\n", std_sub); + } + +/*--------------------------------------------------*/ + + strcpy(str1, "keep it all together"); + *str2 = '\0'; + + /* str2 being empty, must return str1 */ + rc = strcasestr_s(str1, LEN, str2, LEN, &sub); + if (rc != EOK) { + printf("%s %u Error rc=%d \n", + __FUNCTION__, __LINE__, rc); + } + + if (sub != str1) { + printf("%s %u Error rc=%d \n", + __FUNCTION__, __LINE__, rc); + } + + /* compare to legacy */ + std_sub = strcasestr(str1, str2); + if ((int)sub != (int)std_sub) { // comparison to handle 32-bit library return and 64-bit library return + printf("%s %u Error strcasestr_s() does not have same return value as strcasestr() when str2 is zero length string. rc=%u \n", + __FUNCTION__, __LINE__, rc); + printf("str1:[%s]\n", str1); + printf("str2:[%s]\n", str2); + printf("strcasestr_s returns:[%p]\n", sub); + printf("strcasestr returns:[%p]\n\n", std_sub); + } + +/*--------------------------------------------------*/ + + strcpy(str1, "keep it all together"); + strcpy(str2, "kee"); + + /* substring at beginning */ + rc = strcasestr_s(str1, LEN, str2, LEN, &sub); + if (rc != EOK) { + printf("%s %u Error rc=%d \n", + __FUNCTION__, __LINE__, rc); + } + + if (sub != &str1[0]) { + printf("%s %u Error rc=%d \n", + __FUNCTION__, __LINE__, rc); + } + +/*--------------------------------------------------*/ + + strcpy(str1, "keep it all together"); + strcpy(str2, "eep it"); + + /* substring in the middle */ + rc = strcasestr_s(str1, LEN, str2, LEN, &sub); + if (rc != EOK) { + printf("%s %u Error rc=%d \n", + __FUNCTION__, __LINE__, rc); + } + + if (sub != &str1[1]) { + printf("%s %u Error rc=%d \n", + __FUNCTION__, __LINE__, rc); + } + +/*--------------------------------------------------*/ + + strcpy(str1, "keep it all together"); + strcpy(str2, "ethe"); + + /* substring in the middle */ + rc = strcasestr_s(str1, LEN, str2, LEN, &sub); + if (rc != EOK) { + printf("%s %u Error rc=%d \n", + __FUNCTION__, __LINE__, rc); + } + + if (sub != &str1[15]) { + printf("%s %u Error rc=%d \n", + __FUNCTION__, __LINE__, rc); + } + +/*--------------------------------------------------*/ + + strcpy(str1, "keep it all together"); + strcpy(str2, "er"); + + len1 = strlen(str1); + len2 = strlen(str2); + + /* substring at the end */ + rc = strcasestr_s(str1, len1, str2, len2, &sub); + if (rc != EOK) { + printf("%s %u Error rc=%d \n", + __FUNCTION__, __LINE__, rc); + } + + if (sub != &str1[18]) { + printf("%s %u Error rc=%d \n", + __FUNCTION__, __LINE__, rc); + } + + /* compare to legacy */ + std_sub = strcasestr(str1, str2); + if ((int)sub != (int)std_sub) { // comparison to handle 32-bit library return and 64-bit library return + printf("%s %u Error strcasestr_s() does not have same return value as strcasestr() when str2 is substring of the end of str1. rc=%u \n", + __FUNCTION__, __LINE__, rc); + printf("str1:[%s]\n", str1); + printf("str2:[%s]\n", str2); + printf("strcasestr_s returns:[%p]\n", sub); + printf("strcasestr returns:[%p]\n\n", std_sub); + } + +/*--------------------------------------------------*/ + + strcpy(str1, "keep it all together"); + strcpy(str2, "er"); + + len1 = strlen(str1); + len2 = strlen(str2); + + /* substring at the end */ + rc = strcasestr_s(str1, len1, str2, 2, &sub); + if (rc != EOK) { + printf("%s %u Error rc=%d \n", + __FUNCTION__, __LINE__, rc); + } + + if (sub != &str1[18]) { + printf("%s %u Error rc=%d \n", + __FUNCTION__, __LINE__, rc); + } + + /* compare to legacy */ + std_sub = strcasestr(str1, str2); + if ((int)sub != (int)std_sub) { // comparison to handle 32-bit library return and 64-bit library return + printf("%s %u Error strcasestr_s() does not have same return value as strcasestr() when str2 is substring of middle of str1. rc=%u \n", + __FUNCTION__, __LINE__, rc); + printf("str1:[%s]\n", str1); + printf("str2:[%s]\n", str2); + printf("strcasestr_s returns:[%p]\n", sub); + printf("strcasestr returns:[%p]\n\n", std_sub); + } + +/*--------------------------------------------------*/ + + strcpy(str1, "keep it all together"); + strcpy(str2, "it all"); + + rc = strcasestr_s(str1, 3, str2, LEN, &sub); + if (rc != ESNOTFND) { + printf("%s %u Error rc=%d \n", + __FUNCTION__, __LINE__, rc); + } + + if (sub != NULL) { + printf("%s %u Error rc=%d \n", + __FUNCTION__, __LINE__, rc); + } + +/*--------------------------------------------------*/ + + strcpy(str1, "keep it all together"); + strcpy(str2, "it all"); + + rc = strcasestr_s(str1, LEN, str2, 1, &sub); + if (rc != EOK) { + printf("%s %u Error rc=%d \n", + __FUNCTION__, __LINE__, rc); + } + + if (sub != &str1[5]) { + printf("%s %u Error rc=%d \n", + __FUNCTION__, __LINE__, rc); + } + +/*--------------------------------------------------*/ + + strcpy(str1, "keep it all together"); + strcpy(str2, "it all"); + + rc = strcasestr_s(str1, LEN, str2, 2, &sub); + if (rc != EOK) { + printf("%s %u Error rc=%d \n", + __FUNCTION__, __LINE__, rc); + } + + if (sub != &str1[5]) { + printf("%s %u Error rc=%d \n", + __FUNCTION__, __LINE__, rc); + } + +/*--------------------------------------------------*/ + + strcpy(str1, "keep it all together"); + strcpy(str2, "it all"); + + rc = strcasestr_s(str1, LEN, str2, 5, &sub); + if (rc != EOK) { + printf("%s %u Error rc=%d \n", + __FUNCTION__, __LINE__, rc); + } + + if (sub != &str1[5]) { + printf("%s %u Error rc=%d \n", + __FUNCTION__, __LINE__, rc); + } + +/*--------------------------------------------------*/ + + strcpy(str1, "keep it all together"); + strcpy(str2, "1234"); + + len1 = strlen(str1); + rc = strcasestr_s(str1, len1, str2, LEN, &sub); + if (rc != ESNOTFND) { + printf("%s %u Error rc=%d \n", + __FUNCTION__, __LINE__, rc); + } + + if (sub != NULL) { + printf("%s %u Error rc=%d \n", + __FUNCTION__, __LINE__, rc); + } + +/*--------------------------------------------------*/ + + strcpy(str1, "keep it all together"); + strcpy(str2, "IT ALL"); + + rc = strcasestr_s(str1, LEN, str2, LEN, &sub); + if (rc != EOK) { + printf("%s %u Error rc=%d \n", + __FUNCTION__, __LINE__, rc); + } + + if (sub != &str1[5]) { + printf("%s %u Error rc=%d \n", + __FUNCTION__, __LINE__, rc); + } + +/*--------------------------------------------------*/ + + strcpy(str1, "keep it all together"); + strcpy(str2, "EEP"); + + /* validate */ + rc = strcasestr_s(str1, LEN, str2, LEN, &sub); + if (rc != EOK) { + printf("%s %u Error rc=%u \n", + __FUNCTION__, __LINE__, rc); + } + + if (sub != &str1[1]) { + printf("%s %u Error rc=%u \n", + __FUNCTION__, __LINE__, rc); + } + + /* compare to legacy */ + std_sub = strcasestr(str1, str2); + if ((int)sub != (int)std_sub) { // comparison to handle 32-bit library return and 64-bit library return + printf("%s %u Error rc=%u \n", + __FUNCTION__, __LINE__, rc); + } + +/*--------------------------------------------------*/ + + return (0); +} diff --git a/unittests/test_wcpcpy_s.c b/unittests/test_wcpcpy_s.c index b71eabb..0794178 100644 --- a/unittests/test_wcpcpy_s.c +++ b/unittests/test_wcpcpy_s.c @@ -1,516 +1,516 @@ -/*------------------------------------------------------------------ - * test_wcpcpy_s - * - * September 2014, D Wheeler - * - * Copyright (c) 2014 by Intel Corp - * All rights reserved. - * - * Permission is hereby granted, free of charge, to any person - * obtaining a copy of this software and associated documentation - * files (the "Software"), to deal in the Software without - * restriction, including without limitation the rights to use, - * copy, modify, merge, publish, distribute, sublicense, and/or - * sell copies of the Software, and to permit persons to whom the - * Software is furnished to do so, subject to the following - * conditions: - * - * The above copyright notice and this permission notice shall be - * included in all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES - * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND - * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT - * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, - * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING - * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR - * OTHER DEALINGS IN THE SOFTWARE. - *------------------------------------------------------------------ - *------------------------------------------------------------------ - * TEST COVERAGE NOTES - * - * The following notes describe the purpose of the test cases in - * order to ensure full coverage of all return paths in the code to - * be tested, as well as test for security concerns in the target. - * The test methodology is to perfrom branch-coverage testing to ensure - * all exit paths from the code have been tested. Additional tests are added to - * perform some corner case validation of certain more complex branches - * to verify no side-effects or missing corners are introduced in the code. - * - * BASIC PARAMETER VALIDATION - * TC 1: Test for first parameter, destination char string, being sent in as NULL - * TC 2: Test for second parameter, dest maximum length (dmax), being sent in as zero - * TC 3: Test for second parameter, dest maximum length (dmax), being larger than the maximum allowed size - * TC 4: Test for third parameter, source char string, being sent in as NULL - * - * TEST WHEN SRC & DEST ARE THE SAME - * TC 5: Test for src=dest, but string too long for dmax - * TC 6: Test for src=dest, proper return - * - * TEST WHEN DEST BUFFER < SOURCE BUFFER - * TC 7: Test for overlap of dest buffer into src buffer (src string too long) - * TC12: Test for proper copy of short string over long string - * TC13: Test for not enough space in destination (dest < src) - * TC16: Test copy short string over long string - * - * TEST NON-STANDARD FAILURE CONDITIONS FOR NULL DEST STRINGS - * TC 9: Test copy null string over destination string - * TC10: Test copy NULL string over existing string (dest > src) - * TC11: Test copy string over NULL string (dest < src) - * - * TEST WHEN DEST BUFFER >= SOURCE BUFFER - * TC 8: Test src buffer runs into beginning of dest buffer (src buffer is unterminated or been destroyed by copy) - * TC14: Test for not enough space in destination (src < dest) - * TC15: Test copy of string - just enough space in dest - * TC17: Test copy with not enough room for final NULL in destination - * - * - *------------------------------------------------------------------ - */ - -#include "test_private.h" -#include "safe_str_lib.h" - -#define MAX ( 128 ) -#define LEN ( 128 ) - -static wchar_t str1[LEN]; -static wchar_t str2[LEN]; - -extern wchar_t *wcpcpy_s(wchar_t* dest, rsize_t dmax, const wchar_t* src, errno_t *err); -extern errno_t wcscpy_s(wchar_t* dest, rsize_t dmax, const wchar_t* src); -extern rsize_t wcsnlen_s (const wchar_t *dest, rsize_t dmax); - -int test_wcpcpy_s (void) -{ - wchar_t *ret; - errno_t rc; - uint32_t i; - int32_t ind; - rsize_t sz; - unsigned int testno = 0; - - - printf("\nTesting wcpcpy_s:\n"); -/*--------------------------------------------------*/ -/* 1 Test for NULL destination check */ -printf("Test #%d:\n", ++testno); - - ret = wcpcpy_s(NULL, LEN, str2, &rc); - if (rc != ESNULLP) { - printf("%s %u Error rc=%u \n", - __FUNCTION__, __LINE__, rc ); - } - - if (ret != NULL) { - printf("Returned pointer incorrect: %s %u Error rc=%u \n", - __FUNCTION__, __LINE__, rc ); - } - -/*--------------------------------------------------*/ -/* 2 Test for zero length destination */ - printf("Test #%d:\n", ++testno); - - ret = wcpcpy_s(str1, 0, str2, &rc); - if (rc != ESZEROL) { - printf("%s %u Error rc=%u \n", - __FUNCTION__, __LINE__, rc ); - } - if (ret != NULL) { - printf("Returned pointer incorrect: %s %u Error rc=%u \n", - __FUNCTION__, __LINE__, rc ); - } - - -/*--------------------------------------------------*/ -/* 3 Test for too large destination size */ - printf("Test #%d:\n", ++testno); - - ret = wcpcpy_s(str1, (RSIZE_MAX_STR+1), str2, &rc); - if (rc != ESLEMAX) { - printf("%s %u Error rc=%u \n", - __FUNCTION__, __LINE__, rc ); - } - if (ret != NULL) { - printf("Returned pointer incorrect: %s %u Error rc=%u \n", - __FUNCTION__, __LINE__, rc ); - } - -/*--------------------------------------------------*/ -/* 4 Test for NULL source check */ - printf("Test #%d:\n", ++testno); - - wcscpy_s(str1, LEN, L"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"); - - ret = wcpcpy_s(str1, 5, NULL, &rc); - if (rc != ESNULLP) { - printf("%s %u Error rc=%u \n", - __FUNCTION__, __LINE__, rc ); - } - - if (ret != NULL) { - printf("Returned pointer incorrect: %s %u Error rc=%u \n", - __FUNCTION__, __LINE__, rc ); - } - -#ifdef SAFE_LIB_STR_NULL_SLACK - for (i=0; i<5; i++) { - if (str1[i] != L'\0') { - printf("%s %u Error rc=%u \n", - __FUNCTION__, __LINE__, rc ); - } - } -#else - if (str1[0] != L'\0') { - printf("%s %u Error rc=%u \n", - __FUNCTION__, __LINE__, rc ); - } -#endif - - -/*--------------------------------------------------*/ -/* 5 Test for Src is same as dest, but source too long */ - printf("Test #%d:\n", ++testno); - - wcscpy_s(str1, LEN, L"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"); - - ret = wcpcpy_s(str1, 5, str1, &rc); - if (rc != ESLEMAX) { - printf("%s %u Error rc=%u \n", - __FUNCTION__, __LINE__, rc ); - } - - if (ret != NULL) { - printf("Returned pointer incorrect: %s %u Error rc=%u \n", - __FUNCTION__, __LINE__, rc ); - } - - -/*--------------------------------------------------*/ -/* 6 Test copy the same string onto itself */ - printf("Test #%d:\n", ++testno); - - wcscpy_s(str1, LEN, L"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"); - - ret = wcpcpy_s(str1, LEN, str1, &rc); - if (rc != EOK) { - printf("%s %u Error rc=%u \n", - __FUNCTION__, __LINE__, rc ); - } - - if (ret == NULL || ret[0] != L'\0' || ret != str1+wcsnlen_s(str1, LEN) ) { - printf("Returned pointer incorrect: %s %u Error rc=%u \n", - __FUNCTION__, __LINE__, rc ); - } - -/*--------------------------------------------------*/ -/*--------------------------------------------------*/ -/* 7 Test for string overlap, destination < src, and - * dest overlaps onto the src string, so a copy would - * change the src string */ - printf("Test #%d:\n", ++testno); - - wcscpy_s(&str1[0], LEN, L"keep it simple"); - sz = wcsnlen_s(str1, LEN); - - ret = wcpcpy_s(&str1[0], LEN, &str1[5], &rc); - if (rc != ESOVRLP) { - printf("%s %u Error rc=%u \n", - __FUNCTION__, __LINE__, rc ); - } - if (ret != NULL) { - printf("Returned pointer incorrect: %s %u Error rc=%u \n", - __FUNCTION__, __LINE__, rc ); - } - -#ifdef SAFE_LIB_STR_NULL_SLACK - for (i=0; i -%ls- (smax=%lu) Error rc=%u \n", - __FUNCTION__, __LINE__, str1, str2, sz, rc ); - } - - if (ret == NULL || ret[0] != L'\0' || ret != str1+wcsnlen_s(str1, LEN) ) { - printf("Returned pointer incorrect: %s %u Error rc=%u \n", - __FUNCTION__, __LINE__, rc ); - } - -/*--------------------------------------------------*/ -/* 12 Test for accurate subString copy over existing string */ - printf("Test #%d:\n", ++testno); - - wcscpy_s(str1, LEN, L"xxxxxxxxxx"); - wcscpy_s(str2, LEN, L"abcde"); - - ret = wcpcpy_s(str1, LEN, str2, &rc); - if (rc != EOK) { - printf("%s %u Error rc=%u \n", - __FUNCTION__, __LINE__, rc ); - } - - if (ret == NULL || ret[0] != L'\0' || ret != str1+wcsnlen_s(str1, LEN) ) { - printf("Returned pointer incorrect: %s %u Error rc=%u \n", - __FUNCTION__, __LINE__, rc ); - } - - sz = wcsnlen_s(str1, LEN); - if (sz != 5) { - printf("%s %u (sz=%lu <> 5) Error rc=%u \n", - __FUNCTION__, __LINE__, sz, rc ); - } - rc = memcmp_s(str1, LEN, str2, (6)*sizeof(wchar_t), &ind ); - if (ind != 0) { - printf("%s %u -%ls- <> -%ls- (size=%lu) Error rc=%u \n", - __FUNCTION__, __LINE__, str1, str2, sz, rc ); - } - - -/*--------------------------------------------------*/ -/* 13 Test for not enough space in destination (dest < src) */ - printf("Test #%d:\n", ++testno); - - wcscpy_s(str1, LEN, L"qqweqeqeqeq"); - wcscpy_s(str2, LEN, L"keep it simple"); - sz = wcsnlen_s(str2, LEN); - - ret = wcpcpy_s(str1, 14, str2, &rc); - if (rc != ESNOSPC) { - printf("%s %u Error rc=%u \n", - __FUNCTION__, __LINE__, rc ); - } - if (ret != NULL) { - printf("Returned pointer incorrect: %s %u Error rc=%u \n", - __FUNCTION__, __LINE__, rc ); - } - - if (*str1 != L'\0') { - printf("%s %u -%ls- Error rc=%u \n", - __FUNCTION__, __LINE__, str1, rc ); - } - -/*--------------------------------------------------*/ -/* 14 Test for not enough space in destination (src < dest) */ - printf("Test #%d:\n", ++testno); - - wcscpy_s(str1, LEN, L"qqweqeqeqeq"); - wcscpy_s(str2, LEN, L"keep it simple"); - sz = wcsnlen_s(str2, LEN); - - ret = wcpcpy_s(str2, 6, str1, &rc); - if (rc != ESNOSPC) { - printf("%s %u Error rc=%u \n", - __FUNCTION__, __LINE__, rc ); - } - if (ret != NULL) { - printf("Returned pointer incorrect: %s %u Error rc=%u \n", - __FUNCTION__, __LINE__, rc ); - } - - if (*str2 != L'\0') { - printf("%s %u -%ls- Error rc=%u \n", - __FUNCTION__, __LINE__, str1, rc ); - } - -/*--------------------------------------------------*/ -/* 15 Test for just enough space in destination */ - printf("Test #%d:\n", ++testno); - - wcscpy_s(str2, LEN, L"qqweqeqeqeq"); - wcscpy_s(str1, LEN, L"it"); - - ret = wcpcpy_s(str2, 3, str1, &rc); - if (rc != EOK) { - printf("%s %u Error rc=%u \n", - __FUNCTION__, __LINE__, rc ); - } - - rc = memcmp_s(str1, LEN, str2, (3)*sizeof(wchar_t), &ind ); - if (ind != 0) { - printf("%s %u -%ls- Error rc=%u \n", - __FUNCTION__, __LINE__, str1, rc ); - } - if (ret == NULL || ret[0] != L'\0' || ret != str2+wcsnlen_s(str2, LEN) ) { - printf("Returned pointer incorrect: %s %u Error rc=%u \n", - __FUNCTION__, __LINE__, rc ); - } - -/*--------------------------------------------------*/ -/* 16 Test copy short string over long string */ - printf("Test #%d:\n", ++testno); - - wcscpy_s(str1, LEN, L"qq12345weqeqeqeq"); - wcscpy_s(str2, LEN, L"it"); - - ret = wcpcpy_s(str1, 10, str2, &rc); - if (rc != EOK) { - printf("%s %u Error rc=%u \n", - __FUNCTION__, __LINE__, rc ); - } - if (ret == NULL || ret[0] != L'\0' || ret != str1+wcsnlen_s(str1, LEN) ) { - printf("Returned pointer incorrect: %s %u Error rc=%u \n", - __FUNCTION__, __LINE__, rc ); - } - - rc = memcmp_s(str1, LEN, str2, (3)*sizeof(wchar_t), &ind ); - if (ind != 0) { - printf("%s %u -%ls- Error rc=%u \n", - __FUNCTION__, __LINE__, str1, rc ); - } - - -/*--------------------------------------------------*/ -/* 17 Test for not enough space in destination for final NULL */ - printf("Test #%d:\n", ++testno); - - wcscpy_s(str2, LEN, L"qqweqeqeqeq"); - wcscpy_s(str1, LEN, L"it"); - sz = wcsnlen_s(str2, LEN); - - ret = wcpcpy_s(str2, 2, str1, &rc); - if (rc != ESNOSPC) { - printf("%s %u Error rc=%u \n", - __FUNCTION__, __LINE__, rc ); - } - - if (ret != NULL) { - printf("Returned pointer incorrect: %s %u Error rc=%u \n", - __FUNCTION__, __LINE__, rc ); - } - - if (*str2 != L'\0') { - printf("%s %u -%ls- Error rc=%u \n", - __FUNCTION__, __LINE__, str1, rc ); - } -/*--------------------------------------------------*/ - - return (0); -} - +/*------------------------------------------------------------------ + * test_wcpcpy_s + * + * September 2014, D Wheeler + * + * Copyright (c) 2014 by Intel Corp + * All rights reserved. + * + * Permission is hereby granted, free of charge, to any person + * obtaining a copy of this software and associated documentation + * files (the "Software"), to deal in the Software without + * restriction, including without limitation the rights to use, + * copy, modify, merge, publish, distribute, sublicense, and/or + * sell copies of the Software, and to permit persons to whom the + * Software is furnished to do so, subject to the following + * conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES + * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT + * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, + * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING + * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR + * OTHER DEALINGS IN THE SOFTWARE. + *------------------------------------------------------------------ + *------------------------------------------------------------------ + * TEST COVERAGE NOTES + * + * The following notes describe the purpose of the test cases in + * order to ensure full coverage of all return paths in the code to + * be tested, as well as test for security concerns in the target. + * The test methodology is to perfrom branch-coverage testing to ensure + * all exit paths from the code have been tested. Additional tests are added to + * perform some corner case validation of certain more complex branches + * to verify no side-effects or missing corners are introduced in the code. + * + * BASIC PARAMETER VALIDATION + * TC 1: Test for first parameter, destination char string, being sent in as NULL + * TC 2: Test for second parameter, dest maximum length (dmax), being sent in as zero + * TC 3: Test for second parameter, dest maximum length (dmax), being larger than the maximum allowed size + * TC 4: Test for third parameter, source char string, being sent in as NULL + * + * TEST WHEN SRC & DEST ARE THE SAME + * TC 5: Test for src=dest, but string too long for dmax + * TC 6: Test for src=dest, proper return + * + * TEST WHEN DEST BUFFER < SOURCE BUFFER + * TC 7: Test for overlap of dest buffer into src buffer (src string too long) + * TC12: Test for proper copy of short string over long string + * TC13: Test for not enough space in destination (dest < src) + * TC16: Test copy short string over long string + * + * TEST NON-STANDARD FAILURE CONDITIONS FOR NULL DEST STRINGS + * TC 9: Test copy null string over destination string + * TC10: Test copy NULL string over existing string (dest > src) + * TC11: Test copy string over NULL string (dest < src) + * + * TEST WHEN DEST BUFFER >= SOURCE BUFFER + * TC 8: Test src buffer runs into beginning of dest buffer (src buffer is unterminated or been destroyed by copy) + * TC14: Test for not enough space in destination (src < dest) + * TC15: Test copy of string - just enough space in dest + * TC17: Test copy with not enough room for final NULL in destination + * + * + *------------------------------------------------------------------ + */ + +#include "test_private.h" +#include "safe_str_lib.h" + +#define MAX ( 128 ) +#define LEN ( 128 ) + +static wchar_t str1[LEN]; +static wchar_t str2[LEN]; + +extern wchar_t *wcpcpy_s(wchar_t* dest, rsize_t dmax, const wchar_t* src, errno_t *err); +extern errno_t wcscpy_s(wchar_t* dest, rsize_t dmax, const wchar_t* src); +extern rsize_t wcsnlen_s (const wchar_t *dest, rsize_t dmax); + +int test_wcpcpy_s (void) +{ + wchar_t *ret; + errno_t rc; + uint32_t i; + int32_t ind; + rsize_t sz; + unsigned int testno = 0; + + + printf("\nTesting wcpcpy_s:\n"); +/*--------------------------------------------------*/ +/* 1 Test for NULL destination check */ +printf("Test #%d:\n", ++testno); + + ret = wcpcpy_s(NULL, LEN, str2, &rc); + if (rc != ESNULLP) { + printf("%s %u Error rc=%u \n", + __FUNCTION__, __LINE__, rc ); + } + + if (ret != NULL) { + printf("Returned pointer incorrect: %s %u Error rc=%u \n", + __FUNCTION__, __LINE__, rc ); + } + +/*--------------------------------------------------*/ +/* 2 Test for zero length destination */ + printf("Test #%d:\n", ++testno); + + ret = wcpcpy_s(str1, 0, str2, &rc); + if (rc != ESZEROL) { + printf("%s %u Error rc=%u \n", + __FUNCTION__, __LINE__, rc ); + } + if (ret != NULL) { + printf("Returned pointer incorrect: %s %u Error rc=%u \n", + __FUNCTION__, __LINE__, rc ); + } + + +/*--------------------------------------------------*/ +/* 3 Test for too large destination size */ + printf("Test #%d:\n", ++testno); + + ret = wcpcpy_s(str1, (RSIZE_MAX_STR+1), str2, &rc); + if (rc != ESLEMAX) { + printf("%s %u Error rc=%u \n", + __FUNCTION__, __LINE__, rc ); + } + if (ret != NULL) { + printf("Returned pointer incorrect: %s %u Error rc=%u \n", + __FUNCTION__, __LINE__, rc ); + } + +/*--------------------------------------------------*/ +/* 4 Test for NULL source check */ + printf("Test #%d:\n", ++testno); + + wcscpy_s(str1, LEN, L"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"); + + ret = wcpcpy_s(str1, 5, NULL, &rc); + if (rc != ESNULLP) { + printf("%s %u Error rc=%u \n", + __FUNCTION__, __LINE__, rc ); + } + + if (ret != NULL) { + printf("Returned pointer incorrect: %s %u Error rc=%u \n", + __FUNCTION__, __LINE__, rc ); + } + +#ifdef SAFE_LIB_STR_NULL_SLACK + for (i=0; i<5; i++) { + if (str1[i] != L'\0') { + printf("%s %u Error rc=%u \n", + __FUNCTION__, __LINE__, rc ); + } + } +#else + if (str1[0] != L'\0') { + printf("%s %u Error rc=%u \n", + __FUNCTION__, __LINE__, rc ); + } +#endif + + +/*--------------------------------------------------*/ +/* 5 Test for Src is same as dest, but source too long */ + printf("Test #%d:\n", ++testno); + + wcscpy_s(str1, LEN, L"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"); + + ret = wcpcpy_s(str1, 5, str1, &rc); + if (rc != ESLEMAX) { + printf("%s %u Error rc=%u \n", + __FUNCTION__, __LINE__, rc ); + } + + if (ret != NULL) { + printf("Returned pointer incorrect: %s %u Error rc=%u \n", + __FUNCTION__, __LINE__, rc ); + } + + +/*--------------------------------------------------*/ +/* 6 Test copy the same string onto itself */ + printf("Test #%d:\n", ++testno); + + wcscpy_s(str1, LEN, L"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"); + + ret = wcpcpy_s(str1, LEN, str1, &rc); + if (rc != EOK) { + printf("%s %u Error rc=%u \n", + __FUNCTION__, __LINE__, rc ); + } + + if (ret == NULL || ret[0] != L'\0' || ret != str1+wcsnlen_s(str1, LEN) ) { + printf("Returned pointer incorrect: %s %u Error rc=%u \n", + __FUNCTION__, __LINE__, rc ); + } + +/*--------------------------------------------------*/ +/*--------------------------------------------------*/ +/* 7 Test for string overlap, destination < src, and + * dest overlaps onto the src string, so a copy would + * change the src string */ + printf("Test #%d:\n", ++testno); + + wcscpy_s(&str1[0], LEN, L"keep it simple"); + sz = wcsnlen_s(str1, LEN); + + ret = wcpcpy_s(&str1[0], LEN, &str1[5], &rc); + if (rc != ESOVRLP) { + printf("%s %u Error rc=%u \n", + __FUNCTION__, __LINE__, rc ); + } + if (ret != NULL) { + printf("Returned pointer incorrect: %s %u Error rc=%u \n", + __FUNCTION__, __LINE__, rc ); + } + +#ifdef SAFE_LIB_STR_NULL_SLACK + for (i=0; i -%ls- (smax=%lu) Error rc=%u \n", + __FUNCTION__, __LINE__, str1, str2, sz, rc ); + } + + if (ret == NULL || ret[0] != L'\0' || ret != str1+wcsnlen_s(str1, LEN) ) { + printf("Returned pointer incorrect: %s %u Error rc=%u \n", + __FUNCTION__, __LINE__, rc ); + } + +/*--------------------------------------------------*/ +/* 12 Test for accurate subString copy over existing string */ + printf("Test #%d:\n", ++testno); + + wcscpy_s(str1, LEN, L"xxxxxxxxxx"); + wcscpy_s(str2, LEN, L"abcde"); + + ret = wcpcpy_s(str1, LEN, str2, &rc); + if (rc != EOK) { + printf("%s %u Error rc=%u \n", + __FUNCTION__, __LINE__, rc ); + } + + if (ret == NULL || ret[0] != L'\0' || ret != str1+wcsnlen_s(str1, LEN) ) { + printf("Returned pointer incorrect: %s %u Error rc=%u \n", + __FUNCTION__, __LINE__, rc ); + } + + sz = wcsnlen_s(str1, LEN); + if (sz != 5) { + printf("%s %u (sz=%lu <> 5) Error rc=%u \n", + __FUNCTION__, __LINE__, sz, rc ); + } + rc = memcmp_s(str1, LEN, str2, (6)*sizeof(wchar_t), &ind ); + if (ind != 0) { + printf("%s %u -%ls- <> -%ls- (size=%lu) Error rc=%u \n", + __FUNCTION__, __LINE__, str1, str2, sz, rc ); + } + + +/*--------------------------------------------------*/ +/* 13 Test for not enough space in destination (dest < src) */ + printf("Test #%d:\n", ++testno); + + wcscpy_s(str1, LEN, L"qqweqeqeqeq"); + wcscpy_s(str2, LEN, L"keep it simple"); + sz = wcsnlen_s(str2, LEN); + + ret = wcpcpy_s(str1, 14, str2, &rc); + if (rc != ESNOSPC) { + printf("%s %u Error rc=%u \n", + __FUNCTION__, __LINE__, rc ); + } + if (ret != NULL) { + printf("Returned pointer incorrect: %s %u Error rc=%u \n", + __FUNCTION__, __LINE__, rc ); + } + + if (*str1 != L'\0') { + printf("%s %u -%ls- Error rc=%u \n", + __FUNCTION__, __LINE__, str1, rc ); + } + +/*--------------------------------------------------*/ +/* 14 Test for not enough space in destination (src < dest) */ + printf("Test #%d:\n", ++testno); + + wcscpy_s(str1, LEN, L"qqweqeqeqeq"); + wcscpy_s(str2, LEN, L"keep it simple"); + sz = wcsnlen_s(str2, LEN); + + ret = wcpcpy_s(str2, 6, str1, &rc); + if (rc != ESNOSPC) { + printf("%s %u Error rc=%u \n", + __FUNCTION__, __LINE__, rc ); + } + if (ret != NULL) { + printf("Returned pointer incorrect: %s %u Error rc=%u \n", + __FUNCTION__, __LINE__, rc ); + } + + if (*str2 != L'\0') { + printf("%s %u -%ls- Error rc=%u \n", + __FUNCTION__, __LINE__, str1, rc ); + } + +/*--------------------------------------------------*/ +/* 15 Test for just enough space in destination */ + printf("Test #%d:\n", ++testno); + + wcscpy_s(str2, LEN, L"qqweqeqeqeq"); + wcscpy_s(str1, LEN, L"it"); + + ret = wcpcpy_s(str2, 3, str1, &rc); + if (rc != EOK) { + printf("%s %u Error rc=%u \n", + __FUNCTION__, __LINE__, rc ); + } + + rc = memcmp_s(str1, LEN, str2, (3)*sizeof(wchar_t), &ind ); + if (ind != 0) { + printf("%s %u -%ls- Error rc=%u \n", + __FUNCTION__, __LINE__, str1, rc ); + } + if (ret == NULL || ret[0] != L'\0' || ret != str2+wcsnlen_s(str2, LEN) ) { + printf("Returned pointer incorrect: %s %u Error rc=%u \n", + __FUNCTION__, __LINE__, rc ); + } + +/*--------------------------------------------------*/ +/* 16 Test copy short string over long string */ + printf("Test #%d:\n", ++testno); + + wcscpy_s(str1, LEN, L"qq12345weqeqeqeq"); + wcscpy_s(str2, LEN, L"it"); + + ret = wcpcpy_s(str1, 10, str2, &rc); + if (rc != EOK) { + printf("%s %u Error rc=%u \n", + __FUNCTION__, __LINE__, rc ); + } + if (ret == NULL || ret[0] != L'\0' || ret != str1+wcsnlen_s(str1, LEN) ) { + printf("Returned pointer incorrect: %s %u Error rc=%u \n", + __FUNCTION__, __LINE__, rc ); + } + + rc = memcmp_s(str1, LEN, str2, (3)*sizeof(wchar_t), &ind ); + if (ind != 0) { + printf("%s %u -%ls- Error rc=%u \n", + __FUNCTION__, __LINE__, str1, rc ); + } + + +/*--------------------------------------------------*/ +/* 17 Test for not enough space in destination for final NULL */ + printf("Test #%d:\n", ++testno); + + wcscpy_s(str2, LEN, L"qqweqeqeqeq"); + wcscpy_s(str1, LEN, L"it"); + sz = wcsnlen_s(str2, LEN); + + ret = wcpcpy_s(str2, 2, str1, &rc); + if (rc != ESNOSPC) { + printf("%s %u Error rc=%u \n", + __FUNCTION__, __LINE__, rc ); + } + + if (ret != NULL) { + printf("Returned pointer incorrect: %s %u Error rc=%u \n", + __FUNCTION__, __LINE__, rc ); + } + + if (*str2 != L'\0') { + printf("%s %u -%ls- Error rc=%u \n", + __FUNCTION__, __LINE__, str1, rc ); + } +/*--------------------------------------------------*/ + + return (0); +} + From 49642beb3211cd918265edfe49bb96b6e46e111e Mon Sep 17 00:00:00 2001 From: Alexander Usyskin Date: Sun, 3 Feb 2019 07:57:48 +0200 Subject: [PATCH 2/3] safestringlib: unittests: fix printf format specifiers Use %zd for size_t Change-Id: I8b5de65ba0443ab0affad1ab011688ef9cc68b9e Signed-off-by: Alexander Usyskin Signed-off-by: Tomas Winkler --- unittests/test_memcpy_s.c | 8 +++---- unittests/test_stpncpy_s.c | 4 ++-- unittests/test_strcasestr_s.c | 8 +++---- unittests/test_strcspn_s.c | 32 +++++++++++++-------------- unittests/test_strfirstdiff_s.c | 26 +++++++++++----------- unittests/test_strfirstsame_s.c | 36 +++++++++++++++--------------- unittests/test_strlastdiff_s.c | 22 +++++++++--------- unittests/test_strlastsame_s.c | 38 ++++++++++++++++---------------- unittests/test_strnlen_s.c | 20 ++++++++--------- unittests/test_strnterminate_s.c | 28 +++++++++++------------ unittests/test_strspn_s.c | 32 +++++++++++++-------------- 11 files changed, 127 insertions(+), 127 deletions(-) diff --git a/unittests/test_memcpy_s.c b/unittests/test_memcpy_s.c index 42c688e..f6649b5 100644 --- a/unittests/test_memcpy_s.c +++ b/unittests/test_memcpy_s.c @@ -87,7 +87,7 @@ int test_memcpy_s (void) } if (mem1[i] != 33) { - printf("%d - %d m1=%d m2=%d \n", + printf("%d - %zu m1=%d m2=%d \n", __LINE__, len, mem1[len], mem2[len]); } @@ -114,7 +114,7 @@ int test_memcpy_s (void) } if (mem1[i] != 33) { - printf("%d - %d m1=%d m2=%d \n", + printf("%d - %zu m1=%d m2=%d \n", __LINE__, len, mem1[len], mem2[len]); } @@ -141,7 +141,7 @@ int test_memcpy_s (void) } if (mem1[len] != 33) { - printf("%d - %d m1=%d m2=%d \n", + printf("%d - %zu m1=%d m2=%d \n", __LINE__, len, mem1[len], mem2[len]); } } @@ -168,7 +168,7 @@ int test_memcpy_s (void) } if (mem1[len] != 33) { - printf("%d - %d m1=%d m2=%d \n", + printf("%d - %zu m1=%d m2=%d \n", __LINE__, len, mem1[len], mem2[len]); } diff --git a/unittests/test_stpncpy_s.c b/unittests/test_stpncpy_s.c index 52658b9..f8d288a 100644 --- a/unittests/test_stpncpy_s.c +++ b/unittests/test_stpncpy_s.c @@ -356,7 +356,7 @@ printf("Test #%d:\n", ++testno); /* be sure the results are the same as strcmp */ ind = strcmp(str1, str2); if (ind != 0) { - printf("%s %u -%s- <> -%s- (smax=%d) Error rc=%u \n", + printf("%s %u -%s- <> -%s- (smax=%zu) Error rc=%u \n", __FUNCTION__, __LINE__, str1, str2, sz, rc ); } @@ -387,7 +387,7 @@ printf("Test #%d:\n", ++testno); sz = strnlen_s(str1, LEN); ind = strncmp(str1, str2, sz); if (ind != 0 || sz != 3) { - printf("%s %u -%s- <> -%s- (smax=%d) Error rc=%u \n", + printf("%s %u -%s- <> -%s- (smax=%zu) Error rc=%u \n", __FUNCTION__, __LINE__, str1, str2, sz, rc ); } /* be sure that the slack is correct */ diff --git a/unittests/test_strcasestr_s.c b/unittests/test_strcasestr_s.c index 7d831df..6e9eb5b 100644 --- a/unittests/test_strcasestr_s.c +++ b/unittests/test_strcasestr_s.c @@ -135,8 +135,8 @@ int test_strcasestr_s() __FUNCTION__, __LINE__, rc); printf("str1:[%s]\n", str1); printf("str2:[%s]\n", str2); - printf("strcasestr_s returns:[%x]\n", sub); - printf("strcasestr returns:[%x]\n\n", std_sub); + printf("strcasestr_s returns:[%p]\n", sub); + printf("strcasestr returns:[%p]\n\n", std_sub); } /*--------------------------------------------------*/ @@ -162,8 +162,8 @@ int test_strcasestr_s() __FUNCTION__, __LINE__, rc); printf("str1:[%s]\n", str1); printf("str2:[%s]\n", str2); - printf("strcasestr_s returns:[%x]\n", sub); - printf("strcasestr returns:[%x]\n\n", std_sub); + printf("strcasestr_s returns:[%p]\n", sub); + printf("strcasestr returns:[%p]\n\n", std_sub); } /*--------------------------------------------------*/ diff --git a/unittests/test_strcspn_s.c b/unittests/test_strcspn_s.c index a464319..0abfe63 100644 --- a/unittests/test_strcspn_s.c +++ b/unittests/test_strcspn_s.c @@ -34,7 +34,7 @@ printf("Test #%d: NULL Scan String Check\n", ++testno); } if (count != 0) { - printf("%s %u Error count=%d rc=%d \n", + printf("%s %u Error count=%zu rc=%d \n", __FUNCTION__, __LINE__, count, rc); } @@ -49,7 +49,7 @@ printf("Test #%d: NULL Scan String Check\n", ++testno); } if (count != 0) { - printf("%s %u Error count=%d rc=%d \n", + printf("%s %u Error count=%zu rc=%d \n", __FUNCTION__, __LINE__, count, rc); } @@ -74,7 +74,7 @@ printf("Test #%d: NULL Scan String Check\n", ++testno); } if (count != 0) { - printf("%s %u Error count=%d rc=%d \n", + printf("%s %u Error count=%zu rc=%d \n", __FUNCTION__, __LINE__, count, rc); } @@ -89,7 +89,7 @@ printf("Test #%d: NULL Scan String Check\n", ++testno); } if (count != 0) { - printf("%s %u Error count=%d rc=%d \n", + printf("%s %u Error count=%zu rc=%d \n", __FUNCTION__, __LINE__, count, rc); } @@ -104,7 +104,7 @@ printf("Test #%d: NULL Scan String Check\n", ++testno); } if (count != 0) { - printf("%s %u Error count=%d rc=%d \n", + printf("%s %u Error count=%zu rc=%d \n", __FUNCTION__, __LINE__, count, rc); } @@ -119,7 +119,7 @@ printf("Test #%d: NULL Scan String Check\n", ++testno); } if (count != 0) { - printf("%s %u Error count=%d rc=%d \n", + printf("%s %u Error count=%zu rc=%d \n", __FUNCTION__, __LINE__, count, rc); } @@ -137,13 +137,13 @@ printf("Test #%d: NULL Scan String Check\n", ++testno); } if (count != 0) { - printf("%s %u Error count=%d rc=%d \n", + printf("%s %u Error count=%zu rc=%d \n", __FUNCTION__, __LINE__, count, rc); } std_count = strcspn(str1, str2); if (count != std_count) { - printf("%s %u count=%d std_count=%d rc=%d \n", + printf("%s %u count=%zu std_count=%d rc=%d \n", __FUNCTION__, __LINE__, count, std_count, rc); } @@ -162,7 +162,7 @@ printf("Test #%d: NULL Scan String Check\n", ++testno); } if (count != 1) { - printf("%s %u Error count=%d rc=%d \n", + printf("%s %u Error count=%zu rc=%d \n", __FUNCTION__, __LINE__, count, rc); } @@ -181,7 +181,7 @@ printf("Test #%d: NULL Scan String Check\n", ++testno); } if (count != 2) { - printf("%s %u Error count=%d rc=%d \n", + printf("%s %u Error count=%zu rc=%d \n", __FUNCTION__, __LINE__, count, rc); } @@ -200,7 +200,7 @@ printf("Test #%d: NULL Scan String Check\n", ++testno); } if (count != 3) { - printf("%s %u Error count=%d rc=%d \n", + printf("%s %u Error count=%zu rc=%d \n", __FUNCTION__, __LINE__, count, rc); } @@ -220,7 +220,7 @@ printf("Test #%d: NULL Scan String Check\n", ++testno); } if (count != 6) { - printf("%s %u Error count=%d rc=%d \n", + printf("%s %u Error count=%zu rc=%d \n", __FUNCTION__, __LINE__, count, rc); } @@ -239,7 +239,7 @@ printf("Test #%d: NULL Scan String Check\n", ++testno); } if (count != 6) { - printf("%s %u count=%d std_count=%d rc=%d \n", + printf("%s %u count=%zu std_count=%d rc=%d \n", __FUNCTION__, __LINE__, count, std_count, rc); } @@ -259,7 +259,7 @@ printf("Test #%d: NULL Scan String Check\n", ++testno); std_count = strcspn(str1, str2); if (count != std_count) { - printf("%s %u count=%d std_count=%d rc=%d \n", + printf("%s %u count=%zu std_count=%d rc=%d \n", __FUNCTION__, __LINE__, count, std_count, rc); } @@ -279,7 +279,7 @@ printf("Test #%d: NULL Scan String Check\n", ++testno); std_count = strcspn(str1, str2); if (count != std_count) { - printf("%s %u count=%d std_count=%d rc=%d \n", + printf("%s %u count=%zu std_count=%d rc=%d \n", __FUNCTION__, __LINE__, count, std_count, rc); } @@ -299,7 +299,7 @@ printf("Test #%d: NULL Scan String Check\n", ++testno); std_count = strcspn(str1, str2); if (count != std_count) { - printf("%s %u count=%d std_count=%d rc=%d \n", + printf("%s %u count=%zu std_count=%d rc=%d \n", __FUNCTION__, __LINE__, count, std_count, rc); } diff --git a/unittests/test_strfirstdiff_s.c b/unittests/test_strfirstdiff_s.c index 8e784e3..1dc2140 100644 --- a/unittests/test_strfirstdiff_s.c +++ b/unittests/test_strfirstdiff_s.c @@ -29,7 +29,7 @@ int test_strfirstdiff_s() } if (ind != 0) { - printf("%s %u Error ind=%d rc=%d \n", + printf("%s %u Error ind=%zu rc=%d \n", __FUNCTION__, __LINE__, ind, rc); } @@ -42,7 +42,7 @@ int test_strfirstdiff_s() } if (ind != 0) { - printf("%s %u Error ind=%d rc=%d \n", + printf("%s %u Error ind=%zu rc=%d \n", __FUNCTION__, __LINE__, ind, rc); } @@ -63,7 +63,7 @@ int test_strfirstdiff_s() } if (ind != 0) { - printf("%s %u Error ind=%d rc=%d \n", + printf("%s %u Error ind=%zu rc=%d \n", __FUNCTION__, __LINE__, ind, rc); } @@ -76,7 +76,7 @@ int test_strfirstdiff_s() } if (ind != 0) { - printf("%s %u Error ind=%d rc=%d \n", + printf("%s %u Error ind=%zu rc=%d \n", __FUNCTION__, __LINE__, ind, rc); } @@ -92,7 +92,7 @@ int test_strfirstdiff_s() } if (ind != 0) { - printf("%s %u Error ind=%d rc=%d \n", + printf("%s %u Error ind=%zu rc=%d \n", __FUNCTION__, __LINE__, ind, rc); } @@ -108,7 +108,7 @@ int test_strfirstdiff_s() } if (ind != 0) { - printf("%s %u Error ind=%d rc=%d \n", + printf("%s %u Error ind=%zu rc=%d \n", __FUNCTION__, __LINE__, ind, rc); } @@ -124,7 +124,7 @@ int test_strfirstdiff_s() } if (ind != 1) { - printf("%s %u Error ind=%d rc=%d \n", + printf("%s %u Error ind=%zu rc=%d \n", __FUNCTION__, __LINE__, ind, rc); } @@ -140,7 +140,7 @@ int test_strfirstdiff_s() } if (ind != 2) { - printf("%s %u Error ind=%d rc=%d \n", + printf("%s %u Error ind=%zu rc=%d \n", __FUNCTION__, __LINE__, ind, rc); } @@ -155,7 +155,7 @@ int test_strfirstdiff_s() } if (ind != 0) { - printf("%s %u Error ind=%d rc=%d \n", + printf("%s %u Error ind=%zu rc=%d \n", __FUNCTION__, __LINE__, ind, rc); } @@ -171,7 +171,7 @@ int test_strfirstdiff_s() } if (ind != 0) { - printf("%s %u Error ind=%d rc=%d \n", + printf("%s %u Error ind=%zu rc=%d \n", __FUNCTION__, __LINE__, ind, rc); } @@ -187,7 +187,7 @@ int test_strfirstdiff_s() } if (ind != 0) { - printf("%s %u Error ind=%d rc=%d \n", + printf("%s %u Error ind=%zu rc=%d \n", __FUNCTION__, __LINE__, ind, rc); } @@ -203,7 +203,7 @@ int test_strfirstdiff_s() } if (ind != 13) { - printf("%s %u Error ind=%d rc=%d \n", + printf("%s %u Error ind=%zu rc=%d \n", __FUNCTION__, __LINE__, ind, rc); } @@ -219,7 +219,7 @@ int test_strfirstdiff_s() } if (ind != 13) { - printf("%s %u Error ind=%d rc=%d \n", + printf("%s %u Error ind=%zu rc=%d \n", __FUNCTION__, __LINE__, ind, rc); } diff --git a/unittests/test_strfirstsame_s.c b/unittests/test_strfirstsame_s.c index 45c6648..cef3bc7 100644 --- a/unittests/test_strfirstsame_s.c +++ b/unittests/test_strfirstsame_s.c @@ -29,7 +29,7 @@ int test_strfirstsame_s() } if (ind != 0) { - printf("%s %u Error ind=%d rc=%d \n", + printf("%s %u Error ind=%zu rc=%d \n", __FUNCTION__, __LINE__, ind, rc); } @@ -42,7 +42,7 @@ int test_strfirstsame_s() } if (ind != 0) { - printf("%s %u Error ind=%d rc=%d \n", + printf("%s %u Error ind=%zu rc=%d \n", __FUNCTION__, __LINE__, ind, rc); } @@ -63,7 +63,7 @@ int test_strfirstsame_s() } if (ind != 0) { - printf("%s %u Error ind=%d rc=%d \n", + printf("%s %u Error ind=%zu rc=%d \n", __FUNCTION__, __LINE__, ind, rc); } @@ -76,7 +76,7 @@ int test_strfirstsame_s() } if (ind != 0) { - printf("%s %u Error ind=%d rc=%d \n", + printf("%s %u Error ind=%zu rc=%d \n", __FUNCTION__, __LINE__, ind, rc); } @@ -92,7 +92,7 @@ int test_strfirstsame_s() } if (ind != 0) { - printf("%s %u Error ind=%d rc=%d \n", + printf("%s %u Error ind=%zu rc=%d \n", __FUNCTION__, __LINE__, ind, rc); } @@ -108,7 +108,7 @@ int test_strfirstsame_s() } if (ind != 0) { - printf("%s %u Error ind=%d rc=%d \n", + printf("%s %u Error ind=%zu rc=%d \n", __FUNCTION__, __LINE__, ind, rc); } @@ -124,7 +124,7 @@ int test_strfirstsame_s() } if (ind != 1) { - printf("%s %u Error ind=%d rc=%d \n", + printf("%s %u Error ind=%zu rc=%d \n", __FUNCTION__, __LINE__, ind, rc); } @@ -140,7 +140,7 @@ int test_strfirstsame_s() } if (ind != 4) { - printf("%s %u Error ind=%d rc=%d \n", + printf("%s %u Error ind=%zu rc=%d \n", __FUNCTION__, __LINE__, ind, rc); } @@ -156,7 +156,7 @@ int test_strfirstsame_s() } if (ind != 0) { - printf("%s %u Error ind=%d rc=%d \n", + printf("%s %u Error ind=%zu rc=%d \n", __FUNCTION__, __LINE__, ind, rc); } @@ -172,7 +172,7 @@ int test_strfirstsame_s() } if (ind != 13) { - printf("%s %u Error ind=%d rc=%d \n", + printf("%s %u Error ind=%zu rc=%d \n", __FUNCTION__, __LINE__, ind, rc); } @@ -183,12 +183,12 @@ int test_strfirstsame_s() /* same string for src and dest */ rc = strfirstsame_s(str1, LEN, str1, &ind); if (rc != EOK) { - printf("%s %u Error ind=%d rc=%d \n", + printf("%s %u Error ind=%zu rc=%d \n", __FUNCTION__, __LINE__, ind, rc); } if (ind != 0) { - printf("%s %u Error ind=%d rc=%d \n", + printf("%s %u Error ind=%zu rc=%d \n", __FUNCTION__, __LINE__, ind, rc); } @@ -199,12 +199,12 @@ int test_strfirstsame_s() rc = strfirstsame_s(str1, 1, str2, &ind); if (rc != ESNOTFND) { - printf("%s %u Error ind=%d rc=%d \n", + printf("%s %u Error ind=%zu rc=%d \n", __FUNCTION__, __LINE__, ind, rc); } if (ind != 0) { - printf("%s %u Error ind=%d rc=%d \n", + printf("%s %u Error ind=%zu rc=%d \n", __FUNCTION__, __LINE__, ind, rc); } @@ -215,12 +215,12 @@ int test_strfirstsame_s() rc = strfirstsame_s(str1, 5, str2, &ind); if (rc != ESNOTFND) { - printf("%s %u Error ind=%d rc=%d \n", + printf("%s %u Error ind=%zu rc=%d \n", __FUNCTION__, __LINE__, ind, rc); } if (ind != 0) { - printf("%s %u Error ind=%d rc=%d \n", + printf("%s %u Error ind=%zu rc=%d \n", __FUNCTION__, __LINE__, ind, rc); } @@ -231,12 +231,12 @@ int test_strfirstsame_s() rc = strfirstsame_s(str1, LEN, str2, &ind); if (rc != ESNOTFND) { - printf("%s %u Error ind=%d rc=%d \n", + printf("%s %u Error ind=%zu rc=%d \n", __FUNCTION__, __LINE__, ind, rc); } if (ind != 0) { - printf("%s %u Error ind=%d rc=%d \n", + printf("%s %u Error ind=%zu rc=%d \n", __FUNCTION__, __LINE__, ind, rc); } diff --git a/unittests/test_strlastdiff_s.c b/unittests/test_strlastdiff_s.c index 2bb86b8..2310e75 100644 --- a/unittests/test_strlastdiff_s.c +++ b/unittests/test_strlastdiff_s.c @@ -30,7 +30,7 @@ int test_strlastdiff_s() } if (ind != 0) { - printf("%s %u Error ind=%d rc=%d \n", + printf("%s %u Error ind=%zu rc=%d \n", __FUNCTION__, __LINE__, ind, rc); } @@ -43,7 +43,7 @@ int test_strlastdiff_s() } if (ind != 0) { - printf("%s %u Error ind=%d rc=%d \n", + printf("%s %u Error ind=%zu rc=%d \n", __FUNCTION__, __LINE__, ind, rc); } @@ -64,7 +64,7 @@ int test_strlastdiff_s() } if (ind != 0) { - printf("%s %u Error ind=%d rc=%d \n", + printf("%s %u Error ind=%zu rc=%d \n", __FUNCTION__, __LINE__, ind, rc); } @@ -77,7 +77,7 @@ int test_strlastdiff_s() } if (ind != 0) { - printf("%s %u Error ind=%d rc=%d \n", + printf("%s %u Error ind=%zu rc=%d \n", __FUNCTION__, __LINE__, ind, rc); } @@ -93,7 +93,7 @@ int test_strlastdiff_s() } if (ind != 0) { - printf("%s %u Error ind=%d rc=%d \n", + printf("%s %u Error ind=%zu rc=%d \n", __FUNCTION__, __LINE__, ind, rc); } @@ -109,7 +109,7 @@ int test_strlastdiff_s() } if (ind != 6) { - printf("%s %u Error ind=%d rc=%d \n", + printf("%s %u Error ind=%zu rc=%d \n", __FUNCTION__, __LINE__, ind, rc); } @@ -125,7 +125,7 @@ int test_strlastdiff_s() } if (ind != 1) { - printf("%s %u Error ind=%d rc=%d \n", + printf("%s %u Error ind=%zu rc=%d \n", __FUNCTION__, __LINE__, ind, rc); } @@ -141,7 +141,7 @@ int test_strlastdiff_s() } if (ind != 10) { - printf("%s %u Error ind=%d rc=%d \n", + printf("%s %u Error ind=%zu rc=%d \n", __FUNCTION__, __LINE__, ind, rc); } @@ -156,7 +156,7 @@ int test_strlastdiff_s() } if (ind != 0) { - printf("%s %u Error ind=%d rc=%d \n", + printf("%s %u Error ind=%zu rc=%d \n", __FUNCTION__, __LINE__, ind, rc); } @@ -172,7 +172,7 @@ int test_strlastdiff_s() } if (ind != 0) { - printf("%s %u Error ind=%d rc=%d \n", + printf("%s %u Error ind=%zu rc=%d \n", __FUNCTION__, __LINE__, ind, rc); } @@ -188,7 +188,7 @@ int test_strlastdiff_s() } if (ind != 13) { - printf("%s %u Error ind=%d rc=%d \n", + printf("%s %u Error ind=%zu rc=%d \n", __FUNCTION__, __LINE__, ind, rc); } diff --git a/unittests/test_strlastsame_s.c b/unittests/test_strlastsame_s.c index 840304b..d81fe52 100644 --- a/unittests/test_strlastsame_s.c +++ b/unittests/test_strlastsame_s.c @@ -29,7 +29,7 @@ int test_strlastsame_s() } if (ind != 0) { - printf("%s %u Error ind=%d rc=%d \n", + printf("%s %u Error ind=%zu rc=%d \n", __FUNCTION__, __LINE__, ind, rc); } @@ -42,7 +42,7 @@ int test_strlastsame_s() } if (ind != 0) { - printf("%s %u Error ind=%d rc=%d \n", + printf("%s %u Error ind=%zu rc=%d \n", __FUNCTION__, __LINE__, ind, rc); } @@ -63,7 +63,7 @@ int test_strlastsame_s() } if (ind != 0) { - printf("%s %u Error ind=%d rc=%d \n", + printf("%s %u Error ind=%zu rc=%d \n", __FUNCTION__, __LINE__, ind, rc); } @@ -76,7 +76,7 @@ int test_strlastsame_s() } if (ind != 0) { - printf("%s %u Error ind=%d rc=%d \n", + printf("%s %u Error ind=%zu rc=%d \n", __FUNCTION__, __LINE__, ind, rc); } @@ -92,7 +92,7 @@ int test_strlastsame_s() } if (ind != 0) { - printf("%s %u Error ind=%d rc=%d \n", + printf("%s %u Error ind=%zu rc=%d \n", __FUNCTION__, __LINE__, ind, rc); } @@ -108,7 +108,7 @@ int test_strlastsame_s() } if (ind != 3) { - printf("%s %u Error ind=%d rc=%d \n", + printf("%s %u Error ind=%zu rc=%d \n", __FUNCTION__, __LINE__, ind, rc); } @@ -124,7 +124,7 @@ int test_strlastsame_s() } if (ind != 0) { - printf("%s %u Error ind=%d rc=%d \n", + printf("%s %u Error ind=%zu rc=%d \n", __FUNCTION__, __LINE__, ind, rc); } @@ -140,7 +140,7 @@ int test_strlastsame_s() } if (ind != 1) { - printf("%s %u Error ind=%d rc=%d \n", + printf("%s %u Error ind=%zu rc=%d \n", __FUNCTION__, __LINE__, ind, rc); } @@ -156,7 +156,7 @@ int test_strlastsame_s() } if (ind != 13) { - printf("%s %u Error ind=%d rc=%d \n", + printf("%s %u Error ind=%zu rc=%d \n", __FUNCTION__, __LINE__, ind, rc); } @@ -167,12 +167,12 @@ int test_strlastsame_s() /* same string for src and dest */ rc = strlastsame_s(str1, LEN, str1, &ind); if (rc != EOK) { - printf("%s %u Error ind=%d rc=%d \n", + printf("%s %u Error ind=%zu rc=%d \n", __FUNCTION__, __LINE__, ind, rc); } if (ind != 13) { - printf("%s %u Error ind=%d rc=%d \n", + printf("%s %u Error ind=%zu rc=%d \n", __FUNCTION__, __LINE__, ind, rc); } @@ -183,12 +183,12 @@ int test_strlastsame_s() rc = strlastsame_s(str1, 1, str2, &ind); if (rc != ESNOTFND) { - printf("%s %u Error ind=%d rc=%d \n", + printf("%s %u Error ind=%zu rc=%d \n", __FUNCTION__, __LINE__, ind, rc); } if (ind != 0) { - printf("%s %u Error ind=%d rc=%d \n", + printf("%s %u Error ind=%zu rc=%d \n", __FUNCTION__, __LINE__, ind, rc); } @@ -199,12 +199,12 @@ int test_strlastsame_s() rc = strlastsame_s(str1, 1, str2, &ind); if (rc != EOK) { - printf("%s %u Error ind=%d rc=%d \n", + printf("%s %u Error ind=%zu rc=%d \n", __FUNCTION__, __LINE__, ind, rc); } if (ind != 0) { - printf("%s %u Error ind=%d rc=%d \n", + printf("%s %u Error ind=%zu rc=%d \n", __FUNCTION__, __LINE__, ind, rc); } @@ -215,12 +215,12 @@ int test_strlastsame_s() rc = strlastsame_s(str1, 5, str2, &ind); if (rc != ESNOTFND) { - printf("%s %u Error ind=%d rc=%d \n", + printf("%s %u Error ind=%zu rc=%d \n", __FUNCTION__, __LINE__, ind, rc); } if (ind != 0) { - printf("%s %u Error ind=%d rc=%d \n", + printf("%s %u Error ind=%zu rc=%d \n", __FUNCTION__, __LINE__, ind, rc); } @@ -231,12 +231,12 @@ int test_strlastsame_s() rc = strlastsame_s(str1, LEN, str2, &ind); if (rc != ESNOTFND) { - printf("%s %u Error ind=%d rc=%d \n", + printf("%s %u Error ind=%zu rc=%d \n", __FUNCTION__, __LINE__, ind, rc); } if (ind != 0) { - printf("%s %u Error ind=%d rc=%d \n", + printf("%s %u Error ind=%zu rc=%d \n", __FUNCTION__, __LINE__, ind, rc); } diff --git a/unittests/test_strnlen_s.c b/unittests/test_strnlen_s.c index b555c04..d0f507a 100644 --- a/unittests/test_strnlen_s.c +++ b/unittests/test_strnlen_s.c @@ -21,7 +21,7 @@ int test_strnlen_s (void) max_len = 3; len = strnlen_s(NULL, max_len); if (len != 0) { - printf("%s %u Len=%u \n", + printf("%s %u Len=%zu \n", __FUNCTION__, __LINE__, len); } @@ -30,7 +30,7 @@ int test_strnlen_s (void) max_len = 0; len = strnlen_s("test", max_len); if (len != 0) { - printf("%s %u Len=%u \n", + printf("%s %u Len=%zu \n", __FUNCTION__, __LINE__, len); } @@ -39,7 +39,7 @@ int test_strnlen_s (void) max_len = RSIZE_MAX_STR+1; len = strnlen_s("test", max_len); if (len != 0) { - printf("%s %u Len=%u \n", + printf("%s %u Len=%zu \n", __FUNCTION__, __LINE__, len); } @@ -51,7 +51,7 @@ int test_strnlen_s (void) len = strnlen_s ("", max_len); if (std_len != len) { - printf("%s %u std_len=%u len=%u \n", + printf("%s %u std_len=%zu len=%zu \n", __FUNCTION__, __LINE__, std_len, len); } @@ -63,7 +63,7 @@ int test_strnlen_s (void) len = strnlen_s ("t", max_len); if (std_len != len) { - printf("%s %u std_len=%u len=%u \n", + printf("%s %u std_len=%zu len=%zu \n", __FUNCTION__, __LINE__, std_len, len); } @@ -75,7 +75,7 @@ int test_strnlen_s (void) len = strnlen_s ("to", max_len); if (std_len != len) { - printf("%s %u std_len=%u len=%u \n", + printf("%s %u std_len=%zu len=%zu \n", __FUNCTION__, __LINE__, std_len, len); } @@ -87,7 +87,7 @@ int test_strnlen_s (void) len = strnlen_s ("testing", max_len); if (std_len != len) { - printf("%s %u std_len=%u len=%u \n", + printf("%s %u std_len=%zu len=%zu \n", __FUNCTION__, __LINE__, std_len, len); } @@ -97,7 +97,7 @@ int test_strnlen_s (void) len = strnlen_s ("testing", max_len); if (len != max_len) { - printf("%s %u len=%u \n", + printf("%s %u len=%zu \n", __FUNCTION__, __LINE__, len); } @@ -107,7 +107,7 @@ int test_strnlen_s (void) len = strnlen_s ("testing", max_len); if (len != max_len) { - printf("%s %u len=%u \n", + printf("%s %u len=%zu \n", __FUNCTION__, __LINE__, len); } @@ -117,7 +117,7 @@ int test_strnlen_s (void) len = strnlen_s ("testing", max_len); if (len != max_len) { - printf("%s %u len=%u \n", + printf("%s %u len=%zu \n", __FUNCTION__, __LINE__, len); } diff --git a/unittests/test_strnterminate_s.c b/unittests/test_strnterminate_s.c index 05531e2..004b47d 100644 --- a/unittests/test_strnterminate_s.c +++ b/unittests/test_strnterminate_s.c @@ -25,7 +25,7 @@ int test_strnterminate_s() max_len = 3; len = strnterminate_s(NULL, max_len); if (len != 0) { - printf("%s %u Len=%u \n", + printf("%s %u Len=%zu \n", __FUNCTION__, __LINE__, len); } @@ -35,7 +35,7 @@ int test_strnterminate_s() max_len = 0; len = strnterminate_s(dest, max_len); if (len != 0) { - printf("%s %u Len=%u \n", + printf("%s %u Len=%zu \n", __FUNCTION__, __LINE__, len); } @@ -45,7 +45,7 @@ int test_strnterminate_s() max_len = RSIZE_MAX_STR+1; len = strnterminate_s(dest, max_len); if (len != 0) { - printf("%s %u Len=%u \n", + printf("%s %u Len=%zu \n", __FUNCTION__, __LINE__, len); } @@ -58,7 +58,7 @@ int test_strnterminate_s() len = strnterminate_s (dest, max_len); if (std_len != len) { - printf("%s %u std_len=%u len=%u \n", + printf("%s %u std_len=%zu len=%zu \n", __FUNCTION__, __LINE__, std_len, len); } @@ -68,7 +68,7 @@ int test_strnterminate_s() len = strnterminate_s (dest, 1); if (len != 0 ) { - printf("%s %u std_len=%u len=%u \n", + printf("%s %u std_len=%zu len=%zu \n", __FUNCTION__, __LINE__, std_len, len); } @@ -79,7 +79,7 @@ int test_strnterminate_s() len = strnterminate_s (dest, max_len); if (len != 1 ) { - printf("%s %u std_len=%u len=%u \n", + printf("%s %u std_len=%zu len=%zu \n", __FUNCTION__, __LINE__, std_len, len); } @@ -90,7 +90,7 @@ int test_strnterminate_s() len = strnterminate_s (dest, max_len); if (len != 1 ) { - printf("%s %u std_len=%u len=%u \n", + printf("%s %u std_len=%zu len=%zu \n", __FUNCTION__, __LINE__, std_len, len); } @@ -101,7 +101,7 @@ int test_strnterminate_s() len = strnterminate_s (dest, max_len); if (len != 2) { - printf("%s %u std_len=%u len=%u \n", + printf("%s %u std_len=%zu len=%zu \n", __FUNCTION__, __LINE__, std_len, len); } @@ -112,7 +112,7 @@ int test_strnterminate_s() len = strnterminate_s (dest, max_len); if (len != 4) { - printf("%s %u std_len=%u len=%u \n", + printf("%s %u std_len=%zu len=%zu \n", __FUNCTION__, __LINE__, std_len, len); } @@ -123,7 +123,7 @@ int test_strnterminate_s() len = strnterminate_s (dest, max_len); if (len != 0) { - printf("%s %u len=%u \n", + printf("%s %u len=%zu \n", __FUNCTION__, __LINE__, len); } @@ -134,7 +134,7 @@ int test_strnterminate_s() len = strnterminate_s (dest, max_len); if (len != max_len-1) { - printf("%s %u len=%u \n", + printf("%s %u len=%zu \n", __FUNCTION__, __LINE__, len); } @@ -145,7 +145,7 @@ int test_strnterminate_s() len = strnterminate_s (dest, max_len); if (len != max_len-1) { - printf("%s %u len=%u \n", + printf("%s %u len=%zu \n", __FUNCTION__, __LINE__, len); } @@ -156,7 +156,7 @@ int test_strnterminate_s() len = strnterminate_s (dest, max_len); if (len != strlen(dest)) { - printf("%s %u len=%u \n", + printf("%s %u len=%zu \n", __FUNCTION__, __LINE__, len); } @@ -169,7 +169,7 @@ int test_strnterminate_s() //printf(" strnterminate_s() len=%u \n", len); len = strnterminate_s (dest, len); if (len != strlen(dest)) { - printf("%s %u len=%u \n", + printf("%s %u len=%zu \n", __FUNCTION__, __LINE__, len); } } diff --git a/unittests/test_strspn_s.c b/unittests/test_strspn_s.c index 3ac7622..8529d2f 100644 --- a/unittests/test_strspn_s.c +++ b/unittests/test_strspn_s.c @@ -30,7 +30,7 @@ int test_strspn_s (void) } if (count != 0) { - printf("%s %u count=%d std_count=%d rc=%d \n", + printf("%s %u count=%zu std_count=%d rc=%d \n", __FUNCTION__, __LINE__, count, std_count, rc); } @@ -43,7 +43,7 @@ int test_strspn_s (void) } if (count != 0) { - printf("%s %u count=%d std_count=%d rc=%d \n", + printf("%s %u count=%zu std_count=%d rc=%d \n", __FUNCTION__, __LINE__, count, std_count, rc); } @@ -64,7 +64,7 @@ int test_strspn_s (void) } if (count != 0) { - printf("%s %u count=%d std_count=%d rc=%d \n", + printf("%s %u count=%zu std_count=%d rc=%d \n", __FUNCTION__, __LINE__, count, std_count, rc); } @@ -77,7 +77,7 @@ int test_strspn_s (void) } if (count != 0) { - printf("%s %u count=%d std_count=%d rc=%d \n", + printf("%s %u count=%zu std_count=%d rc=%d \n", __FUNCTION__, __LINE__, count, std_count, rc); } @@ -90,7 +90,7 @@ int test_strspn_s (void) } if (count != 0) { - printf("%s %u count=%d std_count=%d rc=%d \n", + printf("%s %u count=%zu std_count=%d rc=%d \n", __FUNCTION__, __LINE__, count, std_count, rc); } @@ -103,7 +103,7 @@ int test_strspn_s (void) } if (count != 0) { - printf("%s %u count=%d std_count=%d rc=%d \n", + printf("%s %u count=%zu std_count=%d rc=%d \n", __FUNCTION__, __LINE__, count, std_count, rc); } @@ -119,7 +119,7 @@ int test_strspn_s (void) } if (count != 0) { - printf("%s %u Error count=%d rc=%d \n", + printf("%s %u Error count=%zu rc=%d \n", __FUNCTION__, __LINE__, count, rc); } @@ -135,7 +135,7 @@ int test_strspn_s (void) } if (count != 1) { - printf("%s %u count=%d std_count=%d rc=%d \n", + printf("%s %u count=%zu std_count=%d rc=%d \n", __FUNCTION__, __LINE__, count, std_count, rc); } @@ -151,7 +151,7 @@ int test_strspn_s (void) } if (count != 2) { - printf("%s %u count=%d std_count=%d rc=%d \n", + printf("%s %u count=%zu std_count=%d rc=%d \n", __FUNCTION__, __LINE__, count, std_count, rc); } @@ -167,7 +167,7 @@ int test_strspn_s (void) } if (count != 3) { - printf("%s %u count=%d std_count=%d rc=%d \n", + printf("%s %u count=%zu std_count=%d rc=%d \n", __FUNCTION__, __LINE__, count, std_count, rc); } @@ -184,7 +184,7 @@ int test_strspn_s (void) std_count = strspn(str1, str2); if (count != std_count) { - printf("%s %u count=%d std_count=%d rc=%d \n", + printf("%s %u count=%zu std_count=%d rc=%d \n", __FUNCTION__, __LINE__, count, std_count, rc); } @@ -201,7 +201,7 @@ int test_strspn_s (void) std_count = strspn(str1, str2); if (count != std_count) { - printf("%s %u count=%d std_count=%d rc=%d \n", + printf("%s %u count=%zu std_count=%d rc=%d \n", __FUNCTION__, __LINE__, count, std_count, rc); } @@ -219,7 +219,7 @@ int test_strspn_s (void) std_count = strspn(str1, str2); if (count != std_count) { - printf("%s %u count=%d std_count=%d rc=%d \n", + printf("%s %u count=%zu std_count=%d rc=%d \n", __FUNCTION__, __LINE__, count, std_count, rc); } @@ -236,7 +236,7 @@ int test_strspn_s (void) std_count = strspn(str1, str2); if (count != std_count) { - printf("%s %u count=%d std_count=%d rc=%d \n", + printf("%s %u count=%zu std_count=%d rc=%d \n", __FUNCTION__, __LINE__, count, std_count, rc); } @@ -253,7 +253,7 @@ int test_strspn_s (void) std_count = strspn(str1, str2); if (count != std_count) { - printf("%s %u count=%d std_count=%d rc=%d \n", + printf("%s %u count=%zu std_count=%d rc=%d \n", __FUNCTION__, __LINE__, count, std_count, rc); } @@ -270,7 +270,7 @@ int test_strspn_s (void) std_count = strspn(str1, str2); if (count != std_count) { - printf("%s %u count=%d std_count=%d rc=%d \n", + printf("%s %u count=%zu std_count=%d rc=%d \n", __FUNCTION__, __LINE__, count, std_count, rc); } From 057cdf118658ffab0b3d029ba3287892ad868416 Mon Sep 17 00:00:00 2001 From: Alexander Usyskin Date: Sun, 3 Feb 2019 07:58:28 +0200 Subject: [PATCH 3/3] safestringlib: unittests: fix unused variables warnings Drop unused variables. Enclose variables used only inside ifdef-ed code with ifdef guard. Change-Id: I7fa056d3586bbfe383a599c92ac9389cfa43cb29 Signed-off-by: Alexander Usyskin Signed-off-by: Tomas Winkler --- unittests/test_stpcpy_s.c | 2 ++ unittests/test_strcpy_s.c | 2 ++ unittests/test_wcpcpy_s.c | 2 ++ unittests/test_wcscpy_s.c | 3 ++- unittests/test_wcsncpy_s.c | 3 ++- 5 files changed, 10 insertions(+), 2 deletions(-) diff --git a/unittests/test_stpcpy_s.c b/unittests/test_stpcpy_s.c index c167c67..a2afa42 100644 --- a/unittests/test_stpcpy_s.c +++ b/unittests/test_stpcpy_s.c @@ -82,7 +82,9 @@ int test_stpcpy_s (void) { char *ret; errno_t rc; +#ifdef SAFE_LIB_STR_NULL_SLACK uint32_t i; +#endif /*SAFE_LIB_STR_NULL_SLACK*/ int32_t ind; unsigned int testno = 0; diff --git a/unittests/test_strcpy_s.c b/unittests/test_strcpy_s.c index 075d0ae..5fa9883 100644 --- a/unittests/test_strcpy_s.c +++ b/unittests/test_strcpy_s.c @@ -17,7 +17,9 @@ static char str2[LEN]; int test_strcpy_s (void) { errno_t rc; +#ifdef SAFE_LIB_STR_NULL_SLACK uint32_t i; +#endif /*SAFE_LIB_STR_NULL_SLACK*/ int32_t ind; /*--------------------------------------------------*/ diff --git a/unittests/test_wcpcpy_s.c b/unittests/test_wcpcpy_s.c index 0794178..317c8f8 100644 --- a/unittests/test_wcpcpy_s.c +++ b/unittests/test_wcpcpy_s.c @@ -86,7 +86,9 @@ int test_wcpcpy_s (void) { wchar_t *ret; errno_t rc; +#ifdef SAFE_LIB_STR_NULL_SLACK uint32_t i; +#endif /*SAFE_LIB_STR_NULL_SLACK*/ int32_t ind; rsize_t sz; unsigned int testno = 0; diff --git a/unittests/test_wcscpy_s.c b/unittests/test_wcscpy_s.c index 2345bc0..294c168 100644 --- a/unittests/test_wcscpy_s.c +++ b/unittests/test_wcscpy_s.c @@ -83,9 +83,10 @@ extern errno_t wcscpy_s(wchar_t* dest, rsize_t dmax, const wchar_t* src); int test_wcscpy_s (void) { - wchar_t *ret; errno_t rc; +#ifdef SAFE_LIB_STR_NULL_SLACK uint32_t i; +#endif /*SAFE_LIB_STR_NULL_SLACK*/ int32_t ind; rsize_t sz; rsize_t sz_orig; diff --git a/unittests/test_wcsncpy_s.c b/unittests/test_wcsncpy_s.c index c151a5f..009f47a 100644 --- a/unittests/test_wcsncpy_s.c +++ b/unittests/test_wcsncpy_s.c @@ -83,9 +83,10 @@ extern errno_t wmemset_s (wchar_t *dest, wchar_t value, rsize_t len); int test_wcsncpy_s (void) { - wchar_t *ret; errno_t rc; +#ifdef SAFE_LIB_STR_NULL_SLACK uint32_t i; +#endif /*SAFE_LIB_STR_NULL_SLACK*/ int32_t ind; rsize_t sz; rsize_t sz_orig;