diff options
author | Florian Weimer <fweimer@redhat.com> | 2023-06-14 18:10:08 +0200 |
---|---|---|
committer | Florian Weimer <fweimer@redhat.com> | 2023-06-14 18:10:08 +0200 |
commit | 454a20c8756c9c1d55419153255fc7692b3d2199 (patch) | |
tree | a65ad84288a247995183089f4400e4fd080ecc9d /string/strlcat.c | |
parent | 7ba426a1115318fc11f4355f3161f35817a06ba4 (diff) | |
download | glibc-454a20c8756c9c1d55419153255fc7692b3d2199.zip glibc-454a20c8756c9c1d55419153255fc7692b3d2199.tar.gz glibc-454a20c8756c9c1d55419153255fc7692b3d2199.tar.bz2 |
Implement strlcpy and strlcat [BZ #178]
These functions are about to be added to POSIX, under Austin Group
issue 986.
The fortified strlcat implementation does not raise SIGABRT if the
destination buffer does not contain a null terminator, it just
inherits the non-failing regular strlcat behavior.
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
Diffstat (limited to 'string/strlcat.c')
-rw-r--r-- | string/strlcat.c | 59 |
1 files changed, 59 insertions, 0 deletions
diff --git a/string/strlcat.c b/string/strlcat.c new file mode 100644 index 0000000..dce4c25 --- /dev/null +++ b/string/strlcat.c @@ -0,0 +1,59 @@ +/* Append a null-terminated string to another string, with length checking. + Copyright (C) 2023 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + <https://www.gnu.org/licenses/>. */ + +#include <stdint.h> +#include <string.h> + +size_t +__strlcat (char *__restrict dest, const char *__restrict src, size_t size) +{ + size_t src_length = strlen (src); + + /* Our implementation strlcat supports dest == NULL if size == 0 + (for consistency with snprintf and strlcpy), but strnlen does + not, so we have to cover this case explicitly. */ + if (size == 0) + return src_length; + + size_t dest_length = __strnlen (dest, size); + if (dest_length != size) + { + /* Copy at most the remaining number of characters in the + destination buffer. Leave for the NUL terminator. */ + size_t to_copy = size - dest_length - 1; + /* But not more than what is available in the source string. */ + if (to_copy > src_length) + to_copy = src_length; + + char *target = dest + dest_length; + memcpy (target, src, to_copy); + target[to_copy] = '\0'; + } + + /* If the sum wraps around, we have more than SIZE_MAX + 2 bytes in + the two input strings (including both null terminators). If each + byte in the address space can be assigned a unique size_t value + (which the static_assert checks), then by the pigeonhole + principle, the two input strings must overlap, which is + undefined. */ + _Static_assert (sizeof (uintptr_t) == sizeof (size_t), + "theoretical maximum object size covers address space"); + return dest_length + src_length; +} +libc_hidden_def (__strlcat) +weak_alias (__strlcat, strlcat) |