1 /*-
2 * SPDX-License-Identifier: BSD-3-Clause
3 *
4 * Copyright (c) 1990, 1993
5 * The Regents of the University of California. All rights reserved.
6 *
7 * This code is derived from software contributed to Berkeley by
8 * Chris Torek.
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 * 3. Neither the name of the University nor the names of its contributors
19 * may be used to endorse or promote products derived from this software
20 * without specific prior written permission.
21 *
22 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 * SUCH DAMAGE.
33 */
34
35 /*
36 * This is the code responsible for handling positional arguments
37 * (%m$ and %m$.n$) for vfprintf() and vfwprintf().
38 */
39
40 #include "namespace.h"
41 #include <sys/types.h>
42
43 #include <limits.h>
44 #include <stdarg.h>
45 #include <stddef.h>
46 #include <stdint.h>
47 #include <stdio.h>
48 #include <stdlib.h>
49 #include <string.h>
50 #include <wchar.h>
51
52 #include "un-namespace.h"
53 #include "printflocal.h"
54
55 #ifdef NL_ARGMAX
56 #define MAX_POSARG NL_ARGMAX
57 #else
58 #define MAX_POSARG 65536
59 #endif
60
61 /*
62 * Type ids for argument type table.
63 */
64 enum typeid {
65 T_UNUSED, TP_SHORT, T_INT, T_U_INT, TP_INT,
66 T_LONG, T_U_LONG, TP_LONG, T_LLONG, T_U_LLONG, TP_LLONG,
67 T_PTRDIFFT, TP_PTRDIFFT, T_SSIZET, T_SIZET, TP_SSIZET,
68 T_INTMAXT, T_UINTMAXT, TP_INTMAXT, TP_VOID, TP_CHAR, TP_SCHAR,
69 T_DOUBLE, T_LONG_DOUBLE, T_WINT, TP_WCHAR
70 };
71
72 /* An expandable array of types. */
73 struct typetable {
74 enum typeid *table; /* table of types */
75 enum typeid stattable[STATIC_ARG_TBL_SIZE];
76 u_int tablesize; /* current size of type table */
77 u_int tablemax; /* largest used index in table */
78 u_int nextarg; /* 1-based argument index */
79 };
80
81 static int __grow_type_table(struct typetable *);
82 static void build_arg_table (struct typetable *, va_list, union arg **);
83
84 /*
85 * Initialize a struct typetable.
86 */
87 static inline void
inittypes(struct typetable * types)88 inittypes(struct typetable *types)
89 {
90 u_int n;
91
92 types->table = types->stattable;
93 types->tablesize = STATIC_ARG_TBL_SIZE;
94 types->tablemax = 0;
95 types->nextarg = 1;
96 for (n = 0; n < STATIC_ARG_TBL_SIZE; n++)
97 types->table[n] = T_UNUSED;
98 }
99
100 /*
101 * struct typetable destructor.
102 */
103 static inline void
freetypes(struct typetable * types)104 freetypes(struct typetable *types)
105 {
106
107 if (types->table != types->stattable)
108 free (types->table);
109 }
110
111 /*
112 * Ensure that there is space to add a new argument type to the type table.
113 * Expand the table if necessary. Returns 0 on success.
114 */
115 static inline int
_ensurespace(struct typetable * types)116 _ensurespace(struct typetable *types)
117 {
118
119 if (types->nextarg >= types->tablesize) {
120 if (__grow_type_table(types))
121 return (-1);
122 }
123 if (types->nextarg > types->tablemax)
124 types->tablemax = types->nextarg;
125 return (0);
126 }
127
128 /*
129 * Add an argument type to the table, expanding if necessary.
130 * Returns 0 on success.
131 */
132 static inline int
addtype(struct typetable * types,enum typeid type)133 addtype(struct typetable *types, enum typeid type)
134 {
135
136 if (_ensurespace(types))
137 return (-1);
138 types->table[types->nextarg++] = type;
139 return (0);
140 }
141
142 static inline int
addsarg(struct typetable * types,int flags)143 addsarg(struct typetable *types, int flags)
144 {
145
146 if (_ensurespace(types))
147 return (-1);
148 if (flags & INTMAXT)
149 types->table[types->nextarg++] = T_INTMAXT;
150 else if (flags & SIZET)
151 types->table[types->nextarg++] = T_SSIZET;
152 else if (flags & PTRDIFFT)
153 types->table[types->nextarg++] = T_PTRDIFFT;
154 else if (flags & LLONGINT)
155 types->table[types->nextarg++] = T_LLONG;
156 else if (flags & LONGINT)
157 types->table[types->nextarg++] = T_LONG;
158 else
159 types->table[types->nextarg++] = T_INT;
160 return (0);
161 }
162
163 static inline int
adduarg(struct typetable * types,int flags)164 adduarg(struct typetable *types, int flags)
165 {
166
167 if (_ensurespace(types))
168 return (-1);
169 if (flags & INTMAXT)
170 types->table[types->nextarg++] = T_UINTMAXT;
171 else if (flags & SIZET)
172 types->table[types->nextarg++] = T_SIZET;
173 else if (flags & PTRDIFFT)
174 types->table[types->nextarg++] = T_SIZET;
175 else if (flags & LLONGINT)
176 types->table[types->nextarg++] = T_U_LLONG;
177 else if (flags & LONGINT)
178 types->table[types->nextarg++] = T_U_LONG;
179 else
180 types->table[types->nextarg++] = T_U_INT;
181 return (0);
182 }
183
184 /*
185 * Add * arguments to the type array.
186 */
187 static inline int
addaster(struct typetable * types,char ** fmtp)188 addaster(struct typetable *types, char **fmtp)
189 {
190 char *cp;
191 u_int n2;
192
193 n2 = 0;
194 cp = *fmtp;
195 while (is_digit(*cp)) {
196 n2 = 10 * n2 + to_digit(*cp);
197 cp++;
198 }
199 if (*cp == '$') {
200 u_int hold = types->nextarg;
201 types->nextarg = n2;
202 if (addtype(types, T_INT))
203 return (-1);
204 types->nextarg = hold;
205 *fmtp = ++cp;
206 } else {
207 if (addtype(types, T_INT))
208 return (-1);
209 }
210 return (0);
211 }
212
213 static inline int
addwaster(struct typetable * types,wchar_t ** fmtp)214 addwaster(struct typetable *types, wchar_t **fmtp)
215 {
216 wchar_t *cp;
217 u_int n2;
218
219 n2 = 0;
220 cp = *fmtp;
221 while (is_digit(*cp)) {
222 n2 = 10 * n2 + to_digit(*cp);
223 cp++;
224 }
225 if (*cp == '$') {
226 u_int hold = types->nextarg;
227 types->nextarg = n2;
228 if (addtype(types, T_INT))
229 return (-1);
230 types->nextarg = hold;
231 *fmtp = ++cp;
232 } else {
233 if (addtype(types, T_INT))
234 return (-1);
235 }
236 return (0);
237 }
238
239 /*
240 * Find all arguments when a positional parameter is encountered. Returns a
241 * table, indexed by argument number, of pointers to each arguments. The
242 * initial argument table should be an array of STATIC_ARG_TBL_SIZE entries.
243 * It will be replaces with a malloc-ed one if it overflows.
244 * Returns 0 on success. On failure, returns nonzero and sets errno.
245 */
246 int
__find_arguments(const char * fmt0,va_list ap,union arg ** argtable)247 __find_arguments (const char *fmt0, va_list ap, union arg **argtable)
248 {
249 char *fmt; /* format string */
250 int ch; /* character from fmt */
251 u_int n; /* handy integer (short term usage) */
252 int error;
253 int flags; /* flags as above */
254 struct typetable types; /* table of types */
255
256 fmt = (char *)fmt0;
257 inittypes(&types);
258 error = 0;
259
260 /*
261 * Scan the format for conversions (`%' character).
262 */
263 for (;;) {
264 while ((ch = *fmt) != '\0' && ch != '%')
265 fmt++;
266 if (ch == '\0')
267 goto done;
268 fmt++; /* skip over '%' */
269
270 flags = 0;
271
272 rflag: ch = *fmt++;
273 reswitch: switch (ch) {
274 case ' ':
275 case '#':
276 goto rflag;
277 case '*':
278 if ((error = addaster(&types, &fmt)))
279 goto error;
280 goto rflag;
281 case '-':
282 case '+':
283 case '\'':
284 goto rflag;
285 case '.':
286 if ((ch = *fmt++) == '*') {
287 if ((error = addaster(&types, &fmt)))
288 goto error;
289 goto rflag;
290 }
291 while (is_digit(ch)) {
292 ch = *fmt++;
293 }
294 goto reswitch;
295 case '0':
296 goto rflag;
297 case '1': case '2': case '3': case '4':
298 case '5': case '6': case '7': case '8': case '9':
299 n = 0;
300 do {
301 n = 10 * n + to_digit(ch);
302 /* Detect overflow */
303 if (n > MAX_POSARG) {
304 error = -1;
305 goto error;
306 }
307 ch = *fmt++;
308 } while (is_digit(ch));
309 if (ch == '$') {
310 types.nextarg = n;
311 goto rflag;
312 }
313 goto reswitch;
314 case 'L':
315 flags |= LONGDBL;
316 goto rflag;
317 case 'h':
318 if (flags & SHORTINT) {
319 flags &= ~SHORTINT;
320 flags |= CHARINT;
321 } else
322 flags |= SHORTINT;
323 goto rflag;
324 case 'j':
325 flags |= INTMAXT;
326 goto rflag;
327 case 'l':
328 if (flags & LONGINT) {
329 flags &= ~LONGINT;
330 flags |= LLONGINT;
331 } else
332 flags |= LONGINT;
333 goto rflag;
334 case 'q':
335 flags |= LLONGINT; /* not necessarily */
336 goto rflag;
337 case 't':
338 flags |= PTRDIFFT;
339 goto rflag;
340 case 'z':
341 flags |= SIZET;
342 goto rflag;
343 case 'C':
344 flags |= LONGINT;
345 /*FALLTHROUGH*/
346 case 'c':
347 error = addtype(&types,
348 (flags & LONGINT) ? T_WINT : T_INT);
349 if (error)
350 goto error;
351 break;
352 case 'D':
353 flags |= LONGINT;
354 /*FALLTHROUGH*/
355 case 'd':
356 case 'i':
357 if ((error = addsarg(&types, flags)))
358 goto error;
359 break;
360 case 'a':
361 case 'A':
362 case 'e':
363 case 'E':
364 case 'f':
365 case 'g':
366 case 'G':
367 error = addtype(&types,
368 (flags & LONGDBL) ? T_LONG_DOUBLE : T_DOUBLE);
369 if (error)
370 goto error;
371 break;
372 case 'n':
373 if (flags & INTMAXT)
374 error = addtype(&types, TP_INTMAXT);
375 else if (flags & PTRDIFFT)
376 error = addtype(&types, TP_PTRDIFFT);
377 else if (flags & SIZET)
378 error = addtype(&types, TP_SSIZET);
379 else if (flags & LLONGINT)
380 error = addtype(&types, TP_LLONG);
381 else if (flags & LONGINT)
382 error = addtype(&types, TP_LONG);
383 else if (flags & SHORTINT)
384 error = addtype(&types, TP_SHORT);
385 else if (flags & CHARINT)
386 error = addtype(&types, TP_SCHAR);
387 else
388 error = addtype(&types, TP_INT);
389 if (error)
390 goto error;
391 continue; /* no output */
392 case 'O':
393 flags |= LONGINT;
394 /*FALLTHROUGH*/
395 case 'o':
396 if ((error = adduarg(&types, flags)))
397 goto error;
398 break;
399 case 'p':
400 if ((error = addtype(&types, TP_VOID)))
401 goto error;
402 break;
403 case 'S':
404 flags |= LONGINT;
405 /*FALLTHROUGH*/
406 case 's':
407 error = addtype(&types,
408 (flags & LONGINT) ? TP_WCHAR : TP_CHAR);
409 if (error)
410 goto error;
411 break;
412 case 'U':
413 flags |= LONGINT;
414 /*FALLTHROUGH*/
415 case 'u':
416 case 'X':
417 case 'x':
418 if ((error = adduarg(&types, flags)))
419 goto error;
420 break;
421 default: /* "%?" prints ?, unless ? is NUL */
422 if (ch == '\0')
423 goto done;
424 break;
425 }
426 }
427 done:
428 build_arg_table(&types, ap, argtable);
429 error:
430 freetypes(&types);
431 return (error || *argtable == NULL);
432 }
433
434 /* wchar version of __find_arguments. */
435 int
__find_warguments(const wchar_t * fmt0,va_list ap,union arg ** argtable)436 __find_warguments (const wchar_t *fmt0, va_list ap, union arg **argtable)
437 {
438 wchar_t *fmt; /* format string */
439 wchar_t ch; /* character from fmt */
440 u_int n; /* handy integer (short term usage) */
441 int error;
442 int flags; /* flags as above */
443 struct typetable types; /* table of types */
444
445 fmt = (wchar_t *)fmt0;
446 inittypes(&types);
447 error = 0;
448
449 /*
450 * Scan the format for conversions (`%' character).
451 */
452 for (;;) {
453 while ((ch = *fmt) != '\0' && ch != '%')
454 fmt++;
455 if (ch == '\0')
456 goto done;
457 fmt++; /* skip over '%' */
458
459 flags = 0;
460
461 rflag: ch = *fmt++;
462 reswitch: switch (ch) {
463 case ' ':
464 case '#':
465 goto rflag;
466 case '*':
467 if ((error = addwaster(&types, &fmt)))
468 goto error;
469 goto rflag;
470 case '-':
471 case '+':
472 case '\'':
473 goto rflag;
474 case '.':
475 if ((ch = *fmt++) == '*') {
476 if ((error = addwaster(&types, &fmt)))
477 goto error;
478 goto rflag;
479 }
480 while (is_digit(ch)) {
481 ch = *fmt++;
482 }
483 goto reswitch;
484 case '0':
485 goto rflag;
486 case '1': case '2': case '3': case '4':
487 case '5': case '6': case '7': case '8': case '9':
488 n = 0;
489 do {
490 n = 10 * n + to_digit(ch);
491 /* Detect overflow */
492 if (n > MAX_POSARG) {
493 error = -1;
494 goto error;
495 }
496 ch = *fmt++;
497 } while (is_digit(ch));
498 if (ch == '$') {
499 types.nextarg = n;
500 goto rflag;
501 }
502 goto reswitch;
503 case 'L':
504 flags |= LONGDBL;
505 goto rflag;
506 case 'h':
507 if (flags & SHORTINT) {
508 flags &= ~SHORTINT;
509 flags |= CHARINT;
510 } else
511 flags |= SHORTINT;
512 goto rflag;
513 case 'j':
514 flags |= INTMAXT;
515 goto rflag;
516 case 'l':
517 if (flags & LONGINT) {
518 flags &= ~LONGINT;
519 flags |= LLONGINT;
520 } else
521 flags |= LONGINT;
522 goto rflag;
523 case 'q':
524 flags |= LLONGINT; /* not necessarily */
525 goto rflag;
526 case 't':
527 flags |= PTRDIFFT;
528 goto rflag;
529 case 'z':
530 flags |= SIZET;
531 goto rflag;
532 case 'C':
533 flags |= LONGINT;
534 /*FALLTHROUGH*/
535 case 'c':
536 error = addtype(&types,
537 (flags & LONGINT) ? T_WINT : T_INT);
538 if (error)
539 goto error;
540 break;
541 case 'D':
542 flags |= LONGINT;
543 /*FALLTHROUGH*/
544 case 'd':
545 case 'i':
546 if ((error = addsarg(&types, flags)))
547 goto error;
548 break;
549 case 'a':
550 case 'A':
551 case 'e':
552 case 'E':
553 case 'f':
554 case 'g':
555 case 'G':
556 error = addtype(&types,
557 (flags & LONGDBL) ? T_LONG_DOUBLE : T_DOUBLE);
558 if (error)
559 goto error;
560 break;
561 case 'n':
562 if (flags & INTMAXT)
563 error = addtype(&types, TP_INTMAXT);
564 else if (flags & PTRDIFFT)
565 error = addtype(&types, TP_PTRDIFFT);
566 else if (flags & SIZET)
567 error = addtype(&types, TP_SSIZET);
568 else if (flags & LLONGINT)
569 error = addtype(&types, TP_LLONG);
570 else if (flags & LONGINT)
571 error = addtype(&types, TP_LONG);
572 else if (flags & SHORTINT)
573 error = addtype(&types, TP_SHORT);
574 else if (flags & CHARINT)
575 error = addtype(&types, TP_SCHAR);
576 else
577 error = addtype(&types, TP_INT);
578 if (error)
579 goto error;
580 continue; /* no output */
581 case 'O':
582 flags |= LONGINT;
583 /*FALLTHROUGH*/
584 case 'o':
585 if ((error = adduarg(&types, flags)))
586 goto error;
587 break;
588 case 'p':
589 if ((error = addtype(&types, TP_VOID)))
590 goto error;
591 break;
592 case 'S':
593 flags |= LONGINT;
594 /*FALLTHROUGH*/
595 case 's':
596 error = addtype(&types,
597 (flags & LONGINT) ? TP_WCHAR : TP_CHAR);
598 if (error)
599 goto error;
600 break;
601 case 'U':
602 flags |= LONGINT;
603 /*FALLTHROUGH*/
604 case 'u':
605 case 'X':
606 case 'x':
607 if ((error = adduarg(&types, flags)))
608 goto error;
609 break;
610 default: /* "%?" prints ?, unless ? is NUL */
611 if (ch == '\0')
612 goto done;
613 break;
614 }
615 }
616 done:
617 build_arg_table(&types, ap, argtable);
618 error:
619 freetypes(&types);
620 return (error || *argtable == NULL);
621 }
622
623 /*
624 * Increase the size of the type table. Returns 0 on success.
625 */
626 static int
__grow_type_table(struct typetable * types)627 __grow_type_table(struct typetable *types)
628 {
629 enum typeid *const oldtable = types->table;
630 const int oldsize = types->tablesize;
631 enum typeid *newtable;
632 u_int n, newsize;
633
634 /* Detect overflow */
635 if (types->nextarg > NL_ARGMAX)
636 return (-1);
637
638 newsize = oldsize * 2;
639 if (newsize < types->nextarg + 1)
640 newsize = types->nextarg + 1;
641 if (oldsize == STATIC_ARG_TBL_SIZE) {
642 if ((newtable = malloc(newsize * sizeof(enum typeid))) == NULL)
643 return (-1);
644 bcopy(oldtable, newtable, oldsize * sizeof(enum typeid));
645 } else {
646 newtable = reallocarray(oldtable, newsize, sizeof(enum typeid));
647 if (newtable == NULL)
648 return (-1);
649 }
650 for (n = oldsize; n < newsize; n++)
651 newtable[n] = T_UNUSED;
652
653 types->table = newtable;
654 types->tablesize = newsize;
655
656 return (0);
657 }
658
659 /*
660 * Build the argument table from the completed type table.
661 * On malloc failure, *argtable is set to NULL.
662 */
663 static void
build_arg_table(struct typetable * types,va_list ap,union arg ** argtable)664 build_arg_table(struct typetable *types, va_list ap, union arg **argtable)
665 {
666 u_int n;
667
668 if (types->tablemax >= STATIC_ARG_TBL_SIZE) {
669 *argtable = (union arg *)
670 malloc (sizeof (union arg) * (types->tablemax + 1));
671 if (*argtable == NULL)
672 return;
673 }
674
675 (*argtable) [0].intarg = 0;
676 for (n = 1; n <= types->tablemax; n++) {
677 switch (types->table[n]) {
678 case T_UNUSED: /* whoops! */
679 (*argtable) [n].intarg = va_arg (ap, int);
680 break;
681 case TP_SCHAR:
682 (*argtable) [n].pschararg = va_arg (ap, signed char *);
683 break;
684 case TP_SHORT:
685 (*argtable) [n].pshortarg = va_arg (ap, short *);
686 break;
687 case T_INT:
688 (*argtable) [n].intarg = va_arg (ap, int);
689 break;
690 case T_U_INT:
691 (*argtable) [n].uintarg = va_arg (ap, unsigned int);
692 break;
693 case TP_INT:
694 (*argtable) [n].pintarg = va_arg (ap, int *);
695 break;
696 case T_LONG:
697 (*argtable) [n].longarg = va_arg (ap, long);
698 break;
699 case T_U_LONG:
700 (*argtable) [n].ulongarg = va_arg (ap, unsigned long);
701 break;
702 case TP_LONG:
703 (*argtable) [n].plongarg = va_arg (ap, long *);
704 break;
705 case T_LLONG:
706 (*argtable) [n].longlongarg = va_arg (ap, long long);
707 break;
708 case T_U_LLONG:
709 (*argtable) [n].ulonglongarg = va_arg (ap, unsigned long long);
710 break;
711 case TP_LLONG:
712 (*argtable) [n].plonglongarg = va_arg (ap, long long *);
713 break;
714 case T_PTRDIFFT:
715 (*argtable) [n].ptrdiffarg = va_arg (ap, ptrdiff_t);
716 break;
717 case TP_PTRDIFFT:
718 (*argtable) [n].pptrdiffarg = va_arg (ap, ptrdiff_t *);
719 break;
720 case T_SIZET:
721 (*argtable) [n].sizearg = va_arg (ap, size_t);
722 break;
723 case T_SSIZET:
724 (*argtable) [n].sizearg = va_arg (ap, ssize_t);
725 break;
726 case TP_SSIZET:
727 (*argtable) [n].pssizearg = va_arg (ap, ssize_t *);
728 break;
729 case T_INTMAXT:
730 (*argtable) [n].intmaxarg = va_arg (ap, intmax_t);
731 break;
732 case T_UINTMAXT:
733 (*argtable) [n].uintmaxarg = va_arg (ap, uintmax_t);
734 break;
735 case TP_INTMAXT:
736 (*argtable) [n].pintmaxarg = va_arg (ap, intmax_t *);
737 break;
738 case T_DOUBLE:
739 (*argtable) [n].doublearg = va_arg (ap, double);
740 break;
741 case T_LONG_DOUBLE:
742 (*argtable) [n].longdoublearg = va_arg (ap, long double);
743 break;
744 case TP_CHAR:
745 (*argtable) [n].pchararg = va_arg (ap, char *);
746 break;
747 case TP_VOID:
748 (*argtable) [n].pvoidarg = va_arg (ap, void *);
749 break;
750 case T_WINT:
751 (*argtable) [n].wintarg = va_arg (ap, wint_t);
752 break;
753 case TP_WCHAR:
754 (*argtable) [n].pwchararg = va_arg (ap, wchar_t *);
755 break;
756 }
757 }
758 }
759