1 /*
2 * Copyright (c) 1983, 1995, 1996 Eric P. Allman
3 * Copyright (c) 1988, 1993
4 * The Regents of the University of California. All rights reserved.
5 * Portions Copyright (c) 1996-2021, PostgreSQL Global Development Group
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. Neither the name of the University nor the names of its contributors
16 * may be used to endorse or promote products derived from this software
17 * without specific prior written permission.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * SUCH DAMAGE.
30 *
31 * src/port/snprintf.c
32 */
33
34 #include "c.h"
35
36 #include <math.h>
37
38 /*
39 * We used to use the platform's NL_ARGMAX here, but that's a bad idea,
40 * first because the point of this module is to remove platform dependencies
41 * not perpetuate them, and second because some platforms use ridiculously
42 * large values, leading to excessive stack consumption in dopr().
43 */
44 #define PG_NL_ARGMAX 31
45
46
47 /*
48 * SNPRINTF, VSNPRINTF and friends
49 *
50 * These versions have been grabbed off the net. They have been
51 * cleaned up to compile properly and support for most of the C99
52 * specification has been added. Remaining unimplemented features are:
53 *
54 * 1. No locale support: the radix character is always '.' and the '
55 * (single quote) format flag is ignored.
56 *
57 * 2. No support for the "%n" format specification.
58 *
59 * 3. No support for wide characters ("lc" and "ls" formats).
60 *
61 * 4. No support for "long double" ("Lf" and related formats).
62 *
63 * 5. Space and '#' flags are not implemented.
64 *
65 * In addition, we support some extensions over C99:
66 *
67 * 1. Argument order control through "%n$" and "*n$", as required by POSIX.
68 *
69 * 2. "%m" expands to the value of strerror(errno), where errno is the
70 * value that variable had at the start of the call. This is a glibc
71 * extension, but a very useful one.
72 *
73 *
74 * Historically the result values of sprintf/snprintf varied across platforms.
75 * This implementation now follows the C99 standard:
76 *
77 * 1. -1 is returned if an error is detected in the format string, or if
78 * a write to the target stream fails (as reported by fwrite). Note that
79 * overrunning snprintf's target buffer is *not* an error.
80 *
81 * 2. For successful writes to streams, the actual number of bytes written
82 * to the stream is returned.
83 *
84 * 3. For successful sprintf/snprintf, the number of bytes that would have
85 * been written to an infinite-size buffer (excluding the trailing '\0')
86 * is returned. snprintf will truncate its output to fit in the buffer
87 * (ensuring a trailing '\0' unless count == 0), but this is not reflected
88 * in the function result.
89 *
90 * snprintf buffer overrun can be detected by checking for function result
91 * greater than or equal to the supplied count.
92 */
93
94 /**************************************************************
95 * Original:
96 * Patrick Powell Tue Apr 11 09:48:21 PDT 1995
97 * A bombproof version of doprnt (dopr) included.
98 * Sigh. This sort of thing is always nasty do deal with. Note that
99 * the version here does not include floating point. (now it does ... tgl)
100 **************************************************************/
101
102 /* Prevent recursion */
103 #undef vsnprintf
104 #undef snprintf
105 #undef vsprintf
106 #undef sprintf
107 #undef vfprintf
108 #undef fprintf
109 #undef vprintf
110 #undef printf
111
112 /*
113 * Info about where the formatted output is going.
114 *
115 * dopr and subroutines will not write at/past bufend, but snprintf
116 * reserves one byte, ensuring it may place the trailing '\0' there.
117 *
118 * In snprintf, we use nchars to count the number of bytes dropped on the
119 * floor due to buffer overrun. The correct result of snprintf is thus
120 * (bufptr - bufstart) + nchars. (This isn't as inconsistent as it might
121 * seem: nchars is the number of emitted bytes that are not in the buffer now,
122 * either because we sent them to the stream or because we couldn't fit them
123 * into the buffer to begin with.)
124 */
125 typedef struct
126 {
127 char *bufptr; /* next buffer output position */
128 char *bufstart; /* first buffer element */
129 char *bufend; /* last+1 buffer element, or NULL */
130 /* bufend == NULL is for sprintf, where we assume buf is big enough */
131 FILE *stream; /* eventual output destination, or NULL */
132 int nchars; /* # chars sent to stream, or dropped */
133 bool failed; /* call is a failure; errno is set */
134 } PrintfTarget;
135
136 /*
137 * Info about the type and value of a formatting parameter. Note that we
138 * don't currently support "long double", "wint_t", or "wchar_t *" data,
139 * nor the '%n' formatting code; else we'd need more types. Also, at this
140 * level we need not worry about signed vs unsigned values.
141 */
142 typedef enum
143 {
144 ATYPE_NONE = 0,
145 ATYPE_INT,
146 ATYPE_LONG,
147 ATYPE_LONGLONG,
148 ATYPE_DOUBLE,
149 ATYPE_CHARPTR
150 } PrintfArgType;
151
152 typedef union
153 {
154 int i;
155 long l;
156 long long ll;
157 double d;
158 char *cptr;
159 } PrintfArgValue;
160
161
162 static void flushbuffer(PrintfTarget *target);
163 static void dopr(PrintfTarget *target, const char *format, va_list args);
164
165
166 /*
167 * Externally visible entry points.
168 *
169 * All of these are just wrappers around dopr(). Note it's essential that
170 * they not change the value of "errno" before reaching dopr().
171 */
172
173 int
pg_vsnprintf(char * str,size_t count,const char * fmt,va_list args)174 pg_vsnprintf(char *str, size_t count, const char *fmt, va_list args)
175 {
176 PrintfTarget target;
177 char onebyte[1];
178
179 /*
180 * C99 allows the case str == NULL when count == 0. Rather than
181 * special-casing this situation further down, we substitute a one-byte
182 * local buffer. Callers cannot tell, since the function result doesn't
183 * depend on count.
184 */
185 if (count == 0)
186 {
187 str = onebyte;
188 count = 1;
189 }
190 target.bufstart = target.bufptr = str;
191 target.bufend = str + count - 1;
192 target.stream = NULL;
193 target.nchars = 0;
194 target.failed = false;
195 dopr(&target, fmt, args);
196 *(target.bufptr) = '\0';
197 return target.failed ? -1 : (target.bufptr - target.bufstart
198 + target.nchars);
199 }
200
201 int
pg_snprintf(char * str,size_t count,const char * fmt,...)202 pg_snprintf(char *str, size_t count, const char *fmt,...)
203 {
204 int len;
205 va_list args;
206
207 va_start(args, fmt);
208 len = pg_vsnprintf(str, count, fmt, args);
209 va_end(args);
210 return len;
211 }
212
213 int
pg_vsprintf(char * str,const char * fmt,va_list args)214 pg_vsprintf(char *str, const char *fmt, va_list args)
215 {
216 PrintfTarget target;
217
218 target.bufstart = target.bufptr = str;
219 target.bufend = NULL;
220 target.stream = NULL;
221 target.nchars = 0; /* not really used in this case */
222 target.failed = false;
223 dopr(&target, fmt, args);
224 *(target.bufptr) = '\0';
225 return target.failed ? -1 : (target.bufptr - target.bufstart
226 + target.nchars);
227 }
228
229 int
pg_sprintf(char * str,const char * fmt,...)230 pg_sprintf(char *str, const char *fmt,...)
231 {
232 int len;
233 va_list args;
234
235 va_start(args, fmt);
236 len = pg_vsprintf(str, fmt, args);
237 va_end(args);
238 return len;
239 }
240
241 int
pg_vfprintf(FILE * stream,const char * fmt,va_list args)242 pg_vfprintf(FILE *stream, const char *fmt, va_list args)
243 {
244 PrintfTarget target;
245 char buffer[1024]; /* size is arbitrary */
246
247 if (stream == NULL)
248 {
249 errno = EINVAL;
250 return -1;
251 }
252 target.bufstart = target.bufptr = buffer;
253 target.bufend = buffer + sizeof(buffer); /* use the whole buffer */
254 target.stream = stream;
255 target.nchars = 0;
256 target.failed = false;
257 dopr(&target, fmt, args);
258 /* dump any remaining buffer contents */
259 flushbuffer(&target);
260 return target.failed ? -1 : target.nchars;
261 }
262
263 int
pg_fprintf(FILE * stream,const char * fmt,...)264 pg_fprintf(FILE *stream, const char *fmt,...)
265 {
266 int len;
267 va_list args;
268
269 va_start(args, fmt);
270 len = pg_vfprintf(stream, fmt, args);
271 va_end(args);
272 return len;
273 }
274
275 int
pg_vprintf(const char * fmt,va_list args)276 pg_vprintf(const char *fmt, va_list args)
277 {
278 return pg_vfprintf(stdout, fmt, args);
279 }
280
281 int
pg_printf(const char * fmt,...)282 pg_printf(const char *fmt,...)
283 {
284 int len;
285 va_list args;
286
287 va_start(args, fmt);
288 len = pg_vfprintf(stdout, fmt, args);
289 va_end(args);
290 return len;
291 }
292
293 /*
294 * Attempt to write the entire buffer to target->stream; discard the entire
295 * buffer in any case. Call this only when target->stream is defined.
296 */
297 static void
flushbuffer(PrintfTarget * target)298 flushbuffer(PrintfTarget *target)
299 {
300 size_t nc = target->bufptr - target->bufstart;
301
302 /*
303 * Don't write anything if we already failed; this is to ensure we
304 * preserve the original failure's errno.
305 */
306 if (!target->failed && nc > 0)
307 {
308 size_t written;
309
310 written = fwrite(target->bufstart, 1, nc, target->stream);
311 target->nchars += written;
312 if (written != nc)
313 target->failed = true;
314 }
315 target->bufptr = target->bufstart;
316 }
317
318
319 static bool find_arguments(const char *format, va_list args,
320 PrintfArgValue *argvalues);
321 static void fmtstr(const char *value, int leftjust, int minlen, int maxwidth,
322 int pointflag, PrintfTarget *target);
323 static void fmtptr(const void *value, PrintfTarget *target);
324 static void fmtint(long long value, char type, int forcesign,
325 int leftjust, int minlen, int zpad, int precision, int pointflag,
326 PrintfTarget *target);
327 static void fmtchar(int value, int leftjust, int minlen, PrintfTarget *target);
328 static void fmtfloat(double value, char type, int forcesign,
329 int leftjust, int minlen, int zpad, int precision, int pointflag,
330 PrintfTarget *target);
331 static void dostr(const char *str, int slen, PrintfTarget *target);
332 static void dopr_outch(int c, PrintfTarget *target);
333 static void dopr_outchmulti(int c, int slen, PrintfTarget *target);
334 static int adjust_sign(int is_negative, int forcesign, int *signvalue);
335 static int compute_padlen(int minlen, int vallen, int leftjust);
336 static void leading_pad(int zpad, int signvalue, int *padlen,
337 PrintfTarget *target);
338 static void trailing_pad(int padlen, PrintfTarget *target);
339
340 /*
341 * If strchrnul exists (it's a glibc-ism), it's a good bit faster than the
342 * equivalent manual loop. If it doesn't exist, provide a replacement.
343 *
344 * Note: glibc declares this as returning "char *", but that would require
345 * casting away const internally, so we don't follow that detail.
346 */
347 #ifndef HAVE_STRCHRNUL
348
349 static inline const char *
strchrnul(const char * s,int c)350 strchrnul(const char *s, int c)
351 {
352 while (*s != '\0' && *s != c)
353 s++;
354 return s;
355 }
356
357 #else
358
359 /*
360 * glibc's <string.h> declares strchrnul only if _GNU_SOURCE is defined.
361 * While we typically use that on glibc platforms, configure will set
362 * HAVE_STRCHRNUL whether it's used or not. Fill in the missing declaration
363 * so that this file will compile cleanly with or without _GNU_SOURCE.
364 */
365 #ifndef _GNU_SOURCE
366 extern char *strchrnul(const char *s, int c);
367 #endif
368
369 #endif /* HAVE_STRCHRNUL */
370
371
372 /*
373 * dopr(): the guts of *printf for all cases.
374 */
375 static void
dopr(PrintfTarget * target,const char * format,va_list args)376 dopr(PrintfTarget *target, const char *format, va_list args)
377 {
378 int save_errno = errno;
379 const char *first_pct = NULL;
380 int ch;
381 bool have_dollar;
382 bool have_star;
383 bool afterstar;
384 int accum;
385 int longlongflag;
386 int longflag;
387 int pointflag;
388 int leftjust;
389 int fieldwidth;
390 int precision;
391 int zpad;
392 int forcesign;
393 int fmtpos;
394 int cvalue;
395 long long numvalue;
396 double fvalue;
397 const char *strvalue;
398 PrintfArgValue argvalues[PG_NL_ARGMAX + 1];
399
400 /*
401 * Initially, we suppose the format string does not use %n$. The first
402 * time we come to a conversion spec that has that, we'll call
403 * find_arguments() to check for consistent use of %n$ and fill the
404 * argvalues array with the argument values in the correct order.
405 */
406 have_dollar = false;
407
408 while (*format != '\0')
409 {
410 /* Locate next conversion specifier */
411 if (*format != '%')
412 {
413 /* Scan to next '%' or end of string */
414 const char *next_pct = strchrnul(format + 1, '%');
415
416 /* Dump literal data we just scanned over */
417 dostr(format, next_pct - format, target);
418 if (target->failed)
419 break;
420
421 if (*next_pct == '\0')
422 break;
423 format = next_pct;
424 }
425
426 /*
427 * Remember start of first conversion spec; if we find %n$, then it's
428 * sufficient for find_arguments() to start here, without rescanning
429 * earlier literal text.
430 */
431 if (first_pct == NULL)
432 first_pct = format;
433
434 /* Process conversion spec starting at *format */
435 format++;
436
437 /* Fast path for conversion spec that is exactly %s */
438 if (*format == 's')
439 {
440 format++;
441 strvalue = va_arg(args, char *);
442 if (strvalue == NULL)
443 strvalue = "(null)";
444 dostr(strvalue, strlen(strvalue), target);
445 if (target->failed)
446 break;
447 continue;
448 }
449
450 fieldwidth = precision = zpad = leftjust = forcesign = 0;
451 longflag = longlongflag = pointflag = 0;
452 fmtpos = accum = 0;
453 have_star = afterstar = false;
454 nextch2:
455 ch = *format++;
456 switch (ch)
457 {
458 case '-':
459 leftjust = 1;
460 goto nextch2;
461 case '+':
462 forcesign = 1;
463 goto nextch2;
464 case '0':
465 /* set zero padding if no nonzero digits yet */
466 if (accum == 0 && !pointflag)
467 zpad = '0';
468 /* FALL THRU */
469 case '1':
470 case '2':
471 case '3':
472 case '4':
473 case '5':
474 case '6':
475 case '7':
476 case '8':
477 case '9':
478 accum = accum * 10 + (ch - '0');
479 goto nextch2;
480 case '.':
481 if (have_star)
482 have_star = false;
483 else
484 fieldwidth = accum;
485 pointflag = 1;
486 accum = 0;
487 goto nextch2;
488 case '*':
489 if (have_dollar)
490 {
491 /*
492 * We'll process value after reading n$. Note it's OK to
493 * assume have_dollar is set correctly, because in a valid
494 * format string the initial % must have had n$ if * does.
495 */
496 afterstar = true;
497 }
498 else
499 {
500 /* fetch and process value now */
501 int starval = va_arg(args, int);
502
503 if (pointflag)
504 {
505 precision = starval;
506 if (precision < 0)
507 {
508 precision = 0;
509 pointflag = 0;
510 }
511 }
512 else
513 {
514 fieldwidth = starval;
515 if (fieldwidth < 0)
516 {
517 leftjust = 1;
518 fieldwidth = -fieldwidth;
519 }
520 }
521 }
522 have_star = true;
523 accum = 0;
524 goto nextch2;
525 case '$':
526 /* First dollar sign? */
527 if (!have_dollar)
528 {
529 /* Yup, so examine all conversion specs in format */
530 if (!find_arguments(first_pct, args, argvalues))
531 goto bad_format;
532 have_dollar = true;
533 }
534 if (afterstar)
535 {
536 /* fetch and process star value */
537 int starval = argvalues[accum].i;
538
539 if (pointflag)
540 {
541 precision = starval;
542 if (precision < 0)
543 {
544 precision = 0;
545 pointflag = 0;
546 }
547 }
548 else
549 {
550 fieldwidth = starval;
551 if (fieldwidth < 0)
552 {
553 leftjust = 1;
554 fieldwidth = -fieldwidth;
555 }
556 }
557 afterstar = false;
558 }
559 else
560 fmtpos = accum;
561 accum = 0;
562 goto nextch2;
563 case 'l':
564 if (longflag)
565 longlongflag = 1;
566 else
567 longflag = 1;
568 goto nextch2;
569 case 'z':
570 #if SIZEOF_SIZE_T == 8
571 #ifdef HAVE_LONG_INT_64
572 longflag = 1;
573 #elif defined(HAVE_LONG_LONG_INT_64)
574 longlongflag = 1;
575 #else
576 #error "Don't know how to print 64bit integers"
577 #endif
578 #else
579 /* assume size_t is same size as int */
580 #endif
581 goto nextch2;
582 case 'h':
583 case '\'':
584 /* ignore these */
585 goto nextch2;
586 case 'd':
587 case 'i':
588 if (!have_star)
589 {
590 if (pointflag)
591 precision = accum;
592 else
593 fieldwidth = accum;
594 }
595 if (have_dollar)
596 {
597 if (longlongflag)
598 numvalue = argvalues[fmtpos].ll;
599 else if (longflag)
600 numvalue = argvalues[fmtpos].l;
601 else
602 numvalue = argvalues[fmtpos].i;
603 }
604 else
605 {
606 if (longlongflag)
607 numvalue = va_arg(args, long long);
608 else if (longflag)
609 numvalue = va_arg(args, long);
610 else
611 numvalue = va_arg(args, int);
612 }
613 fmtint(numvalue, ch, forcesign, leftjust, fieldwidth, zpad,
614 precision, pointflag, target);
615 break;
616 case 'o':
617 case 'u':
618 case 'x':
619 case 'X':
620 if (!have_star)
621 {
622 if (pointflag)
623 precision = accum;
624 else
625 fieldwidth = accum;
626 }
627 if (have_dollar)
628 {
629 if (longlongflag)
630 numvalue = (unsigned long long) argvalues[fmtpos].ll;
631 else if (longflag)
632 numvalue = (unsigned long) argvalues[fmtpos].l;
633 else
634 numvalue = (unsigned int) argvalues[fmtpos].i;
635 }
636 else
637 {
638 if (longlongflag)
639 numvalue = (unsigned long long) va_arg(args, long long);
640 else if (longflag)
641 numvalue = (unsigned long) va_arg(args, long);
642 else
643 numvalue = (unsigned int) va_arg(args, int);
644 }
645 fmtint(numvalue, ch, forcesign, leftjust, fieldwidth, zpad,
646 precision, pointflag, target);
647 break;
648 case 'c':
649 if (!have_star)
650 {
651 if (pointflag)
652 precision = accum;
653 else
654 fieldwidth = accum;
655 }
656 if (have_dollar)
657 cvalue = (unsigned char) argvalues[fmtpos].i;
658 else
659 cvalue = (unsigned char) va_arg(args, int);
660 fmtchar(cvalue, leftjust, fieldwidth, target);
661 break;
662 case 's':
663 if (!have_star)
664 {
665 if (pointflag)
666 precision = accum;
667 else
668 fieldwidth = accum;
669 }
670 if (have_dollar)
671 strvalue = argvalues[fmtpos].cptr;
672 else
673 strvalue = va_arg(args, char *);
674 /* If string is NULL, silently substitute "(null)" */
675 if (strvalue == NULL)
676 strvalue = "(null)";
677 fmtstr(strvalue, leftjust, fieldwidth, precision, pointflag,
678 target);
679 break;
680 case 'p':
681 /* fieldwidth/leftjust are ignored ... */
682 if (have_dollar)
683 strvalue = argvalues[fmtpos].cptr;
684 else
685 strvalue = va_arg(args, char *);
686 fmtptr((const void *) strvalue, target);
687 break;
688 case 'e':
689 case 'E':
690 case 'f':
691 case 'g':
692 case 'G':
693 if (!have_star)
694 {
695 if (pointflag)
696 precision = accum;
697 else
698 fieldwidth = accum;
699 }
700 if (have_dollar)
701 fvalue = argvalues[fmtpos].d;
702 else
703 fvalue = va_arg(args, double);
704 fmtfloat(fvalue, ch, forcesign, leftjust,
705 fieldwidth, zpad,
706 precision, pointflag,
707 target);
708 break;
709 case 'm':
710 {
711 char errbuf[PG_STRERROR_R_BUFLEN];
712 const char *errm = strerror_r(save_errno,
713 errbuf, sizeof(errbuf));
714
715 dostr(errm, strlen(errm), target);
716 }
717 break;
718 case '%':
719 dopr_outch('%', target);
720 break;
721 default:
722
723 /*
724 * Anything else --- in particular, '\0' indicating end of
725 * format string --- is bogus.
726 */
727 goto bad_format;
728 }
729
730 /* Check for failure after each conversion spec */
731 if (target->failed)
732 break;
733 }
734
735 return;
736
737 bad_format:
738 errno = EINVAL;
739 target->failed = true;
740 }
741
742 /*
743 * find_arguments(): sort out the arguments for a format spec with %n$
744 *
745 * If format is valid, return true and fill argvalues[i] with the value
746 * for the conversion spec that has %i$ or *i$. Else return false.
747 */
748 static bool
find_arguments(const char * format,va_list args,PrintfArgValue * argvalues)749 find_arguments(const char *format, va_list args,
750 PrintfArgValue *argvalues)
751 {
752 int ch;
753 bool afterstar;
754 int accum;
755 int longlongflag;
756 int longflag;
757 int fmtpos;
758 int i;
759 int last_dollar;
760 PrintfArgType argtypes[PG_NL_ARGMAX + 1];
761
762 /* Initialize to "no dollar arguments known" */
763 last_dollar = 0;
764 MemSet(argtypes, 0, sizeof(argtypes));
765
766 /*
767 * This loop must accept the same format strings as the one in dopr().
768 * However, we don't need to analyze them to the same level of detail.
769 *
770 * Since we're only called if there's a dollar-type spec somewhere, we can
771 * fail immediately if we find a non-dollar spec. Per the C99 standard,
772 * all argument references in the format string must be one or the other.
773 */
774 while (*format != '\0')
775 {
776 /* Locate next conversion specifier */
777 if (*format != '%')
778 {
779 /* Unlike dopr, we can just quit if there's no more specifiers */
780 format = strchr(format + 1, '%');
781 if (format == NULL)
782 break;
783 }
784
785 /* Process conversion spec starting at *format */
786 format++;
787 longflag = longlongflag = 0;
788 fmtpos = accum = 0;
789 afterstar = false;
790 nextch1:
791 ch = *format++;
792 switch (ch)
793 {
794 case '-':
795 case '+':
796 goto nextch1;
797 case '0':
798 case '1':
799 case '2':
800 case '3':
801 case '4':
802 case '5':
803 case '6':
804 case '7':
805 case '8':
806 case '9':
807 accum = accum * 10 + (ch - '0');
808 goto nextch1;
809 case '.':
810 accum = 0;
811 goto nextch1;
812 case '*':
813 if (afterstar)
814 return false; /* previous star missing dollar */
815 afterstar = true;
816 accum = 0;
817 goto nextch1;
818 case '$':
819 if (accum <= 0 || accum > PG_NL_ARGMAX)
820 return false;
821 if (afterstar)
822 {
823 if (argtypes[accum] &&
824 argtypes[accum] != ATYPE_INT)
825 return false;
826 argtypes[accum] = ATYPE_INT;
827 last_dollar = Max(last_dollar, accum);
828 afterstar = false;
829 }
830 else
831 fmtpos = accum;
832 accum = 0;
833 goto nextch1;
834 case 'l':
835 if (longflag)
836 longlongflag = 1;
837 else
838 longflag = 1;
839 goto nextch1;
840 case 'z':
841 #if SIZEOF_SIZE_T == 8
842 #ifdef HAVE_LONG_INT_64
843 longflag = 1;
844 #elif defined(HAVE_LONG_LONG_INT_64)
845 longlongflag = 1;
846 #else
847 #error "Don't know how to print 64bit integers"
848 #endif
849 #else
850 /* assume size_t is same size as int */
851 #endif
852 goto nextch1;
853 case 'h':
854 case '\'':
855 /* ignore these */
856 goto nextch1;
857 case 'd':
858 case 'i':
859 case 'o':
860 case 'u':
861 case 'x':
862 case 'X':
863 if (fmtpos)
864 {
865 PrintfArgType atype;
866
867 if (longlongflag)
868 atype = ATYPE_LONGLONG;
869 else if (longflag)
870 atype = ATYPE_LONG;
871 else
872 atype = ATYPE_INT;
873 if (argtypes[fmtpos] &&
874 argtypes[fmtpos] != atype)
875 return false;
876 argtypes[fmtpos] = atype;
877 last_dollar = Max(last_dollar, fmtpos);
878 }
879 else
880 return false; /* non-dollar conversion spec */
881 break;
882 case 'c':
883 if (fmtpos)
884 {
885 if (argtypes[fmtpos] &&
886 argtypes[fmtpos] != ATYPE_INT)
887 return false;
888 argtypes[fmtpos] = ATYPE_INT;
889 last_dollar = Max(last_dollar, fmtpos);
890 }
891 else
892 return false; /* non-dollar conversion spec */
893 break;
894 case 's':
895 case 'p':
896 if (fmtpos)
897 {
898 if (argtypes[fmtpos] &&
899 argtypes[fmtpos] != ATYPE_CHARPTR)
900 return false;
901 argtypes[fmtpos] = ATYPE_CHARPTR;
902 last_dollar = Max(last_dollar, fmtpos);
903 }
904 else
905 return false; /* non-dollar conversion spec */
906 break;
907 case 'e':
908 case 'E':
909 case 'f':
910 case 'g':
911 case 'G':
912 if (fmtpos)
913 {
914 if (argtypes[fmtpos] &&
915 argtypes[fmtpos] != ATYPE_DOUBLE)
916 return false;
917 argtypes[fmtpos] = ATYPE_DOUBLE;
918 last_dollar = Max(last_dollar, fmtpos);
919 }
920 else
921 return false; /* non-dollar conversion spec */
922 break;
923 case 'm':
924 case '%':
925 break;
926 default:
927 return false; /* bogus format string */
928 }
929
930 /*
931 * If we finish the spec with afterstar still set, there's a
932 * non-dollar star in there.
933 */
934 if (afterstar)
935 return false; /* non-dollar conversion spec */
936 }
937
938 /*
939 * Format appears valid so far, so collect the arguments in physical
940 * order. (Since we rejected any non-dollar specs that would have
941 * collected arguments, we know that dopr() hasn't collected any yet.)
942 */
943 for (i = 1; i <= last_dollar; i++)
944 {
945 switch (argtypes[i])
946 {
947 case ATYPE_NONE:
948 return false;
949 case ATYPE_INT:
950 argvalues[i].i = va_arg(args, int);
951 break;
952 case ATYPE_LONG:
953 argvalues[i].l = va_arg(args, long);
954 break;
955 case ATYPE_LONGLONG:
956 argvalues[i].ll = va_arg(args, long long);
957 break;
958 case ATYPE_DOUBLE:
959 argvalues[i].d = va_arg(args, double);
960 break;
961 case ATYPE_CHARPTR:
962 argvalues[i].cptr = va_arg(args, char *);
963 break;
964 }
965 }
966
967 return true;
968 }
969
970 static void
fmtstr(const char * value,int leftjust,int minlen,int maxwidth,int pointflag,PrintfTarget * target)971 fmtstr(const char *value, int leftjust, int minlen, int maxwidth,
972 int pointflag, PrintfTarget *target)
973 {
974 int padlen,
975 vallen; /* amount to pad */
976
977 /*
978 * If a maxwidth (precision) is specified, we must not fetch more bytes
979 * than that.
980 */
981 if (pointflag)
982 vallen = strnlen(value, maxwidth);
983 else
984 vallen = strlen(value);
985
986 padlen = compute_padlen(minlen, vallen, leftjust);
987
988 if (padlen > 0)
989 {
990 dopr_outchmulti(' ', padlen, target);
991 padlen = 0;
992 }
993
994 dostr(value, vallen, target);
995
996 trailing_pad(padlen, target);
997 }
998
999 static void
fmtptr(const void * value,PrintfTarget * target)1000 fmtptr(const void *value, PrintfTarget *target)
1001 {
1002 int vallen;
1003 char convert[64];
1004
1005 /* we rely on regular C library's sprintf to do the basic conversion */
1006 vallen = sprintf(convert, "%p", value);
1007 if (vallen < 0)
1008 target->failed = true;
1009 else
1010 dostr(convert, vallen, target);
1011 }
1012
1013 static void
fmtint(long long value,char type,int forcesign,int leftjust,int minlen,int zpad,int precision,int pointflag,PrintfTarget * target)1014 fmtint(long long value, char type, int forcesign, int leftjust,
1015 int minlen, int zpad, int precision, int pointflag,
1016 PrintfTarget *target)
1017 {
1018 unsigned long long base;
1019 unsigned long long uvalue;
1020 int dosign;
1021 const char *cvt = "0123456789abcdef";
1022 int signvalue = 0;
1023 char convert[64];
1024 int vallen = 0;
1025 int padlen; /* amount to pad */
1026 int zeropad; /* extra leading zeroes */
1027
1028 switch (type)
1029 {
1030 case 'd':
1031 case 'i':
1032 base = 10;
1033 dosign = 1;
1034 break;
1035 case 'o':
1036 base = 8;
1037 dosign = 0;
1038 break;
1039 case 'u':
1040 base = 10;
1041 dosign = 0;
1042 break;
1043 case 'x':
1044 base = 16;
1045 dosign = 0;
1046 break;
1047 case 'X':
1048 cvt = "0123456789ABCDEF";
1049 base = 16;
1050 dosign = 0;
1051 break;
1052 default:
1053 return; /* keep compiler quiet */
1054 }
1055
1056 /* disable MSVC warning about applying unary minus to an unsigned value */
1057 #ifdef _MSC_VER
1058 #pragma warning(push)
1059 #pragma warning(disable: 4146)
1060 #endif
1061 /* Handle +/- */
1062 if (dosign && adjust_sign((value < 0), forcesign, &signvalue))
1063 uvalue = -(unsigned long long) value;
1064 else
1065 uvalue = (unsigned long long) value;
1066 #ifdef _MSC_VER
1067 #pragma warning(pop)
1068 #endif
1069
1070 /*
1071 * SUS: the result of converting 0 with an explicit precision of 0 is no
1072 * characters
1073 */
1074 if (value == 0 && pointflag && precision == 0)
1075 vallen = 0;
1076 else
1077 {
1078 /* make integer string */
1079 do
1080 {
1081 convert[sizeof(convert) - (++vallen)] = cvt[uvalue % base];
1082 uvalue = uvalue / base;
1083 } while (uvalue);
1084 }
1085
1086 zeropad = Max(0, precision - vallen);
1087
1088 padlen = compute_padlen(minlen, vallen + zeropad, leftjust);
1089
1090 leading_pad(zpad, signvalue, &padlen, target);
1091
1092 if (zeropad > 0)
1093 dopr_outchmulti('0', zeropad, target);
1094
1095 dostr(convert + sizeof(convert) - vallen, vallen, target);
1096
1097 trailing_pad(padlen, target);
1098 }
1099
1100 static void
fmtchar(int value,int leftjust,int minlen,PrintfTarget * target)1101 fmtchar(int value, int leftjust, int minlen, PrintfTarget *target)
1102 {
1103 int padlen; /* amount to pad */
1104
1105 padlen = compute_padlen(minlen, 1, leftjust);
1106
1107 if (padlen > 0)
1108 {
1109 dopr_outchmulti(' ', padlen, target);
1110 padlen = 0;
1111 }
1112
1113 dopr_outch(value, target);
1114
1115 trailing_pad(padlen, target);
1116 }
1117
1118 static void
fmtfloat(double value,char type,int forcesign,int leftjust,int minlen,int zpad,int precision,int pointflag,PrintfTarget * target)1119 fmtfloat(double value, char type, int forcesign, int leftjust,
1120 int minlen, int zpad, int precision, int pointflag,
1121 PrintfTarget *target)
1122 {
1123 int signvalue = 0;
1124 int prec;
1125 int vallen;
1126 char fmt[8];
1127 char convert[1024];
1128 int zeropadlen = 0; /* amount to pad with zeroes */
1129 int padlen; /* amount to pad with spaces */
1130
1131 /*
1132 * We rely on the regular C library's sprintf to do the basic conversion,
1133 * then handle padding considerations here.
1134 *
1135 * The dynamic range of "double" is about 1E+-308 for IEEE math, and not
1136 * too wildly more than that with other hardware. In "f" format, sprintf
1137 * could therefore generate at most 308 characters to the left of the
1138 * decimal point; while we need to allow the precision to get as high as
1139 * 308+17 to ensure that we don't truncate significant digits from very
1140 * small values. To handle both these extremes, we use a buffer of 1024
1141 * bytes and limit requested precision to 350 digits; this should prevent
1142 * buffer overrun even with non-IEEE math. If the original precision
1143 * request was more than 350, separately pad with zeroes.
1144 *
1145 * We handle infinities and NaNs specially to ensure platform-independent
1146 * output.
1147 */
1148 if (precision < 0) /* cover possible overflow of "accum" */
1149 precision = 0;
1150 prec = Min(precision, 350);
1151
1152 if (isnan(value))
1153 {
1154 strcpy(convert, "NaN");
1155 vallen = 3;
1156 /* no zero padding, regardless of precision spec */
1157 }
1158 else
1159 {
1160 /*
1161 * Handle sign (NaNs have no sign, so we don't do this in the case
1162 * above). "value < 0.0" will not be true for IEEE minus zero, so we
1163 * detect that by looking for the case where value equals 0.0
1164 * according to == but not according to memcmp.
1165 */
1166 static const double dzero = 0.0;
1167
1168 if (adjust_sign((value < 0.0 ||
1169 (value == 0.0 &&
1170 memcmp(&value, &dzero, sizeof(double)) != 0)),
1171 forcesign, &signvalue))
1172 value = -value;
1173
1174 if (isinf(value))
1175 {
1176 strcpy(convert, "Infinity");
1177 vallen = 8;
1178 /* no zero padding, regardless of precision spec */
1179 }
1180 else if (pointflag)
1181 {
1182 zeropadlen = precision - prec;
1183 fmt[0] = '%';
1184 fmt[1] = '.';
1185 fmt[2] = '*';
1186 fmt[3] = type;
1187 fmt[4] = '\0';
1188 vallen = sprintf(convert, fmt, prec, value);
1189 }
1190 else
1191 {
1192 fmt[0] = '%';
1193 fmt[1] = type;
1194 fmt[2] = '\0';
1195 vallen = sprintf(convert, fmt, value);
1196 }
1197 if (vallen < 0)
1198 goto fail;
1199
1200 /*
1201 * Windows, alone among our supported platforms, likes to emit
1202 * three-digit exponent fields even when two digits would do. Hack
1203 * such results to look like the way everyone else does it.
1204 */
1205 #ifdef WIN32
1206 if (vallen >= 6 &&
1207 convert[vallen - 5] == 'e' &&
1208 convert[vallen - 3] == '0')
1209 {
1210 convert[vallen - 3] = convert[vallen - 2];
1211 convert[vallen - 2] = convert[vallen - 1];
1212 vallen--;
1213 }
1214 #endif
1215 }
1216
1217 padlen = compute_padlen(minlen, vallen + zeropadlen, leftjust);
1218
1219 leading_pad(zpad, signvalue, &padlen, target);
1220
1221 if (zeropadlen > 0)
1222 {
1223 /* If 'e' or 'E' format, inject zeroes before the exponent */
1224 char *epos = strrchr(convert, 'e');
1225
1226 if (!epos)
1227 epos = strrchr(convert, 'E');
1228 if (epos)
1229 {
1230 /* pad before exponent */
1231 dostr(convert, epos - convert, target);
1232 dopr_outchmulti('0', zeropadlen, target);
1233 dostr(epos, vallen - (epos - convert), target);
1234 }
1235 else
1236 {
1237 /* no exponent, pad after the digits */
1238 dostr(convert, vallen, target);
1239 dopr_outchmulti('0', zeropadlen, target);
1240 }
1241 }
1242 else
1243 {
1244 /* no zero padding, just emit the number as-is */
1245 dostr(convert, vallen, target);
1246 }
1247
1248 trailing_pad(padlen, target);
1249 return;
1250
1251 fail:
1252 target->failed = true;
1253 }
1254
1255 /*
1256 * Nonstandard entry point to print a double value efficiently.
1257 *
1258 * This is approximately equivalent to strfromd(), but has an API more
1259 * adapted to what float8out() wants. The behavior is like snprintf()
1260 * with a format of "%.ng", where n is the specified precision.
1261 * However, the target buffer must be nonempty (i.e. count > 0), and
1262 * the precision is silently bounded to a sane range.
1263 */
1264 int
pg_strfromd(char * str,size_t count,int precision,double value)1265 pg_strfromd(char *str, size_t count, int precision, double value)
1266 {
1267 PrintfTarget target;
1268 int signvalue = 0;
1269 int vallen;
1270 char fmt[8];
1271 char convert[64];
1272
1273 /* Set up the target like pg_snprintf, but require nonempty buffer */
1274 Assert(count > 0);
1275 target.bufstart = target.bufptr = str;
1276 target.bufend = str + count - 1;
1277 target.stream = NULL;
1278 target.nchars = 0;
1279 target.failed = false;
1280
1281 /*
1282 * We bound precision to a reasonable range; the combination of this and
1283 * the knowledge that we're using "g" format without padding allows the
1284 * convert[] buffer to be reasonably small.
1285 */
1286 if (precision < 1)
1287 precision = 1;
1288 else if (precision > 32)
1289 precision = 32;
1290
1291 /*
1292 * The rest is just an inlined version of the fmtfloat() logic above,
1293 * simplified using the knowledge that no padding is wanted.
1294 */
1295 if (isnan(value))
1296 {
1297 strcpy(convert, "NaN");
1298 vallen = 3;
1299 }
1300 else
1301 {
1302 static const double dzero = 0.0;
1303
1304 if (value < 0.0 ||
1305 (value == 0.0 &&
1306 memcmp(&value, &dzero, sizeof(double)) != 0))
1307 {
1308 signvalue = '-';
1309 value = -value;
1310 }
1311
1312 if (isinf(value))
1313 {
1314 strcpy(convert, "Infinity");
1315 vallen = 8;
1316 }
1317 else
1318 {
1319 fmt[0] = '%';
1320 fmt[1] = '.';
1321 fmt[2] = '*';
1322 fmt[3] = 'g';
1323 fmt[4] = '\0';
1324 vallen = sprintf(convert, fmt, precision, value);
1325 if (vallen < 0)
1326 {
1327 target.failed = true;
1328 goto fail;
1329 }
1330
1331 #ifdef WIN32
1332 if (vallen >= 6 &&
1333 convert[vallen - 5] == 'e' &&
1334 convert[vallen - 3] == '0')
1335 {
1336 convert[vallen - 3] = convert[vallen - 2];
1337 convert[vallen - 2] = convert[vallen - 1];
1338 vallen--;
1339 }
1340 #endif
1341 }
1342 }
1343
1344 if (signvalue)
1345 dopr_outch(signvalue, &target);
1346
1347 dostr(convert, vallen, &target);
1348
1349 fail:
1350 *(target.bufptr) = '\0';
1351 return target.failed ? -1 : (target.bufptr - target.bufstart
1352 + target.nchars);
1353 }
1354
1355
1356 static void
dostr(const char * str,int slen,PrintfTarget * target)1357 dostr(const char *str, int slen, PrintfTarget *target)
1358 {
1359 /* fast path for common case of slen == 1 */
1360 if (slen == 1)
1361 {
1362 dopr_outch(*str, target);
1363 return;
1364 }
1365
1366 while (slen > 0)
1367 {
1368 int avail;
1369
1370 if (target->bufend != NULL)
1371 avail = target->bufend - target->bufptr;
1372 else
1373 avail = slen;
1374 if (avail <= 0)
1375 {
1376 /* buffer full, can we dump to stream? */
1377 if (target->stream == NULL)
1378 {
1379 target->nchars += slen; /* no, lose the data */
1380 return;
1381 }
1382 flushbuffer(target);
1383 continue;
1384 }
1385 avail = Min(avail, slen);
1386 memmove(target->bufptr, str, avail);
1387 target->bufptr += avail;
1388 str += avail;
1389 slen -= avail;
1390 }
1391 }
1392
1393 static void
dopr_outch(int c,PrintfTarget * target)1394 dopr_outch(int c, PrintfTarget *target)
1395 {
1396 if (target->bufend != NULL && target->bufptr >= target->bufend)
1397 {
1398 /* buffer full, can we dump to stream? */
1399 if (target->stream == NULL)
1400 {
1401 target->nchars++; /* no, lose the data */
1402 return;
1403 }
1404 flushbuffer(target);
1405 }
1406 *(target->bufptr++) = c;
1407 }
1408
1409 static void
dopr_outchmulti(int c,int slen,PrintfTarget * target)1410 dopr_outchmulti(int c, int slen, PrintfTarget *target)
1411 {
1412 /* fast path for common case of slen == 1 */
1413 if (slen == 1)
1414 {
1415 dopr_outch(c, target);
1416 return;
1417 }
1418
1419 while (slen > 0)
1420 {
1421 int avail;
1422
1423 if (target->bufend != NULL)
1424 avail = target->bufend - target->bufptr;
1425 else
1426 avail = slen;
1427 if (avail <= 0)
1428 {
1429 /* buffer full, can we dump to stream? */
1430 if (target->stream == NULL)
1431 {
1432 target->nchars += slen; /* no, lose the data */
1433 return;
1434 }
1435 flushbuffer(target);
1436 continue;
1437 }
1438 avail = Min(avail, slen);
1439 memset(target->bufptr, c, avail);
1440 target->bufptr += avail;
1441 slen -= avail;
1442 }
1443 }
1444
1445
1446 static int
adjust_sign(int is_negative,int forcesign,int * signvalue)1447 adjust_sign(int is_negative, int forcesign, int *signvalue)
1448 {
1449 if (is_negative)
1450 {
1451 *signvalue = '-';
1452 return true;
1453 }
1454 else if (forcesign)
1455 *signvalue = '+';
1456 return false;
1457 }
1458
1459
1460 static int
compute_padlen(int minlen,int vallen,int leftjust)1461 compute_padlen(int minlen, int vallen, int leftjust)
1462 {
1463 int padlen;
1464
1465 padlen = minlen - vallen;
1466 if (padlen < 0)
1467 padlen = 0;
1468 if (leftjust)
1469 padlen = -padlen;
1470 return padlen;
1471 }
1472
1473
1474 static void
leading_pad(int zpad,int signvalue,int * padlen,PrintfTarget * target)1475 leading_pad(int zpad, int signvalue, int *padlen, PrintfTarget *target)
1476 {
1477 int maxpad;
1478
1479 if (*padlen > 0 && zpad)
1480 {
1481 if (signvalue)
1482 {
1483 dopr_outch(signvalue, target);
1484 --(*padlen);
1485 signvalue = 0;
1486 }
1487 if (*padlen > 0)
1488 {
1489 dopr_outchmulti(zpad, *padlen, target);
1490 *padlen = 0;
1491 }
1492 }
1493 maxpad = (signvalue != 0);
1494 if (*padlen > maxpad)
1495 {
1496 dopr_outchmulti(' ', *padlen - maxpad, target);
1497 *padlen = maxpad;
1498 }
1499 if (signvalue)
1500 {
1501 dopr_outch(signvalue, target);
1502 if (*padlen > 0)
1503 --(*padlen);
1504 else if (*padlen < 0)
1505 ++(*padlen);
1506 }
1507 }
1508
1509
1510 static void
trailing_pad(int padlen,PrintfTarget * target)1511 trailing_pad(int padlen, PrintfTarget *target)
1512 {
1513 if (padlen < 0)
1514 dopr_outchmulti(' ', -padlen, target);
1515 }
1516