]>
Commit | Line | Data |
---|---|---|
c5d9d3bb | 1 | /* Append a null-terminated string to another string, with length checking. |
896014f4 DL |
2 | * Copyright (C) 2016 Free Software Foundation, Inc. |
3 | * This file is part of the GNU C Library. | |
4 | * | |
5 | * The GNU C Library is free software; you can redistribute it and/or | |
6 | * modify it under the terms of the GNU Lesser General Public | |
7 | * License as published by the Free Software Foundation; either | |
8 | * version 2.1 of the License, or (at your option) any later version. | |
9 | * | |
10 | * The GNU C Library is distributed in the hope that it will be useful, | |
11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
13 | * Lesser General Public License for more details. | |
14 | * | |
15 | * You should have received a copy of the GNU Lesser General Public | |
16 | * License along with the GNU C Library; if not, see | |
d62a17ae | 17 | * <http://www.gnu.org/licenses/>. |
896014f4 | 18 | */ |
c5d9d3bb DL |
19 | |
20 | /* adapted for Quagga from glibc patch submission originally from | |
21 | * Florian Weimer <fweimer@redhat.com>, 2016-05-18 */ | |
22 | ||
b45ac5f5 DL |
23 | #ifdef HAVE_CONFIG_H |
24 | #include "config.h" | |
25 | #endif | |
26 | ||
c5d9d3bb DL |
27 | #include <stdint.h> |
28 | #include <string.h> | |
29 | ||
c5d9d3bb DL |
30 | #ifndef HAVE_STRLCAT |
31 | #undef strlcat | |
32 | ||
c9a164df DS |
33 | size_t strlcat(char *__restrict dest, |
34 | const char *__restrict src, size_t destsize); | |
c5d9d3bb | 35 | |
c9a164df DS |
36 | size_t strlcat(char *__restrict dest, |
37 | const char *__restrict src, size_t destsize) | |
c5d9d3bb | 38 | { |
d62a17ae | 39 | size_t src_length = strlen(src); |
c5d9d3bb | 40 | |
d62a17ae | 41 | /* Our implementation strlcat supports dest == NULL if size == 0 |
42 | (for consistency with snprintf and strlcpy), but strnlen does | |
43 | not, so we have to cover this case explicitly. */ | |
c9a164df | 44 | if (destsize == 0) |
d62a17ae | 45 | return src_length; |
c5d9d3bb | 46 | |
c9a164df DS |
47 | size_t dest_length = strnlen(dest, destsize); |
48 | if (dest_length != destsize) { | |
d62a17ae | 49 | /* Copy at most the remaining number of characters in the |
50 | destination buffer. Leave for the NUL terminator. */ | |
c9a164df | 51 | size_t to_copy = destsize - dest_length - 1; |
d62a17ae | 52 | /* But not more than what is available in the source string. */ |
53 | if (to_copy > src_length) | |
54 | to_copy = src_length; | |
c5d9d3bb | 55 | |
d62a17ae | 56 | char *target = dest + dest_length; |
57 | memcpy(target, src, to_copy); | |
58 | target[to_copy] = '\0'; | |
59 | } | |
c5d9d3bb | 60 | |
d62a17ae | 61 | /* If the sum wraps around, we have more than SIZE_MAX + 2 bytes in |
62 | the two input strings (including both null terminators). If each | |
63 | byte in the address space can be assigned a unique size_t value | |
64 | (which the static_assert checks), then by the pigeonhole | |
65 | principle, the two input strings must overlap, which is | |
66 | undefined. */ | |
c5d9d3bb | 67 | #if __STDC_VERSION__ >= 201112L |
d62a17ae | 68 | _Static_assert(sizeof(uintptr_t) == sizeof(size_t), |
69 | "theoretical maximum object size covers address space"); | |
c5d9d3bb | 70 | #endif |
d62a17ae | 71 | return dest_length + src_length; |
c5d9d3bb DL |
72 | } |
73 | #endif /* HAVE_STRLCAT */ |