[mirror_frr.git] / lib / strlcat.c

/* Append a null-terminated string to another string, with length checking.
 * Copyright (C) 2016 Free Software Foundation, Inc.
 * This file is part of the GNU C Library.
 *
 * The GNU C Library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
 * version 2.1 of the License, or (at your option) any later version.
 *
 * The GNU C Library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with the GNU C Library; if not, see
 * <http://www.gnu.org/licenses/>.
 */

/* adapted for Quagga from glibc patch submission originally from
 * Florian Weimer <fweimer@redhat.com>, 2016-05-18 */

#ifdef HAVE_CONFIG_H
#include "config.h"
#endif

#include <stdint.h>
#include <string.h>

#ifndef HAVE_STRLCAT
#undef strlcat

size_t strlcat(char *__restrict dest,
	       const char *__restrict src, size_t destsize);

size_t strlcat(char *__restrict dest,
	       const char *__restrict src, size_t destsize)
{
	size_t src_length = strlen(src);

	/* Our implementation strlcat supports dest == NULL if size == 0
	   (for consistency with snprintf and strlcpy), but strnlen does
	   not, so we have to cover this case explicitly.  */
	if (destsize == 0)
		return src_length;

	size_t dest_length = strnlen(dest, destsize);
	if (dest_length != destsize) {
		/* Copy at most the remaining number of characters in the
		   destination buffer.  Leave for the NUL terminator.  */
		size_t to_copy = destsize - dest_length - 1;
		/* But not more than what is available in the source string.  */
		if (to_copy > src_length)
			to_copy = src_length;

		char *target = dest + dest_length;
		memcpy(target, src, to_copy);
		target[to_copy] = '\0';
	}

/* If the sum wraps around, we have more than SIZE_MAX + 2 bytes in
   the two input strings (including both null terminators).  If each
   byte in the address space can be assigned a unique size_t value
   (which the static_assert checks), then by the pigeonhole
   principle, the two input strings must overlap, which is
   undefined.  */
#if __STDC_VERSION__ >= 201112L
	_Static_assert(sizeof(uintptr_t) == sizeof(size_t),
		       "theoretical maximum object size covers address space");
#endif
	return dest_length + src_length;
}
#endif /* HAVE_STRLCAT */
Commit	Line	Data
c5d9d3bb	1	/* Append a null-terminated string to another string, with length checking.
896014f4 DL	2	* Copyright (C) 2016 Free Software Foundation, Inc.
	3	* This file is part of the GNU C Library.
	4	*
	5	* The GNU C Library is free software; you can redistribute it and/or
	6	* modify it under the terms of the GNU Lesser General Public
	7	* License as published by the Free Software Foundation; either
	8	* version 2.1 of the License, or (at your option) any later version.
	9	*
	10	* The GNU C Library is distributed in the hope that it will be useful,
	11	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	12	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	13	* Lesser General Public License for more details.
	14	*
	15	* You should have received a copy of the GNU Lesser General Public
	16	* License along with the GNU C Library; if not, see
d62a17ae	17	* <http://www.gnu.org/licenses/>.
896014f4	18	*/
c5d9d3bb DL	19
	20	/* adapted for Quagga from glibc patch submission originally from
	21	* Florian Weimer <fweimer@redhat.com>, 2016-05-18 */
	22
b45ac5f5 DL	23	#ifdef HAVE_CONFIG_H
	24	#include "config.h"
	25	#endif
	26
c5d9d3bb DL	27	#include <stdint.h>
	28	#include <string.h>
	29
c5d9d3bb DL	30	#ifndef HAVE_STRLCAT
	31	#undef strlcat
	32
c9a164df DS	33	size_t strlcat(char *__restrict dest,
c9a164df DS	34	const char *__restrict src, size_t destsize);
c5d9d3bb	35
c9a164df DS	36	size_t strlcat(char *__restrict dest,
c9a164df DS	37	const char *__restrict src, size_t destsize)
c5d9d3bb	38	{
d62a17ae	39	size_t src_length = strlen(src);
c5d9d3bb	40
d62a17ae	41	/* Our implementation strlcat supports dest == NULL if size == 0
	42	(for consistency with snprintf and strlcpy), but strnlen does
	43	not, so we have to cover this case explicitly. */
c9a164df	44	if (destsize == 0)
d62a17ae	45	return src_length;
c5d9d3bb	46
c9a164df DS	47	size_t dest_length = strnlen(dest, destsize);
c9a164df DS	48	if (dest_length != destsize) {
d62a17ae	49	/* Copy at most the remaining number of characters in the
d62a17ae	50	destination buffer. Leave for the NUL terminator. */
c9a164df	51	size_t to_copy = destsize - dest_length - 1;
d62a17ae	52	/* But not more than what is available in the source string. */
	53	if (to_copy > src_length)
	54	to_copy = src_length;
c5d9d3bb	55
d62a17ae	56	char *target = dest + dest_length;
	57	memcpy(target, src, to_copy);
	58	target[to_copy] = '\0';
	59	}
c5d9d3bb	60
d62a17ae	61	/* If the sum wraps around, we have more than SIZE_MAX + 2 bytes in
	62	the two input strings (including both null terminators). If each
	63	byte in the address space can be assigned a unique size_t value
	64	(which the static_assert checks), then by the pigeonhole
	65	principle, the two input strings must overlap, which is
	66	undefined. */
c5d9d3bb	67	#if __STDC_VERSION__ >= 201112L
d62a17ae	68	_Static_assert(sizeof(uintptr_t) == sizeof(size_t),
d62a17ae	69	"theoretical maximum object size covers address space");
c5d9d3bb	70	#endif
d62a17ae	71	return dest_length + src_length;
c5d9d3bb DL	72	}
c5d9d3bb DL	73	#endif /* HAVE_STRLCAT */