dbus-string.c 69.7 KB
Newer Older
1
/* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- */
John Palmieri's avatar
John Palmieri committed
2
/* dbus-string.c String utility class (internal to D-Bus implementation)
3
 * 
4
 * Copyright (C) 2002, 2003, 2004, 2005 Red Hat, Inc.
5
 * Copyright (C) 2006 Ralf Habacker <ralf.habacker@freenet.de>
6
 *
7
 * Licensed under the Academic Free License version 2.1
8 9 10 11 12 13 14 15 16 17 18 19 20
 * 
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 * 
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
21
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
22 23 24
 *
 */

25
#include <config.h>
26
#include "dbus-internals.h"
27 28 29
#include "dbus-string.h"
/* we allow a system header here, for speed/convenience */
#include <string.h>
30 31
/* for vsnprintf */
#include <stdio.h>
32 33
#define DBUS_CAN_USE_DBUS_STRING_PRIVATE 1
#include "dbus-string-private.h"
34 35 36
#include "dbus-marshal-basic.h" /* probably should be removed by moving the usage of DBUS_TYPE
                                 * into the marshaling-related files
                                 */
37 38
/* for DBUS_VA_COPY */
#include "dbus-sysdeps.h"
39 40

/**
41
 * @defgroup DBusString DBusString class
42
 * @ingroup  DBusInternals
43
 * @brief DBusString data structure for safer string handling
44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64
 *
 * Types and functions related to DBusString. DBusString is intended
 * to be a string class that makes it hard to mess up security issues
 * (and just in general harder to write buggy code).  It should be
 * used (or extended and then used) rather than the libc stuff in
 * string.h.  The string class is a bit inconvenient at spots because
 * it handles out-of-memory failures and tries to be extra-robust.
 * 
 * A DBusString has a maximum length set at initialization time; this
 * can be used to ensure that a buffer doesn't get too big.  The
 * _dbus_string_lengthen() method checks for overflow, and for max
 * length being exceeded.
 * 
 * Try to avoid conversion to a plain C string, i.e. add methods on
 * the string object instead, only convert to C string when passing
 * things out to the public API. In particular, no sprintf, strcpy,
 * strcat, any of that should be used. The GString feature of
 * accepting negative numbers for "length of string" is also absent,
 * because it could keep us from detecting bogus huge lengths. i.e. if
 * we passed in some bogus huge length it would be taken to mean
 * "current length of string" instead of "broken crack"
65 66 67 68 69 70
 *
 * @todo #DBusString needs a lot of cleaning up; some of the
 * API is no longer used, and the API is pretty inconsistent.
 * In particular all the "append" APIs, especially those involving
 * alignment but probably lots of them, are no longer used by the
 * marshaling code which always does "inserts" now.
71 72 73 74 75 76 77
 */

/**
 * @addtogroup DBusString
 * @{
 */

78 79 80
static void
fixup_alignment (DBusRealString *real)
{
81 82
  unsigned char *aligned;
  unsigned char *real_block;
83 84 85
  unsigned int old_align_offset;

  /* we have to have extra space in real->allocated for the align offset and nul byte */
86
  _dbus_assert (real->len <= real->allocated - _DBUS_STRING_ALLOCATION_PADDING);
87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106
  
  old_align_offset = real->align_offset;
  real_block = real->str - old_align_offset;
  
  aligned = _DBUS_ALIGN_ADDRESS (real_block, 8);

  real->align_offset = aligned - real_block;
  real->str = aligned;
  
  if (old_align_offset != real->align_offset)
    {
      /* Here comes the suck */
      memmove (real_block + real->align_offset,
               real_block + old_align_offset,
               real->len + 1);
    }

  _dbus_assert (real->align_offset < 8);
  _dbus_assert (_DBUS_ALIGN_ADDRESS (real->str, 8) == real->str);
}
107

108 109 110 111 112 113 114 115 116 117
static void
undo_alignment (DBusRealString *real)
{
  if (real->align_offset != 0)
    {
      memmove (real->str - real->align_offset,
               real->str,
               real->len + 1);

      real->str = real->str - real->align_offset;
118
      real->align_offset = 0;
119 120 121
    }
}

122
/**
123 124 125
 * Initializes a string that can be up to the given allocation size
 * before it has to realloc. The string starts life with zero length.
 * The string must eventually be freed with _dbus_string_free().
Havoc Pennington's avatar
Havoc Pennington committed
126
 * 
127
 * @param str memory to hold the string
128
 * @param allocate_size amount to preallocate
129 130
 * @returns #TRUE on success, #FALSE if no memory
 */
131
dbus_bool_t
132 133
_dbus_string_init_preallocated (DBusString *str,
                                int         allocate_size)
134 135
{
  DBusRealString *real;
136 137 138

  _DBUS_STATIC_ASSERT (sizeof (DBusString) == sizeof (DBusRealString));

139 140 141 142 143 144 145 146 147 148
  _dbus_assert (str != NULL);

  real = (DBusRealString*) str;

  /* It's very important not to touch anything
   * other than real->str if we're going to fail,
   * since we also use this function to reset
   * an existing string, e.g. in _dbus_string_steal_data()
   */
  
149
  real->str = dbus_malloc (_DBUS_STRING_ALLOCATION_PADDING + allocate_size);
150
  if (real->str == NULL)
151 152
    return FALSE;  
  
153
  real->allocated = _DBUS_STRING_ALLOCATION_PADDING + allocate_size;
154 155 156 157 158 159
  real->len = 0;
  real->str[real->len] = '\0';
  
  real->constant = FALSE;
  real->locked = FALSE;
  real->invalid = FALSE;
160 161 162
  real->align_offset = 0;
  
  fixup_alignment (real);
163
  
164 165 166
  return TRUE;
}

167 168 169 170 171 172 173 174 175 176 177 178 179
/**
 * Initializes a string. The string starts life with zero length.  The
 * string must eventually be freed with _dbus_string_free().
 * 
 * @param str memory to hold the string
 * @returns #TRUE on success, #FALSE if no memory
 */
dbus_bool_t
_dbus_string_init (DBusString *str)
{
  return _dbus_string_init_preallocated (str, 0);
}

180 181 182 183
/**
 * Initializes a constant string. The value parameter is not copied
 * (should be static), and the string may never be modified.
 * It is safe but not necessary to call _dbus_string_free()
184
 * on a const string. The string has a length limit of MAXINT - 8.
185 186 187 188 189 190 191
 * 
 * @param str memory to use for the string
 * @param value a string to be stored in str (not copied!!!)
 */
void
_dbus_string_init_const (DBusString *str,
                         const char *value)
192
{
193 194
  _dbus_assert (value != NULL);
  
195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212
  _dbus_string_init_const_len (str, value,
                               strlen (value));
}

/**
 * Initializes a constant string with a length. The value parameter is
 * not copied (should be static), and the string may never be
 * modified.  It is safe but not necessary to call _dbus_string_free()
 * on a const string.
 * 
 * @param str memory to use for the string
 * @param value a string to be stored in str (not copied!!!)
 * @param len the length to use
 */
void
_dbus_string_init_const_len (DBusString *str,
                             const char *value,
                             int         len)
213 214 215 216
{
  DBusRealString *real;
  
  _dbus_assert (str != NULL);
217
  _dbus_assert (len == 0 || value != NULL);
218
  _dbus_assert (len <= _DBUS_STRING_MAX_LENGTH);
219 220
  _dbus_assert (len >= 0);
  
221 222
  real = (DBusRealString*) str;
  
223
  real->str = (unsigned char*) value;
224
  real->len = len;
225
  real->allocated = real->len + _DBUS_STRING_ALLOCATION_PADDING; /* a lie, just to avoid special-case assertions... */
226
  real->constant = TRUE;
227
  real->locked = TRUE;
228
  real->invalid = FALSE;
229
  real->align_offset = 0;
230 231 232 233

  /* We don't require const strings to be 8-byte aligned as the
   * memory is coming from elsewhere.
   */
234 235
}

236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252
/**
 * Initializes a string from another string. The
 * string must eventually be freed with _dbus_string_free().
 *
 * @param str memory to hold the string
 * @param from instance from which the string is initialized
 * @returns #TRUE on success, #FALSE if no memory
 */
dbus_bool_t
_dbus_string_init_from_string(DBusString       *str,
                              const DBusString *from)
{
 if (!_dbus_string_init (str))
     return FALSE;
 return _dbus_string_append (str, _dbus_string_get_const_data (from));
}

253 254 255 256 257 258 259 260
/**
 * Frees a string created by _dbus_string_init().
 *
 * @param str memory where the string is stored.
 */
void
_dbus_string_free (DBusString *str)
{
261 262
  DBusRealString *real = (DBusRealString*) str;
  DBUS_GENERIC_STRING_PREAMBLE (real);
263 264 265
  
  if (real->constant)
    return;
266 267 268 269 270 271 272 273

  /* so it's safe if @p str returned by a failed
   * _dbus_string_init call
   * Bug: https://bugs.freedesktop.org/show_bug.cgi?id=65959
   */
  if (real->str == NULL)
    return;

274
  dbus_free (real->str - real->align_offset);
275 276 277 278

  real->invalid = TRUE;
}

279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304
static dbus_bool_t
compact (DBusRealString *real,
         int             max_waste)
{
  unsigned char *new_str;
  int new_allocated;
  int waste;

  waste = real->allocated - (real->len + _DBUS_STRING_ALLOCATION_PADDING);

  if (waste <= max_waste)
    return TRUE;

  new_allocated = real->len + _DBUS_STRING_ALLOCATION_PADDING;

  new_str = dbus_realloc (real->str - real->align_offset, new_allocated);
  if (_DBUS_UNLIKELY (new_str == NULL))
    return FALSE;

  real->str = new_str + real->align_offset;
  real->allocated = new_allocated;
  fixup_alignment (real);

  return TRUE;
}

305
#ifdef DBUS_ENABLE_EMBEDDED_TESTS
306
/* Not using this feature at the moment,
307
 * so marked DBUS_ENABLE_EMBEDDED_TESTS-only
308
 */
309
/**
310 311 312 313 314
 * Locks a string such that any attempts to change the string will
 * result in aborting the program. Also, if the string is wasting a
 * lot of memory (allocation is sufficiently larger than what the
 * string is really using), _dbus_string_lock() will realloc the
 * string's data to "compact" it.
315 316 317 318 319 320 321 322 323 324 325 326 327
 *
 * @param str the string to lock.
 */
void
_dbus_string_lock (DBusString *str)
{  
  DBUS_LOCKED_STRING_PREAMBLE (str); /* can lock multiple times */

  real->locked = TRUE;

  /* Try to realloc to avoid excess memory usage, since
   * we know we won't change the string further
   */
328
#define MAX_WASTE 48
329
  compact (real, MAX_WASTE);
330
}
331
#endif /* DBUS_ENABLE_EMBEDDED_TESTS */
332

333
static dbus_bool_t
334 335
reallocate_for_length (DBusRealString *real,
                       int             new_length)
336
{
337
  int new_allocated;
338
  unsigned char *new_str;
339

340 341 342
  /* at least double our old allocation to avoid O(n), avoiding
   * overflow
   */
343 344
  if (real->allocated > (_DBUS_STRING_MAX_LENGTH + _DBUS_STRING_ALLOCATION_PADDING) / 2)
    new_allocated = _DBUS_STRING_MAX_LENGTH + _DBUS_STRING_ALLOCATION_PADDING;
345 346
  else
    new_allocated = real->allocated * 2;
347

348
  /* if you change the code just above here, run the tests without
349
   * the following assert-only hack before you commit
350
   */
351 352 353 354
  /* This is keyed off asserts in addition to tests so when you
   * disable asserts to profile, you don't get this destroyer
   * of profiles.
   */
355
#if defined (DBUS_ENABLE_EMBEDDED_TESTS) && !defined (DBUS_DISABLE_ASSERT)
356 357 358
  new_allocated = 0; /* ensure a realloc every time so that we go
                      * through all malloc failure codepaths
                      */
359
#endif
360

361
  /* But be sure we always alloc at least space for the new length */
362
  new_allocated = MAX (new_allocated,
363
                       new_length + _DBUS_STRING_ALLOCATION_PADDING);
364

365 366
  _dbus_assert (new_allocated >= real->allocated); /* code relies on this */
  new_str = dbus_realloc (real->str - real->align_offset, new_allocated);
367
  if (_DBUS_UNLIKELY (new_str == NULL))
368
    return FALSE;
369

370 371 372
  real->str = new_str + real->align_offset;
  real->allocated = new_allocated;
  fixup_alignment (real);
373 374 375 376

  return TRUE;
}

377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396
/**
 * Compacts the string to avoid wasted memory.  Wasted memory is
 * memory that is allocated but not actually required to store the
 * current length of the string.  The compact is only done if more
 * than the given amount of memory is being wasted (otherwise the
 * waste is ignored and the call does nothing).
 *
 * @param str the string
 * @param max_waste the maximum amount of waste to ignore
 * @returns #FALSE if the compact failed due to realloc failure
 */
dbus_bool_t
_dbus_string_compact (DBusString *str,
                      int         max_waste)
{
  DBUS_STRING_PREAMBLE (str);

  return compact (real, max_waste);
}

397 398 399 400 401 402 403
static dbus_bool_t
set_length (DBusRealString *real,
            int             new_length)
{
  /* Note, we are setting the length not including nul termination */

  /* exceeding max length is the same as failure to allocate memory */
404
  if (_DBUS_UNLIKELY (new_length > _DBUS_STRING_MAX_LENGTH))
405
    return FALSE;
406
  else if (new_length > (real->allocated - _DBUS_STRING_ALLOCATION_PADDING) &&
407
           _DBUS_UNLIKELY (!reallocate_for_length (real, new_length)))
408 409 410 411
    return FALSE;
  else
    {
      real->len = new_length;
412
      real->str[new_length] = '\0';
413 414 415 416
      return TRUE;
    }
}

417 418 419 420 421 422 423 424
static dbus_bool_t
open_gap (int             len,
          DBusRealString *dest,
          int             insert_at)
{
  if (len == 0)
    return TRUE;

425
  if (len > _DBUS_STRING_MAX_LENGTH - dest->len)
426 427
    return FALSE; /* detected overflow of dest->len + len below */
  
428 429 430 431 432 433 434 435 436 437
  if (!set_length (dest, dest->len + len))
    return FALSE;

  memmove (dest->str + insert_at + len, 
           dest->str + insert_at,
           dest->len - len - insert_at);

  return TRUE;
}

438
#ifndef _dbus_string_get_data
439 440 441 442 443 444 445 446 447
/**
 * Gets the raw character buffer from the string.  The returned buffer
 * will be nul-terminated, but note that strings may contain binary
 * data so there may be extra nul characters prior to the termination.
 * This function should be little-used, extend DBusString or add
 * stuff to dbus-sysdeps.c instead. It's an error to use this
 * function on a const string.
 *
 * @param str the string
448
 * @returns the data
449
 */
450 451
char*
_dbus_string_get_data (DBusString *str)
452 453 454
{
  DBUS_STRING_PREAMBLE (str);
  
455
  return (char*) real->str;
456
}
457
#endif /* _dbus_string_get_data */
458

459 460
/* only do the function if we don't have the macro */
#ifndef _dbus_string_get_const_data
461
/**
462 463
 * Gets the raw character buffer from a const string.
 *
464
 * @param str the string
465
 * @returns the string data
466
 */
467 468
const char*
_dbus_string_get_const_data (const DBusString  *str)
469 470 471
{
  DBUS_CONST_STRING_PREAMBLE (str);
  
472
  return (const char*) real->str;
473
}
474
#endif /* _dbus_string_get_const_data */
475 476 477 478 479 480 481 482 483 484 485 486

/**
 * Gets a sub-portion of the raw character buffer from the
 * string. The "len" field is required simply for error
 * checking, to be sure you don't try to use more
 * string than exists. The nul termination of the
 * returned buffer remains at the end of the entire
 * string, not at start + len.
 *
 * @param str the string
 * @param start byte offset to return
 * @param len length of segment to return
487
 * @returns the string data
488
 */
489
char*
490 491 492 493 494 495 496
_dbus_string_get_data_len (DBusString *str,
                           int         start,
                           int         len)
{
  DBUS_STRING_PREAMBLE (str);
  _dbus_assert (start >= 0);
  _dbus_assert (len >= 0);
497 498
  _dbus_assert (start <= real->len);
  _dbus_assert (len <= real->len - start);
499
  
500
  return (char*) real->str + start;
501 502
}

503 504
/* only do the function if we don't have the macro */
#ifndef _dbus_string_get_const_data_len
505 506 507 508 509 510
/**
 * const version of _dbus_string_get_data_len().
 *
 * @param str the string
 * @param start byte offset to return
 * @param len length of segment to return
511
 * @returns the string data
512
 */
513
const char*
514 515 516 517 518 519 520
_dbus_string_get_const_data_len (const DBusString  *str,
                                 int                start,
                                 int                len)
{
  DBUS_CONST_STRING_PREAMBLE (str);
  _dbus_assert (start >= 0);
  _dbus_assert (len >= 0);
521 522
  _dbus_assert (start <= real->len);
  _dbus_assert (len <= real->len - start);
523
  
524
  return (const char*) real->str + start;
525
}
526
#endif /* _dbus_string_get_const_data_len */
527

528 529
/* only do the function if we don't have the macro */
#ifndef _dbus_string_set_byte
530 531 532 533 534 535 536 537 538 539 540 541 542 543
/**
 * Sets the value of the byte at the given position.
 *
 * @param str the string
 * @param i the position
 * @param byte the new value
 */
void
_dbus_string_set_byte (DBusString    *str,
                       int            i,
                       unsigned char  byte)
{
  DBUS_STRING_PREAMBLE (str);
  _dbus_assert (i < real->len);
544 545
  _dbus_assert (i >= 0);
  
546 547
  real->str[i] = byte;
}
548
#endif /* _dbus_string_set_byte */
549

550 551
/* only have the function if we didn't create a macro */
#ifndef _dbus_string_get_byte
552
/**
553 554 555
 * Gets the byte at the given position. It is
 * allowed to ask for the nul byte at the end of
 * the string.
556 557 558 559 560
 *
 * @param str the string
 * @param start the position
 * @returns the byte at that position
 */
561
unsigned char
562 563 564 565
_dbus_string_get_byte (const DBusString  *str,
                       int                start)
{
  DBUS_CONST_STRING_PREAMBLE (str);
566
  _dbus_assert (start <= real->len);
567 568
  _dbus_assert (start >= 0);
  
569 570
  return real->str[start];
}
571
#endif /* _dbus_string_get_byte */
572

573
/**
574 575
 * Inserts a number of bytes of a given value at the
 * given position.
576 577 578
 *
 * @param str the string
 * @param i the position
579
 * @param n_bytes number of bytes
580 581 582 583
 * @param byte the value to insert
 * @returns #TRUE on success
 */
dbus_bool_t
584 585 586 587
_dbus_string_insert_bytes (DBusString   *str,
			   int           i,
			   int           n_bytes,
			   unsigned char byte)
588 589 590
{
  DBUS_STRING_PREAMBLE (str);
  _dbus_assert (i <= real->len);
591
  _dbus_assert (i >= 0);
592 593 594 595
  _dbus_assert (n_bytes >= 0);

  if (n_bytes == 0)
    return TRUE;
596
  
597
  if (!open_gap (n_bytes, real, i))
598 599
    return FALSE;
  
600
  memset (real->str + i, byte, n_bytes);
601 602 603 604

  return TRUE;
}

605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629
/**
 * Inserts a single byte at the given position.
 *
 * @param str the string
 * @param i the position
 * @param byte the value to insert
 * @returns #TRUE on success
 */
dbus_bool_t
_dbus_string_insert_byte (DBusString   *str,
			   int           i,
			   unsigned char byte)
{
  DBUS_STRING_PREAMBLE (str);
  _dbus_assert (i <= real->len);
  _dbus_assert (i >= 0);
  
  if (!open_gap (1, real, i))
    return FALSE;

  real->str[i] = byte;

  return TRUE;
}

630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645
/**
 * Like _dbus_string_get_data(), but removes the
 * gotten data from the original string. The caller
 * must free the data returned. This function may
 * fail due to lack of memory, and return #FALSE.
 *
 * @param str the string
 * @param data_return location to return the buffer
 * @returns #TRUE on success
 */
dbus_bool_t
_dbus_string_steal_data (DBusString        *str,
                         char             **data_return)
{
  DBUS_STRING_PREAMBLE (str);
  _dbus_assert (data_return != NULL);
646 647

  undo_alignment (real);
648
  
649
  *data_return = (char*) real->str;
650 651

  /* reset the string */
652
  if (!_dbus_string_init (str))
653 654
    {
      /* hrm, put it back then */
655
      real->str = (unsigned char*) *data_return;
656
      *data_return = NULL;
657
      fixup_alignment (real);
658 659 660 661 662 663
      return FALSE;
    }

  return TRUE;
}

664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 683 684 685 686
/**
 * Copies the data from the string into a char*
 *
 * @param str the string
 * @param data_return place to return the data
 * @returns #TRUE on success, #FALSE on no memory
 */
dbus_bool_t
_dbus_string_copy_data (const DBusString  *str,
                        char             **data_return)
{
  DBUS_CONST_STRING_PREAMBLE (str);
  _dbus_assert (data_return != NULL);
  
  *data_return = dbus_malloc (real->len + 1);
  if (*data_return == NULL)
    return FALSE;

  memcpy (*data_return, real->str, real->len + 1);

  return TRUE;
}

687
/**
688 689 690
 * Copies the contents of a DBusString into a different buffer. It is
 * a bug if avail_len is too short to hold the string contents. nul
 * termination is not copied, just the supplied bytes.
691 692 693 694 695 696 697 698 699 700 701 702 703
 * 
 * @param str a string
 * @param buffer a C buffer to copy data to
 * @param avail_len maximum length of C buffer
 */
void
_dbus_string_copy_to_buffer (const DBusString  *str,
			     char              *buffer,
			     int                avail_len)
{
  DBUS_CONST_STRING_PREAMBLE (str);

  _dbus_assert (avail_len >= 0);
704 705 706 707 708 709 710 711 712 713 714 715 716 717 718 719 720 721 722 723
  _dbus_assert (avail_len >= real->len);
  
  memcpy (buffer, real->str, real->len);
}

/**
 * Copies the contents of a DBusString into a different buffer. It is
 * a bug if avail_len is too short to hold the string contents plus a
 * nul byte. 
 * 
 * @param str a string
 * @param buffer a C buffer to copy data to
 * @param avail_len maximum length of C buffer
 */
void
_dbus_string_copy_to_buffer_with_nul (const DBusString  *str,
                                      char              *buffer,
                                      int                avail_len)
{
  DBUS_CONST_STRING_PREAMBLE (str);
724

725 726 727 728
  _dbus_assert (avail_len >= 0);
  _dbus_assert (avail_len > real->len);
  
  memcpy (buffer, real->str, real->len+1);
729 730
}

731 732
/* Only have the function if we don't have the macro */
#ifndef _dbus_string_get_length
733 734 735 736 737 738 739 740 741 742 743 744
/**
 * Gets the length of a string (not including nul termination).
 *
 * @returns the length.
 */
int
_dbus_string_get_length (const DBusString  *str)
{
  DBUS_CONST_STRING_PREAMBLE (str);
  
  return real->len;
}
745
#endif /* !_dbus_string_get_length */
746 747 748 749 750 751 752

/**
 * Makes a string longer by the given number of bytes.  Checks whether
 * adding additional_length to the current length would overflow an
 * integer, and checks for exceeding a string's max length.
 * The new bytes are not initialized, other than nul-terminating
 * the end of the string. The uninitialized bytes may contain
753
 * nul bytes or other junk.
754 755 756 757 758 759 760 761 762 763 764
 *
 * @param str a string
 * @param additional_length length to add to the string.
 * @returns #TRUE on success.
 */
dbus_bool_t
_dbus_string_lengthen (DBusString *str,
                       int         additional_length)
{
  DBUS_STRING_PREAMBLE (str);  
  _dbus_assert (additional_length >= 0);
765

766
  if (_DBUS_UNLIKELY (additional_length > _DBUS_STRING_MAX_LENGTH - real->len))
767
    return FALSE; /* would overflow */
768 769 770 771 772 773 774 775 776 777 778 779 780 781 782 783 784 785 786 787 788 789 790 791 792 793 794 795 796 797 798 799 800 801 802 803 804 805 806 807 808 809 810
  
  return set_length (real,
                     real->len + additional_length);
}

/**
 * Makes a string shorter by the given number of bytes.
 *
 * @param str a string
 * @param length_to_remove length to remove from the string.
 */
void
_dbus_string_shorten (DBusString *str,
                      int         length_to_remove)
{
  DBUS_STRING_PREAMBLE (str);
  _dbus_assert (length_to_remove >= 0);
  _dbus_assert (length_to_remove <= real->len);

  set_length (real,
              real->len - length_to_remove);
}

/**
 * Sets the length of a string. Can be used to truncate or lengthen
 * the string. If the string is lengthened, the function may fail and
 * return #FALSE. Newly-added bytes are not initialized, as with
 * _dbus_string_lengthen().
 *
 * @param str a string
 * @param length new length of the string.
 * @returns #FALSE on failure.
 */
dbus_bool_t
_dbus_string_set_length (DBusString *str,
                         int         length)
{
  DBUS_STRING_PREAMBLE (str);
  _dbus_assert (length >= 0);

  return set_length (real, length);
}

811
static dbus_bool_t
812 813 814 815
align_insert_point_then_open_gap (DBusString *str,
                                  int        *insert_at_p,
                                  int         alignment,
                                  int         gap_size)
816
{
817
  unsigned long new_len; /* ulong to avoid _DBUS_ALIGN_VALUE overflow */
818 819
  unsigned long gap_pos;
  int insert_at;
820 821 822
  int delta;
  DBUS_STRING_PREAMBLE (str);
  _dbus_assert (alignment >= 1);
823
  _dbus_assert (alignment <= 8); /* it has to be a bug if > 8 */
824

825 826 827 828 829 830 831
  insert_at = *insert_at_p;

  _dbus_assert (insert_at <= real->len);
  
  gap_pos = _DBUS_ALIGN_VALUE (insert_at, alignment);
  new_len = real->len + (gap_pos - insert_at) + gap_size;
  
832
  if (_DBUS_UNLIKELY (new_len > (unsigned long) _DBUS_STRING_MAX_LENGTH))
833 834
    return FALSE;
  
835 836 837
  delta = new_len - real->len;
  _dbus_assert (delta >= 0);

838 839 840 841 842
  if (delta == 0) /* only happens if gap_size == 0 and insert_at is aligned already */
    {
      _dbus_assert (((unsigned long) *insert_at_p) == gap_pos);
      return TRUE;
    }
843

844 845
  if (_DBUS_UNLIKELY (!open_gap (new_len - real->len,
                                 real, insert_at)))
846 847
    return FALSE;

848 849
  /* nul the padding if we had to add any padding */
  if (gap_size < delta)
850
    {
851 852
      memset (&real->str[insert_at], '\0',
              gap_pos - insert_at);
853
    }
854 855 856

  *insert_at_p = gap_pos;
  
857 858 859
  return TRUE;
}

860 861 862 863 864 865 866 867 868 869 870 871 872 873
static dbus_bool_t
align_length_then_lengthen (DBusString *str,
                            int         alignment,
                            int         then_lengthen_by)
{
  int insert_at;

  insert_at = _dbus_string_get_length (str);
  
  return align_insert_point_then_open_gap (str,
                                           &insert_at,
                                           alignment, then_lengthen_by);
}

874 875 876 877 878 879 880 881 882 883 884 885 886 887 888
/**
 * Align the length of a string to a specific alignment (typically 4 or 8)
 * by appending nul bytes to the string.
 *
 * @param str a string
 * @param alignment the alignment
 * @returns #FALSE if no memory
 */
dbus_bool_t
_dbus_string_align_length (DBusString *str,
                           int         alignment)
{
  return align_length_then_lengthen (str, alignment, 0);
}

889 890 891 892 893 894 895 896 897 898 899 900 901 902 903 904 905 906 907 908
/**
 * Preallocate extra_bytes such that a future lengthening of the
 * string by extra_bytes is guaranteed to succeed without an out of
 * memory error.
 *
 * @param str a string
 * @param extra_bytes bytes to alloc
 * @returns #FALSE if no memory
 */
dbus_bool_t
_dbus_string_alloc_space (DBusString        *str,
                          int                extra_bytes)
{
  if (!_dbus_string_lengthen (str, extra_bytes))
    return FALSE;
  _dbus_string_shorten (str, extra_bytes);

  return TRUE;
}

909 910 911 912 913 914 915 916 917 918 919 920 921 922 923 924 925 926 927 928 929 930 931 932 933 934 935 936 937
static dbus_bool_t
append (DBusRealString *real,
        const char     *buffer,
        int             buffer_len)
{
  if (buffer_len == 0)
    return TRUE;

  if (!_dbus_string_lengthen ((DBusString*)real, buffer_len))
    return FALSE;

  memcpy (real->str + (real->len - buffer_len),
          buffer,
          buffer_len);

  return TRUE;
}

/**
 * Appends a nul-terminated C-style string to a DBusString.
 *
 * @param str the DBusString
 * @param buffer the nul-terminated characters to append
 * @returns #FALSE if not enough memory.
 */
dbus_bool_t
_dbus_string_append (DBusString *str,
                     const char *buffer)
{
938
  unsigned long buffer_len;
939 940 941 942 943
  
  DBUS_STRING_PREAMBLE (str);
  _dbus_assert (buffer != NULL);
  
  buffer_len = strlen (buffer);
944
  if (buffer_len > (unsigned long) _DBUS_STRING_MAX_LENGTH)
945 946
    return FALSE;
  
947 948 949
  return append (real, buffer, buffer_len);
}

950 951 952
/** assign 2 bytes from one string to another */
#define ASSIGN_2_OCTETS(p, octets) \
  *((dbus_uint16_t*)(p)) = *((dbus_uint16_t*)(octets));
953

954
/** assign 4 bytes from one string to another */
955 956 957
#define ASSIGN_4_OCTETS(p, octets) \
  *((dbus_uint32_t*)(p)) = *((dbus_uint32_t*)(octets));

958
/** assign 8 bytes from one string to another */
959 960 961
#define ASSIGN_8_OCTETS(p, octets) \
  *((dbus_uint64_t*)(p)) = *((dbus_uint64_t*)(octets));

962 963 964 965 966 967 968 969 970 971 972 973
/**
 * Inserts 2 bytes aligned on a 2 byte boundary
 * with any alignment padding initialized to 0.
 *
 * @param str the DBusString
 * @param insert_at where to insert
 * @param octets 2 bytes to insert
 * @returns #FALSE if not enough memory.
 */
dbus_bool_t
_dbus_string_insert_2_aligned (DBusString         *str,
                               int                 insert_at,
Chengwei Yang's avatar
Chengwei Yang committed
974
                               const unsigned char octets[2])
975 976 977 978 979 980 981 982 983 984 985
{
  DBUS_STRING_PREAMBLE (str);
  
  if (!align_insert_point_then_open_gap (str, &insert_at, 2, 2))
    return FALSE;

  ASSIGN_2_OCTETS (real->str + insert_at, octets);

  return TRUE;
}

986 987 988 989 990
/**
 * Inserts 4 bytes aligned on a 4 byte boundary
 * with any alignment padding initialized to 0.
 *
 * @param str the DBusString
991
 * @param insert_at where to insert
992 993 994 995 996 997 998 999
 * @param octets 4 bytes to insert
 * @returns #FALSE if not enough memory.
 */
dbus_bool_t
_dbus_string_insert_4_aligned (DBusString         *str,
                               int                 insert_at,
                               const unsigned char octets[4])
{
1000 1001
  DBUS_STRING_PREAMBLE (str);
  
1002
  if (!align_insert_point_then_open_gap (str, &insert_at, 4, 4))
1003 1004
    return FALSE;

1005 1006 1007 1008 1009 1010 1011 1012 1013 1014
  ASSIGN_4_OCTETS (real->str + insert_at, octets);

  return TRUE;
}

/**
 * Inserts 8 bytes aligned on an 8 byte boundary
 * with any alignment padding initialized to 0.
 *
 * @param str the DBusString
1015
 * @param insert_at where to insert
1016 1017 1018 1019 1020 1021 1022 1023 1024
 * @param octets 8 bytes to insert
 * @returns #FALSE if not enough memory.
 */
dbus_bool_t
_dbus_string_insert_8_aligned (DBusString         *str,
                               int                 insert_at,
                               const unsigned char octets[8])
{
  DBUS_STRING_PREAMBLE (str);
1025
  
1026 1027 1028
  if (!align_insert_point_then_open_gap (str, &insert_at, 8, 8))
    return FALSE;

1029 1030
  _dbus_assert (_DBUS_ALIGN_VALUE (insert_at, 8) == (unsigned) insert_at);
  
1031
  ASSIGN_8_OCTETS (real->str + insert_at, octets);
1032 1033 1034 1035

  return TRUE;
}

1036 1037 1038 1039 1040 1041 1042 1043

/**
 * Inserts padding at *insert_at such to align it to the given
 * boundary. Initializes the padding to nul bytes. Sets *insert_at
 * to the aligned position.
 *
 * @param str the DBusString
 * @param insert_at location to be aligned
1044
 * @param alignment alignment boundary (1, 2, 4, or 8)
1045 1046 1047 1048 1049 1050 1051 1052 1053
 * @returns #FALSE if not enough memory.
 */
dbus_bool_t
_dbus_string_insert_alignment (DBusString        *str,
                               int               *insert_at,
                               int                alignment)
{
  DBUS_STRING_PREAMBLE (str);
  
1054
  if (!align_insert_point_then_open_gap (str, insert_at, alignment, 0))
1055 1056
    return FALSE;

1057
  _dbus_assert (_DBUS_ALIGN_VALUE (*insert_at, alignment) == (unsigned) *insert_at);
1058 1059 1060 1061

  return TRUE;
}

1062 1063 1064 1065 1066 1067 1068 1069 1070 1071 1072 1073 1074 1075
/**
 * Appends a printf-style formatted string
 * to the #DBusString.
 *
 * @param str the string
 * @param format printf format
 * @param args variable argument list
 * @returns #FALSE if no memory
 */
dbus_bool_t
_dbus_string_append_printf_valist  (DBusString        *str,
                                    const char        *format,
                                    va_list            args)
{
1076
  dbus_bool_t ret = FALSE;
1077
  int len;
1078
  va_list args_copy;
1079

1080
  DBUS_STRING_PREAMBLE (str);
1081 1082 1083

  DBUS_VA_COPY (args_copy, args);

1084
  /* Measure the message length without terminating nul */
John Palmieri's avatar
John Palmieri committed
1085
  len = _dbus_printf_string_upper_bound (format, args);
1086

1087
  if (len < 0)
1088
    goto out;
1089

1090
  if (!_dbus_string_lengthen (str, len))
1091
    {
1092
      goto out;
1093 1094
    }
  
1095
  vsprintf ((char*) (real->str + (real->len - len)),
1096
            format, args_copy);
1097
  ret = TRUE;
1098

1099
out:
1100
  va_end (args_copy);
1101

1102
  return ret;
1103 1104 1105 1106 1107 1108 1109 1110 1111 1112 1113 1114 1115 1116 1117 1118 1119 1120 1121 1122 1123 1124 1125 1126 1127
}

/**
 * Appends a printf-style formatted string
 * to the #DBusString.
 *
 * @param str the string
 * @param format printf format
 * @returns #FALSE if no memory
 */
dbus_bool_t
_dbus_string_append_printf (DBusString        *str,
                            const char        *format,
                            ...)
{
  va_list args;
  dbus_bool_t retval;
  
  va_start (args, format);
  retval = _dbus_string_append_printf_valist (str, format, args);
  va_end (args);

  return retval;
}

1128 1129 1130 1131 1132 1133 1134 1135 1136 1137 1138 1139 1140 1141 1142 1143 1144 1145 1146 1147 1148 1149 1150 1151 1152 1153 1154 1155 1156 1157 1158 1159 1160 1161 1162 1163 1164 1165 1166 1167 1168 1169 1170 1171 1172 1173 1174 1175 1176 1177 1178 1179 1180 1181 1182 1183 1184 1185 1186 1187 1188 1189 1190 1191 1192 1193 1194 1195 1196 1197 1198 1199
/**
 * Appends block of bytes with the given length to a DBusString.
 *
 * @param str the DBusString
 * @param buffer the bytes to append
 * @param len the number of bytes to append
 * @returns #FALSE if not enough memory.
 */
dbus_bool_t
_dbus_string_append_len (DBusString *str,
                         const char *buffer,
                         int         len)
{
  DBUS_STRING_PREAMBLE (str);
  _dbus_assert (buffer != NULL);
  _dbus_assert (len >= 0);

  return append (real, buffer, len);
}

/**
 * Appends a single byte to the string, returning #FALSE
 * if not enough memory.
 *
 * @param str the string
 * @param byte the byte to append