1c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott// Copyright (c) 2006-2009 The Chromium Authors. All rights reserved. 2c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott// Use of this source code is governed by a BSD-style license that can be 3c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott// found in the LICENSE file. 4c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 54a5e2dc747d50c653511c68ccb2cfbfb740bd5a7Ben Murdoch#include "build/build_config.h" 6c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott#include "base/safe_strerror_posix.h" 7c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 8c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott#include <errno.h> 9c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott#include <stdio.h> 10c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott#include <string.h> 11c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 124a5e2dc747d50c653511c68ccb2cfbfb740bd5a7Ben Murdoch#define USE_HISTORICAL_STRERRO_R (defined(__GLIBC__) || defined(OS_NACL)) 134a5e2dc747d50c653511c68ccb2cfbfb740bd5a7Ben Murdoch 144a5e2dc747d50c653511c68ccb2cfbfb740bd5a7Ben Murdoch#if USE_HISTORICAL_STRERRO_R && defined(__GNUC__) 15c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott// GCC will complain about the unused second wrap function unless we tell it 16c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott// that we meant for them to be potentially unused, which is exactly what this 17c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott// attribute is for. 18c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott#define POSSIBLY_UNUSED __attribute__((unused)) 19c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott#else 20c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott#define POSSIBLY_UNUSED 21c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott#endif 22c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 234a5e2dc747d50c653511c68ccb2cfbfb740bd5a7Ben Murdoch#if USE_HISTORICAL_STRERRO_R 24c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott// glibc has two strerror_r functions: a historical GNU-specific one that 25c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott// returns type char *, and a POSIX.1-2001 compliant one available since 2.3.4 26c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott// that returns int. This wraps the GNU-specific one. 27c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scottstatic void POSSIBLY_UNUSED wrap_posix_strerror_r( 28c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott char *(*strerror_r_ptr)(int, char *, size_t), 29c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott int err, 30c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott char *buf, 31c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott size_t len) { 32c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // GNU version. 33c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott char *rc = (*strerror_r_ptr)(err, buf, len); 34c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott if (rc != buf) { 35c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // glibc did not use buf and returned a static string instead. Copy it 36c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // into buf. 37c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott buf[0] = '\0'; 38c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott strncat(buf, rc, len - 1); 39c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott } 40c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // The GNU version never fails. Unknown errors get an "unknown error" message. 41c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // The result is always null terminated. 42c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott} 434a5e2dc747d50c653511c68ccb2cfbfb740bd5a7Ben Murdoch#endif // USE_HISTORICAL_STRERRO_R 44c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 45c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott// Wrapper for strerror_r functions that implement the POSIX interface. POSIX 46c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott// does not define the behaviour for some of the edge cases, so we wrap it to 47c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott// guarantee that they are handled. This is compiled on all POSIX platforms, but 48c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott// it will only be used on Linux if the POSIX strerror_r implementation is 49c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott// being used (see below). 50c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scottstatic void POSSIBLY_UNUSED wrap_posix_strerror_r( 51c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott int (*strerror_r_ptr)(int, char *, size_t), 52c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott int err, 53c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott char *buf, 54c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott size_t len) { 55c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott int old_errno = errno; 56c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // Have to cast since otherwise we get an error if this is the GNU version 57c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // (but in such a scenario this function is never called). Sadly we can't use 58c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // C++-style casts because the appropriate one is reinterpret_cast but it's 59c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // considered illegal to reinterpret_cast a type to itself, so we get an 60c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // error in the opposite case. 61c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott int result = (*strerror_r_ptr)(err, buf, len); 62c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott if (result == 0) { 63c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // POSIX is vague about whether the string will be terminated, although 64c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // it indirectly implies that typically ERANGE will be returned, instead 65c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // of truncating the string. We play it safe by always terminating the 66c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // string explicitly. 67c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott buf[len - 1] = '\0'; 68c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott } else { 69c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // Error. POSIX is vague about whether the return value is itself a system 70c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // error code or something else. On Linux currently it is -1 and errno is 71c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // set. On BSD-derived systems it is a system error and errno is unchanged. 72c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // We try and detect which case it is so as to put as much useful info as 73c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // we can into our message. 74c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott int strerror_error; // The error encountered in strerror 75c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott int new_errno = errno; 76c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott if (new_errno != old_errno) { 77c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // errno was changed, so probably the return value is just -1 or something 78c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // else that doesn't provide any info, and errno is the error. 79c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott strerror_error = new_errno; 80c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott } else { 81c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // Either the error from strerror_r was the same as the previous value, or 82c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // errno wasn't used. Assume the latter. 83c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott strerror_error = result; 84c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott } 85c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // snprintf truncates and always null-terminates. 86c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott snprintf(buf, 87c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott len, 88c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott "Error %d while retrieving error %d", 89c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott strerror_error, 90c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott err); 91c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott } 92c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott errno = old_errno; 93c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott} 94c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 95c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scottvoid safe_strerror_r(int err, char *buf, size_t len) { 96c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott if (buf == NULL || len <= 0) { 97c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott return; 98c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott } 99c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // If using glibc (i.e., Linux), the compiler will automatically select the 100c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // appropriate overloaded function based on the function type of strerror_r. 101c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // The other one will be elided from the translation unit since both are 102c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // static. 103c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott wrap_posix_strerror_r(&strerror_r, err, buf, len); 104c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott} 105c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 106c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scottstd::string safe_strerror(int err) { 107c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott const int buffer_size = 256; 108c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott char buf[buffer_size]; 109c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott safe_strerror_r(err, buf, sizeof(buf)); 110c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott return std::string(buf); 111c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott} 112