1ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch// Protocol Buffers - Google's data interchange format 2ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch// Copyright 2012 Google Inc. All rights reserved. 3ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch// http://code.google.com/p/protobuf/ 4ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch// 5ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch// Redistribution and use in source and binary forms, with or without 6ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch// modification, are permitted provided that the following conditions are 7ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch// met: 8ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch// 9ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch// * Redistributions of source code must retain the above copyright 10ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch// notice, this list of conditions and the following disclaimer. 11ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch// * Redistributions in binary form must reproduce the above 12ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch// copyright notice, this list of conditions and the following disclaimer 13ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch// in the documentation and/or other materials provided with the 14ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch// distribution. 15ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch// * Neither the name of Google Inc. nor the names of its 16ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch// contributors may be used to endorse or promote products derived from 17ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch// this software without specific prior written permission. 18ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch// 19ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 20ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 21ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 22ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 23ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 24ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 25ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 26ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 27ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 28ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 29ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 30ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch 31ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch// from google3/base/stringprintf.cc 32ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch 33ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch#include <google/protobuf/stubs/stringprintf.h> 34ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch 35ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch#include <errno.h> 36ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch#include <stdarg.h> // For va_list and related operations 37ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch#include <stdio.h> // MSVC requires this for _vsnprintf 38ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch#include <vector> 39ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch#include <google/protobuf/stubs/common.h> 40ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch#include <google/protobuf/testing/googletest.h> 41ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch 42ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdochnamespace google { 43ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdochnamespace protobuf { 44ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch 45ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch#ifdef _MSC_VER 46ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdochenum { IS_COMPILER_MSVC = 1 }; 47ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch#ifndef va_copy 48ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch// Define va_copy for MSVC. This is a hack, assuming va_list is simply a 49ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch// pointer into the stack and is safe to copy. 50ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch#define va_copy(dest, src) ((dest) = (src)) 51ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch#endif 52ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch#else 53ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdochenum { IS_COMPILER_MSVC = 0 }; 54ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch#endif 55ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch 56ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdochvoid StringAppendV(string* dst, const char* format, va_list ap) { 57ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch // First try with a small fixed size buffer 58ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch static const int kSpaceLength = 1024; 59ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch char space[kSpaceLength]; 60ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch 61ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch // It's possible for methods that use a va_list to invalidate 62ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch // the data in it upon use. The fix is to make a copy 63ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch // of the structure before using it and use that copy instead. 64ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch va_list backup_ap; 65ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch va_copy(backup_ap, ap); 66ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch int result = vsnprintf(space, kSpaceLength, format, backup_ap); 67ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch va_end(backup_ap); 68ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch 69ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch if (result < kSpaceLength) { 70ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch if (result >= 0) { 71ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch // Normal case -- everything fit. 72ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch dst->append(space, result); 73ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch return; 74ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch } 75ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch 76ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch if (IS_COMPILER_MSVC) { 77ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch // Error or MSVC running out of space. MSVC 8.0 and higher 78ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch // can be asked about space needed with the special idiom below: 79ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch va_copy(backup_ap, ap); 80ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch result = vsnprintf(NULL, 0, format, backup_ap); 81ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch va_end(backup_ap); 82ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch } 83ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch 84ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch if (result < 0) { 85ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch // Just an error. 86ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch return; 87ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch } 88ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch } 89ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch 90ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch // Increase the buffer size to the size requested by vsnprintf, 91ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch // plus one for the closing \0. 92ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch int length = result+1; 93ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch char* buf = new char[length]; 94ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch 95ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch // Restore the va_list before we use it again 96ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch va_copy(backup_ap, ap); 97ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch result = vsnprintf(buf, length, format, backup_ap); 98ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch va_end(backup_ap); 99ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch 100ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch if (result >= 0 && result < length) { 101ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch // It fit 102ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch dst->append(buf, result); 103ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch } 104ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch delete[] buf; 105ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch} 106ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch 107ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch 108ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdochstring StringPrintf(const char* format, ...) { 109ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch va_list ap; 110ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch va_start(ap, format); 111ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch string result; 112ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch StringAppendV(&result, format, ap); 113ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch va_end(ap); 114ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch return result; 115ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch} 116ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch 117ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdochconst string& SStringPrintf(string* dst, const char* format, ...) { 118ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch va_list ap; 119ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch va_start(ap, format); 120ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch dst->clear(); 121ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch StringAppendV(dst, format, ap); 122ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch va_end(ap); 123ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch return *dst; 124ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch} 125ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch 126ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdochvoid StringAppendF(string* dst, const char* format, ...) { 127ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch va_list ap; 128ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch va_start(ap, format); 129ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch StringAppendV(dst, format, ap); 130ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch va_end(ap); 131ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch} 132ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch 133ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch// Max arguments supported by StringPrintVector 134ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdochconst int kStringPrintfVectorMaxArgs = 32; 135ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch 136ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch// An empty block of zero for filler arguments. This is const so that if 137ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch// printf tries to write to it (via %n) then the program gets a SIGSEGV 138ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch// and we can fix the problem or protect against an attack. 139ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdochstatic const char string_printf_empty_block[256] = { '\0' }; 140ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch 141ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdochstring StringPrintfVector(const char* format, const vector<string>& v) { 142ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch GOOGLE_CHECK_LE(v.size(), kStringPrintfVectorMaxArgs) 143ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch << "StringPrintfVector currently only supports up to " 144ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch << kStringPrintfVectorMaxArgs << " arguments. " 145ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch << "Feel free to add support for more if you need it."; 146ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch 147ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch // Add filler arguments so that bogus format+args have a harder time 148ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch // crashing the program, corrupting the program (%n), 149ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch // or displaying random chunks of memory to users. 150ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch 151ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch const char* cstr[kStringPrintfVectorMaxArgs]; 152ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch for (int i = 0; i < v.size(); ++i) { 153ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch cstr[i] = v[i].c_str(); 154ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch } 155ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch for (int i = v.size(); i < GOOGLE_ARRAYSIZE(cstr); ++i) { 156ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch cstr[i] = &string_printf_empty_block[0]; 157ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch } 158ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch 159ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch // I do not know any way to pass kStringPrintfVectorMaxArgs arguments, 160ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch // or any way to build a va_list by hand, or any API for printf 161ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch // that accepts an array of arguments. The best I can do is stick 162ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch // this COMPILE_ASSERT right next to the actual statement. 163ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch 164ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch GOOGLE_COMPILE_ASSERT(kStringPrintfVectorMaxArgs == 32, arg_count_mismatch); 165ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch return StringPrintf(format, 166ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch cstr[0], cstr[1], cstr[2], cstr[3], cstr[4], 167ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch cstr[5], cstr[6], cstr[7], cstr[8], cstr[9], 168ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch cstr[10], cstr[11], cstr[12], cstr[13], cstr[14], 169ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch cstr[15], cstr[16], cstr[17], cstr[18], cstr[19], 170ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch cstr[20], cstr[21], cstr[22], cstr[23], cstr[24], 171ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch cstr[25], cstr[26], cstr[27], cstr[28], cstr[29], 172ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch cstr[30], cstr[31]); 173ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch} 174ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch} // namespace protobuf 175ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch} // namespace google 176