1 /*
2  * SPDX-License-Identifier: BSD-3-Clause
3  *
4  * Copyright © 2024, Synopsys Inc.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  *
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  *
13  * 2. Redistributions in binary form must reproduce the above
14  *    copyright notice, this list of conditions and the following
15  *    disclaimer in the documentation and/or other materials provided
16  *    with the distribution.
17  *
18  * 3. Neither the name of the copyright holder nor the names of its
19  *    contributors may be used to endorse or promote products derived
20  *    from this software without specific prior written permission.
21  *
22  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
23  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
24  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
25  * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
26  * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
27  * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
28  * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
29  * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
31  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
32  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
33  * OF THE POSSIBILITY OF SUCH DAMAGE.
34  */
35 #define __STDC_WANT_LIB_EXT1__ 1
36 #include <string.h>
37 #include <stdbool.h>
38 #include "string_private.h"
39 
40 __errno_t
strcat_s(char * restrict s1,rsize_t s1max,const char * restrict s2)41 strcat_s(char *restrict s1, rsize_t s1max, const char *restrict s2)
42 {
43     const char *msg = "";
44     size_t s1_len = 0;
45     bool write_null = true;
46 
47     if (s1 == NULL) {
48         msg = "strcat_s: dest is NULL";
49         write_null = false;
50         goto handle_error;
51     }
52 
53     if ((s1max == 0) || (CHECK_RSIZE(s1max))) {
54         msg = "strcat_s: dest buffer size is 0 or exceeds RSIZE_MAX";
55         write_null = false;
56         goto handle_error;
57     }
58 
59     if (s2 == NULL) {
60         msg = "strcat_s: source is NULL";
61         goto handle_error;
62     }
63 
64     /* It is a constraint violation if s1max is not large enough to contain
65      * the concatenation s2: no truncation permitted.
66      * It is also a constraint violation if the string pointed to by s2
67      * overlaps s1 in any way.
68      * The C11 Rationale says we are permitted to proceed with the copy and
69      * detect dest buffer overrun and overlapping memory blocks as a byproduct
70      * of performing the copy operation.  This is to avoid calling strlen on
71      * s2 to detect these violations prior to attempting the copy.
72      */
73     // compute chars available in s1
74     s1_len = strnlen_s(s1, s1max);
75     if (s1_len == s1max) {
76         msg = "strcat_s: string 1 length exceeds buffer size";
77         goto handle_error;
78     }
79 
80     const char *overlap_point;
81     bool check_s1_for_overlap;
82     unsigned m = s1max - s1_len;
83     char *s1cp = s1 + s1_len;
84     const char *s2cp = s2;
85 
86     if (s1 <= s2) {
87         // if we ever reach s2 when storing to s1 we have overlap
88         overlap_point = s2;
89         check_s1_for_overlap = true;
90         // make sure source does not lie within initial dest string.
91         if (s2 <= s1cp) {
92             msg = "strcat_s: overlapping copy";
93             goto handle_error;
94         }
95     } else {
96         // if we ever reach s1 when reading from s2 we have overlap
97         overlap_point = s1;
98         check_s1_for_overlap = false;
99         // issue with checking initial dest string does not apply in this
100         // case, overlap will be detected only by hitting overlap_point.
101     }
102 
103     unsigned written = 0;
104     char c = '.';
105     while (written < m) {
106         if (check_s1_for_overlap) {
107             if (s1cp == overlap_point) {
108                 msg = "strcat_s: overlapping copy";
109                 goto handle_error;
110             }
111         } else if (s2cp == overlap_point) {
112             msg = "strcat_s: overlapping copy";
113             goto handle_error;
114         }
115 
116         c = *s2cp++;
117         *s1cp++ = c;
118         written++;
119         if (c == '\0') {
120             break;
121         }
122     }
123 
124     if (c != '\0') {
125         msg = "strcat_s: dest buffer size insufficent to append string";
126         goto handle_error;
127     }
128 
129     // Normal return path
130     return 0;
131 
132 handle_error:
133     if (write_null && s1 != NULL) {
134         *s1 = '\0';
135     }
136 
137     if (__cur_handler != NULL) {
138         __cur_handler(msg, NULL, -1);
139     }
140 
141     return -1;
142 }
143