1 /*
2 * SPDX-License-Identifier: BSD-3-Clause
3 *
4 * Copyright © 2024, Synopsys Inc.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above
14 * copyright notice, this list of conditions and the following
15 * disclaimer in the documentation and/or other materials provided
16 * with the distribution.
17 *
18 * 3. Neither the name of the copyright holder nor the names of its
19 * contributors may be used to endorse or promote products derived
20 * from this software without specific prior written permission.
21 *
22 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
23 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
24 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
25 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
26 * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
27 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
28 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
29 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
31 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
32 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
33 * OF THE POSSIBILITY OF SUCH DAMAGE.
34 */
35 #define __STDC_WANT_LIB_EXT1__ 1
36 #include <string.h>
37 #include <stdbool.h>
38 #include "string_private.h"
39
40 __errno_t
strcpy_s(char * restrict s1,rsize_t s1max,const char * restrict s2)41 strcpy_s(char *restrict s1, rsize_t s1max, const char *restrict s2)
42 {
43 const char *msg = "";
44 bool write_null = true;
45
46 if (s1 == NULL) {
47 msg = "strcpy_s: dest is NULL";
48 write_null = false;
49 goto handle_error;
50 }
51
52 if ((s1max == 0) || (CHECK_RSIZE(s1max))) {
53 msg = "strcpy_s: dest buffer size is 0 or exceeds RSIZE_MAX";
54 write_null = false;
55 goto handle_error;
56 }
57
58 if (s2 == NULL) {
59 msg = "strcpy_s: source is NULL";
60 goto handle_error;
61 }
62
63 /* It is a constraint violation if s1max is not large enough to contain
64 * s2: no truncation permitted.
65 * It is also a constraint violation if the string pointed to by s2
66 * overlaps s1 in any way.
67 * The C11 Rationale says we are permitted to proceed with the copy and
68 * detect dest buffer overrun and overlapping memory blocks as a byproduct
69 * of performing the copy operation. This is to avoid calling strlen on
70 * s2 to detect these violations prior to attempting the copy.
71 */
72 const char *overlap_point;
73 bool check_s1_for_overlap;
74 char *s1cp = s1;
75 const char *s2cp = s2;
76 if (s1 < s2) {
77 // if we ever reach s2 when storing to s1 we have overlap
78 overlap_point = s2;
79 check_s1_for_overlap = true;
80 } else {
81 // if we ever reach s1 when reading from s2 we have overlap
82 overlap_point = s1;
83 check_s1_for_overlap = false;
84 }
85
86 unsigned written = 0;
87 char c = '.';
88 while (written < s1max) {
89 if (check_s1_for_overlap) {
90 if (s1cp == overlap_point) {
91 msg = "strcpy_s: overlapping copy";
92 goto handle_error;
93 }
94 } else if (s2cp == overlap_point) {
95 msg = "strcpy_s: overlapping copy";
96 goto handle_error;
97 }
98
99 c = *s2cp++;
100 *s1cp++ = c;
101 written++;
102 if (c == '\0') {
103 break;
104 }
105 }
106
107 if (c != '\0') {
108 msg = "strcpy_s: dest buffer size insufficent to copy string";
109 goto handle_error;
110 }
111
112 // Normal return path
113 return 0;
114
115 handle_error:
116 if (write_null && s1 != NULL) {
117 *s1 = '\0';
118 }
119
120 if (__cur_handler != NULL) {
121 __cur_handler(msg, NULL, -1);
122 }
123
124 return -1;
125 }
126
