1 /*
2 * SPDX-License-Identifier: BSD-3-Clause
3 *
4 * Copyright © 2024, Synopsys Inc.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above
14 * copyright notice, this list of conditions and the following
15 * disclaimer in the documentation and/or other materials provided
16 * with the distribution.
17 *
18 * 3. Neither the name of the copyright holder nor the names of its
19 * contributors may be used to endorse or promote products derived
20 * from this software without specific prior written permission.
21 *
22 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
23 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
24 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
25 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
26 * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
27 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
28 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
29 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
31 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
32 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
33 * OF THE POSSIBILITY OF SUCH DAMAGE.
34 */
35 #define __STDC_WANT_LIB_EXT1__ 1
36 #include <string.h>
37 #include <stdbool.h>
38 #include "string_private.h"
39
40 __errno_t
strncat_s(char * restrict s1,rsize_t s1max,const char * restrict s2,rsize_t n)41 strncat_s(char *restrict s1, rsize_t s1max, const char *restrict s2, rsize_t n)
42 {
43 const char *msg = "";
44 size_t s1_len = 0;
45 bool write_null = true;
46
47 s1_len = strnlen_s(s1, s1max);
48
49 if (s1 == NULL) {
50 msg = "strncat_s: dest is NULL";
51 write_null = false;
52 goto handle_error;
53 } else if ((s1max == 0u) || (CHECK_RSIZE(s1max))) {
54 msg = "strncat_s: dest buffer size is 0 or exceeds RSIZE_MAX";
55 write_null = false;
56 goto handle_error;
57 } else if (s2 == NULL) {
58 msg = "strncat_s: source is NULL";
59 goto handle_error;
60 } else if (CHECK_RSIZE(n)) {
61 msg = "strncat_s: copy count exceeds RSIZE_MAX";
62 goto handle_error;
63 }
64
65 /* It is a constraint violation if s1max is not large enough to contain
66 * the concatenation of s2.
67 * It is also a constraint violation if the string pointed to by s2
68 * overlaps s1 in any way.
69 * The C11 Rationale says we are permitted to proceed with the copy and
70 * detect dest buffer overrun and overlapping memory blocks as a byproduct
71 * of performing the copy operation. This is to avoid calling strlen on
72 * s2 to detect these violations prior to attempting the copy.
73 */
74 // compute chars available in s1
75
76 else if (s1_len == s1max) {
77 msg = "strncat_s: string 1 length exceeds buffer size";
78 goto handle_error;
79 } else {
80 // compute chars available in s1
81 uint32_t m = (s1max - s1_len);
82 uint32_t i = 0;
83 char *s1cp = s1;
84
85 for (i = 0u; i < s1_len; i++) {
86 s1cp++;
87 }
88
89 // Question; at this point should we just return
90 // strncpy_s(s1cp, m, s2, n) ?
91 // perhaps not since overlap check needs to be over entire s1 vs. s2?
92
93 const char *overlap_point;
94 bool check_s1_for_overlap;
95 const char *s2cp = s2;
96
97 if (s1 <= s2) {
98 // if we ever reach s2 when storing to s1 we have overlap
99 overlap_point = s2;
100 check_s1_for_overlap = true;
101 // make sure source does not lie within initial dest string.
102 if (s2 <= s1cp) {
103 msg = "strncat_s: overlapping copy";
104 goto handle_error;
105 }
106 } else {
107 // if we ever reach s1 when reading from s2 we have overlap
108 overlap_point = s1;
109 check_s1_for_overlap = false;
110 }
111
112 uint32_t written = 0;
113 char c = '.';
114
115 while ((written < m) && (written < n)) {
116 if (check_s1_for_overlap == true) {
117 if (s1cp == overlap_point) {
118 msg = "strncat_s: overlapping copy";
119 goto handle_error;
120 }
121 } else if (s2cp == overlap_point) {
122 msg = "strncat_s: overlapping copy";
123 goto handle_error;
124 } else {
125 /* Normal case*/
126 }
127
128 c = *s2cp;
129 s2cp++;
130 *s1cp = c;
131 s1cp++;
132 written++;
133
134 if (c == '\0') {
135 break;
136 }
137 }
138
139 if ((c != '\0') && (written == n) && (written < m)) {
140 // we copied n chars from s2 and there is room for null char in s1
141 if ((check_s1_for_overlap == true) && (s1cp == overlap_point)) {
142 msg = "strncat_s: overlapping copy";
143 goto handle_error;
144 } else {
145 c = '\0';
146 *s1cp = '\0';
147 }
148 }
149
150 if (c != '\0') {
151 msg = "strncat_s: dest buffer size insufficent to copy string";
152 goto handle_error;
153 }
154 }
155
156 // Normal return path
157 return 0;
158
159 handle_error:
160 if (write_null && s1 != NULL) {
161 *s1 = '\0';
162 }
163
164 if (__cur_handler != NULL) {
165 __cur_handler(msg, NULL, -1);
166 }
167
168 return -1;
169 }
170
