1 /*
2  * SPDX-License-Identifier: BSD-3-Clause
3  *
4  * Copyright © 2024, Synopsys Inc.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  *
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  *
13  * 2. Redistributions in binary form must reproduce the above
14  *    copyright notice, this list of conditions and the following
15  *    disclaimer in the documentation and/or other materials provided
16  *    with the distribution.
17  *
18  * 3. Neither the name of the copyright holder nor the names of its
19  *    contributors may be used to endorse or promote products derived
20  *    from this software without specific prior written permission.
21  *
22  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
23  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
24  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
25  * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
26  * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
27  * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
28  * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
29  * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
31  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
32  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
33  * OF THE POSSIBILITY OF SUCH DAMAGE.
34  */
35 #define __STDC_WANT_LIB_EXT1__ 1
36 #include <string.h>
37 #include <stdbool.h>
38 #include "string_private.h"
39 
40 __errno_t
strncpy_s(char * restrict s1,rsize_t s1max,const char * restrict s2,rsize_t n)41 strncpy_s(char *restrict s1, rsize_t s1max, const char *restrict s2, rsize_t n)
42 {
43     const char *msg = "";
44     bool write_null = true;
45 
46     if (s1 == NULL) {
47         msg = "strncpy_s: dest is NULL";
48         write_null = false;
49         goto handle_error;
50     } else if ((s1max == 0u) || (CHECK_RSIZE(s1max))) {
51         msg = "strncpy_s: dest buffer size is 0 or exceeds RSIZE_MAX";
52         write_null = false;
53         goto handle_error;
54     }
55 
56     else if (s2 == NULL) {
57         msg = "strncpy_s: source is NULL";
58         goto handle_error;
59     } else if (CHECK_RSIZE(n)) {
60         msg = "strncpy_s: copy count exceeds RSIZE_MAX";
61         goto handle_error;
62     }
63 
64     /* It is a constraint violation if s1max is not large enough to contain
65      * a copy of s2 (with n as upper bound on chars copied).
66      * It is also a constraint violation if the string pointed to by s2
67      * overlaps s1 in any way.
68      * The C11 Rationale says we are permitted to proceed with the copy and
69      * detect dest buffer overrun and overlapping memory blocks as a byproduct
70      * of performing the copy operation.  This is to avoid calling strlen on
71      * s2 to detect these violations prior to attempting the copy.
72      */
73 
74     else {
75         const char *overlap_point;
76         bool check_s1_for_overlap;
77         char *s1cp = s1;
78         const char *s2cp = s2;
79 
80         if (s1 < s2) {
81             // if we ever reach s2 when storing to s1 we have overlap
82             overlap_point = s2;
83             check_s1_for_overlap = true;
84         } else {
85             // if we ever reach s1 when reading from s2 we have overlap
86             overlap_point = s1;
87             check_s1_for_overlap = false;
88         }
89 
90         uint32_t written = 0;
91         char c = '.';
92 
93         while ((written < s1max) && (written < n)) {
94             if (check_s1_for_overlap == true) {
95                 if (s1cp == overlap_point) {
96                     msg = "strncpy_s: overlapping copy";
97                     goto handle_error;
98                 }
99             } else if (s2cp == overlap_point) {
100                 msg = "strncpy_s: overlapping copy";
101                 goto handle_error;
102             } else {
103                 /* Normal case*/
104             }
105 
106             c = *s2cp;
107             s2cp++;
108             *s1cp = c;
109             s1cp++;
110             written++;
111 
112             if (c == '\0') {
113                 break;
114             }
115         }
116 
117         if ((c != '\0') && (written == n) && (written < s1max)) {
118             // we copied n chars from s2 and there is room for null char in s1
119             if ((check_s1_for_overlap == true) && (s1cp == overlap_point)) {
120                 msg = "strncpy_s: overlapping copy";
121                 goto handle_error;
122             } else {
123                 c = '\0';
124                 *s1cp = '\0';
125             }
126         }
127 
128         if (c != '\0') {
129             msg = "strncpy_s: dest buffer size insufficent to copy string";
130             goto handle_error;
131         }
132     }
133 
134     // Normal return path
135     return 0;
136 
137 handle_error:
138     if (write_null && s1 != NULL) {
139         *s1 = '\0';
140     }
141 
142     if (__cur_handler != NULL) {
143         __cur_handler(msg, NULL, -1);
144     }
145 
146     return -1;
147 }
148