1 #include "stdio_impl.h"
2 #include <errno.h>
3 #include <ctype.h>
4 #include <limits.h>
5 #include <string.h>
6 #include <stdarg.h>
7 #include <stddef.h>
8 #include <stdlib.h>
9 #include <wchar.h>
10 #include <inttypes.h>
11
12 /* Convenient bit representation for modifier flags, which all fall
13 * within 31 codepoints of the space character. */
14
15 #define ALT_FORM (1U<<'#'-' ')
16 #define ZERO_PAD (1U<<'0'-' ')
17 #define LEFT_ADJ (1U<<'-'-' ')
18 #define PAD_POS (1U<<' '-' ')
19 #define MARK_POS (1U<<'+'-' ')
20 #define GROUPED (1U<<'\''-' ')
21
22 #define FLAGMASK (ALT_FORM|ZERO_PAD|LEFT_ADJ|PAD_POS|MARK_POS|GROUPED)
23
24 /* State machine to accept length modifiers + conversion specifiers.
25 * Result is 0 on failure, or an argument type to pop on success. */
26
27 enum {
28 BARE, LPRE, LLPRE, HPRE, HHPRE, BIGLPRE,
29 ZTPRE, JPRE,
30 STOP,
31 PTR, INT, UINT, ULLONG,
32 LONG, ULONG,
33 SHORT, USHORT, CHAR, UCHAR,
34 LLONG, SIZET, IMAX, UMAX, PDIFF, UIPTR,
35 DBL, LDBL,
36 NOARG,
37 MAXSTATE
38 };
39
40 #define S(x) [(x)-'A']
41
42 static const unsigned char states[]['z'-'A'+1] = {
43 { /* 0: bare types */
44 S('d') = INT, S('i') = INT,
45 S('o') = UINT, S('u') = UINT, S('x') = UINT, S('X') = UINT,
46 S('e') = DBL, S('f') = DBL, S('g') = DBL, S('a') = DBL,
47 S('E') = DBL, S('F') = DBL, S('G') = DBL, S('A') = DBL,
48 S('c') = CHAR, S('C') = INT,
49 S('s') = PTR, S('S') = PTR, S('p') = UIPTR, S('n') = PTR,
50 S('m') = NOARG,
51 S('l') = LPRE, S('h') = HPRE, S('L') = BIGLPRE,
52 S('z') = ZTPRE, S('j') = JPRE, S('t') = ZTPRE,
53 }, { /* 1: l-prefixed */
54 S('d') = LONG, S('i') = LONG,
55 S('o') = ULONG, S('u') = ULONG, S('x') = ULONG, S('X') = ULONG,
56 S('c') = INT, S('s') = PTR, S('n') = PTR,
57 S('l') = LLPRE,
58 }, { /* 2: ll-prefixed */
59 S('d') = LLONG, S('i') = LLONG,
60 S('o') = ULLONG, S('u') = ULLONG,
61 S('x') = ULLONG, S('X') = ULLONG,
62 S('n') = PTR,
63 }, { /* 3: h-prefixed */
64 S('d') = SHORT, S('i') = SHORT,
65 S('o') = USHORT, S('u') = USHORT,
66 S('x') = USHORT, S('X') = USHORT,
67 S('n') = PTR,
68 S('h') = HHPRE,
69 }, { /* 4: hh-prefixed */
70 S('d') = CHAR, S('i') = CHAR,
71 S('o') = UCHAR, S('u') = UCHAR,
72 S('x') = UCHAR, S('X') = UCHAR,
73 S('n') = PTR,
74 }, { /* 5: L-prefixed */
75 S('e') = LDBL, S('f') = LDBL, S('g') = LDBL, S('a') = LDBL,
76 S('E') = LDBL, S('F') = LDBL, S('G') = LDBL, S('A') = LDBL,
77 S('n') = PTR,
78 }, { /* 6: z- or t-prefixed (assumed to be same size) */
79 S('d') = PDIFF, S('i') = PDIFF,
80 S('o') = SIZET, S('u') = SIZET,
81 S('x') = SIZET, S('X') = SIZET,
82 S('n') = PTR,
83 }, { /* 7: j-prefixed */
84 S('d') = IMAX, S('i') = IMAX,
85 S('o') = UMAX, S('u') = UMAX,
86 S('x') = UMAX, S('X') = UMAX,
87 S('n') = PTR,
88 }
89 };
90
91 #define OOB(x) ((unsigned)(x)-'A' > 'z'-'A')
92
93 union arg
94 {
95 uintmax_t i;
96 long double f;
97 void *p;
98 };
99
pop_arg(union arg * arg,int type,va_list * ap)100 static void pop_arg(union arg *arg, int type, va_list *ap)
101 {
102 switch (type) {
103 case PTR: arg->p = va_arg(*ap, void *);
104 break; case INT: arg->i = va_arg(*ap, int);
105 break; case UINT: arg->i = va_arg(*ap, unsigned int);
106 break; case LONG: arg->i = va_arg(*ap, long);
107 break; case ULONG: arg->i = va_arg(*ap, unsigned long);
108 break; case ULLONG: arg->i = va_arg(*ap, unsigned long long);
109 break; case SHORT: arg->i = (short)va_arg(*ap, int);
110 break; case USHORT: arg->i = (unsigned short)va_arg(*ap, int);
111 break; case CHAR: arg->i = (signed char)va_arg(*ap, int);
112 break; case UCHAR: arg->i = (unsigned char)va_arg(*ap, int);
113 break; case LLONG: arg->i = va_arg(*ap, long long);
114 break; case SIZET: arg->i = va_arg(*ap, size_t);
115 break; case IMAX: arg->i = va_arg(*ap, intmax_t);
116 break; case UMAX: arg->i = va_arg(*ap, uintmax_t);
117 break; case PDIFF: arg->i = va_arg(*ap, ptrdiff_t);
118 break; case UIPTR: arg->i = (uintptr_t)va_arg(*ap, void *);
119 break; case DBL: arg->f = va_arg(*ap, double);
120 break; case LDBL: arg->f = va_arg(*ap, long double);
121 }
122 }
123
out(FILE * f,const wchar_t * s,size_t l)124 static void out(FILE *f, const wchar_t *s, size_t l)
125 {
126 while (l-- && !(f->flags & F_ERR)) fputwc(*s++, f);
127 }
128
getint(wchar_t ** s)129 static int getint(wchar_t **s) {
130 int i;
131 for (i=0; iswdigit(**s); (*s)++) {
132 if (i > INT_MAX/10U || **s-'0' > INT_MAX-10*i) i = -1;
133 else i = 10*i + (**s-'0');
134 }
135 return i;
136 }
137
138 static const char sizeprefix['y'-'a'] = {
139 ['a'-'a']='L', ['e'-'a']='L', ['f'-'a']='L', ['g'-'a']='L',
140 ['d'-'a']='j', ['i'-'a']='j', ['o'-'a']='j', ['u'-'a']='j', ['x'-'a']='j',
141 ['p'-'a']='j'
142 };
143
wprintf_core(FILE * f,const wchar_t * fmt,va_list * ap,union arg * nl_arg,int * nl_type)144 static int wprintf_core(FILE *f, const wchar_t *fmt, va_list *ap, union arg *nl_arg, int *nl_type)
145 {
146 wchar_t *a, *z, *s=(wchar_t *)fmt;
147 unsigned l10n=0, fl;
148 int w, p, xp;
149 union arg arg;
150 int argpos;
151 unsigned st, ps;
152 int cnt=0, l=0;
153 int i;
154 int t;
155 char *bs;
156 char charfmt[16];
157 wchar_t wc;
158
159 for (;;) {
160 /* This error is only specified for snprintf, but since it's
161 * unspecified for other forms, do the same. Stop immediately
162 * on overflow; otherwise %n could produce wrong results. */
163 if (l > INT_MAX - cnt) goto overflow;
164
165 /* Update output count, end loop when fmt is exhausted */
166 cnt += l;
167 if (!*s) break;
168
169 /* Handle literal text and %% format specifiers */
170 for (a=s; *s && *s!='%'; s++);
171 for (z=s; s[0]=='%' && s[1]=='%'; z++, s+=2);
172 if (z-a > INT_MAX-cnt) goto overflow;
173 l = z-a;
174 if (f) out(f, a, l);
175 if (l) continue;
176
177 if (iswdigit(s[1]) && s[2]=='$') {
178 l10n=1;
179 argpos = s[1]-'0';
180 s+=3;
181 } else {
182 argpos = -1;
183 s++;
184 }
185
186 /* Read modifier flags */
187 for (fl=0; (unsigned)*s-' '<32 && (FLAGMASK&(1U<<*s-' ')); s++)
188 fl |= 1U<<*s-' ';
189
190 /* Read field width */
191 if (*s=='*') {
192 if (iswdigit(s[1]) && s[2]=='$') {
193 l10n=1;
194 nl_type[s[1]-'0'] = INT;
195 w = nl_arg[s[1]-'0'].i;
196 s+=3;
197 } else if (!l10n) {
198 w = f ? va_arg(*ap, int) : 0;
199 s++;
200 } else goto inval;
201 if (w<0) fl|=LEFT_ADJ, w=-w;
202 } else if ((w=getint(&s))<0) goto overflow;
203
204 /* Read precision */
205 if (*s=='.' && s[1]=='*') {
206 if (isdigit(s[2]) && s[3]=='$') {
207 nl_type[s[2]-'0'] = INT;
208 p = nl_arg[s[2]-'0'].i;
209 s+=4;
210 } else if (!l10n) {
211 p = f ? va_arg(*ap, int) : 0;
212 s+=2;
213 } else goto inval;
214 xp = (p>=0);
215 } else if (*s=='.') {
216 s++;
217 p = getint(&s);
218 xp = 1;
219 } else {
220 p = -1;
221 xp = 0;
222 }
223
224 /* Format specifier state machine */
225 st=0;
226 do {
227 if (OOB(*s)) goto inval;
228 ps=st;
229 st=states[st]S(*s++);
230 } while (st-1<STOP);
231 if (!st) goto inval;
232
233 /* Check validity of argument type (nl/normal) */
234 if (st==NOARG) {
235 if (argpos>=0) goto inval;
236 } else {
237 if (argpos>=0) nl_type[argpos]=st, arg=nl_arg[argpos];
238 else if (f) pop_arg(&arg, st, ap);
239 else return 0;
240 }
241
242 if (!f) continue;
243 t = s[-1];
244 if (ps && (t&15)==3) t&=~32;
245
246 switch (t) {
247 case 'n':
248 switch(ps) {
249 case BARE: *(int *)arg.p = cnt; break;
250 case LPRE: *(long *)arg.p = cnt; break;
251 case LLPRE: *(long long *)arg.p = cnt; break;
252 case HPRE: *(unsigned short *)arg.p = cnt; break;
253 case HHPRE: *(unsigned char *)arg.p = cnt; break;
254 case ZTPRE: *(size_t *)arg.p = cnt; break;
255 case JPRE: *(uintmax_t *)arg.p = cnt; break;
256 }
257 continue;
258 case 'c':
259 if (w<1) w=1;
260 if (w>1 && !(fl&LEFT_ADJ)) fprintf(f, "%*s", w-1, "");
261 fputwc(btowc(arg.i), f);
262 if (w>1 && (fl&LEFT_ADJ)) fprintf(f, "%*s", w-1, "");
263 l = w;
264 continue;
265 case 'C':
266 fputwc(arg.i, f);
267 l = 1;
268 continue;
269 case 'S':
270 a = arg.p;
271 z = a + wcsnlen(a, p<0 ? INT_MAX : p);
272 if (p<0 && *z) goto overflow;
273 p = z-a;
274 if (w<p) w=p;
275 if (!(fl&LEFT_ADJ)) fprintf(f, "%*s", w-p, "");
276 out(f, a, p);
277 if ((fl&LEFT_ADJ)) fprintf(f, "%*s", w-p, "");
278 l=w;
279 continue;
280 case 'm':
281 arg.p = strerror(errno);
282 case 's':
283 if (!arg.p) arg.p = "(null)";
284 bs = arg.p;
285 for (i=l=0; l<(p<0?INT_MAX:p) && (i=mbtowc(&wc, bs, MB_LEN_MAX))>0; bs+=i, l++);
286 if (i<0) return -1;
287 if (p<0 && *bs) goto overflow;
288 p=l;
289 if (w<p) w=p;
290 if (!(fl&LEFT_ADJ)) fprintf(f, "%*s", w-p, "");
291 bs = arg.p;
292 while (l--) {
293 i=mbtowc(&wc, bs, MB_LEN_MAX);
294 bs+=i;
295 fputwc(wc, f);
296 }
297 if ((fl&LEFT_ADJ)) fprintf(f, "%*s", w-p, "");
298 l=w;
299 continue;
300 }
301
302 if (xp && p<0) goto overflow;
303 snprintf(charfmt, sizeof charfmt, "%%%s%s%s%s%s*.*%c%c",
304 "#"+!(fl & ALT_FORM),
305 "+"+!(fl & MARK_POS),
306 "-"+!(fl & LEFT_ADJ),
307 " "+!(fl & PAD_POS),
308 "0"+!(fl & ZERO_PAD),
309 sizeprefix[(t|32)-'a'], t);
310
311 switch (t|32) {
312 case 'a': case 'e': case 'f': case 'g':
313 l = fprintf(f, charfmt, w, p, arg.f);
314 break;
315 case 'd': case 'i': case 'o': case 'u': case 'x': case 'p':
316 l = fprintf(f, charfmt, w, p, arg.i);
317 break;
318 }
319 }
320
321 if (f) return cnt;
322 if (!l10n) return 0;
323
324 for (i=1; i<=NL_ARGMAX && nl_type[i]; i++)
325 pop_arg(nl_arg+i, nl_type[i], ap);
326 for (; i<=NL_ARGMAX && !nl_type[i]; i++);
327 if (i<=NL_ARGMAX) return -1;
328 return 1;
329
330 inval:
331 errno = EINVAL;
332 return -1;
333 overflow:
334 errno = EOVERFLOW;
335 return -1;
336 }
337
vfwprintf(FILE * restrict f,const wchar_t * restrict fmt,va_list ap)338 int vfwprintf(FILE *restrict f, const wchar_t *restrict fmt, va_list ap)
339 {
340 va_list ap2;
341 int nl_type[NL_ARGMAX] = {0};
342 union arg nl_arg[NL_ARGMAX];
343 int olderr;
344 int ret;
345
346 /* the copy allows passing va_list* even if va_list is an array */
347 va_copy(ap2, ap);
348 if (wprintf_core(0, fmt, &ap2, nl_arg, nl_type) < 0) {
349 va_end(ap2);
350 return -1;
351 }
352
353 FLOCK(f);
354 fwide(f, 1);
355 olderr = f->flags & F_ERR;
356 f->flags &= ~F_ERR;
357 ret = wprintf_core(f, fmt, &ap2, nl_arg, nl_type);
358 if (f->flags & F_ERR) ret = -1;
359 f->flags |= olderr;
360 FUNLOCK(f);
361 va_end(ap2);
362 return ret;
363 }
364