summaryrefslogtreecommitdiff
path: root/lib/mprintf.c
Commit message (Collapse)AuthorAgeFilesLines
* curl.se: new homeDaniel Stenberg2020-11-041-1/+1
| | | | Closes #6172
* checksrc: warn on space after exclamation markDaniel Stenberg2020-10-021-1/+1
| | | | Closes #6034
* dynbuf: make *addf() not require extra mallocsDaniel Stenberg2020-09-231-16/+27
| | | | | | | | | | | | ... by introducing a printf() function that appends directly into a dynbuf: Curl_dyn_vprintf(). This avoids the mandatory extra malloc so if the buffer is already big enough it can just printf directly into it. Since this less-malloc version requires tthe use of a library internal printf function, we only provide this version when building libcurl and not for the dynbuf code that is used when building the curl tool. Closes #5998
* checksrc: verify do-while and spaces between the bracesDaniel Stenberg2020-08-241-5/+5
| | | | | | Updated mprintf.c to comply Closes #5845
* mprintf: Fix stack overflowsTobias Stoeckmann2020-07-271-1/+5
| | | | | | | | | | | | | | | | | | | | | Stack overflows can occur with precisions for integers and floats. Proof of concepts: - curl_mprintf("%d, %.*1$d", 500, 1); - curl_mprintf("%d, %+0500.*1$f", 500, 1); Ideally, compile with -fsanitize=address which makes this undefined behavior a bit more defined for debug purposes. The format strings are valid. The overflows occur due to invalid arguments. If these arguments are variables with contents controlled by an attacker, the function's stack can be corrupted. Also see CVE-2016-9586 which partially fixed the float aspect. Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org> Closes https://github.com/curl/curl/pull/5722
* mprintf: Fix dollar string handlingTobias Stoeckmann2020-07-271-5/+15
| | | | | | | | | | | | | Verify that specified parameters are in range. If parameters are too large, fail early on and avoid out of boundary accesses. Also do not read behind boundaries of illegal format strings. These are defensive measures since it is expected that format strings are well-formed. Format strings should not be modifiable by user input due to possible generic format string attacks. Closes https://github.com/curl/curl/pull/5722
* source cleanup: remove all custom typedef structsDaniel Stenberg2020-05-151-8/+6
| | | | | | | | | | | - Stick to a single unified way to use structs - Make checksrc complain on 'typedef struct {' - Allow them in tests, public headers and examples - Let MD4_CTX, MD5_CTX, and SHA256_CTX typedefs remain as they actually typedef different types/structs depending on build conditions. Closes #5338
* dynbuf: introduce internal generic dynamic buffer functionsDaniel Stenberg2020-05-041-55/+16
| | | | | | | | | | | | | A common set of functions instead of many separate implementations for creating buffers that can grow when appending data to them. Existing functionality has been ported over. In my early basic testing, the total number of allocations seem at roughly the same amount as before, possibly a few less. See docs/DYNBUF.md for a description of the API. Closes #5300
* build: Disable Visual Studio warning "conditional expression is constant"Jay Satiro2019-12-011-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Disable warning C4127 "conditional expression is constant" globally in curl_setup.h for when building with Microsoft's compiler. This mainly affects building with the Visual Studio project files found in the projects dir. Prior to this change the cmake and winbuild build systems already disabled 4127 globally for when building with Microsoft's compiler. Also, 4127 was already disabled for all build systems in the limited circumstance of the WHILE_FALSE macro which disabled the warning specifically for while(0). This commit removes the WHILE_FALSE macro and all other cruft in favor of disabling globally in curl_setup. Background: We have various macros that cause 0 or 1 to be evaluated, which would cause warning C4127 in Visual Studio. For example this causes it: #define Curl_resolver_asynch() 1 Full behavior is not clearly defined and inconsistent across versions. However it is documented that since VS 2015 Update 3 Microsoft has addressed this somewhat but not entirely, not warning on while(true) for example. Prior to this change some C4127 warnings occurred when I built with Visual Studio using the generated projects in the projects dir. Closes https://github.com/curl/curl/pull/4658
* copyrights: fix copyright year rangeDaniel Stenberg2019-11-081-1/+1
| | | | | | | | .. because checksrc's copyright year check stopped working. Ref: https://github.com/curl/curl/pull/4547 Closes https://github.com/curl/curl/pull/4549
* mprintf: avoid unsigned integer overflow warningTim Rühsen2018-11-021-1/+1
| | | | | | | | The overflow has no real world impact. Just avoid it for "best practice". Code change suggested by "The Infinnovation Team" and Daniel Stenberg. Closes #3184
* code style: remove wrong uses of multiple spacesDaniel Stenberg2017-09-121-1/+1
| | | | Closes #1878
* code style: use spaces around plusesDaniel Stenberg2017-09-111-1/+1
|
* code style: use spaces around equals signsDaniel Stenberg2017-09-111-12/+12
|
* CURL_SIZEOF_LONG: removed, use only SIZEOF_LONGDaniel Stenberg2017-08-171-6/+2
|
* system.h: remove all CURL_SIZEOF_* definesDaniel Stenberg2017-08-171-2/+2
| | | | | | | ... as they're not used externally and internally we check for the sizes already in configure etc. Closes #1767
* assert: avoid, use DEBUGASSERT instead!Daniel Stenberg2017-05-221-4/+2
| | | | | | | ... as it does extra checks to actually work. Reported-by: jonrumsey at github Fixes #1504
* lib: fix compiler warningsMarcel Raad2017-05-031-1/+1
| | | | | | | | Fix the following warnings when building the tests by using the correct types: cast from 'const char *' to 'void *' drops const qualifier [-Wcast-qual] implicit conversion changes signedness [-Wsign-conversion]
* lib: remove unused codeMarcel Raad2017-04-261-4/+0
| | | | | | | | This fixes the following clang warnings: macro is not used [-Wunused-macros] will never be executed [-Wunreachable-code] Closes https://github.com/curl/curl/pull/1448
* Improve code readbilitySylvestre Ledru2017-03-131-4/+2
| | | | | | ... by removing the else branch after a return, break or continue. Closes #1310
* lib: fix MSVC compiler warningsMarcel Raad2016-12-211-1/+1
| | | | | | Visual C++ complained: warning C4267: '=': conversion from 'size_t' to 'long', possible loss of data warning C4701: potentially uninitialized local variable 'path' used
* printf: fix floating point buffer overflow issuesDaniel Stenberg2016-12-191-2/+18
| | | | ... and add a bunch of floating point printf tests
* checksrc: stricter no-space-before-paren enforcementDaniel Stenberg2016-12-131-2/+2
| | | | In order to make the code style more uniform everywhere
* printf: fix ".*f" handlingDaniel Stenberg2016-11-081-1/+0
| | | | | | | | | It would always use precision 1 instead of reading it from the argument list as intended. Reported-by: Ray Satiro Bug: #1113
* aprintf: detect wrap-around when growing allocationDaniel Stenberg2016-10-311-3/+6
| | | | | | | | | | On 32bit systems we could otherwise wrap around after 2GB and allocate 0 bytes and crash. CVE-2016-8618 Bug: https://curl.haxx.se/docs/adv_20161102D.html Reported-by: Cure53
* mprintf: return error on too many argumentsDaniel Stenberg2016-10-081-5/+12
| | | | 128 arguments should be enough for everyone
* dprintf_formatf: fix (false?) Coverity warningDaniel Stenberg2016-05-171-55/+58
| | | | | | | | | | CID 1024412: Memory - illegal accesses (OVERRUN). Claimed to happen when we run over 'workend' but the condition says <= workend and for all I can see it should be safe. Compensating for the warning by adding a byte margin in the buffer. Also, removed the extra brace level indentation in the code and made it so that 'workend' is only assigned once within the function.
* mprintf: Fix processing of width and prec argsJay Satiro2016-05-131-20/+40
| | | | | | | | | | | | | | | | | Prior to this change a width arg could be erroneously output, and also width and precision args could not be used together without crashing. "%0*d%s", 2, 9, "foo" Before: "092" After: "09foo" "%*.*s", 5, 2, "foo" Before: crash After: " fo" Test 557 is updated to verify this and more
* curl/mprintf.h: remove support for _MPRINTF_REPLACEDaniel Stenberg2016-04-011-6/+1
| | | | | | | | | | | | | | | | | | | The define is not in our name space and is therefore not protected by our API promises. It was only really used by libcurl internals but was mostly erased from there already in 8aabbf5 (March 2015). This is supposedly the final death blow to that define from everywhere. As a side-effect, making sure _MPRINTF_REPLACE is gone and not used, I made the lib tests in tests/libtest/ use curl_printf.h for its redefine magic and then subsequently the use of sprintf() got banned in the tests as well (as it is in libcurl internals) and I then replaced them all with snprintf(). In the unlikely event that any users is actually using this define and gets sad by this change, it is very easily copied to the user's own code.
* mprintf: update trio project linkJay Satiro2016-03-061-1/+1
|
* URLs: Change more haxx.se URLs from http: to https:Dan Fandrich2016-02-031-1/+1
|
* URLs: change all http:// URLs to https://Daniel Stenberg2016-02-031-1/+1
|
* mprintf: allow %.s with data not being zero terminatedDaniel Stenberg2014-05-041-4/+4
| | | | | | | | | | | | If the precision is indeed shorter than the string, don't strlen() to find the end because that's not how the precision operator works. I also added a unit test for curl_msnprintf to make sure this works and that the fix doesn't a few other basic use cases. I found a POSIX compliance problem that I marked TODO in the unit test, and I figure we need to add more tests in the future. Reported-by: Török Edwin
* mprintf: Added support for I, I32 and I64 size specifiersSteve Holme2013-12-301-6/+50
| | | | | | | | | Added support to the built-in printf() replacement functions, for these non-ANSI extensions when compiling under Visual Studio, Borland, Watcom and MinGW. This fixes problems when generating libcurl source code that contains curl_off_t variables.
* printf: make sure %x are treated unsignedDaniel Stenberg2013-06-251-8/+8
| | | | | | | When using %x, the number must be treated as unsigned as otherwise it would get sign-extended on for example 64bit machines and do wrong output. This problem showed when doing printf("%08x", 0xffeeddcc) on a 64bit host.
* checksrc: ban unsafe functionsDaniel Stenberg2013-03-071-108/+9
| | | | | | | | The list of unsafe functions currently consists of sprintf, vsprintf, strcat, strncat and gets. Subsequently, some existing code needed updating to avoid warnings on this.
* build: fix circular header inclusion with other packagesYang Tse2013-01-091-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This commit renames lib/setup.h to lib/curl_setup.h and renames lib/setup_once.h to lib/curl_setup_once.h. Removes the need and usage of a header inclusion guard foreign to libcurl. [1] Removes the need and presence of an alarming notice we carried in old setup_once.h [2] ---------------------------------------- 1 - lib/setup_once.h used __SETUP_ONCE_H macro as header inclusion guard up to commit ec691ca3 which changed this to HEADER_CURL_SETUP_ONCE_H, this single inclusion guard is enough to ensure that inclusion of lib/setup_once.h done from lib/setup.h is only done once. Additionally lib/setup.h has always used __SETUP_ONCE_H macro to protect inclusion of setup_once.h even after commit ec691ca3, this was to avoid a circular header inclusion triggered when building a c-ares enabled version with c-ares sources available which also has a setup_once.h header. Commit ec691ca3 exposes the real nature of __SETUP_ONCE_H usage in lib/setup.h, it is a header inclusion guard foreign to libcurl belonging to c-ares's setup_once.h The renaming this commit does, fixes the circular header inclusion, and as such removes the need and usage of a header inclusion guard foreign to libcurl. Macro __SETUP_ONCE_H no longer used in libcurl. 2 - Due to the circular interdependency of old lib/setup_once.h and the c-ares setup_once.h header, old file lib/setup_once.h has carried back from 2006 up to now days an alarming and prominent notice about the need of keeping libcurl's and c-ares's setup_once.h in sync. Given that this commit fixes the circular interdependency, the need and presence of mentioned notice is removed. All mentioned interdependencies come back from now old days when the c-ares project lived inside a curl subdirectory. This commit removes last traces of such fact.
* Revert changes relative to lib/*.[ch] recent renamingYang Tse2013-01-061-0/+1197
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts renaming and usage of lib/*.h header files done 28-12-2012, reverting 2 commits: f871de0... build: make use of 76 lib/*.h renamed files ffd8e12... build: rename 76 lib/*.h files This also reverts removal of redundant include guard (redundant thanks to changes in above commits) done 2-12-2013, reverting 1 commit: c087374... curl_setup.h: remove redundant include guard This also reverts renaming and usage of lib/*.c source files done 3-12-2013, reverting 3 commits: 13606bb... build: make use of 93 lib/*.c renamed files 5b6e792... build: rename 93 lib/*.c files 7d83dff... build: commit 13606bbfde follow-up 1 Start of related discussion thread: http://curl.haxx.se/mail/lib-2013-01/0012.html Asking for confirmation on pushing this revertion commit: http://curl.haxx.se/mail/lib-2013-01/0048.html Confirmation summary: http://curl.haxx.se/mail/lib-2013-01/0079.html NOTICE: The list of 2 files that have been modified by other intermixed commits, while renamed, and also by at least one of the 6 commits this one reverts follows below. These 2 files will exhibit a hole in history unless git's '--follow' option is used when viewing logs. lib/curl_imap.h lib/curl_smtp.h
* build: rename 93 lib/*.c filesYang Tse2013-01-031-1197/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 93 lib/*.c source files renamed to use our standard naming scheme. This commit only does the file renaming. ---------------------------------------- renamed: lib/amigaos.c -> lib/curl_amigaos.c renamed: lib/asyn-ares.c -> lib/curl_asyn_ares.c renamed: lib/asyn-thread.c -> lib/curl_asyn_thread.c renamed: lib/axtls.c -> lib/curl_axtls.c renamed: lib/base64.c -> lib/curl_base64.c renamed: lib/bundles.c -> lib/curl_bundles.c renamed: lib/conncache.c -> lib/curl_conncache.c renamed: lib/connect.c -> lib/curl_connect.c renamed: lib/content_encoding.c -> lib/curl_content_encoding.c renamed: lib/cookie.c -> lib/curl_cookie.c renamed: lib/cyassl.c -> lib/curl_cyassl.c renamed: lib/dict.c -> lib/curl_dict.c renamed: lib/easy.c -> lib/curl_easy.c renamed: lib/escape.c -> lib/curl_escape.c renamed: lib/file.c -> lib/curl_file.c renamed: lib/fileinfo.c -> lib/curl_fileinfo.c renamed: lib/formdata.c -> lib/curl_formdata.c renamed: lib/ftp.c -> lib/curl_ftp.c renamed: lib/ftplistparser.c -> lib/curl_ftplistparser.c renamed: lib/getenv.c -> lib/curl_getenv.c renamed: lib/getinfo.c -> lib/curl_getinfo.c renamed: lib/gopher.c -> lib/curl_gopher.c renamed: lib/gtls.c -> lib/curl_gtls.c renamed: lib/hash.c -> lib/curl_hash.c renamed: lib/hmac.c -> lib/curl_hmac.c renamed: lib/hostasyn.c -> lib/curl_hostasyn.c renamed: lib/hostcheck.c -> lib/curl_hostcheck.c renamed: lib/hostip.c -> lib/curl_hostip.c renamed: lib/hostip4.c -> lib/curl_hostip4.c renamed: lib/hostip6.c -> lib/curl_hostip6.c renamed: lib/hostsyn.c -> lib/curl_hostsyn.c renamed: lib/http.c -> lib/curl_http.c renamed: lib/http_chunks.c -> lib/curl_http_chunks.c renamed: lib/http_digest.c -> lib/curl_http_digest.c renamed: lib/http_negotiate.c -> lib/curl_http_negotiate.c renamed: lib/http_negotiate_sspi.c -> lib/curl_http_negotiate_sspi.c renamed: lib/http_proxy.c -> lib/curl_http_proxy.c renamed: lib/idn_win32.c -> lib/curl_idn_win32.c renamed: lib/if2ip.c -> lib/curl_if2ip.c renamed: lib/imap.c -> lib/curl_imap.c renamed: lib/inet_ntop.c -> lib/curl_inet_ntop.c renamed: lib/inet_pton.c -> lib/curl_inet_pton.c renamed: lib/krb4.c -> lib/curl_krb4.c renamed: lib/krb5.c -> lib/curl_krb5.c renamed: lib/ldap.c -> lib/curl_ldap.c renamed: lib/llist.c -> lib/curl_llist.c renamed: lib/md4.c -> lib/curl_md4.c renamed: lib/md5.c -> lib/curl_md5.c renamed: lib/memdebug.c -> lib/curl_memdebug.c renamed: lib/mprintf.c -> lib/curl_mprintf.c renamed: lib/multi.c -> lib/curl_multi.c renamed: lib/netrc.c -> lib/curl_netrc.c renamed: lib/non-ascii.c -> lib/curl_non_ascii.c renamed: lib/curl_non-ascii.h -> lib/curl_non_ascii.h renamed: lib/nonblock.c -> lib/curl_nonblock.c renamed: lib/nss.c -> lib/curl_nss.c renamed: lib/nwlib.c -> lib/curl_nwlib.c renamed: lib/nwos.c -> lib/curl_nwos.c renamed: lib/openldap.c -> lib/curl_openldap.c renamed: lib/parsedate.c -> lib/curl_parsedate.c renamed: lib/pingpong.c -> lib/curl_pingpong.c renamed: lib/polarssl.c -> lib/curl_polarssl.c renamed: lib/pop3.c -> lib/curl_pop3.c renamed: lib/progress.c -> lib/curl_progress.c renamed: lib/qssl.c -> lib/curl_qssl.c renamed: lib/rawstr.c -> lib/curl_rawstr.c renamed: lib/rtsp.c -> lib/curl_rtsp.c renamed: lib/security.c -> lib/curl_security.c renamed: lib/select.c -> lib/curl_select.c renamed: lib/sendf.c -> lib/curl_sendf.c renamed: lib/share.c -> lib/curl_share.c renamed: lib/slist.c -> lib/curl_slist.c renamed: lib/smtp.c -> lib/curl_smtp.c renamed: lib/socks.c -> lib/curl_socks.c renamed: lib/socks_gssapi.c -> lib/curl_socks_gssapi.c renamed: lib/socks_sspi.c -> lib/curl_socks_sspi.c renamed: lib/speedcheck.c -> lib/curl_speedcheck.c renamed: lib/splay.c -> lib/curl_splay.c renamed: lib/ssh.c -> lib/curl_ssh.c renamed: lib/sslgen.c -> lib/curl_sslgen.c renamed: lib/ssluse.c -> lib/curl_ssluse.c renamed: lib/strdup.c -> lib/curl_strdup.c renamed: lib/strequal.c -> lib/curl_strequal.c renamed: lib/strerror.c -> lib/curl_strerror.c renamed: lib/strtok.c -> lib/curl_strtok.c renamed: lib/strtoofft.c -> lib/curl_strtoofft.c renamed: lib/telnet.c -> lib/curl_telnet.c renamed: lib/tftp.c -> lib/curl_tftp.c renamed: lib/timeval.c -> lib/curl_timeval.c renamed: lib/transfer.c -> lib/curl_transfer.c renamed: lib/url.c -> lib/curl_url.c renamed: lib/version.c -> lib/curl_version.c renamed: lib/warnless.c -> lib/curl_warnless.c renamed: lib/wildcard.c -> lib/curl_wildcard.c ----------------------------------------
* build: make use of 93 lib/*.c renamed filesYang Tse2013-01-031-2/+2
| | | | | | 93 *.c source files renamed to use our standard naming scheme. This change affects 77 files in libcurl's source tree.
* build: make use of 76 lib/*.h renamed filesYang Tse2012-12-281-2/+2
| | | | | | 76 private header files renamed to use our standard naming scheme. This change affects 322 files in libcurl's source tree.
* MemoryTracking: fix logging of free() calls done where Curl_safefree is calledYang Tse2011-09-021-1/+1
| | | | | | | | | | | | | | Just internal stuff... Curl_safefree is now a macro defined in memdebug.h instead of a function prototyped in url.h and implemented in url.c, so inclusion of url.h is no longer required in order to simply use Curl_safefree. Provide definition of macro WHILE_FALSE in setup_once.h in order to allow other macros such as DEBUGF and DEBUGASSERT, and code using it, to compile without 'conditional expression is constant' warnings. The WHILE_FALSE stuff fixes 150+ MSVC compiler warnings.
* stdio.h, stdlib.h, string.h, stdarg.h and ctype.h inclusion done in setup_once.hYang Tse2011-07-261-5/+0
|
* whitespace cleanup: no space first in conditionalsDaniel Stenberg2011-04-271-1/+1
| | | | "if(a)" is our style, not "if( a )"
* source cleanup: unify look, style and indent levelsDaniel Stenberg2011-04-271-95/+51
| | | | | By the use of a the new lib/checksrc.pl script that checks that our basic source style rules are followed.
* Fix a couple of spelling errors in lib/Fabian Keil2011-04-211-2/+2
| | | | Found with codespell.
* dprintf_formatf: Value stored to 'left' is never readDaniel Stenberg2010-04-161-1/+0
|
* remove the CVSish $Id$ linesDaniel Stenberg2010-03-241-1/+0
|
* fix compiler warningYang Tse2010-02-201-1/+1
|
* fix compiler warningYang Tse2010-02-201-1/+1
|
View Lorry Controller Status