summaryrefslogtreecommitdiff
path: root/src/basic/string-util.c
Commit message (Collapse)AuthorAgeFilesLines
* util-lib: [static] array argument sizes are apparently not OK for NULL ↵Lennart Poettering2019-07-121-4/+10
| | | | | | | | | | | | | | | | | | | | | | parameters Let's drop the 'static' logic when a parameter can be NULL. I think asan/ubsan are right here, judging by the C99 spec language: "A declaration of a parameter as ‘‘array of type’’ shall be adjusted to ‘‘qualified pointer to type’’, where the type qualifiers (if any) are those specified within the [ and ] of the array type derivation. If the keyword static also appears within the [ and ] of the array type derivation, then for each call to the function, the value of the corresponding actual argument shall provide access to the first element of an array with at least as many elements as specified by the size expression." If we specify NULL, then we certainly don't pvode access to any valid array. Fixes: #13039
* tree-wide: get rid of strappend()Lennart Poettering2019-07-121-4/+0
| | | | | It's a special case of strjoin(), so no need to keep both. In particular as typing strjoin() is even shoert than strappend().
* Remove string_eraseZbigniew Jędrzejewski-Szmek2019-07-101-10/+0
|
* Remove string_free_eraseZbigniew Jędrzejewski-Szmek2019-07-101-4/+0
|
* Add open_memstream_unlocked() wrapperZbigniew Jędrzejewski-Szmek2019-04-121-10/+6
|
* util: split out nulstr related stuff to nulstr-util.[ch]Lennart Poettering2019-03-141-13/+0
|
* util: move some raw memory functions from string-util.h → memory-util.hLennart Poettering2019-03-141-20/+2
|
* tree-wide: use c99 static for array size declarationsZbigniew Jędrzejewski-Szmek2019-01-041-1/+1
| | | | | | | | | | | | | | | | https://hamberg.no/erlend/posts/2013-02-18-static-array-indices.html This only works with clang, unfortunately gcc doesn't seem to implement the check (tested with gcc-8.2.1-5.fc29.x86_64). Simulated error: [2/3] Compiling C object 'systemd-nspawn@exe/src_nspawn_nspawn.c.o'. ../src/nspawn/nspawn.c:3179:45: warning: array argument is too small; contains 15 elements, callee requires at least 16 [-Warray-bounds] candidate = (uid_t) siphash24(arg_machine, strlen(arg_machine), hash_key); ^ ~~~~~~~~ ../src/basic/siphash24.h:24:64: note: callee declares array parameter as static here uint64_t siphash24(const void *in, size_t inlen, const uint8_t k[static 16]); ^~~~~~~~~~~~
* string-util: introduce explicit_zero_safe()Lennart Poettering2018-10-241-3/+6
| | | | | | | The only real difference is that this wrapper can deal with NULL pointer arguments, but only if the length is also zero. CID 1396277
* tree-wide: CMP()ify all the thingsLennart Poettering2018-10-161-6/+1
| | | | Let's employ coccinelle to fix everything up automatically for us.
* Merge pull request #10152 from yuwata/udev-use-extractLennart Poettering2018-10-051-4/+8
|\ | | | | udev: small cleanups
| * strv: introduce 'relax' mode to strv_split_full()Yu Watanabe2018-09-261-4/+8
| | | | | | | | | | If SPLIT_RELAX is specified, then it accepts unfinished quotes or missing separator after right quote.
* | Introduce free_and_strndup and use it in bus-message.cZbigniew Jędrzejewski-Szmek2018-10-021-1/+27
|/ | | | | | | | | | | | | | v2: fix error in free_and_strndup() When the orignal and copied message were the same, but shorter than specified length l, memory read past the end of the buffer would be performed. A test case is included: a string that had an embedded NUL ("q\0") is used to replace "q". v3: Fix one more bug in free_and_strndup and add tests. v4: Some style fixed based on review, one more use of free_and_replace, and make the tests more comprehensive.
* tree-wide: remove Lennart's copyright linesLennart Poettering2018-06-141-3/+0
| | | | | | | | | | | These lines are generally out-of-date, incomplete and unnecessary. With SPDX and git repository much more accurate and fine grained information about licensing and authorship is available, hence let's drop the per-file copyright notice. Of course, removing copyright lines of others is problematic, hence this commit only removes my own lines and leaves all others untouched. It might be nicer if sooner or later those could go away too, making git the only and accurate source of authorship information.
* tree-wide: drop 'This file is part of systemd' blurbLennart Poettering2018-06-141-2/+0
| | | | | | | | | | | | | | | | This part of the copyright blurb stems from the GPL use recommendations: https://www.gnu.org/licenses/gpl-howto.en.html The concept appears to originate in times where version control was per file, instead of per tree, and was a way to glue the files together. Ultimately, we nowadays don't live in that world anymore, and this information is entirely useless anyway, as people are very welcome to copy these files into any projects they like, and they shouldn't have to change bits that are part of our copyright header for that. hence, let's just get rid of this old cruft, and shorten our codebase a bit.
* basic/ellipsize: do not assume the string is NUL-terminated when length is givenZbigniew Jędrzejewski-Szmek2018-06-111-1/+1
| | | | | | | | | | | | | | | | | | | oss-fuzz flags this as: ==1==WARNING: MemorySanitizer: use-of-uninitialized-value 0. 0x7fce77519ca5 in ascii_is_valid systemd/src/basic/utf8.c:252:9 1. 0x7fce774d203c in ellipsize_mem systemd/src/basic/string-util.c:544:13 2. 0x7fce7730a299 in print_multiline systemd/src/shared/logs-show.c:244:37 3. 0x7fce772ffdf3 in output_short systemd/src/shared/logs-show.c:495:25 4. 0x7fce772f5a27 in show_journal_entry systemd/src/shared/logs-show.c:1077:15 5. 0x7fce772f66ad in show_journal systemd/src/shared/logs-show.c:1164:29 6. 0x4a2fa0 in LLVMFuzzerTestOneInput systemd/src/fuzz/fuzz-journal-remote.c:64:21 ... I didn't reproduce the issue, but this looks like an obvious error: the length is specified, so we shouldn't use the string with any functions for normal C-strings.
* string-util: put together strstrip() from skip_leading_chars() and ↵Lennart Poettering2018-06-061-13/+2
| | | | delete_trailing_chars()
* test-ellipsize: add tests for ellipsize_mem, fix bugsZbigniew Jędrzejewski-Szmek2018-06-021-23/+38
| | | | | | | | | | | | | | First, ellipsize() and ellipsize_mem() should not read past the input buffer. Those functions take an explicit length for the input data, so they should not assume that the buffer is terminated by a nul. Second, ellipsization was off in various cases where wide on multi-byte characters were used. We had some basic test for ellipsize(), but apparently it wasn't enough to catch more serious cases. Should fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8686.
* basic/string-util: make ellipsize() inlineZbigniew Jędrzejewski-Szmek2018-06-021-7/+0
| | | | | Once the redundant check is removed, it's a very simple wrapper around ellipsize_mem().
* string-util: tweak cellescape() a bitLennart Poettering2018-06-011-12/+45
| | | | | | | | | | | | | For short buffer sizes cellescape() was a bit wasteful, as it might suffice to to drop a single character to find enough place for the full four byte ellipsis, if that one character was a four character escape. With this rework we'll guarantee to drop the minimum number of characters from the end to fit in the ellipsis. If the buffers we write to are large this doesn't matter much. However, if they are short (as they are when talking about the process comm field) then it starts to matter that we put as much information as we can in the space we get.
* basic/string-util: add a convenience function to cescape mostly-ascii fieldsZbigniew Jędrzejewski-Szmek2018-05-311-16/+54
| | | | | | | | | It's not supposed to be the most efficient, but instead fast and simple to use. I kept the logic in ellipsize_mem() to use unicode ellipsis even in non-unicode locales. I'm not quite convinced things should be this way, especially that with this patch it'd actually be simpler to always use "…" in unicode locale and "..." otherwise, but Lennart wanted it this way for some reason.
* string-util: use fflush_and_check() where appropriateLennart Poettering2018-04-241-1/+2
|
* string-util: teach strip_tab_ansi() to deal with CSO sequencesLennart Poettering2018-04-241-7/+36
| | | | | | | | With the recent terminal_urlify() APIs we'll now sometimes generate clickable link CSO sequences. Hence we should also be able to remove them again from strings. This beefs up the logic to do so. Follow-up for: 23b27b39d2a3a002ad827a2e8a9872a51495d797
* string-util: tweak ellipsation a bitLennart Poettering2018-04-181-25/+68
| | | | | | | | | | | | | | | | | | | This primarily changes to things: 1. Ellipsation to 0, 1 or 2 characters is now supported. Previously we'd hit an assert if the new lengths was < 3, this is now permitted. The result strings won't show too much info still of course, but the code becomes a bit more generic and robust to use. 2. If a UTF-8 mode is disabled and the input string is pure ASCII, then "..." is used for ellipsation, otherwise (as before) "…". This means on a pure-ASCII system we should remain pure-ASCII, matching behaviour otherwise exposed with special_glyph() and friends. Note that we'll use "…" for ellipsiation as soon as either the locale settings indicate an UTF-8 mode or the input string already contains non-ASCII unicode characters. Testing for these special cases is improved.
* tree-wide: drop license boilerplateZbigniew Jędrzejewski-Szmek2018-04-061-13/+0
| | | | | | | | | | Files which are installed as-is (any .service and other unit files, .conf files, .policy files, etc), are left as is. My assumption is that SPDX identifiers are not yet that well known, so it's better to retain the extended header to avoid any doubt. I also kept any copyright lines. We can probably remove them, but it'd nice to obtain explicit acks from all involved authors before doing that.
* journalctl: add highlighting for matched substringZbigniew Jędrzejewski-Szmek2018-01-281-4/+25
| | | | | | | | | Red is used for highligting, the same as grep does. Except when the line is highlighted red already, because it has high priority, in which case plain ansi highlight is used for the matched substring. Coloring is implemented for short and cat outputs, and not for other types. I guess we could also add it for verbose output in the future.
* tree-wide: use __fsetlocking() instead of fxyz_unlocked()Lennart Poettering2017-12-141-11/+12
| | | | | | | | | | | | | | | | | | | | | | | | Let's replace usage of fputc_unlocked() and friends by __fsetlocking(f, FSETLOCKING_BYCALLER). This turns off locking for the entire FILE*, instead of doing individual per-call decision whether to use normal calls or _unlocked() calls. This has various benefits: 1. It's easier to read and easier not to forget 2. It's more comprehensive, as fprintf() and friends are covered too (as these functions have no _unlocked() counterpart) 3. Philosophically, it's a bit more correct, because it's more a property of the file handle really whether we ever pass it on to another thread, not of the operations we then apply to it. This patch reworks all pieces of codes that so far used fxyz_unlocked() calls to use __fsetlocking() instead. It also reworks all places that use open_memstream(), i.e. use stdio FILE* for string manipulations. Note that this in some way a revert of 4b61c8751135c58be043d86b9fef4c8ec7aadf18.
* string-util: rework strextend() to optionally inset separators between each ↵Lennart Poettering2017-12-051-5/+23
| | | | | | | | | | | | | | appended string This adds a new flavour of strextend(), called strextend_with_separator(), which takes an optional separator string. If specified, the separator is inserted between each appended string, as well as before the first one, but only if the original string was non-empty. This new call is particularly useful when appending new options to mount option strings and suchlike, which need to be comma-separated, and initially start out from an empty string.
* string-util: update strreplace() a bit, use GREEDY_REALLOC()Lennart Poettering2017-11-291-17/+13
|
* Add SPDX license identifiers to source files under the LGPLZbigniew Jędrzejewski-Szmek2017-11-191-0/+1
| | | | | This follows what the kernel is doing, c.f. https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5fd54ace4721fc5ce2bb5aef6318fcf17f421460.
* string-util: add delete_trailing_chars() and skip_leading_chars() helpersLennart Poettering2017-11-131-1/+30
| | | | And let's port over a couple of users to the new APIs.
* string-util: when ellipsizing to a length if (size_t) -1, become a NOPLennart Poettering2017-11-101-0/+8
| | | | | | | | | | Let's say that (size_t) -1 (i.e. SIZE_T_MAX) is equivalent to "unbounded" ellipsation, i.e. ellipsation as NOP. In which case the relevant functions become little more than strdup()/strndup(). This is useful to simplify caller code in case we want to turn off ellipsation in certain code paths with minimal caller-side handling for this.
* Merge pull request #6974 from keszybz/clean-up-definesLennart Poettering2017-10-041-1/+1
|\ | | | | Clean up define definitions
| * build-sys: change all HAVE_DECL_ macros to HAVE_Zbigniew Jędrzejewski-Szmek2017-10-031-1/+1
| | | | | | | | | | | | | | This is a legacy of autotools, where one detection routine used a different prefix then the others. $ git grep -e HAVE_DECL_ -l|xargs sed -i s/HAVE_DECL_/HAVE_/g
* | tree-wide: use IN_SET macro (#6977)Yu Watanabe2017-10-041-1/+1
|/
* string-util: optimize strshorten() a bitLennart Poettering2017-07-311-1/+1
| | | | | There's no reason to determine the full length of the string, it's sufficient to know whether it is larger than the intended size...
* string-util: add strlen_ptr() helperLennart Poettering2017-07-311-2/+2
| | | | | strlen_ptr() is to strlen() what streq_ptr() is to streq(): i.e. it handles NULL strings in a smart way.
* basic: cosmetic changes (#6440)Yu Watanabe2017-07-241-1/+1
|
* basic: use _unlocked() stdio in strip_tab_ansi() (#6385)Vito Caputo2017-07-181-7/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Trivial performance boost by explicitly bypassing the implicit locking of stdio. This significantly affects common cases of `journalctl` usage: Before: # time ./journalctl -b -1 > /dev/null real 0m26.628s user 0m26.495s sys 0m0.125s # time ./journalctl -b -1 > /dev/null real 0m27.069s user 0m26.936s sys 0m0.134s # time ./journalctl -b -1 > /dev/null real 0m26.727s user 0m26.607s sys 0m0.119s After: # time ./journalctl -b -1 > /dev/null real 0m23.394s user 0m23.244s sys 0m0.142s # time ./journalctl -b -1 > /dev/null real 0m23.283s user 0m23.160s sys 0m0.121s # time ./journalctl -b -1 > /dev/null real 0m23.274s user 0m23.125s sys 0m0.144s Fixes https://github.com/systemd/systemd/issues/6341
* treewide: replace homegrown memory_erase with explicit_bzeroZbigniew Jędrzejewski-Szmek2017-02-051-5/+6
| | | | | | | | explicit_bzero was added in glibc 2.25. Make use of it. explicit_bzero is hardcoded to zero the memory, so string erase now truncates the string, instead of overwriting it with 'x'. This causes a visible difference only in the journalctl case.
* tree-wide: drop NULL sentinel from strjoinZbigniew Jędrzejewski-Szmek2016-10-231-1/+1
| | | | | | | | | | | | | This makes strjoin and strjoina more similar and avoids the useless final argument. spatch -I . -I ./src -I ./src/basic -I ./src/basic -I ./src/shared -I ./src/shared -I ./src/network -I ./src/locale -I ./src/login -I ./src/journal -I ./src/journal -I ./src/timedate -I ./src/timesync -I ./src/nspawn -I ./src/resolve -I ./src/resolve -I ./src/systemd -I ./src/core -I ./src/core -I ./src/libudev -I ./src/udev -I ./src/udev/net -I ./src/udev -I ./src/libsystemd/sd-bus -I ./src/libsystemd/sd-event -I ./src/libsystemd/sd-login -I ./src/libsystemd/sd-netlink -I ./src/libsystemd/sd-network -I ./src/libsystemd/sd-hwdb -I ./src/libsystemd/sd-device -I ./src/libsystemd/sd-id128 -I ./src/libsystemd-network --sp-file coccinelle/strjoin.cocci --in-place $(git ls-files src/*.c) git grep -e '\bstrjoin\b.*NULL' -l|xargs sed -i -r 's/strjoin\((.*), NULL\)/strjoin(\1)/' This might have missed a few cases (spatch has a really hard time dealing with _cleanup_ macros), but that's no big issue, they can always be fixed later.
* tree-wide: use mfree moreZbigniew Jędrzejewski-Szmek2016-10-161-4/+2
|
* Always use unicode ellipsis when ellipsizingZbigniew Jędrzejewski-Szmek2016-09-131-6/+6
| | | | | | | | | | | | | We were already unconditionally using the unicode character when the input string was not pure ASCII, leading to different behaviour in depending on the input string. systemd[1]: Starting printit.service. python3[19962]: foooooooooooooooooooooooooooooooooooo…oooo python3[19964]: fooąęoooooooooooooooooooooooooooooooo…oooo python3[19966]: fooąęoooooooooooooooooooooooooooooooo…ąęąę python3[19968]: fooąęoooooooooooooooooąęąęąęąęąęąęąęą…ąęąę systemd[1]: Started printit.service.
* string-util: rework memory_erase() to not use GCC optimize attribute (#3812)Michael Biebl2016-07-261-15/+11
| | | | | | | | | | | | | | | | "#pragma GCC optimize" is merely a convenience to decorate multiple functions with attribute optimize. And the manual has this to say about this attribute: This attribute should be used for debugging purposes only. It is not suitable in production code. Some versions of GCC also seem to have a problem with this pragma in combination with LTO, resulting in ICEs. So use a different approach (indirect the memset call via a volatile function pointer) as implemented in openssl's crypto/mem_clr.c. Closes: #3811
* bootctl: move toupper() implementation to string-util.hLennart Poettering2016-07-211-0/+19
| | | | | | We already have tolower() calls there, hence let's unify this at one place. Also, update the code to only use ASCII operations, so that we don't end up being locale dependant.
* tree-wide: make ++/-- usage consistent WRT spacingVito Caputo2016-02-221-1/+1
| | | | | | Throughout the tree there's spurious use of spaces separating ++ and -- operators from their respective operands. Make ++ and -- operator consistent with the majority of existing uses; discard the spaces.
* tree-wide: remove Emacs lines from all filesDaniel Mack2016-02-101-2/+0
| | | | | This should be handled fine now by .dir-locals.el, so need to carry that stuff in every file.
* utf8.[ch] et al: use char32_t and char16_t instead of int, int32_t, int16_tShawn Landden2016-01-271-6/+7
| | | | | | | | | | | | rework C11 utf8.[ch] to use char32_t instead of uint32_t when referring to unicode chars, to make things more expressive. [ @zonque: * rebased to current master * use AC_CHECK_DECLS to detect availibility of char{16,32}_t * make utf8_encoded_to_unichar() return int ]
* basic: add ascii_strcasecmp_nn() callLennart Poettering2016-01-131-0/+15
| | | | | In contrast to ascii_strcasecmp_nn() it takes two character buffers with their individual length. It will then compare the buffers up the smaller size of the two buffers, and finally the length themselves.
* basic: add new ascii_strcasecmp_n() callLennart Poettering2016-01-131-0/+15
|
View Lorry Controller Status