This is an archive of the discontinued LLVM Phabricator instance.

Paths

Table of Contentst

-
libc/
-
src/stdio/printf_core/
-
stdio/
-
printf_core/
-
printf_config.h
1
string_converter.h
-
write_int_converter.h
-
test/src/stdio/
-
src/
-
stdio/
1/3
sprintf_test.cpp

Differential D156923

[libc] Add nullptr check option to printf %s
ClosedPublic

Authored by michaelrj on Aug 2 2023, 10:55 AM.

Download Raw Diff

Details

Reviewers

lntue
sivachandra

Commits

rGf6ba352988b2: [libc] Add nullptr check option to printf %s

Summary

Some printf implementations perform a null check on pointers passed to
%s. While that's not in the standard, this patch adds it as an option
for compatibility. It also puts a similar check in %n behind the same
flag.

Diff Detail

Repository: rG LLVM Github Monorepo

Event Timeline

michaelrj created this revision.Aug 2 2023, 10:55 AM

Herald added projects: Restricted Project, Restricted Project. · View Herald TranscriptAug 2 2023, 10:55 AM

Herald added a subscriber: libc-commits. · View Herald Transcript

michaelrj requested review of this revision.Aug 2 2023, 10:55 AM

Herald added a subscriber: wangpc. · View Herald TranscriptAug 2 2023, 10:55 AM

Harbormaster completed remote builds in B249842: Diff 546551.Aug 2 2023, 11:16 AM

lntue accepted this revision.Aug 2 2023, 11:54 AM

lntue added inline comments.

libc/test/src/stdio/sprintf_test.cpp
101	Also add the expectation for this output when `LIBC_COPT_PRINTF_NO_NULLPTR_CHECKS` is set.
2791	Also add the expectation for this output when `LIBC_COPT_PRINTF_NO_NULLPTR_CHECKS` is set.

This revision is now accepted and ready to land.Aug 2 2023, 11:54 AM

michaelrj added inline comments.Aug 2 2023, 12:54 PM

libc/test/src/stdio/sprintf_test.cpp
101	If the flag isn't set, the expectation is for it to segfault so it would have to be a death test. I'm not sure that's a useful test though.

Closed by commit rGf6ba352988b2: [libc] Add nullptr check option to printf %s (authored by michaelrj). · Explain WhyAug 7 2023, 2:47 PM

This revision was automatically updated to reflect the committed changes.

michaelrj added a commit: rGf6ba352988b2: [libc] Add nullptr check option to printf %s.

mcgrathr added a subscriber: mcgrathr.Aug 9 2023, 2:18 PM

mcgrathr added inline comments.

libc/src/stdio/printf_core/string_converter.h
29	IIRC the traditional string is "(null)", not "null". That's what glibc does. Also note for `%p` it uses "(nil)" instead, so go figure. Also glibc only writes "(null)" at all if the precision allows the full string, never truncates it to "(nu" for `%.3s`. If it doesn't fit, it just writes nothing instead (as for an argument of "").

Revision Contents

Path

Size

libc/

src/

stdio/

printf_core/

printf_config.h

2 lines

string_converter.h

13 lines

write_int_converter.h

8 lines

test/

src/

stdio/

sprintf_test.cpp

8 lines

Diff 547958

libc/src/stdio/printf_core/printf_config.h

	Show All 33 Lines
	// LIBC_COPT_FLOAT_TO_STR_USE_DYADIC_FLOAT			// LIBC_COPT_FLOAT_TO_STR_USE_DYADIC_FLOAT
	// LIBC_COPT_FLOAT_TO_STR_USE_DYADIC_FLOAT_LD			// LIBC_COPT_FLOAT_TO_STR_USE_DYADIC_FLOAT_LD
	// LIBC_COPT_FLOAT_TO_STR_USE_INT_CALC			// LIBC_COPT_FLOAT_TO_STR_USE_INT_CALC
	// LIBC_COPT_FLOAT_TO_STR_NO_TABLE			// LIBC_COPT_FLOAT_TO_STR_NO_TABLE
	// LIBC_COPT_PRINTF_HEX_LONG_DOUBLE			// LIBC_COPT_PRINTF_HEX_LONG_DOUBLE

	// TODO(michaelrj): Move the other printf configuration options into this file.			// TODO(michaelrj): Move the other printf configuration options into this file.

				// LIBC_COPT_PRINTF_NO_NULLPTR_CHECKS

	#endif // LLVM_LIBC_SRC_STDIO_PRINTF_CORE_PRINTF_CONFIG_H			#endif // LLVM_LIBC_SRC_STDIO_PRINTF_CORE_PRINTF_CONFIG_H

libc/src/stdio/printf_core/string_converter.h

	Show All 16 Lines

	#include <stddef.h>			#include <stddef.h>

	namespace __llvm_libc {			namespace __llvm_libc {
	namespace printf_core {			namespace printf_core {

	LIBC_INLINE int convert_string(Writer *writer, const FormatSection &to_conv) {			LIBC_INLINE int convert_string(Writer *writer, const FormatSection &to_conv) {
	size_t string_len = 0;			size_t string_len = 0;
				const char str_ptr = reinterpret_cast<const char >(to_conv.conv_val_ptr);

	for (char cur_str = reinterpret_cast<char >(to_conv.conv_val_ptr);			#ifndef LIBC_COPT_PRINTF_NO_NULLPTR_CHECKS
	cur_str[string_len]; ++string_len) {			if (str_ptr == nullptr) {
				str_ptr = "null";
				mcgrathrUnsubmitted Not Done Reply Inline Actions IIRC the traditional string is "(null)", not "null". That's what glibc does. Also note for `%p` it uses "(nil)" instead, so go figure. Also glibc only writes "(null)" at all if the precision allows the full string, never truncates it to "(nu" for `%.3s`. If it doesn't fit, it just writes nothing instead (as for an argument of ""). mcgrathr: IIRC the traditional string is "(null)", not "null". That's what glibc does. Also note for `%p`…
				}
				#endif // LIBC_COPT_PRINTF_NO_NULLPTR_CHECKS

				for (const char *cur_str = (str_ptr); cur_str[string_len]; ++string_len) {
	;			;
	}			}

	if (to_conv.precision >= 0 &&			if (to_conv.precision >= 0 &&
	static_cast<size_t>(to_conv.precision) < string_len)			static_cast<size_t>(to_conv.precision) < string_len)
	string_len = to_conv.precision;			string_len = to_conv.precision;

	size_t padding_spaces = to_conv.min_width > static_cast<int>(string_len)			size_t padding_spaces = to_conv.min_width > static_cast<int>(string_len)
	? to_conv.min_width - string_len			? to_conv.min_width - string_len
	: 0;			: 0;

	// If the padding is on the left side, write the spaces first.			// If the padding is on the left side, write the spaces first.
	if (padding_spaces > 0 &&			if (padding_spaces > 0 &&
	(to_conv.flags & FormatFlags::LEFT_JUSTIFIED) == 0) {			(to_conv.flags & FormatFlags::LEFT_JUSTIFIED) == 0) {
	RET_IF_RESULT_NEGATIVE(writer->write(' ', padding_spaces));			RET_IF_RESULT_NEGATIVE(writer->write(' ', padding_spaces));
	}			}

	RET_IF_RESULT_NEGATIVE(writer->write(			RET_IF_RESULT_NEGATIVE(writer->write({(str_ptr), string_len}));
	{reinterpret_cast<const char *>(to_conv.conv_val_ptr), string_len}));

	// If the padding is on the right side, write the spaces last.			// If the padding is on the right side, write the spaces last.
	if (padding_spaces > 0 &&			if (padding_spaces > 0 &&
	(to_conv.flags & FormatFlags::LEFT_JUSTIFIED) != 0) {			(to_conv.flags & FormatFlags::LEFT_JUSTIFIED) != 0) {
	RET_IF_RESULT_NEGATIVE(writer->write(' ', padding_spaces));			RET_IF_RESULT_NEGATIVE(writer->write(' ', padding_spaces));
	}			}
	return WRITE_OK;			return WRITE_OK;
	}			}

	} // namespace printf_core			} // namespace printf_core
	} // namespace __llvm_libc			} // namespace __llvm_libc

	#endif // LLVM_LIBC_SRC_STDIO_PRINTF_CORE_STRING_CONVERTER_H			#endif // LLVM_LIBC_SRC_STDIO_PRINTF_CORE_STRING_CONVERTER_H

libc/src/stdio/printf_core/write_int_converter.h

	Show All 16 Lines
	#include <stddef.h>			#include <stddef.h>

	namespace __llvm_libc {			namespace __llvm_libc {
	namespace printf_core {			namespace printf_core {

	LIBC_INLINE int convert_write_int(Writer *writer,			LIBC_INLINE int convert_write_int(Writer *writer,
	const FormatSection &to_conv) {			const FormatSection &to_conv) {

	// This is an additional check added by LLVM-libc. The reason it returns -3 is			#ifndef LIBC_COPT_PRINTF_NO_NULLPTR_CHECKS
	// because printf uses negative return values for errors, and -1 and -2 are			// This is an additional check added by LLVM-libc.
	// already in use by the file_writer class for file errors.
	// TODO: Remove this. It's better to crash than to provide an incorrect
	// result.
	if (to_conv.conv_val_ptr == nullptr)			if (to_conv.conv_val_ptr == nullptr)
	return NULLPTR_WRITE_ERROR;			return NULLPTR_WRITE_ERROR;
				#endif // LIBC_COPT_PRINTF_NO_NULLPTR_CHECKS

	int written = writer->get_chars_written();			int written = writer->get_chars_written();

	switch (to_conv.length_modifier) {			switch (to_conv.length_modifier) {
	case LengthModifier::none:			case LengthModifier::none:
	reinterpret_cast<int >(to_conv.conv_val_ptr) = written;			reinterpret_cast<int >(to_conv.conv_val_ptr) = written;
	break;			break;
	case LengthModifier::l:			case LengthModifier::l:
	Show All 31 Lines

libc/test/src/stdio/sprintf_test.cpp

Show First 20 Lines • Show All 90 Lines • ▼ Show 20 Lines	written = __llvm_libc::sprintf(buff, "%-5.4s%-4.4s", "words can describe",
"soups most delicious");		"soups most delicious");
EXPECT_EQ(written, 9);		EXPECT_EQ(written, 9);
ASSERT_STREQ(buff, "word soup");		ASSERT_STREQ(buff, "word soup");

written = __llvm_libc::sprintf(buff, "%s %.s %.s", 10, "beginning", 2,		written = __llvm_libc::sprintf(buff, "%s %.s %.s", 10, "beginning", 2,
"isn't", 12, 10, "important. Ever.");		"isn't", 12, 10, "important. Ever.");
EXPECT_EQ(written, 26);		EXPECT_EQ(written, 26);
ASSERT_STREQ(buff, " beginning is important.");		ASSERT_STREQ(buff, " beginning is important.");

		#ifndef LIBC_COPT_PRINTF_NO_NULLPTR_CHECKS
		written = __llvm_libc::sprintf(buff, "%s", nullptr);
		lntueUnsubmitted Not Done Reply Inline Actions Also add the expectation for this output when `LIBC_COPT_PRINTF_NO_NULLPTR_CHECKS` is set. lntue: Also add the expectation for this output when `LIBC_COPT_PRINTF_NO_NULLPTR_CHECKS` is set.
		michaelrjAuthorUnsubmitted Done Reply Inline Actions If the flag isn't set, the expectation is for it to segfault so it would have to be a death test. I'm not sure that's a useful test though. michaelrj: If the flag isn't set, the expectation is for it to segfault so it would have to be a death…
		EXPECT_EQ(written, 4);
		ASSERT_STREQ(buff, "null");
		#endif // LIBC_COPT_PRINTF_NO_NULLPTR_CHECKS
}		}

TEST(LlvmLibcSPrintfTest, IntConv) {		TEST(LlvmLibcSPrintfTest, IntConv) {
char buff[64];		char buff[64];
int written;		int written;

// Basic Tests.		// Basic Tests.

▲ Show 20 Lines • Show All 2,669 Lines • ▼ Show 20 Lines	TEST(LlvmLibcSPrintfTest, WriteIntConv) {
ASSERT_STREQ(buff, "ABCDEF");		ASSERT_STREQ(buff, "ABCDEF");

test_val = -1;		test_val = -1;
written = __llvm_libc::sprintf(buff, "%s%n", "87654321", &test_val);		written = __llvm_libc::sprintf(buff, "%s%n", "87654321", &test_val);
EXPECT_EQ(written, 8);		EXPECT_EQ(written, 8);
EXPECT_EQ(test_val, 8);		EXPECT_EQ(test_val, 8);
ASSERT_STREQ(buff, "87654321");		ASSERT_STREQ(buff, "87654321");

		#ifndef LIBC_COPT_PRINTF_NO_NULLPTR_CHECKS
written = __llvm_libc::sprintf(buff, "abc123%n", nullptr);		written = __llvm_libc::sprintf(buff, "abc123%n", nullptr);
		lntueUnsubmitted Not Done Reply Inline Actions Also add the expectation for this output when `LIBC_COPT_PRINTF_NO_NULLPTR_CHECKS` is set. lntue: Also add the expectation for this output when `LIBC_COPT_PRINTF_NO_NULLPTR_CHECKS` is set.
EXPECT_LT(written, 0);		EXPECT_LT(written, 0);
		#endif // LIBC_COPT_PRINTF_NO_NULLPTR_CHECKS
}		}
#endif // LIBC_COPT_PRINTF_DISABLE_WRITE_INT		#endif // LIBC_COPT_PRINTF_DISABLE_WRITE_INT

#ifndef LIBC_COPT_PRINTF_DISABLE_INDEX_MODE		#ifndef LIBC_COPT_PRINTF_DISABLE_INDEX_MODE
TEST(LlvmLibcSPrintfTest, IndexModeParsing) {		TEST(LlvmLibcSPrintfTest, IndexModeParsing) {
char buff[64];		char buff[64];
int written;		int written;

Show All 21 Lines