pkgconf/libpkgconf/argvsplit.c

155 lines
3.0 KiB
C
Raw Normal View History

/*
* argvsplit.c
* argv_split() routine
*
* Copyright (c) 2012, 2017 pkgconf authors (see AUTHORS).
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* This software is provided 'as is' and without any warranty, express or
* implied. In no event shall the authors be liable for any damages arising
* from the use of this software.
*/
#include <libpkgconf/stdinc.h>
2015-09-06 14:35:08 +00:00
#include <libpkgconf/libpkgconf.h>
2016-12-11 00:56:09 +00:00
/*
* !doc
*
* libpkgconf `argvsplit` module
* =============================
*
* This is a lowlevel module which provides parsing of strings into argument vectors,
* similar to what a shell would do.
*/
/*
* !doc
*
* .. c:function:: void pkgconf_argv_free(char **argv)
*
* Frees an argument vector.
*
* :param char** argv: The argument vector to free.
* :return: nothing
*/
2012-05-07 03:21:11 +00:00
void
pkgconf_argv_free(char **argv)
2012-05-07 02:09:40 +00:00
{
free(argv[0]);
free(argv);
}
2016-12-11 00:56:09 +00:00
/*
* !doc
*
* .. c:function:: int pkgconf_argv_split(const char *src, int *argc, char ***argv)
*
* Splits a string into an argument vector.
*
* :param char* src: The string to split.
* :param int* argc: A pointer to an integer to store the argument count.
* :param char*** argv: A pointer to a pointer for an argument vector.
* :return: 0 on success, -1 on error.
* :rtype: int
*/
2012-05-07 03:21:11 +00:00
int
pkgconf_argv_split(const char *src, int *argc, char ***argv)
{
char *buf = malloc(strlen(src) + 1);
const char *src_iter;
char *dst_iter;
int argc_count = 0;
int argv_size = 5;
char quote = 0;
bool escaped = false;
src_iter = src;
dst_iter = buf;
2012-05-07 08:26:44 +00:00
memset(buf, 0, strlen(src) + 1);
*argv = calloc(sizeof (void *), argv_size);
(*argv)[argc_count] = dst_iter;
while (*src_iter)
{
if (escaped)
{
/* POSIX: only \CHAR is special inside a double quote if CHAR is {$, `, ", \, newline}. */
if (quote == '"')
{
if (!(*src_iter == '$' || *src_iter == '`' || *src_iter == '"' || *src_iter == '\\'))
*dst_iter++ = '\\';
*dst_iter++ = *src_iter;
}
else
{
*dst_iter++ = *src_iter;
}
escaped = false;
}
else if (quote)
{
if (*src_iter == quote)
quote = 0;
else if (*src_iter == '\\' && quote != '\'')
escaped = true;
else
*dst_iter++ = *src_iter;
}
Avoid undefined behaviour with the ctype(3) functions. fix https://github.com/pkgconf/pkgconf/issues/291 As defined in the C standard: In all cases the argument is an int, the value of which shall be representable as an unsigned char or shall equal the value of the macro EOF. If the argument has any other value, the behavior is undefined. This is because they're designed to work with the int values returned by getc or fgetc; they need extra work to handle a char value. If EOF is -1 (as it almost always is), with 8-bit bytes, the allowed inputs to the ctype(3) functions are: {-1, 0, 1, 2, 3, ..., 255}. However, on platforms where char is signed, such as x86 with the usual ABI, code like char *ptr = ...; ... isspace(*ptr) ... may pass in values in the range: {-128, -127, -126, ..., -2, -1, 0, 1, ..., 127}. This has two problems: 1. Inputs in the set {-128, -127, -126, ..., -2} are forbidden. 2. The non-EOF byte 0xff is conflated with the value EOF = -1, so even though the input is not forbidden, it may give the wrong answer. Casting char to unsigned int first before passing the result to ctype(3) doesn't help: inputs like -128 are unchanged by this cast, because (on a two's-complement machine with 32-bit int and unsigned int), converting the signed char with integer value -128 to unsigned int gives integer value 2^32 - 128 = 0xffffff80, which is out of range, and which is converted in int back to -128, which is also out of range. It is necessary to cast char inputs to unsigned char first; you can then cast to unsigned int if you like but there's no need because the functions will always convert the argument to int by definition. So the above fragment needs to be: char *ptr = ...; ... isspace((unsigned char)*ptr) ... This patch changes unsigned int casts to unsigned char casts, and adds unsigned char casts where they are missing.
2023-03-17 19:32:58 +00:00
else if (isspace((unsigned char)*src_iter))
{
if ((*argv)[argc_count] != NULL)
{
argc_count++, dst_iter++;
if (argc_count == argv_size)
{
argv_size += 5;
*argv = realloc(*argv, sizeof(void *) * argv_size);
}
(*argv)[argc_count] = dst_iter;
}
}
else switch(*src_iter)
{
case '\\':
escaped = true;
break;
case '\"':
case '\'':
quote = *src_iter;
break;
default:
*dst_iter++ = *src_iter;
break;
}
src_iter++;
}
if (escaped || quote)
{
free(*argv);
free(buf);
return -1;
}
if (strlen((*argv)[argc_count]))
{
argc_count++;
}
*argc = argc_count;
return 0;
}