Andrew Scull | 2b5fbad | 2019-04-05 13:55:56 +0100 | [diff] [blame] | 1 | /* |
| 2 | * Copyright 2019 The Hafnium Authors. |
| 3 | * |
Andrew Walbran | e959ec1 | 2020-06-17 15:01:09 +0100 | [diff] [blame] | 4 | * Use of this source code is governed by a BSD-style |
| 5 | * license that can be found in the LICENSE file or at |
| 6 | * https://opensource.org/licenses/BSD-3-Clause. |
Andrew Scull | 2b5fbad | 2019-04-05 13:55:56 +0100 | [diff] [blame] | 7 | */ |
| 8 | |
| 9 | #include "hf/std.h" |
| 10 | |
David Brazdil | 74e9c3b | 2019-08-28 11:09:08 +0100 | [diff] [blame] | 11 | #include "hf/check.h" |
Andrew Scull | 2b5fbad | 2019-04-05 13:55:56 +0100 | [diff] [blame] | 12 | |
| 13 | /* Declare unsafe functions locally so they are not available globally. */ |
| 14 | void *memset(void *s, int c, size_t n); |
Andrew Scull | a1aa2ba | 2019-04-05 11:49:02 +0100 | [diff] [blame] | 15 | void *memcpy(void *dst, const void *src, size_t n); |
Andrew Scull | 8fbd7ee | 2019-04-05 14:36:34 +0100 | [diff] [blame] | 16 | void *memmove(void *dst, const void *src, size_t n); |
Andrew Scull | 2b5fbad | 2019-04-05 13:55:56 +0100 | [diff] [blame] | 17 | |
| 18 | void memset_s(void *dest, rsize_t destsz, int ch, rsize_t count) |
| 19 | { |
Daniel Boulby | 8adf748 | 2021-09-22 15:12:44 +0100 | [diff] [blame] | 20 | if (dest == NULL || destsz > RSIZE_MAX) { |
| 21 | panic("memset_s failed as either dest == NULL " |
| 22 | "or destsz > RSIZE_MAX.\n"); |
| 23 | } |
Andrew Scull | 2b5fbad | 2019-04-05 13:55:56 +0100 | [diff] [blame] | 24 | |
Andrew Walbran | e52006c | 2019-10-22 18:01:28 +0100 | [diff] [blame] | 25 | /* |
| 26 | * Clang analyzer doesn't like us calling unsafe memory functions, so |
| 27 | * make it ignore this call. |
| 28 | */ |
Daniel Boulby | 8adf748 | 2021-09-22 15:12:44 +0100 | [diff] [blame] | 29 | // NOLINTNEXTLINE |
| 30 | memset(dest, ch, (count <= destsz ? count : destsz)); |
Andrew Scull | 2b5fbad | 2019-04-05 13:55:56 +0100 | [diff] [blame] | 31 | } |
Andrew Scull | a1aa2ba | 2019-04-05 11:49:02 +0100 | [diff] [blame] | 32 | |
| 33 | void memcpy_s(void *dest, rsize_t destsz, const void *src, rsize_t count) |
| 34 | { |
| 35 | uintptr_t d = (uintptr_t)dest; |
| 36 | uintptr_t s = (uintptr_t)src; |
| 37 | |
Karl Meakin | 8f046e4 | 2024-07-04 12:03:36 +0100 | [diff] [blame^] | 38 | CHECK(dest != NULL); |
| 39 | CHECK(src != NULL); |
Andrew Scull | a1aa2ba | 2019-04-05 11:49:02 +0100 | [diff] [blame] | 40 | |
David Brazdil | 2246abe | 2019-08-23 12:21:06 +0100 | [diff] [blame] | 41 | /* Check count <= destsz <= RSIZE_MAX. */ |
Karl Meakin | 8f046e4 | 2024-07-04 12:03:36 +0100 | [diff] [blame^] | 42 | CHECK(destsz <= RSIZE_MAX); |
| 43 | CHECK(count <= destsz); |
Andrew Scull | a1aa2ba | 2019-04-05 11:49:02 +0100 | [diff] [blame] | 44 | |
David Brazdil | 2246abe | 2019-08-23 12:21:06 +0100 | [diff] [blame] | 45 | /* |
| 46 | * Buffer overlap test. |
| 47 | * case a) `d < s` implies `s >= d+count` |
| 48 | * case b) `d > s` implies `d >= s+count` |
| 49 | */ |
Karl Meakin | 8f046e4 | 2024-07-04 12:03:36 +0100 | [diff] [blame^] | 50 | CHECK(d != s); |
| 51 | CHECK(d < s || d >= (s + count)); |
| 52 | CHECK(d > s || s >= (d + count)); |
Andrew Scull | a1aa2ba | 2019-04-05 11:49:02 +0100 | [diff] [blame] | 53 | |
Daniel Boulby | 8adf748 | 2021-09-22 15:12:44 +0100 | [diff] [blame] | 54 | /* |
| 55 | * Clang analyzer doesn't like us calling unsafe memory functions, so |
| 56 | * make it ignore this call. |
| 57 | */ |
| 58 | // NOLINTNEXTLINE |
Andrew Scull | a1aa2ba | 2019-04-05 11:49:02 +0100 | [diff] [blame] | 59 | memcpy(dest, src, count); |
Andrew Scull | a1aa2ba | 2019-04-05 11:49:02 +0100 | [diff] [blame] | 60 | } |
Andrew Scull | 8fbd7ee | 2019-04-05 14:36:34 +0100 | [diff] [blame] | 61 | |
| 62 | void memmove_s(void *dest, rsize_t destsz, const void *src, rsize_t count) |
| 63 | { |
Karl Meakin | 8f046e4 | 2024-07-04 12:03:36 +0100 | [diff] [blame^] | 64 | CHECK(dest != NULL); |
| 65 | CHECK(src != NULL); |
Andrew Scull | 8fbd7ee | 2019-04-05 14:36:34 +0100 | [diff] [blame] | 66 | |
David Brazdil | 2246abe | 2019-08-23 12:21:06 +0100 | [diff] [blame] | 67 | /* Check count <= destsz <= RSIZE_MAX. */ |
Karl Meakin | 8f046e4 | 2024-07-04 12:03:36 +0100 | [diff] [blame^] | 68 | CHECK(destsz <= RSIZE_MAX); |
| 69 | CHECK(count <= destsz); |
Andrew Scull | 8fbd7ee | 2019-04-05 14:36:34 +0100 | [diff] [blame] | 70 | |
Daniel Boulby | 8adf748 | 2021-09-22 15:12:44 +0100 | [diff] [blame] | 71 | /* |
| 72 | * Clang analyzer doesn't like us calling unsafe memory functions, so |
| 73 | * make it ignore this call. |
| 74 | */ |
| 75 | // NOLINTNEXTLINE |
Andrew Scull | 8fbd7ee | 2019-04-05 14:36:34 +0100 | [diff] [blame] | 76 | memmove(dest, src, count); |
Andrew Scull | 8fbd7ee | 2019-04-05 14:36:34 +0100 | [diff] [blame] | 77 | } |
Andrew Scull | 55baca6 | 2019-04-05 14:56:20 +0100 | [diff] [blame] | 78 | |
David Brazdil | 2246abe | 2019-08-23 12:21:06 +0100 | [diff] [blame] | 79 | /** |
David Brazdil | 74e9c3b | 2019-08-28 11:09:08 +0100 | [diff] [blame] | 80 | * Finds the first occurrence of character `ch` in the first `count` bytes of |
| 81 | * memory pointed to by `ptr`. |
| 82 | * |
| 83 | * Returns NULL if `ch` is not found. |
| 84 | * Panics if `ptr` is NULL (undefined behaviour). |
| 85 | */ |
| 86 | void *memchr(const void *ptr, int ch, size_t count) |
| 87 | { |
| 88 | size_t i; |
| 89 | const unsigned char *p = (const unsigned char *)ptr; |
| 90 | |
| 91 | CHECK(ptr != NULL); |
| 92 | |
| 93 | /* Iterate over at most `strsz` characters of `str`. */ |
| 94 | for (i = 0; i < count; ++i) { |
| 95 | if (p[i] == (unsigned char)ch) { |
| 96 | return (void *)(&p[i]); |
| 97 | } |
| 98 | } |
| 99 | |
| 100 | return NULL; |
| 101 | } |
| 102 | |
| 103 | /** |
David Brazdil | 2246abe | 2019-08-23 12:21:06 +0100 | [diff] [blame] | 104 | * Returns the length of the null-terminated byte string `str`, examining at |
| 105 | * most `strsz` bytes. |
| 106 | * |
| 107 | * If `str` is a NULL pointer, it returns zero. |
| 108 | * If a NULL character is not found, it returns `strsz`. |
| 109 | */ |
Andrew Scull | 55baca6 | 2019-04-05 14:56:20 +0100 | [diff] [blame] | 110 | size_t strnlen_s(const char *str, size_t strsz) |
| 111 | { |
Andrew Scull | 55baca6 | 2019-04-05 14:56:20 +0100 | [diff] [blame] | 112 | if (str == NULL) { |
| 113 | return 0; |
| 114 | } |
| 115 | |
David Brazdil | 2246abe | 2019-08-23 12:21:06 +0100 | [diff] [blame] | 116 | for (size_t i = 0; i < strsz; ++i) { |
| 117 | if (str[i] == '\0') { |
| 118 | return i; |
| 119 | } |
Andrew Scull | 55baca6 | 2019-04-05 14:56:20 +0100 | [diff] [blame] | 120 | } |
| 121 | |
David Brazdil | 2246abe | 2019-08-23 12:21:06 +0100 | [diff] [blame] | 122 | /* NULL character not found. */ |
| 123 | return strsz; |
Andrew Scull | 55baca6 | 2019-04-05 14:56:20 +0100 | [diff] [blame] | 124 | } |