Age | Commit message (Collapse) | Author | Files | Lines |
|
Given n equals to the maximum number of bytes to copy from src in the API,
or the rough estimate strlen of src, strncpy_s_inline should not copy more
than the number of bytes, computed by strlen(src), to dst if n is greater than
strlen(src). The number of bytes to copy is computed by strnlen(src,n), not n.
Change-Id: I088b46125d9776962750e121f1fbf441952efc2b
Signed-off-by: Steven <sluong@cisco.com>
|
|
Let m = user estimate of the (max) src string length, low = smaller
address of (src, dst), hi = larger address (src, dst).
if (low + (m - 1) >= hi), we have a *potential* overlapping copy which
is not allowed. Before we declare overlap - and return an error -
retry the check with m = actual src string length.
The resulting "test string" failure affected aarch64 (only) because of
differences in test code stack variable placement / alignment.
Change-Id: I2931d1ce2c61af3d3880075b033d2a4c4e421f09
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Add memcmp_s, strcmp_s, strncmp_s, strcpy_s, strncpy_s, strcat_s, strncat_s,
strtok_s, strnlen_s, and strstr_s C11 safe string API. For migrating extant
unsafe API, add also the corresponding macro version of each safe API,
clib_memcmp, clib_strcmp, etc.
In general, the benefits of the safe string APIs are to provide null pointer
checks, add additional argument to specify the string length of the passed
string rather than relying on the null terminated character, and src/dest
overlap checking for the the string copy operations.
The macro version of the API takes the same number of arguments as the unsafe
API to provide easy migration. However, it does not usually provide the full
aformentioned benefits. In some cases, it is necessary to move to the safe
API rather than using the macro in order to avoid some unpredictable problems
such as accessing memory beyond what it is intended due to the lack of the
passed string length.
dbarach: add a "make test" vector, and a doxygen file header cookie.
Change-Id: I5cd79b8928dcf76a79bf3f0b8cbc1a8f24942f4c
Signed-off-by: Steven <sluong@cisco.com>
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Change-Id: Id4f37f5d4a03160572954a416efa1ef9b3d79ad1
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Change-Id: Ied34720ca5a6e6e717eea4e86003e854031b6eab
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Change-Id: Ife2a83b9d7f733f36e0e786ef79edcd394d7c0f9
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
only if used (VPP-1429)
Change-Id: I8afa57ecca590698d3430746968aa0a5b0070469
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: Ia4c79d560bfa1118d4683a89a1209a08c5f546b3
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: I56782652d8ef10304900cc293cfc0502689d800e
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Taken from DPDK, also AVX2 variant updated to be in sync with DPDK
version.
Change-Id: I8a42e4141a5a1a8cfbee328b07bd0c9b38a9eb05
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
It looks like different compiler versions produce different results for
expressions like "(cast) ptr + inc".
Use parenthesis to avoid such issues.
Change-Id: I93a9883bf5fc05ae462df5b004817775f0739405
Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
|
|
While my original attmept was to write this function to be portable
and work on non-x86 systems, seems that gcc-5 desn't respect aligment
attribute and issues alligned vector insutruciton which causes crash.
Change-Id: If165c8d482ac96f2b71959d326f9772b48097b48
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: If581feca0d51d0420c971801aecdf9250c671b36
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: I7b51f88292e057c6443b12224486f2d0c9f8ae23
Signed-off-by: Damjan Marion <damarion@cisco.com>
|