zephyr/lib/os/cbprintf_packaged.c
Krzysztof Chruściński c48d61a4b4 lib: os: cbprintf: Fix size miscalculation in cbprintf_convert
When package contained RO string positions and flag indicates that
they shall not be kept, length was miscalculated which could lead
to failures (e.g. memory corruption).

Signed-off-by: Krzysztof Chruściński <krzysztof.chruscinski@nordicsemi.no>
2023-12-28 12:18:50 +00:00

1166 lines
28 KiB
C

/*
* Copyright (c) 2021 BayLibre, SAS
*
* SPDX-License-Identifier: Apache-2.0
*/
#include <errno.h>
#include <stdarg.h>
#include <stdint.h>
#include <string.h>
#include <zephyr/toolchain.h>
#include <zephyr/linker/utils.h>
#include <zephyr/sys/cbprintf.h>
#include <sys/types.h>
#include <zephyr/sys/util.h>
#include <zephyr/sys/__assert.h>
#include <zephyr/logging/log.h>
LOG_MODULE_REGISTER(cbprintf_package, CONFIG_CBPRINTF_PACKAGE_LOG_LEVEL);
#if defined(CONFIG_CBPRINTF_PACKAGE_SUPPORT_TAGGED_ARGUMENTS) && \
!Z_C_GENERIC
#error "CONFIG_CBPRINTF_PACKAGE_SUPPORT_TAGGED_ARGUMENTS " \
"requires toolchain to support _Generic!"
#endif
/**
* @brief Check if address is in read only section.
*
* @param addr Address.
*
* @return True if address identified within read only section.
*/
static inline bool ptr_in_rodata(const char *addr)
{
#if defined(CBPRINTF_VIA_UNIT_TEST)
/* Unit test is X86 (or other host) but not using Zephyr
* linker scripts.
*/
return false;
#else
return linker_is_in_rodata(addr);
#endif
}
/*
* va_list creation
*/
#if defined(__CHECKER__)
static int cbprintf_via_va_list(cbprintf_cb out,
cbvprintf_external_formatter_func formatter,
void *ctx,
const char *fmt, void *buf)
{
return 0;
}
#elif defined(__aarch64__)
/*
* Reference:
*
* Procedure Call Standard for the ARM 64-bit Architecture
*/
struct __va_list {
void *__stack;
void *__gr_top;
void *__vr_top;
int __gr_offs;
int __vr_offs;
};
BUILD_ASSERT(sizeof(va_list) == sizeof(struct __va_list),
"architecture specific support is wrong");
static int cbprintf_via_va_list(cbprintf_cb out,
cbvprintf_external_formatter_func formatter,
void *ctx,
const char *fmt, void *buf)
{
union {
va_list ap;
struct __va_list __ap;
} u;
/* create a valid va_list with our buffer */
u.__ap.__stack = buf;
u.__ap.__gr_top = NULL;
u.__ap.__vr_top = NULL;
u.__ap.__gr_offs = 0;
u.__ap.__vr_offs = 0;
return formatter(out, ctx, fmt, u.ap);
}
#elif defined(__x86_64__)
/*
* Reference:
*
* System V Application Binary Interface
* AMD64 Architecture Processor Supplement
*/
struct __va_list {
unsigned int gp_offset;
unsigned int fp_offset;
void *overflow_arg_area;
void *reg_save_area;
};
BUILD_ASSERT(sizeof(va_list) == sizeof(struct __va_list),
"architecture specific support is wrong");
static int cbprintf_via_va_list(cbprintf_cb out,
cbvprintf_external_formatter_func formatter,
void *ctx,
const char *fmt, void *buf)
{
union {
va_list ap;
struct __va_list __ap;
} u;
/* create a valid va_list with our buffer */
u.__ap.overflow_arg_area = buf;
u.__ap.reg_save_area = NULL;
u.__ap.gp_offset = (6 * 8);
u.__ap.fp_offset = (6 * 8 + 16 * 16);
return formatter(out, ctx, fmt, u.ap);
}
#elif defined(__xtensa__)
/*
* Reference:
*
* gcc source code (gcc/config/xtensa/xtensa.c)
* xtensa_build_builtin_va_list(), xtensa_va_start(),
* xtensa_gimplify_va_arg_expr()
*/
struct __va_list {
void *__va_stk;
void *__va_reg;
int __va_ndx;
};
BUILD_ASSERT(sizeof(va_list) == sizeof(struct __va_list),
"architecture specific support is wrong");
static int cbprintf_via_va_list(cbprintf_cb out,
cbvprintf_external_formatter_func formatter,
void *ctx,
const char *fmt, void *buf)
{
union {
va_list ap;
struct __va_list __ap;
} u;
/* create a valid va_list with our buffer */
u.__ap.__va_stk = (char *)buf - 32;
u.__ap.__va_reg = NULL;
u.__ap.__va_ndx = (6 + 2) * 4;
return formatter(out, ctx, fmt, u.ap);
}
#else
/*
* Default implementation shared by many architectures like
* 32-bit ARM and Intel.
*
* We assume va_list is a simple pointer.
*/
BUILD_ASSERT(sizeof(va_list) == sizeof(void *),
"architecture specific support is needed");
static int cbprintf_via_va_list(cbprintf_cb out,
cbvprintf_external_formatter_func formatter,
void *ctx,
const char *fmt, void *buf)
{
union {
va_list ap;
void *ptr;
} u;
u.ptr = buf;
return formatter(out, ctx, fmt, u.ap);
}
#endif
static size_t get_package_len(void *packaged)
{
__ASSERT_NO_MSG(packaged != NULL);
uint8_t *buf = packaged;
uint8_t *start = buf;
unsigned int args_size, s_nbr, ros_nbr;
args_size = buf[0] * sizeof(int);
s_nbr = buf[1];
ros_nbr = buf[2];
/* Move beyond args. */
buf += args_size;
/* Move beyond read-only string indexes array. */
buf += ros_nbr;
/* Move beyond strings appended to the package. */
for (unsigned int i = 0; i < s_nbr; i++) {
buf++;
buf += strlen((const char *)buf) + 1;
}
return (size_t)(uintptr_t)(buf - start);
}
static int append_string(cbprintf_convert_cb cb, void *ctx, const char *str, uint16_t strl)
{
if (cb == NULL) {
return 1 + strlen(str);
}
strl = strl > 0 ? strl : strlen(str) + 1;
return cb(str, strl, ctx);
}
int cbvprintf_package(void *packaged, size_t len, uint32_t flags,
const char *fmt, va_list ap)
{
/*
* Internally, a byte is used to store location of a string argument within a
* package. MSB bit is set if string is read-only so effectively 7 bits are
* used for index, which should be enough.
*/
#define STR_POS_RO_FLAG BIT(7)
#define STR_POS_MASK BIT_MASK(7)
/* Buffer offset abstraction for better code clarity. */
#define BUF_OFFSET ((uintptr_t)buf - (uintptr_t)buf0)
uint8_t *buf0 = packaged; /* buffer start (may be NULL) */
uint8_t *buf = buf0; /* current buffer position */
unsigned int size; /* current argument's size */
unsigned int align; /* current argument's required alignment */
uint8_t str_ptr_pos[16]; /* string pointer positions */
uint8_t str_ptr_arg[16]; /* string pointer argument index */
unsigned int s_idx = 0; /* index into str_ptr_pos[] */
unsigned int s_rw_cnt = 0; /* number of rw strings */
unsigned int s_ro_cnt = 0; /* number of ro strings */
int arg_idx = -1; /* Argument index. Preincremented thus starting from -1.*/
unsigned int i;
const char *s;
bool parsing = false;
/* Flag indicates that rw strings are stored as array with positions,
* instead of appending them to the package.
*/
bool rws_pos_en = !!(flags & CBPRINTF_PACKAGE_ADD_RW_STR_POS);
/* Get number of first read only strings present in the string.
* There is always at least 1 (fmt) but flags can indicate more, e.g
* fixed prefix appended to all strings.
*/
int fros_cnt = 1 + Z_CBPRINTF_PACKAGE_FIRST_RO_STR_CNT_GET(flags);
bool is_str_arg = false;
union cbprintf_package_hdr *pkg_hdr = packaged;
/* Buffer must be aligned at least to size of a pointer. */
if ((uintptr_t)packaged % sizeof(void *)) {
return -EFAULT;
}
#if defined(__xtensa__)
/* Xtensa requires package to be 16 bytes aligned. */
if ((uintptr_t)packaged % CBPRINTF_PACKAGE_ALIGNMENT) {
return -EFAULT;
}
#endif
/*
* Make room to store the arg list size, the number of
* appended writable strings and the number of appended
* read-only strings. They both occupy 1 byte each.
* Skip a byte. Then a uint32_t to store flags used to
* create the package.
*
* Given the next value to store is the format string pointer
* which is guaranteed to be at least 4 bytes, we just reserve
* multiple of pointer size for the above to preserve alignment.
*
* Refer to union cbprintf_package_hdr for more details.
*/
buf += sizeof(*pkg_hdr);
/*
* When buf0 is NULL we don't store anything.
* Instead we count the needed space to store the data.
* In this case, incoming len argument indicates the anticipated
* buffer "misalignment" offset.
*/
if (buf0 == NULL) {
buf += len % CBPRINTF_PACKAGE_ALIGNMENT;
/*
* The space to store the data is represented by both the
* buffer offset as well as the extra string data to be
* appended. When only figuring out the needed space, we
* don't append anything. Instead, we reuse the len variable
* to sum the size of that data.
*
* Also, we subtract any initial misalignment offset from
* the total as this won't be part of the buffer. To avoid
* going negative with an unsigned variable, we add an offset
* (CBPRINTF_PACKAGE_ALIGNMENT) that will be removed before
* returning.
*/
len = CBPRINTF_PACKAGE_ALIGNMENT - (len % CBPRINTF_PACKAGE_ALIGNMENT);
}
/*
* Otherwise we must ensure we can store at least
* the pointer to the format string itself.
*/
if (buf0 != NULL && BUF_OFFSET + sizeof(char *) > len) {
return -ENOSPC;
}
/*
* Then process the format string itself.
* Here we branch directly into the code processing strings
* which is in the middle of the following while() loop. That's the
* reason for the post-decrement on fmt as it will be incremented
* prior to the next (actually first) round of that loop.
*/
s = fmt--;
align = VA_STACK_ALIGN(char *);
size = sizeof(char *);
goto process_string;
while (true) {
#if defined(CONFIG_CBPRINTF_PACKAGE_SUPPORT_TAGGED_ARGUMENTS)
if ((flags & CBPRINTF_PACKAGE_ARGS_ARE_TAGGED)
== CBPRINTF_PACKAGE_ARGS_ARE_TAGGED) {
int arg_tag = va_arg(ap, int);
/*
* Here we copy the tag over to the package.
*/
align = VA_STACK_ALIGN(int);
size = sizeof(int);
/* align destination buffer location */
buf = (void *)ROUND_UP(buf, align);
/* make sure the data fits */
if (buf0 != NULL && BUF_OFFSET + size > len) {
return -ENOSPC;
}
if (buf0 != NULL) {
*(int *)buf = arg_tag;
}
buf += sizeof(int);
if (arg_tag == CBPRINTF_PACKAGE_ARG_TYPE_END) {
/* End of arguments */
break;
}
/*
* There are lots of __fallthrough here since
* quite a few of the data types have the same
* storage size.
*/
switch (arg_tag) {
case CBPRINTF_PACKAGE_ARG_TYPE_CHAR:
__fallthrough;
case CBPRINTF_PACKAGE_ARG_TYPE_UNSIGNED_CHAR:
__fallthrough;
case CBPRINTF_PACKAGE_ARG_TYPE_SHORT:
__fallthrough;
case CBPRINTF_PACKAGE_ARG_TYPE_UNSIGNED_SHORT:
__fallthrough;
case CBPRINTF_PACKAGE_ARG_TYPE_INT:
__fallthrough;
case CBPRINTF_PACKAGE_ARG_TYPE_UNSIGNED_INT:
align = VA_STACK_ALIGN(int);
size = sizeof(int);
break;
case CBPRINTF_PACKAGE_ARG_TYPE_LONG:
__fallthrough;
case CBPRINTF_PACKAGE_ARG_TYPE_UNSIGNED_LONG:
align = VA_STACK_ALIGN(long);
size = sizeof(long);
break;
case CBPRINTF_PACKAGE_ARG_TYPE_LONG_LONG:
__fallthrough;
case CBPRINTF_PACKAGE_ARG_TYPE_UNSIGNED_LONG_LONG:
align = VA_STACK_ALIGN(long long);
size = sizeof(long long);
break;
case CBPRINTF_PACKAGE_ARG_TYPE_FLOAT:
__fallthrough;
case CBPRINTF_PACKAGE_ARG_TYPE_DOUBLE:
__fallthrough;
case CBPRINTF_PACKAGE_ARG_TYPE_LONG_DOUBLE: {
/*
* Handle floats separately as they may be
* held in a different register set.
*/
union { double d; long double ld; } v;
if (arg_tag == CBPRINTF_PACKAGE_ARG_TYPE_LONG_DOUBLE) {
v.ld = va_arg(ap, long double);
align = VA_STACK_ALIGN(long double);
size = sizeof(long double);
} else {
v.d = va_arg(ap, double);
align = VA_STACK_ALIGN(double);
size = sizeof(double);
}
/* align destination buffer location */
buf = (void *) ROUND_UP(buf, align);
if (buf0 != NULL) {
/* make sure it fits */
if (BUF_OFFSET + size > len) {
return -ENOSPC;
}
if (Z_CBPRINTF_VA_STACK_LL_DBL_MEMCPY) {
memcpy(buf, &v, size);
} else if (fmt[-1] == 'L') {
*(long double *)buf = v.ld;
} else {
*(double *)buf = v.d;
}
}
buf += size;
parsing = false;
continue;
}
case CBPRINTF_PACKAGE_ARG_TYPE_PTR_CHAR:
is_str_arg = true;
__fallthrough;
case CBPRINTF_PACKAGE_ARG_TYPE_PTR_VOID:
align = VA_STACK_ALIGN(void *);
size = sizeof(void *);
break;
default:
return -EINVAL;
}
} else
#endif /* CONFIG_CBPRINTF_PACKAGE_SUPPORT_TAGGED_ARGUMENTS */
{
/* Scan the format string */
if (*++fmt == '\0') {
break;
}
if (!parsing) {
if (*fmt == '%') {
parsing = true;
arg_idx++;
align = VA_STACK_ALIGN(int);
size = sizeof(int);
}
continue;
}
switch (*fmt) {
case '%':
parsing = false;
arg_idx--;
continue;
case '#':
case '-':
case '+':
case ' ':
case '0':
case '1':
case '2':
case '3':
case '4':
case '5':
case '6':
case '7':
case '8':
case '9':
case '.':
case 'h':
case 'l':
case 'L':
continue;
case '*':
break;
case 'j':
align = VA_STACK_ALIGN(intmax_t);
size = sizeof(intmax_t);
continue;
case 'z':
align = VA_STACK_ALIGN(size_t);
size = sizeof(size_t);
continue;
case 't':
align = VA_STACK_ALIGN(ptrdiff_t);
size = sizeof(ptrdiff_t);
continue;
case 'c':
case 'd':
case 'i':
case 'o':
case 'u':
case 'x':
case 'X':
if (fmt[-1] == 'l') {
if (fmt[-2] == 'l') {
align = VA_STACK_ALIGN(long long);
size = sizeof(long long);
} else {
align = VA_STACK_ALIGN(long);
size = sizeof(long);
}
}
parsing = false;
break;
case 's':
is_str_arg = true;
__fallthrough;
case 'p':
case 'n':
align = VA_STACK_ALIGN(void *);
size = sizeof(void *);
parsing = false;
break;
case 'a':
case 'A':
case 'e':
case 'E':
case 'f':
case 'F':
case 'g':
case 'G': {
/*
* Handle floats separately as they may be
* held in a different register set.
*/
union { double d; long double ld; } v;
if (fmt[-1] == 'L') {
v.ld = va_arg(ap, long double);
align = VA_STACK_ALIGN(long double);
size = sizeof(long double);
} else {
v.d = va_arg(ap, double);
align = VA_STACK_ALIGN(double);
size = sizeof(double);
}
/* align destination buffer location */
buf = (void *) ROUND_UP(buf, align);
if (buf0 != NULL) {
/* make sure it fits */
if (BUF_OFFSET + size > len) {
return -ENOSPC;
}
if (Z_CBPRINTF_VA_STACK_LL_DBL_MEMCPY) {
memcpy(buf, &v, size);
} else if (fmt[-1] == 'L') {
*(long double *)buf = v.ld;
} else {
*(double *)buf = v.d;
}
}
buf += size;
parsing = false;
continue;
}
default:
parsing = false;
continue;
}
}
/* align destination buffer location */
buf = (void *) ROUND_UP(buf, align);
/* make sure the data fits */
if (buf0 != NULL && BUF_OFFSET + size > len) {
return -ENOSPC;
}
/* copy va_list data over to our buffer */
if (is_str_arg) {
s = va_arg(ap, char *);
process_string:
if (buf0 != NULL) {
*(const char **)buf = s;
}
bool is_ro = (fros_cnt-- > 0) ? true : ptr_in_rodata(s);
bool do_ro = !!(flags & CBPRINTF_PACKAGE_ADD_RO_STR_POS);
if (is_ro && !do_ro) {
/* nothing to do */
} else {
uint32_t s_ptr_idx = BUF_OFFSET / sizeof(int);
/*
* In the do_ro case we must consider
* room for possible STR_POS_RO_FLAG.
* Otherwise the index range is 8 bits
* and any overflow is caught later.
*/
if (do_ro && s_ptr_idx > STR_POS_MASK) {
__ASSERT(false, "String with too many arguments");
return -EINVAL;
}
if (s_idx >= ARRAY_SIZE(str_ptr_pos)) {
__ASSERT(false, "str_ptr_pos[] too small");
return -EINVAL;
}
if (buf0 != NULL) {
/*
* Remember string pointer location.
* We will append non-ro strings later.
*/
str_ptr_pos[s_idx] = s_ptr_idx;
str_ptr_arg[s_idx] = arg_idx;
if (is_ro) {
/* flag read-only string. */
str_ptr_pos[s_idx] |= STR_POS_RO_FLAG;
s_ro_cnt++;
} else {
s_rw_cnt++;
}
} else if (is_ro) {
/*
* Add only pointer position prefix
* when counting strings.
*/
len += 1;
} else if (rws_pos_en) {
/*
* Add only pointer position prefix and
* argument index when counting strings.
*/
len += 2;
} else {
/*
* Add the string length, the final '\0'
* and size of the pointer position prefix.
*/
len += strlen(s) + 1 + 1;
}
s_idx++;
}
buf += sizeof(char *);
is_str_arg = false;
} else if (size == sizeof(int)) {
int v = va_arg(ap, int);
if (buf0 != NULL) {
*(int *)buf = v;
}
buf += sizeof(int);
} else if (size == sizeof(long)) {
long v = va_arg(ap, long);
if (buf0 != NULL) {
*(long *)buf = v;
}
buf += sizeof(long);
} else if (size == sizeof(long long)) {
long long v = va_arg(ap, long long);
if (buf0 != NULL) {
if (Z_CBPRINTF_VA_STACK_LL_DBL_MEMCPY) {
memcpy(buf, &v, sizeof(long long));
} else {
*(long long *)buf = v;
}
}
buf += sizeof(long long);
} else {
__ASSERT(false, "unexpected size %u", size);
return -EINVAL;
}
}
/*
* We remember the size of the argument list as a multiple of
* sizeof(int) and limit it to a 8-bit field. That means 1020 bytes
* worth of va_list, or about 127 arguments on a 64-bit system
* (twice that on 32-bit systems). That ought to be good enough.
*/
if (BUF_OFFSET / sizeof(int) > 255) {
__ASSERT(false, "too many format args");
return -EINVAL;
}
/*
* If all we wanted was to count required buffer size
* then we have it now.
*/
if (buf0 == NULL) {
return BUF_OFFSET + len - CBPRINTF_PACKAGE_ALIGNMENT;
}
/* Clear our buffer header. We made room for it initially. */
*(char **)buf0 = NULL;
/* Record end of argument list. */
pkg_hdr->desc.len = BUF_OFFSET / sizeof(int);
if (rws_pos_en) {
/* Strings are appended, update location counter. */
pkg_hdr->desc.str_cnt = 0;
pkg_hdr->desc.rw_str_cnt = s_rw_cnt;
} else {
/* Strings are appended, update append counter. */
pkg_hdr->desc.str_cnt = s_rw_cnt;
pkg_hdr->desc.rw_str_cnt = 0;
}
pkg_hdr->desc.ro_str_cnt = s_ro_cnt;
#ifdef CONFIG_CBPRINTF_PACKAGE_HEADER_STORE_CREATION_FLAGS
pkg_hdr->desc.pkg_flags = flags;
#endif
/* Store strings pointer locations of read only strings. */
if (s_ro_cnt) {
for (i = 0; i < s_idx; i++) {
if (!(str_ptr_pos[i] & STR_POS_RO_FLAG)) {
continue;
}
uint8_t pos = str_ptr_pos[i] & STR_POS_MASK;
/* make sure it fits */
if (BUF_OFFSET + 1 > len) {
return -ENOSPC;
}
/* store the pointer position prefix */
*buf++ = pos;
}
}
/* Store strings prefixed by their pointer location. */
for (i = 0; i < s_idx; i++) {
/* Process only RW strings. */
if (s_ro_cnt && str_ptr_pos[i] & STR_POS_RO_FLAG) {
continue;
}
if (rws_pos_en) {
size = 0;
*buf++ = str_ptr_arg[i];
} else {
/* retrieve the string pointer */
s = *(char **)(buf0 + str_ptr_pos[i] * sizeof(int));
/* clear the in-buffer pointer (less entropy if compressed) */
*(char **)(buf0 + str_ptr_pos[i] * sizeof(int)) = NULL;
/* find the string length including terminating '\0' */
size = strlen(s) + 1;
}
/* make sure it fits */
if (BUF_OFFSET + 1 + size > len) {
return -ENOSPC;
}
/* store the pointer position prefix */
*buf++ = str_ptr_pos[i];
/* copy the string with its terminating '\0' */
memcpy(buf, s, size);
buf += size;
}
/*
* TODO: remove pointers for appended strings since they're useless.
* TODO: explore leveraging same mechanism to remove alignment padding
*/
return BUF_OFFSET;
#undef BUF_OFFSET
#undef STR_POS_RO_FLAG
#undef STR_POS_MASK
}
int cbprintf_package(void *packaged, size_t len, uint32_t flags,
const char *format, ...)
{
va_list ap;
int ret;
va_start(ap, format);
ret = cbvprintf_package(packaged, len, flags, format, ap);
va_end(ap);
return ret;
}
int cbpprintf_external(cbprintf_cb out,
cbvprintf_external_formatter_func formatter,
void *ctx, void *packaged)
{
uint8_t *buf = packaged;
struct cbprintf_package_hdr_ext *hdr = packaged;
char *s, **ps;
unsigned int i, args_size, s_nbr, ros_nbr, rws_nbr, s_idx;
if (buf == NULL) {
return -EINVAL;
}
/* Retrieve the size of the arg list and number of strings. */
args_size = hdr->hdr.desc.len * sizeof(int);
s_nbr = hdr->hdr.desc.str_cnt;
ros_nbr = hdr->hdr.desc.ro_str_cnt;
rws_nbr = hdr->hdr.desc.rw_str_cnt;
/* Locate the string table */
s = (char *)(buf + args_size + ros_nbr + 2 * rws_nbr);
/*
* Patch in string pointers.
*/
for (i = 0; i < s_nbr; i++) {
/* Locate pointer location for this string */
s_idx = *(uint8_t *)s++;
ps = (char **)(buf + s_idx * sizeof(int));
/* update the pointer with current string location */
*ps = s;
/* move to next string */
s += strlen(s) + 1;
}
/* Skip past the header */
buf += sizeof(*hdr);
/* Turn this into a va_list and print it */
return cbprintf_via_va_list(out, formatter, ctx, hdr->fmt, buf);
}
/* Function checks if character might be format specifier. Check is relaxed since
* compiler ensures that correct format specifier is used so it is enough to check
* that character is not one of potential modifier (e.g. number, dot, etc.).
*/
static bool is_fmt_spec(char c)
{
return (c >= 64) && (c <= 122);
}
/* Function checks if nth argument is a pointer (%p). Returns true is yes. Returns
* false if not or if string does not have nth argument.
*/
bool is_ptr(const char *fmt, int n)
{
char c;
bool mod = false;
int cnt = 0;
while ((c = *fmt++) != '\0') {
if (mod) {
if (cnt == n) {
if (c == 'p') {
return true;
} else if (is_fmt_spec(c)) {
return false;
}
} else if (is_fmt_spec(c)) {
cnt++;
mod = false;
}
}
if (c == '%') {
mod = !mod;
}
}
return false;
}
int cbprintf_package_convert(void *in_packaged,
size_t in_len,
cbprintf_convert_cb cb,
void *ctx,
uint32_t flags,
uint16_t *strl,
size_t strl_len)
{
__ASSERT_NO_MSG(in_packaged != NULL);
uint8_t *buf = in_packaged;
uint32_t *buf32 = in_packaged;
unsigned int args_size, ros_nbr, rws_nbr;
bool fmt_present = flags & CBPRINTF_PACKAGE_CONVERT_PTR_CHECK ? true : false;
bool rw_cpy;
bool ro_cpy;
struct cbprintf_package_desc *in_desc = in_packaged;
in_len = in_len != 0 ? in_len : get_package_len(in_packaged);
/* Get number of RO string indexes in the package and check if copying
* includes appending those strings.
*/
ros_nbr = in_desc->ro_str_cnt;
ro_cpy = ros_nbr &&
(flags & CBPRINTF_PACKAGE_CONVERT_RO_STR) == CBPRINTF_PACKAGE_CONVERT_RO_STR;
/* Get number of RW string indexes in the package and check if copying
* includes appending those strings.
*/
rws_nbr = in_desc->rw_str_cnt;
rw_cpy = rws_nbr > 0 &&
(flags & CBPRINTF_PACKAGE_CONVERT_RW_STR) == CBPRINTF_PACKAGE_CONVERT_RW_STR;
/* If flags are not set or appending request without rw string indexes
* present is chosen, just do a simple copy (or length calculation).
* Assuming that it is the most common case.
*/
if (!rw_cpy && !ro_cpy) {
if (cb) {
cb(in_packaged, in_len, ctx);
}
return in_len;
}
/* If we got here, it means that coping will be more complex and will be
* done with strings appending.
* Retrieve the size of the arg list.
*/
args_size = in_desc->len * sizeof(int);
int out_len;
/* Pointer to array with string locations. Array starts with read-only
* string locations.
*/
const char *fmt = *(const char **)(buf + sizeof(void *));
uint8_t *str_pos = &buf[args_size];
size_t strl_cnt = 0;
/* If null destination, just calculate output length. */
if (cb == NULL) {
out_len = (int)in_len;
if (ro_cpy) {
for (unsigned int i = 0; i < ros_nbr; i++) {
const char *str = *(const char **)&buf32[*str_pos];
int len = append_string(cb, NULL, str, 0);
/* If possible store calculated string length. */
if (strl && strl_cnt < strl_len) {
strl[strl_cnt++] = (uint16_t)len;
}
out_len += len;
str_pos++;
}
} else {
str_pos += ros_nbr;
}
bool drop_ro_str_pos = !(flags &
(CBPRINTF_PACKAGE_CONVERT_KEEP_RO_STR |
CBPRINTF_PACKAGE_CONVERT_RO_STR));
/* Handle RW strings. */
for (unsigned int i = 0; i < rws_nbr; i++) {
uint8_t arg_idx = *str_pos++;
uint8_t arg_pos = *str_pos++;
const char *str = *(const char **)&buf32[arg_pos];
bool is_ro = ptr_in_rodata(str);
int len;
if (IS_ENABLED(CONFIG_CBPRINTF_CONVERT_CHECK_PTR) &&
fmt_present && is_ptr(fmt, arg_idx)) {
LOG_WRN("(unsigned) char * used for %%p argument. "
"It's recommended to cast it to void * because "
"it may cause misbehavior in certain "
"configurations. String:\"%s\" argument:%d", fmt, arg_idx);
/* Since location is being dropped, decrement
* output length by 2 (argument index + position)
*/
out_len -= 2;
continue;
}
if (is_ro) {
if (flags & CBPRINTF_PACKAGE_CONVERT_RO_STR) {
goto calculate_string_length;
} else {
out_len -= drop_ro_str_pos ? 2 : 1;
}
} else if (flags & CBPRINTF_PACKAGE_CONVERT_RW_STR) {
calculate_string_length:
len = append_string(cb, NULL, str, 0);
/* If possible store calculated string length. */
if (strl && strl_cnt < strl_len) {
strl[strl_cnt++] = (uint16_t)len;
}
/* string length decremented by 1 because argument
* index is dropped.
*/
out_len += (len - 1);
}
}
return out_len;
}
struct cbprintf_package_desc out_desc;
/* At least one is copied in. */
uint8_t cpy_str_pos[16];
/* Up to one will be kept since if both types are kept it returns earlier. */
uint8_t keep_str_pos[16];
uint8_t scpy_cnt;
uint8_t keep_cnt;
uint8_t *dst;
int rv;
/* If read-only strings shall be appended to the output package copy
* their indexes to the local array, otherwise indicate that indexes
* shall remain in the output package.
*/
if (ro_cpy) {
scpy_cnt = ros_nbr;
keep_cnt = 0;
dst = cpy_str_pos;
} else if (ros_nbr && flags & CBPRINTF_PACKAGE_CONVERT_KEEP_RO_STR) {
scpy_cnt = 0;
keep_cnt = ros_nbr;
dst = keep_str_pos;
} else {
scpy_cnt = 0;
keep_cnt = 0;
dst = NULL;
}
if (dst) {
memcpy(dst, str_pos, ros_nbr);
}
str_pos += ros_nbr;
/* Go through read-write strings and identify which shall be appended.
* Note that there may be read-only strings there. Use address evaluation
* to determine if strings is read-only.
*/
for (unsigned int i = 0; i < rws_nbr; i++) {
uint8_t arg_idx = *str_pos++;
uint8_t arg_pos = *str_pos++;
const char *str = *(const char **)&buf32[arg_pos];
bool is_ro = ptr_in_rodata(str);
if (IS_ENABLED(CONFIG_CBPRINTF_CONVERT_CHECK_PTR) &&
fmt_present && is_ptr(fmt, arg_idx)) {
continue;
}
if (is_ro) {
if (flags & CBPRINTF_PACKAGE_CONVERT_RO_STR) {
__ASSERT_NO_MSG(scpy_cnt < sizeof(cpy_str_pos));
cpy_str_pos[scpy_cnt++] = arg_pos;
} else if (flags & CBPRINTF_PACKAGE_CONVERT_KEEP_RO_STR) {
__ASSERT_NO_MSG(keep_cnt < sizeof(keep_str_pos));
keep_str_pos[keep_cnt++] = arg_pos;
} else {
/* Drop information about ro_str location. */
}
} else {
if (flags & CBPRINTF_PACKAGE_CONVERT_RW_STR) {
__ASSERT_NO_MSG(scpy_cnt < sizeof(cpy_str_pos));
cpy_str_pos[scpy_cnt++] = arg_pos;
} else {
__ASSERT_NO_MSG(keep_cnt < sizeof(keep_str_pos));
keep_str_pos[keep_cnt++] = arg_idx;
keep_str_pos[keep_cnt++] = arg_pos;
}
}
}
/* Set amount of strings appended to the package. */
out_desc.len = in_desc->len;
out_desc.str_cnt = in_desc->str_cnt + scpy_cnt;
out_desc.rw_str_cnt = (flags & CBPRINTF_PACKAGE_CONVERT_RW_STR) ? 0 : (keep_cnt / 2);
out_desc.ro_str_cnt = (flags & CBPRINTF_PACKAGE_CONVERT_RO_STR) ? 0 :
((flags & CBPRINTF_PACKAGE_CONVERT_KEEP_RO_STR) ? keep_cnt : 0);
/* Temporary overwrite input descriptor to allow bulk transfer */
struct cbprintf_package_desc in_desc_backup = *in_desc;
*in_desc = out_desc;
/* Copy package header and arguments. */
rv = cb(in_packaged, args_size, ctx);
if (rv < 0) {
return rv;
}
out_len = rv;
/* Restore input descriptor. */
*in_desc = in_desc_backup;
/* Copy string positions which are kept. */
rv = cb(keep_str_pos, keep_cnt, ctx);
if (rv < 0) {
return rv;
}
out_len += rv;
/* Copy appended strings from source package to destination. */
size_t strs_len = in_len - (args_size + ros_nbr + 2 * rws_nbr);
rv = cb(str_pos, strs_len, ctx);
if (rv < 0) {
return rv;
}
out_len += rv;
/* Append strings */
for (unsigned int i = 0; i < scpy_cnt; i++) {
uint8_t loc = cpy_str_pos[i];
const char *str = *(const char **)&buf32[loc];
uint16_t str_len = strl ? strl[i] : 0;
rv = cb(&loc, 1, ctx);
if (rv < 0) {
return rv;
}
out_len += rv;
rv = append_string(cb, ctx, str, str_len);
if (rv < 0) {
return rv;
}
out_len += rv;
}
/* Empty call (can be interpreted as flushing) */
(void)cb(NULL, 0, ctx);
return out_len;
}