u-boot.git/lib/string.c, branch v2024.07-rc2 Unnamed repository; edit this file 'description' to name the repository. Revert "lib: string: Fix strlcpy return value", fix callers 2023-08-08T21:05:43+00:00 Matthias Schiffer matthias.schiffer@ew.tq-group.com 2023-07-14T11:24:50+00:00 615828721abfe8c73b5103d4436402ecbf9b9897 Both the Linux kernel and libbsd agree that strlcpy() should always return strlen(src) and not include the NUL termination. The incorrect U-Boot implementation makes it impossible to check the return value for truncation, and breaks code written with the usual implementation in mind (for example, fdtdec_add_reserved_memory() was subtly broken). I reviewed all callers of strlcpy() and strlcat() and fixed them according to my understanding of the intended function. This reverts commit d3358ecc54be0bc3b4dd11f7a63eab0a2842f772 and adds related fixes. Fixes: d3358ecc54be ("lib: string: Fix strlcpy return value") Signed-off-by: Matthias Schiffer <matthias.schiffer@ew.tq-group.com> Reviewed-by: Simon Glass <sjg@chromium.org> Reviewed-by: Sean Anderson <sean.anderson@seco.com> 
Both the Linux kernel and libbsd agree that strlcpy() should always
return strlen(src) and not include the NUL termination. The incorrect
U-Boot implementation makes it impossible to check the return value for
truncation, and breaks code written with the usual implementation in
mind (for example, fdtdec_add_reserved_memory() was subtly broken).

I reviewed all callers of strlcpy() and strlcat() and fixed them
according to my understanding of the intended function.

This reverts commit d3358ecc54be0bc3b4dd11f7a63eab0a2842f772 and adds
related fixes.

Fixes: d3358ecc54be ("lib: string: Fix strlcpy return value")
Signed-off-by: Matthias Schiffer <matthias.schiffer@ew.tq-group.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Sean Anderson <sean.anderson@seco.com>
lib: fix buggy strcmp and strncmp 2022-10-27T13:10:08+00:00 Rasmus Villemoes rasmus.villemoes@prevas.dk 2022-10-05T09:09:25+00:00 fb63362c63c7aeacb1dfde330ee8f692da7972f9 There are two problems with both strcmp and strncmp: (1) The C standard is clear that the contents should be compared as "unsigned char": The sign of a nonzero value returned by the comparison functions memcmp, strcmp, and strncmp is determined by the sign of the difference between the values of the first pair of characters (both interpreted as unsigned char) that differ in the objects being compared. (2) The difference between two char (or unsigned char) values can range from -255 to +255; so that's (due to integer promotion) the range of values we could get in the *cs-*ct expressions, but when that is then shoe-horned into an 8-bit quantity the sign may of course change. The impact is somewhat limited by the way these functions are used in practice: - Most of the time, one is only interested in equality (or for strncmp, "starts with"), and the existing functions do correctly return 0 if and only if the strings are equal [for strncmp, up to the given bound]. - Also most of the time, the strings being compared only consist of ASCII characters, i.e. have values in the range [0, 127], and in that case it doesn't matter if they are interpreted as signed or unsigned char, and the possible difference range is bounded to [-127, 127] which does fit the signed char. For size, one could implement strcmp() in terms of strncmp() - just make it "return strncmp(a, b, (size_t)-1);". However, performance of strcmp() does matter somewhat, since it is used all over when parsing and matching DT nodes and properties, so let's find some other place to save those ~30 bytes. Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk> 
There are two problems with both strcmp and strncmp:

(1) The C standard is clear that the contents should be compared as
"unsigned char":

  The sign of a nonzero value returned by the comparison functions
  memcmp, strcmp, and strncmp is determined by the sign of the
  difference between the values of the first pair of characters (both
  interpreted as unsigned char) that differ in the objects being
  compared.

(2) The difference between two char (or unsigned char) values can
range from -255 to +255; so that's (due to integer promotion) the
range of values we could get in the *cs-*ct expressions, but when that
is then shoe-horned into an 8-bit quantity the sign may of course
change.

The impact is somewhat limited by the way these functions
are used in practice:

- Most of the time, one is only interested in equality (or for
  strncmp, "starts with"), and the existing functions do correctly
  return 0 if and only if the strings are equal [for strncmp, up to
  the given bound].

- Also most of the time, the strings being compared only consist of
  ASCII characters, i.e. have values in the range [0, 127], and in
  that case it doesn't matter if they are interpreted as signed or
  unsigned char, and the possible difference range is bounded to
  [-127, 127] which does fit the signed char.

For size, one could implement strcmp() in terms of strncmp() - just
make it "return strncmp(a, b, (size_t)-1);". However, performance of
strcmp() does matter somewhat, since it is used all over when parsing
and matching DT nodes and properties, so let's find some other place
to save those ~30 bytes.

Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
lib: Add memdup() 2021-10-08T19:53:26+00:00 Simon Glass sjg@chromium.org 2021-09-25T13:03:06+00:00 930c887e0fb88dcf1907f268960330c17999b5a3 Add a function to duplicate a memory region, a little like strdup(). Signed-off-by: Simon Glass <sjg@chromium.org> 
Add a function to duplicate a memory region, a little like strdup().

Signed-off-by: Simon Glass <sjg@chromium.org>
string: make memcpy(), memset(), memcmp() and memmove() visible for LTO 2021-05-24T18:21:30+00:00 Marek Behún marek.behun@nic.cz 2021-05-20T11:23:55+00:00 46c3e29219e445de150e60e371cfec75f6fee524 It seems that sometimes (happening on ARM64, for example with turris_mox_defconfig) GCC, when linking with LTO, changes the symbol names of some functions, for example lib/string.c's memcpy() function to memcpy.isra.0. This is a problem however when GCC for a code such as this: struct some_struct *info = get_some_struct(); struct some struct tmpinfo; tmpinfo = *info; emits a call to memcpy() by builtin behaviour, to copy *info to tmpinfo. This then results in the following linking error: .../lz4.c:93: undefined reference to `memcpy' .../uuid.c:206: more undefined references to `memcpy' follow GCC's documentation says this about -nodefaultlibs option: The compiler may generate calls to "memcmp", "memset", "memcpy" and "memmove". These entries are usually resolved by entries in libc. These entry points should be supplied through some other mechanism when this option is specified. Make these functions visible by using the __used macro to avoid this error. Signed-off-by: Marek Behún <marek.behun@nic.cz> Reviewed-by: Simon Glass <sjg@chromium.org> 
It seems that sometimes (happening on ARM64, for example with
turris_mox_defconfig) GCC, when linking with LTO, changes the symbol
names of some functions, for example lib/string.c's memcpy() function to
memcpy.isra.0.

This is a problem however when GCC for a code such as this:
	struct some_struct *info = get_some_struct();
	struct some struct tmpinfo;
	tmpinfo = *info;
emits a call to memcpy() by builtin behaviour, to copy *info to tmpinfo.

This then results in the following linking error:
  .../lz4.c:93: undefined reference to `memcpy'
  .../uuid.c:206: more undefined references to `memcpy' follow

GCC's documentation says this about -nodefaultlibs option:
  The compiler may generate calls to "memcmp", "memset", "memcpy" and
  "memmove".  These entries are usually resolved by entries in libc.
  These entry points should be supplied through some other mechanism
  when this option is specified.

Make these functions visible by using the __used macro to avoid this
error.

Signed-off-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Simon Glass <sjg@chromium.org>
lib: string: Implement strlcat 2021-04-12T21:44:55+00:00 Sean Anderson seanga2@gmail.com 2021-03-11T05:15:42+00:00 9af869c4145a668b6db9accdea554eb57895a25e This introduces strlcat, which provides a safer interface than strncat. It never copies more than its size bytes, including the terminating nul. In addition, it never reads past dest[size - 1], even if dest is not nul-terminated. This also removes the stub for dwc3 now that we have a proper implementation. Signed-off-by: Sean Anderson <seanga2@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org> 
This introduces strlcat, which provides a safer interface than strncat. It
never copies more than its size bytes, including the terminating nul. In
addition, it never reads past dest[size - 1], even if dest is not
nul-terminated.

This also removes the stub for dwc3 now that we have a proper
implementation.

Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
lib: string: Fix strlcpy return value 2021-04-12T21:44:55+00:00 Sean Anderson seanga2@gmail.com 2021-03-11T05:15:41+00:00 d3358ecc54be0bc3b4dd11f7a63eab0a2842f772 strlcpy should always return the number of bytes copied. We were accidentally missing the nul-terminator. We also always used to return a non-zero value, even if we did not actually copy anything. Fixes: 23cd138503 ("Integrate USB gadget layer and USB CDC driver layer") Signed-off-by: Sean Anderson <seanga2@gmail.com> 
strlcpy should always return the number of bytes copied. We were
accidentally missing the nul-terminator. We also always used to return a
non-zero value, even if we did not actually copy anything.

Fixes: 23cd138503 ("Integrate USB gadget layer and USB CDC driver layer")

Signed-off-by: Sean Anderson <seanga2@gmail.com>
string: Use memcpy() within memmove() when we can 2021-01-16T19:49:09+00:00 Patrick Delaunay patrick.delaunay@foss.st.com 2020-12-11T13:59:23+00:00 976a68a20d366e6497253bad9fe0d7a8e42a611c A common use of memmove() can be handled by memcpy(). Also memcpy() includes an optimization for large sizes: it copies a word at a time. So we can get a speed-up by calling memcpy() to handle our move in this case. Update memmove() to call also memcpy() if the source don't overlap the destination (src + count <= dest). Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com> 
A common use of memmove() can be handled by memcpy(). Also memcpy()
includes an optimization for large sizes: it copies a word at a time. So
we can get a speed-up by calling memcpy() to handle our move in this case.

Update memmove() to call also memcpy() if the source don't overlap
the destination (src + count <= dest).

Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
string: Allow arch override of strndup() also 2020-02-06T02:33:46+00:00 Simon Glass sjg@chromium.org 2020-02-03T14:36:00+00:00 1ea1c7d80f9dd7a4827cddf25fba71d0034510e4 At present architectures can override strdup() but not strndup(). Use the same option for both. Signed-off-by: Simon Glass <sjg@chromium.org> 
At present architectures can override strdup() but not strndup(). Use
the same option for both.

Signed-off-by: Simon Glass <sjg@chromium.org>
lib: Implement strndup() 2019-06-05T16:16:32+00:00 Thierry Reding treding@nvidia.com 2019-04-15T09:32:14+00:00 0c4e2658e8e8489956e48a6c9842c5d21b9593fe Signed-off-by: Thierry Reding <treding@nvidia.com> Signed-off-by: Tom Warren <twarren@nvidia.com> 
Signed-off-by: Thierry Reding <treding@nvidia.com>
Signed-off-by: Tom Warren <twarren@nvidia.com>
string: Include the config header 2018-11-21T02:14:22+00:00 Simon Glass sjg@chromium.org 2018-11-06T22:21:38+00:00 96794a3eaee9bf368efe475f0a040d0e08b09dc9 At present the config header is not included in this file, but it does use a CONFIG option. Fix it. Signed-off-by: Simon Glass <sjg@chromium.org> 
At present the config header is not included in this file, but it does use
a CONFIG option. Fix it.

Signed-off-by: Simon Glass <sjg@chromium.org>