1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
|
// SPDX-License-Identifier: LGPL-2.1-or-later
/* Append a null-terminated string to another string, with length checking.
* Copyright (C) 2016 Free Software Foundation, Inc.
* This file is part of the GNU C Library.
*/
/* adapted for Quagga from glibc patch submission originally from
* Florian Weimer <fweimer@redhat.com>, 2016-05-18 */
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#include <stdint.h>
#include <string.h>
#ifndef HAVE_STRLCAT
#undef strlcat
size_t strlcat(char *__restrict dest,
const char *__restrict src, size_t destsize);
size_t strlcat(char *__restrict dest,
const char *__restrict src, size_t destsize)
{
size_t src_length = strlen(src);
/* Our implementation strlcat supports dest == NULL if size == 0
(for consistency with snprintf and strlcpy), but strnlen does
not, so we have to cover this case explicitly. */
if (destsize == 0)
return src_length;
size_t dest_length = strnlen(dest, destsize);
if (dest_length != destsize) {
/* Copy at most the remaining number of characters in the
destination buffer. Leave for the NUL terminator. */
size_t to_copy = destsize - dest_length - 1;
/* But not more than what is available in the source string. */
if (to_copy > src_length)
to_copy = src_length;
char *target = dest + dest_length;
memcpy(target, src, to_copy);
target[to_copy] = '\0';
}
/* If the sum wraps around, we have more than SIZE_MAX + 2 bytes in
the two input strings (including both null terminators). If each
byte in the address space can be assigned a unique size_t value
(which the static_assert checks), then by the pigeonhole
principle, the two input strings must overlap, which is
undefined. */
_Static_assert(sizeof(uintptr_t) == sizeof(size_t),
"theoretical maximum object size covers address space");
return dest_length + src_length;
}
#endif /* HAVE_STRLCAT */
|
