1.\"- 2.\" Copyright (c) 2000 Poul-Henning Kamp and Dag-Erling Co�dan Sm�rgrav 3.\" All rights reserved. 4.\" 5.\" Redistribution and use in source and binary forms, with or without 6.\" modification, are permitted provided that the following conditions 7.\" are met: 8.\" 1. Redistributions of source code must retain the above copyright 9.\" notice, this list of conditions and the following disclaimer. 10.\" 2. Redistributions in binary form must reproduce the above copyright 11.\" notice, this list of conditions and the following disclaimer in the 12.\" documentation and/or other materials provided with the distribution. 13.\" 14.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 15.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 18.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24.\" SUCH DAMAGE. 25.\" 26.\" $FreeBSD$ 27.\" 28.Dd May 17, 2009 29.Dt SBUF 9 30.Os 31.Sh NAME 32.Nm sbuf , 33.Nm sbuf_new , 34.Nm sbuf_new_auto , 35.Nm sbuf_clear , 36.Nm sbuf_setpos , 37.Nm sbuf_bcat , 38.Nm sbuf_bcopyin , 39.Nm sbuf_bcpy , 40.Nm sbuf_cat , 41.Nm sbuf_copyin , 42.Nm sbuf_cpy , 43.Nm sbuf_printf , 44.Nm sbuf_vprintf , 45.Nm sbuf_putc , 46.Nm sbuf_set_drain , 47.Nm sbuf_trim , 48.Nm sbuf_error , 49.Nm sbuf_finish , 50.Nm sbuf_data , 51.Nm sbuf_len , 52.Nm sbuf_done , 53.Nm sbuf_delete 54.Nd safe string formatting 55.Sh SYNOPSIS 56.In sys/types.h 57.In sys/sbuf.h 58.Ft typedef\ int ( sbuf_drain_func ) ( void\ *arg, const\ char\ *data, int\ len ) ; 59.Pp 60.Ft struct sbuf * 61.Fn sbuf_new "struct sbuf *s" "char *buf" "int length" "int flags" 62.Ft struct sbuf * 63.Fn sbuf_new_auto 64.Ft void 65.Fn sbuf_clear "struct sbuf *s" 66.Ft int 67.Fn sbuf_setpos "struct sbuf *s" "int pos" 68.Ft int 69.Fn sbuf_bcat "struct sbuf *s" "const void *buf" "size_t len" 70.Ft int 71.Fn sbuf_bcopyin "struct sbuf *s" "const void *uaddr" "size_t len" 72.Ft int 73.Fn sbuf_bcpy "struct sbuf *s" "const void *buf" "size_t len" 74.Ft int 75.Fn sbuf_cat "struct sbuf *s" "const char *str" 76.Ft int 77.Fn sbuf_copyin "struct sbuf *s" "const void *uaddr" "size_t len" 78.Ft int 79.Fn sbuf_cpy "struct sbuf *s" "const char *str" 80.Ft int 81.Fn sbuf_printf "struct sbuf *s" "const char *fmt" "..." 82.Ft int 83.Fn sbuf_vprintf "struct sbuf *s" "const char *fmt" "va_list ap" 84.Ft int 85.Fn sbuf_putc "struct sbuf *s" "int c" 86.Ft void 87.Fn sbuf_set_drain "struct sbuf *s" "sbuf_drain_func *func" "void *arg" 88.Ft int 89.Fn sbuf_trim "struct sbuf *s" 90.Ft int 91.Fn sbuf_error "struct sbuf *s" 92.Ft int 93.Fn sbuf_finish "struct sbuf *s" 94.Ft char * 95.Fn sbuf_data "struct sbuf *s" 96.Ft int 97.Fn sbuf_len "struct sbuf *s" 98.Ft int 99.Fn sbuf_done "struct sbuf *s" 100.Ft void 101.Fn sbuf_delete "struct sbuf *s" 102.Sh DESCRIPTION 103The 104.Nm 105family of functions allows one to safely allocate, construct and 106release bounded NUL-terminated strings in kernel space. 107Instead of arrays of characters, these functions operate on structures 108called 109.Fa sbufs , 110defined in 111.In sys/sbuf.h . 112.Pp 113The 114.Fn sbuf_new 115function initializes the 116.Fa sbuf 117pointed to by its first argument. 118If that pointer is 119.Dv NULL , 120.Fn sbuf_new 121allocates a 122.Vt struct sbuf 123using 124.Xr malloc 9 . 125The 126.Fa buf 127argument is a pointer to a buffer in which to store the actual string; 128if it is 129.Dv NULL , 130.Fn sbuf_new 131will allocate one using 132.Xr malloc 9 . 133The 134.Fa length 135is the initial size of the storage buffer. 136The fourth argument, 137.Fa flags , 138may be comprised of the following flags: 139.Bl -tag -width ".Dv SBUF_AUTOEXTEND" 140.It Dv SBUF_FIXEDLEN 141The storage buffer is fixed at its initial size. 142Attempting to extend the sbuf beyond this size results in an overflow condition. 143.It Dv SBUF_AUTOEXTEND 144This indicates that the storage buffer may be extended as necessary, so long 145as resources allow, to hold additional data. 146.El 147.Pp 148Note that if 149.Fa buf 150is not 151.Dv NULL , 152it must point to an array of at least 153.Fa length 154characters. 155The result of accessing that array directly while it is in use by the 156sbuf is undefined. 157.Pp 158The 159.Fn sbuf_new_auto 160function is a shortcut for creating a completely dynamic 161.Nm . 162It is the equivalent of calling 163.Fn sbuf_new 164with values 165.Dv NULL , 166.Dv NULL , 167.Dv 0 , 168and 169.Dv SBUF_AUTOEXTEND . 170.Pp 171The 172.Fn sbuf_delete 173function clears the 174.Fa sbuf 175and frees any memory allocated for it. 176There must be a call to 177.Fn sbuf_delete 178for every call to 179.Fn sbuf_new . 180Any attempt to access the sbuf after it has been deleted will fail. 181.Pp 182The 183.Fn sbuf_clear 184function invalidates the contents of the 185.Fa sbuf 186and resets its position to zero. 187.Pp 188The 189.Fn sbuf_setpos 190function sets the 191.Fa sbuf Ns 's 192end position to 193.Fa pos , 194which is a value between zero and one less than the size of the 195storage buffer. 196This effectively truncates the sbuf at the new position. 197.Pp 198The 199.Fn sbuf_bcat 200function appends the first 201.Fa len 202bytes from the buffer 203.Fa buf 204to the 205.Fa sbuf . 206.Pp 207The 208.Fn sbuf_bcopyin 209function copies 210.Fa len 211bytes from the specified userland address into the 212.Fa sbuf . 213.Pp 214The 215.Fn sbuf_bcpy 216function replaces the contents of the 217.Fa sbuf 218with the first 219.Fa len 220bytes from the buffer 221.Fa buf . 222.Pp 223The 224.Fn sbuf_cat 225function appends the NUL-terminated string 226.Fa str 227to the 228.Fa sbuf 229at the current position. 230.Pp 231The 232.Fn sbuf_set_drain 233function sets a drain function 234.Fa func 235for the 236.Fa sbuf , 237and records a pointer 238.Fa arg 239to be passed to the drain on callback. 240The drain function cannot be changed while 241.Fa sbuf_len 242is non-zero. 243.Pp 244The registered drain function 245.Vt sbuf_drain_func 246will be called with the argument 247.Fa arg 248provided to 249.Fn sbuf_set_drain , 250a pointer 251.Fa data 252to a byte string that is the contents of the sbuf, and the length 253.Fa len 254of the data. 255If the drain function exists, it will be called when the sbuf internal 256buffer is full, or on behalf of 257.Fn sbuf_finish . 258The drain function may drain some or all of the data, but must drain 259at least 1 byte. 260The return value from the drain function, if positive, indicates how 261many bytes were drained. 262If negative, the return value indicates the negative error code which 263will be returned from this or a later call to 264.Fn sbuf_finish . 265The returned drained length cannot be zero. 266To do unbuffered draining, initialize the sbuf with a two-byte buffer. 267The drain will be called for every byte added to the sbuf. 268The 269.Fn sbuf_bcopyin , 270.Fn sbuf_copyin , 271.Fn sbuf_trim , 272and 273.Fn sbuf_data 274functions cannot be used on an sbuf with a drain. 275.Pp 276The 277.Fn sbuf_copyin 278function copies a NUL-terminated string from the specified userland 279address into the 280.Fa sbuf . 281If the 282.Fa len 283argument is non-zero, no more than 284.Fa len 285characters (not counting the terminating NUL) are copied; otherwise 286the entire string, or as much of it as can fit in the 287.Fa sbuf , 288is copied. 289.Pp 290The 291.Fn sbuf_cpy 292function replaces the contents of the 293.Fa sbuf 294with those of the NUL-terminated string 295.Fa str . 296This is equivalent to calling 297.Fn sbuf_cat 298with a fresh 299.Fa sbuf 300or one which position has been reset to zero with 301.Fn sbuf_clear 302or 303.Fn sbuf_setpos . 304.Pp 305The 306.Fn sbuf_printf 307function formats its arguments according to the format string pointed 308to by 309.Fa fmt 310and appends the resulting string to the 311.Fa sbuf 312at the current position. 313.Pp 314The 315.Fn sbuf_vprintf 316function behaves the same as 317.Fn sbuf_printf 318except that the arguments are obtained from the variable-length argument list 319.Fa ap . 320.Pp 321The 322.Fn sbuf_putc 323function appends the character 324.Fa c 325to the 326.Fa sbuf 327at the current position. 328.Pp 329The 330.Fn sbuf_trim 331function removes trailing whitespace from the 332.Fa sbuf . 333.Pp 334The 335.Fn sbuf_error 336function returns any error value that the 337.Fa sbuf 338may have accumulated, either from the drain function, or ENOMEM if the 339.Fa sbuf 340overflowed. 341This function is generally not needed and instead the error code from 342.Fn sbuf_finish 343is the preferred way to discover whether an sbuf had an error. 344.Pp 345The 346.Fn sbuf_finish 347function will call the attached drain function if one exists until all 348the data in the 349.Fa sbuf 350is flushed. 351If there is no attached drain, 352.Fn sbuf_finish 353NUL-terminates the 354.Fa sbuf . 355In either case it marks the 356.Fa sbuf 357as finished, which means that it may no longer be modified using 358.Fn sbuf_setpos , 359.Fn sbuf_cat , 360.Fn sbuf_cpy , 361.Fn sbuf_printf 362or 363.Fn sbuf_putc , 364until 365.Fn sbuf_clear 366is used to reset the sbuf. 367.Pp 368The 369.Fn sbuf_data 370function returns the actual string; 371.Fn sbuf_data 372only works on a finished 373.Fa sbuf . 374The 375.Fn sbuf_len function returns the length of the string. 376For an 377.Fa sbuf 378with an attached drain, 379.Fn sbuf_len 380returns the length of the un-drained data. 381.Fn sbuf_done 382returns non-zero if the 383.Fa sbuf 384is finished. 385.Fn sbuf_done 386returns non-zero if the 387.Fa sbuf 388is finished. 389.Sh NOTES 390If an operation caused an 391.Fa sbuf 392to overflow, most subsequent operations on it will fail until the 393.Fa sbuf 394is finished using 395.Fn sbuf_finish 396or reset using 397.Fn sbuf_clear , 398or its position is reset to a value between 0 and one less than the 399size of its storage buffer using 400.Fn sbuf_setpos , 401or it is reinitialized to a sufficiently short string using 402.Fn sbuf_cpy . 403.Pp 404Drains in user-space will not always function as indicated. 405While the drain function will be called immediately on overflow from 406the 407.Fa sbuf_putc , 408.Fa sbuf_bcat , 409.Fa sbuf_cat 410functions, 411.Fa sbuf_printf 412and 413.Fa sbuf_vprintf 414currently have no way to determine whether there will be an overflow 415until after it occurs, and cannot do a partial expansion of the format 416string. 417Thus when using libsbuf the buffer may be extended to allow completion 418of a single printf call, even though a drain is attached. 419.Sh RETURN VALUES 420The 421.Fn sbuf_new 422function returns 423.Dv NULL 424if it failed to allocate a storage buffer, and a pointer to the new 425.Fa sbuf 426otherwise. 427.Pp 428The 429.Fn sbuf_setpos 430function returns \-1 if 431.Fa pos 432was invalid, and zero otherwise. 433.Pp 434The 435.Fn sbuf_cat , 436.Fn sbuf_cpy , 437.Fn sbuf_printf , 438.Fn sbuf_putc , 439and 440.Fn sbuf_trim 441functions 442all return \-1 if the buffer overflowed, and zero otherwise. 443.Pp 444The 445.Fn sbuf_error 446function returns a non-zero value if the buffer has an overflow or 447drain error, and zero otherwise. 448.Pp 449The 450.Fn sbuf_data 451and 452.Fn sbuf_len 453functions return 454.Dv NULL 455and \-1, respectively, if the buffer overflowed. 456.Pp 457The 458.Fn sbuf_copyin 459function 460returns \-1 if copying string from userland failed, and number of bytes 461copied otherwise. 462The 463.Fn sbuf_finish 464function returns ENOMEM if the sbuf overflowed before being finished, 465or returns the error code from the drain if one is attached. 466When used as 467.Xr sbuf_finish 3 , 468.Fn sbuf_finish 469will return \-1 and set errno on error instead. 470.Sh SEE ALSO 471.Xr printf 3 , 472.Xr strcat 3 , 473.Xr strcpy 3 , 474.Xr copyin 9 , 475.Xr copyinstr 9 , 476.Xr printf 9 477.Sh HISTORY 478The 479.Nm 480family of functions first appeared in 481.Fx 4.4 . 482.Sh AUTHORS 483.An -nosplit 484The 485.Nm 486family of functions was designed by 487.An Poul-Henning Kamp Aq phk@FreeBSD.org 488and implemented by 489.An Dag-Erling Sm\(/orgrav Aq des@FreeBSD.org . 490Additional improvements were suggested by 491.An Justin T. Gibbs Aq gibbs@FreeBSD.org . 492Auto-extend support added by 493.An Kelly Yancey Aq kbyanc@FreeBSD.org . 494Drain functionality added by 495.An Matthew Fleming Aq mdf@FreeBSD.org . 496.Pp 497This manual page was written by 498.An Dag-Erling Sm\(/orgrav Aq des@FreeBSD.org . 499