1.\"- 2.\" Copyright (c) 2000 Poul-Henning Kamp and Dag-Erling Coïdan Smørgrav 3.\" All rights reserved. 4.\" 5.\" Redistribution and use in source and binary forms, with or without 6.\" modification, are permitted provided that the following conditions 7.\" are met: 8.\" 1. Redistributions of source code must retain the above copyright 9.\" notice, this list of conditions and the following disclaimer. 10.\" 2. Redistributions in binary form must reproduce the above copyright 11.\" notice, this list of conditions and the following disclaimer in the 12.\" documentation and/or other materials provided with the distribution. 13.\" 14.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 15.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 18.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24.\" SUCH DAMAGE. 25.\" 26.\" $FreeBSD$ 27.\" 28.Dd March 14, 2015 29.Dt SBUF 9 30.Os 31.Sh NAME 32.Nm sbuf , 33.Nm sbuf_new , 34.Nm sbuf_new_auto , 35.Nm sbuf_new_for_sysctl , 36.Nm sbuf_clear , 37.Nm sbuf_get_flags , 38.Nm sbuf_set_flags , 39.Nm sbuf_clear_flags , 40.Nm sbuf_setpos , 41.Nm sbuf_bcat , 42.Nm sbuf_bcopyin , 43.Nm sbuf_bcpy , 44.Nm sbuf_cat , 45.Nm sbuf_copyin , 46.Nm sbuf_cpy , 47.Nm sbuf_printf , 48.Nm sbuf_vprintf , 49.Nm sbuf_putc , 50.Nm sbuf_set_drain , 51.Nm sbuf_trim , 52.Nm sbuf_error , 53.Nm sbuf_finish , 54.Nm sbuf_data , 55.Nm sbuf_len , 56.Nm sbuf_done , 57.Nm sbuf_delete , 58.Nm sbuf_start_section , 59.Nm sbuf_end_section 60.Nd safe string composition 61.Sh SYNOPSIS 62.In sys/types.h 63.In sys/sbuf.h 64.Ft typedef\ int ( sbuf_drain_func ) ( void\ *arg, const\ char\ *data, int\ len ) ; 65.Pp 66.Ft struct sbuf * 67.Fn sbuf_new "struct sbuf *s" "char *buf" "int length" "int flags" 68.Ft struct sbuf * 69.Fn sbuf_new_auto 70.Ft void 71.Fn sbuf_clear "struct sbuf *s" 72.Ft int 73.Fn sbuf_get_flags "struct sbuf *s" 74.Ft void 75.Fn sbuf_set_flags "struct sbuf *s" "int flags" 76.Ft void 77.Fn sbuf_clear_flags "struct sbuf *s" "int flags" 78.Ft int 79.Fn sbuf_setpos "struct sbuf *s" "int pos" 80.Ft int 81.Fn sbuf_bcat "struct sbuf *s" "const void *buf" "size_t len" 82.Ft int 83.Fn sbuf_bcopyin "struct sbuf *s" "const void *uaddr" "size_t len" 84.Ft int 85.Fn sbuf_bcpy "struct sbuf *s" "const void *buf" "size_t len" 86.Ft int 87.Fn sbuf_cat "struct sbuf *s" "const char *str" 88.Ft int 89.Fn sbuf_copyin "struct sbuf *s" "const void *uaddr" "size_t len" 90.Ft int 91.Fn sbuf_cpy "struct sbuf *s" "const char *str" 92.Ft int 93.Fn sbuf_printf "struct sbuf *s" "const char *fmt" "..." 94.Ft int 95.Fn sbuf_vprintf "struct sbuf *s" "const char *fmt" "va_list ap" 96.Ft int 97.Fn sbuf_putc "struct sbuf *s" "int c" 98.Ft void 99.Fn sbuf_set_drain "struct sbuf *s" "sbuf_drain_func *func" "void *arg" 100.Ft int 101.Fn sbuf_trim "struct sbuf *s" 102.Ft int 103.Fn sbuf_error "struct sbuf *s" 104.Ft int 105.Fn sbuf_finish "struct sbuf *s" 106.Ft char * 107.Fn sbuf_data "struct sbuf *s" 108.Ft ssize_t 109.Fn sbuf_len "struct sbuf *s" 110.Ft int 111.Fn sbuf_done "struct sbuf *s" 112.Ft void 113.Fn sbuf_delete "struct sbuf *s" 114.Ft void 115.Fn sbuf_start_section "struct sbuf *s" "ssize_t *old_lenp" 116.Ft ssize_t 117.Fn sbuf_end_section "struct sbuf *s" "ssize_t old_len" "size_t pad" "int c" 118.In sys/sysctl.h 119.Ft struct sbuf * 120.Fn sbuf_new_for_sysctl "struct sbuf *s" "char *buf" "int length" "struct sysctl_req *req" 121.Sh DESCRIPTION 122The 123.Nm 124family of functions allows one to safely allocate, compose and 125release strings in kernel or user space. 126.Pp 127Instead of arrays of characters, these functions operate on structures 128called 129.Fa sbufs , 130defined in 131.In sys/sbuf.h . 132.Pp 133Any errors encountered during the allocation or composition of the 134string will be latched in the data structure, 135making a single error test at the end of the composition 136sufficient to determine success or failure of the entire process. 137.Pp 138The 139.Fn sbuf_new 140function initializes the 141.Fa sbuf 142pointed to by its first argument. 143If that pointer is 144.Dv NULL , 145.Fn sbuf_new 146allocates a 147.Vt struct sbuf 148using 149.Xr malloc 9 . 150The 151.Fa buf 152argument is a pointer to a buffer in which to store the actual string; 153if it is 154.Dv NULL , 155.Fn sbuf_new 156will allocate one using 157.Xr malloc 9 . 158The 159.Fa length 160is the initial size of the storage buffer. 161The fourth argument, 162.Fa flags , 163may be comprised of the following flags: 164.Bl -tag -width ".Dv SBUF_AUTOEXTEND" 165.It Dv SBUF_FIXEDLEN 166The storage buffer is fixed at its initial size. 167Attempting to extend the sbuf beyond this size results in an overflow condition. 168.It Dv SBUF_AUTOEXTEND 169This indicates that the storage buffer may be extended as necessary, so long 170as resources allow, to hold additional data. 171.It Dv SBUF_INCLUDENUL 172This causes the final nulterm byte to be counted in the length of the data. 173.El 174.Pp 175Note that if 176.Fa buf 177is not 178.Dv NULL , 179it must point to an array of at least 180.Fa length 181characters. 182The result of accessing that array directly while it is in use by the 183sbuf is undefined. 184.Pp 185The 186.Fn sbuf_new_auto 187function is a shortcut for creating a completely dynamic 188.Nm . 189It is the equivalent of calling 190.Fn sbuf_new 191with values 192.Dv NULL , 193.Dv NULL , 194.Dv 0 , 195and 196.Dv SBUF_AUTOEXTEND . 197.Pp 198The 199.Fn sbuf_new_for_sysctl 200function will set up an sbuf with a drain function to use 201.Fn SYSCTL_OUT 202when the internal buffer fills. 203Note that if the various functions which append to an sbuf are used while 204a non-sleepable lock is held, the user buffer should be wired using 205.Fn sysctl_wire_old_buffer . 206.Pp 207The 208.Fn sbuf_delete 209function clears the 210.Fa sbuf 211and frees any memory allocated for it. 212There must be a call to 213.Fn sbuf_delete 214for every call to 215.Fn sbuf_new . 216Any attempt to access the sbuf after it has been deleted will fail. 217.Pp 218The 219.Fn sbuf_clear 220function invalidates the contents of the 221.Fa sbuf 222and resets its position to zero. 223.Pp 224The 225.Fn sbuf_get_flags 226function returns the current user flags. 227The 228.Fn sbuf_set_flags 229and 230.Fn sbuf_get_flags 231functions set or clear one or more user flags, respectively. 232The user flags are described under the 233.Fn sbuf_new 234function. 235.Pp 236The 237.Fn sbuf_setpos 238function sets the 239.Fa sbuf Ns 's 240end position to 241.Fa pos , 242which is a value between zero and one less than the size of the 243storage buffer. 244This effectively truncates the sbuf at the new position. 245.Pp 246The 247.Fn sbuf_bcat 248function appends the first 249.Fa len 250bytes from the buffer 251.Fa buf 252to the 253.Fa sbuf . 254.Pp 255The 256.Fn sbuf_bcopyin 257function copies 258.Fa len 259bytes from the specified userland address into the 260.Fa sbuf . 261.Pp 262The 263.Fn sbuf_bcpy 264function replaces the contents of the 265.Fa sbuf 266with the first 267.Fa len 268bytes from the buffer 269.Fa buf . 270.Pp 271The 272.Fn sbuf_cat 273function appends the NUL-terminated string 274.Fa str 275to the 276.Fa sbuf 277at the current position. 278.Pp 279The 280.Fn sbuf_set_drain 281function sets a drain function 282.Fa func 283for the 284.Fa sbuf , 285and records a pointer 286.Fa arg 287to be passed to the drain on callback. 288The drain function cannot be changed while 289.Fa sbuf_len 290is non-zero. 291.Pp 292The registered drain function 293.Vt sbuf_drain_func 294will be called with the argument 295.Fa arg 296provided to 297.Fn sbuf_set_drain , 298a pointer 299.Fa data 300to a byte string that is the contents of the sbuf, and the length 301.Fa len 302of the data. 303If the drain function exists, it will be called when the sbuf internal 304buffer is full, or on behalf of 305.Fn sbuf_finish . 306The drain function may drain some or all of the data, but must drain 307at least 1 byte. 308The return value from the drain function, if positive, indicates how 309many bytes were drained. 310If negative, the return value indicates the negative error code which 311will be returned from this or a later call to 312.Fn sbuf_finish . 313The returned drained length cannot be zero. 314To do unbuffered draining, initialize the sbuf with a two-byte buffer. 315The drain will be called for every byte added to the sbuf. 316The 317.Fn sbuf_bcopyin , 318.Fn sbuf_copyin , 319.Fn sbuf_trim , 320and 321.Fn sbuf_data 322functions cannot be used on an sbuf with a drain. 323.Pp 324The 325.Fn sbuf_copyin 326function copies a NUL-terminated string from the specified userland 327address into the 328.Fa sbuf . 329If the 330.Fa len 331argument is non-zero, no more than 332.Fa len 333characters (not counting the terminating NUL) are copied; otherwise 334the entire string, or as much of it as can fit in the 335.Fa sbuf , 336is copied. 337.Pp 338The 339.Fn sbuf_cpy 340function replaces the contents of the 341.Fa sbuf 342with those of the NUL-terminated string 343.Fa str . 344This is equivalent to calling 345.Fn sbuf_cat 346with a fresh 347.Fa sbuf 348or one which position has been reset to zero with 349.Fn sbuf_clear 350or 351.Fn sbuf_setpos . 352.Pp 353The 354.Fn sbuf_printf 355function formats its arguments according to the format string pointed 356to by 357.Fa fmt 358and appends the resulting string to the 359.Fa sbuf 360at the current position. 361.Pp 362The 363.Fn sbuf_vprintf 364function behaves the same as 365.Fn sbuf_printf 366except that the arguments are obtained from the variable-length argument list 367.Fa ap . 368.Pp 369The 370.Fn sbuf_putc 371function appends the character 372.Fa c 373to the 374.Fa sbuf 375at the current position. 376.Pp 377The 378.Fn sbuf_trim 379function removes trailing whitespace from the 380.Fa sbuf . 381.Pp 382The 383.Fn sbuf_error 384function returns any error value that the 385.Fa sbuf 386may have accumulated, either from the drain function, or ENOMEM if the 387.Fa sbuf 388overflowed. 389This function is generally not needed and instead the error code from 390.Fn sbuf_finish 391is the preferred way to discover whether an sbuf had an error. 392.Pp 393The 394.Fn sbuf_finish 395function will call the attached drain function if one exists until all 396the data in the 397.Fa sbuf 398is flushed. 399If there is no attached drain, 400.Fn sbuf_finish 401NUL-terminates the 402.Fa sbuf . 403In either case it marks the 404.Fa sbuf 405as finished, which means that it may no longer be modified using 406.Fn sbuf_setpos , 407.Fn sbuf_cat , 408.Fn sbuf_cpy , 409.Fn sbuf_printf 410or 411.Fn sbuf_putc , 412until 413.Fn sbuf_clear 414is used to reset the sbuf. 415.Pp 416The 417.Fn sbuf_data 418function returns the actual string; 419.Fn sbuf_data 420only works on a finished 421.Fa sbuf . 422The 423.Fn sbuf_len 424function returns the length of the string. 425For an 426.Fa sbuf 427with an attached drain, 428.Fn sbuf_len 429returns the length of the un-drained data. 430.Fn sbuf_done 431returns non-zero if the 432.Fa sbuf 433is finished. 434.Pp 435The 436.Fn sbuf_start_section 437and 438.Fn sbuf_end_section 439functions may be used for automatic section alignment. 440The arguments 441.Fa pad 442and 443.Fa c 444specify the padding size and a character used for padding. 445The arguments 446.Fa old_lenp 447and 448.Fa old_len 449are to save and restore the current section length when nested sections 450are used. 451For the top level section 452.Dv NULL 453and \-1 can be specified for 454.Fa old_lenp 455and 456.Fa old_len 457respectively. 458.Sh NOTES 459If an operation caused an 460.Fa sbuf 461to overflow, most subsequent operations on it will fail until the 462.Fa sbuf 463is finished using 464.Fn sbuf_finish 465or reset using 466.Fn sbuf_clear , 467or its position is reset to a value between 0 and one less than the 468size of its storage buffer using 469.Fn sbuf_setpos , 470or it is reinitialized to a sufficiently short string using 471.Fn sbuf_cpy . 472.Pp 473Drains in user-space will not always function as indicated. 474While the drain function will be called immediately on overflow from 475the 476.Fa sbuf_putc , 477.Fa sbuf_bcat , 478.Fa sbuf_cat 479functions, 480.Fa sbuf_printf 481and 482.Fa sbuf_vprintf 483currently have no way to determine whether there will be an overflow 484until after it occurs, and cannot do a partial expansion of the format 485string. 486Thus when using libsbuf the buffer may be extended to allow completion 487of a single printf call, even though a drain is attached. 488.Sh RETURN VALUES 489The 490.Fn sbuf_new 491function returns 492.Dv NULL 493if it failed to allocate a storage buffer, and a pointer to the new 494.Fa sbuf 495otherwise. 496.Pp 497The 498.Fn sbuf_setpos 499function returns \-1 if 500.Fa pos 501was invalid, and zero otherwise. 502.Pp 503The 504.Fn sbuf_cat , 505.Fn sbuf_cpy , 506.Fn sbuf_printf , 507.Fn sbuf_putc , 508and 509.Fn sbuf_trim 510functions 511all return \-1 if the buffer overflowed, and zero otherwise. 512.Pp 513The 514.Fn sbuf_error 515function returns a non-zero value if the buffer has an overflow or 516drain error, and zero otherwise. 517.Pp 518The 519.Fn sbuf_len 520function returns \-1 if the buffer overflowed. 521.Pp 522The 523.Fn sbuf_copyin 524function 525returns \-1 if copying string from userland failed, and number of bytes 526copied otherwise. 527.Pp 528The 529.Fn sbuf_end_section 530function returns the section length or \-1 if the buffer has an error. 531.Pp 532The 533.Fn sbuf_finish 9 534function (the kernel version) returns ENOMEM if the sbuf overflowed before 535being finished, 536or returns the error code from the drain if one is attached. 537.Pp 538The 539.Fn sbuf_finish 3 540function (the userland version) 541will return zero for success and \-1 and set errno on error. 542.Sh EXAMPLES 543.Bd -literal -compact 544#include <sys/sbuf.h> 545 546struct sbuf *sb; 547 548sb = sbuf_new_auto(); 549sbuf_cat(sb, "Customers found:\en"); 550TAILQ_FOREACH(foo, &foolist, list) { 551 sbuf_printf(sb, " %4d %s\en", foo->index, foo->name); 552 sbuf_printf(sb, " Address: %s\en", foo->address); 553 sbuf_printf(sb, " Zip: %s\en", foo->zipcode); 554} 555if (sbuf_finish(sb) != 0) /* Check for any and all errors */ 556 err(1, "Could not generate message"); 557transmit_msg(sbuf_data(sb), sbuf_len(sb)); 558sbuf_delete(sb); 559.Ed 560.Sh SEE ALSO 561.Xr printf 3 , 562.Xr strcat 3 , 563.Xr strcpy 3 , 564.Xr copyin 9 , 565.Xr copyinstr 9 , 566.Xr printf 9 567.Sh HISTORY 568The 569.Nm 570family of functions first appeared in 571.Fx 4.4 . 572.Sh AUTHORS 573.An -nosplit 574The 575.Nm 576family of functions was designed by 577.An Poul-Henning Kamp Aq Mt phk@FreeBSD.org 578and implemented by 579.An Dag-Erling Sm\(/orgrav Aq Mt des@FreeBSD.org . 580Additional improvements were suggested by 581.An Justin T. Gibbs Aq Mt gibbs@FreeBSD.org . 582Auto-extend support added by 583.An Kelly Yancey Aq Mt kbyanc@FreeBSD.org . 584Drain functionality added by 585.An Matthew Fleming Aq Mt mdf@FreeBSD.org . 586.Pp 587This manual page was written by 588.An Dag-Erling Sm\(/orgrav Aq Mt des@FreeBSD.org . 589