From: Willy Tarreau <w@1wt.eu>
To: david.laight.linux@gmail.com
Cc: "Thomas Weißschuh" <linux@weissschuh.net>,
linux-kernel@vger.kernel.org, "Cheng Li" <lechain@gmail.com>
Subject: Re: [PATCH v4 next 02/23] tools/nolibc/printf: Move snprintf length check to callback
Date: Sat, 7 Mar 2026 11:48:47 +0100 [thread overview]
Message-ID: <aawCjy85tof86xd8@1wt.eu> (raw)
In-Reply-To: <20260302101815.3043-3-david.laight.linux@gmail.com>
On Mon, Mar 02, 2026 at 10:17:54AM +0000, david.laight.linux@gmail.com wrote:
> From: David Laight <david.laight.linux@gmail.com>
>
> Move output truncation to the snprintf() callback.
> This simplifies the main code and fixes truncation of padded fields.
>
> Add a zero length callback to 'finalise' the buffer rather than
> doing it in snprintf() itself.
>
> Fixes e90ce42e81381 ("tools/nolibc: implement width padding in printf()")
> Signed-off-by: David Laight <david.laight.linux@gmail.com>
Acked-by: Willy Tarreau <w@1wt.eu>
Willy
> ---
>
> For v4:
> - Avoid memcpy(ptr, NULL, 0)
>
> For v3:
> - Patch 2 in v2, patch 1 in v1.
> - Note that it fixes e90ce42e81381.
> - Update comments (again).
> - Rename size => space in snprintf 'state.
> - Copy state->space to a local rather than relying on the compiler
> doing CSE, changes the code slightly for x86 (but not the size).
> - Unconditionally write a '\0' to terminate the old data before
> overwriting it with new data.
> Saves a few bytes of object code.
>
> tools/include/nolibc/stdio.h | 94 +++++++++++++++++++++++++-----------
> 1 file changed, 67 insertions(+), 27 deletions(-)
>
> diff --git a/tools/include/nolibc/stdio.h b/tools/include/nolibc/stdio.h
> index 77d7669cdb80..a4df72d9a2d3 100644
> --- a/tools/include/nolibc/stdio.h
> +++ b/tools/include/nolibc/stdio.h
> @@ -295,16 +295,25 @@ int fseek(FILE *stream, long offset, int whence)
> * - %[l*]{d,u,c,x,p}
> * - %s
> * - unknown modifiers are ignored.
> + *
> + * Called by vfprintf() and snprintf() to do the actual formatting.
> + * The callers provide a callback function to save the formatted data.
> + * The callback function is called multiple times:
> + * - for each group of literal characters in the format string.
> + * - for field padding.
> + * - for each conversion specifier.
> + * - with (NULL, 0) at the end of the __nolibc_printf.
> + * If the callback returns non-zero __nolibc_printf() immediately returns -1.
> */
> -typedef int (*__nolibc_printf_cb)(intptr_t state, const char *buf, size_t size);
> +typedef int (*__nolibc_printf_cb)(void *state, const char *buf, size_t size);
>
> -static __attribute__((unused, format(printf, 4, 0)))
> -int __nolibc_printf(__nolibc_printf_cb cb, intptr_t state, size_t n, const char *fmt, va_list args)
> +static __attribute__((unused, format(printf, 3, 0)))
> +int __nolibc_printf(__nolibc_printf_cb cb, void *state, const char *fmt, va_list args)
> {
> char escape, lpref, ch;
> unsigned long long v;
> unsigned int written, width;
> - size_t len, ofs, w;
> + size_t len, ofs;
> char outbuf[21];
> const char *outstr;
>
> @@ -406,17 +415,13 @@ int __nolibc_printf(__nolibc_printf_cb cb, intptr_t state, size_t n, const char
> outstr = fmt;
> len = ofs - 1;
> flush_str:
> - if (n) {
> - w = len < n ? len : n;
> - n -= w;
> - while (width-- > w) {
> - if (cb(state, " ", 1) != 0)
> - return -1;
> - written += 1;
> - }
> - if (cb(state, outstr, w) != 0)
> + while (width-- > len) {
> + if (cb(state, " ", 1) != 0)
> return -1;
> + written += 1;
> }
> + if (cb(state, outstr, len) != 0)
> + return -1;
>
> written += len;
> do_escape:
> @@ -429,18 +434,25 @@ int __nolibc_printf(__nolibc_printf_cb cb, intptr_t state, size_t n, const char
>
> /* literal char, just queue it */
> }
> +
> + /* Request a final '\0' be added to the snprintf() output.
> + * This may be the only call of the cb() function.
> + */
> + if (cb(state, NULL, 0) != 0)
> + return -1;
> +
> return written;
> }
>
> -static int __nolibc_fprintf_cb(intptr_t state, const char *buf, size_t size)
> +static int __nolibc_fprintf_cb(void *stream, const char *buf, size_t size)
> {
> - return _fwrite(buf, size, (FILE *)state);
> + return _fwrite(buf, size, stream);
> }
>
> static __attribute__((unused, format(printf, 2, 0)))
> int vfprintf(FILE *stream, const char *fmt, va_list args)
> {
> - return __nolibc_printf(__nolibc_fprintf_cb, (intptr_t)stream, SIZE_MAX, fmt, args);
> + return __nolibc_printf(__nolibc_fprintf_cb, stream, fmt, args);
> }
>
> static __attribute__((unused, format(printf, 1, 0)))
> @@ -498,26 +510,54 @@ int dprintf(int fd, const char *fmt, ...)
> return ret;
> }
>
> -static int __nolibc_sprintf_cb(intptr_t _state, const char *buf, size_t size)
> +struct __nolibc_sprintf_cb_state {
> + char *buf;
> + size_t space;
> +};
> +
> +static int __nolibc_sprintf_cb(void *v_state, const char *buf, size_t size)
> {
> - char **state = (char **)_state;
> + struct __nolibc_sprintf_cb_state *state = v_state;
> + size_t space = state->space;
> + char *tgt;
> +
> + /* Truncate the request to fit in the output buffer space.
> + * The last byte is reserved for the terminating '\0'.
> + * state->space can only be zero for snprintf(NULL, 0, fmt, args)
> + * so this normally lets through calls with 'size == 0'.
> + */
> + if (size >= space) {
> + if (space <= 1)
> + return 0;
> + size = space - 1;
> + }
> + tgt = state->buf;
> +
> + /* __nolibc_printf() ends with cb(state, NULL, 0) to request the output
> + * buffer be '\0' terminated.
> + * That will be the only cb() call for, eg, snprintf(buf, sz, "").
> + * Zero lengths can occur at other times (eg "%s" for an empty string).
> + * Unconditionally write the '\0' byte to reduce code size, it is
> + * normally overwritten by the data being output.
> + * There is no point adding a '\0' after copied data - there is always
> + * another call.
> + */
> + *tgt = '\0';
> + if (size) {
> + state->space = space - size;
> + state->buf = tgt + size;
> + memcpy(tgt, buf, size);
> + }
>
> - memcpy(*state, buf, size);
> - *state += size;
> return 0;
> }
>
> static __attribute__((unused, format(printf, 3, 0)))
> int vsnprintf(char *buf, size_t size, const char *fmt, va_list args)
> {
> - char *state = buf;
> - int ret;
> + struct __nolibc_sprintf_cb_state state = { .buf = buf, .space = size };
>
> - ret = __nolibc_printf(__nolibc_sprintf_cb, (intptr_t)&state, size, fmt, args);
> - if (ret < 0)
> - return ret;
> - buf[(size_t)ret < size ? (size_t)ret : size - 1] = '\0';
> - return ret;
> + return __nolibc_printf(__nolibc_sprintf_cb, &state, fmt, args);
> }
>
> static __attribute__((unused, format(printf, 3, 4)))
> --
> 2.39.5
next prev parent reply other threads:[~2026-03-07 10:48 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-02 10:17 [PATCH v4 next 00/23] Enhance printf() david.laight.linux
2026-03-02 10:17 ` [PATCH v4 next 01/23] tools/nolibc: Add _NOLIBC_OPTIMIZER_HIDE_VAR() to compiler.h david.laight.linux
2026-03-07 10:50 ` Willy Tarreau
2026-03-02 10:17 ` [PATCH v4 next 02/23] tools/nolibc/printf: Move snprintf length check to callback david.laight.linux
2026-03-07 10:48 ` Willy Tarreau [this message]
2026-03-02 10:17 ` [PATCH v4 next 03/23] selftests/nolibc: Return correct value when printf test fails david.laight.linux
2026-03-02 10:17 ` [PATCH v4 next 04/23] selftests/nolibc: check vsnprintf() output buffer before the length david.laight.linux
2026-03-02 10:17 ` [PATCH v4 next 05/23] selftests/nolibc: Use length of 'expected' string to check snprintf() output david.laight.linux
2026-03-02 10:17 ` [PATCH v4 next 06/23] selftests/nolibc: Check that snprintf() doesn't write beyond the buffer end david.laight.linux
2026-03-02 10:17 ` [PATCH v4 next 07/23] selftests/nolibc: Let EXPECT_VFPRINTF() tests be skipped david.laight.linux
2026-03-02 10:18 ` [PATCH 08/23] selftests/nolibc: Rename w to written in expect_vfprintf() david.laight.linux
2026-03-02 10:18 ` [PATCH v4 next 09/23] tools/nolibc: Implement strerror() in terms of strerror_r() david.laight.linux
2026-03-07 10:18 ` Willy Tarreau
2026-03-07 11:31 ` David Laight
2026-03-07 11:37 ` Willy Tarreau
2026-03-07 16:55 ` David Laight
2026-03-07 17:17 ` Willy Tarreau
2026-03-02 10:18 ` [PATCH v4 next 10/23] tools/nolibc: Rename the 'errnum' parameter to strerror() david.laight.linux
2026-03-07 10:19 ` Willy Tarreau
2026-03-02 10:18 ` [PATCH v4 next 11/23] tools/nolibc/printf: Output pad characters in 16 byte chunks david.laight.linux
2026-03-02 10:18 ` [PATCH 12/23] tools/nolibc/printf: Simplify __nolibc_printf() david.laight.linux
2026-03-02 10:18 ` [PATCH v4 next 13/23] tools/nolibc/printf: Use goto and reduce indentation david.laight.linux
2026-03-07 10:30 ` Willy Tarreau
2026-03-02 10:18 ` [PATCH 14/23] tools/nolibc/printf: Use bit-masks to hold requested flag, length and conversion chars david.laight.linux
2026-03-02 10:18 ` [PATCH v4 next 15/23] tools/nolibc/printf: Add support for length modifiers tzqL and formats iX david.laight.linux
2026-03-02 10:18 ` [PATCH v4 next 16/23] tools/nolibc/printf: Handle "%s" with the numeric formats david.laight.linux
2026-03-07 10:32 ` Willy Tarreau
2026-03-02 10:18 ` [PATCH 17/23] tools/nolibc/printf: Prepend sign to converted number david.laight.linux
2026-03-07 10:40 ` Willy Tarreau
2026-03-02 10:18 ` [PATCH v4 next 18/23] tools/nolibc/printf: Add support for conversion flags space and plus david.laight.linux
2026-03-07 10:46 ` Willy Tarreau
2026-03-02 10:18 ` [PATCH v4 next 19/23] tools/nolibc/printf: Special case 0 and add support for %#x david.laight.linux
2026-03-07 10:46 ` Willy Tarreau
2026-03-02 10:18 ` [PATCH v4 next 20/23] tools/nolibc/printf: Add support for left aligning fields david.laight.linux
2026-03-07 10:46 ` Willy Tarreau
2026-03-02 10:18 ` [PATCH v4 next 21/23] tools/nolibc/printf: Add support for zero padding and field precision david.laight.linux
2026-03-02 10:18 ` [PATCH v4 next 22/23] tools/nolibc/printf: Add support for octal output david.laight.linux
2026-03-07 10:45 ` Willy Tarreau
2026-03-02 10:18 ` [PATCH v4 next 23/23] selftests/nolibc: Use printf variable field widths and precisions david.laight.linux
2026-03-07 10:53 ` [PATCH v4 next 00/23] Enhance printf() Willy Tarreau
2026-03-07 18:02 ` Thomas Weißschuh
2026-03-07 22:03 ` David Laight
2026-03-07 22:20 ` Thomas Weißschuh
2026-03-08 9:23 ` Willy Tarreau
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aawCjy85tof86xd8@1wt.eu \
--to=w@1wt.eu \
--cc=david.laight.linux@gmail.com \
--cc=lechain@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@weissschuh.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.