1 /* mpfr_vasnprintf_aux -- helper function for the formatted output functions 2 (printf functions family). 3 4 Copyright 2007-2023 Free Software Foundation, Inc. 5 Contributed by the AriC and Caramba projects, INRIA. 6 7 This file is part of the GNU MPFR Library. 8 9 The GNU MPFR Library is free software; you can redistribute it and/or modify 10 it under the terms of the GNU Lesser General Public License as published by 11 the Free Software Foundation; either version 3 of the License, or (at your 12 option) any later version. 13 14 The GNU MPFR Library is distributed in the hope that it will be useful, but 15 WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY 16 or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public 17 License for more details. 18 19 You should have received a copy of the GNU Lesser General Public License 20 along with the GNU MPFR Library; see the file COPYING.LESSER. If not, see 21 https://www.gnu.org/licenses/ or write to the Free Software Foundation, Inc., 22 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. */ 23 24 /* If the number of output characters is larger than INT_MAX, the 25 ISO C99 / C11 standards are silent, but POSIX[*] requires the 26 function to return a negative value and set errno to EOVERFLOW. 27 [*] The Open Group Base Specifications Issue 7, 2018 edition 28 IEEE Std 1003.1-2017 (Revision of IEEE Std 1003.1-2008) 29 https://pubs.opengroup.org/onlinepubs/9699919799/functions/fprintf.html 30 This follows a defect report submitted in 2007 to austin-review-l. 31 Even in case of such a failure (just because of the limitation on int), 32 we try to support %n, %ln, %jn when possible. That's why the sizes (or 33 lengths) are expressed using mpfr_intmax_t in the code below. */ 34 35 /* Notes about limitations on some platforms: 36 37 Due to limitations from the C standard and GMP, if size_t < unsigned int 38 (which is allowed by the C standard but unlikely to occur on any 39 platform), the behavior is undefined for output that would reach 40 SIZE_MAX = (size_t) -1 (if the result cannot be delivered, there should 41 be an assertion failure, but this could not be tested). 42 43 The stdarg(3) Linux man page says: 44 On some systems, va_end contains a closing '}' matching a '{' in 45 va_start, so that both macros must occur in the same function, 46 and in a way that allows this. 47 However, the only requirement from ISO C is that both macros must be 48 invoked in the same function (MPFR uses va_copy instead of va_start, 49 but the requirement is the same). Here, MPFR just follows ISO C. 50 */ 51 52 /* Needed due to the tests on HAVE_STDARG and MPFR_USE_MINI_GMP */ 53 #ifdef HAVE_CONFIG_H 54 # include "config.h" 55 #endif 56 57 /* The mpfr_printf-like functions are defined only if <stdarg.h> exists. 58 Since they use mpf_t, they cannot be defined with mini-gmp. */ 59 #if defined(HAVE_STDARG) && !defined(MPFR_USE_MINI_GMP) 60 61 #include <stdarg.h> 62 63 #ifndef HAVE_VA_COPY 64 # ifdef HAVE___VA_COPY 65 # define va_copy(dst,src) __va_copy(dst, src) 66 # else 67 /* autoconf manual advocates this fallback. 68 This is also the solution chosen by gmp */ 69 # define va_copy(dst,src) \ 70 do { memcpy(&(dst), &(src), sizeof(va_list)); } while (0) 71 # endif /* HAVE___VA_COPY */ 72 #endif /* HAVE_VA_COPY */ 73 74 #ifdef HAVE_WCHAR_H 75 #include <wchar.h> 76 #endif 77 78 #if defined (__cplusplus) 79 #include <cstddef> 80 #else 81 #include <stddef.h> /* for ptrdiff_t */ 82 #endif 83 84 #include <errno.h> 85 86 #define MPFR_NEED_LONGLONG_H 87 #define MPFR_NEED_INTMAX_H 88 #include "mpfr-impl.h" 89 90 /* Define a length modifier corresponding to mpfr_prec_t. 91 We use literal string instead of literal character so as to permit future 92 extension to long long int ("ll"). */ 93 #if _MPFR_PREC_FORMAT == 1 94 #define MPFR_PREC_FORMAT_TYPE "h" 95 #define MPFR_PREC_FORMAT_SIZE 1 96 #elif _MPFR_PREC_FORMAT == 2 97 #define MPFR_PREC_FORMAT_TYPE "" 98 #define MPFR_PREC_FORMAT_SIZE 0 99 #elif _MPFR_PREC_FORMAT == 3 100 #define MPFR_PREC_FORMAT_TYPE "l" 101 #define MPFR_PREC_FORMAT_SIZE 1 102 #else 103 #error "mpfr_prec_t size not supported" 104 #endif 105 106 /* Output for special values defined in the C99 standard */ 107 #define MPFR_NAN_STRING_LC "nan" 108 #define MPFR_NAN_STRING_UC "NAN" 109 #define MPFR_NAN_STRING_LENGTH 3 110 #define MPFR_INF_STRING_LC "inf" 111 #define MPFR_INF_STRING_UC "INF" 112 #define MPFR_INF_STRING_LENGTH 3 113 114 #define DEFAULT_DECIMAL_PREC 6 115 116 /* The implicit \0 is useless, but we do not write num_to_text[16] 117 otherwise g++ complains. */ 118 static const char num_to_text[] = "0123456789abcdef"; 119 120 /* some macro and functions for parsing format string */ 121 122 /* Read an integer var of type mpfr_intmax_t. In case of overflow, set 123 overflow to 1. 124 The variable var must be 0 on input. If there are no digits, it is 125 left to 0. 126 This macro will be used to read the field width and the precision. 127 The behavior will be similar to ISO C99. Note that unless "*" is 128 used, the result will be non-negative (ISO C99 and C11 just specify 129 "optional decimal integer" for the precision, but the behavior with 130 a hardcoded negative integer is not explicitly defined, thus it is 131 undefined, so that it is fine to reject such integers; the C2x draft 132 now clarifies this: "an optional non-negative decimal integer"). 133 Note: Since mpfr_intmax_t = int is theoretically possible, all values 134 of var are potentially valid values (via '*'). Hence the need of an 135 overflow flag instead of a special value that would indicate overflow. 136 Just saturating would not be OK either as the maximum value could be 137 meaningful with %jn and/or in the case mpfr_intmax_t = int, for 138 MPFR_PREC_ARG, i.e. one must be able to distinguish the maximum value 139 from an overflow. 140 */ 141 #define READ_INT(ap, format, var) \ 142 do { \ 143 MPFR_ASSERTD ((var) == 0); \ 144 if (*(format) == '*') \ 145 { \ 146 (var) = va_arg ((ap), int); \ 147 ++(format); \ 148 } \ 149 else \ 150 for ( ; *(format) >= '0' && *(format) <= '9' ; ++(format)) \ 151 if (!(overflow)) \ 152 { \ 153 if ((var) > MPFR_INTMAX_MAX / 10) \ 154 (overflow) = 1; \ 155 else \ 156 { \ 157 int _i; \ 158 (var) *= 10; \ 159 _i = *(format) - '0'; \ 160 MPFR_ASSERTN (_i >= 0 && _i <= 9); \ 161 if ((var) > MPFR_INTMAX_MAX - _i) \ 162 (overflow) = 1; \ 163 else \ 164 (var) += _i; \ 165 } \ 166 } \ 167 } while (0) 168 169 /* arg_t contains all the types described by the 'type' field of the 170 format string */ 171 enum arg_t 172 { 173 NONE, 174 CHAR_ARG, 175 SHORT_ARG, 176 LONG_ARG, 177 LONG_LONG_ARG, 178 INTMAX_ARG, 179 SIZE_ARG, 180 PTRDIFF_ARG, 181 LONG_DOUBLE_ARG, 182 MPF_ARG, 183 MPQ_ARG, 184 MP_LIMB_ARG, 185 MP_LIMB_ARRAY_ARG, 186 MPZ_ARG, 187 MPFR_PREC_ARG, 188 MPFR_ARG, 189 UNSUPPORTED 190 }; 191 192 /* Each conversion specification of the format string will be translated in a 193 printf_spec structure by the parser. 194 This structure is adapted from the GNU libc one. */ 195 struct printf_spec 196 { 197 unsigned int alt:1; /* # flag */ 198 unsigned int space:1; /* Space flag */ 199 unsigned int left:1; /* - flag */ 200 unsigned int showsign:1; /* + flag */ 201 unsigned int group:1; /* ' flag */ 202 203 mpfr_intmax_t width; /* Width */ 204 mpfr_intmax_t prec; /* Precision, or negative if omitted */ 205 size_t size; /* Wanted size (0 iff snprintf with size=0) */ 206 207 enum arg_t arg_type; /* Type of argument */ 208 mpfr_rnd_t rnd_mode; /* Rounding mode */ 209 char spec; /* Conversion specifier */ 210 211 char pad; /* Padding character */ 212 }; 213 214 static void 215 specinfo_init (struct printf_spec *specinfo) 216 { 217 specinfo->alt = 0; 218 specinfo->space = 0; 219 specinfo->left = 0; 220 specinfo->showsign = 0; 221 specinfo->group = 0; 222 specinfo->width = 0; 223 specinfo->prec = 0; 224 specinfo->size = 1; 225 specinfo->arg_type = NONE; 226 specinfo->rnd_mode = MPFR_RNDN; 227 specinfo->spec = '\0'; 228 specinfo->pad = ' '; 229 } 230 231 /* Note: LONG_ARG is unusual, but is accepted (ISO C99 says "as no effect 232 on a following a, A, e, E, f, F, g, or G conversion specifier"). */ 233 #define FLOATING_POINT_ARG_TYPE(at) \ 234 ((at) == MPFR_ARG || (at) == MPF_ARG \ 235 || (at) == LONG_ARG || (at) == LONG_DOUBLE_ARG) 236 237 #define INTEGER_LIKE_ARG_TYPE(at) \ 238 ((at) == SHORT_ARG || (at) == LONG_ARG || (at) == LONG_LONG_ARG \ 239 || (at) == INTMAX_ARG || (at) == MPFR_PREC_ARG || (at) == MPZ_ARG \ 240 || (at) == MPQ_ARG || (at) == MP_LIMB_ARG || (at) == MP_LIMB_ARRAY_ARG \ 241 || (at) == CHAR_ARG || (at) == SIZE_ARG || (at) == PTRDIFF_ARG) 242 243 static int 244 specinfo_is_valid (struct printf_spec spec) 245 { 246 switch (spec.spec) 247 { 248 case 'n': 249 return -1; 250 251 case 'a': case 'A': 252 case 'e': case 'E': 253 case 'f': /* 'F': see below */ 254 case 'g': case 'G': 255 return (spec.arg_type == NONE 256 || FLOATING_POINT_ARG_TYPE (spec.arg_type)); 257 258 case 'F': /* only MPFR_ARG is supported since GMP doesn't support it 259 due to its use as the mpf_t type specifier */ 260 case 'b': 261 return spec.arg_type == MPFR_ARG; 262 263 case 'd': case 'i': 264 case 'o': case 'u': 265 case 'x': case 'X': 266 return (spec.arg_type == NONE 267 || INTEGER_LIKE_ARG_TYPE (spec.arg_type)); 268 269 case 'c': 270 case 's': 271 return (spec.arg_type == NONE || spec.arg_type == LONG_ARG); 272 273 case 'p': 274 return spec.arg_type == NONE; 275 276 default: 277 return 0; 278 } 279 } 280 281 /* Note: additional flags should be added to the MPFR_PREC_ARG code 282 for gmp_asprintf (when supported). */ 283 MPFR_RETURNS_NONNULL static const char * 284 parse_flags (const char *format, struct printf_spec *specinfo) 285 { 286 while (*format) 287 { 288 switch (*format) 289 { 290 case '0': 291 specinfo->pad = '0'; 292 ++format; 293 break; 294 case '#': 295 specinfo->alt = 1; 296 ++format; 297 break; 298 case '+': 299 specinfo->showsign = 1; 300 ++format; 301 break; 302 case ' ': 303 specinfo->space = 1; 304 ++format; 305 break; 306 case '-': 307 specinfo->left = 1; 308 ++format; 309 break; 310 case '\'': 311 /* Single UNIX Specification for thousand separator */ 312 specinfo->group = 1; 313 ++format; 314 break; 315 default: 316 return format; 317 } 318 } 319 return format; 320 } 321 322 MPFR_RETURNS_NONNULL static const char * 323 parse_arg_type (const char *format, struct printf_spec *specinfo) 324 { 325 switch (*format) 326 { 327 case '\0': 328 break; 329 case 'h': 330 if (*++format == 'h') 331 { 332 ++format; 333 specinfo->arg_type = CHAR_ARG; 334 } 335 else 336 specinfo->arg_type = SHORT_ARG; 337 break; 338 case 'l': 339 if (*++format == 'l') 340 { 341 ++format; 342 #if defined (HAVE_LONG_LONG) 343 specinfo->arg_type = LONG_LONG_ARG; 344 #else 345 specinfo->arg_type = UNSUPPORTED; 346 #endif 347 break; 348 } 349 else 350 { 351 specinfo->arg_type = LONG_ARG; 352 break; 353 } 354 case 'j': 355 ++format; 356 #if defined(_MPFR_H_HAVE_INTMAX_T) 357 specinfo->arg_type = INTMAX_ARG; 358 #else 359 specinfo->arg_type = UNSUPPORTED; 360 #endif 361 break; 362 case 'z': 363 ++format; 364 specinfo->arg_type = SIZE_ARG; 365 break; 366 case 't': 367 ++format; 368 specinfo->arg_type = PTRDIFF_ARG; 369 break; 370 case 'L': 371 ++format; 372 specinfo->arg_type = LONG_DOUBLE_ARG; 373 break; 374 case 'F': 375 ++format; 376 specinfo->arg_type = MPF_ARG; 377 break; 378 case 'Q': 379 ++format; 380 specinfo->arg_type = MPQ_ARG; 381 break; 382 case 'M': 383 ++format; 384 /* The 'M' specifier was added in gmp 4.2.0 */ 385 specinfo->arg_type = MP_LIMB_ARG; 386 break; 387 case 'N': 388 ++format; 389 specinfo->arg_type = MP_LIMB_ARRAY_ARG; 390 break; 391 case 'Z': 392 ++format; 393 specinfo->arg_type = MPZ_ARG; 394 break; 395 396 /* mpfr specific specifiers */ 397 case 'P': 398 ++format; 399 specinfo->arg_type = MPFR_PREC_ARG; 400 break; 401 case 'R': 402 ++format; 403 specinfo->arg_type = MPFR_ARG; 404 } 405 return format; 406 } 407 408 409 /* some macros and functions filling the buffer */ 410 411 /* CONSUME_VA_ARG removes from va_list AP the type expected by SPECINFO */ 412 413 /* With a C++ compiler wchar_t and enumeration in va_list are converted to 414 integer type : int, unsigned int, long or unsigned long (unfortunately, 415 this is implementation dependent). 416 We follow gmp which assumes in print/doprnt.c that wchar_t is converted 417 to int (because wchar_t <= int). 418 For wint_t, we assume that the case WINT_MAX < INT_MAX yields an 419 integer promotion. */ 420 #if defined(WINT_MAX) && WINT_MAX < INT_MAX 421 typedef int mpfr_va_wint; /* integer promotion */ 422 #else 423 typedef wint_t mpfr_va_wint; 424 #endif 425 #define CASE_LONG_ARG(specinfo, ap) \ 426 case LONG_ARG: \ 427 if ((specinfo).spec == 'd' || (specinfo).spec == 'i' \ 428 || (specinfo).spec == 'o' || (specinfo).spec == 'u' \ 429 || (specinfo).spec == 'x' || (specinfo).spec == 'X') \ 430 (void) va_arg ((ap), long); \ 431 else if ((specinfo).spec == 'c') \ 432 (void) va_arg ((ap), mpfr_va_wint); \ 433 else if ((specinfo).spec == 's') \ 434 (void) va_arg ((ap), int); /* we assume integer promotion */ \ 435 else if ((specinfo).spec == 'a' || (specinfo).spec == 'A' \ 436 || (specinfo).spec == 'e' || (specinfo).spec == 'E' \ 437 || (specinfo).spec == 'f' /* 'F' impossible */ \ 438 || (specinfo).spec == 'g' || (specinfo).spec == 'G') \ 439 (void) va_arg ((ap), double); \ 440 else \ 441 MPFR_RET_NEVER_GO_HERE(); \ 442 break; 443 444 #if defined(_MPFR_H_HAVE_INTMAX_T) 445 #define CASE_INTMAX_ARG(specinfo, ap) \ 446 case INTMAX_ARG: \ 447 (void) va_arg ((ap), intmax_t); \ 448 break; 449 #else 450 #define CASE_INTMAX_ARG(specinfo, ap) 451 #endif 452 453 #ifdef HAVE_LONG_LONG 454 #define CASE_LONG_LONG_ARG(specinfo, ap) \ 455 case LONG_LONG_ARG: \ 456 (void) va_arg ((ap), long long); \ 457 break; 458 #else 459 #define CASE_LONG_LONG_ARG(specinfo, ap) 460 #endif 461 462 /* Note: (specinfo).width may be incorrect in case of overflow, 463 but it is not used by CONSUME_VA_ARG. */ 464 #define CONSUME_VA_ARG(specinfo, ap) \ 465 do { \ 466 switch ((specinfo).arg_type) \ 467 { \ 468 case CHAR_ARG: \ 469 case SHORT_ARG: \ 470 (void) va_arg ((ap), int); \ 471 break; \ 472 CASE_LONG_ARG (specinfo, ap) \ 473 CASE_LONG_LONG_ARG (specinfo, ap) \ 474 CASE_INTMAX_ARG (specinfo, ap) \ 475 case SIZE_ARG: \ 476 (void) va_arg ((ap), size_t); \ 477 break; \ 478 case PTRDIFF_ARG: \ 479 (void) va_arg ((ap), ptrdiff_t); \ 480 break; \ 481 case LONG_DOUBLE_ARG: \ 482 (void) va_arg ((ap), long double); \ 483 break; \ 484 case MPF_ARG: \ 485 (void) va_arg ((ap), mpf_srcptr); \ 486 break; \ 487 case MPQ_ARG: \ 488 (void) va_arg ((ap), mpq_srcptr); \ 489 break; \ 490 case MP_LIMB_ARG: \ 491 (void) va_arg ((ap), mp_limb_t); \ 492 break; \ 493 case MP_LIMB_ARRAY_ARG: \ 494 (void) va_arg ((ap), mpfr_limb_ptr); \ 495 (void) va_arg ((ap), mp_size_t); \ 496 break; \ 497 case MPZ_ARG: \ 498 (void) va_arg ((ap), mpz_srcptr); \ 499 break; \ 500 default: \ 501 switch ((specinfo).spec) \ 502 { \ 503 case 'd': \ 504 case 'i': \ 505 case 'o': \ 506 case 'u': \ 507 case 'x': \ 508 case 'X': \ 509 case 'c': \ 510 (void) va_arg ((ap), int); \ 511 break; \ 512 case 'a': \ 513 case 'A': \ 514 case 'e': \ 515 case 'E': \ 516 case 'f': \ 517 /* 'F' impossible */ \ 518 case 'g': \ 519 case 'G': \ 520 (void) va_arg ((ap), double); \ 521 break; \ 522 case 's': \ 523 (void) va_arg ((ap), char *); \ 524 break; \ 525 case 'p': \ 526 (void) va_arg ((ap), void *); \ 527 } \ 528 } \ 529 } while (0) 530 531 /* Process the format part which does not deal with mpfr types, 532 Jump to external label 'error' if gmp_asprintf return -1. 533 Note: start and end are pointers to the format string, so that 534 size_t is the best type to express the difference. 535 FIXME: If buf.size = 0 or size != 0, gmp_vsnprintf should be called 536 instead of gmp_vasprintf, outputting data directly to the buffer 537 when applicable. 538 */ 539 #define FLUSH(flag, start, end, ap, buf_ptr) \ 540 do { \ 541 const size_t n = (end) - (start); \ 542 if ((flag)) \ 543 /* previous specifiers are understood by gmp_printf */ \ 544 { \ 545 MPFR_TMP_DECL (marker); \ 546 char *fmt_copy, *s; \ 547 int length; \ 548 \ 549 MPFR_TMP_MARK (marker); \ 550 fmt_copy = (char *) MPFR_TMP_ALLOC (n + 1); \ 551 strncpy (fmt_copy, (start), n); \ 552 fmt_copy[n] = '\0'; \ 553 length = gmp_vasprintf (&s, fmt_copy, (ap)); \ 554 if (length < 0) \ 555 { \ 556 MPFR_TMP_FREE (marker); \ 557 goto error; \ 558 } \ 559 buffer_cat ((buf_ptr), s, length); \ 560 mpfr_free_str (s); \ 561 (flag) = 0; \ 562 MPFR_TMP_FREE (marker); \ 563 } \ 564 else if ((start) != (end)) \ 565 /* no conversion specification, just simple characters */ \ 566 buffer_cat ((buf_ptr), (start), n); \ 567 } while (0) 568 569 /* Note: in case some form of %n is used in the format string, 570 we may need the maximum signed integer type for len. */ 571 struct string_buffer 572 { 573 char *start; /* beginning of the buffer */ 574 char *curr; /* null terminating character */ 575 size_t size; /* buffer capacity */ 576 mpfr_intmax_t len; /* string length or -1 if overflow */ 577 }; 578 579 static void 580 buffer_init (struct string_buffer *b, size_t s) 581 { 582 if (s != 0) 583 { 584 b->start = (char *) mpfr_allocate_func (s); 585 b->start[0] = '\0'; 586 b->curr = b->start; 587 } 588 b->size = s; 589 b->len = 0; 590 } 591 592 /* Increase the len field of the buffer. Return non-zero iff overflow. */ 593 static int 594 buffer_incr_len (struct string_buffer *b, mpfr_intmax_t len) 595 { 596 if (b->len == -1) 597 return 1; 598 else 599 { 600 /* We need to take mpfr_uintmax_t as the type must be as large 601 as both size_t (which is unsigned) and mpfr_intmax_t (which 602 is used for the 'n' format specifier). */ 603 mpfr_uintmax_t newlen = (mpfr_uintmax_t) b->len + len; 604 605 /* mpfr_uintmax_t is unsigned, thus the above is valid, but one 606 has newlen < len in case of overflow. */ 607 608 if (MPFR_UNLIKELY (newlen < len || newlen > MPFR_INTMAX_MAX)) 609 { 610 MPFR_LOG_MSG (("Overflow\n", 0)); 611 b->len = -1; 612 return 1; 613 } 614 else 615 { 616 b->len = newlen; 617 return 0; 618 } 619 } 620 } 621 622 /* Increase buffer size by a number of character being the least multiple of 623 4096 greater than len+1. */ 624 static void 625 buffer_widen (struct string_buffer *b, size_t len) 626 { 627 const size_t pos = b->curr - b->start; 628 const size_t n = 0x1000 + (len & ~((size_t) 0xfff)); 629 630 /* There are currently limitations here. We would need to switch to 631 the null-size behavior once there is an overflow in the buffer. */ 632 633 MPFR_ASSERTN (n >= 0x1000 && n >= len); 634 635 MPFR_ASSERTD (*b->curr == '\0'); 636 MPFR_ASSERTD (pos < b->size); 637 638 MPFR_ASSERTN (b->size < ((size_t) -1) - n); 639 640 b->start = (char *) mpfr_reallocate_func (b->start, b->size, b->size + n); 641 b->size += n; 642 b->curr = b->start + pos; 643 644 MPFR_ASSERTD (pos < b->size); 645 MPFR_ASSERTD (*b->curr == '\0'); 646 } 647 648 /* Concatenate the first len characters of the string s to the buffer b and 649 expand it if needed. Return non-zero if overflow. */ 650 static int 651 buffer_cat (struct string_buffer *b, const char *s, size_t len) 652 { 653 /* If len == 0, which is possible when outputting an integer 0 654 (either a native one or mpfr_prec_t) with precision field = 0, 655 do nothing. This test is not necessary since the code below is 656 valid for len == 0, but this is safer, just in case. */ 657 if (len == 0) 658 return 0; 659 660 MPFR_ASSERTD (len <= strlen (s)); 661 662 if (buffer_incr_len (b, len)) 663 return 1; 664 665 if (b->size != 0) 666 { 667 MPFR_ASSERTD (*b->curr == '\0'); 668 MPFR_ASSERTN (b->size < ((size_t) -1) - len); 669 if (MPFR_UNLIKELY (b->curr + len >= b->start + b->size)) 670 buffer_widen (b, len); 671 672 /* strncat is similar to strncpy here, except that strncat ensures 673 that the buffer will be null-terminated. */ 674 strncat (b->curr, s, len); 675 b->curr += len; 676 677 MPFR_ASSERTD (b->curr < b->start + b->size); 678 MPFR_ASSERTD (*b->curr == '\0'); 679 } 680 681 return 0; 682 } 683 684 /* Add n characters c to the end of buffer b. Return non-zero if overflow. */ 685 static int 686 buffer_pad (struct string_buffer *b, const char c, const mpfr_intmax_t n) 687 { 688 MPFR_ASSERTD (n > 0); 689 690 if (buffer_incr_len (b, n)) 691 return 1; 692 693 if (b->size != 0) 694 { 695 MPFR_ASSERTD (*b->curr == '\0'); 696 697 if (n > (size_t) -1 || b->size > ((size_t) -1) - n) 698 { 699 /* Reallocation will not be possible. Regard this as an overflow. */ 700 b->len = -1; 701 return 1; 702 } 703 704 if (MPFR_UNLIKELY (b->curr + n >= b->start + b->size)) 705 buffer_widen (b, n); 706 707 if (n == 1) 708 *b->curr = c; 709 else 710 memset (b->curr, c, n); 711 b->curr += n; 712 *b->curr = '\0'; 713 714 MPFR_ASSERTD (b->curr < b->start + b->size); 715 } 716 717 return 0; 718 } 719 720 /* Form a string by concatenating the first len characters of str to tz 721 zero(s), insert into one character c each 3 characters starting from end 722 to beginning and concatenate the result to the buffer b. 723 Assume c is not null (\0). Return non-zero if overflow. */ 724 static int 725 buffer_sandwich (struct string_buffer *b, char *str, size_t len, 726 const size_t tz, const char c) 727 { 728 const size_t step = 3; 729 size_t size, q, r, fullsize, i; 730 char *oldcurr; 731 732 MPFR_ASSERTD (b->size != 0); 733 MPFR_ASSERTD (tz == 0 || tz == 1); 734 735 if (len <= ULONG_MAX) 736 MPFR_LOG_MSG (("len=%lu\n", (unsigned long) len)); 737 if (tz <= ULONG_MAX) 738 MPFR_LOG_MSG (("tz=%lu\n", (unsigned long) tz)); 739 740 MPFR_ASSERTD (len <= strlen (str)); 741 MPFR_ASSERTD (c != '\0'); 742 743 /* check that len + tz does not overflow */ 744 if (len > (size_t) -1 - tz) 745 return 1; 746 747 size = len + tz; /* number of digits */ 748 MPFR_ASSERTD (size > 0); 749 750 q = (size - 1) / step; /* number of separators C */ 751 r = ((size - 1) % step) + 1; /* number of digits in the leftmost block */ 752 MPFR_ASSERTD (r >= 1 && r <= step); 753 754 /* check that size + q does not overflow */ 755 if (size > (size_t) -1 - q) 756 return 1; 757 758 fullsize = size + q; /* number of digits and separators */ 759 760 if (buffer_incr_len (b, fullsize)) 761 return 1; 762 763 MPFR_ASSERTD (*b->curr == '\0'); 764 MPFR_ASSERTN (b->size < ((size_t) -1) - fullsize); 765 if (MPFR_UNLIKELY (b->curr + fullsize >= b->start + b->size)) 766 buffer_widen (b, fullsize); 767 768 MPFR_DBGRES (oldcurr = b->curr); 769 770 /* first r significant digits (leftmost block) */ 771 if (r <= len) 772 { 773 memcpy (b->curr, str, r); 774 str += r; 775 len -= r; 776 } 777 else 778 { 779 MPFR_ASSERTD (r > len); 780 MPFR_ASSERTD (len < step); /* as a consequence */ 781 MPFR_ASSERTD (size <= step); /* as a consequence */ 782 MPFR_ASSERTD (q == 0); /* as a consequence */ 783 MPFR_ASSERTD (r == size); /* as a consequence */ 784 MPFR_ASSERTD (tz == 1); /* as a consequence */ 785 memcpy (b->curr, str, len); 786 *(b->curr + len) = '0'; /* trailing zero */ 787 /* We do not need to set len to 0 since it will not be read again 788 (q = 0, so that the loop below will have 0 iterations). */ 789 } 790 b->curr += r; 791 792 for (i = 0; i < q; ++i) 793 { 794 *b->curr++ = c; 795 if (MPFR_LIKELY (len >= step)) 796 { 797 memcpy (b->curr, str, step); 798 len -= step; 799 str += step; 800 } 801 else 802 { 803 /* last digits */ 804 MPFR_ASSERTD (i == q - 1 && step - len == 1); 805 memcpy (b->curr, str, len); 806 *(b->curr + len) = '0'; /* trailing zero */ 807 } 808 b->curr += step; 809 } 810 811 MPFR_ASSERTD (b->curr - oldcurr == fullsize); 812 813 *b->curr = '\0'; 814 815 MPFR_ASSERTD (b->curr < b->start + b->size); 816 817 return 0; 818 } 819 820 /* Helper struct and functions for temporary strings management */ 821 /* struct for easy string clearing */ 822 struct string_list 823 { 824 char *string; 825 struct string_list *next; /* NULL in last node */ 826 }; 827 828 /* initialization */ 829 static void 830 init_string_list (struct string_list *sl) 831 { 832 sl->string = NULL; 833 sl->next = NULL; 834 } 835 836 /* clear all strings in the list */ 837 static void 838 clear_string_list (struct string_list *sl) 839 { 840 struct string_list *n; 841 842 while (sl) 843 { 844 if (sl->string) 845 mpfr_free_str (sl->string); 846 n = sl->next; 847 mpfr_free_func (sl, sizeof(struct string_list)); 848 sl = n; 849 } 850 } 851 852 /* add a string in the list */ 853 static char * 854 register_string (struct string_list *sl, char *new_string) 855 { 856 /* look for the last node */ 857 while (sl->next) 858 sl = sl->next; 859 860 sl->next = (struct string_list *) 861 mpfr_allocate_func (sizeof (struct string_list)); 862 863 sl = sl->next; 864 sl->next = NULL; 865 return sl->string = new_string; 866 } 867 868 /* padding type: where are the padding characters */ 869 enum pad_t 870 { 871 LEFT, /* spaces in left hand side for right justification */ 872 LEADING_ZEROS, /* padding with '0' characters in integral part */ 873 RIGHT /* spaces in right hand side for left justification */ 874 }; 875 876 /* number_parts details how much characters are needed in each part of a float 877 print. */ 878 struct number_parts 879 { 880 enum pad_t pad_type; /* Padding type */ 881 mpfr_intmax_t pad_size; /* Number of padding characters */ 882 883 char sign; /* Sign character */ 884 885 char *prefix_ptr; /* Pointer to prefix part */ 886 size_t prefix_size; /* Number of characters in *prefix_ptr */ 887 888 char thousands_sep; /* Thousands separator (only with style 'f') */ 889 890 char *ip_ptr; /* Pointer to integral part characters*/ 891 size_t ip_size; /* Number of digits in *ip_ptr */ 892 int ip_trailing_digits; /* Number of additional digits in integral part 893 (if spec.size != 0, this can only be a zero) */ 894 895 char point; /* Decimal point character */ 896 897 mpfr_intmax_t fp_leading_zeros; /* Number of additional leading zeros in 898 fractional part */ 899 char *fp_ptr; /* Pointer to fractional part characters */ 900 size_t fp_size; /* Number of digits in *fp_ptr */ 901 mpfr_intmax_t fp_trailing_zeros; /* Number of additional trailing zeros in 902 fractional part */ 903 904 char *exp_ptr; /* Pointer to exponent part */ 905 size_t exp_size; /* Number of characters in *exp_ptr */ 906 907 struct string_list *sl; /* List of string buffers in use: we need such a 908 mechanism because fp_ptr may point into the same 909 string as ip_ptr */ 910 }; 911 912 /* For a real non zero number x, what is the base exponent f when rounding x 913 with rounding mode r to r(x) = m*b^f, where m is a digit and 1 <= m < b ? 914 Return non zero value if x is rounded up to b^f, return zero otherwise */ 915 /* FIXME: It seems that the base-2 exponent is taken into account, which is 916 what is expected. In this case, the description is incorrect. */ 917 static int 918 next_base_power_p (mpfr_srcptr x, int base, mpfr_rnd_t rnd) 919 { 920 mpfr_prec_t nbits; 921 mp_limb_t pm; 922 mp_limb_t xm; 923 924 MPFR_ASSERTD (MPFR_IS_PURE_FP (x)); 925 MPFR_ASSERTD (base == 2 || base == 16); 926 927 /* Warning: the decimal point is AFTER THE FIRST DIGIT in this output 928 representation. */ 929 nbits = base == 2 ? 1 : 4; 930 931 if (rnd == MPFR_RNDZ 932 || (rnd == MPFR_RNDD && MPFR_IS_POS (x)) 933 || (rnd == MPFR_RNDU && MPFR_IS_NEG (x)) 934 || MPFR_PREC (x) <= nbits) 935 /* no rounding when printing x with 1 digit */ 936 return 0; 937 938 xm = MPFR_MANT (x) [MPFR_LIMB_SIZE (x) - 1]; 939 pm = MPFR_LIMB_MASK (GMP_NUMB_BITS - nbits); 940 if ((xm & ~pm) ^ ~pm) 941 /* do no round up if some of the nbits first bits are 0s. */ 942 return 0; 943 944 if (rnd == MPFR_RNDN) 945 /* mask for rounding bit */ 946 pm = (MPFR_LIMB_ONE << (GMP_NUMB_BITS - nbits - 1)); 947 948 /* round up if some remaining bits are 1 */ 949 /* warning: the return value must be an int */ 950 return xm & pm ? 1 : 0; 951 } 952 953 /* Record information from mpfr_get_str() so as to avoid multiple 954 calls to this expensive function. */ 955 struct decimal_info 956 { 957 mpfr_exp_t exp; 958 char *str; 959 }; 960 961 /* For a real non zero number x, what is the exponent f so that 962 10^f <= x < 10^(f+1). */ 963 static mpfr_exp_t 964 floor_log10 (mpfr_srcptr x) 965 { 966 mpfr_t y; 967 mpfr_exp_t exp; 968 969 /* make sure first that y can represent a mpfr_exp_t exactly 970 and can compare with x */ 971 mpfr_prec_t prec = sizeof (mpfr_exp_t) * CHAR_BIT; 972 mpfr_init2 (y, MAX (prec, MPFR_PREC (x))); 973 974 exp = mpfr_ceil_mul (MPFR_GET_EXP (x), 10, 1) - 1; 975 mpfr_set_exp_t (y, exp, MPFR_RNDU); 976 /* The following call to mpfr_ui_pow should be fast: y is an integer 977 (not too large), so that mpfr_pow_z will be used internally. */ 978 mpfr_ui_pow (y, 10, y, MPFR_RNDU); 979 if (mpfr_cmpabs (x, y) < 0) 980 exp--; 981 982 mpfr_clear (y); 983 return exp; 984 } 985 986 #define NDIGITS 8 987 988 MPFR_RETURNS_NONNULL static char * 989 mpfr_get_str_wrapper (mpfr_exp_t *exp, int base, size_t n, mpfr_srcptr op, 990 const struct printf_spec spec) 991 { 992 size_t ndigits; 993 char *str, *s, nine; 994 int neg; 995 996 /* Possibles bases for the *printf functions. */ 997 MPFR_ASSERTD (base == 2 || base == 10 || base == 16); 998 999 if (spec.size != 0) 1000 return mpfr_get_str (NULL, exp, base, n, op, spec.rnd_mode); 1001 1002 /* Special case size = 0, i.e., xxx_snprintf with size = 0: we only want 1003 to compute the number of printed characters. Try to deduce it from 1004 a small number of significant digits. */ 1005 nine = base == 2 ? '1' : base == 10 ? '9' : 'f'; 1006 for (ndigits = NDIGITS; ; ndigits *= 2) 1007 { 1008 mpfr_rnd_t rnd = MPFR_RNDZ; 1009 /* when ndigits > n, we reduce it to the target size n, and then we use 1010 the wanted rounding mode, to avoid errors for example when n=1 and 1011 x = 9.5 with spec.rnd_mode = RNDU */ 1012 if (ndigits >= n) 1013 { 1014 ndigits = n; 1015 rnd = spec.rnd_mode; 1016 } 1017 str = mpfr_get_str (NULL, exp, base, ndigits, op, rnd); 1018 if (ndigits == n) 1019 break; 1020 neg = str[0] == '-'; 1021 s = str + neg; 1022 while (*s == nine) 1023 s ++; 1024 if (s < str + neg + ndigits) /* we don't have ndigits 'nines' */ 1025 break; 1026 mpfr_free_str (str); 1027 MPFR_ASSERTN (ndigits <= ((size_t) -1) / 2); 1028 /* to make sure that the product by 2 is representable. */ 1029 } 1030 return str; 1031 } 1032 1033 /* Determine the different parts of the string representation of the regular 1034 number P when spec.spec is 'a', 'A', or 'b'. 1035 1036 Return -1 in case of overflow on the sizes. 1037 1038 Note for 'a'/'A': If the precision field is non-zero, the output is the 1039 one with a binary exponent that is a multiple of 4 (thus this is similar 1040 to base 16, where base-16 exponent = binary exponent / 4). But if the 1041 precision field is 0, the exponent is no longer restricted to a multiple 1042 of 4; the precision is maximized, but the displayed digit may be 1; this 1043 is completely unintuitive. 1044 The obtained output for 4 values with precision fields 0 and 1: 1045 0 1 1046 30 0xfp+1 0x1.ep+4 1047 31 0x1p+5 0x1.fp+4 1048 32 0x8p+2 0x2.0p+4 1049 33 0x8p+2 0x2.1p+4 1050 First, the output for numbers that round up to the next power of 16 1051 with a precision field 0, like 31 here, has an unexpected form: here 1052 with 31, "0x1p+5" instead of "0x8p+2". 1053 Moreover, if one increases the output precision, the output form 1054 changes (even if no rounding is involved). For instance, for 32, 1055 "0x8p+2" changes to "0x2.0p+4" instead of "0x8.0p+2". 1056 FIXME: choose first digit = always 1. Discussion: 1057 https://sympa.inria.fr/sympa/arc/mpfr/2021-05/msg00002.html 1058 */ 1059 static int 1060 regular_ab (struct number_parts *np, mpfr_srcptr p, 1061 const struct printf_spec spec) 1062 { 1063 int uppercase; 1064 int base; 1065 char *str; 1066 mpfr_exp_t exp; 1067 1068 uppercase = spec.spec == 'A'; 1069 1070 /* sign */ 1071 if (MPFR_IS_NEG (p)) 1072 np->sign = '-'; 1073 else if (spec.showsign || spec.space) 1074 np->sign = spec.showsign ? '+' : ' '; 1075 1076 if (spec.spec == 'a' || spec.spec == 'A') 1077 /* prefix part */ 1078 { 1079 np->prefix_size = 2; 1080 str = (char *) mpfr_allocate_func (1 + np->prefix_size); 1081 str[0] = '0'; 1082 str[1] = uppercase ? 'X' : 'x'; 1083 str[2] = '\0'; 1084 np->prefix_ptr = register_string (np->sl, str); 1085 } 1086 1087 /* integral part */ 1088 np->ip_size = 1; 1089 base = (spec.spec == 'b') ? 2 : 16; 1090 1091 if (spec.prec != 0) 1092 { 1093 size_t nsd; 1094 1095 /* Number of significant digits: 1096 - if no given precision, let mpfr_get_str determine it; 1097 - if a non-zero precision is specified, then one digit before decimal 1098 point plus SPEC.PREC after it (which will give nsd > 1 below). */ 1099 MPFR_ASSERTD (np->ip_size == 1); /* thus the + 1 below */ 1100 if (spec.prec < 0) 1101 nsd = 0; 1102 else 1103 { 1104 if (MPFR_UNLIKELY (spec.prec > (size_t) -2)) /* overflow */ 1105 return -1; 1106 nsd = (size_t) spec.prec + 1; 1107 MPFR_ASSERTD (nsd != 1); 1108 } 1109 str = mpfr_get_str_wrapper (&exp, base, nsd, p, spec); 1110 register_string (np->sl, str); 1111 np->ip_ptr = MPFR_IS_NEG (p) ? ++str : str; /* skip sign if any */ 1112 1113 if (base == 16) 1114 /* EXP is the exponent for radix sixteen with decimal point BEFORE the 1115 first digit, we want the exponent for radix two and the decimal 1116 point AFTER the first digit. */ 1117 { 1118 /* An integer overflow is normally not possible since MPFR_EXP_MIN 1119 is twice as large as MPFR_EMIN_MIN. */ 1120 MPFR_ASSERTN (exp > (MPFR_EXP_MIN + 3) / 4); 1121 exp = (exp - 1) * 4; 1122 } 1123 else 1124 /* EXP is the exponent for decimal point BEFORE the first digit, we 1125 want the exponent for decimal point AFTER the first digit. */ 1126 { 1127 /* An integer overflow is normally not possible since MPFR_EXP_MIN 1128 is twice as large as MPFR_EMIN_MIN. */ 1129 MPFR_ASSERTN (exp > MPFR_EXP_MIN); 1130 --exp; 1131 } 1132 } 1133 else if (next_base_power_p (p, base, spec.rnd_mode)) 1134 { 1135 str = (char *) mpfr_allocate_func (2); 1136 str[0] = '1'; 1137 str[1] = '\0'; 1138 np->ip_ptr = register_string (np->sl, str); 1139 1140 exp = MPFR_GET_EXP (p); 1141 } 1142 else if (base == 2) 1143 { 1144 str = (char *) mpfr_allocate_func (2); 1145 str[0] = '1'; 1146 str[1] = '\0'; 1147 np->ip_ptr = register_string (np->sl, str); 1148 1149 exp = MPFR_GET_EXP (p) - 1; 1150 } 1151 else 1152 { 1153 int digit; 1154 mp_limb_t msl = MPFR_MANT (p)[MPFR_LIMB_SIZE (p) - 1]; 1155 int rnd_bit = GMP_NUMB_BITS - 5; 1156 1157 /* pick up the 4 first bits */ 1158 digit = msl >> (rnd_bit + 1); 1159 if (spec.rnd_mode == MPFR_RNDA 1160 || (spec.rnd_mode == MPFR_RNDU && MPFR_IS_POS (p)) 1161 || (spec.rnd_mode == MPFR_RNDD && MPFR_IS_NEG (p)) 1162 || (spec.rnd_mode == MPFR_RNDN 1163 && (msl & (MPFR_LIMB_ONE << rnd_bit)))) 1164 digit++; 1165 MPFR_ASSERTD (0 <= digit && digit <= 15); 1166 1167 str = (char *) mpfr_allocate_func (1 + np->ip_size); 1168 str[0] = num_to_text [digit]; 1169 str[1] = '\0'; 1170 np->ip_ptr = register_string (np->sl, str); 1171 1172 exp = MPFR_GET_EXP (p) - 4; 1173 } 1174 1175 if (uppercase) 1176 /* All digits in upper case */ 1177 { 1178 char *s1 = str; 1179 while (*s1) 1180 { 1181 switch (*s1) 1182 { 1183 case 'a': 1184 *s1 = 'A'; 1185 break; 1186 case 'b': 1187 *s1 = 'B'; 1188 break; 1189 case 'c': 1190 *s1 = 'C'; 1191 break; 1192 case 'd': 1193 *s1 = 'D'; 1194 break; 1195 case 'e': 1196 *s1 = 'E'; 1197 break; 1198 case 'f': 1199 *s1 = 'F'; 1200 break; 1201 } 1202 s1++; 1203 } 1204 } 1205 1206 if (spec.spec == 'b' || spec.prec != 0) 1207 /* compute the number of digits in fractional part */ 1208 { 1209 char *ptr; 1210 size_t str_len; 1211 1212 /* the sign has been skipped, skip also the first digit */ 1213 ++str; 1214 str_len = strlen (str); 1215 ptr = str + str_len - 1; /* points to the end of str */ 1216 1217 if (spec.prec < 0) 1218 /* remove trailing zeros, if any */ 1219 { 1220 while (*ptr == '0' && str_len != 0) 1221 { 1222 --ptr; 1223 --str_len; 1224 } 1225 } 1226 1227 if (str_len != 0) 1228 /* there are some non-zero digits in fractional part */ 1229 { 1230 np->fp_ptr = str; 1231 np->fp_size = str_len; 1232 /* Warning! str_len has type size_t, which is unsigned. */ 1233 if (spec.prec > 0 && str_len < spec.prec) 1234 { 1235 np->fp_trailing_zeros = spec.prec - str_len; 1236 MPFR_ASSERTD (np->fp_trailing_zeros >= 0); 1237 } 1238 } 1239 } 1240 1241 /* decimal point */ 1242 if (np->fp_size != 0 || spec.alt) 1243 np->point = MPFR_DECIMAL_POINT; 1244 1245 /* the exponent part contains the character 'p', or 'P' plus the sign 1246 character plus at least one digit and only as many more digits as 1247 necessary to represent the exponent. 1248 We assume that |EXP| < 10^INT_MAX. */ 1249 np->exp_size = 3; 1250 { 1251 mpfr_uexp_t x; 1252 1253 x = SAFE_ABS (mpfr_uexp_t, exp); 1254 while (x > 9) 1255 { 1256 np->exp_size++; 1257 x /= 10; 1258 } 1259 } 1260 str = (char *) mpfr_allocate_func (1 + np->exp_size); 1261 np->exp_ptr = register_string (np->sl, str); 1262 { 1263 char exp_fmt[8]; /* contains at most 7 characters like in "p%+.1i", 1264 or "P%+.2li" */ 1265 1266 exp_fmt[0] = uppercase ? 'P' : 'p'; 1267 exp_fmt[1] = '\0'; 1268 strcat (exp_fmt, "%+.1" MPFR_EXP_FSPEC "d"); 1269 1270 if (MPFR_UNLIKELY (sprintf (str, exp_fmt, (mpfr_eexp_t) exp) < 0)) 1271 return -1; 1272 } 1273 1274 return 0; 1275 } 1276 1277 /* Determine the different parts of the string representation of the regular 1278 number P when spec.spec is 'e', 'E', 'g', or 'G'. 1279 dec_info contains the previously computed exponent and string or is 1280 a null pointer. 1281 1282 Return -1 in case of overflow on the sizes. */ 1283 static int 1284 regular_eg (struct number_parts *np, mpfr_srcptr p, 1285 const struct printf_spec spec, struct decimal_info *dec_info, 1286 int keep_trailing_zeros) 1287 { 1288 char *str; 1289 mpfr_exp_t exp; 1290 1291 const int uppercase = spec.spec == 'E' || spec.spec == 'G'; 1292 1293 /* sign */ 1294 if (MPFR_IS_NEG (p)) 1295 np->sign = '-'; 1296 else if (spec.showsign || spec.space) 1297 np->sign = spec.showsign ? '+' : ' '; 1298 1299 /* integral part */ 1300 np->ip_size = 1; 1301 if (dec_info == NULL) 1302 { 1303 size_t nsd; 1304 1305 /* Number of significant digits: 1306 - if no given precision, then let mpfr_get_str determine it, 1307 - if a precision is specified, then one digit before decimal point 1308 plus SPEC.PREC after it. 1309 We use the fact here that mpfr_get_str allows us to ask for only one 1310 significant digit when the base is not a power of 2. */ 1311 MPFR_ASSERTD (np->ip_size == 1); /* thus the + 1 below */ 1312 if (spec.prec < 0) 1313 nsd = 0; 1314 else 1315 { 1316 if (MPFR_UNLIKELY (spec.prec > (size_t) -2)) /* overflow */ 1317 return -1; 1318 nsd = (size_t) spec.prec + 1; 1319 } 1320 str = mpfr_get_str_wrapper (&exp, 10, nsd, p, spec); 1321 register_string (np->sl, str); 1322 } 1323 else 1324 { 1325 exp = dec_info->exp; 1326 str = dec_info->str; 1327 } 1328 np->ip_ptr = MPFR_IS_NEG (p) ? ++str : str; /* skip sign if any */ 1329 1330 if (spec.prec != 0) 1331 /* compute the number of digits in fractional part */ 1332 { 1333 char *ptr; 1334 size_t str_len; 1335 1336 /* the sign has been skipped, skip also the first digit */ 1337 ++str; 1338 str_len = strlen (str); 1339 ptr = str + str_len - 1; /* points to the end of str */ 1340 1341 if (!keep_trailing_zeros) 1342 /* remove trailing zeros, if any */ 1343 { 1344 while (*ptr == '0' && str_len != 0) 1345 { 1346 --ptr; 1347 --str_len; 1348 } 1349 } 1350 1351 if (str_len != 0) 1352 /* there are some non-zero digits in fractional part */ 1353 { 1354 np->fp_ptr = str; 1355 np->fp_size = str_len; 1356 /* Warning! str_len has type size_t, which is unsigned. */ 1357 if (keep_trailing_zeros && spec.prec > 0 && str_len < spec.prec) 1358 { 1359 /* add missing trailing zeros */ 1360 np->fp_trailing_zeros = spec.prec - str_len; 1361 MPFR_ASSERTD (np->fp_trailing_zeros >= 0); 1362 } 1363 } 1364 } 1365 1366 /* decimal point */ 1367 if (np->fp_size != 0 || spec.alt) 1368 np->point = MPFR_DECIMAL_POINT; 1369 1370 /* EXP is the exponent for decimal point BEFORE the first digit, we want 1371 the exponent for decimal point AFTER the first digit. 1372 Here, no possible overflow because exp < MPFR_EXP (p) / 3 */ 1373 exp--; 1374 1375 /* the exponent part contains the character 'e', or 'E' plus the sign 1376 character plus at least two digits and only as many more digits as 1377 necessary to represent the exponent. 1378 We assume that |EXP| < 10^INT_MAX. */ 1379 np->exp_size = 3; 1380 { 1381 mpfr_uexp_t x; 1382 1383 x = SAFE_ABS (mpfr_uexp_t, exp); 1384 while (x > 9) 1385 { 1386 np->exp_size++; 1387 x /= 10; 1388 } 1389 } 1390 if (np->exp_size < 4) 1391 np->exp_size = 4; 1392 1393 str = (char *) mpfr_allocate_func (1 + np->exp_size); 1394 np->exp_ptr = register_string (np->sl, str); 1395 1396 { 1397 char exp_fmt[8]; /* e.g. "e%+.2i", or "E%+.2li" */ 1398 1399 exp_fmt[0] = uppercase ? 'E' : 'e'; 1400 exp_fmt[1] = '\0'; 1401 strcat (exp_fmt, "%+.2" MPFR_EXP_FSPEC "d"); 1402 1403 if (MPFR_UNLIKELY (sprintf (str, exp_fmt, (mpfr_eexp_t) exp) < 0)) 1404 return -1; 1405 } 1406 1407 return 0; 1408 } 1409 1410 /* Determine the different parts of the string representation of the regular 1411 number P when spec.spec is 'f', 'F', 'g', or 'G'. 1412 dec_info contains the previously computed exponent and string or is 1413 a null pointer. 1414 1415 Return -1 in case of overflow on the sizes. */ 1416 static int 1417 regular_fg (struct number_parts *np, mpfr_srcptr p, 1418 const struct printf_spec spec, struct decimal_info *dec_info, 1419 int keep_trailing_zeros) 1420 { 1421 mpfr_exp_t exp; 1422 char * str; 1423 1424 /* WARNING: an empty precision field is forbidden (it means precision = 6 1425 and it should have been changed to 6 before the function call) */ 1426 MPFR_ASSERTD (spec.prec >= 0); 1427 1428 /* sign */ 1429 if (MPFR_IS_NEG (p)) 1430 np->sign = '-'; 1431 else if (spec.showsign || spec.space) 1432 np->sign = spec.showsign ? '+' : ' '; 1433 1434 if (MPFR_GET_EXP (p) <= 0) 1435 /* 0 < |p| < 1 */ 1436 { 1437 /* Most of the time, integral part is 0 */ 1438 np->ip_size = 1; 1439 str = (char *) mpfr_allocate_func (1 + np->ip_size); 1440 str[0] = '0'; 1441 str[1] = '\0'; 1442 np->ip_ptr = register_string (np->sl, str); 1443 1444 if (spec.prec == 0) 1445 /* only two possibilities: either 1 or 0. */ 1446 { 1447 mpfr_t y; 1448 /* y = abs(p) */ 1449 MPFR_ALIAS (y, p, 1, MPFR_EXP (p)); 1450 1451 if (spec.rnd_mode == MPFR_RNDA 1452 || (spec.rnd_mode == MPFR_RNDD && MPFR_IS_NEG (p)) 1453 || (spec.rnd_mode == MPFR_RNDU && MPFR_IS_POS (p)) 1454 || (spec.rnd_mode == MPFR_RNDN && mpfr_cmp_d (y, 0.5) > 0)) 1455 /* rounded up to 1: one digit '1' in integral part. 1456 note that 0.5 is rounded to 0 with RNDN (round ties to even) */ 1457 np->ip_ptr[0] = '1'; 1458 } 1459 else 1460 { 1461 /* exp = position of the most significant decimal digit. */ 1462 exp = floor_log10 (p); 1463 MPFR_ASSERTD (exp < 0); 1464 1465 if (exp < -spec.prec) 1466 /* only the last digit may be non zero */ 1467 { 1468 int round_away; 1469 1470 /* Due to mpfr_set_si below... */ 1471 if (MPFR_UNLIKELY (spec.prec > LONG_MAX)) /* overflow */ 1472 return -1; 1473 1474 switch (spec.rnd_mode) 1475 { 1476 case MPFR_RNDA: 1477 case MPFR_RNDF: /* round_away = 1 needed for %Rg */ 1478 round_away = 1; 1479 break; 1480 case MPFR_RNDZ: 1481 round_away = 0; 1482 break; 1483 case MPFR_RNDD: 1484 round_away = MPFR_IS_NEG (p); 1485 break; 1486 case MPFR_RNDU: 1487 round_away = MPFR_IS_POS (p); 1488 break; 1489 default: 1490 { 1491 /* compare |p| to y = 0.5*10^(-spec.prec) */ 1492 mpfr_t y; 1493 mpfr_exp_t e = MAX (MPFR_PREC (p), 56); 1494 int cmp; 1495 1496 MPFR_ASSERTN (spec.rnd_mode == MPFR_RNDN); 1497 mpfr_init2 (y, e + 8); 1498 1499 do 1500 { 1501 /* find a lower approximation of 1502 0.5*10^(-spec.prec) different from |p| */ 1503 e += 8; 1504 mpfr_set_prec (y, e); 1505 mpfr_set_si (y, -spec.prec, MPFR_RNDN); 1506 mpfr_exp10 (y, y, MPFR_RNDD); 1507 mpfr_div_2ui (y, y, 1, MPFR_RNDN); 1508 cmp = mpfr_cmpabs (y, p); 1509 } 1510 while (cmp == 0); 1511 1512 round_away = cmp < 0; 1513 mpfr_clear (y); 1514 } 1515 break; 1516 } 1517 1518 if (round_away) 1519 /* round away from zero: the last output digit is '1' */ 1520 { 1521 np->fp_leading_zeros = spec.prec - 1; 1522 1523 np->fp_size = 1; 1524 str = (char *) mpfr_allocate_func (1 + np->fp_size); 1525 str[0] = '1'; 1526 str[1] = '\0'; 1527 np->fp_ptr = register_string (np->sl, str); 1528 } 1529 else 1530 /* only zeros in fractional part */ 1531 { 1532 MPFR_ASSERTD (spec.spec == 'f' || spec.spec == 'F'); 1533 np->fp_leading_zeros = spec.prec; 1534 } 1535 } 1536 else /* exp >= -spec.prec */ 1537 /* the most significant digits are the last 1538 spec.prec + exp + 1 digits in fractional part */ 1539 { 1540 char *ptr; 1541 size_t str_len; 1542 1543 MPFR_ASSERTD (exp >= -spec.prec); 1544 if (dec_info == NULL) 1545 { 1546 size_t nsd; 1547 1548 MPFR_ASSERTD (exp <= -1); 1549 MPFR_ASSERTD (spec.prec + (exp + 1) >= 0); 1550 if (MPFR_UNLIKELY (spec.prec + (exp + 1) > (size_t) -1)) 1551 return -1; 1552 nsd = spec.prec + (exp + 1); 1553 /* WARNING: nsd may equal 1, but here we use the 1554 fact that mpfr_get_str can return one digit with 1555 base ten (undocumented feature, see comments in 1556 get_str.c) */ 1557 1558 str = mpfr_get_str_wrapper (&exp, 10, nsd, p, spec); 1559 register_string (np->sl, str); 1560 } 1561 else 1562 { 1563 exp = dec_info->exp; 1564 str = dec_info->str; 1565 } 1566 if (MPFR_IS_NEG (p)) 1567 /* skip sign */ 1568 ++str; 1569 if (exp == 1) 1570 /* round up to 1 */ 1571 { 1572 MPFR_ASSERTD (str[0] == '1'); 1573 np->ip_ptr[0] = '1'; 1574 if (keep_trailing_zeros) 1575 np->fp_leading_zeros = spec.prec; 1576 } 1577 else 1578 { 1579 np->fp_ptr = str; 1580 np->fp_leading_zeros = -exp; 1581 MPFR_ASSERTD (exp <= 0); 1582 1583 str_len = strlen (str); /* the sign has been skipped */ 1584 ptr = str + str_len - 1; /* points to the end of str */ 1585 1586 if (!keep_trailing_zeros) 1587 /* remove trailing zeros, if any */ 1588 { 1589 while (*ptr == '0' && str_len != 0) 1590 { 1591 --ptr; 1592 --str_len; 1593 } 1594 } 1595 1596 MPFR_ASSERTD (str_len > 0); 1597 np->fp_size = str_len; 1598 1599 /* The np->fp_size <= MPFR_INTMAX_MAX test and the 1600 cast to mpfr_uintmax_t below allow one to avoid 1601 integer overflow. */ 1602 if (keep_trailing_zeros 1603 && spec.prec > 0 1604 && np->fp_size <= MPFR_INTMAX_MAX 1605 && ((mpfr_uintmax_t) 1606 np->fp_leading_zeros + np->fp_size) < spec.prec) 1607 { 1608 /* add missing trailing zeros */ 1609 np->fp_trailing_zeros = spec.prec 1610 - np->fp_leading_zeros - np->fp_size; 1611 MPFR_ASSERTD (np->fp_trailing_zeros >= 0); 1612 } 1613 } 1614 } 1615 } 1616 1617 if (spec.alt || np->fp_leading_zeros != 0 || np->fp_size != 0 1618 || np->fp_trailing_zeros != 0) 1619 np->point = MPFR_DECIMAL_POINT; 1620 } 1621 else 1622 /* 1 <= |p| */ 1623 { 1624 size_t str_len; 1625 1626 /* Determine the position of the most significant decimal digit. */ 1627 exp = floor_log10 (p); 1628 MPFR_ASSERTD (exp >= 0); 1629 1630 if (dec_info == NULL) 1631 { 1632 /* %f case */ 1633 mpfr_uintmax_t n; 1634 1635 n = (mpfr_uintmax_t) spec.prec + (exp + 1); 1636 if (MPFR_UNLIKELY (n > (size_t) -1)) 1637 return -1; 1638 str = mpfr_get_str_wrapper (&exp, 10, n, p, spec); 1639 register_string (np->sl, str); 1640 } 1641 else 1642 { 1643 /* %g case */ 1644 exp = dec_info->exp; 1645 str = dec_info->str; 1646 } 1647 np->ip_ptr = MPFR_IS_NEG (p) ? ++str : str; /* skip sign */ 1648 str_len = strlen (str); 1649 1650 /* integral part */ 1651 if (exp > str_len) 1652 { 1653 /* When spec.size == 0, mpfr_get_str may be called in a reduced 1654 precision, so that some trailing digits may have been ignored. 1655 When spec.size != 0, this case is also possible in the case 1656 where p is rounded up to the next power of 10: a zero must be 1657 added since the exponent has been increased by 1. */ 1658 np->ip_trailing_digits = exp - str_len; 1659 np->ip_size = str_len; 1660 } 1661 else 1662 np->ip_size = exp; 1663 1664 if (spec.group) 1665 /* thousands separator in integral part */ 1666 np->thousands_sep = MPFR_THOUSANDS_SEPARATOR; 1667 1668 /* fractional part */ 1669 str += np->ip_size; 1670 str_len -= np->ip_size; 1671 if (!keep_trailing_zeros) 1672 /* remove trailing zeros, if any */ 1673 { 1674 char *ptr = str + str_len - 1; /* pointer to the last digit of 1675 str */ 1676 while (*ptr == '0' && str_len != 0) 1677 { 1678 --ptr; 1679 --str_len; 1680 } 1681 } 1682 1683 if (str_len > 0) 1684 /* some non-zero digits in fractional part */ 1685 { 1686 np->point = MPFR_DECIMAL_POINT; 1687 np->fp_ptr = str; 1688 np->fp_size = str_len; 1689 } 1690 1691 /* Warning! str_len has type size_t, which is unsigned. */ 1692 MPFR_ASSERTD (spec.prec >= 0); /* let's recall this */ 1693 if (keep_trailing_zeros && str_len < spec.prec) 1694 /* add missing trailing zeros */ 1695 { 1696 np->point = MPFR_DECIMAL_POINT; 1697 np->fp_trailing_zeros = spec.prec - np->fp_size; 1698 MPFR_ASSERTD (np->fp_trailing_zeros >= 0); 1699 } 1700 1701 if (spec.alt) 1702 /* add decimal point even if no digits follow it */ 1703 np->point = MPFR_DECIMAL_POINT; 1704 } 1705 1706 return 0; 1707 } 1708 1709 /* partition_number determines the different parts of the string 1710 representation of the number p according to the given specification. 1711 partition_number initializes the given structure np, so all previous 1712 information in that variable is lost. 1713 Return the total number of characters to be written. 1714 Return -1 if an error occurred, in that case np's fields are in an 1715 undefined state but all string buffers have been freed. */ 1716 static mpfr_intmax_t 1717 partition_number (struct number_parts *np, mpfr_srcptr p, 1718 struct printf_spec spec) 1719 { 1720 char *str; 1721 mpfr_uintmax_t total; /* can hold the sum of two non-negative 1722 signed integers + 1 */ 1723 int uppercase; 1724 1725 /* WARNING: left justification means right space padding */ 1726 np->pad_type = spec.left ? RIGHT : spec.pad == '0' ? LEADING_ZEROS : LEFT; 1727 np->pad_size = 0; 1728 np->sign = '\0'; 1729 np->prefix_ptr =NULL; 1730 np->prefix_size = 0; 1731 np->thousands_sep = '\0'; 1732 np->ip_ptr = NULL; 1733 np->ip_size = 0; 1734 np->ip_trailing_digits = 0; 1735 np->point = '\0'; 1736 np->fp_leading_zeros = 0; 1737 np->fp_ptr = NULL; 1738 np->fp_size = 0; 1739 np->fp_trailing_zeros = 0; 1740 np->exp_ptr = NULL; 1741 np->exp_size = 0; 1742 np->sl = (struct string_list *) 1743 mpfr_allocate_func (sizeof (struct string_list)); 1744 init_string_list (np->sl); 1745 1746 uppercase = spec.spec == 'A' || spec.spec == 'E' || spec.spec == 'F' 1747 || spec.spec == 'G'; 1748 1749 if (MPFR_UNLIKELY (MPFR_IS_SINGULAR (p))) 1750 { 1751 if (MPFR_IS_NAN (p)) 1752 { 1753 if (np->pad_type == LEADING_ZEROS) 1754 /* don't want "0000nan", change to right justification padding 1755 with left spaces instead */ 1756 np->pad_type = LEFT; 1757 1758 np->ip_size = MPFR_NAN_STRING_LENGTH; 1759 str = (char *) mpfr_allocate_func (1 + np->ip_size); 1760 strcpy (str, uppercase ? MPFR_NAN_STRING_UC : MPFR_NAN_STRING_LC); 1761 np->ip_ptr = register_string (np->sl, str); 1762 } 1763 else if (MPFR_IS_INF (p)) 1764 { 1765 if (np->pad_type == LEADING_ZEROS) 1766 /* don't want "0000inf", change to right justification padding 1767 with left spaces instead */ 1768 np->pad_type = LEFT; 1769 1770 if (MPFR_IS_NEG (p)) 1771 np->sign = '-'; 1772 1773 np->ip_size = MPFR_INF_STRING_LENGTH; 1774 str = (char *) mpfr_allocate_func (1 + np->ip_size); 1775 strcpy (str, uppercase ? MPFR_INF_STRING_UC : MPFR_INF_STRING_LC); 1776 np->ip_ptr = register_string (np->sl, str); 1777 } 1778 else 1779 { 1780 MPFR_ASSERTD (MPFR_IS_ZERO (p)); 1781 /* note: for 'g' spec, zero is always displayed with 'f'-style with 1782 precision spec.prec - 1 and the trailing zeros are removed unless 1783 the flag '#' is used. */ 1784 if (MPFR_IS_NEG (p)) 1785 /* signed zero */ 1786 np->sign = '-'; 1787 else if (spec.showsign || spec.space) 1788 np->sign = spec.showsign ? '+' : ' '; 1789 1790 if (spec.spec == 'a' || spec.spec == 'A') 1791 /* prefix part */ 1792 { 1793 np->prefix_size = 2; 1794 str = (char *) mpfr_allocate_func (1 + np->prefix_size); 1795 str[0] = '0'; 1796 str[1] = uppercase ? 'X' : 'x'; 1797 str[2] = '\0'; 1798 np->prefix_ptr = register_string (np->sl, str); 1799 } 1800 1801 /* integral part */ 1802 np->ip_size = 1; 1803 str = (char *) mpfr_allocate_func (1 + np->ip_size); 1804 str[0] = '0'; 1805 str[1] = '\0'; 1806 np->ip_ptr = register_string (np->sl, str); 1807 1808 if (spec.prec < 0) /* empty precision field */ 1809 { 1810 if (spec.spec == 'e' || spec.spec == 'E') 1811 spec.prec = mpfr_get_str_ndigits (10, MPFR_GET_PREC (p)) - 1; 1812 else if (spec.spec == 'f' || spec.spec == 'F' || 1813 spec.spec == 'g' || spec.spec == 'G') 1814 spec.prec = DEFAULT_DECIMAL_PREC; 1815 } 1816 1817 if (spec.prec > 0 1818 && ((spec.spec != 'g' && spec.spec != 'G') || spec.alt)) 1819 /* fractional part */ 1820 { 1821 np->point = MPFR_DECIMAL_POINT; 1822 np->fp_trailing_zeros = (spec.spec == 'g' || spec.spec == 'G') ? 1823 spec.prec - 1 : spec.prec; 1824 MPFR_ASSERTD (np->fp_trailing_zeros >= 0); 1825 } 1826 else if (spec.alt) 1827 np->point = MPFR_DECIMAL_POINT; 1828 1829 if (spec.spec == 'a' || spec.spec == 'A' || spec.spec == 'b' 1830 || spec.spec == 'e' || spec.spec == 'E') 1831 /* exponent part */ 1832 { 1833 np->exp_size = (spec.spec == 'e' || spec.spec == 'E') ? 4 : 3; 1834 str = (char *) mpfr_allocate_func (1 + np->exp_size); 1835 if (spec.spec == 'e' || spec.spec == 'E') 1836 strcpy (str, uppercase ? "E+00" : "e+00"); 1837 else 1838 strcpy (str, uppercase ? "P+0" : "p+0"); 1839 np->exp_ptr = register_string (np->sl, str); 1840 } 1841 } 1842 } 1843 else if (MPFR_UNLIKELY (MPFR_IS_UBF (p))) 1844 { 1845 /* mpfr_get_str does not support UBF, so that UBF numbers are regarded 1846 as special cases here. This is not much a problem since UBF numbers 1847 are internal to MPFR and here, they only for logging. */ 1848 if (np->pad_type == LEADING_ZEROS) 1849 /* change to right justification padding with left spaces */ 1850 np->pad_type = LEFT; 1851 1852 if (MPFR_IS_NEG (p)) 1853 np->sign = '-'; 1854 1855 np->ip_size = 3; 1856 str = (char *) mpfr_allocate_func (1 + np->ip_size); 1857 strcpy (str, uppercase ? "UBF" : "ubf"); 1858 np->ip_ptr = register_string (np->sl, str); 1859 /* TODO: output more information (e.g. the exponent) if need be. */ 1860 } 1861 else 1862 { 1863 MPFR_ASSERTD (MPFR_IS_PURE_FP (p)); 1864 if (spec.spec == 'a' || spec.spec == 'A' || spec.spec == 'b') 1865 { 1866 if (regular_ab (np, p, spec) == -1) 1867 goto error; 1868 } 1869 else if (spec.spec == 'f' || spec.spec == 'F') 1870 { 1871 if (spec.prec < 0) 1872 spec.prec = DEFAULT_DECIMAL_PREC; 1873 if (regular_fg (np, p, spec, NULL, 1) == -1) 1874 goto error; 1875 } 1876 else if (spec.spec == 'e' || spec.spec == 'E') 1877 { 1878 if (regular_eg (np, p, spec, NULL, 1) == -1) 1879 goto error; 1880 } 1881 else 1882 /* %g case */ 1883 { 1884 /* Use the C99 rules: 1885 if T > X >= -4 then the conversion is with style 'f'/'F' and 1886 precision T-(X+1). 1887 otherwise, the conversion is with style 'e'/'E' and 1888 precision T-1. 1889 where T is the threshold computed below and X is the exponent 1890 that would be displayed with style 'e' and precision T-1. */ 1891 int threshold; 1892 mpfr_exp_t x, e, k; 1893 struct decimal_info dec_info; 1894 1895 threshold = spec.prec < 0 ? DEFAULT_DECIMAL_PREC : 1896 spec.prec == 0 ? 1 : spec.prec; 1897 MPFR_ASSERTD (threshold >= 1); 1898 1899 /* Here we cannot call mpfr_get_str_wrapper since we need the full 1900 significand in dec_info.str. 1901 Moreover, threshold may be huge while one can know that the 1902 number of digits that are not trailing zeros remains limited; 1903 such a limit occurs in practical cases, e.g. with numbers 1904 representable in the IEEE 754-2008 basic formats. Since the 1905 trailing zeros are not necessarily output, we do not want to 1906 waste time and memory by making mpfr_get_str generate them. 1907 So, let us try to find a smaller threshold for mpfr_get_str. 1908 |p| < 2^EXP(p) = 10^(EXP(p)*log10(2)). So, the integer part 1909 takes at most ceil(EXP(p)*log10(2)) digits (unless p rounds 1910 to the next power of 10, but in this case any threshold will 1911 be OK). So, for the integer part, we will take: 1912 max(0,floor((EXP(p)+2)/3)). 1913 Let k = PREC(p) - EXP(p), so that the last bit of p has 1914 weight 2^(-k). If k <= 0, then p is an integer, otherwise 1915 the fractional part in base 10 may have up to k digits 1916 (this bound is reached if the last bit is 1). 1917 Note: The bound could be improved, but this is not critical. */ 1918 e = MPFR_GET_EXP (p); 1919 k = MPFR_PREC (p) - e; 1920 e = e <= 0 ? k : (e + 2) / 3 + (k <= 0 ? 0 : k); 1921 MPFR_ASSERTD (e >= 1); 1922 1923 dec_info.str = mpfr_get_str (NULL, &dec_info.exp, 10, 1924 e < threshold ? e : threshold, 1925 p, spec.rnd_mode); 1926 register_string (np->sl, dec_info.str); 1927 /* mpfr_get_str corresponds to a significand between 0.1 and 1, 1928 whereas here we want a significand between 1 and 10. */ 1929 x = dec_info.exp - 1; 1930 1931 if (threshold > x && x >= -4) 1932 { 1933 /* the conversion is with style 'f' */ 1934 spec.prec = threshold - x - 1; 1935 1936 if (regular_fg (np, p, spec, &dec_info, spec.alt) == -1) 1937 goto error; 1938 } 1939 else 1940 { 1941 spec.prec = threshold - 1; 1942 1943 if (regular_eg (np, p, spec, &dec_info, spec.alt) == -1) 1944 goto error; 1945 } 1946 } 1947 } 1948 1949 /* compute the number of characters to be written verifying it is not too 1950 much */ 1951 1952 #define INCR_TOTAL(v) \ 1953 do { \ 1954 MPFR_ASSERTD ((v) >= 0); \ 1955 if (MPFR_UNLIKELY ((v) > MPFR_INTMAX_MAX)) \ 1956 goto error; \ 1957 total += (v); \ 1958 if (MPFR_UNLIKELY (total > MPFR_INTMAX_MAX)) \ 1959 goto error; \ 1960 } while (0) 1961 1962 total = np->sign ? 1 : 0; 1963 INCR_TOTAL (np->prefix_size); 1964 INCR_TOTAL (np->ip_size); 1965 INCR_TOTAL (np->ip_trailing_digits); 1966 MPFR_ASSERTD (np->ip_size + np->ip_trailing_digits >= 1); 1967 if (np->thousands_sep) 1968 /* ' flag, style f and the thousands separator in current locale is not 1969 reduced to the null character */ 1970 INCR_TOTAL ((np->ip_size + np->ip_trailing_digits - 1) / 3); 1971 if (np->point) 1972 ++total; 1973 INCR_TOTAL (np->fp_leading_zeros); 1974 INCR_TOTAL (np->fp_size); 1975 INCR_TOTAL (np->fp_trailing_zeros); 1976 INCR_TOTAL (np->exp_size); 1977 1978 if (spec.width > total) 1979 /* pad with spaces or zeros depending on np->pad_type */ 1980 { 1981 np->pad_size = spec.width - total; 1982 total = spec.width; 1983 } 1984 1985 MPFR_ASSERTD (total > 0 && total <= MPFR_INTMAX_MAX); 1986 return total; 1987 1988 error: 1989 clear_string_list (np->sl); 1990 np->prefix_ptr = NULL; 1991 np->ip_ptr = NULL; 1992 np->fp_ptr = NULL; 1993 np->exp_ptr = NULL; 1994 return -1; 1995 } 1996 1997 /* sprnt_fp prints a mpfr_t according to spec.spec specification. 1998 1999 Return the size of the string (not counting the terminating '\0'). 2000 Return -1 if the built string is too long (i.e. has more than 2001 INT_MAX or MPFR_INTMAX_MAX characters). 2002 2003 If spec.size is 0, we only want the size of the string. 2004 */ 2005 static int 2006 sprnt_fp (struct string_buffer *buf, mpfr_srcptr p, 2007 const struct printf_spec spec) 2008 { 2009 mpfr_intmax_t length, start; 2010 struct number_parts np; 2011 2012 length = partition_number (&np, p, spec); 2013 if (MPFR_UNLIKELY (length < 0)) 2014 { 2015 buf->len = -1; 2016 return -1; 2017 } 2018 2019 if (spec.size == 0) 2020 { 2021 /* This is equivalent to the following code (no need to fill the buffer 2022 and length is known). */ 2023 buffer_incr_len (buf, length); 2024 goto clear_and_exit; 2025 } 2026 2027 MPFR_DBGRES (start = buf->len); 2028 2029 /* right justification padding with left spaces */ 2030 if (np.pad_type == LEFT && np.pad_size != 0) 2031 buffer_pad (buf, ' ', np.pad_size); 2032 2033 /* sign character (may be '-', '+', or ' ') */ 2034 if (np.sign) 2035 buffer_pad (buf, np.sign, 1); 2036 2037 /* prefix part */ 2038 if (np.prefix_ptr) 2039 buffer_cat (buf, np.prefix_ptr, np.prefix_size); 2040 2041 /* right justification padding with leading zeros */ 2042 if (np.pad_type == LEADING_ZEROS && np.pad_size != 0) 2043 buffer_pad (buf, '0', np.pad_size); 2044 2045 /* integral part (may also be "nan" or "inf") */ 2046 MPFR_ASSERTN (np.ip_ptr != NULL); /* never empty */ 2047 if (MPFR_UNLIKELY (np.thousands_sep)) 2048 { 2049 if (buffer_sandwich (buf, np.ip_ptr, np.ip_size, np.ip_trailing_digits, 2050 np.thousands_sep)) 2051 { 2052 buf->len = -1; 2053 goto clear_and_exit; 2054 } 2055 } 2056 else 2057 { 2058 buffer_cat (buf, np.ip_ptr, np.ip_size); 2059 2060 /* possible trailing zero in integral part (spec.size != 0) */ 2061 MPFR_ASSERTD (np.ip_trailing_digits <= 1); 2062 if (np.ip_trailing_digits != 0) 2063 buffer_pad (buf, '0', 1); 2064 } 2065 2066 /* decimal point */ 2067 if (np.point) 2068 buffer_pad (buf, np.point, 1); 2069 2070 /* leading zeros in fractional part */ 2071 if (np.fp_leading_zeros != 0) 2072 buffer_pad (buf, '0', np.fp_leading_zeros); 2073 2074 /* significant digits in fractional part */ 2075 if (np.fp_ptr) 2076 buffer_cat (buf, np.fp_ptr, np.fp_size); 2077 2078 /* trailing zeros in fractional part */ 2079 if (np.fp_trailing_zeros != 0) 2080 buffer_pad (buf, '0', np.fp_trailing_zeros); 2081 2082 /* exponent part */ 2083 if (np.exp_ptr) 2084 buffer_cat (buf, np.exp_ptr, np.exp_size); 2085 2086 /* left justification padding with right spaces */ 2087 if (np.pad_type == RIGHT && np.pad_size != 0) 2088 buffer_pad (buf, ' ', np.pad_size); 2089 2090 MPFR_ASSERTD (buf->len == -1 || buf->len - start == length); 2091 2092 clear_and_exit: 2093 clear_string_list (np.sl); 2094 return buf->len == -1 ? -1 : length; 2095 } 2096 2097 /* The following internal function implements both mpfr_vasprintf and 2098 mpfr_vsnprintf: 2099 (a) either ptr <> NULL, and then Buf and size are not used, and it 2100 implements mpfr_vasprintf (ptr, fmt, ap) 2101 (b) or ptr = NULL, and it implements mpfr_vsnprintf (Buf, size, fmt, ap) 2102 It returns the number of characters that would have been written had 'size' 2103 been sufficiently large, not counting the terminating null character, or -1 2104 if this number is too large for the return type 'int' (overflow). 2105 */ 2106 int 2107 mpfr_vasnprintf_aux (char **ptr, char *Buf, size_t size, const char *fmt, 2108 va_list ap) 2109 { 2110 struct string_buffer buf; 2111 int nbchar; 2112 2113 /* information on the conversion specification filled by the parser */ 2114 struct printf_spec spec; 2115 /* flag raised when previous part of fmt need to be processed by 2116 gmp_vsnprintf */ 2117 int xgmp_fmt_flag; 2118 /* beginning and end of the previous unprocessed part of fmt */ 2119 const char *start, *end; 2120 /* pointer to arguments for gmp_vasprintf */ 2121 va_list ap2; 2122 2123 MPFR_SAVE_EXPO_DECL (expo); 2124 MPFR_SAVE_EXPO_MARK (expo); 2125 2126 /* FIXME: Once buf.len >= size, switch to size = 0 for efficiency and 2127 avoid potential DoS? i.e. we no longer need to generate the strings 2128 (potentially huge), just compute the lengths. */ 2129 2130 buffer_init (&buf, ptr != NULL || size != 0 ? 4096 : 0); 2131 xgmp_fmt_flag = 0; 2132 va_copy (ap2, ap); 2133 start = fmt; 2134 while (*fmt != '\0') 2135 { 2136 int overflow = 0; 2137 2138 /* Look for the next format specification */ 2139 while (*fmt != '\0' && *fmt != '%') 2140 ++fmt; 2141 2142 if (*fmt == '\0') 2143 break; 2144 2145 if (*++fmt == '%') 2146 /* %%: go one step further otherwise the second '%' would be 2147 considered as a new conversion specification introducing 2148 character */ 2149 { 2150 ++fmt; 2151 xgmp_fmt_flag = 1; 2152 continue; 2153 } 2154 2155 end = fmt - 1; 2156 2157 /* format string analysis */ 2158 specinfo_init (&spec); 2159 fmt = parse_flags (fmt, &spec); 2160 2161 READ_INT (ap, fmt, spec.width); 2162 if (spec.width < 0) /* integer read via '*', no overflow */ 2163 { 2164 spec.left = 1; 2165 /* Since the type of the integer is int, spec.width >= INT_MIN, 2166 so that an overflow is possible here only if mpfr_intmax_t 2167 has the same size of int. The INT_MIN < - MPFR_INTMAX_MAX 2168 test allows the compiler to optimize when it is false. */ 2169 if (MPFR_UNLIKELY (INT_MIN < - MPFR_INTMAX_MAX && 2170 spec.width < - MPFR_INTMAX_MAX)) 2171 overflow = 1; 2172 else 2173 spec.width = - spec.width; 2174 } 2175 /* Note: We will make sure that spec.width is not used in case of 2176 overflow. */ 2177 MPFR_ASSERTD (overflow || spec.width >= 0); 2178 2179 if (*fmt == '.') 2180 { 2181 ++fmt; 2182 READ_INT (ap, fmt, spec.prec); 2183 /* A negative value is possible with ".*" and it will be regarded 2184 as a missing precision (ISO C). We need to make sure that such 2185 a value is representable in an int (see its use below). */ 2186 if (spec.prec < 0) 2187 spec.prec = -1; 2188 } 2189 else 2190 spec.prec = -1; /* missing precision */ 2191 MPFR_ASSERTD (spec.prec >= -1); 2192 2193 fmt = parse_arg_type (fmt, &spec); 2194 if (spec.arg_type == UNSUPPORTED) 2195 /* the current architecture doesn't support the type corresponding to 2196 the format specifier; according to the ISO C99 standard, the 2197 behavior is undefined. We choose to print the format specifier as a 2198 literal string, what may be printed after this string is 2199 undefined. */ 2200 continue; 2201 else if (spec.arg_type == MPFR_ARG) 2202 { 2203 switch (*fmt) 2204 { 2205 case '\0': 2206 break; 2207 case '*': 2208 ++fmt; 2209 spec.rnd_mode = (mpfr_rnd_t) va_arg (ap, int); 2210 break; 2211 case 'D': 2212 ++fmt; 2213 spec.rnd_mode = MPFR_RNDD; 2214 break; 2215 case 'U': 2216 ++fmt; 2217 spec.rnd_mode = MPFR_RNDU; 2218 break; 2219 case 'Y': 2220 ++fmt; 2221 spec.rnd_mode = MPFR_RNDA; 2222 break; 2223 case 'Z': 2224 ++fmt; 2225 spec.rnd_mode = MPFR_RNDZ; 2226 break; 2227 case 'N': 2228 ++fmt; 2229 MPFR_FALLTHROUGH; 2230 default: 2231 spec.rnd_mode = MPFR_RNDN; 2232 } 2233 } 2234 2235 spec.spec = *fmt; 2236 if (!specinfo_is_valid (spec)) 2237 /* the format specifier is invalid; according to the ISO C99 standard, 2238 the behavior is undefined. We choose to print the invalid format 2239 specifier as a literal string, what may be printed after this 2240 string is undefined. */ 2241 continue; 2242 2243 if (*fmt != '\0') 2244 fmt++; 2245 2246 /* Format processing */ 2247 if (spec.spec == '\0') 2248 /* end of the format string */ 2249 break; 2250 else if (spec.spec == 'n') 2251 /* put the number of characters written so far in the location pointed 2252 by the next va_list argument; the types of pointer accepted are the 2253 same as in GMP (except unsupported quad_t) plus pointer to a mpfr_t 2254 so as to be able to accept the same format strings. */ 2255 { 2256 void *p; 2257 2258 p = va_arg (ap, void *); 2259 FLUSH (xgmp_fmt_flag, start, end, ap2, &buf); 2260 va_end (ap2); 2261 start = fmt; 2262 2263 switch (spec.arg_type) 2264 { 2265 case CHAR_ARG: 2266 *(char *) p = (char) buf.len; 2267 break; 2268 case SHORT_ARG: 2269 *(short *) p = (short) buf.len; 2270 break; 2271 case LONG_ARG: 2272 *(long *) p = (long) buf.len; 2273 break; 2274 #ifdef HAVE_LONG_LONG 2275 case LONG_LONG_ARG: 2276 *(long long *) p = (long long) buf.len; 2277 break; 2278 #endif 2279 #ifdef _MPFR_H_HAVE_INTMAX_T 2280 case INTMAX_ARG: 2281 *(intmax_t *) p = (intmax_t) buf.len; 2282 break; 2283 #endif 2284 case SIZE_ARG: 2285 *(size_t *) p = buf.len; 2286 break; 2287 case PTRDIFF_ARG: 2288 *(ptrdiff_t *) p = (ptrdiff_t) buf.len; 2289 break; 2290 case MPF_ARG: 2291 mpf_set_ui ((mpf_ptr) p, (unsigned long) buf.len); 2292 break; 2293 case MPQ_ARG: 2294 mpq_set_ui ((mpq_ptr) p, (unsigned long) buf.len, 1L); 2295 break; 2296 case MP_LIMB_ARG: 2297 *(mp_limb_t *) p = (mp_limb_t) buf.len; 2298 break; 2299 case MP_LIMB_ARRAY_ARG: 2300 { 2301 mp_limb_t *q = (mp_limb_t *) p; 2302 mp_size_t n; 2303 n = va_arg (ap, mp_size_t); 2304 if (n < 0) 2305 n = -n; 2306 else if (n == 0) 2307 break; 2308 2309 /* we assume here that mp_limb_t is wider than int */ 2310 *q = (mp_limb_t) buf.len; 2311 while (--n != 0) 2312 { 2313 q++; 2314 *q = MPFR_LIMB_ZERO; 2315 } 2316 } 2317 break; 2318 case MPZ_ARG: 2319 mpz_set_ui ((mpz_ptr) p, (unsigned long) buf.len); 2320 break; 2321 2322 case MPFR_ARG: 2323 mpfr_set_ui ((mpfr_ptr) p, (unsigned long) buf.len, 2324 spec.rnd_mode); 2325 break; 2326 2327 default: 2328 *(int *) p = (int) buf.len; 2329 } 2330 va_copy (ap2, ap); /* after the switch, due to MP_LIMB_ARRAY_ARG 2331 case */ 2332 } 2333 else if (spec.arg_type == MPFR_PREC_ARG) 2334 /* output mpfr_prec_t variable */ 2335 { 2336 char *s; 2337 char format[MPFR_PREC_FORMAT_SIZE + 12]; /* e.g. "%0#+ -'*.*ld\0" */ 2338 size_t length; 2339 mpfr_prec_t prec; 2340 2341 /* FIXME: With buf.size = 0 and a huge width or precision, this 2342 can uselessly take much memory. And even with buf.size != 0, 2343 this would take more memory than necessary and need a large 2344 buffer_cat. A solution: compute a bound on the maximum 2345 number of significant digits, and handle the additional 2346 characters separately. Moreover, if buf.size = 0 or size != 0, 2347 gmp_snprintf should be called instead of gmp_asprintf, 2348 outputting data directly to the buffer when applicable. 2349 See also: https://sourceware.org/bugzilla/show_bug.cgi?id=23432 2350 Add testcases. */ 2351 2352 prec = va_arg (ap, mpfr_prec_t); 2353 2354 FLUSH (xgmp_fmt_flag, start, end, ap2, &buf); 2355 va_end (ap2); 2356 va_copy (ap2, ap); 2357 start = fmt; 2358 2359 /* The restriction to INT_MAX is a limitation due to the fact 2360 that *.* is used below. If the width or precision field is 2361 larger than INT_MAX, then there is a real overflow on the 2362 return value due to the padding characters, thus the error 2363 is correct. The only minor drawback is that some variables 2364 corresponding to the 'n' conversion specifier with a type 2365 larger than int may not be set. This is not a bug, as there 2366 are no strong guarantees for such variables in case of error. 2367 FIXME: If size = 0 and max(spec.width,spec.prec) is large 2368 enough, there is no need to call gmp_asprintf since we are 2369 just interested in the length, which should be this maximum; 2370 in particular, this should avoid the overflow issue. */ 2371 if (overflow || spec.width > INT_MAX || spec.prec > INT_MAX) 2372 { 2373 buf.len = -1; 2374 goto error; 2375 } 2376 2377 /* Recalled from above. */ 2378 MPFR_ASSERTD (spec.width >= 0); 2379 MPFR_ASSERTD (spec.prec >= -1); 2380 2381 /* construct format string, like "%*.*hd" "%*.*d" or "%*.*ld" */ 2382 sprintf (format, "%%%s%s%s%s%s%s*.*" MPFR_PREC_FORMAT_TYPE "%c", 2383 spec.pad == '0' ? "0" : "", 2384 spec.alt ? "#" : "", 2385 spec.showsign ? "+" : "", 2386 spec.space ? " " : "", 2387 spec.left ? "-" : "", 2388 spec.group ? "'" : "", 2389 spec.spec); 2390 MPFR_LOG_MSG (("MPFR_PREC_ARG: format for gmp_asprintf: \"%s\"\n", 2391 format)); 2392 MPFR_LOG_MSG (("MPFR_PREC_ARG: width = %d, prec = %d, value = %" 2393 MPFR_PREC_FORMAT_TYPE "d\n", 2394 (int) spec.width, (int) spec.prec, prec)); 2395 length = gmp_asprintf (&s, format, 2396 (int) spec.width, (int) spec.prec, prec); 2397 MPFR_ASSERTN (length >= 0); /* guaranteed by GMP 6 */ 2398 buffer_cat (&buf, s, length); 2399 mpfr_free_str (s); 2400 } 2401 else if (spec.arg_type == MPFR_ARG) 2402 /* output a mpfr_t variable */ 2403 { 2404 mpfr_srcptr p; 2405 2406 if (spec.spec != 'a' && spec.spec != 'A' 2407 && spec.spec != 'b' 2408 && spec.spec != 'e' && spec.spec != 'E' 2409 && spec.spec != 'f' && spec.spec != 'F' 2410 && spec.spec != 'g' && spec.spec != 'G') 2411 /* The format specifier is invalid; skip the invalid format 2412 specifier so as to print it as a literal string. What may 2413 be printed after this string is undefined. */ 2414 continue; 2415 2416 p = va_arg (ap, mpfr_srcptr); 2417 2418 FLUSH (xgmp_fmt_flag, start, end, ap2, &buf); 2419 va_end (ap2); 2420 va_copy (ap2, ap); 2421 start = fmt; 2422 2423 if (overflow) 2424 { 2425 buf.len = -1; 2426 goto error; 2427 } 2428 2429 if (ptr == NULL) 2430 spec.size = size; 2431 sprnt_fp (&buf, p, spec); 2432 } 2433 else 2434 /* gmp_printf specification, step forward in the va_list */ 2435 { 2436 CONSUME_VA_ARG (spec, ap); 2437 xgmp_fmt_flag = 1; 2438 } 2439 } 2440 2441 if (start != fmt) 2442 FLUSH (xgmp_fmt_flag, start, fmt, ap2, &buf); 2443 2444 va_end (ap2); 2445 2446 if (buf.len == -1 || buf.len > INT_MAX) /* overflow */ 2447 goto overflow; 2448 2449 nbchar = buf.len; 2450 MPFR_ASSERTD (nbchar >= 0); 2451 2452 if (ptr != NULL) /* implement mpfr_vasprintf */ 2453 { 2454 MPFR_ASSERTD (nbchar == strlen (buf.start)); 2455 *ptr = (char *) mpfr_reallocate_func (buf.start, buf.size, nbchar + 1); 2456 } 2457 else if (size != 0) /* implement mpfr_vsnprintf */ 2458 { 2459 if (nbchar < size) 2460 { 2461 strncpy (Buf, buf.start, nbchar); 2462 Buf[nbchar] = '\0'; 2463 } 2464 else 2465 { 2466 strncpy (Buf, buf.start, size - 1); 2467 Buf[size-1] = '\0'; 2468 } 2469 mpfr_free_func (buf.start, buf.size); 2470 } 2471 2472 MPFR_SAVE_EXPO_FREE (expo); 2473 return nbchar; /* return the number of characters that would have 2474 been written had 'size' been sufficiently large, 2475 not counting the terminating null character */ 2476 2477 error: 2478 va_end (ap2); 2479 if (buf.len == -1) /* overflow */ 2480 { 2481 overflow: 2482 MPFR_LOG_MSG (("Overflow\n", 0)); 2483 MPFR_SAVE_EXPO_UPDATE_FLAGS (expo, MPFR_FLAGS_ERANGE); 2484 #ifdef EOVERFLOW 2485 MPFR_LOG_MSG (("Setting errno to EOVERFLOW\n", 0)); 2486 errno = EOVERFLOW; 2487 #endif 2488 } 2489 2490 MPFR_SAVE_EXPO_FREE (expo); 2491 if (ptr != NULL) /* implement mpfr_vasprintf */ 2492 *ptr = NULL; 2493 if (ptr != NULL || size != 0) 2494 mpfr_free_func (buf.start, buf.size); 2495 2496 return -1; 2497 } 2498 2499 #else /* HAVE_STDARG */ 2500 2501 /* Avoid an empty translation unit (see ISO C99, 6.9) */ 2502 typedef int foo; 2503 2504 #endif /* HAVE_STDARG */ 2505