cpython-withatomic / Python / mysnprintf.c

#include "Python.h"
#include <ctype.h>

/* snprintf() wrappers.  If the platform has vsnprintf, we use it, else we
   emulate it in a half-hearted way.  Even if the platform has it, we wrap
   it because platforms differ in what vsnprintf does in case the buffer
   is too small:  C99 behavior is to return the number of characters that
   would have been written had the buffer not been too small, and to set
   the last byte of the buffer to \0.  At least MS _vsnprintf returns a
   negative value instead, and fills the entire buffer with non-\0 data.

   The wrappers ensure that str[size-1] is always \0 upon return.

   PyOS_snprintf and PyOS_vsnprintf never write more than size bytes
   (including the trailing '\0') into str.

   If the platform doesn't have vsnprintf, and the buffer size needed to
   avoid truncation exceeds size by more than 512, Python aborts with a

   Return value (rv):

	When 0 <= rv < size, the output conversion was unexceptional, and
	rv characters were written to str (excluding a trailing \0 byte at

	When rv >= size, output conversion was truncated, and a buffer of
	size rv+1 would have been needed to avoid truncation.  str[size-1]
	is \0 in this case.

	When rv < 0, "something bad happened".  str[size-1] is \0 in this
	case too, but the rest of str is unreliable.  It could be that
	an error in format codes was detected by libc, or on platforms
	with a non-C99 vsnprintf simply that the buffer wasn't big enough
	to avoid truncation, or on platforms without any vsnprintf that
	PyMem_Malloc couldn't obtain space for a temp buffer.

   CAUTION:  Unlike C99, str != NULL and size > 0 are required.

PyOS_snprintf(char *str, size_t size, const  char  *format, ...)
	int rc;
	va_list va;

	va_start(va, format);
	rc = PyOS_vsnprintf(str, size, format, va);
	return rc;

PyOS_vsnprintf(char *str, size_t size, const char  *format, va_list va)
	int len;  /* # bytes written, excluding \0 */
#define _PyOS_vsnprintf_EXTRA_SPACE 1
#define _PyOS_vsnprintf_EXTRA_SPACE 512
	char *buffer;
	assert(str != NULL);
	assert(size > 0);
	assert(format != NULL);
	/* We take a size_t as input but return an int.  Sanity check
	 * our input so that it won't cause an overflow in the
         * vsnprintf return value or the buffer malloc size.  */
	if (size > INT_MAX - _PyOS_vsnprintf_EXTRA_SPACE) {
		len = -666;
		goto Done;

	len = vsnprintf(str, size, format, va);
	/* Emulate it. */
	buffer = PyMem_MALLOC(size + _PyOS_vsnprintf_EXTRA_SPACE);
	if (buffer == NULL) {
		len = -666;
		goto Done;

	len = vsprintf(buffer, format, va);
	if (len < 0)
		/* ignore the error */;

	else if ((size_t)len >= size + _PyOS_vsnprintf_EXTRA_SPACE)
		Py_FatalError("Buffer overflow in PyOS_snprintf/PyOS_vsnprintf");

	else {
		const size_t to_copy = (size_t)len < size ?
					(size_t)len : size - 1;
		assert(to_copy < size);
		memcpy(str, buffer, to_copy);
		str[to_copy] = '\0';
	if (size > 0)
		str[size-1] = '\0';
	return len;
#undef _PyOS_vsnprintf_EXTRA_SPACE
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.