This is the mail archive of the libstdc++@gcc.gnu.org mailing list for the libstdc++ project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH] Use __snprintf when available

From: Ulrich Drepper <drepper at redhat dot com>
To: Paolo Carlini <pcarlini at unitus dot it>
Cc: libstdc++ at gcc dot gnu dot org, Benjamin Kosnik <bkoz at redhat dot com>
Date: 19 Mar 2002 11:02:33 -0800
Subject: Re: [PATCH] Use __snprintf when available
References: <3C977C3E.C01E864B@unitus.it>

On Tue, 2002-03-19 at 09:58, Paolo Carlini wrote:

> 1- Minor, but annoying: I could not manage to use __attribute__((__unused__))
> for function parameters. Indeed, the following example triggers a parse error
> at line #1:
> 
>     f(int __size __attribute__ ((__unused__)), int i)
>     {
>       int j __attribute__ ((__unused__));
>       return i;
>     }

For C++?  You wouldn't use attribute then:

   int
   f(int, int i)
   {
     int j __attribute__ ((__unused__));
     return i;
   }

Just avoid the parameter name.

>          char __modl, _ValueT __v) const
>         {
>    // [22.2.2.2.2] Stage 1, numeric conversion to character.
> !
>    // Long enough for the max format spec.
>    char __fbuf[16];
>    _S_format_int(__io, __fbuf, __mod, __modl);
> ! #ifdef _GLIBCPP_USE_C99
> !  // First try a buffer perhaps big enough.
> !  int __cs_size = 64;
> !  char* __cs = static_cast<char*>(__builtin_alloca(__cs_size));
> !  int __len = __convert_from_v(__cs, __cs_size, __fbuf, __v, _S_c_locale);
> !  // If the buffer was not large enough, try again with the correct size.
> !  if (__len >= __cs_size)
> !    {
> !      __cs_size = __len + 1;
> !      __cs = static_cast<char*>(__builtin_alloca(__cs_size));
> !      __len = __convert_from_v(__cs, __cs_size, __fbuf, __v, _S_c_locale);
> !    }

I've only looked briefly at the code so correct me if I'm wrong.   There
is no arbitrary limit to the size of the generated output.  You start
with 64 bytes but then allocate as much as snprintf tells you, right? 
The user can specify width and precision.

If this is true you cannot unconditionally use alloca().  I've made
similar assumptions about the sanity of ther users but there are always
some people who don't live by these rules.  alloca() will not indicate
that it failed but the program will crash once you run out of stack. 
This normally is not a problem but a) some people use huge
widths/precisions and b) there are setups where the stack is limited.

Therefore you'll have to do something like this:

  bool __use_malloc = false;

  if (__len >= __cs_size)
    {
      __cs_size = __len + 1;
      if (__cs_size < SOME_USEFUL_LIMIT)
        __cs = static_cast<char*>(__builtin_alloca(__cs_size));
      else
        {
          __cs = new char[__cs_size];
          __use_malloc = true;
        }
      __len = __convert_from_v(__cs, __cs_size, __fbuf, __v,
_S_c_locale);
    }

And you'll have to call 'delete' once the string isn't used anymore.

You'll have to do this wherever there is no fixed limit.  If you have no
precision/width and can compute the number of characters by multiplying
the number of bytes by 3 this is fine

-- 
---------------.                          ,-.   1325 Chesapeake Terrace
Ulrich Drepper  \    ,-------------------'   \  Sunnyvale, CA 94089 USA
Red Hat          `--' drepper at redhat.com   `------------------------

Attachment: signature.asc
Description: This is a digitally signed message part

Follow-Ups:
- Re: [PATCH] Use __snprintf when available
  - From: Paolo Carlini

References:
- [PATCH] Use __snprintf when available
  - From: Paolo Carlini

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]