1 #include "stdio_impl.h"
2 #include <errno.h>
3 #include <ctype.h>
4 #include <limits.h>
5 #include <string.h>
6 #include <stdarg.h>
7 #include <stddef.h>
8 #include <stdlib.h>
9 #include <wchar.h>
10 #include <inttypes.h>
11 #include <math.h>
12 #include <float.h>
13
14 /* Some useful macros */
15
16 #define MAX(a,b) ((a)>(b) ? (a) : (b))
17 #define MIN(a,b) ((a)<(b) ? (a) : (b))
18
19 /* Convenient bit representation for modifier flags, which all fall
20 * within 31 codepoints of the space character. */
21
22 #define ALT_FORM (1U<<'#'-' ')
23 #define ZERO_PAD (1U<<'0'-' ')
24 #define LEFT_ADJ (1U<<'-'-' ')
25 #define PAD_POS (1U<<' '-' ')
26 #define MARK_POS (1U<<'+'-' ')
27 #define GROUPED (1U<<'\''-' ')
28
29 #define FLAGMASK (ALT_FORM|ZERO_PAD|LEFT_ADJ|PAD_POS|MARK_POS|GROUPED)
30
31 /* State machine to accept length modifiers + conversion specifiers.
32 * Result is 0 on failure, or an argument type to pop on success. */
33
34 enum {
35 BARE, LPRE, LLPRE, HPRE, HHPRE, BIGLPRE,
36 ZTPRE, JPRE,
37 STOP,
38 PTR, INT, UINT, ULLONG,
39 LONG, ULONG,
40 SHORT, USHORT, CHAR, UCHAR,
41 LLONG, SIZET, IMAX, UMAX, PDIFF, UIPTR,
42 DBL, LDBL,
43 NOARG,
44 MAXSTATE
45 };
46
47 #define S(x) [(x)-'A']
48
49 static const unsigned char states[]['z'-'A'+1] = {
50 { /* 0: bare types */
51 S('d') = INT, S('i') = INT,
52 S('o') = UINT, S('u') = UINT, S('x') = UINT, S('X') = UINT,
53 S('e') = DBL, S('f') = DBL, S('g') = DBL, S('a') = DBL,
54 S('E') = DBL, S('F') = DBL, S('G') = DBL, S('A') = DBL,
55 S('c') = CHAR, S('C') = INT,
56 S('s') = PTR, S('S') = PTR, S('p') = UIPTR, S('n') = PTR,
57 S('m') = NOARG,
58 S('l') = LPRE, S('h') = HPRE, S('L') = BIGLPRE,
59 S('z') = ZTPRE, S('j') = JPRE, S('t') = ZTPRE,
60 }, { /* 1: l-prefixed */
61 S('d') = LONG, S('i') = LONG,
62 S('o') = ULONG, S('u') = ULONG, S('x') = ULONG, S('X') = ULONG,
63 S('e') = DBL, S('f') = DBL, S('g') = DBL, S('a') = DBL,
64 S('E') = DBL, S('F') = DBL, S('G') = DBL, S('A') = DBL,
65 S('c') = INT, S('s') = PTR, S('n') = PTR,
66 S('l') = LLPRE,
67 }, { /* 2: ll-prefixed */
68 S('d') = LLONG, S('i') = LLONG,
69 S('o') = ULLONG, S('u') = ULLONG,
70 S('x') = ULLONG, S('X') = ULLONG,
71 S('n') = PTR,
72 }, { /* 3: h-prefixed */
73 S('d') = SHORT, S('i') = SHORT,
74 S('o') = USHORT, S('u') = USHORT,
75 S('x') = USHORT, S('X') = USHORT,
76 S('n') = PTR,
77 S('h') = HHPRE,
78 }, { /* 4: hh-prefixed */
79 S('d') = CHAR, S('i') = CHAR,
80 S('o') = UCHAR, S('u') = UCHAR,
81 S('x') = UCHAR, S('X') = UCHAR,
82 S('n') = PTR,
83 }, { /* 5: L-prefixed */
84 S('e') = LDBL, S('f') = LDBL, S('g') = LDBL, S('a') = LDBL,
85 S('E') = LDBL, S('F') = LDBL, S('G') = LDBL, S('A') = LDBL,
86 S('n') = PTR,
87 }, { /* 6: z- or t-prefixed (assumed to be same size) */
88 S('d') = PDIFF, S('i') = PDIFF,
89 S('o') = SIZET, S('u') = SIZET,
90 S('x') = SIZET, S('X') = SIZET,
91 S('n') = PTR,
92 }, { /* 7: j-prefixed */
93 S('d') = IMAX, S('i') = IMAX,
94 S('o') = UMAX, S('u') = UMAX,
95 S('x') = UMAX, S('X') = UMAX,
96 S('n') = PTR,
97 }
98 };
99
100 #define OOB(x) ((unsigned)(x)-'A' > 'z'-'A')
101
102 union arg
103 {
104 uintmax_t i;
105 long double f;
106 void *p;
107 };
108
pop_arg(union arg *arg, int type, va_list *ap)109 static void pop_arg(union arg *arg, int type, va_list *ap)
110 {
111 switch (type) {
112 case PTR: arg->p = va_arg(*ap, void *);
113 break; case INT: arg->i = va_arg(*ap, int);
114 break; case UINT: arg->i = va_arg(*ap, unsigned int);
115 break; case LONG: arg->i = va_arg(*ap, long);
116 break; case ULONG: arg->i = va_arg(*ap, unsigned long);
117 break; case ULLONG: arg->i = va_arg(*ap, unsigned long long);
118 break; case SHORT: arg->i = (short)va_arg(*ap, int);
119 break; case USHORT: arg->i = (unsigned short)va_arg(*ap, int);
120 break; case CHAR: arg->i = (signed char)va_arg(*ap, int);
121 break; case UCHAR: arg->i = (unsigned char)va_arg(*ap, int);
122 break; case LLONG: arg->i = va_arg(*ap, long long);
123 break; case SIZET: arg->i = va_arg(*ap, size_t);
124 break; case IMAX: arg->i = va_arg(*ap, intmax_t);
125 break; case UMAX: arg->i = va_arg(*ap, uintmax_t);
126 break; case PDIFF: arg->i = va_arg(*ap, ptrdiff_t);
127 break; case UIPTR: arg->i = (uintptr_t)va_arg(*ap, void *);
128 break; case DBL: arg->f = va_arg(*ap, double);
129 break; case LDBL: arg->f = va_arg(*ap, long double);
130 }
131 }
132
out(FILE *f, const char *s, size_t l)133 static void out(FILE *f, const char *s, size_t l)
134 {
135 if (!l) {
136 return;
137 }
138
139 /* write to file buffer if flag F_PBUF is available */
140 if (!(f->flags & F_ERR) && !(f->flags & F_PBUF)) {
141 __fwritex((void *)s, l, f);
142 return;
143 }
144
145 /* otherwise, copy to buffer directly */
146 f->write(f, (void *)s, l);
147 }
148
pad(FILE *f, char c, int w, int l, int fl)149 static void pad(FILE *f, char c, int w, int l, int fl)
150 {
151 char pad[16];
152 if (fl & (LEFT_ADJ | ZERO_PAD) || l >= w) return;
153 l = w - l;
154 __builtin_memset(pad, c, sizeof pad);
155 for (; l >= sizeof pad; l -= sizeof pad)
156 out(f, pad, sizeof pad);
157 out(f, pad, l);
158 }
159
160 static const char xdigits[16] = {
161 "0123456789ABCDEF"
162 };
163
fmt_x(uintmax_t x, char *s, int lower)164 static char *fmt_x(uintmax_t x, char *s, int lower)
165 {
166 for (; x; x>>=4) *--s = xdigits[(x&15)]|lower;
167 return s;
168 }
169
fmt_o(uintmax_t x, char *s)170 static char *fmt_o(uintmax_t x, char *s)
171 {
172 for (; x; x>>=3) *--s = '0' + (x&7);
173 return s;
174 }
175
fmt_u(uintmax_t x, char *s)176 static char *fmt_u(uintmax_t x, char *s)
177 {
178 unsigned long y;
179 for ( ; x>ULONG_MAX; x/=10) *--s = '0' + x%10;
180 for (y=x; y; y/=10) *--s = '0' + y%10;
181 return s;
182 }
183
184 /* Do not override this check. The floating point printing code below
185 * depends on the float.h constants being right. If they are wrong, it
186 * may overflow the stack. */
187 #if LDBL_MANT_DIG == 53
188 typedef char compiler_defines_long_double_incorrectly[9-(int)sizeof(long double)];
189 #endif
190
fmt_fp(FILE *f, long double y, int w, int p, int fl, int t)191 static int fmt_fp(FILE *f, long double y, int w, int p, int fl, int t)
192 {
193 uint32_t big[(LDBL_MANT_DIG+28)/29 + 1 // mantissa expansion
194 + (LDBL_MAX_EXP+LDBL_MANT_DIG+28+8)/9]; // exponent expansion
195 uint32_t *a, *d, *r, *z;
196 int e2=0, e, i, j, l;
197 char buf[9+LDBL_MANT_DIG/4], *s;
198 const char *prefix="-0X+0X 0X-0x+0x 0x";
199 int pl;
200 char ebuf0[3*sizeof(int)], *ebuf=&ebuf0[3*sizeof(int)], *estr;
201
202 pl=1;
203 if (signbit(y)) {
204 y=-y;
205 } else if (fl & MARK_POS) {
206 prefix+=3;
207 } else if (fl & PAD_POS) {
208 prefix+=6;
209 } else prefix++, pl=0;
210
211 if (!isfinite(y)) {
212 char *s = (t&32)?"inf":"INF";
213 if (y!=y) s=(t&32)?"nan":"NAN";
214 pad(f, ' ', w, 3+pl, fl&~ZERO_PAD);
215 out(f, prefix, pl);
216 out(f, s, 3);
217 pad(f, ' ', w, 3+pl, fl^LEFT_ADJ);
218 return MAX(w, 3+pl);
219 }
220
221 y = frexpl(y, &e2) * 2;
222 if (y) e2--;
223
224 if ((t|32)=='a') {
225 long double round = 8.0;
226 int re;
227
228 if (t&32) prefix += 9;
229 pl += 2;
230
231 if (p<0 || p>=LDBL_MANT_DIG/4-1) re=0;
232 else re=LDBL_MANT_DIG/4-1-p;
233
234 if (re) {
235 round *= 1<<(LDBL_MANT_DIG%4);
236 while (re--) round*=16;
237 if (*prefix=='-') {
238 y=-y;
239 y-=round;
240 y+=round;
241 y=-y;
242 } else {
243 y+=round;
244 y-=round;
245 }
246 }
247
248 estr=fmt_u(e2<0 ? -e2 : e2, ebuf);
249 if (estr==ebuf) *--estr='0';
250 *--estr = (e2<0 ? '-' : '+');
251 *--estr = t+('p'-'a');
252
253 s=buf;
254 do {
255 int x=y;
256 *s++=xdigits[x]|(t&32);
257 y=16*(y-x);
258 if (s-buf==1 && (y||p>0||(fl&ALT_FORM))) *s++='.';
259 } while (y);
260
261 if (p > INT_MAX-2-(ebuf-estr)-pl)
262 return -1;
263 if (p && s-buf-2 < p)
264 l = (p+2) + (ebuf-estr);
265 else
266 l = (s-buf) + (ebuf-estr);
267
268 pad(f, ' ', w, pl+l, fl);
269 out(f, prefix, pl);
270 pad(f, '0', w, pl+l, fl^ZERO_PAD);
271 out(f, buf, s-buf);
272 pad(f, '0', l-(ebuf-estr)-(s-buf), 0, 0);
273 out(f, estr, ebuf-estr);
274 pad(f, ' ', w, pl+l, fl^LEFT_ADJ);
275 return MAX(w, pl+l);
276 }
277 if (p<0) p=6;
278
279 if (y) y *= 0x1p28, e2-=28;
280
281 if (e2<0) a=r=z=big;
282 else a=r=z=big+sizeof(big)/sizeof(*big) - LDBL_MANT_DIG - 1;
283
284 do {
285 *z = y;
286 y = 1000000000*(y-*z++);
287 } while (y);
288
289 while (e2>0) {
290 uint32_t carry=0;
291 int sh=MIN(29,e2);
292 for (d=z-1; d>=a; d--) {
293 uint64_t x = ((uint64_t)*d<<sh)+carry;
294 *d = x % 1000000000;
295 carry = x / 1000000000;
296 }
297 if (carry) *--a = carry;
298 while (z>a && !z[-1]) z--;
299 e2-=sh;
300 }
301 while (e2<0) {
302 uint32_t carry=0, *b;
303 int sh=MIN(9,-e2), need=1+(p+LDBL_MANT_DIG/3U+8)/9;
304 for (d=a; d<z; d++) {
305 uint32_t rm = *d & (1<<sh)-1;
306 *d = (*d>>sh) + carry;
307 carry = (1000000000>>sh) * rm;
308 }
309 if (!*a) a++;
310 if (carry) *z++ = carry;
311 /* Avoid (slow!) computation past requested precision */
312 b = (t|32)=='f' ? r : a;
313 if (z-b > need) z = b+need;
314 e2+=sh;
315 }
316
317 if (a<z) for (i=10, e=9*(r-a); *a>=i; i*=10, e++);
318 else e=0;
319
320 /* Perform rounding: j is precision after the radix (possibly neg) */
321 j = p - ((t|32)!='f')*e - ((t|32)=='g' && p);
322 if (j < 9*(z-r-1)) {
323 uint32_t x;
324 /* We avoid C's broken division of negative numbers */
325 d = r + 1 + ((j+9*LDBL_MAX_EXP)/9 - LDBL_MAX_EXP);
326 j += 9*LDBL_MAX_EXP;
327 j %= 9;
328 for (i=10, j++; j<9; i*=10, j++);
329 x = *d % i;
330 /* Are there any significant digits past j? */
331 if (x || d+1!=z) {
332 long double round = 2/LDBL_EPSILON;
333 long double small;
334 if ((*d/i & 1) || (i==1000000000 && d>a && (d[-1]&1)))
335 round += 2;
336 if (x<i/2) small=0x0.8p0;
337 else if (x==i/2 && d+1==z) small=0x1.0p0;
338 else small=0x1.8p0;
339 if (pl && *prefix=='-') round*=-1, small*=-1;
340 *d -= x;
341 /* Decide whether to round by probing round+small */
342 if (round+small != round) {
343 *d = *d + i;
344 while (*d > 999999999) {
345 *d--=0;
346 if (d<a) *--a=0;
347 (*d)++;
348 }
349 for (i=10, e=9*(r-a); *a>=i; i*=10, e++);
350 }
351 }
352 if (z>d+1) z=d+1;
353 }
354 for (; z>a && !z[-1]; z--);
355
356 if ((t|32)=='g') {
357 if (!p) p++;
358 if (p>e && e>=-4) {
359 t--;
360 p-=e+1;
361 } else {
362 t-=2;
363 p--;
364 }
365 if (!(fl&ALT_FORM)) {
366 /* Count trailing zeros in last place */
367 if (z>a && z[-1]) for (i=10, j=0; z[-1]%i==0; i*=10, j++);
368 else j=9;
369 if ((t|32)=='f')
370 p = MIN(p,MAX(0,9*(z-r-1)-j));
371 else
372 p = MIN(p,MAX(0,9*(z-r-1)+e-j));
373 }
374 }
375 if (p > INT_MAX-1-(p || (fl&ALT_FORM)))
376 return -1;
377 l = 1 + p + (p || (fl&ALT_FORM));
378 if ((t|32)=='f') {
379 if (e > INT_MAX-l) return -1;
380 if (e>0) l+=e;
381 } else {
382 estr=fmt_u(e<0 ? -e : e, ebuf);
383 while(ebuf-estr<2) *--estr='0';
384 *--estr = (e<0 ? '-' : '+');
385 *--estr = t;
386 if (ebuf-estr > INT_MAX-l) return -1;
387 l += ebuf-estr;
388 }
389
390 if (l > INT_MAX-pl) return -1;
391 pad(f, ' ', w, pl+l, fl);
392 out(f, prefix, pl);
393 pad(f, '0', w, pl+l, fl^ZERO_PAD);
394
395 if ((t|32)=='f') {
396 if (a>r) a=r;
397 for (d=a; d<=r; d++) {
398 char *s = fmt_u(*d, buf+9);
399 if (d!=a) while (s>buf) *--s='0';
400 else if (s==buf+9) *--s='0';
401 out(f, s, buf+9-s);
402 }
403 if (p || (fl&ALT_FORM)) out(f, ".", 1);
404 for (; d<z && p>0; d++, p-=9) {
405 char *s = fmt_u(*d, buf+9);
406 while (s>buf) *--s='0';
407 out(f, s, MIN(9,p));
408 }
409 pad(f, '0', p+9, 9, 0);
410 } else {
411 if (z<=a) z=a+1;
412 for (d=a; d<z && p>=0; d++) {
413 char *s = fmt_u(*d, buf+9);
414 if (s==buf+9) *--s='0';
415 if (d!=a) while (s>buf) *--s='0';
416 else {
417 out(f, s++, 1);
418 if (p>0||(fl&ALT_FORM)) out(f, ".", 1);
419 }
420 out(f, s, MIN(buf+9-s, p));
421 p -= buf+9-s;
422 }
423 pad(f, '0', p+18, 18, 0);
424 out(f, estr, ebuf-estr);
425 }
426
427 pad(f, ' ', w, pl+l, fl^LEFT_ADJ);
428
429 return MAX(w, pl+l);
430 }
431
getint(char **s)432 static int getint(char **s) {
433 int i;
434 for (i=0; isdigit(**s); (*s)++) {
435 if (i > INT_MAX/10U || **s-'0' > INT_MAX-10*i) i = -1;
436 else i = 10*i + (**s-'0');
437 }
438 return i;
439 }
440
printf_core(FILE *f, const char *fmt, va_list *ap, union arg *nl_arg, int *nl_type, char nl_arg_filled)441 static int printf_core(FILE *f, const char *fmt, va_list *ap, union arg *nl_arg, int *nl_type, char nl_arg_filled)
442 {
443 char *a, *z, *s=(char *)fmt;
444 unsigned l10n=0, fl;
445 int w, p, xp;
446 union arg arg;
447 int argpos;
448 unsigned st, ps;
449 int cnt=0, l=0;
450 size_t i;
451 const char *prefix;
452 int t, pl;
453 wchar_t wc[2], *ws;
454 char mb[4];
455
456 for (;;) {
457 /* This error is only specified for snprintf, but since it's
458 * unspecified for other forms, do the same. Stop immediately
459 * on overflow; otherwise %n could produce wrong results. */
460 if (l > INT_MAX - cnt) goto overflow;
461
462 /* Update output count, end loop when fmt is exhausted */
463 cnt += l;
464 if (!*s) break;
465
466 /* Handle literal text and %% format specifiers */
467 for (a=s; *s && *s!='%'; s++);
468 for (z=s; s[0]=='%' && s[1]=='%'; z++, s+=2);
469 if (z-a > INT_MAX-cnt) goto overflow;
470 l = z-a;
471 if (f) out(f, a, l);
472 if (l) continue;
473
474 if (isdigit(s[1]) && s[2]=='$') {
475 if (!nl_arg_filled) {
476 va_list ap_copy;
477 va_copy(ap_copy, *ap);
478 if (printf_core(0, fmt, &ap_copy, nl_arg, nl_type, 1) < 0) {
479 return -1;
480 }
481 va_end(ap_copy);
482 }
483 l10n=1;
484 argpos = s[1]-'0';
485 s+=3;
486 } else {
487 argpos = -1;
488 s++;
489 }
490
491 /* Read modifier flags */
492 for (fl=0; (unsigned)*s-' '<32 && (FLAGMASK&(1U<<*s-' ')); s++)
493 fl |= 1U<<*s-' ';
494
495 /* Read field width */
496 if (*s=='*') {
497 if (isdigit(s[1]) && s[2]=='$') {
498 l10n=1;
499 nl_type[s[1]-'0'] = INT;
500 w = nl_arg[s[1]-'0'].i;
501 s+=3;
502 } else if (!l10n) {
503 w = f ? va_arg(*ap, int) : 0;
504 s++;
505 } else goto inval;
506 if (w<0) fl|=LEFT_ADJ, w=-w;
507 } else if ((w=getint(&s))<0) goto overflow;
508
509 /* Read precision */
510 if (*s=='.' && s[1]=='*') {
511 if (isdigit(s[2]) && s[3]=='$') {
512 nl_type[s[2]-'0'] = INT;
513 p = nl_arg[s[2]-'0'].i;
514 s+=4;
515 } else if (!l10n) {
516 p = f ? va_arg(*ap, int) : 0;
517 s+=2;
518 } else goto inval;
519 xp = (p>=0);
520 } else if (*s=='.') {
521 s++;
522 p = getint(&s);
523 xp = 1;
524 } else {
525 p = -1;
526 xp = 0;
527 }
528
529 /* Format specifier state machine */
530 st=0;
531 do {
532 if (OOB(*s)) goto inval;
533 ps=st;
534 st=states[st]S(*s++);
535 } while (st-1<STOP);
536 if (!st) goto inval;
537
538 /* Check validity of argument type (nl/normal) */
539 if (st==NOARG) {
540 if (argpos>=0) goto inval;
541 } else {
542 if (argpos>=0) nl_type[argpos]=st, arg=nl_arg[argpos];
543 else if (f) pop_arg(&arg, st, ap);
544 else return 0;
545 }
546
547 if (!f) continue;
548
549 char buf[sizeof(uintmax_t)*3+3+LDBL_MANT_DIG/4];
550 z = buf + sizeof(buf);
551 prefix = "-+ 0X0x";
552 pl = 0;
553 t = s[-1];
554
555 /* Transform ls,lc -> S,C */
556 if (ps && (t&15)==3) t&=~32;
557
558 /* - and 0 flags are mutually exclusive */
559 if (fl & LEFT_ADJ) fl &= ~ZERO_PAD;
560
561 switch(t) {
562 case 'n':
563 switch(ps) {
564 case BARE: *(int *)arg.p = cnt; break;
565 case LPRE: *(long *)arg.p = cnt; break;
566 case LLPRE: *(long long *)arg.p = cnt; break;
567 case HPRE: *(unsigned short *)arg.p = cnt; break;
568 case HHPRE: *(unsigned char *)arg.p = cnt; break;
569 case ZTPRE: *(size_t *)arg.p = cnt; break;
570 case JPRE: *(uintmax_t *)arg.p = cnt; break;
571 }
572 continue;
573 case 'p':
574 p = MAX(p, 2*sizeof(void*));
575 t = 'x';
576 fl |= ALT_FORM;
577 case 'x': case 'X':
578 a = fmt_x(arg.i, z, t&32);
579 if (arg.i && (fl & ALT_FORM)) prefix+=(t>>4), pl=2;
580 if (0) {
581 case 'o':
582 a = fmt_o(arg.i, z);
583 if ((fl&ALT_FORM) && p<z-a+1) p=z-a+1;
584 } if (0) {
585 case 'd': case 'i':
586 pl=1;
587 if (arg.i>INTMAX_MAX) {
588 arg.i=-arg.i;
589 } else if (fl & MARK_POS) {
590 prefix++;
591 } else if (fl & PAD_POS) {
592 prefix+=2;
593 } else pl=0;
594 case 'u':
595 a = fmt_u(arg.i, z);
596 }
597 if (xp && p<0) goto overflow;
598 if (xp) fl &= ~ZERO_PAD;
599 if (!arg.i && !p) {
600 a=z;
601 break;
602 }
603 p = MAX(p, z-a + !arg.i);
604 break;
605 case 'c':
606 *(a=z-(p=1))=arg.i;
607 fl &= ~ZERO_PAD;
608 break;
609 case 'm':
610 if (1) a = strerror(errno); else
611 case 's':
612 a = arg.p ? arg.p : "(null)";
613 z = a + strnlen(a, p<0 ? INT_MAX : p);
614 if (p<0 && *z) goto overflow;
615 p = z-a;
616 fl &= ~ZERO_PAD;
617 break;
618 case 'C':
619 wc[0] = arg.i;
620 wc[1] = 0;
621 arg.p = wc;
622 p = -1;
623 case 'S':
624 ws = arg.p;
625 for (i=l=0; i<p && *ws && (l=wctomb(mb, *ws++))>=0 && l<=p-i; i+=l);
626 if (l<0) return -1;
627 if (i > INT_MAX) goto overflow;
628 p = i;
629 pad(f, ' ', w, p, fl);
630 ws = arg.p;
631 for (i=0; i<0U+p && *ws && i+(l=wctomb(mb, *ws++))<=p; i+=l)
632 out(f, mb, l);
633 pad(f, ' ', w, p, fl^LEFT_ADJ);
634 l = w>p ? w : p;
635 continue;
636 case 'e': case 'f': case 'g': case 'a':
637 case 'E': case 'F': case 'G': case 'A':
638 if (xp && p<0) goto overflow;
639 l = fmt_fp(f, arg.f, w, p, fl, t);
640 if (l<0) goto overflow;
641 continue;
642 }
643
644 if (p < z-a) p = z-a;
645 if (p > INT_MAX-pl) goto overflow;
646 if (w < pl+p) w = pl+p;
647 if (w > INT_MAX-cnt) goto overflow;
648
649 pad(f, ' ', w, pl+p, fl);
650 out(f, prefix, pl);
651 pad(f, '0', w, pl+p, fl^ZERO_PAD);
652 pad(f, '0', p, z-a, 0);
653 out(f, a, z-a);
654 pad(f, ' ', w, pl+p, fl^LEFT_ADJ);
655
656 l = w;
657 }
658
659 if (f) return cnt;
660 if (!l10n) return 0;
661
662 for (i=1; i<=NL_ARGMAX && nl_type[i]; i++)
663 pop_arg(nl_arg+i, nl_type[i], ap);
664 for (; i<=NL_ARGMAX && !nl_type[i]; i++);
665 if (i<=NL_ARGMAX) goto inval;
666 return 1;
667
668 inval:
669 errno = EINVAL;
670 return -1;
671 overflow:
672 errno = EOVERFLOW;
673 return -1;
674 }
675
vfprintf(FILE *restrict f, const char *restrict fmt, va_list ap)676 int vfprintf(FILE *restrict f, const char *restrict fmt, va_list ap)
677 {
678 va_list ap2;
679 int nl_type[NL_ARGMAX+1] = {0};
680 union arg nl_arg[NL_ARGMAX+1];
681 unsigned char internal_buf[80], *saved_buf = 0;
682 int olderr;
683 int ret;
684
685 /* the copy allows passing va_list* even if va_list is an array */
686 va_copy(ap2, ap);
687
688 FLOCK(f);
689 olderr = f->flags & F_ERR;
690 if (f->mode < 1) f->flags &= ~F_ERR;
691
692 if (!f->buf_size && f->buf != NULL) {
693 saved_buf = f->buf;
694 f->buf = internal_buf;
695 f->buf_size = sizeof internal_buf;
696 f->wpos = f->wbase = f->wend = 0;
697 }
698 if (!f->wend && __towrite(f)) ret = -1;
699 else ret = printf_core(f, fmt, &ap2, nl_arg, nl_type, 0);
700 if (saved_buf) {
701 if (!(f->flags & F_PBUF)) {
702 f->write(f, 0, 0);
703 } else {
704 *saved_buf = '\0';
705 }
706 if (!f->wpos) ret = -1;
707 f->buf = saved_buf;
708 f->buf_size = 0;
709 f->wpos = f->wbase = f->wend = 0;
710 } else {
711 if (f->flags & F_PBUF) {
712 *f->wpos = '\0';
713 }
714 }
715
716 if (f->flags & F_ERR) ret = -1;
717 f->flags |= olderr;
718 FUNLOCK(f);
719 va_end(ap2);
720 return ret;
721 }
722