• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright 2006-2009 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifdef UNSAFE_BUFFERS_BUILD
6 // TODO(crbug.com/40284755): Remove this and spanify to fix the errors.
7 #pragma allow_unsafe_buffers
8 #endif
9 
10 #include "base/posix/safe_strerror.h"
11 
12 #include <errno.h>
13 #include <stdio.h>
14 #include <string.h>
15 
16 #include "build/build_config.h"
17 
18 namespace base {
19 
20 #if defined(__GLIBC__) || BUILDFLAG(IS_NACL)
21 #define USE_HISTORICAL_STRERROR_R 1
22 // Post-L versions of bionic define the GNU-specific strerror_r if _GNU_SOURCE
23 // is defined, but the symbol is renamed to __gnu_strerror_r which only exists
24 // on those later versions. For parity, add the same condition as bionic.
25 #elif defined(__BIONIC__) && defined(_GNU_SOURCE) && __ANDROID_API__ >= 23
26 #define USE_HISTORICAL_STRERROR_R 1
27 #else
28 #define USE_HISTORICAL_STRERROR_R 0
29 #endif
30 
31 #if USE_HISTORICAL_STRERROR_R
32 // glibc has two strerror_r functions: a historical GNU-specific one that
33 // returns type char *, and a POSIX.1-2001 compliant one available since 2.3.4
34 // that returns int. This wraps the GNU-specific one.
wrap_posix_strerror_r(char * (* strerror_r_ptr)(int,char *,size_t),int err,char * buf,size_t len)35 [[maybe_unused]] static void wrap_posix_strerror_r(
36     char* (*strerror_r_ptr)(int, char*, size_t),
37     int err,
38     char* buf,
39     size_t len) {
40   // GNU version.
41   char *rc = (*strerror_r_ptr)(err, buf, len);
42   if (rc != buf) {
43     // glibc did not use buf and returned a static string instead. Copy it
44     // into buf.
45     buf[0] = '\0';
46     strncat(buf, rc, len - 1);
47   }
48   // The GNU version never fails. Unknown errors get an "unknown error" message.
49   // The result is always null terminated.
50 }
51 #endif  // USE_HISTORICAL_STRERROR_R
52 
53 // Wrapper for strerror_r functions that implement the POSIX interface. POSIX
54 // does not define the behaviour for some of the edge cases, so we wrap it to
55 // guarantee that they are handled. This is compiled on all POSIX platforms, but
56 // it will only be used on Linux if the POSIX strerror_r implementation is
57 // being used (see below).
wrap_posix_strerror_r(int (* strerror_r_ptr)(int,char *,size_t),int err,char * buf,size_t len)58 [[maybe_unused]] static void wrap_posix_strerror_r(
59     int (*strerror_r_ptr)(int, char*, size_t),
60     int err,
61     char* buf,
62     size_t len) {
63   int old_errno = errno;
64   // Have to cast since otherwise we get an error if this is the GNU version
65   // (but in such a scenario this function is never called). Sadly we can't use
66   // C++-style casts because the appropriate one is reinterpret_cast but it's
67   // considered illegal to reinterpret_cast a type to itself, so we get an
68   // error in the opposite case.
69   int result = (*strerror_r_ptr)(err, buf, len);
70   if (result == 0) {
71     // POSIX is vague about whether the string will be terminated, although
72     // it indirectly implies that typically ERANGE will be returned, instead
73     // of truncating the string. We play it safe by always terminating the
74     // string explicitly.
75     buf[len - 1] = '\0';
76   } else {
77     // Error. POSIX is vague about whether the return value is itself a system
78     // error code or something else. On Linux currently it is -1 and errno is
79     // set. On BSD-derived systems it is a system error and errno is unchanged.
80     // We try and detect which case it is so as to put as much useful info as
81     // we can into our message.
82     int strerror_error;  // The error encountered in strerror
83     int new_errno = errno;
84     if (new_errno != old_errno) {
85       // errno was changed, so probably the return value is just -1 or something
86       // else that doesn't provide any info, and errno is the error.
87       strerror_error = new_errno;
88     } else {
89       // Either the error from strerror_r was the same as the previous value, or
90       // errno wasn't used. Assume the latter.
91       strerror_error = result;
92     }
93     // snprintf truncates and always null-terminates.
94     snprintf(buf,
95              len,
96              "Error %d while retrieving error %d",
97              strerror_error,
98              err);
99   }
100   errno = old_errno;
101 }
102 
safe_strerror_r(int err,char * buf,size_t len)103 void safe_strerror_r(int err, char *buf, size_t len) {
104   if (buf == nullptr || len <= 0) {
105     return;
106   }
107   // If using glibc (i.e., Linux), the compiler will automatically select the
108   // appropriate overloaded function based on the function type of strerror_r.
109   // The other one will be elided from the translation unit since both are
110   // static.
111   wrap_posix_strerror_r(&strerror_r, err, buf, len);
112 }
113 
safe_strerror(int err)114 std::string safe_strerror(int err) {
115   const int buffer_size = 256;
116   char buf[buffer_size];
117   safe_strerror_r(err, buf, sizeof(buf));
118   return std::string(buf);
119 }
120 
121 }  // namespace base
122