search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Bug 1777320 [wpt PR 34649] - Update CSS toggles parsing/computation code to spec...
[gecko.git] / xpcom / string / nsTextFormatter.cpp
blobc739cd152b60fde42d2c1b46cd1f1e252424e036
1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
3 /* This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
6
7 /*
8 * Portable safe sprintf code.
9 *
10 * Code based on mozilla/nsprpub/src/io/prprf.c rev 3.7
11 *
12 * Contributor(s):
13 * Kipp E.B. Hickman <kipp@netscape.com> (original author)
14 * Frank Yung-Fong Tang <ftang@netscape.com>
15 * Daniele Nicolodi <daniele@grinta.net>
16 */
17
18 /*
19 * Copied from xpcom/ds/nsTextFormatter.cpp r1.22
20 * Changed to use nsMemory and Frozen linkage
21 * -- Prasad <prasad@medhas.org>
22 */
23
24 #include <stddef.h>
25 #include <stdio.h>
26 #include <string.h>
27 #include "prdtoa.h"
28 #include "mozilla/Logging.h"
29 #include "mozilla/Sprintf.h"
30 #include "nsCRTGlue.h"
31 #include "nsTextFormatter.h"
32 #include "nsMemory.h"
33
34 struct nsTextFormatter::SprintfStateStr {
35 int (*stuff)(SprintfStateStr* aState, const char16_t* aStr, uint32_t aLen);
36
37 char16_t* base;
38 char16_t* cur;
39 uint32_t maxlen;
40
41 void* stuffclosure;
42 };
43
44 #define _LEFT 0x1
45 #define _SIGNED 0x2
46 #define _SPACED 0x4
47 #define _ZEROS 0x8
48 #define _NEG 0x10
49 #define _UNSIGNED 0x20
50
51 #define ELEMENTS_OF(array_) (sizeof(array_) / sizeof(array_[0]))
52
53 /*
54 ** Fill into the buffer using the data in src
55 */
56 int nsTextFormatter::fill2(SprintfStateStr* aState, const char16_t* aSrc,
57 int aSrcLen, int aWidth, int aFlags) {
58 char16_t space = ' ';
59 int rv;
60
61 aWidth -= aSrcLen;
62 /* Right adjusting */
63 if ((aWidth > 0) && ((aFlags & _LEFT) == 0)) {
64 if (aFlags & _ZEROS) {
65 space = '0';
66 }
67 while (--aWidth >= 0) {
68 rv = (*aState->stuff)(aState, &space, 1);
69 if (rv < 0) {
70 return rv;
71 }
72 }
73 }
74
75 /* Copy out the source data */
76 rv = (*aState->stuff)(aState, aSrc, aSrcLen);
77 if (rv < 0) {
78 return rv;
79 }
80
81 /* Left adjusting */
82 if ((aWidth > 0) && ((aFlags & _LEFT) != 0)) {
83 while (--aWidth >= 0) {
84 rv = (*aState->stuff)(aState, &space, 1);
85 if (rv < 0) {
86 return rv;
87 }
88 }
89 }
90 return 0;
91 }
92
93 /*
94 ** Fill a number. The order is: optional-sign zero-filling conversion-digits
95 */
96 int nsTextFormatter::fill_n(nsTextFormatter::SprintfStateStr* aState,
97 const char16_t* aSrc, int aSrcLen, int aWidth,
98 int aPrec, int aFlags) {
99 int zerowidth = 0;
100 int precwidth = 0;
101 int signwidth = 0;
102 int leftspaces = 0;
103 int rightspaces = 0;
104 int cvtwidth;
105 int rv;
106 char16_t sign;
107 char16_t space = ' ';
108 char16_t zero = '0';
109
110 if ((aFlags & _UNSIGNED) == 0) {
111 if (aFlags & _NEG) {
112 sign = '-';
113 signwidth = 1;
114 } else if (aFlags & _SIGNED) {
115 sign = '+';
116 signwidth = 1;
117 } else if (aFlags & _SPACED) {
118 sign = ' ';
119 signwidth = 1;
120 }
121 }
122 cvtwidth = signwidth + aSrcLen;
123
124 if (aPrec > 0) {
125 if (aPrec > aSrcLen) {
126 /* Need zero filling */
127 precwidth = aPrec - aSrcLen;
128 cvtwidth += precwidth;
129 }
130 }
131
132 if ((aFlags & _ZEROS) && (aPrec < 0)) {
133 if (aWidth > cvtwidth) {
134 /* Zero filling */
135 zerowidth = aWidth - cvtwidth;
136 cvtwidth += zerowidth;
137 }
138 }
139
140 if (aFlags & _LEFT) {
141 if (aWidth > cvtwidth) {
142 /* Space filling on the right (i.e. left adjusting) */
143 rightspaces = aWidth - cvtwidth;
144 }
145 } else {
146 if (aWidth > cvtwidth) {
147 /* Space filling on the left (i.e. right adjusting) */
148 leftspaces = aWidth - cvtwidth;
149 }
150 }
151 while (--leftspaces >= 0) {
152 rv = (*aState->stuff)(aState, &space, 1);
153 if (rv < 0) {
154 return rv;
155 }
156 }
157 if (signwidth) {
158 rv = (*aState->stuff)(aState, &sign, 1);
159 if (rv < 0) {
160 return rv;
161 }
162 }
163 while (--precwidth >= 0) {
164 rv = (*aState->stuff)(aState, &space, 1);
165 if (rv < 0) {
166 return rv;
167 }
168 }
169 while (--zerowidth >= 0) {
170 rv = (*aState->stuff)(aState, &zero, 1);
171 if (rv < 0) {
172 return rv;
173 }
174 }
175 rv = (*aState->stuff)(aState, aSrc, aSrcLen);
176 if (rv < 0) {
177 return rv;
178 }
179 while (--rightspaces >= 0) {
180 rv = (*aState->stuff)(aState, &space, 1);
181 if (rv < 0) {
182 return rv;
183 }
184 }
185 return 0;
186 }
187
188 /*
189 ** Convert a 64-bit integer into its printable form
190 */
191 int nsTextFormatter::cvt_ll(SprintfStateStr* aState, uint64_t aNum, int aWidth,
192 int aPrec, int aRadix, int aFlags,
193 const char16_t* aHexStr) {
194 char16_t cvtbuf[100];
195 char16_t* cvt;
196 int digits;
197
198 /* according to the man page this needs to happen */
199 if (aPrec == 0 && aNum == 0) {
200 return 0;
201 }
202
203 /*
204 ** Converting decimal is a little tricky. In the unsigned case we
205 ** need to stop when we hit 10 digits. In the signed case, we can
206 ** stop when the number is zero.
207 */
208 cvt = &cvtbuf[0] + ELEMENTS_OF(cvtbuf);
209 digits = 0;
210 while (aNum != 0) {
211 uint64_t quot = aNum / aRadix;
212 uint64_t rem = aNum % aRadix;
213 *--cvt = aHexStr[rem & 0xf];
214 digits++;
215 aNum = quot;
216 }
217 if (digits == 0) {
218 *--cvt = '0';
219 digits++;
220 }
221
222 /*
223 ** Now that we have the number converted without its sign, deal with
224 ** the sign and zero padding.
225 */
226 return fill_n(aState, cvt, digits, aWidth, aPrec, aFlags);
227 }
228
229 /*
230 ** Convert a double precision floating point number into its printable
231 ** form.
232 */
233 int nsTextFormatter::cvt_f(SprintfStateStr* aState, double aDouble, int aWidth,
234 int aPrec, const char16_t aType, int aFlags) {
235 int mode = 2;
236 int decpt;
237 int sign;
238 char buf[256];
239 char* bufp = buf;
240 int bufsz = 256;
241 char num[256];
242 char* nump;
243 char* endnum;
244 int numdigits = 0;
245 char exp = 'e';
246
247 if (aPrec == -1) {
248 aPrec = 6;
249 } else if (aPrec > 50) {
250 // limit precision to avoid PR_dtoa bug 108335
251 // and to prevent buffers overflows
252 aPrec = 50;
253 }
254
255 switch (aType) {
256 case 'f':
257 numdigits = aPrec;
258 mode = 3;
259 break;
260 case 'E':
261 exp = 'E';
262 [[fallthrough]];
263 case 'e':
264 numdigits = aPrec + 1;
265 mode = 2;
266 break;
267 case 'G':
268 exp = 'E';
269 [[fallthrough]];
270 case 'g':
271 if (aPrec == 0) {
272 aPrec = 1;
273 }
274 numdigits = aPrec;
275 mode = 2;
276 break;
277 default:
278 NS_ERROR("invalid aType passed to cvt_f");
279 }
280
281 if (PR_dtoa(aDouble, mode, numdigits, &decpt, &sign, &endnum, num, bufsz) ==
282 PR_FAILURE) {
283 buf[0] = '\0';
284 return -1;
285 }
286 numdigits = endnum - num;
287 nump = num;
288
289 if (sign) {
290 *bufp++ = '-';
291 } else if (aFlags & _SIGNED) {
292 *bufp++ = '+';
293 }
294
295 if (decpt == 9999) {
296 while ((*bufp++ = *nump++)) {
297 }
298 } else {
299 switch (aType) {
300 case 'E':
301 case 'e':
302
303 *bufp++ = *nump++;
304 if (aPrec > 0) {
305 *bufp++ = '.';
306 while (*nump) {
307 *bufp++ = *nump++;
308 aPrec--;
309 }
310 while (aPrec-- > 0) {
311 *bufp++ = '0';
312 }
313 }
314 *bufp++ = exp;
315
316 ::snprintf(bufp, bufsz - (bufp - buf), "%+03d", decpt - 1);
317 break;
318
319 case 'f':
320
321 if (decpt < 1) {
322 *bufp++ = '0';
323 if (aPrec > 0) {
324 *bufp++ = '.';
325 while (decpt++ && aPrec-- > 0) {
326 *bufp++ = '0';
327 }
328 while (*nump && aPrec-- > 0) {
329 *bufp++ = *nump++;
330 }
331 while (aPrec-- > 0) {
332 *bufp++ = '0';
333 }
334 }
335 } else {
336 while (*nump && decpt-- > 0) {
337 *bufp++ = *nump++;
338 }
339 while (decpt-- > 0) {
340 *bufp++ = '0';
341 }
342 if (aPrec > 0) {
343 *bufp++ = '.';
344 while (*nump && aPrec-- > 0) {
345 *bufp++ = *nump++;
346 }
347 while (aPrec-- > 0) {
348 *bufp++ = '0';
349 }
350 }
351 }
352 *bufp = '\0';
353 break;
354
355 case 'G':
356 case 'g':
357
358 if ((decpt < -3) || ((decpt - 1) >= aPrec)) {
359 *bufp++ = *nump++;
360 numdigits--;
361 if (numdigits > 0) {
362 *bufp++ = '.';
363 while (*nump) {
364 *bufp++ = *nump++;
365 }
366 }
367 *bufp++ = exp;
368 ::snprintf(bufp, bufsz - (bufp - buf), "%+03d", decpt - 1);
369 } else {
370 if (decpt < 1) {
371 *bufp++ = '0';
372 if (aPrec > 0) {
373 *bufp++ = '.';
374 while (decpt++) {
375 *bufp++ = '0';
376 }
377 while (*nump) {
378 *bufp++ = *nump++;
379 }
380 }
381 } else {
382 while (*nump && decpt-- > 0) {
383 *bufp++ = *nump++;
384 numdigits--;
385 }
386 while (decpt-- > 0) {
387 *bufp++ = '0';
388 }
389 if (numdigits > 0) {
390 *bufp++ = '.';
391 while (*nump) {
392 *bufp++ = *nump++;
393 }
394 }
395 }
396 *bufp = '\0';
397 }
398 }
399 }
400
401 char16_t rbuf[256];
402 char16_t* rbufp = rbuf;
403 bufp = buf;
404 // cast to char16_t
405 while ((*rbufp++ = *bufp++)) {
406 }
407 *rbufp = '\0';
408
409 return fill2(aState, rbuf, NS_strlen(rbuf), aWidth, aFlags);
410 }
411
412 /*
413 ** Convert a string into its printable form. |aWidth| is the output
414 ** width. |aPrec| is the maximum number of characters of |aStr| to output,
415 ** where -1 means until NUL.
416 */
417 int nsTextFormatter::cvt_S(SprintfStateStr* aState, const char16_t* aStr,
418 int aWidth, int aPrec, int aFlags) {
419 int slen;
420
421 if (aPrec == 0) {
422 return 0;
423 }
424
425 /* Limit string length by precision value */
426 slen = aStr ? NS_strlen(aStr) : 6;
427 if (aPrec > 0) {
428 if (aPrec < slen) {
429 slen = aPrec;
430 }
431 }
432
433 /* and away we go */
434 return fill2(aState, aStr ? aStr : u"(null)", slen, aWidth, aFlags);
435 }
436
437 /*
438 ** Convert a string into its printable form. |aWidth| is the output
439 ** width. |aPrec| is the maximum number of characters of |aStr| to output,
440 ** where -1 means until NUL.
441 */
442 int nsTextFormatter::cvt_s(nsTextFormatter::SprintfStateStr* aState,
443 const char* aStr, int aWidth, int aPrec,
444 int aFlags) {
445 // Be sure to handle null the same way as %S.
446 if (aStr == nullptr) {
447 return cvt_S(aState, nullptr, aWidth, aPrec, aFlags);
448 }
449 NS_ConvertUTF8toUTF16 utf16Val(aStr);
450 return cvt_S(aState, utf16Val.get(), aWidth, aPrec, aFlags);
451 }
452
453 /*
454 ** The workhorse sprintf code.
455 */
456 int nsTextFormatter::dosprintf(SprintfStateStr* aState, const char16_t* aFmt,
457 mozilla::Span<BoxedValue> aValues) {
458 static const char16_t space = ' ';
459 static const char16_t hex[] = u"0123456789abcdef";
460 static const char16_t HEX[] = u"0123456789ABCDEF";
461 static const BoxedValue emptyString(u"");
462
463 char16_t c;
464 int flags, width, prec, radix;
465
466 const char16_t* hexp;
467
468 // Next argument for non-numbered arguments.
469 size_t nextNaturalArg = 0;
470 // True if we ever saw a numbered argument.
471 bool sawNumberedArg = false;
472
473 while ((c = *aFmt++) != 0) {
474 int rv;
475
476 if (c != '%') {
477 rv = (*aState->stuff)(aState, aFmt - 1, 1);
478 if (rv < 0) {
479 return rv;
480 }
481 continue;
482 }
483
484 // Save the location of the "%" in case we decide it isn't a
485 // format and want to just emit the text from the format string.
486 const char16_t* percentPointer = aFmt - 1;
487
488 /*
489 ** Gobble up the % format string. Hopefully we have handled all
490 ** of the strange cases!
491 */
492 flags = 0;
493 c = *aFmt++;
494 if (c == '%') {
495 /* quoting a % with %% */
496 rv = (*aState->stuff)(aState, aFmt - 1, 1);
497 if (rv < 0) {
498 return rv;
499 }
500 continue;
501 }
502
503 // Check for a numbered argument.
504 bool sawWidth = false;
505 const BoxedValue* thisArg = nullptr;
506 if (c >= '0' && c <= '9') {
507 size_t argNumber = 0;
508 while (c && c >= '0' && c <= '9') {
509 argNumber = (argNumber * 10) + (c - '0');
510 c = *aFmt++;
511 }
512
513 if (c == '$') {
514 // Mixing numbered arguments and implicit arguments is
515 // disallowed.
516 if (nextNaturalArg > 0) {
517 return -1;
518 }
519
520 c = *aFmt++;
521
522 // Numbered arguments start at 1.
523 --argNumber;
524 if (argNumber >= aValues.Length()) {
525 // A correctness issue but not a safety issue.
526 MOZ_ASSERT(false);
527 thisArg = &emptyString;
528 } else {
529 thisArg = &aValues[argNumber];
530 }
531 sawNumberedArg = true;
532 } else {
533 width = argNumber;
534 sawWidth = true;
535 }
536 }
537
538 if (!sawWidth) {
539 /*
540 * Examine optional flags. Note that we do not implement the
541 * '#' flag of sprintf(). The ANSI C spec. of the '#' flag is
542 * somewhat ambiguous and not ideal, which is perhaps why
543 * the various sprintf() implementations are inconsistent
544 * on this feature.
545 */
546 while ((c == '-') || (c == '+') || (c == ' ') || (c == '0')) {
547 if (c == '-') {
548 flags |= _LEFT;
549 }
550 if (c == '+') {
551 flags |= _SIGNED;
552 }
553 if (c == ' ') {
554 flags |= _SPACED;
555 }
556 if (c == '0') {
557 flags |= _ZEROS;
558 }
559 c = *aFmt++;
560 }
561 if (flags & _SIGNED) {
562 flags &= ~_SPACED;
563 }
564 if (flags & _LEFT) {
565 flags &= ~_ZEROS;
566 }
567
568 /* width */
569 if (c == '*') {
570 // Not supported with numbered arguments.
571 if (sawNumberedArg) {
572 return -1;
573 }
574
575 if (nextNaturalArg >= aValues.Length() ||
576 !aValues[nextNaturalArg].IntCompatible()) {
577 // A correctness issue but not a safety issue.
578 MOZ_ASSERT(false);
579 width = 0;
580 } else {
581 width = aValues[nextNaturalArg++].mValue.mInt;
582 }
583 c = *aFmt++;
584 } else {
585 width = 0;
586 while ((c >= '0') && (c <= '9')) {
587 width = (width * 10) + (c - '0');
588 c = *aFmt++;
589 }
590 }
591 }
592
593 /* precision */
594 prec = -1;
595 if (c == '.') {
596 c = *aFmt++;
597 if (c == '*') {
598 // Not supported with numbered arguments.
599 if (sawNumberedArg) {
600 return -1;
601 }
602
603 if (nextNaturalArg >= aValues.Length() ||
604 !aValues[nextNaturalArg].IntCompatible()) {
605 // A correctness issue but not a safety issue.
606 MOZ_ASSERT(false);
607 } else {
608 prec = aValues[nextNaturalArg++].mValue.mInt;
609 }
610 c = *aFmt++;
611 } else {
612 prec = 0;
613 while ((c >= '0') && (c <= '9')) {
614 prec = (prec * 10) + (c - '0');
615 c = *aFmt++;
616 }
617 }
618 }
619
620 // If the argument isn't known yet, find it now. This is done
621 // after the width and precision code, in case '*' was used.
622 if (thisArg == nullptr) {
623 // Mixing numbered arguments and implicit arguments is
624 // disallowed.
625 if (sawNumberedArg) {
626 return -1;
627 }
628
629 if (nextNaturalArg >= aValues.Length()) {
630 // A correctness issue but not a safety issue.
631 MOZ_ASSERT(false);
632 thisArg = &emptyString;
633 } else {
634 thisArg = &aValues[nextNaturalArg++];
635 }
636 }
637
638 /* Size. Defaults to 32 bits. */
639 uint64_t mask = UINT32_MAX;
640 if (c == 'h') {
641 c = *aFmt++;
642 mask = UINT16_MAX;
643 } else if (c == 'L') {
644 c = *aFmt++;
645 mask = UINT64_MAX;
646 } else if (c == 'l') {
647 c = *aFmt++;
648 if (c == 'l') {
649 c = *aFmt++;
650 mask = UINT64_MAX;
651 } else {
652 mask = UINT32_MAX;
653 }
654 }
655
656 /* format */
657 hexp = hex;
658 radix = 10;
659 // Several `MOZ_ASSERT`s below check for argument compatibility
660 // with the format specifier. These are only debug assertions,
661 // not release assertions, and exist to catch problems in C++
662 // callers of `nsTextFormatter`, as we do not have compile-time
663 // checking of format strings. In release mode, these assertions
664 // will be no-ops, and we will fall through to printing the
665 // argument based on the known type of the argument.
666 switch (c) {
667 case 'd':
668 case 'i': /* decimal/integer */
669 MOZ_ASSERT(thisArg->IntCompatible());
670 break;
671
672 case 'o': /* octal */
673 MOZ_ASSERT(thisArg->IntCompatible());
674 radix = 8;
675 flags |= _UNSIGNED;
676 break;
677
678 case 'u': /* unsigned decimal */
679 MOZ_ASSERT(thisArg->IntCompatible());
680 radix = 10;
681 flags |= _UNSIGNED;
682 break;
683
684 case 'x': /* unsigned hex */
685 MOZ_ASSERT(thisArg->IntCompatible());
686 radix = 16;
687 flags |= _UNSIGNED;
688 break;
689
690 case 'X': /* unsigned HEX */
691 MOZ_ASSERT(thisArg->IntCompatible());
692 radix = 16;
693 hexp = HEX;
694 flags |= _UNSIGNED;
695 break;
696
697 case 'e':
698 case 'E':
699 case 'f':
700 case 'g':
701 case 'G':
702 MOZ_ASSERT(thisArg->mKind == DOUBLE);
703 // Type-based printing below.
704 break;
705
706 case 'S':
707 MOZ_ASSERT(thisArg->mKind == STRING16);
708 // Type-based printing below.
709 break;
710
711 case 's':
712 MOZ_ASSERT(thisArg->mKind == STRING);
713 // Type-based printing below.
714 break;
715
716 case 'c': {
717 if (!thisArg->IntCompatible()) {
718 MOZ_ASSERT(false);
719 // Type-based printing below.
720 break;
721 }
722
723 if ((flags & _LEFT) == 0) {
724 while (width-- > 1) {
725 rv = (*aState->stuff)(aState, &space, 1);
726 if (rv < 0) {
727 return rv;
728 }
729 }
730 }
731 char16_t ch = thisArg->mValue.mInt;
732 rv = (*aState->stuff)(aState, &ch, 1);
733 if (rv < 0) {
734 return rv;
735 }
736 if (flags & _LEFT) {
737 while (width-- > 1) {
738 rv = (*aState->stuff)(aState, &space, 1);
739 if (rv < 0) {
740 return rv;
741 }
742 }
743 }
744 }
745 continue;
746
747 case 'p':
748 if (!thisArg->PointerCompatible()) {
749 MOZ_ASSERT(false);
750 break;
751 }
752 static_assert(sizeof(uint64_t) >= sizeof(void*),
753 "pointers are larger than 64 bits");
754 rv = cvt_ll(aState, uintptr_t(thisArg->mValue.mPtr), width, prec, 16,
755 flags | _UNSIGNED, hexp);
756 if (rv < 0) {
757 return rv;
758 }
759 continue;
760
761 case 'n':
762 if (thisArg->mKind != INTPOINTER) {
763 return -1;
764 }
765
766 if (thisArg->mValue.mIntPtr != nullptr) {
767 *thisArg->mValue.mIntPtr = aState->cur - aState->base;
768 }
769 continue;
770
771 default:
772 /* Not a % token after all... skip it */
773 rv = (*aState->stuff)(aState, percentPointer, aFmt - percentPointer);
774 if (rv < 0) {
775 return rv;
776 }
777 continue;
778 }
779
780 // If we get here, we want to handle the argument according to its
781 // actual type; modified by the flags as appropriate.
782 switch (thisArg->mKind) {
783 case INT:
784 case UINT: {
785 int64_t val = thisArg->mValue.mInt;
786 if ((flags & _UNSIGNED) == 0 && val < 0) {
787 val = -val;
788 flags |= _NEG;
789 }
790 rv = cvt_ll(aState, uint64_t(val) & mask, width, prec, radix, flags,
791 hexp);
792 } break;
793 case INTPOINTER:
794 case POINTER:
795 // Always treat these as unsigned hex, no matter the format.
796 static_assert(sizeof(uint64_t) >= sizeof(void*),
797 "pointers are larger than 64 bits");
798 rv = cvt_ll(aState, uintptr_t(thisArg->mValue.mPtr), width, prec, 16,
799 flags | _UNSIGNED, hexp);
800 break;
801 case DOUBLE:
802 if (c != 'f' && c != 'E' && c != 'e' && c != 'G' && c != 'g') {
803 // Pick some default.
804 c = 'g';
805 }
806 rv = cvt_f(aState, thisArg->mValue.mDouble, width, prec, c, flags);
807 break;
808 case STRING:
809 rv = cvt_s(aState, thisArg->mValue.mString, width, prec, flags);
810 break;
811 case STRING16:
812 rv = cvt_S(aState, thisArg->mValue.mString16, width, prec, flags);
813 break;
814 default:
815 // Can't happen.
816 MOZ_ASSERT(0);
817 }
818
819 if (rv < 0) {
820 return rv;
821 }
822 }
823
824 return 0;
825 }
826
827 /************************************************************************/
828
829 int nsTextFormatter::StringStuff(nsTextFormatter::SprintfStateStr* aState,
830 const char16_t* aStr, uint32_t aLen) {
831 ptrdiff_t off = aState->cur - aState->base;
832
833 nsAString* str = static_cast<nsAString*>(aState->stuffclosure);
834 str->Append(aStr, aLen);
835
836 aState->base = str->BeginWriting();
837 aState->cur = aState->base + off;
838
839 return 0;
840 }
841
842 void nsTextFormatter::vssprintf(nsAString& aOut, const char16_t* aFmt,
843 mozilla::Span<BoxedValue> aValues) {
844 SprintfStateStr ss;
845 ss.stuff = StringStuff;
846 ss.base = 0;
847 ss.cur = 0;
848 ss.maxlen = 0;
849 ss.stuffclosure = &aOut;
850
851 aOut.Truncate();
852 dosprintf(&ss, aFmt, aValues);
853 }
854
855 /*
856 ** Stuff routine that discards overflow data
857 */
858 int nsTextFormatter::LimitStuff(SprintfStateStr* aState, const char16_t* aStr,
859 uint32_t aLen) {
860 uint32_t limit = aState->maxlen - (aState->cur - aState->base);
861
862 if (aLen > limit) {
863 aLen = limit;
864 }
865 while (aLen) {
866 --aLen;
867 *aState->cur++ = *aStr++;
868 }
869 return 0;
870 }
871
872 uint32_t nsTextFormatter::vsnprintf(char16_t* aOut, uint32_t aOutLen,
873 const char16_t* aFmt,
874 mozilla::Span<BoxedValue> aValues) {
875 SprintfStateStr ss;
876
877 MOZ_ASSERT((int32_t)aOutLen > 0);
878 if ((int32_t)aOutLen <= 0) {
879 return 0;
880 }
881
882 ss.stuff = LimitStuff;
883 ss.base = aOut;
884 ss.cur = aOut;
885 ss.maxlen = aOutLen;
886 int result = dosprintf(&ss, aFmt, aValues);
887
888 if (ss.cur == ss.base) {
889 return 0;
890 }
891
892 // Append a NUL. However, be sure not to count it in the returned
893 // length.
894 if (ss.cur - ss.base >= ptrdiff_t(ss.maxlen)) {
895 --ss.cur;
896 }
897 *ss.cur = '\0';
898
899 // Check the result now, so that an unterminated string can't
900 // possibly escape.
901 if (result < 0) {
902 return -1;
903 }
904
905 return ss.cur - ss.base;
906 }