1 /*-------------------------------------------------------------------------
4 * sprintf into an allocated-on-demand buffer
7 * Portions Copyright (c) 1996-2016, PostgreSQL Global Development Group
8 * Portions Copyright (c) 1994, Regents of the University of California
12 * src/common/psprintf.c
14 *-------------------------------------------------------------------------
21 #include "utils/memutils.h"
25 #include "postgres_fe.h"
27 /* It's possible we could use a different value for this in frontend code */
28 #define MaxAllocSize ((Size) 0x3fffffff) /* 1 gigabyte - 1 */
36 * Format text data under the control of fmt (an sprintf-style format string)
37 * and return it in an allocated-on-demand buffer. The buffer is allocated
38 * with palloc in the backend, or malloc in frontend builds. Caller is
39 * responsible to free the buffer when no longer needed, if appropriate.
41 * Errors are not returned to the caller, but are reported via elog(ERROR)
42 * in the backend, or printf-to-stderr-and-exit() in frontend builds.
43 * One should therefore think twice about using this in libpq.
46 psprintf(const char *fmt,...)
48 size_t len = 128; /* initial assumption about buffer size */
57 * Allocate result buffer. Note that in frontend this maps to malloc
60 result = (char *) palloc(len);
62 /* Try to format the data. */
64 newlen = pvsnprintf(result, len, fmt, args);
68 return result; /* success */
70 /* Release buffer and loop around to try again with larger len. */
79 * Attempt to format text data under the control of fmt (an sprintf-style
80 * format string) and insert it into buf (which has length len, len > 0).
82 * If successful, return the number of bytes emitted, not counting the
83 * trailing zero byte. This will always be strictly less than len.
85 * If there's not enough space in buf, return an estimate of the buffer size
86 * needed to succeed (this *must* be more than the given len, else callers
87 * might loop infinitely).
89 * Other error cases do not return, but exit via elog(ERROR) or exit().
90 * Hence, this shouldn't be used inside libpq.
92 * This function exists mainly to centralize our workarounds for
93 * non-C99-compliant vsnprintf implementations. Generally, any call that
94 * pays any attention to the return value should go through here rather
95 * than calling snprintf or vsnprintf directly.
97 * Note that the semantics of the return value are not exactly C99's.
98 * First, we don't promise that the estimated buffer size is exactly right;
99 * callers must be prepared to loop multiple times to get the right size.
100 * Second, we return the recommended buffer size, not one less than that;
101 * this lets overflow concerns be handled here rather than in the callers.
104 pvsnprintf(char *buf, size_t len, const char *fmt, va_list args)
113 * Assert check here is to catch buggy vsnprintf that overruns the
114 * specified buffer length. Solaris 7 in 64-bit mode is an example of a
115 * platform with such a bug.
117 #ifdef USE_ASSERT_CHECKING
121 nprinted = vsnprintf(buf, len, fmt, args);
123 Assert(buf[len - 1] == '\0');
126 * If vsnprintf reports an error other than ENOMEM, fail. The possible
127 * causes of this are not user-facing errors, so elog should be enough.
129 if (nprinted < 0 && errno != 0 && errno != ENOMEM)
132 elog(ERROR, "vsnprintf failed: %m");
134 fprintf(stderr, "vsnprintf failed: %s\n", strerror(errno));
140 * Note: some versions of vsnprintf return the number of chars actually
141 * stored, not the total space needed as C99 specifies. And at least one
142 * returns -1 on failure. Be conservative about believing whether the
145 if (nprinted >= 0 && (size_t) nprinted < len - 1)
147 /* Success. Note nprinted does not include trailing null. */
148 return (size_t) nprinted;
151 if (nprinted >= 0 && (size_t) nprinted > len)
154 * This appears to be a C99-compliant vsnprintf, so believe its
155 * estimate of the required space. (If it's wrong, the logic will
156 * still work, but we may loop multiple times.) Note that the space
157 * needed should be only nprinted+1 bytes, but we'd better allocate
158 * one more than that so that the test above will succeed next time.
160 * In the corner case where the required space just barely overflows,
161 * fall through so that we'll error out below (possibly after
164 if ((size_t) nprinted <= MaxAllocSize - 2)
169 * Buffer overrun, and we don't know how much space is needed. Estimate
170 * twice the previous buffer size, but not more than MaxAllocSize; if we
171 * are already at MaxAllocSize, choke. Note we use this palloc-oriented
172 * overflow limit even when in frontend.
174 if (len >= MaxAllocSize)
178 (errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED),
179 errmsg("out of memory")));
181 fprintf(stderr, _("out of memory\n"));
186 if (len >= MaxAllocSize / 2)