Update snprintf.c from OpenBSD. The floating point and wide character

author Todd C. Miller <Todd.Miller@courtesan.com>

Sat, 21 Feb 2015 23:52:14 +0000 (16:52 -0700)

committer Todd C. Miller <Todd.Miller@courtesan.com>

Sat, 21 Feb 2015 23:52:14 +0000 (16:52 -0700)
author Todd C. Miller <Todd.Miller@courtesan.com>
Sat, 21 Feb 2015 23:52:14 +0000 (16:52 -0700)
committer Todd C. Miller <Todd.Miller@courtesan.com>
Sat, 21 Feb 2015 23:52:14 +0000 (16:52 -0700)
diff --git a/config.h.in b/config.h.in

index 52edebe54dc301990fc5e5fe8d9a03258b7a590d..ef1282c0490d76403f81d8ec1dcde8f1ceb60c1e 100644 (file)
--- a/config.h.in
+++ b/config.h.in
@@ -1089,9 +1089,6 @@
  /* Define to 1 if you want sudo to set $HOME in shell mode. */
  #undef SHELL_SETS_HOME
  
-/* The size of `long int', as computed by sizeof. */
-#undef SIZEOF_LONG_INT
-
  /* Define to 1 to compile the sudoers plugin statically into the sudo binary.
     */
  #undef STATIC_SUDOERS_PLUGIN
@@ -1175,12 +1172,18 @@
  /* Define to `unsigned int' if <sys/types.h> does not define. */
  #undef ino_t
  
+/* Define to `long long' if <sys/types.h> does not define. */
+#undef intmax_t
+
  /* Define to `int' if <sys/types.h> does not define. */
  #undef mode_t
  
  /* Define to an OS-specific initialization function or `os_init_common'. */
  #undef os_init
  
+/* Define to `long' if <sys/types.h> does not define. */
+#undef ptrdiff_t
+
  /* Define to `size_t' if <sys/types.h> does not define. */
  #undef rsize_t
  
@@ -1208,6 +1211,9 @@
  /* Define to `unsigned char' if <sys/types.h> does not define. */
  #undef uint8_t
  
+/* Define to `unsigned long long' if <sys/types.h> does not define. */
+#undef uintmax_t
+
  /* Define to empty if the keyword `volatile' does not work. Warning: valid
     code using `volatile' can become incorrect without. Disable with care. */
  #undef volatile
diff --git a/configure b/configure

index f9b9c34d816676b86a6e2b2360fff904e5a33e1c..b2dd6d877fd0038e9b04dcedb1af349530f6e37e 100755 (executable)
--- a/configure
+++ b/configure
@@ -2352,189 +2352,6 @@ $as_echo "$ac_res" >&6; }
    eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
  
  } # ac_fn_c_check_member
-
-# ac_fn_c_compute_int LINENO EXPR VAR INCLUDES
-# --------------------------------------------
-# Tries to find the compile-time value of EXPR in a program that includes
-# INCLUDES, setting VAR accordingly. Returns whether the value could be
-# computed
-ac_fn_c_compute_int ()
-{
-  as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
-  if test "$cross_compiling" = yes; then
-    # Depending upon the size, compute the lo and hi bounds.
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-$4
-int
-main ()
-{
-static int test_array [1 - 2 * !(($2) >= 0)];
-test_array [0] = 0;
-return test_array [0];
-
-  ;
-  return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
-  ac_lo=0 ac_mid=0
-  while :; do
-    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-$4
-int
-main ()
-{
-static int test_array [1 - 2 * !(($2) <= $ac_mid)];
-test_array [0] = 0;
-return test_array [0];
-
-  ;
-  return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
-  ac_hi=$ac_mid; break
-else
-  as_fn_arith $ac_mid + 1 && ac_lo=$as_val
-                       if test $ac_lo -le $ac_mid; then
-                         ac_lo= ac_hi=
-                         break
-                       fi
-                       as_fn_arith 2 '*' $ac_mid + 1 && ac_mid=$as_val
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-  done
-else
-  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-$4
-int
-main ()
-{
-static int test_array [1 - 2 * !(($2) < 0)];
-test_array [0] = 0;
-return test_array [0];
-
-  ;
-  return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
-  ac_hi=-1 ac_mid=-1
-  while :; do
-    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-$4
-int
-main ()
-{
-static int test_array [1 - 2 * !(($2) >= $ac_mid)];
-test_array [0] = 0;
-return test_array [0];
-
-  ;
-  return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
-  ac_lo=$ac_mid; break
-else
-  as_fn_arith '(' $ac_mid ')' - 1 && ac_hi=$as_val
-                       if test $ac_mid -le $ac_hi; then
-                         ac_lo= ac_hi=
-                         break
-                       fi
-                       as_fn_arith 2 '*' $ac_mid && ac_mid=$as_val
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-  done
-else
-  ac_lo= ac_hi=
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-# Binary search between lo and hi bounds.
-while test "x$ac_lo" != "x$ac_hi"; do
-  as_fn_arith '(' $ac_hi - $ac_lo ')' / 2 + $ac_lo && ac_mid=$as_val
-  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-$4
-int
-main ()
-{
-static int test_array [1 - 2 * !(($2) <= $ac_mid)];
-test_array [0] = 0;
-return test_array [0];
-
-  ;
-  return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
-  ac_hi=$ac_mid
-else
-  as_fn_arith '(' $ac_mid ')' + 1 && ac_lo=$as_val
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-done
-case $ac_lo in #((
-?*) eval "$3=\$ac_lo"; ac_retval=0 ;;
-'') ac_retval=1 ;;
-esac
-  else
-    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-$4
-static long int longval () { return $2; }
-static unsigned long int ulongval () { return $2; }
-#include <stdio.h>
-#include <stdlib.h>
-int
-main ()
-{
-
-  FILE *f = fopen ("conftest.val", "w");
-  if (! f)
-    return 1;
-  if (($2) < 0)
-    {
-      long int i = longval ();
-      if (i != ($2))
-       return 1;
-      fprintf (f, "%ld", i);
-    }
-  else
-    {
-      unsigned long int i = ulongval ();
-      if (i != ($2))
-       return 1;
-      fprintf (f, "%lu", i);
-    }
-  /* Do not output a trailing newline, as this causes \r\n confusion
-     on some platforms.  */
-  return ferror (f) || fclose (f) != 0;
-
-  ;
-  return 0;
-}
-_ACEOF
-if ac_fn_c_try_run "$LINENO"; then :
-  echo >>conftest.val; read $3 <conftest.val; ac_retval=0
-else
-  ac_retval=1
-fi
-rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
-  conftest.$ac_objext conftest.beam conftest.$ac_ext
-rm -f conftest.val
-
-  fi
-  eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
-  as_fn_set_status $ac_retval
-
-} # ac_fn_c_compute_int
  cat >config.log <<_ACEOF
  This file contains any messages produced by compilers while
  running configure, to aid debugging if configure makes a mistake.
@@ -17756,39 +17573,6 @@ $as_echo "#define HAVE_LONG_LONG_INT 1" >>confdefs.h
  if test X"$ac_cv_type_long_long_int" != X"yes"; then
      as_fn_error $? "\"C compiler does not appear to support the long long int type\"" "$LINENO" 5
  fi
-# The cast to long int works around a bug in the HP C Compiler
-# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
-# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
-# This bug is HP SR number 8606223364.
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of long int" >&5
-$as_echo_n "checking size of long int... " >&6; }
-if ${ac_cv_sizeof_long_int+:} false; then :
-  $as_echo_n "(cached) " >&6
-else
-  if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (long int))" "ac_cv_sizeof_long_int"        "$ac_includes_default"; then :
-
-else
-  if test "$ac_cv_type_long_int" = yes; then
-     { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error 77 "cannot compute sizeof (long int)
-See \`config.log' for more details" "$LINENO" 5; }
-   else
-     ac_cv_sizeof_long_int=0
-   fi
-fi
-
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_long_int" >&5
-$as_echo "$ac_cv_sizeof_long_int" >&6; }
-
-
-
-cat >>confdefs.h <<_ACEOF
-#define SIZEOF_LONG_INT $ac_cv_sizeof_long_int
-_ACEOF
-
-
  ac_fn_c_check_type "$LINENO" "id_t" "ac_cv_type_id_t" "$ac_includes_default"
  if test "x$ac_cv_type_id_t" = xyes; then :
  
@@ -17844,6 +17628,39 @@ _ACEOF
  
  fi
  
+ac_fn_c_check_type "$LINENO" "ptrdiff_t" "ac_cv_type_ptrdiff_t" "$ac_includes_default"
+if test "x$ac_cv_type_ptrdiff_t" = xyes; then :
+
+else
+
+cat >>confdefs.h <<_ACEOF
+#define ptrdiff_t long
+_ACEOF
+
+fi
+
+ac_fn_c_check_type "$LINENO" "intmax_t" "ac_cv_type_intmax_t" "$ac_includes_default"
+if test "x$ac_cv_type_intmax_t" = xyes; then :
+
+else
+
+cat >>confdefs.h <<_ACEOF
+#define intmax_t long long
+_ACEOF
+
+fi
+
+ac_fn_c_check_type "$LINENO" "uintmax_t" "ac_cv_type_uintmax_t" "$ac_includes_default"
+if test "x$ac_cv_type_uintmax_t" = xyes; then :
+
+else
+
+cat >>confdefs.h <<_ACEOF
+#define uintmax_t unsigned long long
+_ACEOF
+
+fi
+
  ac_fn_c_check_type "$LINENO" "uint8_t" "ac_cv_type_uint8_t" "$ac_includes_default"
  if test "x$ac_cv_type_uint8_t" = xyes; then :
  
diff --git a/configure.ac b/configure.ac

index 10b7a20497be6b2a4e537a89783a1c43e763de1e..6aac79dcefaaa578109f25844bdad249123aa4da 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -2284,12 +2284,14 @@ AC_TYPE_LONG_LONG_INT
  if test X"$ac_cv_type_long_long_int" != X"yes"; then
      AC_MSG_ERROR(["C compiler does not appear to support the long long int type"])
  fi
-AC_CHECK_SIZEOF([long int])
  AC_CHECK_TYPE(id_t, unsigned int)
  AC_CHECK_TYPE(size_t, unsigned int)
  AC_CHECK_TYPE(ssize_t, int)
  AC_CHECK_TYPE(dev_t, int)
  AC_CHECK_TYPE(ino_t, unsigned int)
+AC_CHECK_TYPE(ptrdiff_t, long)
+AC_CHECK_TYPE(intmax_t, long long)
+AC_CHECK_TYPE(uintmax_t, unsigned long long)
  AC_CHECK_TYPE(uint8_t, unsigned char)
  AC_CHECK_TYPE(uint32_t, unsigned int)
  AC_CHECK_TYPE(uint64_t, unsigned long long)
diff --git a/lib/util/snprintf.c b/lib/util/snprintf.c

index 4987f516b00f7f65dabbf54049401af468318bf2..5cda8e2b66de1ff3acb94194b1063e7286da4b4f 100644 (file)
--- a/lib/util/snprintf.c
+++ b/lib/util/snprintf.c
@@ -1,6 +1,7 @@
-/*
- * Copyright (c) 1999-2005, 2008, 2010-2014
- *     Todd C. Miller <Todd.Miller@courtesan.com>
+/*     $OpenBSD: vfprintf.c,v 1.67 2014/12/21 00:23:30 daniel Exp $    */
+/*-
+ * Copyright (c) 1999-2005, 2008, 2010-2015
+ *      Todd C. Miller <Todd.Miller@courtesan.com>
   * Copyright (c) 1990, 1993
   *     The Regents of the University of California.  All rights reserved.
   *
@@ -31,12 +32,11 @@
   * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   * SUCH DAMAGE.
   *
- * From: @(#)vfprintf.c        8.1 (Berkeley) 6/4/93
+ * From: @(#)vfprintf.c 8.1 (Berkeley) 6/4/93
   */
  
  /*
- * v?snprintf/v?asprintf based on 4.4BSD stdio.
- * NOTE: does not support floating point.
+ * v?snprintf/v?asprintf based on OpenBSD vfprintf.c.
   */
  
  #include <config.h>
@@ -46,11 +46,17 @@
      defined(PREFER_PORTABLE_SNPRINTF)
  
  #include <sys/types.h>
+#include <sys/mman.h>
  
-#include <stdio.h>
+#include <errno.h>
+#ifdef HAVE_NL_LANGINFO
+# include <langinfo.h>
+#endif
+#include <limits.h>
+#include <stdarg.h>
  #ifdef STDC_HEADERS
-# include <stdlib.h>
  # include <stddef.h>
+# include <stdlib.h>
  #else
  # ifdef HAVE_STDLIB_H
  #  include <stdlib.h>
@@ -61,6 +67,7 @@
  #elif defined(HAVE_INTTYPES_H)
  # include <inttypes.h>
  #endif
+#include <stdio.h>
  #ifdef HAVE_STRING_H
  # if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS)
  #  include <memory.h>
@@ -73,176 +80,273 @@
  #if defined(HAVE_MALLOC_H) && !defined(STDC_HEADERS)
  # include <malloc.h>
  #endif /* HAVE_MALLOC_H && !STDC_HEADERS */
-#include <limits.h>
-#include <stdarg.h>
+#include <unistd.h>
+#ifdef PRINTF_WIDE_CHAR
+# include <wchar.h>
+#endif
  
  #include "sudo_compat.h"
  
+/* Avoid printf format attacks by ignoring the %n escape. */
+#define NO_PRINTF_PERCENT_N
+
+union arg {
+       int                     intarg;
+       unsigned int            uintarg;
+       long                    longarg;
+       unsigned long           ulongarg;
+       long long               longlongarg;
+       unsigned long long      ulonglongarg;
+       ptrdiff_t               ptrdiffarg;
+       size_t                  sizearg;
+       ssize_t                 ssizearg;
+       intmax_t                intmaxarg;
+       uintmax_t               uintmaxarg;
+       void                    *pvoidarg;
+       char                    *pchararg;
+       signed char             *pschararg;
+       short                   *pshortarg;
+       int                     *pintarg;
+       long                    *plongarg;
+       long long               *plonglongarg;
+       ptrdiff_t               *pptrdiffarg;
+       ssize_t                 *pssizearg;
+       intmax_t                *pintmaxarg;
+#ifdef FLOATING_POINT
+       double                  doublearg;
+       long double             longdoublearg;
+#endif
+#ifdef PRINTF_WIDE_CHAR
+       wint_t                  wintarg;
+       wchar_t                 *pwchararg;
+#endif
+};
+
+static int __find_arguments(const char *fmt0, va_list ap, union arg **argtable,
+    size_t *argtablesiz);
+static int __grow_type_table(unsigned char **typetable, int *tablesize);
  static int xxxprintf(char **, size_t, int, const char *, va_list);
  
+#if !defined(MAP_ANON) && defined(MAP_ANONYMOUS)
+# define MAP_ANON MAP_ANONYMOUS
+#endif
+
  /*
- * Macros for converting digits to letters and vice versa
+ * Allocate "size" bytes via mmap.
   */
-#define        to_digit(c)     ((c) - '0')
-#define is_digit(c)    ((unsigned int)to_digit(c) <= 9)
-#define        to_char(n)      ((n) + '0')
+static void *
+mmap_alloc(size_t size)
+{
+       void *p;
+#ifndef MAP_ANON
+       int fd;
+
+       if ((fd = open("/dev/zero", O_RDWR)) == -1)
+               return NULL;
+       p = mmap(NULL, size, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
+       close(fd);
+#else
+       p = mmap(NULL, size, PROT_READ | PROT_WRITE, MAP_PRIVATE|MAP_ANON, -1, 0);
+#endif
+       if (p == MAP_FAILED)
+               return NULL;
+       return p;
+}
  
  /*
- * Flags used during conversion.
+ * Unmap "size" bytes of the ptr.
   */
-#define        ALT             0x001           /* alternate form */
-#define        HEXPREFIX       0x002           /* add 0x or 0X prefix */
-#define        LADJUST         0x004           /* left adjustment */
-#define        LONGDBL         0x008           /* long double; unimplemented */
-#define        LONGINT         0x010           /* long integer */
-#define        LLONGINT                0x020           /* quad integer */
-#define        SHORTINT        0x040           /* short integer */
-#define        ZEROPAD         0x080           /* zero (as opposed to blank) pad */
-
-#define BUF            68
+static void
+mmap_free(void *ptr, size_t size)
+{
+       if (ptr != NULL)
+               munmap(ptr, size);
+}
  
+#ifdef PRINTF_WIDE_CHAR
  /*
- * Convert an unsigned long to ASCII for printf purposes, returning
- * a pointer to the first character of the string representation.
- * Octal numbers can be forced to have a leading zero; hex numbers
- * use the given digits.
+ * Convert a wide character string argument for the %ls format to a multibyte
+ * string representation. If not -1, prec specifies the maximum number of
+ * bytes to output, and also means that we can't assume that the wide char
+ * string is null-terminated.
   */
  static char *
-__ultoa(unsigned long val, char *endp, int base, int octzero, char *xdigs)
+__wcsconv(wchar_t *wcsarg, int prec)
  {
-       char *cp = endp;
-       long sval;
+       mbstate_t mbs;
+       char buf[MB_LEN_MAX];
+       wchar_t *p;
+       char *convbuf;
+       size_t clen, nbytes;
  
-       /*
-        * Handle the three cases separately, in the hope of getting
-        * better/faster code.
-        */
-       switch (base) {
-       case 10:
-               if (val < 10) { /* many numbers are 1 digit */
-                       *--cp = to_char(val);
-                       return cp;
+       /* Allocate space for the maximum number of bytes we could output. */
+       if (prec < 0) {
+               memset(&mbs, 0, sizeof(mbs));
+               p = wcsarg;
+               nbytes = wcsrtombs(NULL, (const wchar_t **)&p, 0, &mbs);
+               if (nbytes == (size_t)-1) {
+                       errno = EILSEQ;
+                       return NULL;
                 }
+       } else {
                 /*
-                * On many machines, unsigned arithmetic is harder than
-                * signed arithmetic, so we do at most one unsigned mod and
-                * divide; this is sufficient to reduce the range of
-                * the incoming value to where signed arithmetic works.
+                * Optimisation: if the output precision is small enough,
+                * just allocate enough memory for the maximum instead of
+                * scanning the string.
                  */
-               if (val > LONG_MAX) {
-                       *--cp = to_char(val % 10);
-                       sval = val / 10;
-               } else
-                       sval = val;
-               do {
-                       *--cp = to_char(sval % 10);
-                       sval /= 10;
-               } while (sval != 0);
-               break;
-
-       case 8:
-               do {
-                       *--cp = to_char(val & 7);
-                       val >>= 3;
-               } while (val);
-               if (octzero && *cp != '0')
-                       *--cp = '0';
-               break;
-
-       case 16:
-               do {
-                       *--cp = xdigs[val & 15];
-                       val >>= 4;
-               } while (val);
-               break;
+               if (prec < 128)
+                       nbytes = prec;
+               else {
+                       nbytes = 0;
+                       p = wcsarg;
+                       memset(&mbs, 0, sizeof(mbs));
+                       for (;;) {
+                               clen = wcrtomb(buf, *p++, &mbs);
+                               if (clen == 0 || clen == (size_t)-1 ||
+                                   nbytes + clen > (size_t)prec)
+                                       break;
+                               nbytes += clen;
+                       }
+                       if (clen == (size_t)-1) {
+                               errno = EILSEQ;
+                               return NULL;
+                       }
+               }
+       }
+       if ((convbuf = malloc(nbytes + 1)) == NULL)
+               return NULL;
  
-       default:                        /* oops */
-               abort();
+       /* Fill the output buffer. */
+       p = wcsarg;
+       memset(&mbs, 0, sizeof(mbs));
+       if ((nbytes = wcsrtombs(convbuf, (const wchar_t **)&p,
+           nbytes, &mbs)) == (size_t)-1) {
+               free(convbuf);
+               errno = EILSEQ;
+               return NULL;
         }
-       return cp;
+       convbuf[nbytes] = '\0';
+       return convbuf;
  }
+#endif
  
-/* Identical to __ultoa, but for quads. */
-#if SIZEOF_LONG_INT == 8
-# define __ulltoa(v, e, b, o, x) __ultoa((unsigned long)(v), (e), (b), (o), (x))
-#else
-static char *
-__ulltoa(unsigned long long val, char *endp, int base, int octzero, char *xdigs)
-{
-       char *cp = endp;
-       long long sval;
-
-       /* quick test for small values; __ultoa is typically much faster */
-       /* (perhaps instead we should run until small, then call __ultoa?) */
-       if (val <= (unsigned long long)ULONG_MAX)
-               return __ultoa((unsigned long)val, endp, base, octzero, xdigs);
-       switch (base) {
-       case 10:
-               if (val < 10) {
-                       *--cp = to_char(val % 10);
-                       return cp;
-               }
-               if (val > LLONG_MAX) {
-                       *--cp = to_char(val % 10);
-                       sval = val / 10;
-               } else
-                       sval = val;
-               do {
-                       *--cp = to_char(sval % 10);
-                       sval /= 10;
-               } while (sval != 0);
-               break;
+#ifdef FLOATING_POINT
+#include <float.h>
+#include <locale.h>
+#include <math.h>
+#include "floatio.h"
+#include "gdtoa.h"
  
-       case 8:
-               do {
-                       *--cp = to_char(val & 7);
-                       val >>= 3;
-               } while (val);
-               if (octzero && *cp != '0')
-                       *--cp = '0';
-               break;
-
-       case 16:
-               do {
-                       *--cp = xdigs[val & 15];
-                       val >>= 4;
-               } while (val);
-               break;
+#define        DEFPREC         6
  
-       default:                        /* oops */
-               abort();
-       }
-       return cp;
-}
-#endif /* !SIZEOF_LONG_INT */
+static int exponent(char *, int, int);
+#endif /* FLOATING_POINT */
  
  /*
- * Actual printf innards.
+ * The size of the buffer we use as scratch space for integer
+ * conversions, among other things.  Technically, we would need the
+ * most space for base 10 conversions with thousands' grouping
+ * characters between each pair of digits.  100 bytes is a
+ * conservative overestimate even for a 128-bit uintmax_t.
+ */
+#define BUF    100
+
+#define STATIC_ARG_TBL_SIZE 8  /* Size of static argument table. */
+
+
+/*
+ * Macros for converting digits to letters and vice versa
+ */
+#define        to_digit(c)     ((c) - '0')
+#define is_digit(c)    ((unsigned int)to_digit(c) <= 9)
+#define        to_char(n)      ((n) + '0')
+
+/*
+ * Flags used during conversion.
   */
+#define        ALT             0x0001          /* alternate form */
+#define        LADJUST         0x0004          /* left adjustment */
+#define        LONGDBL         0x0008          /* long double */
+#define        LONGINT         0x0010          /* long integer */
+#define        LLONGINT        0x0020          /* long long integer */
+#define        SHORTINT        0x0040          /* short integer */
+#define        ZEROPAD         0x0080          /* zero (as opposed to blank) pad */
+#define FPT            0x0100          /* Floating point number */
+#define PTRINT         0x0200          /* (unsigned) ptrdiff_t */
+#define SIZEINT                0x0400          /* (signed) size_t */
+#define CHARINT                0x0800          /* 8 bit integer */
+#undef MAXINT                          /* Also defined by HP-UX param.h... */
+#define MAXINT         0x1000          /* largest integer size (intmax_t) */
+
+/*
+ * Actual printf innards.
+  */
  static int
  xxxprintf(char **strp, size_t strsize, int alloc, const char *fmt0, va_list ap)
  {
         char *fmt;              /* format string */
         int ch;                 /* character from fmt */
-       int n;                  /* handy integer (short term usage) */
+       int n, n2;              /* handy integers (short term usage) */
         char *cp;               /* handy char pointer (short term usage) */
         int flags;              /* flags as above */
         int ret;                /* return value accumulator */
         int width;              /* width from format (%8d), or 0 */
-       int prec;               /* precision from format (%.3d), or -1 */
+       int prec;               /* precision from format; <0 for N/A */
         char sign;              /* sign prefix (' ', '+', '-', or \0) */
-       unsigned long ulval = 0; /* integer arguments %[diouxX] */
-       unsigned long long ullval = 0; /* long long arguments %ll[diouxX] */
-       int base;               /* base for [diouxX] conversion */
-       int dprec;              /* a copy of prec if [diouxX], 0 otherwise */
-       int fieldsz;            /* field size expanded by sign, etc */
+#ifdef FLOATING_POINT
+       /*
+        * We can decompose the printed representation of floating
+        * point numbers into several parts, some of which may be empty:
+        *
+        * [+|-| ] [0x|0X] MMM . NNN [e|E|p|P] [+|-] ZZ
+        *    A       B     ---C---      D       E   F
+        *
+        * A:   'sign' holds this value if present; '\0' otherwise
+        * B:   ox[1] holds the 'x' or 'X'; '\0' if not hexadecimal
+        * C:   cp points to the string MMMNNN.  Leading and trailing
+        *      zeros are not in the string and must be added.
+        * D:   expchar holds this character; '\0' if no exponent, e.g. %f
+        * F:   at least two digits for decimal, at least one digit for hex
+        */
+#ifdef HAVE_NL_LANGINFO
+       const char *decimal_point = NULL;
+#else
+       const char *decimal_point = ".";
+#endif
+       int signflag;           /* true if float is negative */
+       union {                 /* floating point arguments %[aAeEfFgG] */
+               double dbl;
+               long double ldbl;
+       } fparg;
+       int expt;               /* integer value of exponent */
+       char expchar;           /* exponent character: [eEpP\0] */
+       char *dtoaend;          /* pointer to end of converted digits */
+       int expsize;            /* character count for expstr */
+       int lead;               /* sig figs before decimal or group sep */
+       int ndig;               /* actual number of digits returned by dtoa */
+       char expstr[MAXEXPDIG+2];       /* buffer for exponent string: e+ZZZ */
+       char *dtoaresult = NULL;
+#endif
+
+       uintmax_t _umax;        /* integer arguments %[diouxX] */
+       enum { OCT, DEC, HEX } base;    /* base for %[diouxX] conversion */
+       int dprec;              /* a copy of prec if %[diouxX], 0 otherwise */
         int realsz;             /* field size expanded by dprec */
         int size;               /* size of converted field or string */
-       char *xdigs = "";       /* digits for [xX] conversion */
-       char buf[BUF];          /* space for %c, %[diouxX], %[eEfgG] */
-       char ox[2];             /* space for 0x hex-prefix */
+       const char *xdigs = ""; /* digits for %[xX] conversion */
+#define NIOV 8
+       char buf[BUF];          /* buffer with space for digits of uintmax_t */
+       char ox[2];             /* space for 0x; ox[1] is either x, X, or \0 */
         char *str;              /* pointer to string to fill */
         char *estr;             /* pointer to last char in str */
+       union arg *argtable;    /* args, built due to positional arg */
+       union arg statargtable[STATIC_ARG_TBL_SIZE];
+       size_t argtablesiz;
+       int nextarg;            /* 1-based argument index */
+       va_list orgap;          /* original argument pointer */
+#ifdef PRINTF_WIDE_CHAR
+       char *convbuf;          /* buffer for wide to multi-byte conversion */
+#endif
  
         /*
          * Choose PADSIZE to trade efficiency vs. size.  If larger printf
@@ -255,6 +359,9 @@ xxxprintf(char **strp, size_t strsize, int alloc, const char *fmt0, va_list ap)
         static char zeroes[PADSIZE] =
          {'0','0','0','0','0','0','0','0','0','0','0','0','0','0','0','0'};
  
+       static const char xdigs_lower[16] = "0123456789abcdef";
+       static const char xdigs_upper[16] = "0123456789ABCDEF";
+
         /* Print chars to "str", (allocate as needed if alloc is set). */
  #define        PRINT(ptr, len) do { \
         const char *p = ptr; \
@@ -277,7 +384,7 @@ xxxprintf(char **strp, size_t strsize, int alloc, const char *fmt0, va_list ap)
         } \
  } while (0)
  
-       /* BEWARE, PAD uses `n'. */
+       /* BEWARE, PAD uses `n' and PRINTANDPAD uses `n2'. */
  #define        PAD(plen, pstr) do { \
         if ((n = (plen)) > 0) { \
                 while (n > PADSIZE) { \
@@ -287,26 +394,96 @@ xxxprintf(char **strp, size_t strsize, int alloc, const char *fmt0, va_list ap)
                 PRINT(pstr, n); \
         } \
  } while (0)
+#define        PRINTANDPAD(p, ep, len, with) do {      \
+       n2 = (ep) - (p);                        \
+       if (n2 > (len))                         \
+               n2 = (len);                     \
+       if (n2 > 0)                             \
+               PRINT((p), n2);                 \
+       PAD((len) - (n2 > 0 ? n2 : 0), (with)); \
+} while(0)
  
         /*
          * To extend shorts properly, we need both signed and unsigned
          * argument extraction methods.
          */
  #define        SARG() \
-       (flags&LONGINT ? va_arg(ap, long) : \
-           flags&SHORTINT ? (long)(short)va_arg(ap, int) : \
-           (long)va_arg(ap, int))
+       ((intmax_t)(flags&MAXINT ? GETARG(intmax_t) : \
+           flags&LLONGINT ? GETARG(long long) : \
+           flags&LONGINT ? GETARG(long) : \
+           flags&PTRINT ? GETARG(ptrdiff_t) : \
+           flags&SIZEINT ? GETARG(ssize_t) : \
+           flags&SHORTINT ? (short)GETARG(int) : \
+           flags&CHARINT ? (signed char)GETARG(int) : \
+           GETARG(int)))
  #define        UARG() \
-       (flags&LONGINT ? va_arg(ap, unsigned long) : \
-           flags&SHORTINT ? (unsigned long)(unsigned short)va_arg(ap, int) : \
-           (unsigned long)va_arg(ap, unsigned int))
+       ((uintmax_t)(flags&MAXINT ? GETARG(uintmax_t) : \
+           flags&LLONGINT ? GETARG(unsigned long long) : \
+           flags&LONGINT ? GETARG(unsigned long) : \
+           flags&PTRINT ? (uintptr_t)GETARG(ptrdiff_t) : /* XXX */ \
+           flags&SIZEINT ? GETARG(size_t) : \
+           flags&SHORTINT ? (unsigned short)GETARG(int) : \
+           flags&CHARINT ? (unsigned char)GETARG(int) : \
+           GETARG(unsigned int)))
+
+       /*
+        * Append a digit to a value and check for overflow.
+        */
+#define APPEND_DIGIT(val, dig) do { \
+       if ((val) > INT_MAX / 10) \
+               goto overflow; \
+       (val) *= 10; \
+       if ((val) > INT_MAX - to_digit((dig))) \
+               goto overflow; \
+       (val) += to_digit((dig)); \
+} while (0)
+
+        /*
+         * Get * arguments, including the form *nn$.  Preserve the nextarg
+         * that the argument can be gotten once the type is determined.
+         */
+#define GETASTER(val) \
+       n2 = 0; \
+       cp = fmt; \
+       while (is_digit(*cp)) { \
+               APPEND_DIGIT(n2, *cp); \
+               cp++; \
+       } \
+       if (*cp == '$') { \
+               int hold = nextarg; \
+               if (argtable == NULL) { \
+                       argtable = statargtable; \
+                       __find_arguments(fmt0, orgap, &argtable, &argtablesiz); \
+               } \
+               nextarg = n2; \
+               val = GETARG(int); \
+               nextarg = hold; \
+               fmt = ++cp; \
+       } else { \
+               val = GETARG(int); \
+       }
+
+/*
+* Get the argument indexed by nextarg.   If the argument table is
+* built, use it to get the argument.  If its not, get the next
+* argument (and arguments must be gotten sequentially).
+*/
+#define GETARG(type) \
+       ((argtable != NULL) ? *((type*)(&argtable[nextarg++])) : \
+               (nextarg++, va_arg(ap, type)))
  
         fmt = (char *)fmt0;
+       argtable = NULL;
+       nextarg = 1;
+       va_copy(orgap, ap);
         ret = 0;
+#ifdef PRINTF_WIDE_CHAR
+       convbuf = NULL;
+#endif
  
         if (alloc) {
                 strsize = 128;
-               *strp = str = (char *)malloc(strsize);
+               *strp = str = malloc(strsize);
                 if (str == NULL) {
                         ret = -1;
                         goto done;
@@ -327,6 +504,8 @@ xxxprintf(char **strp, size_t strsize, int alloc, const char *fmt0, va_list ap)
                 for (cp = fmt; (ch = *fmt) != '\0' && ch != '%'; fmt++)
                         /* void */;
                 if ((n = fmt - cp) != 0) {
+                       if (n > INT_MAX - ret)
+                               goto overflow;
                         PRINT(cp, n);
                         ret += n;
                 }
@@ -339,6 +518,7 @@ xxxprintf(char **strp, size_t strsize, int alloc, const char *fmt0, va_list ap)
                 width = 0;
                 prec = -1;
                 sign = '\0';
+               ox[1] = '\0';
  
  rflag:         ch = *fmt++;
  reswitch:      switch (ch) {
@@ -354,6 +534,9 @@ reswitch:   switch (ch) {
                 case '#':
                         flags |= ALT;
                         goto rflag;
+               case '\'':
+                       /* grouping not implemented */
+                       goto rflag;
                 case '*':
                         /*
                          * ``A negative field width argument is taken as a
@@ -361,8 +544,11 @@ reswitch:  switch (ch) {
                          *      -- ANSI X3J11
                          * They don't exclude field widths read from args.
                          */
-                       if ((width = va_arg(ap, int)) >= 0)
+                       GETASTER(width);
+                       if (width >= 0)
                                 goto rflag;
+                       if (width == INT_MIN)
+                               goto overflow;
                         width = -width;
                         /* FALLTHROUGH */
                 case '-':
@@ -373,16 +559,25 @@ reswitch: switch (ch) {
                         goto rflag;
                 case '.':
                         if ((ch = *fmt++) == '*') {
-                               n = va_arg(ap, int);
+                               GETASTER(n);
                                 prec = n < 0 ? -1 : n;
                                 goto rflag;
                         }
                         n = 0;
                         while (is_digit(ch)) {
-                               n = 10 * n + to_digit(ch);
+                               APPEND_DIGIT(n, ch);
                                 ch = *fmt++;
                         }
-                       prec = n < 0 ? -1 : n;
+                       if (ch == '$') {
+                               nextarg = n;
+                               if (argtable == NULL) {
+                                       argtable = statargtable;
+                                       __find_arguments(fmt0, orgap,
+                                           &argtable, &argtablesiz);
+                               }
+                               goto rflag;
+                       }
+                       prec = n;
                         goto reswitch;
                 case '0':
                         /*
@@ -396,13 +591,35 @@ reswitch: switch (ch) {
                 case '5': case '6': case '7': case '8': case '9':
                         n = 0;
                         do {
-                               n = 10 * n + to_digit(ch);
+                               APPEND_DIGIT(n, ch);
                                 ch = *fmt++;
                         } while (is_digit(ch));
+                       if (ch == '$') {
+                               nextarg = n;
+                               if (argtable == NULL) {
+                                       argtable = statargtable;
+                                       __find_arguments(fmt0, orgap,
+                                           &argtable, &argtablesiz);
+                               }
+                               goto rflag;
+                       }
                         width = n;
                         goto reswitch;
+#ifdef FLOATING_POINT
+               case 'L':
+                       flags |= LONGDBL;
+                       goto rflag;
+#endif
                 case 'h':
-                       flags |= SHORTINT;
+                       if (*fmt == 'h') {
+                               fmt++;
+                               flags |= CHARINT;
+                       } else {
+                               flags |= SHORTINT;
+                       }
+                       goto rflag;
+               case 'j':
+                       flags |= MAXINT;
                         goto rflag;
                 case 'l':
                         if (*fmt == 'l') {
@@ -412,9 +629,37 @@ reswitch:  switch (ch) {
                                 flags |= LONGINT;
                         }
                         goto rflag;
+               case 'q':
+                       flags |= LLONGINT;
+                       goto rflag;
+               case 't':
+                       flags |= PTRINT;
+                       goto rflag;
+               case 'z':
+                       flags |= SIZEINT;
+                       goto rflag;
                 case 'c':
-                       *(cp = buf) = va_arg(ap, int);
-                       size = 1;
+#ifdef PRINTF_WIDE_CHAR
+                       if (flags & LONGINT) {
+                               mbstate_t mbs;
+                               size_t mbseqlen;
+
+                               memset(&mbs, 0, sizeof(mbs));
+                               mbseqlen = wcrtomb(buf,
+                                   (wchar_t)GETARG(wint_t), &mbs);
+                               if (mbseqlen == (size_t)-1) {
+                                       errno = EILSEQ;
+                                       goto done;
+                               }
+                               cp = buf;
+                               size = (int)mbseqlen;
+                       } else {
+#endif
+                               *(cp = buf) = GETARG(int);
+                               size = 1;
+#ifdef PRINTF_WIDE_CHAR
+                       }
+#endif
                         sign = '\0';
                         break;
                 case 'D':
@@ -422,40 +667,173 @@ reswitch:        switch (ch) {
                         /*FALLTHROUGH*/
                 case 'd':
                 case 'i':
-                       if (flags & LLONGINT) {
-                               ullval = va_arg(ap, long long);
-                               if ((long long)ullval < 0) {
-                                       ullval = -ullval;
-                                       sign = '-';
+                       _umax = SARG();
+                       if ((intmax_t)_umax < 0) {
+                               _umax = -_umax;
+                               sign = '-';
+                       }
+                       base = DEC;
+                       goto number;
+#ifdef FLOATING_POINT
+               case 'a':
+               case 'A':
+                       if (ch == 'a') {
+                               ox[1] = 'x';
+                               xdigs = xdigs_lower;
+                               expchar = 'p';
+                       } else {
+                               ox[1] = 'X';
+                               xdigs = xdigs_upper;
+                               expchar = 'P';
+                       }
+                       if (prec >= 0)
+                               prec++;
+                       if (dtoaresult)
+                               __freedtoa(dtoaresult);
+                       if (flags & LONGDBL) {
+                               fparg.ldbl = GETARG(long double);
+                               dtoaresult = cp =
+                                   __hldtoa(fparg.ldbl, xdigs, prec,
+                                   &expt, &signflag, &dtoaend);
+                               if (dtoaresult == NULL) {
+                                       errno = ENOMEM;
+                                       goto done;
                                 }
                         } else {
-                               ulval = SARG();
-                               if ((long)ulval < 0) {
-                                       ulval = -ulval;
-                                       sign = '-';
+                               fparg.dbl = GETARG(double);
+                               dtoaresult = cp =
+                                   __hdtoa(fparg.dbl, xdigs, prec,
+                                   &expt, &signflag, &dtoaend);
+                               if (dtoaresult == NULL) {
+                                       errno = ENOMEM;
+                                       goto done;
                                 }
                         }
-                       base = 10;
-                       goto number;
+                       if (prec < 0)
+                               prec = dtoaend - cp;
+                       if (expt == INT_MAX)
+                               ox[1] = '\0';
+                       goto fp_common;
+               case 'e':
+               case 'E':
+                       expchar = ch;
+                       if (prec < 0)   /* account for digit before decpt */
+                               prec = DEFPREC + 1;
+                       else
+                               prec++;
+                       goto fp_begin;
+               case 'f':
+               case 'F':
+                       expchar = '\0';
+                       goto fp_begin;
+               case 'g':
+               case 'G':
+                       expchar = ch - ('g' - 'e');
+                       if (prec == 0)
+                               prec = 1;
+fp_begin:
+                       if (prec < 0)
+                               prec = DEFPREC;
+                       if (dtoaresult)
+                               __freedtoa(dtoaresult);
+                       if (flags & LONGDBL) {
+                               fparg.ldbl = GETARG(long double);
+                               dtoaresult = cp =
+                                   __ldtoa(&fparg.ldbl, expchar ? 2 : 3, prec,
+                                   &expt, &signflag, &dtoaend);
+                               if (dtoaresult == NULL) {
+                                       errno = ENOMEM;
+                                       goto done;
+                               }
+                       } else {
+                               fparg.dbl = GETARG(double);
+                               dtoaresult = cp =
+                                   __dtoa(fparg.dbl, expchar ? 2 : 3, prec,
+                                   &expt, &signflag, &dtoaend);
+                               if (dtoaresult == NULL) {
+                                       errno = ENOMEM;
+                                       goto done;
+                               }
+                               if (expt == 9999)
+                                       expt = INT_MAX;
+                       }
+fp_common:
+                       if (signflag)
+                               sign = '-';
+                       if (expt == INT_MAX) {  /* inf or nan */
+                               if (*cp == 'N')
+                                       cp = (ch >= 'a') ? "nan" : "NAN";
+                               else
+                                       cp = (ch >= 'a') ? "inf" : "INF";
+                               size = 3;
+                               flags &= ~ZEROPAD;
+                               break;
+                       }
+                       flags |= FPT;
+                       ndig = dtoaend - cp;
+                       if (ch == 'g' || ch == 'G') {
+                               if (expt > -4 && expt <= prec) {
+                                       /* Make %[gG] smell like %[fF] */
+                                       expchar = '\0';
+                                       if (flags & ALT)
+                                               prec -= expt;
+                                       else
+                                               prec = ndig - expt;
+                                       if (prec < 0)
+                                               prec = 0;
+                               } else {
+                                       /*
+                                        * Make %[gG] smell like %[eE], but
+                                        * trim trailing zeroes if no # flag.
+                                        */
+                                       if (!(flags & ALT))
+                                               prec = ndig;
+                               }
+                       }
+                       if (expchar) {
+                               expsize = exponent(expstr, expt - 1, expchar);
+                               size = expsize + prec;
+                               if (prec > 1 || flags & ALT)
+                                       ++size;
+                       } else {
+                               /* space for digits before decimal point */
+                               if (expt > 0)
+                                       size = expt;
+                               else    /* "0" */
+                                       size = 1;
+                               /* space for decimal pt and following digits */
+                               if (prec || flags & ALT)
+                                       size += prec + 1;
+                               lead = expt;
+                       }
+                       break;
+#endif /* FLOATING_POINT */
+#ifndef NO_PRINTF_PERCENT_N
                 case 'n':
                         if (flags & LLONGINT)
-                               *va_arg(ap, long long *) = ret;
+                               *GETARG(long long *) = ret;
                         else if (flags & LONGINT)
-                               *va_arg(ap, long *) = ret;
+                               *GETARG(long *) = ret;
                         else if (flags & SHORTINT)
-                               *va_arg(ap, short *) = ret;
+                               *GETARG(short *) = ret;
+                       else if (flags & CHARINT)
+                               *GETARG(signed char *) = ret;
+                       else if (flags & PTRINT)
+                               *GETARG(ptrdiff_t *) = ret;
+                       else if (flags & SIZEINT)
+                               *GETARG(ssize_t *) = ret;
+                       else if (flags & MAXINT)
+                               *GETARG(intmax_t *) = ret;
                         else
-                               *va_arg(ap, int *) = ret;
+                               *GETARG(int *) = ret;
                         continue;       /* no output */
+#endif /* NO_PRINTF_PERCENT_N */
                 case 'O':
                         flags |= LONGINT;
                         /*FALLTHROUGH*/
                 case 'o':
-                       if (flags & LLONGINT)
-                               ullval = va_arg(ap, unsigned long long);
-                       else
-                               ulval = UARG();
-                       base = 8;
+                       _umax = UARG();
+                       base = OCT;
                         goto nosign;
                 case 'p':
                         /*
@@ -465,14 +843,32 @@ reswitch: switch (ch) {
                          * defined manner.''
                          *      -- ANSI X3J11
                          */
-                       ulval = (unsigned long)va_arg(ap, void *);
-                       base = 16;
-                       xdigs = "0123456789abcdef";
-                       flags = (flags & ~LLONGINT) | HEXPREFIX;
-                       ch = 'x';
+                       /* NOSTRICT */
+                       _umax = (u_long)GETARG(void *);
+                       base = HEX;
+                       xdigs = xdigs_lower;
+                       ox[1] = 'x';
                         goto nosign;
                 case 's':
-                       if ((cp = va_arg(ap, char *)) == NULL)
+#ifdef PRINTF_WIDE_CHAR
+                       if (flags & LONGINT) {
+                               wchar_t *wcp;
+
+                               if (convbuf != NULL) {
+                                       free(convbuf);
+                                       convbuf = NULL;
+                               }
+                               if ((wcp = GETARG(wchar_t *)) == NULL) {
+                                       cp = "(null)";
+                               } else {
+                                       convbuf = __wcsconv(wcp, prec);
+                                       if (convbuf == NULL)
+                                               goto done;
+                                       cp = convbuf;
+                               }
+                       } else
+#endif /* PRINTF_WIDE_CHAR */
+                       if ((cp = GETARG(char *)) == NULL)
                                 cp = "(null)";
                         if (prec >= 0) {
                                 /*
@@ -482,41 +878,33 @@ reswitch: switch (ch) {
                                  */
                                 char *p = memchr(cp, 0, prec);
  
-                               if (p != NULL) {
-                                       size = p - cp;
-                                       if (size > prec)
-                                               size = prec;
-                               } else
-                                       size = prec;
-                       } else
-                               size = strlen(cp);
+                               size = p ? (p - cp) : prec;
+                       } else {
+                               size_t len;
+
+                               if ((len = strlen(cp)) > INT_MAX)
+                                       goto overflow;
+                               size = (int)len;
+                       }
                         sign = '\0';
                         break;
                 case 'U':
                         flags |= LONGINT;
                         /*FALLTHROUGH*/
                 case 'u':
-                       if (flags & LLONGINT)
-                               ullval = va_arg(ap, unsigned long long);
-                       else
-                               ulval = UARG();
-                       base = 10;
+                       _umax = UARG();
+                       base = DEC;
                         goto nosign;
                 case 'X':
-                       xdigs = "0123456789ABCDEF";
+                       xdigs = xdigs_upper;
                         goto hex;
                 case 'x':
-                       xdigs = "0123456789abcdef";
-hex:
-                       if (flags & LLONGINT)
-                               ullval = va_arg(ap, unsigned long long);
-                       else
-                               ulval = UARG();
-                       base = 16;
+                       xdigs = xdigs_lower;
+hex:                   _umax = UARG();
+                       base = HEX;
                         /* leading 0x/X only if non-zero */
-                       if (flags & ALT &&
-                           (flags & LLONGINT ? ullval != 0 : ulval != 0))
-                               flags |= HEXPREFIX;
+                       if (flags & ALT && _umax != 0)
+                               ox[1] = ch;
  
                         /* unsigned conversions */
  nosign:                        sign = '\0';
@@ -534,16 +922,49 @@ number:                   if ((dprec = prec) >= 0)
                          *      -- ANSI X3J11
                          */
                         cp = buf + BUF;
-                       if (flags & LLONGINT) {
-                               if (ullval != 0 || prec != 0)
-                                       cp = __ulltoa(ullval, cp, base,
-                                           flags & ALT, xdigs);
-                       } else {
-                               if (ulval != 0 || prec != 0)
-                                       cp = __ultoa(ulval, cp, base,
-                                           flags & ALT, xdigs);
+                       if (_umax != 0 || prec != 0) {
+                               /*
+                                * Unsigned mod is hard, and unsigned mod
+                                * by a constant is easier than that by
+                                * a variable; hence this switch.
+                                */
+                               switch (base) {
+                               case OCT:
+                                       do {
+                                               *--cp = to_char(_umax & 7);
+                                               _umax >>= 3;
+                                       } while (_umax);
+                                       /* handle octal leading 0 */
+                                       if (flags & ALT && *cp != '0')
+                                               *--cp = '0';
+                                       break;
+
+                               case DEC:
+                                       /* many numbers are 1 digit */
+                                       while (_umax >= 10) {
+                                               *--cp = to_char(_umax % 10);
+                                               _umax /= 10;
+                                       }
+                                       *--cp = to_char(_umax);
+                                       break;
+
+                               case HEX:
+                                       do {
+                                               *--cp = xdigs[_umax & 15];
+                                               _umax >>= 4;
+                                       } while (_umax);
+                                       break;
+
+                               default:
+                                       cp = "bug in vfprintf: bad base";
+                                       size = strlen(cp);
+                                       goto skipsize;
+                               }
                         }
                         size = buf + BUF - cp;
+                       if (size > BUF) /* should never happen */
+                               abort();
+               skipsize:
                         break;
                 default:        /* "%?" prints ?, unless ? is NUL */
                         if (ch == '\0')
@@ -563,30 +984,28 @@ number:                   if ((dprec = prec) >= 0)
                  * first be prefixed by any sign or other prefix; otherwise,
                  * it should be blank padded before the prefix is emitted.
                  * After any left-hand padding and prefixing, emit zeroes
-                * required by a decimal [diouxX] precision, then print the
+                * required by a decimal %[diouxX] precision, then print the
                  * string proper, then emit zeroes required by any leftover
                  * floating precision; finally, if LADJUST, pad with blanks.
                  *
                  * Compute actual size, so we know how much to pad.
-                * fieldsz excludes decimal prec; realsz includes it.
+                * size excludes decimal prec; realsz includes it.
                  */
-               fieldsz = size;
+               realsz = dprec > size ? dprec : size;
                 if (sign)
-                       fieldsz++;
-               else if (flags & HEXPREFIX)
-                       fieldsz += 2;
-               realsz = dprec > fieldsz ? dprec : fieldsz;
+                       realsz++;
+               if (ox[1])
+                       realsz+= 2;
  
                 /* right-adjusting blank padding */
                 if ((flags & (LADJUST|ZEROPAD)) == 0)
                         PAD(width - realsz, blanks);
  
                 /* prefix */
-               if (sign) {
+               if (sign)
                         PRINT(&sign, 1);
-               } else if (flags & HEXPREFIX) {
+               if (ox[1]) {    /* ox[1] is either x, X, or \0 */
                         ox[0] = '0';
-                       ox[1] = ch;
                         PRINT(ox, 2);
                 }
  
@@ -595,25 +1014,531 @@ number:                 if ((dprec = prec) >= 0)
                         PAD(width - realsz, zeroes);
  
                 /* leading zeroes from decimal precision */
-               PAD(dprec - fieldsz, zeroes);
+               PAD(dprec - size, zeroes);
  
                 /* the string or number proper */
+#ifdef FLOATING_POINT
+               if ((flags & FPT) == 0) {
+                       PRINT(cp, size);
+               } else {        /* glue together f_p fragments */
+#ifdef HAVE_NL_LANGINFO
+                       if (decimal_point == NULL)
+                               decimal_point = nl_langinfo(RADIXCHAR);
+#endif
+                       if (!expchar) { /* %[fF] or sufficiently short %[gG] */
+                               if (expt <= 0) {
+                                       PRINT(zeroes, 1);
+                                       if (prec || flags & ALT)
+                                               PRINT(decimal_point, 1);
+                                       PAD(-expt, zeroes);
+                                       /* already handled initial 0's */
+                                       prec += expt;
+                               } else {
+                                       PRINTANDPAD(cp, dtoaend, lead, zeroes);
+                                       cp += lead;
+                                       if (prec || flags & ALT)
+                                               PRINT(decimal_point, 1);
+                               }
+                               PRINTANDPAD(cp, dtoaend, prec, zeroes);
+                       } else {        /* %[eE] or sufficiently long %[gG] */
+                               if (prec > 1 || flags & ALT) {
+                                       buf[0] = *cp++;
+                                       buf[1] = *decimal_point;
+                                       PRINT(buf, 2);
+                                       PRINT(cp, ndig-1);
+                                       PAD(prec - ndig, zeroes);
+                               } else { /* XeYYY */
+                                       PRINT(cp, 1);
+                               }
+                               PRINT(expstr, expsize);
+                       }
+               }
+#else
                 PRINT(cp, size);
-
+#endif
                 /* left-adjusting padding (always blank) */
                 if (flags & LADJUST)
                         PAD(width - realsz, blanks);
  
                 /* finally, adjust ret */
-               ret += width > realsz ? width : realsz;
+               if (width < realsz)
+                       width = realsz;
+               if (width > INT_MAX - ret)
+                       goto overflow;
+               ret += width;
         }
  done:
+       va_end(orgap);
         if (strsize)
                 *str = '\0';
+       goto finish;
+
+overflow:
+       errno = ENOMEM;
+       ret = -1;
+
+finish:
+#ifdef PRINTF_WIDE_CHAR
+       if (convbuf)
+               free(convbuf);
+#endif
+#ifdef FLOATING_POINT
+       if (dtoaresult)
+               __freedtoa(dtoaresult);
+#endif
+       if (argtable != NULL && argtable != statargtable) {
+               mmap_free(argtable, argtablesiz);
+               argtable = NULL;
+       }
+       return ret;
+}
+
+/*
+ * Type ids for argument type table.
+ */
+#define T_UNUSED       0
+#define T_SHORT                1
+#define T_U_SHORT      2
+#define TP_SHORT       3
+#define T_INT          4
+#define T_U_INT                5
+#define TP_INT         6
+#define T_LONG         7
+#define T_U_LONG       8
+#define TP_LONG                9
+#define T_LLONG                10
+#define T_U_LLONG      11
+#define TP_LLONG       12
+#define T_DOUBLE       13
+#define T_LONG_DOUBLE  14
+#define TP_CHAR                15
+#define TP_VOID                16
+#define T_PTRINT       17
+#define TP_PTRINT      18
+#define T_SIZEINT      19
+#define T_SSIZEINT     20
+#define TP_SSIZEINT    21
+#define T_MAXINT       22
+#define T_MAXUINT      23
+#define TP_MAXINT      24
+#define T_CHAR         25
+#define T_U_CHAR       26
+#define T_WINT         27
+#define TP_WCHAR       28
+
+/*
+ * Find all arguments when a positional parameter is encountered.  Returns a
+ * table, indexed by argument number, of pointers to each arguments.  The
+ * initial argument table should be an array of STATIC_ARG_TBL_SIZE entries.
+ * It will be replaced with a mmap-ed one if it overflows (malloc cannot be
+ * used since we are attempting to make snprintf thread safe, and alloca is
+ * problematic since we have nested functions..)
+ */
+static int
+__find_arguments(const char *fmt0, va_list ap, union arg **argtable,
+    size_t *argtablesiz)
+{
+       char *fmt;              /* format string */
+       int ch;                 /* character from fmt */
+       int n, n2;              /* handy integer (short term usage) */
+       char *cp;               /* handy char pointer (short term usage) */
+       int flags;              /* flags as above */
+       unsigned char *typetable; /* table of types */
+       unsigned char stattypetable[STATIC_ARG_TBL_SIZE];
+       int tablesize;          /* current size of type table */
+       int tablemax;           /* largest used index in table */
+       int nextarg;            /* 1-based argument index */
+       int ret = 0;            /* return value */
+
+       /*
+        * Add an argument type to the table, expanding if necessary.
+        */
+#define ADDTYPE(type) \
+       ((nextarg >= tablesize) ? \
+               __grow_type_table(&typetable, &tablesize) : 0, \
+       (nextarg > tablemax) ? tablemax = nextarg : 0, \
+       typetable[nextarg++] = type)
+
+#define        ADDSARG() \
+        ((flags&MAXINT) ? ADDTYPE(T_MAXINT) : \
+           ((flags&PTRINT) ? ADDTYPE(T_PTRINT) : \
+           ((flags&SIZEINT) ? ADDTYPE(T_SSIZEINT) : \
+           ((flags&LLONGINT) ? ADDTYPE(T_LLONG) : \
+           ((flags&LONGINT) ? ADDTYPE(T_LONG) : \
+           ((flags&SHORTINT) ? ADDTYPE(T_SHORT) : \
+           ((flags&CHARINT) ? ADDTYPE(T_CHAR) : ADDTYPE(T_INT))))))))
+
+#define        ADDUARG() \
+        ((flags&MAXINT) ? ADDTYPE(T_MAXUINT) : \
+           ((flags&PTRINT) ? ADDTYPE(T_PTRINT) : \
+           ((flags&SIZEINT) ? ADDTYPE(T_SIZEINT) : \
+           ((flags&LLONGINT) ? ADDTYPE(T_U_LLONG) : \
+           ((flags&LONGINT) ? ADDTYPE(T_U_LONG) : \
+           ((flags&SHORTINT) ? ADDTYPE(T_U_SHORT) : \
+           ((flags&CHARINT) ? ADDTYPE(T_U_CHAR) : ADDTYPE(T_U_INT))))))))
+
+       /*
+        * Add * arguments to the type array.
+        */
+#define ADDASTER() \
+       n2 = 0; \
+       cp = fmt; \
+       while (is_digit(*cp)) { \
+               APPEND_DIGIT(n2, *cp); \
+               cp++; \
+       } \
+       if (*cp == '$') { \
+               int hold = nextarg; \
+               nextarg = n2; \
+               ADDTYPE(T_INT); \
+               nextarg = hold; \
+               fmt = ++cp; \
+       } else { \
+               ADDTYPE(T_INT); \
+       }
+       fmt = (char *)fmt0;
+       typetable = stattypetable;
+       tablesize = STATIC_ARG_TBL_SIZE;
+       tablemax = 0;
+       nextarg = 1;
+       memset(typetable, T_UNUSED, STATIC_ARG_TBL_SIZE);
+
+       /*
+        * Scan the format for conversions (`%' character).
+        */
+       for (;;) {
+               for (cp = fmt; (ch = *fmt) != '\0' && ch != '%'; fmt++)
+                       /* void */;
+               fmt++;          /* skip over '%' */
+
+               flags = 0;
+
+rflag:         ch = *fmt++;
+reswitch:      switch (ch) {
+               case ' ':
+               case '#':
+               case '\'':
+                       goto rflag;
+               case '*':
+                       ADDASTER();
+                       goto rflag;
+               case '-':
+               case '+':
+                       goto rflag;
+               case '.':
+                       if ((ch = *fmt++) == '*') {
+                               ADDASTER();
+                               goto rflag;
+                       }
+                       while (is_digit(ch)) {
+                               ch = *fmt++;
+                       }
+                       goto reswitch;
+               case '0':
+                       goto rflag;
+               case '1': case '2': case '3': case '4':
+               case '5': case '6': case '7': case '8': case '9':
+                       n = 0;
+                       do {
+                               APPEND_DIGIT(n ,ch);
+                               ch = *fmt++;
+                       } while (is_digit(ch));
+                       if (ch == '$') {
+                               nextarg = n;
+                               goto rflag;
+                       }
+                       goto reswitch;
+#ifdef FLOATING_POINT
+               case 'L':
+                       flags |= LONGDBL;
+                       goto rflag;
+#endif
+               case 'h':
+                       if (*fmt == 'h') {
+                               fmt++;
+                               flags |= CHARINT;
+                       } else {
+                               flags |= SHORTINT;
+                       }
+                       goto rflag;
+               case 'j':
+                       flags |= MAXINT;
+                       goto rflag;
+               case 'l':
+                       if (*fmt == 'l') {
+                               fmt++;
+                               flags |= LLONGINT;
+                       } else {
+                               flags |= LONGINT;
+                       }
+                       goto rflag;
+               case 'q':
+                       flags |= LLONGINT;
+                       goto rflag;
+               case 't':
+                       flags |= PTRINT;
+                       goto rflag;
+               case 'z':
+                       flags |= SIZEINT;
+                       goto rflag;
+               case 'c':
+#ifdef PRINTF_WIDE_CHAR
+                       if (flags & LONGINT)
+                               ADDTYPE(T_WINT);
+                       else
+#endif
+                               ADDTYPE(T_INT);
+                       break;
+               case 'D':
+                       flags |= LONGINT;
+                       /*FALLTHROUGH*/
+               case 'd':
+               case 'i':
+                       ADDSARG();
+                       break;
+#ifdef FLOATING_POINT
+               case 'a':
+               case 'A':
+               case 'e':
+               case 'E':
+               case 'f':
+               case 'F':
+               case 'g':
+               case 'G':
+                       if (flags & LONGDBL)
+                               ADDTYPE(T_LONG_DOUBLE);
+                       else
+                               ADDTYPE(T_DOUBLE);
+                       break;
+#endif /* FLOATING_POINT */
+#ifndef NO_PRINTF_PERCENT_N
+               case 'n':
+                       if (flags & LLONGINT)
+                               ADDTYPE(TP_LLONG);
+                       else if (flags & LONGINT)
+                               ADDTYPE(TP_LONG);
+                       else if (flags & SHORTINT)
+                               ADDTYPE(TP_SHORT);
+                       else if (flags & PTRINT)
+                               ADDTYPE(TP_PTRINT);
+                       else if (flags & SIZEINT)
+                               ADDTYPE(TP_SSIZEINT);
+                       else if (flags & MAXINT)
+                               ADDTYPE(TP_MAXINT);
+                       else
+                               ADDTYPE(TP_INT);
+                       continue;       /* no output */
+#endif /* NO_PRINTF_PERCENT_N */
+               case 'O':
+                       flags |= LONGINT;
+                       /*FALLTHROUGH*/
+               case 'o':
+                       ADDUARG();
+                       break;
+               case 'p':
+                       ADDTYPE(TP_VOID);
+                       break;
+               case 's':
+#ifdef PRINTF_WIDE_CHAR
+                       if (flags & LONGINT)
+                               ADDTYPE(TP_WCHAR);
+                       else
+#endif
+                               ADDTYPE(TP_CHAR);
+                       break;
+               case 'U':
+                       flags |= LONGINT;
+                       /*FALLTHROUGH*/
+               case 'u':
+               case 'X':
+               case 'x':
+                       ADDUARG();
+                       break;
+               default:        /* "%?" prints ?, unless ? is NUL */
+                       if (ch == '\0')
+                               goto done;
+                       break;
+               }
+       }
+done:
+       /*
+        * Build the argument table.
+        */
+       if (tablemax >= STATIC_ARG_TBL_SIZE) {
+               *argtablesiz = sizeof(union arg) * (tablemax + 1);
+               *argtable = mmap_alloc(*argtablesiz);
+               if (*argtable == NULL)
+                       return -1;
+       }
+
+       for (n = 1; n <= tablemax; n++) {
+               switch (typetable[n]) {
+               case T_UNUSED:
+               case T_CHAR:
+               case T_U_CHAR:
+               case T_SHORT:
+               case T_U_SHORT:
+               case T_INT:
+                       (*argtable)[n].intarg = va_arg(ap, int);
+                       break;
+               case TP_SHORT:
+                       (*argtable)[n].pshortarg = va_arg(ap, short *);
+                       break;
+               case T_U_INT:
+                       (*argtable)[n].uintarg = va_arg(ap, unsigned int);
+                       break;
+               case TP_INT:
+                       (*argtable)[n].pintarg = va_arg(ap, int *);
+                       break;
+               case T_LONG:
+                       (*argtable)[n].longarg = va_arg(ap, long);
+                       break;
+               case T_U_LONG:
+                       (*argtable)[n].ulongarg = va_arg(ap, unsigned long);
+                       break;
+               case TP_LONG:
+                       (*argtable)[n].plongarg = va_arg(ap, long *);
+                       break;
+               case T_LLONG:
+                       (*argtable)[n].longlongarg = va_arg(ap, long long);
+                       break;
+               case T_U_LLONG:
+                       (*argtable)[n].ulonglongarg = va_arg(ap, unsigned long long);
+                       break;
+               case TP_LLONG:
+                       (*argtable)[n].plonglongarg = va_arg(ap, long long *);
+                       break;
+#ifdef FLOATING_POINT
+               case T_DOUBLE:
+                       (*argtable)[n].doublearg = va_arg(ap, double);
+                       break;
+               case T_LONG_DOUBLE:
+                       (*argtable)[n].longdoublearg = va_arg(ap, long double);
+                       break;
+#endif
+               case TP_CHAR:
+                       (*argtable)[n].pchararg = va_arg(ap, char *);
+                       break;
+               case TP_VOID:
+                       (*argtable)[n].pvoidarg = va_arg(ap, void *);
+                       break;
+               case T_PTRINT:
+                       (*argtable)[n].ptrdiffarg = va_arg(ap, ptrdiff_t);
+                       break;
+               case TP_PTRINT:
+                       (*argtable)[n].pptrdiffarg = va_arg(ap, ptrdiff_t *);
+                       break;
+               case T_SIZEINT:
+                       (*argtable)[n].sizearg = va_arg(ap, size_t);
+                       break;
+               case T_SSIZEINT:
+                       (*argtable)[n].ssizearg = va_arg(ap, ssize_t);
+                       break;
+               case TP_SSIZEINT:
+                       (*argtable)[n].pssizearg = va_arg(ap, ssize_t *);
+                       break;
+               case T_MAXINT:
+                       (*argtable)[n].intmaxarg = va_arg(ap, intmax_t);
+                       break;
+               case T_MAXUINT:
+                       (*argtable)[n].uintmaxarg = va_arg(ap, uintmax_t);
+                       break;
+               case TP_MAXINT:
+                       (*argtable)[n].pintmaxarg = va_arg(ap, intmax_t *);
+                       break;
+#ifdef PRINTF_WIDE_CHAR
+               case T_WINT:
+                       (*argtable)[n].wintarg = va_arg(ap, wint_t);
+                       break;
+               case TP_WCHAR:
+                       (*argtable)[n].pwchararg = va_arg(ap, wchar_t *);
+                       break;
+#endif
+               }
+       }
+       goto finish;
+
+overflow:
+       errno = ENOMEM;
+       ret = -1;
+
+finish:
+       if (typetable != NULL && typetable != stattypetable) {
+               mmap_free(typetable, *argtablesiz);
+               typetable = NULL;
+       }
         return ret;
-       /* NOTREACHED */
  }
  
+/*
+ * Increase the size of the type table.
+ */
+static int
+__grow_type_table(unsigned char **typetable, int *tablesize)
+{
+       unsigned char *oldtable = *typetable;
+       int newsize = *tablesize * 2;
+
+       if (newsize < sysconf(_SC_PAGESIZE))
+               newsize = sysconf(_SC_PAGESIZE);
+
+       if (*tablesize == STATIC_ARG_TBL_SIZE) {
+               *typetable = mmap_alloc(newsize);
+               if (*typetable == NULL)
+                       return -1;
+               memcpy(*typetable, oldtable, *tablesize);
+       } else {
+               unsigned char *new = mmap_alloc(newsize);
+               if (new == NULL)
+                       return -1;
+               memmove(new, *typetable, *tablesize);
+               mmap_free(*typetable, *tablesize);
+               *typetable = new;
+       }
+       memset(*typetable + *tablesize, T_UNUSED, (newsize - *tablesize));
+
+       *tablesize = newsize;
+       return 0;
+}
+
+ 
+#ifdef FLOATING_POINT
+static int
+exponent(char *p0, int exp, int fmtch)
+{
+       char *p, *t;
+       char expbuf[MAXEXPDIG];
+
+       p = p0;
+       *p++ = fmtch;
+       if (exp < 0) {
+               exp = -exp;
+               *p++ = '-';
+       } else
+               *p++ = '+';
+       t = expbuf + MAXEXPDIG;
+       if (exp > 9) {
+               do {
+                       *--t = to_char(exp % 10);
+               } while ((exp /= 10) > 9);
+               *--t = to_char(exp);
+               for (; t < expbuf + MAXEXPDIG; *p++ = *t++)
+                       /* nothing */;
+       } else {
+               /*
+                * Exponents for decimal floating point conversions
+                * (%[eEgG]) must be at least two characters long,
+                * whereas exponents for hexadecimal conversions can
+                * be only one character long.
+                */
+               if (fmtch == 'e' || fmtch == 'E')
+                       *p++ = '0';
+               *p++ = to_char(exp);
+       }
+       return p - p0;
+}
+#endif /* FLOATING_POINT */
+
  #if !defined(HAVE_VSNPRINTF) || defined(PREFER_PORTABLE_SNPRINTF)
  int
  sudo_vsnprintf(char *str, size_t n, const char *fmt, va_list ap)
author	Todd C. Miller <Todd.Miller@courtesan.com>
	Sat, 21 Feb 2015 23:52:14 +0000 (16:52 -0700)
committer	Todd C. Miller <Todd.Miller@courtesan.com>
	Sat, 21 Feb 2015 23:52:14 +0000 (16:52 -0700)
config.h.in		patch \| blob \| history
configure		patch \| blob \| history
configure.ac		patch \| blob \| history
lib/util/snprintf.c		patch \| blob \| history