xref: /openbmc/qemu/util/cutils.c (revision ebca80bb)
1 /*
2  * Simple C functions to supplement the C library
3  *
4  * Copyright (c) 2006 Fabrice Bellard
5  *
6  * Permission is hereby granted, free of charge, to any person obtaining a copy
7  * of this software and associated documentation files (the "Software"), to deal
8  * in the Software without restriction, including without limitation the rights
9  * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10  * copies of the Software, and to permit persons to whom the Software is
11  * furnished to do so, subject to the following conditions:
12  *
13  * The above copyright notice and this permission notice shall be included in
14  * all copies or substantial portions of the Software.
15  *
16  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19  * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
22  * THE SOFTWARE.
23  */
24 
25 #include "qemu/osdep.h"
26 #include "qemu/host-utils.h"
27 #include <math.h>
28 
29 #ifdef __FreeBSD__
30 #include <sys/sysctl.h>
31 #include <sys/user.h>
32 #endif
33 
34 #ifdef __NetBSD__
35 #include <sys/sysctl.h>
36 #endif
37 
38 #ifdef __HAIKU__
39 #include <kernel/image.h>
40 #endif
41 
42 #ifdef __APPLE__
43 #include <mach-o/dyld.h>
44 #endif
45 
46 #ifdef G_OS_WIN32
47 #include <pathcch.h>
48 #include <wchar.h>
49 #endif
50 
51 #include "qemu/ctype.h"
52 #include "qemu/cutils.h"
53 #include "qemu/error-report.h"
54 
55 void strpadcpy(char *buf, int buf_size, const char *str, char pad)
56 {
57     int len = qemu_strnlen(str, buf_size);
58     memcpy(buf, str, len);
59     memset(buf + len, pad, buf_size - len);
60 }
61 
62 void pstrcpy(char *buf, int buf_size, const char *str)
63 {
64     int c;
65     char *q = buf;
66 
67     if (buf_size <= 0)
68         return;
69 
70     for(;;) {
71         c = *str++;
72         if (c == 0 || q >= buf + buf_size - 1)
73             break;
74         *q++ = c;
75     }
76     *q = '\0';
77 }
78 
79 /* strcat and truncate. */
80 char *pstrcat(char *buf, int buf_size, const char *s)
81 {
82     int len;
83     len = strlen(buf);
84     if (len < buf_size)
85         pstrcpy(buf + len, buf_size - len, s);
86     return buf;
87 }
88 
89 int strstart(const char *str, const char *val, const char **ptr)
90 {
91     const char *p, *q;
92     p = str;
93     q = val;
94     while (*q != '\0') {
95         if (*p != *q)
96             return 0;
97         p++;
98         q++;
99     }
100     if (ptr)
101         *ptr = p;
102     return 1;
103 }
104 
105 int stristart(const char *str, const char *val, const char **ptr)
106 {
107     const char *p, *q;
108     p = str;
109     q = val;
110     while (*q != '\0') {
111         if (qemu_toupper(*p) != qemu_toupper(*q))
112             return 0;
113         p++;
114         q++;
115     }
116     if (ptr)
117         *ptr = p;
118     return 1;
119 }
120 
121 /* XXX: use host strnlen if available ? */
122 int qemu_strnlen(const char *s, int max_len)
123 {
124     int i;
125 
126     for(i = 0; i < max_len; i++) {
127         if (s[i] == '\0') {
128             break;
129         }
130     }
131     return i;
132 }
133 
134 char *qemu_strsep(char **input, const char *delim)
135 {
136     char *result = *input;
137     if (result != NULL) {
138         char *p;
139 
140         for (p = result; *p != '\0'; p++) {
141             if (strchr(delim, *p)) {
142                 break;
143             }
144         }
145         if (*p == '\0') {
146             *input = NULL;
147         } else {
148             *p = '\0';
149             *input = p + 1;
150         }
151     }
152     return result;
153 }
154 
155 time_t mktimegm(struct tm *tm)
156 {
157     time_t t;
158     int y = tm->tm_year + 1900, m = tm->tm_mon + 1, d = tm->tm_mday;
159     if (m < 3) {
160         m += 12;
161         y--;
162     }
163     t = 86400ULL * (d + (153 * m - 457) / 5 + 365 * y + y / 4 - y / 100 +
164                  y / 400 - 719469);
165     t += 3600 * tm->tm_hour + 60 * tm->tm_min + tm->tm_sec;
166     return t;
167 }
168 
169 static int64_t suffix_mul(char suffix, int64_t unit)
170 {
171     switch (qemu_toupper(suffix)) {
172     case 'B':
173         return 1;
174     case 'K':
175         return unit;
176     case 'M':
177         return unit * unit;
178     case 'G':
179         return unit * unit * unit;
180     case 'T':
181         return unit * unit * unit * unit;
182     case 'P':
183         return unit * unit * unit * unit * unit;
184     case 'E':
185         return unit * unit * unit * unit * unit * unit;
186     }
187     return -1;
188 }
189 
190 /*
191  * Convert size string to bytes.
192  *
193  * The size parsing supports the following syntaxes
194  * - 12345 - decimal, scale determined by @default_suffix and @unit
195  * - 12345{bBkKmMgGtTpPeE} - decimal, scale determined by suffix and @unit
196  * - 12345.678{kKmMgGtTpPeE} - decimal, scale determined by suffix, and
197  *   fractional portion is truncated to byte, either side of . may be empty
198  * - 0x7fEE - hexadecimal, unit determined by @default_suffix
199  *
200  * The following are intentionally not supported
201  * - hex with scaling suffix, such as 0x20M or 0x1p3 (both fail with
202  *   -EINVAL), while 0x1b is 27 (not 1 with byte scale)
203  * - octal, such as 08 (parsed as decimal instead)
204  * - binary, such as 0b1000 (parsed as 0b with trailing garbage "1000")
205  * - fractional hex, such as 0x1.8 (parsed as 0 with trailing garbage "x1.8")
206  * - negative values, including -0 (fail with -ERANGE)
207  * - floating point exponents, such as 1e3 (parsed as 1e with trailing
208  *   garbage "3") or 0x1p3 (rejected as hex with scaling suffix)
209  * - non-finite values, such as inf or NaN (fail with -EINVAL)
210  *
211  * The end pointer will be returned in *end, if not NULL.  If there is
212  * no fraction, the input can be decimal or hexadecimal; if there is a
213  * non-zero fraction, then the input must be decimal and there must be
214  * a suffix (possibly by @default_suffix) larger than Byte, and the
215  * fractional portion may suffer from precision loss or rounding.  The
216  * input must be positive.
217  *
218  * Return -ERANGE on overflow (with *@end advanced), and -EINVAL on
219  * other error (with *@end at @nptr).  Unlike strtoull, *@result is
220  * set to 0 on all errors, as returning UINT64_MAX on overflow is less
221  * likely to be usable as a size.
222  */
223 static int do_strtosz(const char *nptr, const char **end,
224                       const char default_suffix, int64_t unit,
225                       uint64_t *result)
226 {
227     int retval;
228     const char *endptr;
229     unsigned char c;
230     uint64_t val = 0, valf = 0;
231     int64_t mul;
232 
233     /* Parse integral portion as decimal. */
234     retval = parse_uint(nptr, &endptr, 10, &val);
235     if (retval == -ERANGE || !nptr) {
236         goto out;
237     }
238     if (retval == 0 && val == 0 && (*endptr == 'x' || *endptr == 'X')) {
239         /* Input looks like hex; reparse, and insist on no fraction or suffix. */
240         retval = qemu_strtou64(nptr, &endptr, 16, &val);
241         if (retval) {
242             goto out;
243         }
244         if (*endptr == '.' || suffix_mul(*endptr, unit) > 0) {
245             endptr = nptr;
246             retval = -EINVAL;
247             goto out;
248         }
249     } else if (*endptr == '.' || (endptr == nptr && strchr(nptr, '.'))) {
250         /*
251          * Input looks like a fraction.  Make sure even 1.k works
252          * without fractional digits.  strtod tries to treat 'e' as an
253          * exponent, but we want to treat it as a scaling suffix;
254          * doing this requires modifying a copy of the fraction.
255          */
256         double fraction = 0.0;
257 
258         if (retval == 0 && *endptr == '.' && !isdigit(endptr[1])) {
259             /* If we got here, we parsed at least one digit already. */
260             endptr++;
261         } else {
262             char *e;
263             const char *tail;
264             g_autofree char *copy = g_strdup(endptr);
265 
266             e = strchr(copy, 'e');
267             if (e) {
268                 *e = '\0';
269             }
270             e = strchr(copy, 'E');
271             if (e) {
272                 *e = '\0';
273             }
274             /*
275              * If this is a floating point, we are guaranteed that '.'
276              * appears before any possible digits in copy.  If it is
277              * not a floating point, strtod will fail.  Either way,
278              * there is now no exponent in copy, so if it parses, we
279              * know 0.0 <= abs(result) <= 1.0 (after rounding), and
280              * ERANGE is only possible on underflow which is okay.
281              */
282             retval = qemu_strtod_finite(copy, &tail, &fraction);
283             endptr += tail - copy;
284             if (signbit(fraction)) {
285                 retval = -ERANGE;
286                 goto out;
287             }
288         }
289 
290         /* Extract into a 64-bit fixed-point fraction. */
291         if (fraction == 1.0) {
292             if (val == UINT64_MAX) {
293                 retval = -ERANGE;
294                 goto out;
295             }
296             val++;
297         } else if (retval == -ERANGE) {
298             /* See comments above about underflow */
299             valf = 1;
300             retval = 0;
301         } else {
302             /* We want non-zero valf for any non-zero fraction */
303             valf = (uint64_t)(fraction * 0x1p64);
304             if (valf == 0 && fraction > 0.0) {
305                 valf = 1;
306             }
307         }
308     }
309     if (retval) {
310         goto out;
311     }
312     c = *endptr;
313     mul = suffix_mul(c, unit);
314     if (mul > 0) {
315         endptr++;
316     } else {
317         mul = suffix_mul(default_suffix, unit);
318         assert(mul > 0);
319     }
320     if (mul == 1) {
321         /* When a fraction is present, a scale is required. */
322         if (valf != 0) {
323             endptr = nptr;
324             retval = -EINVAL;
325             goto out;
326         }
327     } else {
328         uint64_t valh, tmp;
329 
330         /* Compute exact result: 64.64 x 64.0 -> 128.64 fixed point */
331         mulu64(&val, &valh, val, mul);
332         mulu64(&valf, &tmp, valf, mul);
333         val += tmp;
334         valh += val < tmp;
335 
336         /* Round 0.5 upward. */
337         tmp = valf >> 63;
338         val += tmp;
339         valh += val < tmp;
340 
341         /* Report overflow. */
342         if (valh != 0) {
343             retval = -ERANGE;
344             goto out;
345         }
346     }
347 
348     retval = 0;
349 
350 out:
351     if (end) {
352         *end = endptr;
353     } else if (nptr && *endptr) {
354         retval = -EINVAL;
355     }
356     if (retval == 0) {
357         *result = val;
358     } else {
359         *result = 0;
360         if (end && retval == -EINVAL) {
361             *end = nptr;
362         }
363     }
364 
365     return retval;
366 }
367 
368 int qemu_strtosz(const char *nptr, const char **end, uint64_t *result)
369 {
370     return do_strtosz(nptr, end, 'B', 1024, result);
371 }
372 
373 int qemu_strtosz_MiB(const char *nptr, const char **end, uint64_t *result)
374 {
375     return do_strtosz(nptr, end, 'M', 1024, result);
376 }
377 
378 int qemu_strtosz_metric(const char *nptr, const char **end, uint64_t *result)
379 {
380     return do_strtosz(nptr, end, 'B', 1000, result);
381 }
382 
383 /**
384  * Helper function for error checking after strtol() and the like
385  */
386 static int check_strtox_error(const char *nptr, char *ep,
387                               const char **endptr, bool check_zero,
388                               int libc_errno)
389 {
390     assert(ep >= nptr);
391 
392     /* Windows has a bug in that it fails to parse 0 from "0x" in base 16 */
393     if (check_zero && ep == nptr && libc_errno == 0) {
394         char *tmp;
395 
396         errno = 0;
397         if (strtol(nptr, &tmp, 10) == 0 && errno == 0 &&
398             (*tmp == 'x' || *tmp == 'X')) {
399             ep = tmp;
400         }
401     }
402 
403     if (endptr) {
404         *endptr = ep;
405     }
406 
407     /* Turn "no conversion" into an error */
408     if (libc_errno == 0 && ep == nptr) {
409         return -EINVAL;
410     }
411 
412     /* Fail when we're expected to consume the string, but didn't */
413     if (!endptr && *ep) {
414         return -EINVAL;
415     }
416 
417     return -libc_errno;
418 }
419 
420 /**
421  * Convert string @nptr to an integer, and store it in @result.
422  *
423  * This is a wrapper around strtol() that is harder to misuse.
424  * Semantics of @nptr, @endptr, @base match strtol() with differences
425  * noted below.
426  *
427  * @nptr may be null, and no conversion is performed then.
428  *
429  * If no conversion is performed, store @nptr in *@endptr, 0 in
430  * @result, and return -EINVAL.
431  *
432  * If @endptr is null, and the string isn't fully converted, return
433  * -EINVAL with @result set to the parsed value.  This is the case
434  * when the pointer that would be stored in a non-null @endptr points
435  * to a character other than '\0'.
436  *
437  * If the conversion overflows @result, store INT_MAX in @result,
438  * and return -ERANGE.
439  *
440  * If the conversion underflows @result, store INT_MIN in @result,
441  * and return -ERANGE.
442  *
443  * Else store the converted value in @result, and return zero.
444  *
445  * This matches the behavior of strtol() on 32-bit platforms, even on
446  * platforms where long is 64-bits.
447  */
448 int qemu_strtoi(const char *nptr, const char **endptr, int base,
449                 int *result)
450 {
451     char *ep;
452     long long lresult;
453 
454     assert((unsigned) base <= 36 && base != 1);
455     if (!nptr) {
456         *result = 0;
457         if (endptr) {
458             *endptr = nptr;
459         }
460         return -EINVAL;
461     }
462 
463     errno = 0;
464     lresult = strtoll(nptr, &ep, base);
465     if (lresult < INT_MIN) {
466         *result = INT_MIN;
467         errno = ERANGE;
468     } else if (lresult > INT_MAX) {
469         *result = INT_MAX;
470         errno = ERANGE;
471     } else {
472         *result = lresult;
473     }
474     return check_strtox_error(nptr, ep, endptr, lresult == 0, errno);
475 }
476 
477 /**
478  * Convert string @nptr to an unsigned integer, and store it in @result.
479  *
480  * This is a wrapper around strtoul() that is harder to misuse.
481  * Semantics of @nptr, @endptr, @base match strtoul() with differences
482  * noted below.
483  *
484  * @nptr may be null, and no conversion is performed then.
485  *
486  * If no conversion is performed, store @nptr in *@endptr, 0 in
487  * @result, and return -EINVAL.
488  *
489  * If @endptr is null, and the string isn't fully converted, return
490  * -EINVAL with @result set to the parsed value.  This is the case
491  * when the pointer that would be stored in a non-null @endptr points
492  * to a character other than '\0'.
493  *
494  * If the conversion overflows @result, store UINT_MAX in @result,
495  * and return -ERANGE.
496  *
497  * Else store the converted value in @result, and return zero.
498  *
499  * Note that a number with a leading minus sign gets converted without
500  * the minus sign, checked for overflow (see above), then negated (in
501  * @result's type).  This matches the behavior of strtoul() on 32-bit
502  * platforms, even on platforms where long is 64-bits.
503  */
504 int qemu_strtoui(const char *nptr, const char **endptr, int base,
505                  unsigned int *result)
506 {
507     char *ep;
508     unsigned long long lresult;
509     bool neg;
510 
511     assert((unsigned) base <= 36 && base != 1);
512     if (!nptr) {
513         *result = 0;
514         if (endptr) {
515             *endptr = nptr;
516         }
517         return -EINVAL;
518     }
519 
520     errno = 0;
521     lresult = strtoull(nptr, &ep, base);
522 
523     /* Windows returns 1 for negative out-of-range values.  */
524     if (errno == ERANGE) {
525         *result = -1;
526     } else {
527         /*
528          * Note that platforms with 32-bit strtoul only accept input
529          * in the range [-4294967295, 4294967295]; but we used 64-bit
530          * strtoull which wraps -18446744073709551615 to 1 instead of
531          * declaring overflow.  So we must check if '-' was parsed,
532          * and if so, undo the negation before doing our bounds check.
533          */
534         neg = memchr(nptr, '-', ep - nptr) != NULL;
535         if (neg) {
536             lresult = -lresult;
537         }
538         if (lresult > UINT_MAX) {
539             *result = UINT_MAX;
540             errno = ERANGE;
541         } else {
542             *result = neg ? -lresult : lresult;
543         }
544     }
545     return check_strtox_error(nptr, ep, endptr, lresult == 0, errno);
546 }
547 
548 /**
549  * Convert string @nptr to a long integer, and store it in @result.
550  *
551  * This is a wrapper around strtol() that is harder to misuse.
552  * Semantics of @nptr, @endptr, @base match strtol() with differences
553  * noted below.
554  *
555  * @nptr may be null, and no conversion is performed then.
556  *
557  * If no conversion is performed, store @nptr in *@endptr, 0 in
558  * @result, and return -EINVAL.
559  *
560  * If @endptr is null, and the string isn't fully converted, return
561  * -EINVAL with @result set to the parsed value.  This is the case
562  * when the pointer that would be stored in a non-null @endptr points
563  * to a character other than '\0'.
564  *
565  * If the conversion overflows @result, store LONG_MAX in @result,
566  * and return -ERANGE.
567  *
568  * If the conversion underflows @result, store LONG_MIN in @result,
569  * and return -ERANGE.
570  *
571  * Else store the converted value in @result, and return zero.
572  */
573 int qemu_strtol(const char *nptr, const char **endptr, int base,
574                 long *result)
575 {
576     char *ep;
577 
578     assert((unsigned) base <= 36 && base != 1);
579     if (!nptr) {
580         *result = 0;
581         if (endptr) {
582             *endptr = nptr;
583         }
584         return -EINVAL;
585     }
586 
587     errno = 0;
588     *result = strtol(nptr, &ep, base);
589     return check_strtox_error(nptr, ep, endptr, *result == 0, errno);
590 }
591 
592 /**
593  * Convert string @nptr to an unsigned long, and store it in @result.
594  *
595  * This is a wrapper around strtoul() that is harder to misuse.
596  * Semantics of @nptr, @endptr, @base match strtoul() with differences
597  * noted below.
598  *
599  * @nptr may be null, and no conversion is performed then.
600  *
601  * If no conversion is performed, store @nptr in *@endptr, 0 in
602  * @result, and return -EINVAL.
603  *
604  * If @endptr is null, and the string isn't fully converted, return
605  * -EINVAL with @result set to the parsed value.  This is the case
606  * when the pointer that would be stored in a non-null @endptr points
607  * to a character other than '\0'.
608  *
609  * If the conversion overflows @result, store ULONG_MAX in @result,
610  * and return -ERANGE.
611  *
612  * Else store the converted value in @result, and return zero.
613  *
614  * Note that a number with a leading minus sign gets converted without
615  * the minus sign, checked for overflow (see above), then negated (in
616  * @result's type).  This is exactly how strtoul() works.
617  */
618 int qemu_strtoul(const char *nptr, const char **endptr, int base,
619                  unsigned long *result)
620 {
621     char *ep;
622 
623     assert((unsigned) base <= 36 && base != 1);
624     if (!nptr) {
625         *result = 0;
626         if (endptr) {
627             *endptr = nptr;
628         }
629         return -EINVAL;
630     }
631 
632     errno = 0;
633     *result = strtoul(nptr, &ep, base);
634     /* Windows returns 1 for negative out-of-range values.  */
635     if (errno == ERANGE) {
636         *result = -1;
637     }
638     return check_strtox_error(nptr, ep, endptr, *result == 0, errno);
639 }
640 
641 /**
642  * Convert string @nptr to an int64_t.
643  *
644  * Works like qemu_strtol(), except it stores INT64_MAX on overflow,
645  * and INT64_MIN on underflow.
646  */
647 int qemu_strtoi64(const char *nptr, const char **endptr, int base,
648                  int64_t *result)
649 {
650     char *ep;
651 
652     assert((unsigned) base <= 36 && base != 1);
653     if (!nptr) {
654         *result = 0;
655         if (endptr) {
656             *endptr = nptr;
657         }
658         return -EINVAL;
659     }
660 
661     /* This assumes int64_t is long long TODO relax */
662     QEMU_BUILD_BUG_ON(sizeof(int64_t) != sizeof(long long));
663     errno = 0;
664     *result = strtoll(nptr, &ep, base);
665     return check_strtox_error(nptr, ep, endptr, *result == 0, errno);
666 }
667 
668 /**
669  * Convert string @nptr to an uint64_t.
670  *
671  * Works like qemu_strtoul(), except it stores UINT64_MAX on overflow.
672  * (If you want to prohibit negative numbers that wrap around to
673  * positive, use parse_uint()).
674  */
675 int qemu_strtou64(const char *nptr, const char **endptr, int base,
676                   uint64_t *result)
677 {
678     char *ep;
679 
680     assert((unsigned) base <= 36 && base != 1);
681     if (!nptr) {
682         *result = 0;
683         if (endptr) {
684             *endptr = nptr;
685         }
686         return -EINVAL;
687     }
688 
689     /* This assumes uint64_t is unsigned long long TODO relax */
690     QEMU_BUILD_BUG_ON(sizeof(uint64_t) != sizeof(unsigned long long));
691     errno = 0;
692     *result = strtoull(nptr, &ep, base);
693     /* Windows returns 1 for negative out-of-range values.  */
694     if (errno == ERANGE) {
695         *result = -1;
696     }
697     return check_strtox_error(nptr, ep, endptr, *result == 0, errno);
698 }
699 
700 /**
701  * Convert string @nptr to a double.
702   *
703  * This is a wrapper around strtod() that is harder to misuse.
704  * Semantics of @nptr and @endptr match strtod() with differences
705  * noted below.
706  *
707  * @nptr may be null, and no conversion is performed then.
708  *
709  * If no conversion is performed, store @nptr in *@endptr, +0.0 in
710  * @result, and return -EINVAL.
711  *
712  * If @endptr is null, and the string isn't fully converted, return
713  * -EINVAL with @result set to the parsed value.  This is the case
714  * when the pointer that would be stored in a non-null @endptr points
715  * to a character other than '\0'.
716  *
717  * If the conversion overflows, store +/-HUGE_VAL in @result, depending
718  * on the sign, and return -ERANGE.
719  *
720  * If the conversion underflows, store +/-0.0 in @result, depending on the
721  * sign, and return -ERANGE.
722  *
723  * Else store the converted value in @result, and return zero.
724  */
725 int qemu_strtod(const char *nptr, const char **endptr, double *result)
726 {
727     char *ep;
728 
729     if (!nptr) {
730         *result = 0.0;
731         if (endptr) {
732             *endptr = nptr;
733         }
734         return -EINVAL;
735     }
736 
737     errno = 0;
738     *result = strtod(nptr, &ep);
739     return check_strtox_error(nptr, ep, endptr, false, errno);
740 }
741 
742 /**
743  * Convert string @nptr to a finite double.
744  *
745  * Works like qemu_strtod(), except that "NaN", "inf", and strings
746  * that cause ERANGE overflow errors are rejected with -EINVAL as if
747  * no conversion is performed, storing 0.0 into @result regardless of
748  * any sign.  -ERANGE failures for underflow still preserve the parsed
749  * sign.
750  */
751 int qemu_strtod_finite(const char *nptr, const char **endptr, double *result)
752 {
753     const char *tmp;
754     int ret;
755 
756     ret = qemu_strtod(nptr, &tmp, result);
757     if (!isfinite(*result)) {
758         if (endptr) {
759             *endptr = nptr;
760         }
761         *result = 0.0;
762         ret = -EINVAL;
763     } else if (endptr) {
764         *endptr = tmp;
765     } else if (*tmp) {
766         ret = -EINVAL;
767     }
768     return ret;
769 }
770 
771 /**
772  * Searches for the first occurrence of 'c' in 's', and returns a pointer
773  * to the trailing null byte if none was found.
774  */
775 #ifndef HAVE_STRCHRNUL
776 const char *qemu_strchrnul(const char *s, int c)
777 {
778     const char *e = strchr(s, c);
779     if (!e) {
780         e = s + strlen(s);
781     }
782     return e;
783 }
784 #endif
785 
786 /**
787  * parse_uint:
788  *
789  * @s: String to parse
790  * @endptr: Destination for pointer to first character not consumed
791  * @base: integer base, between 2 and 36 inclusive, or 0
792  * @value: Destination for parsed integer value
793  *
794  * Parse unsigned integer
795  *
796  * Parsed syntax is like strtoull()'s: arbitrary whitespace, a single optional
797  * '+' or '-', an optional "0x" if @base is 0 or 16, one or more digits.
798  *
799  * If @s is null, or @s doesn't start with an integer in the syntax
800  * above, set *@value to 0, *@endptr to @s, and return -EINVAL.
801  *
802  * Set *@endptr to point right beyond the parsed integer (even if the integer
803  * overflows or is negative, all digits will be parsed and *@endptr will
804  * point right beyond them).  If @endptr is %NULL, any trailing character
805  * instead causes a result of -EINVAL with *@value of 0.
806  *
807  * If the integer is negative, set *@value to 0, and return -ERANGE.
808  * (If you want to allow negative numbers that wrap around within
809  * bounds, use qemu_strtou64()).
810  *
811  * If the integer overflows unsigned long long, set *@value to
812  * ULLONG_MAX, and return -ERANGE.
813  *
814  * Else, set *@value to the parsed integer, and return 0.
815  */
816 int parse_uint(const char *s, const char **endptr, int base, uint64_t *value)
817 {
818     int r = 0;
819     char *endp = (char *)s;
820     unsigned long long val = 0;
821 
822     assert((unsigned) base <= 36 && base != 1);
823     if (!s) {
824         r = -EINVAL;
825         goto out;
826     }
827 
828     errno = 0;
829     val = strtoull(s, &endp, base);
830     if (errno) {
831         r = -errno;
832         goto out;
833     }
834 
835     if (endp == s) {
836         r = -EINVAL;
837         goto out;
838     }
839 
840     /* make sure we reject negative numbers: */
841     while (qemu_isspace(*s)) {
842         s++;
843     }
844     if (*s == '-') {
845         val = 0;
846         r = -ERANGE;
847         goto out;
848     }
849 
850 out:
851     *value = val;
852     if (endptr) {
853         *endptr = endp;
854     } else if (s && *endp) {
855         r = -EINVAL;
856         *value = 0;
857     }
858     return r;
859 }
860 
861 /**
862  * parse_uint_full:
863  *
864  * @s: String to parse
865  * @base: integer base, between 2 and 36 inclusive, or 0
866  * @value: Destination for parsed integer value
867  *
868  * Parse unsigned integer from entire string, rejecting any trailing slop.
869  *
870  * Shorthand for parse_uint(s, NULL, base, value).
871  */
872 int parse_uint_full(const char *s, int base, uint64_t *value)
873 {
874     return parse_uint(s, NULL, base, value);
875 }
876 
877 int qemu_parse_fd(const char *param)
878 {
879     long fd;
880     char *endptr;
881 
882     errno = 0;
883     fd = strtol(param, &endptr, 10);
884     if (param == endptr /* no conversion performed */                    ||
885         errno != 0      /* not representable as long; possibly others */ ||
886         *endptr != '\0' /* final string not empty */                     ||
887         fd < 0          /* invalid as file descriptor */                 ||
888         fd > INT_MAX    /* not representable as int */) {
889         return -1;
890     }
891     return fd;
892 }
893 
894 /*
895  * Implementation of  ULEB128 (http://en.wikipedia.org/wiki/LEB128)
896  * Input is limited to 14-bit numbers
897  */
898 int uleb128_encode_small(uint8_t *out, uint32_t n)
899 {
900     g_assert(n <= 0x3fff);
901     if (n < 0x80) {
902         *out = n;
903         return 1;
904     } else {
905         *out++ = (n & 0x7f) | 0x80;
906         *out = n >> 7;
907         return 2;
908     }
909 }
910 
911 int uleb128_decode_small(const uint8_t *in, uint32_t *n)
912 {
913     if (!(*in & 0x80)) {
914         *n = *in;
915         return 1;
916     } else {
917         *n = *in++ & 0x7f;
918         /* we exceed 14 bit number */
919         if (*in & 0x80) {
920             return -1;
921         }
922         *n |= *in << 7;
923         return 2;
924     }
925 }
926 
927 /*
928  * helper to parse debug environment variables
929  */
930 int parse_debug_env(const char *name, int max, int initial)
931 {
932     char *debug_env = getenv(name);
933     char *inv = NULL;
934     long debug;
935 
936     if (!debug_env) {
937         return initial;
938     }
939     errno = 0;
940     debug = strtol(debug_env, &inv, 10);
941     if (inv == debug_env) {
942         return initial;
943     }
944     if (debug < 0 || debug > max || errno != 0) {
945         warn_report("%s not in [0, %d]", name, max);
946         return initial;
947     }
948     return debug;
949 }
950 
951 const char *si_prefix(unsigned int exp10)
952 {
953     static const char *prefixes[] = {
954         "a", "f", "p", "n", "u", "m", "", "K", "M", "G", "T", "P", "E"
955     };
956 
957     exp10 += 18;
958     assert(exp10 % 3 == 0 && exp10 / 3 < ARRAY_SIZE(prefixes));
959     return prefixes[exp10 / 3];
960 }
961 
962 const char *iec_binary_prefix(unsigned int exp2)
963 {
964     static const char *prefixes[] = { "", "Ki", "Mi", "Gi", "Ti", "Pi", "Ei" };
965 
966     assert(exp2 % 10 == 0 && exp2 / 10 < ARRAY_SIZE(prefixes));
967     return prefixes[exp2 / 10];
968 }
969 
970 /*
971  * Return human readable string for size @val.
972  * @val can be anything that uint64_t allows (no more than "16 EiB").
973  * Use IEC binary units like KiB, MiB, and so forth.
974  * Caller is responsible for passing it to g_free().
975  */
976 char *size_to_str(uint64_t val)
977 {
978     uint64_t div;
979     int i;
980 
981     /*
982      * The exponent (returned in i) minus one gives us
983      * floor(log2(val * 1024 / 1000).  The correction makes us
984      * switch to the higher power when the integer part is >= 1000.
985      * (see e41b509d68afb1f for more info)
986      */
987     frexp(val / (1000.0 / 1024.0), &i);
988     i = (i - 1) / 10 * 10;
989     div = 1ULL << i;
990 
991     return g_strdup_printf("%0.3g %sB", (double)val / div, iec_binary_prefix(i));
992 }
993 
994 char *freq_to_str(uint64_t freq_hz)
995 {
996     double freq = freq_hz;
997     size_t exp10 = 0;
998 
999     while (freq >= 1000.0) {
1000         freq /= 1000.0;
1001         exp10 += 3;
1002     }
1003 
1004     return g_strdup_printf("%0.3g %sHz", freq, si_prefix(exp10));
1005 }
1006 
1007 int qemu_pstrcmp0(const char **str1, const char **str2)
1008 {
1009     return g_strcmp0(*str1, *str2);
1010 }
1011 
1012 static inline bool starts_with_prefix(const char *dir)
1013 {
1014     size_t prefix_len = strlen(CONFIG_PREFIX);
1015     /*
1016      * dir[prefix_len] is only accessed if the length of dir is
1017      * >= prefix_len, so no out of bounds access is possible.
1018      */
1019 #pragma GCC diagnostic push
1020 #if !defined(__clang__) || __has_warning("-Warray-bounds=")
1021 #pragma GCC diagnostic ignored "-Warray-bounds="
1022 #endif
1023     return !memcmp(dir, CONFIG_PREFIX, prefix_len) &&
1024         (!dir[prefix_len] || G_IS_DIR_SEPARATOR(dir[prefix_len]));
1025 #pragma GCC diagnostic pop
1026 }
1027 
1028 /* Return the next path component in dir, and store its length in *p_len.  */
1029 static inline const char *next_component(const char *dir, int *p_len)
1030 {
1031     int len;
1032     while ((*dir && G_IS_DIR_SEPARATOR(*dir)) ||
1033            (*dir == '.' && (G_IS_DIR_SEPARATOR(dir[1]) || dir[1] == '\0'))) {
1034         dir++;
1035     }
1036     len = 0;
1037     while (dir[len] && !G_IS_DIR_SEPARATOR(dir[len])) {
1038         len++;
1039     }
1040     *p_len = len;
1041     return dir;
1042 }
1043 
1044 static const char *exec_dir;
1045 
1046 void qemu_init_exec_dir(const char *argv0)
1047 {
1048 #ifdef G_OS_WIN32
1049     char *p;
1050     char buf[MAX_PATH];
1051     DWORD len;
1052 
1053     if (exec_dir) {
1054         return;
1055     }
1056 
1057     len = GetModuleFileName(NULL, buf, sizeof(buf) - 1);
1058     if (len == 0) {
1059         return;
1060     }
1061 
1062     buf[len] = 0;
1063     p = buf + len - 1;
1064     while (p != buf && *p != '\\') {
1065         p--;
1066     }
1067     *p = 0;
1068     if (access(buf, R_OK) == 0) {
1069         exec_dir = g_strdup(buf);
1070     } else {
1071         exec_dir = CONFIG_BINDIR;
1072     }
1073 #else
1074     char *p = NULL;
1075     char buf[PATH_MAX];
1076 
1077     if (exec_dir) {
1078         return;
1079     }
1080 
1081 #if defined(__linux__)
1082     {
1083         int len;
1084         len = readlink("/proc/self/exe", buf, sizeof(buf) - 1);
1085         if (len > 0) {
1086             buf[len] = 0;
1087             p = buf;
1088         }
1089     }
1090 #elif defined(__FreeBSD__) \
1091       || (defined(__NetBSD__) && defined(KERN_PROC_PATHNAME))
1092     {
1093 #if defined(__FreeBSD__)
1094         static int mib[4] = {CTL_KERN, KERN_PROC, KERN_PROC_PATHNAME, -1};
1095 #else
1096         static int mib[4] = {CTL_KERN, KERN_PROC_ARGS, -1, KERN_PROC_PATHNAME};
1097 #endif
1098         size_t len = sizeof(buf) - 1;
1099 
1100         *buf = '\0';
1101         if (!sysctl(mib, ARRAY_SIZE(mib), buf, &len, NULL, 0) &&
1102             *buf) {
1103             buf[sizeof(buf) - 1] = '\0';
1104             p = buf;
1105         }
1106     }
1107 #elif defined(__APPLE__)
1108     {
1109         char fpath[PATH_MAX];
1110         uint32_t len = sizeof(fpath);
1111         if (_NSGetExecutablePath(fpath, &len) == 0) {
1112             p = realpath(fpath, buf);
1113             if (!p) {
1114                 return;
1115             }
1116         }
1117     }
1118 #elif defined(__HAIKU__)
1119     {
1120         image_info ii;
1121         int32_t c = 0;
1122 
1123         *buf = '\0';
1124         while (get_next_image_info(0, &c, &ii) == B_OK) {
1125             if (ii.type == B_APP_IMAGE) {
1126                 strncpy(buf, ii.name, sizeof(buf));
1127                 buf[sizeof(buf) - 1] = 0;
1128                 p = buf;
1129                 break;
1130             }
1131         }
1132     }
1133 #endif
1134     /* If we don't have any way of figuring out the actual executable
1135        location then try argv[0].  */
1136     if (!p && argv0) {
1137         p = realpath(argv0, buf);
1138     }
1139     if (p) {
1140         exec_dir = g_path_get_dirname(p);
1141     } else {
1142         exec_dir = CONFIG_BINDIR;
1143     }
1144 #endif
1145 }
1146 
1147 const char *qemu_get_exec_dir(void)
1148 {
1149     return exec_dir;
1150 }
1151 
1152 char *get_relocated_path(const char *dir)
1153 {
1154     size_t prefix_len = strlen(CONFIG_PREFIX);
1155     const char *bindir = CONFIG_BINDIR;
1156     GString *result;
1157     int len_dir, len_bindir;
1158 
1159     /* Fail if qemu_init_exec_dir was not called.  */
1160     assert(exec_dir[0]);
1161 
1162     result = g_string_new(exec_dir);
1163     g_string_append(result, "/qemu-bundle");
1164     if (access(result->str, R_OK) == 0) {
1165 #ifdef G_OS_WIN32
1166         size_t size = mbsrtowcs(NULL, &dir, 0, &(mbstate_t){0}) + 1;
1167         PWSTR wdir = g_new(WCHAR, size);
1168         mbsrtowcs(wdir, &dir, size, &(mbstate_t){0});
1169 
1170         PCWSTR wdir_skipped_root;
1171         PathCchSkipRoot(wdir, &wdir_skipped_root);
1172 
1173         size = wcsrtombs(NULL, &wdir_skipped_root, 0, &(mbstate_t){0});
1174         char *cursor = result->str + result->len;
1175         g_string_set_size(result, result->len + size);
1176         wcsrtombs(cursor, &wdir_skipped_root, size + 1, &(mbstate_t){0});
1177         g_free(wdir);
1178 #else
1179         g_string_append(result, dir);
1180 #endif
1181     } else if (!starts_with_prefix(dir) || !starts_with_prefix(bindir)) {
1182         g_string_assign(result, dir);
1183     } else {
1184         g_string_assign(result, exec_dir);
1185 
1186         /* Advance over common components.  */
1187         len_dir = len_bindir = prefix_len;
1188         do {
1189             dir += len_dir;
1190             bindir += len_bindir;
1191             dir = next_component(dir, &len_dir);
1192             bindir = next_component(bindir, &len_bindir);
1193         } while (len_dir && len_dir == len_bindir && !memcmp(dir, bindir, len_dir));
1194 
1195         /* Ascend from bindir to the common prefix with dir.  */
1196         while (len_bindir) {
1197             bindir += len_bindir;
1198             g_string_append(result, "/..");
1199             bindir = next_component(bindir, &len_bindir);
1200         }
1201 
1202         if (*dir) {
1203             assert(G_IS_DIR_SEPARATOR(dir[-1]));
1204             g_string_append(result, dir - 1);
1205         }
1206     }
1207 
1208     return g_string_free(result, false);
1209 }
1210