rename mutt_sprintf() to safe_asprintf() to match the GNU extension that performs a similar task

5 files changed, 101 insertions, 37 deletions

diff --git a/Makefile.am b/Makefile.am
index 559d23eb..0905a681 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -33,7 +33,7 @@ mutt_SOURCES = \
 	score.c send.c sendlib.c signal.c sort.c \
 	status.c system.c thread.c charset.c history.c lib.c \
 	muttlib.c editmsg.c mbyte.c \
-	url.c ascii.c crypt-mod.c crypt-mod.h
+	url.c ascii.c crypt-mod.c crypt-mod.h safe_asprintf.c
 
 nodist_mutt_SOURCES = $(BUILT_SOURCES)
 
diff --git a/imap/message.c b/imap/message.c
index 1f0f3c02..e3cb0ac2 100644
--- a/imap/message.c
+++ b/imap/message.c
@@ -86,12 +86,12 @@ int imap_read_headers (IMAP_DATA* idata, int msgbegin, int msgend)
 
   if (mutt_bit_isset (idata->capabilities,IMAP4REV1))
   {
-    hdrreq = mutt_sprintf ("BODY.PEEK[HEADER.FIELDS (%s%s%s)]",
+    safe_asprintf (&hdrreq, "BODY.PEEK[HEADER.FIELDS (%s%s%s)]",
                            want_headers, ImapHeaders ? " " : "", NONULL (ImapHeaders));
   }
   else if (mutt_bit_isset (idata->capabilities,IMAP4))
   {
-    hdrreq = mutt_sprintf ("RFC822.HEADER.LINES (%s%s%s)",
+    safe_asprintf (&hdrreq, "RFC822.HEADER.LINES (%s%s%s)",
                            want_headers, ImapHeaders ? " " : "", NONULL (ImapHeaders));
   }
   else
@@ -242,8 +242,8 @@ int imap_read_headers (IMAP_DATA* idata, int msgbegin, int msgend)
       char *cmd;
 
       fetchlast = msgend + 1;
-      cmd = mutt_sprintf ("FETCH %d:%d (UID FLAGS INTERNALDATE RFC822.SIZE %s)",
-                          msgno + 1, fetchlast, hdrreq);
+      safe_asprintf (&cmd, "FETCH %d:%d (UID FLAGS INTERNALDATE RFC822.SIZE %s)",
+                     msgno + 1, fetchlast, hdrreq);
       imap_cmd_start (idata, cmd);
       FREE (&cmd);
     }
diff --git a/lib.c b/lib.c
index 0d829154..17cc5160 100644
--- a/lib.c
+++ b/lib.c
@@ -1082,34 +1082,3 @@ int mutt_atol (const char *str, long *dst)
     return -1;
   return 0;
 }
-
-/* Allocate a C-string large enough to contain the formatted string.
- * This is essentially malloc+sprintf in one.
- */
-char *mutt_sprintf (const char *fmt, ...)
-{
-  size_t rlen = STRING;
-  char *r = safe_malloc (rlen);
-  for (;;)
-  {
-    va_list ap;
-    va_start (ap, fmt);
-    size_t n = vsnprintf (r, rlen, fmt, ap);
-    va_end (ap);
-    if (n < rlen)
-    {
-      /* reduce space to just that which was used.  note that 'n' does not
-       * include the terminal nul char.
-       */
-      if (n == 0) /* convention is to use NULL for zero-length strings. */
-	FREE (&r);
-      else if (n != rlen - 1)
-	safe_realloc (&r, n + 1);
-      return r;
-    }
-    /* increase size and try again */
-    rlen = n + 1;
-    safe_realloc(&r, rlen);
-  }
-  /* not reached */
-}
diff --git a/lib.h b/lib.h
index b08f909d..49fc8682 100644
--- a/lib.h
+++ b/lib.h
@@ -153,7 +153,6 @@ char *mutt_concatn_path (char *, size_t, const char *, size_t, const char *, siz
 char *mutt_concat_path (char *, const char *, const char *, size_t);
 char *mutt_read_line (char *, size_t *, FILE *, int *, int);
 char *mutt_skip_whitespace (char *);
-char *mutt_sprintf (const char *, ...);
 char *mutt_strlower (char *);
 char *mutt_substrcpy (char *, const char *, const char *, size_t);
 char *mutt_substrdup (const char *, const char *);
@@ -183,6 +182,7 @@ int mutt_strcmp (const char *, const char *);
 int mutt_strncasecmp (const char *, const char *, size_t);
 int mutt_strncmp (const char *, const char *, size_t);
 int mutt_strcoll (const char *, const char *);
+int safe_asprintf (char **, const char *, ...);
 int safe_open (const char *, int);
 int safe_rename (const char *, const char *);
 int safe_symlink (const char *, const char *);
diff --git a/safe_asprintf.c b/safe_asprintf.c
new file mode 100644
index 00000000..e99e6bed
--- /dev/null
+++ b/safe_asprintf.c
@@ -0,0 +1,95 @@
+/*
+ * Copyright (C) 2010 Michael R. Elkins <me@mutt.org>
+ * 
+ *     This program is free software; you can redistribute it and/or modify
+ *     it under the terms of the GNU General Public License as published by
+ *     the Free Software Foundation; either version 2 of the License, or
+ *     (at your option) any later version.
+ * 
+ *     This program is distributed in the hope that it will be useful,
+ *     but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *     GNU General Public License for more details.
+ * 
+ *     You should have received a copy of the GNU General Public License
+ *     along with this program; if not, write to the Free Software
+ *     Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */ 
+
+#include <stdio.h>
+#include "lib.h"
+
+/* NOTE: Currently there is no check in configure.ac for vasprintf(3).  the
+ * undefined behavior of the error condition makes it difficult to write a safe
+ * version using it.
+ */
+
+#ifdef HAVE_VASPRINTF
+int safe_asprintf (char **strp, const char *fmt, ...)
+{
+  va_list ap;
+  int n;
+
+  va_start (ap, fmt);
+  n = vasprintf (strp, fmt, ap);
+  va_end (ap);
+
+  /* GNU libc man page for vasprintf(3) states that the value of *strp
+   * is undefined when the return code is -1.
+   */
+  if (n < 0)
+  {
+    mutt_error _("Out of memory!");
+    sleep (1);
+    mutt_exit (1);
+  }
+
+  if (n == 0)
+  {
+    /* Mutt convention is to use NULL for 0-length strings */
+    FREE (strp);
+  }
+
+  return n;
+}
+#else
+/* Allocate a C-string large enough to contain the formatted string.
+ * This is essentially malloc+sprintf in one.
+ */
+int safe_asprintf (char **strp, const char *fmt, ...)
+{
+  int rlen = STRING;
+  int n;
+
+  *strp = safe_malloc (rlen);
+  for (;;)
+  {
+    va_list ap;
+    va_start (ap, fmt);
+    n = vsnprintf (*strp, rlen, fmt, ap);
+    if (n < 0)
+    {
+      FREE (strp);
+      return n;
+    }
+    va_end (ap);
+
+    if (n < rlen)
+    {
+      /* reduce space to just that which was used.  note that 'n' does not
+       * include the terminal nul char.
+       */
+      if (n == 0) /* convention is to use NULL for zero-length strings. */
+	FREE (strp);
+      else if (n != rlen - 1)
+	safe_realloc (strp, n + 1);
+      return n;
+    }
+    /* increase size and try again */
+    rlen = n + 1;
+    safe_realloc (strp, rlen);
+  }
+  /* not reached */
+}
+#endif /* HAVE_ASPRINTF */
+