safec  3.2
Safe C Library - ISO TR24731 Bounds Checking Interface
safe_mem_lib.h File Reference
#include "safe_config.h"
#include "safe_lib_errno.h"
#include "safe_types.h"
#include <wchar.h>
+ Include dependency graph for safe_mem_lib.h:

Macros

#define EXTERN   extern
 
#define RSIZE_MAX_MEM16   ( RSIZE_MAX_MEM/2 )
 
#define RSIZE_MAX_MEM32   ( RSIZE_MAX_MEM/4 )
 
#define RSIZE_MAX_WMEM   ( RSIZE_MAX_MEM/sizeof(wchar_t) )
 

Functions

EXTERN constraint_handler_t set_mem_constraint_handler_s (constraint_handler_t handler)
 The set_mem_constraint_handler_s function sets the runtime-constraint handler to be handler. More...
 
EXTERN errno_t memcpy_s (void *restrict dest, rsize_t dmax, const void *restrict src, rsize_t slen)
 This function copies at most smax bytes from src to dest, up to dmax. More...
 
EXTERN errno_t memmove_s (void *dest, rsize_t dmax, const void *src, rsize_t slen)
 The memmove_s function copies smax bytes from the region pointed to by src into the region pointed to by dest. More...
 
EXTERN errno_t memset_s (void *dest, rsize_t dmax, int value, rsize_t n)
 Sets the first n bytes starting at dest to the specified value, but maximal dmax bytes. More...
 
EXTERN errno_t memcmp_s (const void *dest, rsize_t dmax, const void *src, rsize_t slen, int *diff)
 Compares memory until they differ, and their difference sign (-1,0,1) is returned in diff. More...
 
EXTERN errno_t memcmp16_s (const uint16_t *dest, rsize_t dmax, const uint16_t *src, rsize_t slen, int *diff)
 Compares memory until they differ, and their difference is returned in diff. More...
 
EXTERN errno_t memcmp32_s (const uint32_t *dest, rsize_t dmax, const uint32_t *src, rsize_t slen, int *diff)
 Compares memory until they differ, and their difference is returned in diff. More...
 
EXTERN errno_t memcpy16_s (uint16_t *dest, rsize_t dmax, const uint16_t *src, rsize_t slen)
 This function copies at most smax uint16_ts from src to dest, up to dmax. More...
 
EXTERN errno_t memcpy32_s (uint32_t *dest, rsize_t dmax, const uint32_t *src, rsize_t slen)
 This function copies at most smax uint32_ts from src to dest, up to dmax. More...
 
EXTERN errno_t memmove16_s (uint16_t *dest, rsize_t dmax, const uint16_t *src, rsize_t slen)
 The memmove16_s function copies smax uint16_t from the region pointed to by src into the region pointed to by dest. More...
 
EXTERN errno_t memmove32_s (uint32_t *dest, rsize_t dmax, const uint32_t *src, rsize_t slen)
 The memmove32_s function copies smax uint32_ts from the region pointed to by src into the region pointed to by dest. More...
 
EXTERN errno_t memset16_s (uint16_t *dest, rsize_t dmax, uint16_t value, rsize_t n)
 Sets the first n uint16_t values starting at dest to the specified value, but maximal dmax bytes. More...
 
EXTERN errno_t memset32_s (uint32_t *dest, rsize_t dmax, uint32_t value, rsize_t n)
 Sets len uint32_t starting at dest to the specified value. More...
 
EXTERN errno_t memzero_s (void *dest, rsize_t dmax)
 Zeros len bytes starting at dest. More...
 
EXTERN errno_t memzero16_s (uint16_t *dest, rsize_t dmax)
 Zeros len uint16_ts starting at dest. More...
 
EXTERN errno_t memzero32_s (uint32_t *dest, rsize_t dmax)
 Zeros len uint32_ts starting at dest. More...
 
EXTERN errno_t memchr_s (const void *restrict dest, rsize_t dlen, const int ch, void **result)
 Finds the first occurrence of ch (after conversion to unsigned char as if by (unsigned char)ch) in the null-terminated buffer pointed to by dest (each character interpreted as unsigned char). More...
 
EXTERN errno_t memrchr_s (const void *restrict dest, rsize_t dlen, const int ch, void **result)
 Finds the last occurrence of ch (after conversion to char as if by (char)ch) in the null-terminated byte string pointed to by dest (each character interpreted as unsigned char). More...
 
EXTERN int timingsafe_bcmp (const void *b1, const void *b2, size_t n)
 Compare all memory bytes. More...
 
EXTERN int timingsafe_memcmp (const void *b1, const void *b2, size_t len)
 Compare all memory bytes. More...
 
EXTERN errno_t memccpy_s (void *dest, rsize_t dmax, const void *src, int c, rsize_t n)
 
EXTERN errno_t wmemcpy_s (wchar_t *restrict dest, rsize_t dmax, const wchar_t *restrict src, rsize_t smax)
 
EXTERN errno_t wmemmove_s (wchar_t *dest, rsize_t dmax, const wchar_t *src, rsize_t smax)
 The wmemmove_s function copies smax wchar_t's from the region pointed to by src into the region pointed to by dest. More...
 
EXTERN errno_t wmemcmp_s (const wchar_t *dest, rsize_t dmax, const wchar_t *src, rsize_t slen, int *diff)
 Compares buffers of wide chars until they differ, and return 0 if the same or -1 or 1 in diff. More...
 

Macro Definition Documentation

◆ EXTERN

#define EXTERN   extern

◆ RSIZE_MAX_MEM16

#define RSIZE_MAX_MEM16   ( RSIZE_MAX_MEM/2 )

◆ RSIZE_MAX_MEM32

#define RSIZE_MAX_MEM32   ( RSIZE_MAX_MEM/4 )

◆ RSIZE_MAX_WMEM

#define RSIZE_MAX_WMEM   ( RSIZE_MAX_MEM/sizeof(wchar_t) )

Function Documentation

◆ set_mem_constraint_handler_s()

EXTERN constraint_handler_t set_mem_constraint_handler_s ( constraint_handler_t  handler)

The set_mem_constraint_handler_s function sets the runtime-constraint handler to be handler.

The runtime-constraint handler is the function to be called when a library function detects a runtime-constraint order:

  1. A pointer to a character string describing the runtime-constraint violation.
  2. A null pointer or a pointer to an implementation defined object.
  3. If the function calling the handler has a return type declared as errno_t, the return value of the function is passed. Otherwise, a positive value of type errno_t is passed. The implementation has a default constraint handler that is used if no calls to the set_constraint_handler_s function have been made. The behavior of the default handler is implementation-defined, and it may cause the program to exit or abort. If the handler argument to set_constraint_handler_s is a null pointer, the implementation default handler becomes the current constraint handler.
Remarks
SPECIFIED IN ISO/IEC JTC1 SC22 WG14 N1172, Programming languages, environments and system software interfaces, Extensions to the C Library, Part I: Bounds-checking interfaces
See also
set_str_constraint_handler_s()

◆ memcpy_s()

EXTERN errno_t memcpy_s ( void *restrict  dest,
rsize_t  dmax,
const void *restrict  src,
rsize_t  smax 
)

This function copies at most smax bytes from src to dest, up to dmax.

Remarks
SPECIFIED IN
  • C11 standard (ISO/IEC 9899:2011): K.3.7.1.1 The memcpy_s function (p: 614) http://en.cppreference.com/w/c/string/byte/memcpy
  • ISO/IEC JTC1 SC22 WG14 N1172, Programming languages, environments and system software interfaces, Extensions to the C Library, Part I: Bounds-checking interfaces
Parameters
[out]destpointer to the memory that will be replaced by src.
[in]dmaxmaximum length of the resulting dest, in bytes
[in]srcpointer to the memory that will be copied to dest
[in]smaxmaximum number bytes of src that can be copied
Precondition
Neither dest nor src shall be a null pointer.
dmax shall not be 0.
dmax shall not be greater than RSIZE_MAX_MEM.
smax shall not be greater than dmax.
Copying shall not take place between regions that overlap.
Note
C11 uses RSIZE_MAX, not RSIZE_MAX_MEM.
Returns
If there is a runtime-constraint violation, the memcpy_s function stores zeros in the first dmax bytes of the region pointed to by dest if dest is not a null pointer and smax is valid.
Return values
EOKwhen operation is successful
ESNULLPwhen dest/src is NULL POINTER
ESZEROLwhen dmax = ZERO. Before C11 also with smax = ZERO
ESLEMAXwhen dmax/smax > RSIZE_MAX_MEM
ESNOSPCwhen dmax < smax
ESOVRLPwhen src memory overlaps dst
See also
memcpy16_s(), memcpy32_s(), memmove_s(), memmove16_s(), memmove32_s()

◆ memmove_s()

EXTERN errno_t memmove_s ( void *  dest,
rsize_t  dmax,
const void *  src,
rsize_t  smax 
)

The memmove_s function copies smax bytes from the region pointed to by src into the region pointed to by dest.

This copying takes place as if the smax bytes from the region pointed to by src are first copied into a temporary array of smax bytes that does not overlap the region pointed to by dest or src, and then the smax bytes from the temporary array are copied into the object region to by dest.

Remarks
SPECIFIED IN
  • C11 standard (ISO/IEC 9899:2011): K.3.7.1.2 The memmove_s function (p: 615) http://en.cppreference.com/w/c/string/byte/memmove
  • ISO/IEC TR 24731, Programming languages, environments and system software interfaces, Extensions to the C Library, Part I: Bounds-checking interfaces
Parameters
[out]destpointer to the memory that will be replaced by src.
[in]dmaxmaximum length of the resulting dest, in bytes
[in]srcpointer to the memory that will be copied to dest
[in]smaxmaximum number bytes of src that can be copied
Precondition
Neither dest nor src shall be a null pointer.
dmax shall not be 0.
dmax shall not be greater than RSIZE_MAX_MEM.
smax shall not be greater than dmax.
Note
C11 uses RSIZE_MAX, not RSIZE_MAX_MEM.
Returns
If there is a runtime-constraint violation, the memmove_s function stores zeros in the first dmax characters of the region pointed to by dest if dest is not a null pointer and dmax is not greater than RSIZE_MAX_MEM.
Return values
EOKwhen operation is successful
ESNULLPwhen dst/src is NULL POINTER
ESZEROLwhen dmax = ZERO. Before C11 also with smax = ZERO
ESLEMAXwhen dmax/smax > RSIZE_MAX_MEM
ESNOSPCwhen dmax < smax
See also
memmove16_s(), memmove32_s(), memcpy_s(), memcpy16_s() memcpy32_s()

◆ memset_s()

EXTERN errno_t memset_s ( void *  dest,
rsize_t  dmax,
int  value,
rsize_t  n 
)

Sets the first n bytes starting at dest to the specified value, but maximal dmax bytes.

Remarks
SPECIFIED IN
  • C11 standard (ISO/IEC 9899:2011): K.3.7.4.1 The memset_s function (p: 621-622) http://en.cppreference.com/w/c/string/byte/memset
  • ISO/IEC JTC1 SC22 WG14 N1172, Programming languages, environments and system software interfaces, Extensions to the C Library, Part I: Bounds-checking interfaces
Parameters
[out]destpointer to memory that will be set to the value
[in]dmaxmaximum number of bytes to be written
[in]valuebyte value to be written
[in]nnumber of bytes to be set
Precondition
dest shall not be a null pointer.
dmax and n shall not be greater than RSIZE_MAX_MEM.
value shall not be greater than 255.
dmax may not be smaller than n.
Without C11 dmax and n shall not be 0
Note
The behavior is undefined if the size of the character array pointed to by dest < count <= dmax; in other words, an erroneous value of dmax does not expose the impending buffer overflow.
C11 uses RSIZE_MAX, not RSIZE_MAX_MEM.
C11 returns 0 when n = ZERO.
Returns
If there is a runtime-constraints violation, and if dest is not a null pointer, and if dmax is not larger than RSIZE_MAX_MEM, then, before reporting the runtime-constraints violation, memset_s() copies dmax bytes to the destination.
Return values
EOKwhen operation is successful
ESNULLPwhen dest is NULL pointer (EINVAL with C11)
ESZEROLwhen n = ZERO (unless C11)
ESLEMAXwhen dmax/n > RSIZE_MAX_MEM or value > 255
ESNOSPCwhen dmax < n
See also
memset16_s(), memset32_s()

◆ memcmp_s()

EXTERN errno_t memcmp_s ( const void *  dest,
rsize_t  dmax,
const void *  src,
rsize_t  smax,
int *  diff 
)

Compares memory until they differ, and their difference sign (-1,0,1) is returned in diff.

If the block of memory is the same, *diff=0.

Remarks
EXTENSION TO ISO/IEC JTC1 SC22 WG14 N1172, Programming languages, environments and system software interfaces, Extensions to the C Library, Part I: Bounds-checking interfaces
Parameters
destpointer to memory to compare against
srcpointer to the source memory to compare with dest
dmaxmaximum length of dest, in bytes
smaxlength of the source memory block
*diffpointer to the diff which is an integer greater than, equal to or less than zero according to whether the object pointed to by dest is greater than, equal to or less than the object pointed to by src.
Precondition
Neither dest nor src shall be a null pointer.
Neither dmax nor smax shall be 0.
dmax shall not be greater than RSIZE_MAX_MEM.
smax shall not be greater than dmax.
Return values
EOKwhen operation is successful
ESNULLPwhen dst/src is NULL POINTER
ESZEROLwhen dmax/smax = ZERO
ESLEMAXwhen dmax/smax > RSIZE_MAX_MEM
ESNOSPCwhen dmax < smax
See also
memcmp16_s(), memcmp32_s()

◆ memcmp16_s()

EXTERN errno_t memcmp16_s ( const uint16_t *  dest,
rsize_t  dmax,
const uint16_t *  src,
rsize_t  smax,
int *  diff 
)

Compares memory until they differ, and their difference is returned in diff.

If the block of memory is the same, diff=0.

Remarks
EXTENSION TO ISO/IEC JTC1 SC22 WG14 N1172, Programming languages, environments and system software interfaces, Extensions to the C Library, Part I: Bounds-checking interfaces
Parameters
destpointer to memory to compare against
srcpointer to the source memory to compare with dest
dmaxmaximum length of dest, in bytess
smaxlength of the source memory block
*diffpointer to the diff which is an integer greater than, equal to or less than zero according to whether the object pointed to by dest is greater than, equal to or less than the object pointed to by src.
Precondition
Neither dest nor src shall be a null pointer.
Neither dmax nor smax shall be 0.
dmax shall not be greater than RSIZE_MAX_MEM.
smax shall not be greater than dmax.
Return values
EOKwhen operation is successful
ESNULLPwhen dst/src is NULL POINTER
ESZEROLwhen dmax/smax = ZERO
ESLEMAXwhen dmax/smax > RSIZE_MAX_MEM
ESNOSPCwhen dmax < smax
See also
memcmp_s(), memcmp32_s()

◆ memcmp32_s()

EXTERN errno_t memcmp32_s ( const uint32_t *  dest,
rsize_t  dmax,
const uint32_t *  src,
rsize_t  smax,
int *  diff 
)

Compares memory until they differ, and their difference is returned in diff.

If the block of memory is the same, diff=0.

Remarks
EXTENSION TO ISO/IEC JTC1 SC22 WG14 N1172, Programming languages, environments and system software interfaces, Extensions to the C Library, Part I: Bounds-checking interfaces
Parameters
destpointer to memory to compare against
srcpointer to the source memory to compare with dest
dmaxmaximum length of dest, in bytess
smaxlength of the source memory block
*diffpointer to the diff which is an integer greater than, equal to or less than zero according to whether the object pointed to by dest is greater than, equal to or less than the object pointed to by src.
Precondition
Neither dest nor src shall be a null pointer.
Neither dmax nor smax shall be 0.
dmax shall not be greater than RSIZE_MAX_MEM.
smax shall not be greater than dmax.
Return values
EOKwhen operation is successful
ESNULLPwhen dst/src is NULL POINTER
ESZEROLwhen dmax/smax = ZERO
ESLEMAXwhen dmax/smax > RSIZE_MAX_MEM
ESNOSPCwhen dmax < smax
See also
memcmp_s(), memcmp16_s()

◆ memcpy16_s()

EXTERN errno_t memcpy16_s ( uint16_t *  dest,
rsize_t  dmax,
const uint16_t *  src,
rsize_t  smax 
)

This function copies at most smax uint16_ts from src to dest, up to dmax.

Remarks
EXTENSION TO ISO/IEC JTC1 SC22 WG14 N1172, Programming languages, environments and system software interfaces, Extensions to the C Library, Part I: Bounds-checking interfaces
Parameters
[out]destpointer to the memory that will be replaced by src.
[in]dmaxmaximum length of the resulting dest, in bytes
[in]srcpointer to the memory that will be copied to dest
[in]smaxmaximum number bytes of src that can be copied
Precondition
Neither dest nor src shall be a null pointer.
Neither dmax nor smax shall be 0.
dmax shall not be greater than RSIZE_MAX_MEM16.
smax shall not be greater than dmax.
Copying shall not take place between regions that overlap.
Returns
If there is a runtime-constraint violation, the memcpy_s function stores zeros in the first dmax bytes of the region pointed to by dest if dest is not a null pointer and smax is valid.
Return values
EOKwhen operation is successful
ESNULLPwhen dst/src is NULL POINTER
ESZEROLwhen dmax = ZERO. Before C11 also with smax = ZERO
ESLEMAXwhen dmax/smax > RSIZE_MAX_MEM16
ESNOSPCwhen dmax < smax
ESOVRLPwhen src memory overlaps dst
See also
wmemcpy_s(), memcpy_s(), memcpy32_s(), wmemmove_s(), memmove16_s()

◆ memcpy32_s()

EXTERN errno_t memcpy32_s ( uint32_t *  dest,
rsize_t  dmax,
const uint32_t *  src,
rsize_t  smax 
)

This function copies at most smax uint32_ts from src to dest, up to dmax.

Remarks
EXTENSION TO ISO/IEC JTC1 SC22 WG14 N1172, Programming languages, environments and system software interfaces, Extensions to the C Library, Part I: Bounds-checking interfaces
Parameters
[out]destpointer to the memory that will be replaced by src.
[in]dmaxmaximum length of the resulting dest, in bytes
[in]srcpointer to the memory that will be copied to dest
[in]smaxmaximum number bytes of src that can be copied
Precondition
Neither dest nor src shall be a null pointer.
dmax shall not be 0.
dmax shall not be greater than RSIZE_MAX_MEM.
smax shall not be greater than dmax.
Copying shall not take place between regions that overlap.
Returns
If there is a runtime-constraint violation, the memcpy_s function stores zeros in the first dmax bytes of the region pointed to by dest if dest is not a null pointer and smax is valid.
Return values
EOKwhen operation is successful
ESNULLPwhen dst/src is NULL POINTER
ESZEROLwhen dmax = ZERO. Before C11 also with smax = ZERO
ESLEMAXwhen dmax/smax > RSIZE_MAX_MEM
ESNOSPCwhen dmax < smax
ESOVRLPwhen src memory overlaps dst
See also
memcpy_s(), memcpy16_s(), memmove_s(), memmove16_s(), memmove32_s()

◆ memmove16_s()

EXTERN errno_t memmove16_s ( uint16_t *  dest,
rsize_t  dmax,
const uint16_t *  src,
rsize_t  smax 
)

The memmove16_s function copies smax uint16_t from the region pointed to by src into the region pointed to by dest.

This copying takes place as if the smax uint16_t from the region pointed to by src are first copied into a temporary array of smax uint16_t that does not overlap the regions pointed to by dest or src, and then the smax uint16_t from the temporary array are copied into the region pointed to by dest.

Remarks
EXTENSION TO ISO/IEC JTC1 SC22 WG14 N1172, Programming languages, environments and system software interfaces, Extensions to the C Library, Part I: Bounds-checking interfaces
Parameters
[out]destpointer to the memory that will be replaced by src.
[in]dmaxmaximum length of the resulting dest, in bytes
[in]srcpointer to the memory that will be copied to dest
[in]smaxmaximum number bytes of src that can be copied
Precondition
Neither dest nor src shall be a null pointer.
dmax shall not be 0.
dmax shall not be greater than RSIZE_MAX_MEM.
smax shall not be greater than dmax.
Returns
If there is a runtime-constraint violation, the memmove_s function stores zeros in the first dmax characters of the region pointed to by dest if dest is not a null pointer and dmax is not greater than RSIZE_MAX_MEM.
Return values
EOKwhen operation is successful
ESNULLPwhen dst/src is NULL POINTER
ESZEROLwhen dmax = ZERO. Before C11 also with smax = ZERO
ESLEMAXwhen dmax/smax > RSIZE_MAX_MEM
ESNOSPCwhen dmax < smax
See also
memmove_s(), memmove32_s(), memcpy_s(), memcpy16_s() memcpy32_s()

◆ memmove32_s()

EXTERN errno_t memmove32_s ( uint32_t *  dest,
rsize_t  dmax,
const uint32_t *  src,
rsize_t  smax 
)

The memmove32_s function copies smax uint32_ts from the region pointed to by src into the region pointed to by dest.

This copying takes place as if the smax uint32_ts from the region pointed to by src are first copied into a temporary array of smax uint32_ts that does not overlap the regions pointed to by dest or src, and then the smax uint32_ts from the temporary array are copied into the region pointed to by dest.

Remarks
EXTENSION TO ISO/IEC JTC1 SC22 WG14 N1172, Programming languages, environments and system software interfaces, Extensions to the C Library, Part I: Bounds-checking interfaces
Parameters
[out]destpointer to the memory that will be replaced by src.
[in]dmaxmaximum length of the resulting dest, in bytes
[in]srcpointer to the memory that will be copied to dest
[in]smaxmaximum number bytes of src that can be copied
Precondition
Neither dest nor src shall be a null pointer.
dmax shall not be 0.
dmax shall not be greater than RSIZE_MAX_MEM.
smax shall not be greater than dmax.
Returns
If there is a runtime-constraint violation, the memmove_s function stores zeros in the first dmax characters of the region pointed to by dest if dest is not a null pointer and dmax is not greater than RSIZE_MAX_MEM.
Return values
EOKwhen operation is successful
ESNULLPwhen dst/src is NULL POINTER
ESZEROLwhen dmax = ZERO. Before C11 also with smax = ZERO
ESLEMAXwhen dmax/smax > RSIZE_MAX_MEM
ESNOSPCwhen dmax < smax
See also
memmove_s(), memmove16_s(), memcpy_s(), memcpy16_s() memcpy32_s()

◆ memset16_s()

EXTERN errno_t memset16_s ( uint16_t *  dest,
rsize_t  dmax,
uint16_t  value,
rsize_t  n 
)

Sets the first n uint16_t values starting at dest to the specified value, but maximal dmax bytes.

Remarks
EXTENSION TO ISO/IEC JTC1 SC22 WG14 N1172, Programming languages, environments and system software interfaces, Extensions to the C Library, Part I: Bounds-checking interfaces
Parameters
[out]destpointer to memory that will be set to the value
[in]dmaxmaximum number of bytes to be written
[in]valuebyte value to be written
[in]nnumber of short (2-byte) words to be set
Precondition
dest shall not be a null pointer.
dmax shall not be 0
dmax shall not be greater than RSIZE_MAX_MEM.
n shall not be greater than RSIZE_MAX_MEM16.
dmax*2 may not be smaller than n.
Returns
If there is a runtime-constraints violation, and if dest is not a null pointer, and if dmax is not larger than RSIZE_MAX_MEM, then, before reporting the runtime-constraints violation, memset16_s() copies dmax bytes to the destination.
Return values
EOKwhen operation is successful
ESNULLPwhen dest is NULL POINTER
ESZEROLOnly before C11 when n = ZERO
ESLEMAXwhen dmax > RSIZE_MAX_MEM
ESLEMAXwhen n > RSIZE_MAX_MEM16
ESNOSPCwhen dmax/2 < n
See also
memset_s(), memset32_s()

◆ memset32_s()

EXTERN errno_t memset32_s ( uint32_t *  dest,
rsize_t  dmax,
uint32_t  value,
rsize_t  n 
)

Sets len uint32_t starting at dest to the specified value.

Remarks
EXTENSION TO ISO/IEC JTC1 SC22 WG14 N1172, Programming languages, environments and system software interfaces, Extensions to the C Library, Part I: Bounds-checking interfaces
Parameters
[out]destpointer to memory that will be set to the value
[in]dmaxmaximum number of bytes to be written
[in]valuebyte value to be written
[in]nnumber of 4-byte words to be set
Precondition
dest shall not be a null pointer.
dmax shall not be 0
dmax shall not be greater than RSIZE_MAX_MEM.
n shall not be greater than RSIZE_MAX_MEM32.
dmax*4 may not be smaller than n.
Returns
If there is a runtime-constraints violation, and if dest is not a null pointer, and if dmax is not larger than RSIZE_MAX_MEM, then, before reporting the runtime-constraints violation, memset32_s() copies dmax bytes to the destination.
Return values
EOKwhen operation is successful
ESNULLPwhen dest is NULL POINTER
ESZEROLOnly before C11 when n = ZERO
ESLEMAXwhen dmax > RSIZE_MAX_MEM
ESLEMAXwhen n > RSIZE_MAX_MEM32
ESNOSPCwhen dmax/4 < n
See also
memset_s(), memset16_s()

◆ memzero_s()

EXTERN errno_t memzero_s ( void *  dest,
rsize_t  len 
)

Zeros len bytes starting at dest.

Remarks
EXTENSION TO ISO/IEC JTC1 SC22 WG14 N1172, Programming languages, environments and system software interfaces, Extensions to the C Library, Part I: Bounds-checking interfaces
Parameters
[out]destpointer to memory to be zeroed.
[in]lennumber of bytes to be zeroed
Precondition
dest shall not be a null pointer.
len shall not be 0 nor greater than RSIZE_MAX_MEM.
Returns
If there is a runtime constraint, the operation is not performed.
Return values
EOKwhen operation is successful
ESNULLPwhen dest is NULL POINTER
ESZEROLwhen len = ZERO
ESLEMAXwhen len > RSIZE_MAX_MEM
See also
memzero16_s(), memzero32_s()

◆ memzero16_s()

EXTERN errno_t memzero16_s ( uint16_t *  dest,
rsize_t  len 
)

Zeros len uint16_ts starting at dest.

Remarks
EXTENSION TO ISO/IEC JTC1 SC22 WG14 N1172, Programming languages, environments and system software interfaces, Extensions to the C Library, Part I: Bounds-checking interfaces
Parameters
[out]destpointer to memory to be zeroed.
[in]lennumber of uint16_ts to be zeroed
Precondition
dest shall not be a null pointer.
len shall not be 0 nor greater than RSIZE_MAX_MEM16.
Returns
If there is a runtime constraint, the operation is not performed.
Return values
EOKwhen operation is successful
ESNULLPwhen dest is NULL POINTER
ESZEROLwhen len = ZERO
ESLEMAXwhen len > RSIZE_MAX_MEM16
See also
memzero_s(), memzero32_s()

◆ memzero32_s()

EXTERN errno_t memzero32_s ( uint32_t *  dest,
rsize_t  len 
)

Zeros len uint32_ts starting at dest.

Remarks
EXTENSION TO ISO/IEC JTC1 SC22 WG14 N1172, Programming languages, environments and system software interfaces, Extensions to the C Library, Part I: Bounds-checking interfaces
Parameters
[out]destpointer to memory to be zeroed.
[in]lennumber of uint32_ts to be zeroed
Precondition
dest shall not be a null pointer.
len shall not be 0 nor greater than RSIZE_MAX_MEM32.
Returns
If there is a runtime constraint, the operation is not performed.
Return values
EOKwhen operation is successful
ESNULLPwhen dest is NULL POINTER
ESZEROLwhen len = ZERO
ESLEMAXwhen len > RSIZE_MAX_MEM32
See also
memzero_s(), memzero16_s()

◆ memchr_s()

EXTERN errno_t memchr_s ( const void *restrict  dest,
rsize_t  dlen,
const int  ch,
void **  result 
)

Finds the first occurrence of ch (after conversion to unsigned char as if by (unsigned char)ch) in the null-terminated buffer pointed to by dest (each character interpreted as unsigned char).

Remarks
IMPLEMENTED IN
Parameters
[in]destpointer to buffer to compare against
[in]dlenlength of dest to search in
[in]chcharacter to search for
[out]resultpointer to result in dest
Precondition
Neither dest nor result shall be a null pointer.
dlen shall not be 0.
dlen shall not be greater than RSIZE_MAX_MEM.
ch shall not be greater than 255
Return values
EOKwhen successfully character found.
ESNULLPwhen dest/result is a NULL pointer
ESZEROLwhen dlen = 0
ESLEMAXwhen dlen > RSIZE_MAX_STR
ESLEMAXwhen ch > 255
ESNOTFNDwhen ch not found in dest
See also
strchr_s(), strspn_s(), strcspn_s(), strpbrk_s(), strstr_s()

◆ memrchr_s()

EXTERN errno_t memrchr_s ( const void *restrict  dest,
rsize_t  dlen,
const int  ch,
void **  result 
)

Finds the last occurrence of ch (after conversion to char as if by (char)ch) in the null-terminated byte string pointed to by dest (each character interpreted as unsigned char).

The terminating null character is considered to be a part of the string and can be found when searching for '\0'.

Remarks
IMPLEMENTED IN
Parameters
[in]destpointer to string to compare against
[in]dlenrestricted maximum length of dest
[in]chcharacter to search for
[out]resultpointer to char* in dest
Precondition
Neither dest nor result shall be a null pointer.
dlen shall not be 0.
dlen shall not be greater than RSIZE_MAX_STR.
ch shall not be greater than 255
Return values
EOKwhen successfully character found.
ESNULLPwhen dest/result is a NULL pointer
ESZEROLwhen dlen = 0
ESLEMAXwhen dlen > RSIZE_MAX_STR
ESLEMAXwhen ch > 255
ESNOTFNDwhen ch not found in dest
See also
memrchr_s(), strchr_s(), memchr_s(), strspn_s(), strstr_s()

◆ timingsafe_bcmp()

EXTERN int timingsafe_bcmp ( const void *  b1,
const void *  b2,
size_t  n 
)

Compare all memory bytes.

Return 0 or not zero.

The running time is independent of the byte sequences compared, making them safe to use for comparing secret values such as cryptographic MACs. In contrast, bcmp(3) and memcmp(3) may short-circuit after finding the first differing byte.

Remarks
from OpenBSD
Parameters
b1pointer to memory to compare against
b2pointer to the source memory to compare with b1
nnumber of bytes to compare in both buffers
Precondition
Neither b1 nor b2 shall be a null pointer.
Return values
0if the buffers are equal, or not zero if they are not equal.
See also
memcmp_s(), timingsafe_memcmp()

◆ timingsafe_memcmp()

EXTERN int timingsafe_memcmp ( const void *  b1,
const void *  b2,
size_t  len 
)

Compare all memory bytes.

Return their difference sign (-1,0,1).

The running time is independent of the byte sequences compared, making them safe to use for comparing secret values such as cryptographic MACs. In contrast, bcmp(3) and memcmp(3) may short-circuit after finding the first differing byte.

Remarks
from OpenBSD
Parameters
b1pointer to memory to compare against
b2pointer to the source memory to compare with b1
lennumber of bytes to compare in both buffers
Precondition
Neither b1 nor b2 shall be a null pointer.
Return values
-1,0,or1
See also
memcmp_s(), timingsafe_bcmp()

◆ memccpy_s()

EXTERN errno_t memccpy_s ( void *  dest,
rsize_t  dmax,
const void *  src,
int  c,
rsize_t  n 
)

◆ wmemcpy_s()

EXTERN errno_t wmemcpy_s ( wchar_t *restrict  dest,
rsize_t  dmax,
const wchar_t *restrict  src,
rsize_t  smax 
)

◆ wmemmove_s()

EXTERN errno_t wmemmove_s ( wchar_t *  dest,
rsize_t  dmax,
const wchar_t *  src,
rsize_t  smax 
)

The wmemmove_s function copies smax wchar_t's from the region pointed to by src into the region pointed to by dest.

This copying takes place as if the smax wchar_ts from the region pointed to by src are first copied into a temporary array of smax wchar_ts that does not overlap the regions pointed to by dest or src, and then the smax wchar_ts from the temporary array are copied into the region pointed to by dest.

Remarks
EXTENSION TO
  • C11 standard (ISO/IEC 9899:2011): K.3.9.2.1.4 The wmemmove_s function (p: 642) http://en.cppreference.com/w/c/string/wide/wmemmove
  • ISO/IEC JTC1 SC22 WG14 N1172, Programming languages, environments and system software interfaces, Extensions to the C Library, Part I: Bounds-checking interfaces
Parameters
[out]destpointer to the memory that will be replaced by src.
[in]dmaxmaximum length of the resulting dest, in bytes
[in]srcpointer to the memory that will be copied to dest
[in]smaxmaximum number bytes of src that can be copied
Precondition
Neither dest nor src shall be a null pointer.
Neither dmax nor smax shall be 0.
dmax shall not be greater than RSIZE_MAX_MEM.
smax shall not be greater than dmax.
Returns
If there is a runtime-constraint violation, the memmove_s function stores zeros in the first dmax characters of the region pointed to by dest if dest is not a null pointer and dmax is not greater than RSIZE_MAX_MEM.
Return values
EOKwhen operation is successful
ESNULLPwhen dst/src is NULL POINTER
ESZEROLwhen dmax/smax = ZERO
ESLEMAXwhen dmax/smax > RSIZE_MAX_MEM
ESNOSPCwhen dmax < smax
See also
memmove_s(), memmove16_s(), memcpy_s(), memcpy16_s() memcpy32_s()

◆ wmemcmp_s()

EXTERN errno_t wmemcmp_s ( const wchar_t *  dest,
rsize_t  dmax,
const wchar_t *  src,
rsize_t  smax,
int *  diff 
)

Compares buffers of wide chars until they differ, and return 0 if the same or -1 or 1 in diff.

Remarks
EXTENSION TO ISO/IEC JTC1 SC22 WG14 N1172, Programming languages, environments and system software interfaces, Extensions to the C Library, Part I: Bounds-checking interfaces
Parameters
destpointer to wchar_t buffer to compare against
srcpointer to the source wchar_t buffer to compare with dest
dmaxmaximum length of dest, in number of wchar_t
smaxlength of the source memory block
*diffpointer to the diff which is -1, 0 or 1 according to whether the object pointed to by dest is greater than, equal to or less than the object pointed to by src. Note that musl returns the diff here.
Precondition
Neither dest nor src shall be a null pointer.
Neither dmax nor smax shall be 0.
dmax shall not be greater than RSIZE_MAX_WMEM.
smax shall not be greater than dmax.
Return values
EOKwhen operation is successful
ESNULLPwhen dest/src is NULL POINTER
ESZEROLwhen dmax/smax = ZERO
ESLEMAXwhen dmax/smax > RSIZE_MAX_WMEM
ESNOSPCwhen dmax < smax
See also
memcmp16_s(), memcmp32_s()