safec  3.5.1
Safe C Library - ISO TR24731 Bounds Checking Interface
safe_mem_lib.h File Reference
#include "safe_config.h"
#include "safe_lib_errno.h"
#include "safe_types.h"
#include "safe_compile.h"
#include <wchar.h>
+ Include dependency graph for safe_mem_lib.h:

Macros

#define EXTERN   extern
 
#define RSIZE_MAX_MEM16   (RSIZE_MAX_MEM / 2)
 
#define RSIZE_MAX_MEM32   (RSIZE_MAX_MEM / 4)
 
#define RSIZE_MAX_WMEM   (RSIZE_MAX_MEM / sizeof(wchar_t))
 
#define memcpy_s(dest, dmax, src, slen)   _memcpy_s_chk(dest, dmax, src, slen, BOS(dest), BOS(src))
 This function copies at most slen bytes from src to dest, up to dmax resp. More...
 
#define memmove_s(dest, dmax, src, slen)   _memmove_s_chk(dest, dmax, src, slen, BOS(dest), BOS(src))
 The memmove_s function copies slen bytes from the region pointed to by src into the region pointed to by dest. More...
 
#define memset_s(dest, dmax, value, n)   _memset_s_chk(dest, dmax, value, n, BOS(dest))
 Sets the first n bytes starting at dest to the specified value, but maximal dmax bytes. More...
 
#define memset16_s(dest, dmax, value, n)   _memset16_s_chk(dest, dmax, value, n, BOS(dest))
 Sets the first n uint16_t values starting at dest to the specified value, but maximal dmax bytes. More...
 
#define memset32_s(dest, dmax, value, n)   _memset32_s_chk(dest, dmax, value, n, BOS(dest))
 Sets n uint32_t values starting at dest to the specified value, but maximal dmax bytes. More...
 
#define memcmp_s(dest, dmax, src, slen, diff)   _memcmp_s_chk(dest, dmax, src, slen, diff, BOS(dest), BOS(src))
 Compares memory until they differ, and their difference sign (-1,0,1) is returned in diff. More...
 
#define memcmp16_s(dest, dlen, src, slen, diff)   _memcmp16_s_chk(dest, dlen, src, slen, diff, BOS(dest), BOS(src))
 Compares memory in uint16_t slices until they differ, and their difference is returned in diff. More...
 
#define memcmp32_s(dest, dlen, src, slen, diff)   _memcmp32_s_chk(dest, dlen, src, slen, diff, BOS(dest), BOS(src))
 Compares memory in uint32_t slices until they differ, and their difference is returned in diff. More...
 
#define memcpy16_s(dest, dmax, src, slen)   _memcpy16_s_chk(dest, dmax, src, slen, BOS(dest), BOS(src))
 This function copies at most slen uint16_t's from src to dest, up to dmax bytes. More...
 
#define memcpy32_s(dest, dmax, src, slen)   _memcpy32_s_chk(dest, dmax, src, slen, BOS(dest), BOS(src))
 This function copies at most slen uint32_t's from src to dest, up to dmax. More...
 
#define memmove16_s(dest, dmax, src, slen)   _memmove16_s_chk(dest, dmax, src, slen, BOS(dest), BOS(src))
 The memmove16_s function copies slen uint16_t from the region pointed to by src into the region pointed to by dest. More...
 
#define memmove32_s(dest, dmax, src, slen)   _memmove32_s_chk(dest, dmax, src, slen, BOS(dest), BOS(src))
 The memmove32_s function copies slen uint32_t's from the region pointed to by src into the region pointed to by dest. More...
 
#define memzero_s(dest, len)   _memzero_s_chk(dest, len, BOS(dest))
 Zeros len bytes starting at dest. More...
 
#define memzero16_s(dest, len)   _memzero16_s_chk(dest, len, BOS(dest))
 
 Zeros len uint16_t's starting at dest.
More...
 
#define memzero32_s(dest, len)   _memzero32_s_chk(dest, len, BOS(dest))
 Zeros len uint32_t's starting at dest. More...
 
#define memchr_s(dest, dmax, ch, result)   _memchr_s_chk(dest, dmax, ch, result, BOS(dest))
 Finds the first occurrence of ch (after conversion to unsigned char as if by (unsigned char)ch) in the null-terminated buffer pointed to by dest (each character interpreted as unsigned char). More...
 
#define memrchr_s(dest, dmax, ch, result)   _memrchr_s_chk(dest, dmax, ch, result, BOS(dest))
 Finds the last occurrence of ch (after conversion to char as if by (char)ch) in the null-terminated byte string pointed to by dest (each character interpreted as unsigned char). More...
 
#define timingsafe_bcmp(b1, b2, n)   _timingsafe_bcmp_chk(b1, b2, n, BOS(b1), BOS(b2))
 Compare all memory bytes. More...
 
#define timingsafe_memcmp(b1, b2, len)   _timingsafe_memcmp_chk(b1, b2, len, BOS(b1), BOS(b2))
 Compare all memory bytes. More...
 
#define memccpy_s(dest, dmax, src, c, n)   _memccpy_s_chk(dest, dmax, src, c, n, BOS(dest), BOS(src))
 memccpy_s copies no more than n bytes from memory area src to memory area dest, stopping when the character c is found. More...
 
#define wmemcpy_s(dest, dlen, src, count)   _wmemcpy_s_chk(dest, dlen, src, count, BOS(dest), BOS(src))
 This function copies at most count wchar_t's from src to dest, up to dlen. More...
 
#define wmemmove_s(dest, dlen, src, count)   _wmemmove_s_chk(dest, dlen, src, count, BOS(dest), BOS(src))
 The wmemmove_s function copies count wchar_t's from the region pointed to by src into the region pointed to by dest. More...
 
#define wmemcmp_s(dest, dlen, src, slen, diff)   _wmemcmp_s_chk(dest, dlen, src, slen, diff, BOS(dest), BOS(src))
 Compares buffers of wide chars until they differ, and return 0 if the same or -1 or 1 in diff. More...
 

Functions

EXTERN constraint_handler_t set_mem_constraint_handler_s (constraint_handler_t handler)
 The set_mem_constraint_handler_s function sets the runtime-constraint handler to be handler. More...
 
EXTERN errno_t _memcpy_s_chk (void *restrict dest, rsize_t dmax, const void *restrict src, rsize_t slen, const size_t destbos, const size_t srcbos) BOS_CHK_BUTZERO(dest
 
EXTERN errno_t slen BOS_OVR2_BUTZERO (src, slen) BOS_ATTR(_BOS_KNOWN(dest) &&_BOS_KNOWN(src) &&((dest > src &&(char *) dest<(char *) src+slen)||(src > dest &&(char *) src<(char *) dest+dmax))
 
EXTERN errno_t _memmove_s_chk (void *dest, rsize_t dmax, const void *src, rsize_t slen, const size_t destbos, const size_t srcbos) BOS_CHK_BUTZERO(dest
 
EXTERN errno_t slen BOS_OVR2_BUTZERO (src, slen) VAL_OVR2_BUTZERO(slen
 
EXTERN errno_t _memset_s_chk (void *dest, rsize_t dmax, int value, rsize_t n, const size_t destbos) BOS_NULL(dest) BOS_ATTR(n &&(_BOS_OVR(dest
 
EXTERN errno_t n n n overflow dest dmax VAL_OVR2 (value, 255)
 
EXTERN errno_t _memset16_s_chk (uint16_t *dest, rsize_t dmax, uint16_t value, rsize_t n, const size_t destbos) BOS_NULL(dest) BOS_ATTR(n &&(_BOS_OVR(dest
 
EXTERN errno_t _memset32_s_chk (uint32_t *dest, rsize_t dmax, uint32_t value, rsize_t n, const size_t destbos) BOS_NULL(dest) BOS_ATTR(n &&(_BOS_OVR(dest
 
EXTERN errno_t _memcmp_s_chk (const void *dest, rsize_t dmax, const void *src, rsize_t slen, int *diff, const size_t destbos, const size_t srcbos) BOS_CHK(dest) BOS_OVR2(src
 
EXTERN errno_t slen BOS_NULL (diff) BOS_ATTR(!slen
 
EXTERN errno_t slen empty slen VAL_OVR2_BUTZERO (slen, dmax)
 
EXTERN errno_t _memcmp16_s_chk (const uint16_t *dest, rsize_t dlen, const uint16_t *src, rsize_t slen, int *diff, const size_t destbos, const size_t srcbos) BOS_CHK2(dest
 
EXTERN errno_t dlenBOS_CHK2 (src, slen *2) BOS_NULL(diff) VAL_OVR2_BUTZERO(slen
 
EXTERN errno_t _memcmp32_s_chk (const uint32_t *dest, rsize_t dlen, const uint32_t *src, rsize_t slen, int *diff, const size_t destbos, const size_t srcbos) BOS_CHK2(dest
 
EXTERN errno_t _memcpy16_s_chk (uint16_t *dest, rsize_t dmax, const uint16_t *src, rsize_t slen, const size_t destbos, const size_t srcbos) BOS_CHK_BUTZERO(dest
 
EXTERN errno_t _memcpy32_s_chk (uint32_t *dest, rsize_t dmax, const uint32_t *src, rsize_t slen, const size_t destbos, const size_t srcbos) BOS_CHK_BUTZERO(dest
 
EXTERN errno_t _memmove16_s_chk (uint16_t *dest, rsize_t dmax, const uint16_t *src, rsize_t slen, const size_t destbos, const size_t srcbos) BOS_CHK_BUTZERO(dest
 
EXTERN errno_t _memmove32_s_chk (uint32_t *dest, rsize_t dmax, const uint32_t *src, rsize_t slen, const size_t destbos, const size_t srcbos) BOS_CHK_BUTZERO(dest
 
EXTERN errno_t _memzero_s_chk (void *dest, rsize_t dmax, const size_t destbos) BOS_CHK(dest)
 
EXTERN errno_t _memzero16_s_chk (uint16_t *dest, rsize_t len, const size_t destbos) BOS_CHK2(dest
 
EXTERN errno_t _memzero32_s_chk (uint32_t *dest, rsize_t len, const size_t destbos) BOS_CHK2(dest
 
EXTERN errno_t _memchr_s_chk (const void *restrict dest, rsize_t dmax, const int ch, void **result, const size_t destbos) BOS_CHK(dest) VAL_OVR2(ch
 
EXTERN errno_t BOS_NULL (result)
 
EXTERN errno_t _memrchr_s_chk (const void *restrict dest, rsize_t dmax, const int ch, void **result, const size_t destbos) BOS_CHK(dest) VAL_OVR2(ch
 
EXTERN int _timingsafe_bcmp_chk (const void *b1, const void *b2, size_t n, const size_t destbos, const size_t srcbos) BOS_OVR2(b1
 
EXTERN int n BOS_OVR2 (b2, n)
 
EXTERN int _timingsafe_memcmp_chk (const void *b1, const void *b2, size_t len, const size_t destbos, const size_t srcbos) BOS_OVR2(b1
 
EXTERN int len BOS_OVR2 (b2, len)
 
EXTERN errno_t _memccpy_s_chk (void *dest, rsize_t dmax, const void *src, int c, rsize_t n, const size_t destbos, const size_t srcbos) BOS_CHK(dest) BOS_OVR2(src
 
EXTERN errno_tVAL_OVR2 (c, 255) VAL_OVR2_BUTZERO(n
 
EXTERN errno_t _wmemcpy_s_chk (wchar_t *restrict dest, rsize_t dmax, const wchar_t *restrict src, rsize_t smax, const size_t destbos, const size_t srcbos) BOSW_CHK_BUTZERO(dest
 
EXTERN errno_t smax BOSW_OVR2_BUTZERO (src, smax)
 
EXTERN errno_t _wmemmove_s_chk (wchar_t *dest, rsize_t dmax, const wchar_t *src, rsize_t smax, const size_t destbos, const size_t srcbos) BOSW_CHK_BUTZERO(dest
 
EXTERN errno_t _wmemcmp_s_chk (const wchar_t *dest, rsize_t dmax, const wchar_t *src, rsize_t slen, int *diff, const size_t destbos, const size_t srcbos) BOSW_CHK(dest) BOSW_CHK2(src
 

Variables

EXTERN errno_t slen dest overlaps with src
 
EXTERN errno_t slen dmax
 
EXTERN errno_t dlen dlen
 

Macro Definition Documentation

◆ EXTERN

#define EXTERN   extern

◆ RSIZE_MAX_MEM16

#define RSIZE_MAX_MEM16   (RSIZE_MAX_MEM / 2)

◆ RSIZE_MAX_MEM32

#define RSIZE_MAX_MEM32   (RSIZE_MAX_MEM / 4)

◆ RSIZE_MAX_WMEM

#define RSIZE_MAX_WMEM   (RSIZE_MAX_MEM / sizeof(wchar_t))

◆ memcpy_s

#define memcpy_s (   dest,
  dmax,
  src,
  slen 
)    _memcpy_s_chk(dest, dmax, src, slen, BOS(dest), BOS(src))

This function copies at most slen bytes from src to dest, up to dmax resp.

sizeof(dest). If slen is zero, the function does nothing.

Remarks
SPECIFIED IN
  • C11 standard (ISO/IEC 9899:2011): K.3.7.1.1 The memcpy_s function (p: 614) http://en.cppreference.com/w/c/string/byte/memcpy
  • ISO/IEC JTC1 SC22 WG14 N1172, Programming languages, environments and system software interfaces, Extensions to the C Library, Part I: Bounds-checking interfaces
Parameters
[out]destpointer to the memory that will be replaced by src.
[in]dmaxmaximum length of the resulting dest, in bytes
[in]srcpointer to the memory that will be copied to dest
[in]slenmaximum number bytes of src that can be copied
Precondition
Neither dest nor src shall be a null pointer.
dmax shall not be 0.
dmax shall not be greater than RSIZE_MAX_MEM or size of dest.
slen shall not be greater than RSIZE_MAX_MEM or size of src.
slen shall not be greater than dmax.
Copying shall not take place between regions that overlap.
Note
C11 uses RSIZE_MAX, not RSIZE_MAX_MEM.
Returns
If there is a runtime-constraint violation, the memcpy_s function stores zeros in the first dmax bytes of the region pointed to by dest if dest is not a null pointer and slen is valid.
Return values
EOKwhen operation is successful or slen = 0
ESNULLPwhen dest/src is NULL POINTER
ESZEROLwhen dmax = 0
ESLEMAXwhen dmax/slen > RSIZE_MAX_MEM
EOVERFLOWwhen dmax/slen > size of dest/src (optionally, when the compiler knows the object_size statically)
ESLEWRNGwhen dmax != size of dest and –enable-error-dmax
ESNOSPCwhen dmax < slen
ESOVRLPwhen src memory overlaps dst
See also
memcpy16_s(), memcpy32_s(), memmove_s(), memmove16_s(), memmove32_s()

◆ memmove_s

#define memmove_s (   dest,
  dmax,
  src,
  slen 
)    _memmove_s_chk(dest, dmax, src, slen, BOS(dest), BOS(src))

The memmove_s function copies slen bytes from the region pointed to by src into the region pointed to by dest.

If slen is zero, the function does nothing.

This copying takes place as if the slen bytes from the region pointed to by src are first copied into a temporary array of slen bytes that does not overlap the region pointed to by dest or src, and then the slen bytes from the temporary array are copied into the object region to by dest.

Remarks
SPECIFIED IN
  • C11 standard (ISO/IEC 9899:2011): K.3.7.1.2 The memmove_s function (p: 615) http://en.cppreference.com/w/c/string/byte/memmove
  • ISO/IEC TR 24731, Programming languages, environments and system software interfaces, Extensions to the C Library, Part I: Bounds-checking interfaces
Parameters
[out]destpointer to the memory that will be replaced by src.
[in]dmaxmaximum length of the resulting dest, in bytes
[in]srcpointer to the memory that will be copied to dest
[in]slenmaximum number bytes of src that can be copied
Precondition
Neither dest nor src shall be a null pointer.
dmax shall not be 0.
dmax shall not be greater than RSIZE_MAX_MEM and size of dest.
slen shall not be greater than RSIZE_MAX_MEM and size of src.
slen shall not be greater than dmax.
Note
C11 uses RSIZE_MAX, not RSIZE_MAX_MEM.
Returns
If there is a runtime-constraint violation, the memmove_s function stores zeros in the first dmax characters of the region pointed to by dest if dest is not a null pointer and dmax is valid.
Return values
EOKwhen operation is successful or slen = 0
ESNULLPwhen dest/src is NULL POINTER
ESZEROLwhen dmax = 0
ESLEMAXwhen dmax/slen > RSIZE_MAX_MEM
EOVERFLOWwhen dmax/slen > size of dest/src (optionally, when the compiler knows the object_size statically)
ESLEWRNGwhen dmax != size of dest and –enable-error-dmax
ESNOSPCwhen dmax < slen
See also
memmove16_s(), memmove32_s(), memcpy_s(), memcpy16_s() memcpy32_s()

◆ memset_s

#define memset_s (   dest,
  dmax,
  value,
 
)    _memset_s_chk(dest, dmax, value, n, BOS(dest))

Sets the first n bytes starting at dest to the specified value, but maximal dmax bytes.

Remarks
SPECIFIED IN
  • C11 standard (ISO/IEC 9899:2011): K.3.7.4.1 The memset_s function (p: 621-622) http://en.cppreference.com/w/c/string/byte/memset
  • ISO/IEC JTC1 SC22 WG14 N1172, Programming languages, environments and system software interfaces, Extensions to the C Library, Part I: Bounds-checking interfaces
Parameters
[out]destpointer to memory that will be set to the value
[in]dmaxmaximum number of bytes to be written
[in]valuebyte value to be written
[in]nnumber of bytes to be set
Precondition
dest shall not be a null pointer.
dmax and n shall not be greater than RSIZE_MAX_MEM or sizeof(dest).
value shall not be greater than 255.
dmax may not be smaller than n.
Note
The behavior is undefined if the size of the character array pointed to by dest < count <= dmax; in other words, an erroneous value of dmax does not expose the impending buffer overflow.
C11 uses RSIZE_MAX, not RSIZE_MAX_MEM.
memset_s provides a memory barrier for modern out-of-order CPU's to ensure a cache flush or at least a compiler barrier fallback to ensure that is not optimized away by optimizing compilers.
Returns
If there is a runtime-constraints violation, and if dest is not a null pointer, and if dmax is not too large, then, before reporting the runtime-constraints violation, memset_s() copies dmax bytes to the destination.
Return values
EOKwhen operation is successful or n = 0
ESNULLPwhen dest is NULL pointer
ESLEMAXwhen dmax/n > RSIZE_MAX_MEM or value > 255
EOVERFLOWwhen dmax > size of dest (optionally, when the compiler knows the object_size statically)
ESLEWRNGwhen dmax != sizeof(dest) and –enable-error-dmax
ESNOSPCwhen dmax < n
See also
memset16_s(), memset32_s()

◆ memset16_s

#define memset16_s (   dest,
  dmax,
  value,
 
)    _memset16_s_chk(dest, dmax, value, n, BOS(dest))

Sets the first n uint16_t values starting at dest to the specified value, but maximal dmax bytes.

Remarks
EXTENSION TO ISO/IEC JTC1 SC22 WG14 N1172, Programming languages, environments and system software interfaces, Extensions to the C Library, Part I: Bounds-checking interfaces
Parameters
[out]destpointer to memory that will be set to the value
[in]dmaxmaximum number of bytes to be written
[in]valuebyte value to be written
[in]nnumber of short (2-byte) words to be set
Precondition
dest shall not be a null pointer.
dmax shall not be 0
dmax shall not be greater than RSIZE_MAX_MEM or size of dest.
n shall not be greater than RSIZE_MAX_MEM16.
2*n may not be greater than dmax
Returns
If there is a runtime-constraints violation, and if dest is not a null pointer, and if dmax is not larger than RSIZE_MAX_MEM, then, before reporting the runtime-constraints violation, memset16_s() copies dmax bytes to the destination.
Return values
EOKwhen operation is successful or n = 0
ESNULLPwhen dest is NULL POINTER
ESLEMAXwhen dmax > RSIZE_MAX_MEM
EOVERFLOWwhen dmax > size of dest (optionally, when the compiler knows the object_size statically)
ESLEWRNGwhen dmax != size of dest and –enable-error-dmax
ESLEMAXwhen n > RSIZE_MAX_MEM16
ESNOSPCwhen 2*n > dmax
See also
memset_s(), memset32_s()

◆ memset32_s

#define memset32_s (   dest,
  dmax,
  value,
 
)    _memset32_s_chk(dest, dmax, value, n, BOS(dest))

Sets n uint32_t values starting at dest to the specified value, but maximal dmax bytes.

Remarks
EXTENSION TO ISO/IEC JTC1 SC22 WG14 N1172, Programming languages, environments and system software interfaces, Extensions to the C Library, Part I: Bounds-checking interfaces
Parameters
[out]destpointer to memory that will be set to the value
[in]dmaxmaximum number of bytes to be written
[in]valuebyte value to be written
[in]nnumber of 4-byte words to be set
Precondition
dest shall not be a null pointer.
dmax shall not be 0
dmax shall not be greater than RSIZE_MAX_MEM or size of dest.
n shall not be greater than RSIZE_MAX_MEM32.
4*n may not be greater than dmax.
Returns
If there is a runtime-constraints violation, and if dest is not a null pointer, and if dmax is not larger than RSIZE_MAX_MEM, then, before reporting the runtime-constraints violation, memset32_s() copies dmax bytes to the destination.
Return values
EOKwhen operation is successful or n = 0
ESNULLPwhen dest is NULL POINTER
ESLEMAXwhen dmax > RSIZE_MAX_MEM
EOVERFLOWwhen dmax > size of dest (optionally, when the compiler knows the object_size statically)
ESLEWRNGwhen dmax != size of dest and –enable-error-dmax
ESLEMAXwhen n > RSIZE_MAX_MEM32
ESNOSPCwhen 4*n > dmax
See also
memset_s(), memset16_s()

◆ memcmp_s

#define memcmp_s (   dest,
  dmax,
  src,
  slen,
  diff 
)    _memcmp_s_chk(dest, dmax, src, slen, diff, BOS(dest), BOS(src))

Compares memory until they differ, and their difference sign (-1,0,1) is returned in diff.

If the block of memory is the same, *diff=0.

Remarks
EXTENSION TO ISO/IEC JTC1 SC22 WG14 N1172, Programming languages, environments and system software interfaces, Extensions to the C Library, Part I: Bounds-checking interfaces
Parameters
destpointer to memory to compare against
srcpointer to the source memory to compare with dest
dmaxmaximum length of dest, in bytes
slenlength of the source memory block
*diffpointer to the diff which is an integer greater than, equal to or less than zero according to whether the object pointed to by dest is greater than, equal to or less than the object pointed to by src.
Precondition
Neither dest nor src shall be a null pointer.
Neither dmax nor slen shall be 0.
dmax shall not be greater than RSIZE_MAX_MEM or size of dest
slen shall not be greater than dmax or size of src
Return values
EOKwhen operation is successful
ESNULLPwhen dst/src is NULL POINTER
ESZEROLwhen dmax/slen = ZERO
ESLEMAXwhen dmax/slen > RSIZE_MAX_MEM
EOVERFLOWwhen dmax/slen > size of dest/src (optionally, when the compiler knows the object_size statically)
ESLEWRNGwhen dmax/slen != size of dest/src and –enable-error-dmax
ESNOSPCwhen dmax < slen
See also
memcmp16_s(), memcmp32_s()

◆ memcmp16_s

#define memcmp16_s (   dest,
  dlen,
  src,
  slen,
  diff 
)    _memcmp16_s_chk(dest, dlen, src, slen, diff, BOS(dest), BOS(src))

Compares memory in uint16_t slices until they differ, and their difference is returned in diff.

If the block of memory is the same, diff=0.

Remarks
EXTENSION TO ISO/IEC JTC1 SC22 WG14 N1172, Programming languages, environments and system software interfaces, Extensions to the C Library, Part I: Bounds-checking interfaces
Parameters
destpointer to memory to compare against
dlenmaximum length of dest, in uint16_t's
srcpointer to the source memory to compare with dest
slennumber of uint16_t's from source to be compared
*diffpointer to the diff which is an integer greater than, equal to or less than zero according to whether the object pointed to by dest is greater than, equal to or less than the object pointed to by src.
Precondition
Neither dest nor src shall be a null pointer.
Neither dlen nor slen shall be 0.
dlen shall not be greater than RSIZE_MAX_MEM16 and sizeof(dest)/2
slen shall not be greater than RSIZE_MAX_MEM16 and sizeof(src)/2
slen shall not be greater than dlen and sizeof(dest)/2
Return values
EOKwhen operation is successful
ESNULLPwhen dest/src is NULL POINTER
ESZEROLwhen dlen/slen = ZERO
ESLEMAXwhen dlen/slen > RSIZE_MAX_MEM16
EOVERFLOWwhen 2*dlen/slen > size of dest/src (optionally, when the compiler knows the object_size statically)
ESLEWRNGwhen 2*dlen/slen != sizeof(dest/src) and –enable-error-dmax
ESNOSPCwhen dlen < slen
See also
memcmp_s(), memcmp32_s()

◆ memcmp32_s

#define memcmp32_s (   dest,
  dlen,
  src,
  slen,
  diff 
)    _memcmp32_s_chk(dest, dlen, src, slen, diff, BOS(dest), BOS(src))

Compares memory in uint32_t slices until they differ, and their difference is returned in diff.

If the whole block of memory is the same, diff=0.

Remarks
EXTENSION TO ISO/IEC JTC1 SC22 WG14 N1172, Programming languages, environments and system software interfaces, Extensions to the C Library, Part I: Bounds-checking interfaces
Parameters
destpointer to memory to compare against
dlenmaximum length of dest, in uint32_t's
srcpointer to the source memory to compare with dest
slennumber of uint32_t's from source to be compared
*diffpointer to the diff which is an integer greater than, equal to or less than zero according to whether the object pointed to by dest is greater than, equal to or less than the object pointed to by src.
Precondition
Neither dest nor src shall be a null pointer.
Neither dlen nor slen shall be 0.
dlen shall not be greater than RSIZE_MAX_MEM32 and sizeof(dest).
slen shall not be greater than dlen/4.
Return values
EOKwhen operation is successful
ESNULLPwhen dest/src is NULL POINTER
ESZEROLwhen dlen/slen = ZERO
ESLEMAXwhen dlen/slen > RSIZE_MAX_MEM32 or > sizeof(dest/src)/4
EOVERFLOWwhen 4*dlen/slen > size of dest/src (optionally, when the compiler knows the object_size statically)
ESLEWRNGwhen 4*dlen/slen != sizeof(dest/src) and –enable-error-dmax
ESNOSPCwhen dlen < slen
See also
memcmp_s(), memcmp16_s()

◆ memcpy16_s

#define memcpy16_s (   dest,
  dmax,
  src,
  slen 
)    _memcpy16_s_chk(dest, dmax, src, slen, BOS(dest), BOS(src))

This function copies at most slen uint16_t's from src to dest, up to dmax bytes.

Remarks
EXTENSION TO ISO/IEC JTC1 SC22 WG14 N1172, Programming languages, environments and system software interfaces, Extensions to the C Library, Part I: Bounds-checking interfaces
Parameters
[out]destpointer to the memory that will be replaced by src.
[in]dmaxmaximum length of the resulting dest, in bytes
[in]srcpointer to the memory that will be copied to dest
[in]slennumber of uint16_t's to be copied
Precondition
Neither dest nor src shall be a null pointer.
dmax shall not be 0.
dmax shall not be greater than RSIZE_MAX_MEM and sizeof(dest)
2*slen shall not be greater than RSIZE_MAX_MEM and sizeof(src)
2*slen shall not be greater than dmax.
Copying shall not take place between regions that overlap.
Returns
If there is a runtime-constraint violation, memcpy16_s stores zeros in the first dmax bytes of the region pointed to by dest if dest and dmax are valid.
Return values
EOKwhen operation is successful or slen = 0
ESNULLPwhen dest/src is NULL POINTER
ESZEROLwhen dmax = ZERO
ESLEMAXwhen dmax > RSIZE_MAX_MEM
EOVERFLOWwhen dmax > size of dest (optionally, when the compiler knows the object_size statically)
ESLEWRNGwhen dmax != sizeof(dest) and –enable-error-dmax
ESLEMAXwhen slen > RSIZE_MAX_MEM16
EOVERFLOWwhen 2*slen > size of src (optionally, when the compiler knows the object_size statically)
ESNOSPCwhen 2*slen > dmax
ESOVRLPwhen src memory overlaps dest
See also
wmemcpy_s(), memcpy_s(), memcpy32_s(), wmemmove_s(), memmove16_s()

◆ memcpy32_s

#define memcpy32_s (   dest,
  dmax,
  src,
  slen 
)    _memcpy32_s_chk(dest, dmax, src, slen, BOS(dest), BOS(src))

This function copies at most slen uint32_t's from src to dest, up to dmax.

Remarks
EXTENSION TO ISO/IEC JTC1 SC22 WG14 N1172, Programming languages, environments and system software interfaces, Extensions to the C Library, Part I: Bounds-checking interfaces
Parameters
[out]destpointer to the memory that will be replaced by src.
[in]dmaxmaximum length of the resulting dest, in bytes
[in]srcpointer to the memory that will be copied to dest
[in]slennumber of uint32_t's to be copied
Precondition
Neither dest nor src shall be a null pointer.
dmax shall not be 0.
dmax shall not be greater than RSIZE_MAX_MEM and sizeof(dest)
slen shall not be greater than RSIZE_MAX_MEM32 and sizeof(src)
slen shall not be greater than dmax/4.
Copying shall not take place between regions that overlap.
Returns
If there is a runtime-constraint violation, memcpy32_s stores zeros in the first dmax bytes of the region pointed to by dest if dest and dmax are valid.
Return values
EOKwhen operation is successful or slen = 0
ESNULLPwhen dest/src is NULL POINTER
ESZEROLwhen dmax = ZERO
ESLEMAXwhen dmax > RSIZE_MAX_MEM
EOVERFLOWwhen dmax > size of dest (optionally, when the compiler knows the object_size statically)
ESLEWRNGwhen dmax != sizeof(dest) and –enable-error-dmax
ESLEMAXwhen slen > RSIZE_MAX_MEM32
EOVERFLOWwhen 4*slen > size of src (optionally, when the compiler knows the object_size statically)
ESNOSPCwhen 4*slen > dmax
ESOVRLPwhen src memory overlaps dest
See also
memcpy_s(), memcpy16_s(), memmove_s(), memmove16_s(), memmove32_s()

◆ memmove16_s

#define memmove16_s (   dest,
  dmax,
  src,
  slen 
)    _memmove16_s_chk(dest, dmax, src, slen, BOS(dest), BOS(src))

The memmove16_s function copies slen uint16_t from the region pointed to by src into the region pointed to by dest.

This copying takes place as if the slen uint16_t from the region pointed to by src are first copied into a temporary array of slen uint16_t that does not overlap the regions pointed to by dest or src, and then the slen uint16_t from the temporary array are copied into the region pointed to by dest.

Remarks
EXTENSION TO ISO/IEC JTC1 SC22 WG14 N1172, Programming languages, environments and system software interfaces, Extensions to the C Library, Part I: Bounds-checking interfaces
Parameters
[out]destpointer to the memory that will be replaced by src.
[in]dmaxmaximum length of the resulting dest, in bytes
[in]srcpointer to the memory that will be copied to dest
[in]slennumber of uint16_t's to be copied
Precondition
Neither dest nor src shall be a null pointer.
dmax shall not be 0.
dmax shall not be greater than RSIZE_MAX_MEM or size of dest.
2*slen shall not be greater than dmax and size of src.
Returns
If there is a runtime-constraint violation, memmove16_s stores zeros in the first dmax bytes of the region pointed to by dest if dest and dmax are valid.
Return values
EOKwhen operation is successful or slen = 0
ESNULLPwhen dest/src is NULL POINTER
ESZEROLwhen dmax = ZERO
ESLEMAXwhen dmax > RSIZE_MAX_MEM
EOVERFLOWwhen dmax > size of dest (optionally, when the compiler knows the object_size statically)
ESLEWRNGwhen dmax != sizeof(dest) and –enable-error-dmax
ESLEMAXwhen slen > RSIZE_MAX_MEM16
EOVERFLOWwhen 2*slen > size of src (optionally, when the compiler knows the object_size statically)
ESNOSPCwhen 2*slen > dmax
See also
memmove_s(), memmove32_s(), memcpy_s(), memcpy16_s() memcpy32_s()

◆ memmove32_s

#define memmove32_s (   dest,
  dmax,
  src,
  slen 
)    _memmove32_s_chk(dest, dmax, src, slen, BOS(dest), BOS(src))

The memmove32_s function copies slen uint32_t's from the region pointed to by src into the region pointed to by dest.

This copying takes place as if the slen uint32_t's from the region pointed to by src are first copied into a temporary array of slen uint32_t's that does not overlap the regions pointed to by dest or src, and then the slen uint32_t's from the temporary array are copied into the region pointed to by dest.

Remarks
EXTENSION TO ISO/IEC JTC1 SC22 WG14 N1172, Programming languages, environments and system software interfaces, Extensions to the C Library, Part I: Bounds-checking interfaces
Parameters
[out]destpointer to the memory that will be replaced by src.
[in]dmaxmaximum length of the resulting dest, in bytes
[in]srcpointer to the memory that will be copied to dest
[in]slennumber of uint32_t's to be copied
Precondition
Neither dest nor src shall be a null pointer.
dmax shall not be 0.
dmax shall not be greater than RSIZE_MAX_MEM and size of dest.
4*slen shall not be greater than dmax and size of src
Returns
If there is a runtime-constraint violation, memmove32_s stores zeros in the first dmax bytes of the region pointed to by dest if dest and dmax are valid.
Return values
EOKwhen operation is successful or slen = 0
ESNULLPwhen dest/src is NULL POINTER
ESZEROLwhen dmax = ZERO
ESLEMAXwhen dmax > RSIZE_MAX_MEM
EOVERFLOWwhen dmax > size of dest (optionally, when the compiler knows the object_size statically)
ESLEWRNGwhen dmax != sizeof(dest) and –enable-error-dmax
ESLEMAXwhen slen > RSIZE_MAX_MEM32
EOVERFLOWwhen 4*slen > size of src (optionally, when the compiler knows the object_size statically)
ESNOSPCwhen 4*slen > dmax
See also
memmove_s(), memmove16_s(), memcpy_s(), memcpy16_s() memcpy32_s()

◆ memzero_s

#define memzero_s (   dest,
  len 
)    _memzero_s_chk(dest, len, BOS(dest))

Zeros len bytes starting at dest.

Remarks
EXTENSION TO ISO/IEC JTC1 SC22 WG14 N1172, Programming languages, environments and system software interfaces, Extensions to the C Library, Part I: Bounds-checking interfaces
Parameters
[out]destpointer to memory to be zeroed.
[in]lennumber of bytes to be zeroed
Precondition
dest shall not be a null pointer.
len shall not be 0 nor greater than RSIZE_MAX_MEM and size of dest
Note
memzero_s provides a memory barrier for modern out-of-order CPU's to ensure a cache flush or at least a compiler barrier fallback to ensure that is not optimized away by optimizing compilers.
Returns
If there is a runtime constraint, the operation is not performed.
Return values
EOKwhen operation is successful
ESNULLPwhen dest is NULL POINTER
ESZEROLwhen len = ZERO
ESLEMAXwhen len > RSIZE_MAX_MEM
EOVERFLOWwhen dmax > size of dest (optionally, when the compiler knows the object_size statically)
ESLEWRNGwhen len != size of dest and –enable-error-dmax
See also
memzero16_s(), memzero32_s()

◆ memzero16_s

#define memzero16_s (   dest,
  len 
)    _memzero16_s_chk(dest, len, BOS(dest))

 Zeros len uint16_t's starting at dest.

Remarks
EXTENSION TO ISO/IEC JTC1 SC22 WG14 N1172, Programming languages, environments and system software interfaces, Extensions to the C Library, Part I: Bounds-checking interfaces
Parameters
[out]destpointer to memory to be zeroed.
[in]lennumber of uint16_t's to be zeroed
Precondition
dest shall not be a null pointer.
len shall not be 0 nor greater than RSIZE_MAX_MEM16 and sizeof(dest)/2.
Returns
If there is a runtime constraint, the operation is not performed.
Return values
EOKwhen operation is successful
ESNULLPwhen dest is NULL POINTER
ESZEROLwhen len = ZERO
ESLEMAXwhen len > RSIZE_MAX_MEM16
EOVERFLOWwhen 2*dmax > size of dest (optionally, when the compiler knows the object_size statically)
ESLEWRNGwhen len != sizeof(dest)/2 and –enable-error-dmax
See also
memzero_s(), memzero32_s()

◆ memzero32_s

#define memzero32_s (   dest,
  len 
)    _memzero32_s_chk(dest, len, BOS(dest))

Zeros len uint32_t's starting at dest.

Remarks
EXTENSION TO ISO/IEC JTC1 SC22 WG14 N1172, Programming languages, environments and system software interfaces, Extensions to the C Library, Part I: Bounds-checking interfaces
Parameters
[out]destpointer to memory to be zeroed.
[in]lennumber of uint32_t's to be zeroed
Precondition
dest shall not be a null pointer.
len shall not be 0 nor greater than RSIZE_MAX_MEM32 and sizeof(dest)/4.
Returns
If there is a runtime constraint, the operation is not performed.
Return values
EOKwhen operation is successful
ESNULLPwhen dest is NULL POINTER
ESZEROLwhen len = ZERO
ESLEMAXwhen len > RSIZE_MAX_MEM32
EOVERFLOWwhen 2*dmax > size of dest (optionally, when the compiler knows the object_size statically)
ESLEWRNGwhen len != sizeof(dest)/4 and –enable-error-dmax
See also
memzero_s(), memzero16_s()

◆ memchr_s

#define memchr_s (   dest,
  dmax,
  ch,
  result 
)    _memchr_s_chk(dest, dmax, ch, result, BOS(dest))

Finds the first occurrence of ch (after conversion to unsigned char as if by (unsigned char)ch) in the null-terminated buffer pointed to by dest (each character interpreted as unsigned char).

Remarks
IMPLEMENTED IN
Parameters
[in]destpointer to buffer to compare against
[in]dmaxlength of dest to search in
[in]chcharacter to search for
[out]resultpointer to result in dest
Precondition
Neither dest nor result shall be a null pointer.
dmax shall not be 0.
dmax shall not be greater than RSIZE_MAX_MEM and sizeof(dest)
ch shall not be greater than 255
Return values
EOKwhen successfully character found.
ESNULLPwhen dest/result is a NULL pointer
ESZEROLwhen dmax = 0
ESLEMAXwhen dmax > RSIZE_MAX_MEM or > sizeof(dest)
ESLEMAXwhen ch > 255
ESNOTFNDwhen ch not found in dest
See also
strchr_s(), strspn_s(), strcspn_s(), strpbrk_s(), strstr_s()

◆ memrchr_s

#define memrchr_s (   dest,
  dmax,
  ch,
  result 
)    _memrchr_s_chk(dest, dmax, ch, result, BOS(dest))

Finds the last occurrence of ch (after conversion to char as if by (char)ch) in the null-terminated byte string pointed to by dest (each character interpreted as unsigned char).

The terminating null character is considered to be a part of the string and can be found when searching for '\0'.

Remarks
IMPLEMENTED IN
Parameters
[in]destpointer to string buffer to compare against
[in]dmaxrestricted maximum length of dest
[in]chcharacter to search for
[out]resultpointer to char* in dest
Precondition
Neither dest nor result shall be a null pointer.
dmax shall not be 0.
dmax shall not be greater than RSIZE_MAX_MEM and size of dest
ch shall not be greater than 255
Return values
EOKwhen successfully character found.
ESNULLPwhen dest/result is a NULL pointer
ESZEROLwhen dmax = 0
ESLEMAXwhen dmax > RSIZE_MAX_MEM
EOVERFLOWwhen dmax > size of dest (optionally, when the compiler knows the object_size statically)
ESLEWRNGwhen dmax != size of dest and –enable-error-dmax
ESLEMAXwhen ch > 255
ESNOTFNDwhen ch not found in dest
See also
memrchr_s(), strchr_s(), memchr_s(), strspn_s(), strstr_s()

◆ timingsafe_bcmp

#define timingsafe_bcmp (   b1,
  b2,
 
)    _timingsafe_bcmp_chk(b1, b2, n, BOS(b1), BOS(b2))

Compare all memory bytes.

Return 0 or not zero.

The running time is independent of the byte sequences compared, making them safe to use for comparing secret values such as cryptographic MACs. In contrast, bcmp(3) and memcmp(3) may short-circuit after finding the first differing byte.

Remarks
from OpenBSD
Parameters
b1pointer to memory to compare against
b2pointer to the source memory to compare with b1
nnumber of bytes to compare in both buffers
Precondition
Neither b1 nor b2 shall be a null pointer.
Return values
0if the buffers are equal, or not zero if they are not equal.
-ESLEMAXif n > RSIZE_MAX_MEM or > sizeof(b1) or > sizeof(b2)
See also
memcmp_s(), timingsafe_memcmp()

◆ timingsafe_memcmp

#define timingsafe_memcmp (   b1,
  b2,
  len 
)    _timingsafe_memcmp_chk(b1, b2, len, BOS(b1), BOS(b2))

Compare all memory bytes.

Return their difference sign (-1,0,1).

The running time is independent of the byte sequences compared, making them safe to use for comparing secret values such as cryptographic MACs. In contrast, bcmp(3) and memcmp(3) may short-circuit after finding the first differing byte.

Remarks
from OpenBSD
Parameters
b1pointer to memory to compare against
b2pointer to the source memory to compare with b1
lennumber of bytes to compare in both buffers
Precondition
Neither b1 nor b2 shall be a null pointer.
Return values
-1,0,or1
-ESLEMAXif len > RSIZE_MAX_MEM or > sizeof(b1) or > sizeof(b2)
See also
memcmp_s(), timingsafe_bcmp()

◆ memccpy_s

#define memccpy_s (   dest,
  dmax,
  src,
  c,
 
)    _memccpy_s_chk(dest, dmax, src, c, n, BOS(dest), BOS(src))

memccpy_s copies no more than n bytes from memory area src to memory area dest, stopping when the character c is found.

Throws error if the memory areas overlap. With SAFECLIB_STR_NULL_SLACK defined the rest (max. n bytes, not dmax) is cleared with NULL bytes.

Parameters
[out]destpointer to the memory that will be replaced by src.
[in]dmaxmaximum length of the resulting dest, in bytes
[in]srcpointer to the memory that will be copied to dest
[in]ccharacter to be found
[in]nmaximum number bytes of src that can be copied
Precondition
Neither dest nor src shall be a null pointer.
dmax shall be sizeof(dest)
dmax shall not be 0, not be greater than RSIZE_MAX_MEM and sizeof(dest)
n shall not be greater than dmax.
Copying shall not take place between regions that overlap.
Note
memccpy from BSD, Windows sec_api, glibc, newlib and everywhere else.
Returns
The memccpy() function returns a pointer to the next character in dest after c, or NULL if c was not found in the first n characters of src. If there is a runtime-constraint violation, the memccpy_s function stores zeros in the first dmax bytes of the region pointed to by dest if dest is not a null pointer and n is valid. With n=0, dest[0] is set to '\0', as with memccpy().
Return values
EOKwhen operation is successful or n = 0
ESNULLPwhen dest/src is NULL POINTER
ESZEROLwhen dmax = ZERO.
ESLEMAXwhen dmax/n > RSIZE_MAX_MEM
EOVERFLOWwhen dmax/n > size of dest (optionally, when the compiler knows the object_size statically)
ESLEWRNGwhen dmax != sizeof(dest) and –enable-error-dmax
ESNOSPCwhen n > dmax
ESOVRLPwhen src memory overlaps dst
See also
memcpy_s(), strncpy_s()

◆ wmemcpy_s

#define wmemcpy_s (   dest,
  dlen,
  src,
  count 
)    _wmemcpy_s_chk(dest, dlen, src, count, BOS(dest), BOS(src))

This function copies at most count wchar_t's from src to dest, up to dlen.

If count is zero, the function does nothing.

Remarks
EXTENSION TO
  • C11 standard (ISO/IEC 9899:2011): K.3.9.2.1.3 The wmemcpy_s function (p: 641) http://en.cppreference.com/w/c/string/wide/wmemcpy
  • ISO/IEC JTC1 SC22 WG14 N1172, Programming languages, environments and system software interfaces, Extensions to the C Library, Part I: Bounds-checking interfaces
Parameters
[out]destpointer to the wide string that will be replaced by src.
[in]dlenmaximum length of the resulting dest, in wchar_t
[in]srcpointer to the wide string that will be copied to dest
[in]countnumber of wide characters to copy
Precondition
Neither dest nor src shall be a null pointer.
dlen shall not be 0.
dlen shall not be greater than RSIZE_MAX_WMEM and the size of dest
count shall not be greater than dlen and the size of src
Copying shall not take place between regions that overlap.
Returns
If there is a runtime-constraint violation, the memcpy_s function stores zeros in the first dlen bytes of the region pointed to by dest if dest is not a null pointer and count is valid.
Return values
EOKwhen operation is successful
ESNULLPwhen dest or src is a NULL POINTER
ESZEROLwhen dlen = ZERO
ESLEMAXwhen dlen/count > RSIZE_MAX_WMEM
EOVERFLOWwhen dlen/count > size of dest/src (optionally, when the compiler knows the object_size statically)
ESLEWRNGwhen dlen != sizeof(dest) and –enable-error-dmax
ESNOSPCwhen dlen < count
ESOVRLPwhen src memory overlaps dst
See also
memcpy_s(), memcpy16_s(), wmemmove_s(), memmove16_s()

◆ wmemmove_s

#define wmemmove_s (   dest,
  dlen,
  src,
  count 
)    _wmemmove_s_chk(dest, dlen, src, count, BOS(dest), BOS(src))

The wmemmove_s function copies count wchar_t's from the region pointed to by src into the region pointed to by dest.

If count is zero, the function does nothing.

This copying takes place as if the count wchar_t's from the region pointed to by src are first copied into a temporary array of count wchar_t's that does not overlap the regions pointed to by dest or src, and then the count wchar_t's from the temporary array are copied into the region pointed to by dest.

Remarks
EXTENSION TO
  • C11 standard (ISO/IEC 9899:2011): K.3.9.2.1.4 The wmemmove_s function (p: 642) http://en.cppreference.com/w/c/string/wide/wmemmove
  • ISO/IEC JTC1 SC22 WG14 N1172, Programming languages, environments and system software interfaces, Extensions to the C Library, Part I: Bounds-checking interfaces
Parameters
[out]destpointer to the memory that will be replaced by src.
[in]dlenmaximum length of the resulting dest, in wchar_t
[in]srcpointer to the memory that will be copied to dest
[in]countmaximum number of wide characters to copy
Precondition
Neither dest nor src shall be a null pointer.
dlen shall not be 0.
dlen shall not be greater than RSIZE_MAX_WMEM and the size of dest
count shall not be greater than dlen and the size of src
Returns
If there is a runtime-constraint violation, the memmove_s function stores zeros in the first dlen characters of the region pointed to by dest if dest is not a null pointer and dlen is not greater than RSIZE_MAX_MEM.
Return values
EOKwhen operation is successful
ESNULLPwhen dest or src is a NULL POINTER
ESZEROLwhen dlen = ZERO
ESLEMAXwhen dlen/count > RSIZE_MAX_WMEM
EOVERFLOWwhen dlen/count > size of dest/src (optionally, when the compiler knows the object_size statically)
ESLEWRNGwhen dlen != sizeof(dest) and –enable-error-dmax
ESNOSPCwhen dlen < count
See also
memmove_s(), memmove16_s(), memcpy_s(), memcpy16_s() memcpy32_s()

◆ wmemcmp_s

#define wmemcmp_s (   dest,
  dlen,
  src,
  slen,
  diff 
)    _wmemcmp_s_chk(dest, dlen, src, slen, diff, BOS(dest), BOS(src))

Compares buffers of wide chars until they differ, and return 0 if the same or -1 or 1 in diff.

Remarks
EXTENSION TO ISO/IEC JTC1 SC22 WG14 N1172, Programming languages, environments and system software interfaces, Extensions to the C Library, Part I: Bounds-checking interfaces
Parameters
destpointer to wchar_t buffer to compare against
dlenmaximum length of dest, in number of wchar_t
srcpointer to the source wchar_t buffer to compare with dest
slenlength of the source memory block
*diffpointer to the diff which is -1, 0 or 1 according to whether the object pointed to by dest is greater than, equal to or less than the object pointed to by src. Note that musl returns the diff here.
Precondition
Neither dest nor src shall be a null pointer.
Neither dlen nor slen shall be 0.
dlen shall not be greater than RSIZE_MAX_WMEM and size of dest.
slen shall not be greater than dlen and size of src.
Return values
EOKwhen operation is successful
ESNULLPwhen dest/src is NULL POINTER
ESZEROLwhen dlen/slen = ZERO
ESLEMAXwhen dlen/slen > RSIZE_MAX_WMEM
EOVERFLOWwhen dlen/slen > size of dest/src (optionally, when the compiler knows the object_size statically)
ESLEWRNGwhen dlen != size of dest and –enable-error-dmax
ESNOSPCwhen slen > dlen
See also
memcmp16_s(), memcmp32_s()

Function Documentation

◆ set_mem_constraint_handler_s()

EXTERN constraint_handler_t set_mem_constraint_handler_s ( constraint_handler_t  handler)

The set_mem_constraint_handler_s function sets the runtime-constraint handler to be handler.

The runtime-constraint handler is the function to be called when a library function detects a runtime-constraint order:

  1. A pointer to a character string describing the runtime-constraint violation.
  2. A null pointer or a pointer to an implementation defined object.
  3. If the function calling the handler has a return type declared as errno_t, the return value of the function is passed. Otherwise, a positive value of type errno_t is passed. The implementation has a default constraint handler that is used if no calls to the set_constraint_handler_s function have been made. The behavior of the default handler is implementation-defined, and it may cause the program to exit or abort. If the handler argument to set_constraint_handler_s is a null pointer, the implementation default handler becomes the current constraint handler.
Remarks
SPECIFIED IN ISO/IEC JTC1 SC22 WG14 N1172, Programming languages, environments and system software interfaces, Extensions to the C Library, Part I: Bounds-checking interfaces
See also
set_str_constraint_handler_s()

◆ _memcpy_s_chk()

EXTERN errno_t _memcpy_s_chk ( void *restrict  dest,
rsize_t  dmax,
const void *restrict  src,
rsize_t  slen,
const size_t  destbos,
const size_t  srcbos 
)

◆ BOS_OVR2_BUTZERO() [1/2]

EXTERN errno_t slen BOS_OVR2_BUTZERO ( src  ,
slen   
) &&

◆ _memmove_s_chk()

EXTERN errno_t _memmove_s_chk ( void *  dest,
rsize_t  dmax,
const void *  src,
rsize_t  slen,
const size_t  destbos,
const size_t  srcbos 
)

◆ BOS_OVR2_BUTZERO() [2/2]

EXTERN errno_t slen BOS_OVR2_BUTZERO ( src  ,
slen   
)

◆ _memset_s_chk()

EXTERN errno_t _memset_s_chk ( void *  dest,
rsize_t  dmax,
int  value,
rsize_t  n,
const size_t  destbos 
) &&

◆ VAL_OVR2() [1/2]

EXTERN errno_t n n n overflow dest dmax VAL_OVR2 ( value  ,
255   
)

◆ _memset16_s_chk()

EXTERN errno_t _memset16_s_chk ( uint16_t *  dest,
rsize_t  dmax,
uint16_t  value,
rsize_t  n,
const size_t  destbos 
) &&

◆ _memset32_s_chk()

EXTERN errno_t _memset32_s_chk ( uint32_t *  dest,
rsize_t  dmax,
uint32_t  value,
rsize_t  n,
const size_t  destbos 
) &&

◆ _memcmp_s_chk()

EXTERN errno_t _memcmp_s_chk ( const void *  dest,
rsize_t  dmax,
const void *  src,
rsize_t  slen,
int *  diff,
const size_t  destbos,
const size_t  srcbos 
)

◆ BOS_NULL() [1/2]

EXTERN errno_t slen BOS_NULL ( diff  )

◆ VAL_OVR2_BUTZERO()

EXTERN errno_t slen empty slen VAL_OVR2_BUTZERO ( slen  ,
dmax   
)

◆ _memcmp16_s_chk()

EXTERN errno_t _memcmp16_s_chk ( const uint16_t *  dest,
rsize_t  dlen,
const uint16_t *  src,
rsize_t  slen,
int *  diff,
const size_t  destbos,
const size_t  srcbos 
)

◆ BOS_CHK2()

EXTERN errno_t dlen * BOS_CHK2 ( src  ,
slen 2 
)

◆ _memcmp32_s_chk()

EXTERN errno_t _memcmp32_s_chk ( const uint32_t *  dest,
rsize_t  dlen,
const uint32_t *  src,
rsize_t  slen,
int *  diff,
const size_t  destbos,
const size_t  srcbos 
)

◆ _memcpy16_s_chk()

EXTERN errno_t _memcpy16_s_chk ( uint16_t *  dest,
rsize_t  dmax,
const uint16_t *  src,
rsize_t  slen,
const size_t  destbos,
const size_t  srcbos 
)

◆ _memcpy32_s_chk()

EXTERN errno_t _memcpy32_s_chk ( uint32_t *  dest,
rsize_t  dmax,
const uint32_t *  src,
rsize_t  slen,
const size_t  destbos,
const size_t  srcbos 
)

◆ _memmove16_s_chk()

EXTERN errno_t _memmove16_s_chk ( uint16_t *  dest,
rsize_t  dmax,
const uint16_t *  src,
rsize_t  slen,
const size_t  destbos,
const size_t  srcbos 
)

◆ _memmove32_s_chk()

EXTERN errno_t _memmove32_s_chk ( uint32_t *  dest,
rsize_t  dmax,
const uint32_t *  src,
rsize_t  slen,
const size_t  destbos,
const size_t  srcbos 
)

◆ _memzero_s_chk()

EXTERN errno_t _memzero_s_chk ( void *  dest,
rsize_t  dmax,
const size_t  destbos 
)

◆ _memzero16_s_chk()

EXTERN errno_t _memzero16_s_chk ( uint16_t *  dest,
rsize_t  len,
const size_t  destbos 
)

◆ _memzero32_s_chk()

EXTERN errno_t _memzero32_s_chk ( uint32_t *  dest,
rsize_t  len,
const size_t  destbos 
)

◆ _memchr_s_chk()

EXTERN errno_t _memchr_s_chk ( const void *restrict  dest,
rsize_t  dmax,
const int  ch,
void **  result,
const size_t  destbos 
)

◆ BOS_NULL() [2/2]

EXTERN errno_t BOS_NULL ( result  )

◆ _memrchr_s_chk()

EXTERN errno_t _memrchr_s_chk ( const void *restrict  dest,
rsize_t  dmax,
const int  ch,
void **  result,
const size_t  destbos 
)

◆ _timingsafe_bcmp_chk()

EXTERN int _timingsafe_bcmp_chk ( const void *  b1,
const void *  b2,
size_t  n,
const size_t  destbos,
const size_t  srcbos 
)

◆ BOS_OVR2() [1/2]

EXTERN int n BOS_OVR2 ( b2  ,
 
)

◆ _timingsafe_memcmp_chk()

EXTERN int _timingsafe_memcmp_chk ( const void *  b1,
const void *  b2,
size_t  len,
const size_t  destbos,
const size_t  srcbos 
)

◆ BOS_OVR2() [2/2]

EXTERN int len BOS_OVR2 ( b2  ,
len   
)

◆ _memccpy_s_chk()

EXTERN errno_t _memccpy_s_chk ( void *  dest,
rsize_t  dmax,
const void *  src,
int  c,
rsize_t  n,
const size_t  destbos,
const size_t  srcbos 
)

◆ VAL_OVR2() [2/2]

EXTERN errno_t n VAL_OVR2 ( ,
255   
)

◆ _wmemcpy_s_chk()

EXTERN errno_t _wmemcpy_s_chk ( wchar_t *restrict  dest,
rsize_t  dmax,
const wchar_t *restrict  src,
rsize_t  smax,
const size_t  destbos,
const size_t  srcbos 
)

◆ BOSW_OVR2_BUTZERO()

EXTERN errno_t smax BOSW_OVR2_BUTZERO ( src  ,
smax   
)

◆ _wmemmove_s_chk()

EXTERN errno_t _wmemmove_s_chk ( wchar_t *  dest,
rsize_t  dmax,
const wchar_t *  src,
rsize_t  smax,
const size_t  destbos,
const size_t  srcbos 
)

◆ _wmemcmp_s_chk()

EXTERN errno_t _wmemcmp_s_chk ( const wchar_t *  dest,
rsize_t  dmax,
const wchar_t *  src,
rsize_t  slen,
int *  diff,
const size_t  destbos,
const size_t  srcbos 
)

Variable Documentation

◆ src

EXTERN errno_t slen dest overlaps with src

◆ dmax

EXTERN errno_t n dmax

◆ dlen

EXTERN errno_t dlen dlen