#include "safe_config.h"
#include "safe_lib_errno.h"
#include "safe_types.h"
#include "safe_compile.h"
#include <time.h>

Include dependency graph for safe_lib.h:

Macros
#define	EXTERN extern

#define	sl_default_handler ignore_handler_s

#define	TMP_MAX_S 308915776

#define	L_tmpnam_s 1024

#define	tmpnam_s(dest, dmax) _tmpnam_s_chk(dest, dmax, BOS(dest))
	Creates a unique valid file name (no longer than L_tmpnam in length) and stores it in character string pointed to by filename. The function is capable of generating up to TMP_MAX_S of unique filenames, but some or all of them may be in use in the filesystem and thus not suitable return values. More...

#define	gets_s(dest, dmax) _gets_s_chk(dest, dmax, BOS(dest))
	The `gets_s` function reads characters from stdin until a newline is found or end-of-file occurs. Writes only at most dmax characters into the array pointed to by str, and always writes the terminating null character. More...

#define	asctime_s(dest, dmax, tm) _asctime_s_chk(dest, dmax, tm, BOS(dest))
	The `asctime_s` function converts the given calendar time `tm` to a textual representation of the following fixed 25-character form: `"Www Mmm dd hh:mm:ss yyyy\n"`, as with asctime. The message is copied into user-provided `dest` buffer, which is guaranteed to be null-terminated. More...

#define	ctime_s(dest, dmax, timer) _ctime_s_chk(dest, dmax, timer, BOS(dest))
	The `ctime_s` function converts the given time since epoch to a calendar local time and then to a textual representation, as if by calling `asctime_s(buffer, bufsz, localtime_s(time, &(struct tm){0}))`. The message is copied into the user-provided `dest` buffer, which is guaranteed to be null-terminated. More...

#define	getenv_s(len, dest, dmax, name) _getenv_s_chk(len, dest, dmax, name, BOS(dest))
	The `getenv_s` function searches for an environmental variable with name name in the host-specified environment list and returns a pointer to the string that is associated with the matched environment variable. The set of environmental variables and methods of altering it are implementation-defined. The value of the environment variable is written to the user-provided buffer value (unless null) and the number of bytes written is stored in the user-provided location len (unless null). If the environment variable is not set in the environment, zero is written to len (unless null) and '\0' is written to value[0] (unless null). With SAFECLIB_STR_NULL_SLACK defined all elements following the terminating null character (if any) written in the array of dmax characters pointed to by dest are nulled. If `secure_getenv()` is available, it is used. More...

#define	bsearch_s(key, base, nmemb, size, compar, context) _bsearch_s_chk(key, base, nmemb, size, compar, context, BOS(base))
	The `bsearch_s` function finds an element equal to element pointed to by key in an array pointed to by base. The array contains count elements of size bytes and must be partitioned with respect to key, that is, all the elements that compare less than must appear before all the elements that compare equal to, and those must appear before all the elements that compare greater than the key object. A fully sorted array satisfies these requirements. The elements are compared using function pointed to by comp. The behavior is undefined if the array is not already partitioned with respect to *key in ascending order according to the same criterion that compar uses. More...

#define	qsort_s(base, nmemb, size, compar, context) _qsort_s_chk(base, nmemb, size, compar, context, BOS(base))
	The `qsort_s` function sorts the given array pointed to by base in ascending order. The array contains nmemb elements of size bytes. Function pointed to by compar is used for object comparison. More...

Functions
EXTERN void	abort_handler_s (const char restrict msg, void restrict ptr, errno_t error)
	This function writes a message on the standard error stream in an implementation-defined format. More...

EXTERN void	ignore_handler_s (const char restrict msg, void restrict ptr, errno_t error)
	This function simply returns to the caller. More...

EXTERN errno_t	_tmpnam_s_chk (const char *dest, rsize_t dmax, const size_t destbos) BOS_OVR2Z(dest

EXTERN errno_t	tmpfile_s (FILE restrict restrict streamptr)
	The `tmpfile_s` function creates a temporary binary file that is different from any other existing file and that will automatically be removed when it is closed or at program termination. More...

EXTERN char *	_gets_s_chk (char *dest, rsize_t dmax, const size_t destbos) BOS_CHK(dest)

EXTERN errno_t	fopen_s (FILE restrict restrict streamptr, const char restrict filename, const char restrict mode)
	The `fopen_s` function opens a file indicated by filename and updates the pointer to the file stream associated with that file. More...

EXTERN errno_t	freopen_s (FILE restrict restrict newstreamptr, const char restrict filename, const char restrict mode, FILE *restrict stream)
	The `freopen_s` function first, attempts to close the file associated with the stream, ignoring any errors. More...

EXTERN errno_t	_asctime_s_chk (char dest, rsize_t dmax, const struct tm tm, const size_t destbos) BOS_CHK(dest) BOS_ATTR(dmax< 26

EXTERN errno_t dmax underflow	BOS_NULL (tm)

EXTERN errno_t	_ctime_s_chk (char dest, rsize_t dmax, const time_t timer, const size_t destbos) BOS_CHK(dest) BOS_ATTR(dmax< 26

EXTERN errno_t dmax underflow	BOS_NULL (timer)

EXTERN struct tm *	gmtime_s (const time_t restrict timer, struct tm restrict dest) BOS_NULL(timer) BOS_NULL(dest)
	The `gmtime_s` function converts the given time since epoch to a calendar time, expressed in Coordinated Universal Time (UTC) in the struct tm format. More...

EXTERN struct tm *	localtime_s (const time_t restrict timer, struct tm restrict dest) BOS_NULL(timer) BOS_NULL(dest)
	The `localtime_s` function converts the given time since epoch to a calendar time, expressed in the current timezone in the struct tm format. More...

EXTERN errno_t	_getenv_s_chk (size_t restrict len, char restrict dest, rsize_t dmax, const char *restrict name, const size_t destbos) BOS_CHK(dest) BOS_ATTR(_BOS_NULL(name)

EXTERN void *	_bsearch_s_chk (const void key, const void base, rsize_t nmemb, rsize_t size, int(compar)(const void k, const void y, void context), void *context, const size_t basebos) BOS_ATTR(nmemb &&(_BOS_NULL(key)\|\|_BOS_NULL(base)\|\|_BOS_ZERO(base

EXTERN void nmemb empty buf or bufsize	BOS_OVR2_BUTNULL (base, nmemb *size) BOS_ATTR(nmemb &&!compar

EXTERN errno_t	_qsort_s_chk (void base, rsize_t nmemb, rsize_t size, int(compar)(const void x, const void y, void context), void context, const size_t basebos) BOS_ATTR(nmemb &&(_BOS_NULL(base)\|\|_BOS_ZERO(base

Variables
EXTERN errno_t	dmax

EXTERN errno_t empty	name

EXTERN void nmemb *	size

EXTERN void nmemb empty buf or bufsize empty	compar

Macro Definition Documentation

◆ EXTERN

#define EXTERN extern

◆ sl_default_handler

#define sl_default_handler ignore_handler_s

◆ TMP_MAX_S

#define TMP_MAX_S 308915776

◆ L_tmpnam_s

#define L_tmpnam_s 1024

◆ tmpnam_s

#define tmpnam_s	(	dest,
		dmax
	)	_tmpnam_s_chk(dest, dmax, BOS(dest))

Creates a unique valid file name (no longer than L_tmpnam in length) and stores it in character string pointed to by filename. The function is capable of generating up to TMP_MAX_S of unique filenames, but some or all of them may be in use in the filesystem and thus not suitable return values.

Remarks

SPECIFIED IN

C11 standard (ISO/IEC 9899:2011): K.3.5.1.2 The tmpnam_s function (p: 587-588) http://en.cppreference.com/w/c/io/tmpnam
Deprecated in favor of mkstemp

Parameters

[out]	dest	pointer to the string capable of holding at least L_tmpnam_s bytes, to be used as a result buffer.
[in]	dmax	maximum number of characters the function is allowed to write (typically the size of the dest buffer).

Precondition: No more than TMP_MAX_S files may be opened; dest shall not be a null pointer; dmax shall not be greater than RSIZE_MAX_STR and size of dest; dmax shall not be smaller than the generated file name string, which is at least strlen(dest) + 3.

Returns: Returns zero and writes the file name to dest on success. On error, returns non-zero and writes the null character to dest[0] (only if dest is not null and dmax is valid).

Return values

EOK	on success
ESNULLP	when dest is a NULL pointer
ESZEROL	when dmax = 0
ESLEMAX	when dmax > RSIZE_MAX_STR or more than TMP_MAX_S files were opened.
EOVERFLOW	when dmax > size of dest (optionally, when the compiler knows the object_size statically)
ESLEWRNG	when dmax != size of dest and –enable-error-dmax
errno()	when tmpnam() failed, typically -ENOENT

Note: Although the names generated by tmpnam_s are difficult to guess, it is possible that a file with that name is created by another process between the moment tmpnam returns and the moment this program attempts to use the returned name to create a file. The standard function tmpfile and the POSIX function mkstemp do not have this problem (creating a unique directory using only the standard C library still requires the use of tmpnam_s).

POSIX systems additionally define the similarly named function tempnam(), which offers the choice of a directory (which defaults to the optionally defined macro P_tmpdir).

◆ gets_s

#define gets_s	(	dest,
		dmax
	)	_gets_s_chk(dest, dmax, BOS(dest))

The gets_s function reads characters from stdin until a newline is found or end-of-file occurs. Writes only at most dmax characters into the array pointed to by str, and always writes the terminating null character.

Note that C11 allows only writing dmax-1 character. We need to work with the system fgets() passing it dmax+1. In any case, gets_s first finishes reading and discarding the characters from stdin until new-line character, end-of-file condition, or read error before calling the constraint handler. With SAFECLIB_STR_NULL_SLACK the rest of dmax is cleared with NULL bytes, without all elements following the terminating null character (if any) written by gets_s in the array of dmax characters pointed to by dest take unspeciﬁed values when gets_s returns.

Remarks

SPECIFIED IN

C11 standard (ISO/IEC 9899:2011): K.3.5.4.1 The gets_s function (p: 602-603) http://en.cppreference.com/w/c/io/gets
ISO/IEC TR 24731, Programming languages, environments and system software interfaces, Extensions to the C Library, Part I: Bounds-checking interfaces

Parameters

[out]	dest	character string to be written. If the resulting concatenated string is less than dmax, the remaining slack space is nulled.
[in]	dmax	restricted maximum length of the resulting dest, including the null. it may temp. write dmax+1, but always return max dmax.

Precondition: dest shall not be a null pointer; dmax shall not equal zero; dmax shall not be greater than RSIZE_MAX_STR and size of dest

Note: C11 uses RSIZE_MAX, not RSIZE_MAX_STR.

Returns: If there is a runtime-constraint violation, then if dest is not a null pointer and dmax is greater than zero and not greater than RSIZE_MAX_STR, then gets_s nulls dest.

Return values

int	>0 when on successful operation, all the characters from src were appended to dest and the result in dest is null terminated.
0	+ errno=ESNULLP when dest is a NULL pointer
0	+ errno=ESZEROL when dmax = 0
0	+ errno=ESLEMAX when dmax > RSIZE_MAX_STR
0	+ errno=EOVERFLOW when dmax > size of dest
0	+ errno=ESUNTERM endline or eof not encountered after storing dmax-1 characters to dest.

See also: scanf_s()

◆ asctime_s

#define asctime_s	(	dest,
		dmax,
		tm
	)	_asctime_s_chk(dest, dmax, tm, BOS(dest))

The asctime_s function converts the given calendar time tm to a textual representation of the following fixed 25-character form: "Www Mmm dd hh:mm:ss yyyy\n", as with asctime. The message is copied into user-provided dest buffer, which is guaranteed to be null-terminated.

No more than dmax-1 bytes are written, the buffer is always null-terminated. Uses the re-entrant asctime_r() if available.

Remarks

SPECIFIED IN

C11 standard (ISO/IEC 9899:2011): K.3.8.2.1 The asctime_s function (p: 624-625) http://en.cppreference.com/w/c/chrono/asctime
ISO/IEC TR 24731, Programming languages, environments and system software interfaces, Extensions to the C Library, Part I: Bounds-checking interfaces

Parameters

[out]	dest	pointer to a user-provided buffer.
[in]	dmax	restricted maximum length of dest
[in]	tm	pointer to a tm object specifying the time to print

Precondition: dest and tm shall not be a null pointer.; dmax shall not be less than 26 and greater than RSIZE_MAX_STR.; not all members of *tm are within their normal ranges, the year indicated by tm->tm_year is between 0-8099.

Returns: Zero if the entire message was successfully stored in dest, non-zero otherwise.

Return values

EOK	on success
ESNULLP	when dest or tm is a NULL pointer
ESLEMIN	when dmax < 26 or a tm member is too small
ESLEMAX	when dmax > RSIZE_MAX_STR or a tm member is too large
EOVERFLOW	when dmax > size of dest (optionally, when the compiler knows the object_size statically)
ESLEWRNG	when dmax != size of dest and –enable-error-dmax
ESNOSPC	when dmax is too small for the result buffer
-1	when asctime_r or asctime returned NULL

Note: This function returns a pointer to static data and is not thread-safe. POSIX marks this function obsolete and recommends strftime instead. The C standard also recommends strftime instead of asctime and asctime_s because strftime is more flexible and locale-sensitive. POSIX limits undefined behaviors only to when the output string would be longer than 25 characters, when tm->tm_wday or tm->tm_mon are not within the expected ranges, or when tm->tm_year exceeds INT_MAX-1990. Some implementations handle tm->tm_mday==0 as meaning the last day of the preceding month.

See also: ctime_s()

◆ ctime_s

#define ctime_s	(	dest,
		dmax,
		timer
	)	_ctime_s_chk(dest, dmax, timer, BOS(dest))

The ctime_s function converts the given time since epoch to a calendar local time and then to a textual representation, as if by calling asctime_s(buffer, bufsz, localtime_s(time, &(struct tm){0})). The message is copied into the user-provided dest buffer, which is guaranteed to be null-terminated.

No more than dmax-1 bytes are written, the buffer is always null-terminated. The function does not support localization. Uses the re-entrant ctime_r() if available.

Remarks

SPECIFIED IN

C11 standard (ISO/IEC 9899:2011): K.3.8.2.2 The ctime_s function (p: 624-625) http://en.cppreference.com/w/c/chrono/ctime
ISO/IEC TR 24731, Programming languages, environments and system software interfaces, Extensions to the C Library, Part I: Bounds-checking interfaces

Parameters

[out]	dest	pointer to a user-provided string buffer.
[in]	dmax	restricted maximum length of dest
[in]	timer	pointer to a epoch (long, seconds since 1970)

Precondition: dest and timer shall not be a null pointer.; dmax shall not be less than 26; dmax shall not be greater than RSIZE_MAX_STR and size of dest

Returns: Zero if the entire message was successfully stored in dest, non-zero otherwise.

Return values

EOK	on success
ESNULLP	when dest or tm is a NULL pointer
ESLEMIN	when dmax < 26 or *timer < 0
ESLEMAX	when dmax > RSIZE_MAX_STR. Or when *timer > 313360441200L, the year 10000, resp. LONG_MAX on 32bit systems.
EOVERFLOW	when dmax > size of dest (optionally, when the compiler knows the object_size statically)
ESLEWRNG	when dmax != size of dest and –enable-error-dmax
ESNOSPC	when dmax is too small for the result buffer
-1	when ctime_r or ctime returned NULL

Note: ctime returns a pointer to static data and is not thread-safe. In addition, it modifies the static tm object which may be shared with gmtime and localtime. POSIX marks this function obsolete and recommends strftime instead. The C standard also recommends strftime instead of ctime and ctime_s because strftime is more flexible and locale-sensitive. The behavior of ctime may be undefined for the values of time_t that result in the string longer than 25 characters (e.g. year 10000).

See also: asctime_s()

◆ getenv_s

#define getenv_s	(	len,
		dest,
		dmax,
		name
	)	_getenv_s_chk(len, dest, dmax, name, BOS(dest))

The getenv_s function searches for an environmental variable with name name in the host-specified environment list and returns a pointer to the string that is associated with the matched environment variable. The set of environmental variables and methods of altering it are implementation-defined. The value of the environment variable is written to the user-provided buffer value (unless null) and the number of bytes written is stored in the user-provided location *len (unless null). If the environment variable is not set in the environment, zero is written to *len (unless null) and '\0' is written to value[0] (unless null). With SAFECLIB_STR_NULL_SLACK defined all elements following the terminating null character (if any) written in the array of dmax characters pointed to by dest are nulled. If secure_getenv() is available, it is used.

Remarks

SPECIFIED IN

C11 standard (ISO/IEC 9899:2011): K.3.6.2.1 The getenv_s function (p: 607-607) http://en.cppreference.com/w/c/program/getenv

Parameters

[out]	len	pointer to a size_t where getenv_s will store the length of the found environment variable. Might be NULL.
[out]	dest	pointer to a string where getenv_s will store the contents of the found environment variable.
[in]	dmax	maximum number of characters that getenv_s is allowed to write to dest (size of the buffer).
[in]	name	null-terminated character string identifying the name of the environmental variable to look for.

Precondition: name and dest shall not be a null pointer.; dmax shall not be greater than RSIZE_MAX_STR and size of dest.; dmax shall not equal zero.; dmax shall be greater than the strlen of the returned env value.

Returns: zero if the environment variable was found, non-zero if it was not found of if a runtime constrant violation occurred. On any error, writes zero to *len (unless len is a null pointer).

Return values

EOK	on success
ESNULLP	when dest or name are a NULL pointer
ESZEROL	when dmax = 0
ESLEMAX	when dmax > RSIZE_MAX_STR
EOVERFLOW	when dmax > size of dest (optionally, when the compiler knows the object_size statically)
ESLEWRNG	when dmax != sizeof(dest) and –enable-error-dmax
ESNOSPC	when dmax is too small for the value
-1	when not found

◆ bsearch_s

#define bsearch_s	(	key,
		base,
		nmemb,
		size,
		compar,
		context
	)	_bsearch_s_chk(key, base, nmemb, size, compar, context, BOS(base))

The bsearch_s function finds an element equal to element pointed to by key in an array pointed to by base. The array contains count elements of size bytes and must be partitioned with respect to key, that is, all the elements that compare less than must appear before all the elements that compare equal to, and those must appear before all the elements that compare greater than the key object. A fully sorted array satisfies these requirements. The elements are compared using function pointed to by comp. The behavior is undefined if the array is not already partitioned with respect to *key in ascending order according to the same criterion that compar uses.

Remarks

SPECIFIED IN

C11 standard (ISO/IEC 9899:2011): K.3.6.3.1 The bsearch_s function (p: 608-609) http://en.cppreference.com/w/c/algorithm/bsearch

Parameters

[in]	key	pointer to the element to search for
[in]	base	pointer to the array to examine
[in]	nmemb	number of elements in the array
[in]	size	size of each element in the array in bytes
[in]	compar	comparison function which returns a negative integer value if the first argument is less than the second, a positive integer value if the first argument is greater than the second and zero if the arguments are equal. key is passed as the first argument, an element from the array as the second. The signature of the comparison function should be equivalent to the following: int cmp(const void a, const void b); The function must not modify the objects passed to it and must return consistent results when called for the same objects, regardless of their positions in the array.
[in]	context	additional information (e.g., collating sequence), passed to compar as the third argument

Precondition: key, base or compar shall not be a null pointer (unless nmemb is zero).; nmemb or size shall not be greater than RSIZE_MAX_MEM.

If the array contains several elements that compar would indicate as equal to the element searched for, then it is unspecified which element the function will return as the result.

Returns: Pointer to an element in the array that compares equal to *key, or null pointer if such element has not been found, or any run-time constraint violation.

Note: Despite the name, neither C nor POSIX standards require this function to be implemented using binary search or make any complexity guarantees. Unlike other bounds-checked functions, bsearch_s does not treat arrays of zero size as a runtime constraint violation and instead indicates element not found (the other function that accepts arrays of zero size is qsort_s).

Return values

NULL	when not found or any error

errno values: ESNULLP when key, base or compar are a NULL pointer, and nmemb is > 0 ESLEMAX when nmemb or size > RSIZE_MAX_MEM

See also: qsort_s()

◆ qsort_s

#define qsort_s	(	base,
		nmemb,
		size,
		compar,
		context
	)	_qsort_s_chk(base, nmemb, size, compar, context, BOS(base))

The qsort_s function sorts the given array pointed to by base in ascending order. The array contains nmemb elements of size bytes. Function pointed to by compar is used for object comparison.

Remarks

SPECIFIED IN

C11 standard (ISO/IEC 9899:2011): K.3.6.3.2 The qsort_s function (p: 609) http://en.cppreference.com/w/c/algorithm/qsort
ISO/IEC JTC1 SC22 WG14 N1172, Programming languages, environments and system software interfaces, Extensions to the C Library, Part I: Bounds-checking interfaces

Parameters

[in]	base	pointer to the array to sort
[in]	nmemb	number of elements in the array
[in]	size	size of each element in the array in bytes
[in]	compar	comparison function which returns a negative integer value if the first argument is less than the second, a positive integer value if the first argument is greater than the second and zero if the arguments are equal. key is passed as the first argument, an element from the array as the second. The signature of the comparison function should be equivalent to the following: int cmp(const void a, const void b, const void *context); The function must not modify the objects passed to it and must return consistent results when called for the same objects, regardless of their positions in the array.
[in]	context	additional information (e.g., collating sequence), passed to compar as the third argument

Precondition: Neither base nor compar shall not be a null pointer (unless nmemb is zero).; nmemb or size shall not be greater than RSIZE_MAX_MEM.

If comp indicates two elements as equivalent, their order in the resulting sorted array is unspecified.

Note: C11 uses RSIZE_MAX, not RSIZE_MAX_MEM.

Returns: zero on success, non-zero if a runtime constraints violation was detected.

Note: Despite the name, neither C nor POSIX standards require this function to be implemented using quicksort or make any complexity or stability guarantees. Unlike other bounds-checked functions, qsort_s does not treat arrays of zero size as a runtime constraint violation and instead returns successfully without altering the array (the other function that accepts arrays of zero size is bsearch_s). Until qsort_s, users of qsort often used global variables to pass additional context to the comparison function.

This function is available under windows with a different API, no return type, and is not available with safeclib.

Returns: Zero on success, an errno_t on errors.

Return values

EOK	when operation is successful
-ESNULLP	when base/compar is NULL pointer and nmemb > 0
-ESLEMAX	when nmemb/size > RSIZE_MAX_MEM

See also: bsearch_s()

Function Documentation

◆ abort_handler_s()

EXTERN void abort_handler_s	(	const char *restrict	msg,
		void *restrict	ptr,
		errno_t	error
	)

This function writes a message on the standard error stream in an implementation-defined format.

The message shall include the string pointed to by msg. The abort_handler_s function then calls the abort function.

Remarks: SPECIFIED IN ISO/IEC JTC1 SC22 WG14 N1172, Programming languages, environments and system software interfaces, Extensions to the C Library, Part I: Bounds-checking interfaces

Parameters

[in]	msg	Pointer to the message describing the error
[in]	ptr	Pointer to aassociated data. Can be NULL.
[in]	error	The error code encountered.

See also: ignore_handler_s()

◆ ignore_handler_s()

EXTERN void ignore_handler_s	(	const char *restrict	msg,
		void *restrict	ptr,
		errno_t	error
	)

This function simply returns to the caller.

Remarks: SPECIFIED IN ISO/IEC JTC1 SC22 WG14 N1172, Programming languages, environments and system software interfaces, Extensions to the C Library, Part I: Bounds-checking interfaces

Parameters

[in]	msg	Pointer to the message describing the error
[in]	ptr	Pointer to aassociated data. Can be NULL.
[in]	error	The error code encountered.

See also: abort_handler_s()

◆ _tmpnam_s_chk()

EXTERN errno_t _tmpnam_s_chk	(	const char *	dest,
		rsize_t	dmax,
		const size_t	destbos
	)

◆ tmpfile_s()

EXTERN errno_t tmpfile_s ( FILE *restrict *restrict streamptr )

The tmpfile_s function creates a temporary binary file that is different from any other existing file and that will automatically be removed when it is closed or at program termination.

If the program terminates abnormally, whether an open temporary file is removed is implementation-defined. The file is opened for update with "wb+" mode with the meaning that mode has in the fopen_s function (including the mode’s effect on exclusive access and file permissions).

Remarks

SPECIFIED IN

C11 standard (ISO/IEC 9899:2011): K.3.5.1.1 The tmpfile_s function (p: 586-587) http://en.cppreference.com/w/c/io/tmpfile

Parameters

streamptr pointer to a pointer that will be updated by this function call

Precondition: streamptr shall not be a null pointer.; No more than TMP_MAX_S files may be opened

If the file was created successfully, then the pointer to FILE pointed to by streamptr will be set to the pointer to the object controlling the opened file. Otherwise, the pointer to FILE pointed to by streamptr will be set to a null pointer.

Returns: The tmpfile_s function returns zero if it created the file. If it did not create the file or there was a runtime-constraint violation, tmpfile_s returns a nonzero value. If there is a runtime-constraint violation, tmpfile_s does not attempt to create a file. Sets the streamptr on success.

Return values

EOK	on success
ESNULLP	when streamptr is a NULL pointer
ESLEMAX	when more than TMP_MAX_S files were opened.
errno()	when tmpfile() failed, typically ENOENT or EACCES

◆ _gets_s_chk()

EXTERN char* _gets_s_chk	(	char *	dest,
		rsize_t	dmax,
		const size_t	destbos
	)

◆ fopen_s()

EXTERN errno_t fopen_s	(	FILE restrict restrict	streamptr,
		const char *restrict	filename,
		const char *restrict	mode
	)

The fopen_s function opens a file indicated by filename and updates the pointer to the file stream associated with that file.

mode is used to determine the file access mode.

Remarks

SPECIFIED IN

C11 standard (ISO/IEC 9899:2011): K.3.5.2.1 The fopen_s function (p: 588-590) http://en.cppreference.com/w/c/io/fopen

Parameters

[out]	streamptr	pointer to a FILE stream that will be updated by this function call
[in]	filename
[in]	mode	as in fopen

Precondition: Neither streamptr, filename nor mode shall be a null pointer.

If the file was created successfully, then the pointer to the FILE pointed to by streamptr will be set to the pointer to the object controlling the opened file. Otherwise, the pointer to the FILE pointed to by streamptr will be set to a null pointer.

Returns: The fopen_s function returns zero if it created the file. If it did not create the file or there was a runtime-constraint violation, fopen_s returns a nonzero error code, sets streamptr to NULL. If there is a runtime-constraint violation, fopen_s does not attempt to create a file. Sets the streamptr on success.

Return values

EOK	on success
ESNULLP	when any argument is a NULL pointer
>	0 any other errno

◆ freopen_s()

EXTERN errno_t freopen_s	(	FILE restrict restrict	newstreamptr,
		const char *restrict	filename,
		const char *restrict	mode,
		FILE *restrict	stream
	)

The freopen_s function first, attempts to close the file associated with the stream, ignoring any errors.

Then, if filename is not null, attempts to open the file specified by filename using mode as if by fopen, and associates that file with the file stream pointed to by stream. If filename is a null pointer, then the function attempts to reopen the file that is already associated with stream (it is implementation defined which mode changes are allowed in this case).

Remarks

SPECIFIED IN

C11 standard (ISO/IEC 9899:2011): K.3.5.2.2 The freopen_s function (p: 590) http://en.cppreference.com/w/c/io/freopen

Parameters

[out]	newstreamptr	pointer to a FILE stream that will be updated by this function call
[in]	filename	file name to associate the file stream to
[in]	mode	as in fopen
[in]	stream	the file stream to modify

Precondition: Neither streamptr, stream nor mode shall be a null pointer.

If the file was reopened successfully, then the pointer to the FILE pointed to by newstreamptr will be set to the pointer to the object controlling the opened file. Otherwise, the pointer to the FILE pointed to by newstreamptr will be set to a null pointer.

Returns: The freopen_s function returns zero if it reopened the file. If not or there was a runtime-constraint violation, freopen_s returns a nonzero error code, and sets newstreamptr to NULL. If there is a runtime-constraint violation, freopen_s does not attempt to reopen the file. Sets the newstreamptr on success.

Return values

EOK	on success
ESNULLP	when any argument is a NULL pointer
>	0 any other errno

◆ _asctime_s_chk()

EXTERN errno_t _asctime_s_chk	(	char *	dest,
		rsize_t	dmax,
		const struct tm *	tm,
		const size_t	destbos
	)

◆ BOS_NULL() [1/2]

EXTERN errno_t dmax underflow BOS_NULL ( tm )

◆ _ctime_s_chk()

EXTERN errno_t _ctime_s_chk	(	char *	dest,
		rsize_t	dmax,
		const time_t *	timer,
		const size_t	destbos
	)

◆ BOS_NULL() [2/2]

EXTERN errno_t dmax underflow BOS_NULL ( timer )

◆ gmtime_s()

EXTERN struct tm* gmtime_s	(	const time_t *restrict	timer,
		struct tm *restrict	dest
	)

The gmtime_s function converts the given time since epoch to a calendar time, expressed in Coordinated Universal Time (UTC) in the struct tm format.

The result is copied into the user-provided tm struct.

Remarks

SPECIFIED IN

C11 standard (ISO/IEC 9899:2011): K.3.8.2.3 The gmtime_s function (p: 626-627) http://en.cppreference.com/w/c/chrono/gmtime
ISO/IEC TR 24731, Programming languages, environments and system software interfaces, Extensions to the C Library, Part I: Bounds-checking interfaces

Parameters

[in]	timer	pointer to a epoch (long, seconds since 1970)
[out]	dest	pointer to a user-provided struct tm.

Precondition: timer and dest shall not be a null pointer.

Returns: copy of the dest pointer, or null pointer on error (which may be a runtime constraint violation or a failure to convert the specified time to UTC). May set errno to EOVERFLOW when *timer > 313360441200L, the year 10000, resp. LONG_MAX on 32bit systems or < 0, or to ESNULLP when dest or timer is a NULL pointer.

Note: gmtime returns a pointer to static data and is not thread-safe. When gmtime_r is available it used instead.

POSIX requires that this function sets errno to EOVERFLOW if it fails because the argument is too large. POSIX defines a thread-safe alternative gmtime_r, which is similar to the C11 function gmtime_s, except that it does not check the validity of its input parameters.

This function is available under windows with a different API, reversed argument order, and is not available with safeclib.

See also: localtime_s(), ctime_s()

◆ localtime_s()

EXTERN struct tm* localtime_s	(	const time_t *restrict	timer,
		struct tm *restrict	dest
	)

The localtime_s function converts the given time since epoch to a calendar time, expressed in the current timezone in the struct tm format.

The result is copied into the user-provided tm struct.

Remarks

SPECIFIED IN

C11 standard (ISO/IEC 9899:2011): K.3.8.2.4 The localtime_s function (p: 627) http://en.cppreference.com/w/c/chrono/localtime
ISO/IEC TR 24731, Programming languages, environments and system software interfaces, Extensions to the C Library, Part I: Bounds-checking interfaces

Parameters

[in]	timer	pointer to a epoch (long, seconds since 1970)
[out]	dest	pointer to a user-provided struct tm.

Precondition: timer and dest shall not be a null pointer.

Returns: copy of the dest pointer, or null pointer on error (which may be a runtime constraint violation or a failure to convert the specified time to the current timezone). May set errno to EOVERFLOW when *timer > 313360441200L, the year 10000, resp. LONG_MAX on 32bit systems or < 0, or to ESNULLP when dest or timer is a NULL pointer.

Note: localtime returns a pointer to static data and is not thread-safe. When localtime_r is available it used instead.

POSIX requires that this function sets errno to EOVERFLOW if it fails because the argument is too large. POSIX defines a thread-safe alternative localtime_r, which is similar to the C11 function localtime_s, except that it does not check the validity of its input parameters.

This function is available under windows with a different API, reversed argument order, and is not available with safeclib.

See also: gmtime_s(), ctime_s()

◆ _getenv_s_chk()

EXTERN errno_t _getenv_s_chk	(	size_t *restrict	len,
		char *restrict	dest,
		rsize_t	dmax,
		const char *restrict	name,
		const size_t	destbos
	)

◆ _bsearch_s_chk()

EXTERN void* _bsearch_s_chk	(	const void *	key,
		const void *	base,
		rsize_t	nmemb,
		rsize_t	size,
		int()(const void k, const void y, void context)	compar,
		void *	context,
		const size_t	basebos
	)		&&

◆ BOS_OVR2_BUTNULL()

EXTERN errno_t nmemb empty buf or bufsize BOS_OVR2_BUTNULL	(	base	,
		nmemb *	size
	)		&&

◆ _qsort_s_chk()

EXTERN errno_t _qsort_s_chk	(	void *	base,
		rsize_t	nmemb,
		rsize_t	size,
		int()(const void x, const void y, void context)	compar,
		void *	context,
		const size_t	basebos
	)		&&

Variable Documentation

◆ dmax

EXTERN errno_t dmax

◆ name

EXTERN errno_t empty name

◆ size

EXTERN errno_t nmemb * size

◆ compar

EXTERN errno_t nmemb empty buf or bufsize empty compar

Macros

Functions

Variables

Macro Definition Documentation

◆ EXTERN

◆ sl_default_handler

◆ TMP_MAX_S

◆ L_tmpnam_s

◆ tmpnam_s

◆ gets_s

◆ asctime_s

◆ ctime_s

◆ getenv_s

◆ bsearch_s

◆ qsort_s

Function Documentation

◆ abort_handler_s()

◆ ignore_handler_s()

◆ _tmpnam_s_chk()

◆ tmpfile_s()

◆ _gets_s_chk()

◆ fopen_s()

◆ freopen_s()

◆ _asctime_s_chk()

◆ BOS_NULL() [1/2]

◆ _ctime_s_chk()

◆ BOS_NULL() [2/2]

◆ gmtime_s()

◆ localtime_s()

◆ _getenv_s_chk()

◆ _bsearch_s_chk()

◆ BOS_OVR2_BUTNULL()

◆ _qsort_s_chk()

Variable Documentation

◆ dmax

◆ name

◆ size

◆ compar