compilation-bundle/dwarf-compilation.base/contrib/libdwarf/dwarfdump/sanitized.c

/*
  Copyright 2016-2017 David Anderson. All rights reserved.

  This program is free software; you can redistribute it and/or modify it
  under the terms of version 2 of the GNU General Public License as
  published by the Free Software Foundation.

  This program is distributed in the hope that it would be useful, but
  WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

  Further, this software is distributed without any warranty that it is
  free of the rightful claim of any third person regarding infringement
  or the like.  Any license provided herein, whether implied or
  otherwise, applies only to this software file.  Patent licenses, if
  any, provided herein do not apply to combinations of this program with
  other software, or any other product whatsoever.

  You should have received a copy of the GNU General Public License along
  with this program; if not, write the Free Software Foundation, Inc., 51
  Franklin Street - Fifth Floor, Boston MA 02110-1301, USA.

*/

#include "globals.h"
#include "naming.h"
#include "dwconf.h"
#include "esb.h"

/*  This does a uri-style conversion of control characters.
    So  SOH prints as %01 for example.
    Which stops corrupted or crafted strings from
    doing things to the terminal the string is routed to.

    We do not translate an input % to %% (as in real uri)
    as that would be a bit confusing for most readers.

    The conversion makes it possble to print UTF-8 strings
    reproducibly, sort of (not showing the
    real glyph!).

    Only call this in a printf or sprintf, and
    only call it once in any single printf/sprintf.
    Othewise you will get bogus results and confusion. */

/* ASCII control codes:
We leave newline as is, NUL is end of string,
the others are translated.
NUL Null             0  00              Ctrl-@ ^@
SOH Start of heading 1  01      Alt-1   Ctrl-A ^A
STX Start of text    2  02      Alt-2   Ctrl-B ^B
ETX End of text	     3  03      Alt-3   Ctrl-C ^C
EOT End of transmission	4 04    Alt-4   Ctrl-D ^D
ENQ Enquiry          5    05    Alt-5   Ctrl-E ^E
ACK Acknowledge	     6    06    Alt-6   Ctrl-F ^F
BEL Bell             7    07    Alt-7   Ctrl-G ^G
BS  Backspace        8    08    Alt-8   Ctrl-H ^H
HT  Horizontal tab   9    09    Alt-9   Ctrl-I ^I
LF  Line feed       10    0A    Alt-10  Ctrl-J ^J
VT  Vertical tab    11    0B    Alt-11  Ctrl-K ^K
FF  Form feed       12    0C    Alt-12  Ctrl-L ^L
CR  Carriage return 13    0D    Alt-13  Ctrl-M ^M
SO  Shift out       14    0E    Alt-14  Ctrl-N ^N
SI  Shift in        15    0F    Alt-15	Ctrl-O ^O
DLE Data line escape 16   10    Alt-16  Ctrl-P ^P
DC1 Device control 1 17   11    Alt-17  Ctrl-Q ^Q
DC2 Device control 2 18   12    Alt-18  Ctrl-R ^R
DC3 Device control 3 19   13    Alt-19  Ctrl-S ^S
DC4 Device control 4 20   14    Alt-20  Ctrl-T ^T
NAK Negative acknowledge 21 15  Alt-21  Ctrl-U ^U
SYN Synchronous idle 22   16    Alt-22  Ctrl-V ^V
ETB End transmission block 23 17 Alt-23 Ctrl-W ^W
CAN Cancel              24 18   Alt-24  Ctrl-X ^X
EM  End of medium       25 19   Alt-25  Ctrl-Y ^Y
SU  Substitute          26 1A   Alt-26  Ctrl-Z ^Z
ES  Escape              27 1B   Alt-27  Ctrl-[ ^[
FS  File separator      28 1C   Alt-28  Ctrl-\ ^\
GS  Group separator     29 1D   Alt-29  Ctrl-] ^]
RS  Record separator    30 1E   Alt-30  Ctrl-^ ^^
US  Unit separator      31 1F   Alt-31  Ctrl-_ ^_

In addition,  characters decimal 141, 157, 127,128, 129
143,144,157
appear to be questionable too.
Not in iso-8859-1 nor in html character entities list.

We translate all strings with a % to do sanitizing and
we change a literal ASCII '%' char to %27 so readers
know any % is a sanitized char. We could double up
a % into %% on output, but switching to %27 is simpler
and for readers and prevents ambiguity.

Since we do not handle utf-8 properly nor detect it
we turn all non-ASCII to %xx below.
*/

static struct esb_s localesb = {0,0,0};

#define FALSE 0
#define TRUE 1
boolean no_sanitize_string_garbage = FALSE;

/*  This is safe to use because it is only
    callable here and we copy the value
    returned in the static buffer
    to a safe spot immediately. */
static const char *
as_number(int c)
{
    static char tmpbuf[4];
    snprintf(tmpbuf,sizeof(tmpbuf),"%%%02x",c & 0xff);
    return tmpbuf;
}

/*  do_sanity_insert() and no_questionable_chars()
    absolutely must have the same idea of
    questionable characters.  Be Careful.  */
static void
do_sanity_insert( const char *s,struct esb_s *mesb)
{
    const char *cp = s;

    for( ; *cp; cp++) {
        unsigned c = *cp & 0xff ;

        if (c >= 0x20 && c <=0x7e) {
            /* Usual case, ASCII printable characters. */
            esb_appendn(mesb,cp,1);
            continue;
        }
        if (c == '%') {
            /* %xx for this too. Simple and unambiguous */
            esb_append(mesb,as_number(c));
            continue;
        }
#ifdef _WIN32
        if (c == 0x0D) {
            esb_appendn(mesb,cp,1);
            continue;
        }
#endif /* _WIN32 */
        if (c < 0x20) {
            esb_append(mesb,as_number(c));
            continue;
        }
        if (c >= 0x7f) {
            /* ISO-8859 or UTF-8. Not handled well yet. */
            esb_append(mesb,as_number(c));
            continue;
        }
        esb_appendn(mesb,cp,1);
    }
}

/*  This routine improves overall dwarfdump
    run times a lot by separating strings
    that might print badly from strings that
    will print fine.
    In one large test case it reduces run time
    from 140 seconds to 13 seconds. */
static int
no_questionable_chars(const char *s) {
    const char *cp = s;

    for( ; *cp; cp++) {
        unsigned c = *cp & 0xff ;
        if (c >= 0x20 && c <=0x7e) {
            /* Usual case, ASCII printable characters */
            continue;
        }
#ifdef _WIN32
        if (c == 0x0D) {
            continue;
        }
#endif /* _WIN32 */
        if (c == 0x0A || c == 0x09 ) {
            continue;
        }
        if (c == '%') {
            /* Always sanitize a % ASCII char. */
            return FALSE;
        }
        if (c < 0x20) {
            return FALSE;
        }
        if (c >= 0x7f) {
            /*  This notices iso-8859 and UTF-8
                data as we don't deal with them
                properly in dwarfdump. */
            return FALSE;
        }
    }
    return TRUE;
}

void
sanitized_string_destructor(void)
{
    esb_destructor(&localesb);
}

const char *
sanitized(const char *s)
{
    const char *sout = 0;

    if (no_sanitize_string_garbage) {
        return s;
    }
    if (no_questionable_chars(s)) {
        /*  The original string is safe as is. */
        return s;
    }
    /*  Using esb_destructor is quite expensive in cpu time
        when we build the next sanitized string
        so we just empty the localesb.
        One reason it's expensive is that we do the appends
        in such small batches in do_sanity-insert().
        */
    esb_empty_string(&localesb);
    do_sanity_insert(s,&localesb);
    sout = esb_get_string(&localesb);
    return sout;
}