This patch fixes a number of rare edge cases in handling the precision
argument in printf. The existing printf implementation used 0 as the
sentinel value for "no precision provided", which makes sense for
integers (where 0 precision has the same effect as no precision, since
in both cases no extra zeroes will be added to the front). However, for
strings it can make an important difference, since callers may expect
that they can use `printf("%.*s", len, str)` to guarantee that `str`
doesn't get dereferenced when `len` is 0. Therefore, change the
implementation so that negative values are used to represent "no
precision provided", and 0 is a legitimate value.
print_string() also had the problem that it called strlen() on the
string before even evaluating the precision. That of course defeats the
purpose of the common "%.*s" pattern to access unterminated strings.
This patch fixes the problem.
Finally, this patch slightly modifies the behavior when printing a NULL
pointer as a string, to make sure width and precision values are still
taken into account in that case, and to change from `(NULL)` to `(null)`
to match the behavior in glibc.
Change-Id: I787c18e1d33006842cf758aeb87710f80f0e5a40
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/89837
Reviewed-by: Paul Menzel <paulepanter@mailbox.org>
Reviewed-by: Matt DeVillier <matt.devillier@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
9c0a914192