Make SSO support \0s, use memmove, add test (#6155)

Supercedes #6027

Make SSO more generic by keeping track of its length explicitly,
allowing for embedded \0s to exist in the String (just like the non-SSO
ones).

Use memmove/memcpy_P when we know the length of a string to save CPU
time.

Add tests to inject \0s in a String to ensure it is still working as
designed.

cores/esp8266/WString.cpp

@@ -136,7 +136,7 @@ inline void String::init(void) {
 }
 
 void String::invalidate(void) {
-    if(!sso() && wbuffer())
+    if(!isSSO() && wbuffer())
         free(wbuffer());
     init();
 }
@@ -154,17 +154,21 @@ unsigned char String::reserve(unsigned int size) {
 
 unsigned char String::changeBuffer(unsigned int maxStrLen) {
     // Can we use SSO here to avoid allocation?
-    if (maxStrLen < sizeof(sso_buf)) {
-        if (sso() || !buffer()) {
+    if (maxStrLen < sizeof(sso.buff) - 1) {
+        if (isSSO() || !buffer()) {
             // Already using SSO, nothing to do
+	    uint16_t oldLen = len();
             setSSO(true);
+	    setLen(oldLen);
             return 1;
-        } else { // if bufptr && !sso()
-            // Using bufptr, need to shrink into sso_buff
-            char temp[sizeof(sso_buf)];
+        } else { // if bufptr && !isSSO()
+            // Using bufptr, need to shrink into sso.buff
+            char temp[sizeof(sso.buff)];
             memcpy(temp, buffer(), maxStrLen);
             free(wbuffer());
+            uint16_t oldLen = len();
             setSSO(true);
+	    setLen(oldLen);
             memcpy(wbuffer(), temp, maxStrLen);
             return 1;
         }
@@ -176,12 +180,12 @@ unsigned char String::changeBuffer(unsigned int maxStrLen) {
         return false;
     }
     uint16_t oldLen = len();
-    char *newbuffer = (char *) realloc(sso() ? nullptr : wbuffer(), newSize);
+    char *newbuffer = (char *) realloc(isSSO() ? nullptr : wbuffer(), newSize);
     if (newbuffer) {
         size_t oldSize = capacity() + 1; // include NULL.
-        if (sso()) {
+        if (isSSO()) {
             // Copy the SSO buffer into allocated space
-            memcpy(newbuffer, sso_buf, sizeof(sso_buf));
+            memmove(newbuffer, sso.buff, sizeof(sso.buff));
         }
         if (newSize > oldSize)
         {
@@ -206,7 +210,7 @@ String & String::copy(const char *cstr, unsigned int length) {
         return *this;
     }
     setLen(length);
-    strcpy(wbuffer(), cstr);
+    memmove(wbuffer(), cstr, length + 1);
     return *this;
 }
 
@@ -216,7 +220,7 @@ String & String::copy(const __FlashStringHelper *pstr, unsigned int length) {
         return *this;
     }
     setLen(length);
-    strcpy_P(wbuffer(), (PGM_P)pstr);
+    memcpy_P(wbuffer(), (PGM_P)pstr, length + 1); // We know wbuffer() cannot ever be in PROGMEM, so memcpy safe here
     return *this;
 }
 
@@ -224,20 +228,20 @@ String & String::copy(const __FlashStringHelper *pstr, unsigned int length) {
 void String::move(String &rhs) {
     if(buffer()) {
         if(capacity() >= rhs.len()) {
-            strcpy(wbuffer(), rhs.buffer());
+            memmove(wbuffer(), rhs.buffer(), rhs.length() + 1);
             setLen(rhs.len());
 	    rhs.invalidate();
             return;
         } else {
-            if (!sso()) {
+            if (!isSSO()) {
                 free(wbuffer());
                 setBuffer(nullptr);
             }
         }
     }
-    if (rhs.sso()) {
+    if (rhs.isSSO()) {
         setSSO(true);
-        memmove(sso_buf, rhs.sso_buf, sizeof(sso_buf));
+        memmove(sso.buff, rhs.sso.buff, sizeof(sso.buff));
     } else {
         setSSO(false);
         setBuffer(rhs.wbuffer());
@@ -309,7 +313,7 @@ unsigned char String::concat(const String &s) {
             return 1;
         if (!reserve(newlen))
             return 0;
-        memcpy(wbuffer() + len(), buffer(), len());
+        memmove(wbuffer() + len(), buffer(), len());
         setLen(newlen);
         wbuffer()[len()] = 0;
         return 1;
@@ -326,7 +330,7 @@ unsigned char String::concat(const char *cstr, unsigned int length) {
         return 1;
     if(!reserve(newlen))
         return 0;
-    strcpy(wbuffer() + len(), cstr);
+    memmove(wbuffer() + len(), cstr, length + 1);
     setLen(newlen);
     return 1;
 }
@@ -392,7 +396,7 @@ unsigned char String::concat(const __FlashStringHelper * str) {
     if (length == 0) return 1;
     unsigned int newlen = len() + length;
     if (!reserve(newlen)) return 0;
-    strcpy_P(wbuffer() + len(), (PGM_P)str);
+    memcpy_P(wbuffer() + len(), (PGM_P)str, length + 1);
     setLen(newlen);
     return 1;
 }

cores/esp8266/WString.h

@@ -250,27 +250,29 @@ class String {
             uint16_t cap;
             uint16_t len;
         };
-
-        // SSO is handled by checking the last byte of sso_buff.
-        // When not in SSO mode, that byte is set to 0xff, while when in SSO mode it is always 0x00 (so it can serve as the string terminator as well as a flag)
-        // This allows strings up up to 12 (11 + \0 termination) without any extra space.
-        enum { SSOSIZE = sizeof(struct _ptr) + 4 }; // Characters to allocate space for SSO, must be 12 or more
-        enum { CAPACITY_MAX = 65535 }; // If size of capacity changed, be sure to update this enum
+        // This allows strings up up to 11 (10 + \0 termination) without any extra space.
+        enum { SSOSIZE = sizeof(struct _ptr) + 4 - 1 }; // Characters to allocate space for SSO, must be 12 or more
+        struct _sso {
+            char     buff[SSOSIZE];
+            unsigned char len   : 7; // Ensure only one byte is allocated by GCC for the bitfields
+            unsigned char isSSO : 1;
+        } __attribute__((packed)); // Ensure that GCC doesn't expand the flag byte to a 32-bit word for alignment issues
+        enum { CAPACITY_MAX = 65535 }; // If typeof(cap) changed from uint16_t, be sure to update this enum to the max value storable in the type
         union {
             struct _ptr ptr;
-            char sso_buf[SSOSIZE];
+            struct _sso sso;
         };
         // Accessor functions
-        inline bool sso() const { return sso_buf[SSOSIZE - 1] == 0; }
-        inline unsigned int len() const { return sso() ? strlen(sso_buf) : ptr.len; }
-        inline unsigned int capacity() const { return sso() ? SSOSIZE - 1 : ptr.cap; }
-        inline void setSSO(bool sso) { sso_buf[SSOSIZE - 1] = sso ? 0x00 : 0xff; }
-        inline void setLen(int len) { if (!sso()) ptr.len = len; }
-        inline void setCapacity(int cap) { if (!sso()) ptr.cap = cap; }
-	inline void setBuffer(char *buff) { if (!sso()) ptr.buff = buff; }
+        inline bool isSSO() const { return sso.isSSO; }
+        inline unsigned int len() const { return isSSO() ? sso.len : ptr.len; }
+        inline unsigned int capacity() const { return isSSO() ? (unsigned int)SSOSIZE - 1 : ptr.cap; } // Size of max string not including terminal NUL
+        inline void setSSO(bool set) { sso.isSSO = set; }
+        inline void setLen(int len) { if (isSSO()) sso.len = len; else ptr.len = len; }
+        inline void setCapacity(int cap) { if (!isSSO()) ptr.cap = cap; }
+	inline void setBuffer(char *buff) { if (!isSSO()) ptr.buff = buff; }
         // Buffer accessor functions
-        inline const char *buffer() const { return (const char *)(sso() ? sso_buf : ptr.buff); }
-        inline char *wbuffer() const { return sso() ? const_cast<char *>(sso_buf) : ptr.buff; } // Writable version of buffer
+        inline const char *buffer() const { return (const char *)(isSSO() ? sso.buff : ptr.buff); }
+        inline char *wbuffer() const { return isSSO() ? const_cast<char *>(sso.buff) : ptr.buff; } // Writable version of buffer
 
     protected:
         void init(void);

tests/host/core/test_string.cpp

@@ -320,11 +320,11 @@ TEST_CASE("String SSO works", "[core][String]")
   REQUIRE(s.c_str() == savesso);
   REQUIRE(s == "0123456789");
   REQUIRE(s.length() == 10);
+  if (sizeof(savesso) == 4) {
     s += "a";
-  REQUIRE(s.c_str() == savesso);
+    REQUIRE(s.c_str() != savesso);
     REQUIRE(s == "0123456789a");
     REQUIRE(s.length() == 11);
-  if (sizeof(savesso) == 4) {
     s += "b";
     REQUIRE(s.c_str() != savesso);
     REQUIRE(s == "0123456789ab");
@@ -334,12 +334,16 @@ TEST_CASE("String SSO works", "[core][String]")
     REQUIRE(s == "0123456789abc");
     REQUIRE(s.length() == 13);
   } else {
+  s += "a";
+    REQUIRE(s.c_str() == savesso);
+    REQUIRE(s == "0123456789a");
+    REQUIRE(s.length() == 11);
     s += "bcde";
     REQUIRE(s.c_str() == savesso);
     REQUIRE(s == "0123456789abcde");
     REQUIRE(s.length() == 15);
     s += "fghi";
-    REQUIRE(s.c_str() == savesso);
+    REQUIRE(s.c_str() != savesso);
     REQUIRE(s == "0123456789abcdefghi");
     REQUIRE(s.length() == 19);
     s += "j";
@@ -452,3 +456,41 @@ TEST_CASE("Issue #2736 - StreamString SSO fix", "[core][StreamString]")
     s.print('\"');
     REQUIRE(s == "{\"message\"");
 }
+
+TEST_CASE("Strings with NULs", "[core][String]")
+{
+  // The following should never be done in a real app! This is only to inject 0s in the middle of a string.
+  // Fits in SSO...
+  String str("01234567");
+  REQUIRE(str.length() == 8);
+  char *ptr = (char *)str.c_str();
+  ptr[3] = 0;
+  String str2;
+  str2 = str;
+  REQUIRE(str2.length() == 8);
+  // Needs a buffer pointer
+  str = "0123456789012345678901234567890123456789";
+  ptr = (char *)str.c_str();
+  ptr[3] = 0;
+  str2 = str;
+  REQUIRE(str2.length() == 40);
+  String str3("a");
+  ptr = (char *)str3.c_str();
+  *ptr = 0;
+  REQUIRE(str3.length() == 1);
+  str3 += str3;
+  REQUIRE(str3.length() == 2);
+  str3 += str3;
+  REQUIRE(str3.length() == 4);
+  str3 += str3;
+  REQUIRE(str3.length() == 8);
+  str3 += str3;
+  REQUIRE(str3.length() == 16);
+  str3 += str3;
+  REQUIRE(str3.length() == 32);
+  str3 += str3;
+  REQUIRE(str3.length() == 64);
+  static char zeros[64] = {0};
+  const char *p = str3.c_str();
+  REQUIRE(!memcmp(p, zeros, 64));
+}