+#ifndef ESRCH
+#define ESRCH 3
+#endif
+#ifndef EOVERFLOW
+#define EOVERFLOW 75
+#endif
+
+/*
+ * In order to provide smooth mapping from unsafe string API to the clib string
+ * macro, we often have to improvise s1max and s2max due to the additional
+ * arguments are required for implementing the safe API. This macro is used
+ * to provide the s1max/s2max. It is not perfect because the actual
+ * s1max/s2max may be greater than 4k and the mapping from the unsafe API to
+ * the macro would cause a regression. However, it is not terribly likely.
+ * So I bet against the odds.
+ */
+#define CLIB_STRING_MACRO_MAX 4096
+
+typedef int errno_t;
+typedef uword rsize_t;
+
+void clib_c11_violation (const char *s);
+errno_t memcpy_s (void *__restrict__ dest, rsize_t dmax,
+ const void *__restrict__ src, rsize_t n);
+
+always_inline errno_t
+memcpy_s_inline (void *__restrict__ dest, rsize_t dmax,
+ const void *__restrict__ src, rsize_t n)
+{
+ uword low, hi;
+ u8 bad;
+
+ /*
+ * Optimize constant-number-of-bytes calls without asking
+ * "too many questions for someone from New Jersey"
+ */
+ if (COMPILE_TIME_CONST (n))
+ {
+ clib_memcpy_fast (dest, src, n);
+ return EOK;
+ }
+
+ /*
+ * call bogus if: src or dst NULL, trying to copy
+ * more data than we have space in dst, or src == dst.
+ * n == 0 isn't really "bad", so check first in the
+ * "wall-of-shame" department...
+ */
+ bad = (dest == 0) + (src == 0) + (n > dmax) + (dest == src) + (n == 0);
+ if (PREDICT_FALSE (bad != 0))
+ {
+ /* Not actually trying to copy anything is OK */
+ if (n == 0)
+ return EOK;
+ if (dest == NULL)
+ clib_c11_violation ("dest NULL");
+ if (src == NULL)
+ clib_c11_violation ("src NULL");
+ if (n > dmax)
+ clib_c11_violation ("n > dmax");
+ if (dest == src)
+ clib_c11_violation ("dest == src");
+ return EINVAL;
+ }
+
+ /* Check for src/dst overlap, which is not allowed */
+ low = (uword) (src < dest ? src : dest);
+ hi = (uword) (src < dest ? dest : src);
+
+ if (PREDICT_FALSE (low + (n - 1) >= hi))
+ {
+ clib_c11_violation ("src/dest overlap");
+ return EINVAL;
+ }
+
+ clib_memcpy_fast (dest, src, n);
+ return EOK;
+}
+
+/*
+ * Note: $$$ This macro is a crutch. Folks need to manually
+ * inspect every extant clib_memcpy(...) call and
+ * attempt to provide a real destination buffer size
+ * argument...
+ */
+#define clib_memcpy(d,s,n) memcpy_s_inline(d,n,s,n)
+
+errno_t memset_s (void *s, rsize_t smax, int c, rsize_t n);
+
+always_inline errno_t
+memset_s_inline (void *s, rsize_t smax, int c, rsize_t n)
+{
+ u8 bad;
+
+ bad = (s == 0) + (n > smax);
+
+ if (PREDICT_FALSE (bad != 0))
+ {
+ if (s == 0)
+ clib_c11_violation ("s NULL");
+ if (n > smax)
+ clib_c11_violation ("n > smax");
+ return (EINVAL);
+ }
+ memset (s, c, n);
+ return (EOK);
+}