git-compat-util.hon commit replace unchecked snprintf calls with heap buffers (5b1ef2c)
   1#ifndef GIT_COMPAT_UTIL_H
   2#define GIT_COMPAT_UTIL_H
   3
   4#define _FILE_OFFSET_BITS 64
   5
   6
   7/* Derived from Linux "Features Test Macro" header
   8 * Convenience macros to test the versions of gcc (or
   9 * a compatible compiler).
  10 * Use them like this:
  11 *  #if GIT_GNUC_PREREQ (2,8)
  12 *   ... code requiring gcc 2.8 or later ...
  13 *  #endif
  14*/
  15#if defined(__GNUC__) && defined(__GNUC_MINOR__)
  16# define GIT_GNUC_PREREQ(maj, min) \
  17        ((__GNUC__ << 16) + __GNUC_MINOR__ >= ((maj) << 16) + (min))
  18#else
  19 #define GIT_GNUC_PREREQ(maj, min) 0
  20#endif
  21
  22
  23#ifndef FLEX_ARRAY
  24/*
  25 * See if our compiler is known to support flexible array members.
  26 */
  27#if defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && (!defined(__SUNPRO_C) || (__SUNPRO_C > 0x580))
  28# define FLEX_ARRAY /* empty */
  29#elif defined(__GNUC__)
  30# if (__GNUC__ >= 3)
  31#  define FLEX_ARRAY /* empty */
  32# else
  33#  define FLEX_ARRAY 0 /* older GNU extension */
  34# endif
  35#endif
  36
  37/*
  38 * Otherwise, default to safer but a bit wasteful traditional style
  39 */
  40#ifndef FLEX_ARRAY
  41# define FLEX_ARRAY 1
  42#endif
  43#endif
  44
  45
  46/*
  47 * BUILD_ASSERT_OR_ZERO - assert a build-time dependency, as an expression.
  48 * @cond: the compile-time condition which must be true.
  49 *
  50 * Your compile will fail if the condition isn't true, or can't be evaluated
  51 * by the compiler.  This can be used in an expression: its value is "0".
  52 *
  53 * Example:
  54 *      #define foo_to_char(foo)                                        \
  55 *               ((char *)(foo)                                         \
  56 *                + BUILD_ASSERT_OR_ZERO(offsetof(struct foo, string) == 0))
  57 */
  58#define BUILD_ASSERT_OR_ZERO(cond) \
  59        (sizeof(char [1 - 2*!(cond)]) - 1)
  60
  61#if GIT_GNUC_PREREQ(3, 1)
  62 /* &arr[0] degrades to a pointer: a different type from an array */
  63# define BARF_UNLESS_AN_ARRAY(arr)                                              \
  64        BUILD_ASSERT_OR_ZERO(!__builtin_types_compatible_p(__typeof__(arr), \
  65                                                           __typeof__(&(arr)[0])))
  66#else
  67# define BARF_UNLESS_AN_ARRAY(arr) 0
  68#endif
  69/*
  70 * ARRAY_SIZE - get the number of elements in a visible array
  71 *  <at> x: the array whose size you want.
  72 *
  73 * This does not work on pointers, or arrays declared as [], or
  74 * function parameters.  With correct compiler support, such usage
  75 * will cause a build error (see the build_assert_or_zero macro).
  76 */
  77#define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0]) + BARF_UNLESS_AN_ARRAY(x))
  78
  79#define bitsizeof(x)  (CHAR_BIT * sizeof(x))
  80
  81#define maximum_signed_value_of_type(a) \
  82    (INTMAX_MAX >> (bitsizeof(intmax_t) - bitsizeof(a)))
  83
  84#define maximum_unsigned_value_of_type(a) \
  85    (UINTMAX_MAX >> (bitsizeof(uintmax_t) - bitsizeof(a)))
  86
  87/*
  88 * Signed integer overflow is undefined in C, so here's a helper macro
  89 * to detect if the sum of two integers will overflow.
  90 *
  91 * Requires: a >= 0, typeof(a) equals typeof(b)
  92 */
  93#define signed_add_overflows(a, b) \
  94    ((b) > maximum_signed_value_of_type(a) - (a))
  95
  96#define unsigned_add_overflows(a, b) \
  97    ((b) > maximum_unsigned_value_of_type(a) - (a))
  98
  99/*
 100 * Returns true if the multiplication of "a" and "b" will
 101 * overflow. The types of "a" and "b" must match and must be unsigned.
 102 * Note that this macro evaluates "a" twice!
 103 */
 104#define unsigned_mult_overflows(a, b) \
 105    ((a) && (b) > maximum_unsigned_value_of_type(a) / (a))
 106
 107#ifdef __GNUC__
 108#define TYPEOF(x) (__typeof__(x))
 109#else
 110#define TYPEOF(x)
 111#endif
 112
 113#define MSB(x, bits) ((x) & TYPEOF(x)(~0ULL << (bitsizeof(x) - (bits))))
 114#define HAS_MULTI_BITS(i)  ((i) & ((i) - 1))  /* checks if an integer has more than 1 bit set */
 115
 116#define DIV_ROUND_UP(n,d) (((n) + (d) - 1) / (d))
 117
 118/* Approximation of the length of the decimal representation of this type. */
 119#define decimal_length(x)       ((int)(sizeof(x) * 2.56 + 0.5) + 1)
 120
 121#if defined(__sun__)
 122 /*
 123  * On Solaris, when _XOPEN_EXTENDED is set, its header file
 124  * forces the programs to be XPG4v2, defeating any _XOPEN_SOURCE
 125  * setting to say we are XPG5 or XPG6.  Also on Solaris,
 126  * XPG6 programs must be compiled with a c99 compiler, while
 127  * non XPG6 programs must be compiled with a pre-c99 compiler.
 128  */
 129# if __STDC_VERSION__ - 0 >= 199901L
 130# define _XOPEN_SOURCE 600
 131# else
 132# define _XOPEN_SOURCE 500
 133# endif
 134#elif !defined(__APPLE__) && !defined(__FreeBSD__) && !defined(__USLC__) && \
 135      !defined(_M_UNIX) && !defined(__sgi) && !defined(__DragonFly__) && \
 136      !defined(__TANDEM) && !defined(__QNX__) && !defined(__MirBSD__) && \
 137      !defined(__CYGWIN__)
 138#define _XOPEN_SOURCE 600 /* glibc2 and AIX 5.3L need 500, OpenBSD needs 600 for S_ISLNK() */
 139#define _XOPEN_SOURCE_EXTENDED 1 /* AIX 5.3L needs this */
 140#endif
 141#define _ALL_SOURCE 1
 142#define _GNU_SOURCE 1
 143#define _BSD_SOURCE 1
 144#define _DEFAULT_SOURCE 1
 145#define _NETBSD_SOURCE 1
 146#define _SGI_SOURCE 1
 147
 148#if defined(WIN32) && !defined(__CYGWIN__) /* Both MinGW and MSVC */
 149# if defined (_MSC_VER) && !defined(_WIN32_WINNT)
 150#  define _WIN32_WINNT 0x0502
 151# endif
 152#define WIN32_LEAN_AND_MEAN  /* stops windows.h including winsock.h */
 153#include <winsock2.h>
 154#include <windows.h>
 155#define GIT_WINDOWS_NATIVE
 156#endif
 157
 158#include <unistd.h>
 159#include <stdio.h>
 160#include <sys/stat.h>
 161#include <fcntl.h>
 162#include <stddef.h>
 163#include <stdlib.h>
 164#include <stdarg.h>
 165#include <string.h>
 166#ifdef HAVE_STRINGS_H
 167#include <strings.h> /* for strcasecmp() */
 168#endif
 169#include <errno.h>
 170#include <limits.h>
 171#ifdef NEEDS_SYS_PARAM_H
 172#include <sys/param.h>
 173#endif
 174#include <sys/types.h>
 175#include <dirent.h>
 176#include <sys/time.h>
 177#include <time.h>
 178#include <signal.h>
 179#include <assert.h>
 180#include <regex.h>
 181#include <utime.h>
 182#include <syslog.h>
 183#ifndef NO_SYS_POLL_H
 184#include <sys/poll.h>
 185#else
 186#include <poll.h>
 187#endif
 188#ifdef HAVE_BSD_SYSCTL
 189#include <sys/sysctl.h>
 190#endif
 191
 192#if defined(__MINGW32__)
 193/* pull in Windows compatibility stuff */
 194#include "compat/mingw.h"
 195#elif defined(_MSC_VER)
 196#include "compat/msvc.h"
 197#else
 198#include <sys/utsname.h>
 199#include <sys/wait.h>
 200#include <sys/resource.h>
 201#include <sys/socket.h>
 202#include <sys/ioctl.h>
 203#include <termios.h>
 204#ifndef NO_SYS_SELECT_H
 205#include <sys/select.h>
 206#endif
 207#include <netinet/in.h>
 208#include <netinet/tcp.h>
 209#include <arpa/inet.h>
 210#include <netdb.h>
 211#include <pwd.h>
 212#include <sys/un.h>
 213#ifndef NO_INTTYPES_H
 214#include <inttypes.h>
 215#else
 216#include <stdint.h>
 217#endif
 218#ifdef NO_INTPTR_T
 219/*
 220 * On I16LP32, ILP32 and LP64 "long" is the save bet, however
 221 * on LLP86, IL33LLP64 and P64 it needs to be "long long",
 222 * while on IP16 and IP16L32 it is "int" (resp. "short")
 223 * Size needs to match (or exceed) 'sizeof(void *)'.
 224 * We can't take "long long" here as not everybody has it.
 225 */
 226typedef long intptr_t;
 227typedef unsigned long uintptr_t;
 228#endif
 229#undef _ALL_SOURCE /* AIX 5.3L defines a struct list with _ALL_SOURCE. */
 230#include <grp.h>
 231#define _ALL_SOURCE 1
 232#endif
 233
 234/* used on Mac OS X */
 235#ifdef PRECOMPOSE_UNICODE
 236#include "compat/precompose_utf8.h"
 237#else
 238#define precompose_str(in,i_nfd2nfc)
 239#define precompose_argv(c,v)
 240#define probe_utf8_pathname_composition()
 241#endif
 242
 243#ifdef MKDIR_WO_TRAILING_SLASH
 244#define mkdir(a,b) compat_mkdir_wo_trailing_slash((a),(b))
 245extern int compat_mkdir_wo_trailing_slash(const char*, mode_t);
 246#endif
 247
 248#ifdef NO_STRUCT_ITIMERVAL
 249struct itimerval {
 250        struct timeval it_interval;
 251        struct timeval it_value;
 252};
 253#endif
 254
 255#ifdef NO_SETITIMER
 256#define setitimer(which,value,ovalue)
 257#endif
 258
 259#ifndef NO_LIBGEN_H
 260#include <libgen.h>
 261#else
 262#define basename gitbasename
 263extern char *gitbasename(char *);
 264#define dirname gitdirname
 265extern char *gitdirname(char *);
 266#endif
 267
 268#ifndef NO_ICONV
 269#include <iconv.h>
 270#endif
 271
 272#ifndef NO_OPENSSL
 273#ifdef __APPLE__
 274#define __AVAILABILITY_MACROS_USES_AVAILABILITY 0
 275#include <AvailabilityMacros.h>
 276#undef DEPRECATED_ATTRIBUTE
 277#define DEPRECATED_ATTRIBUTE
 278#undef __AVAILABILITY_MACROS_USES_AVAILABILITY
 279#endif
 280#include <openssl/ssl.h>
 281#include <openssl/err.h>
 282#endif
 283
 284/* On most systems <netdb.h> would have given us this, but
 285 * not on some systems (e.g. z/OS).
 286 */
 287#ifndef NI_MAXHOST
 288#define NI_MAXHOST 1025
 289#endif
 290
 291#ifndef NI_MAXSERV
 292#define NI_MAXSERV 32
 293#endif
 294
 295/* On most systems <limits.h> would have given us this, but
 296 * not on some systems (e.g. GNU/Hurd).
 297 */
 298#ifndef PATH_MAX
 299#define PATH_MAX 4096
 300#endif
 301
 302#ifndef PRIuMAX
 303#define PRIuMAX "llu"
 304#endif
 305
 306#ifndef SCNuMAX
 307#define SCNuMAX PRIuMAX
 308#endif
 309
 310#ifndef PRIu32
 311#define PRIu32 "u"
 312#endif
 313
 314#ifndef PRIx32
 315#define PRIx32 "x"
 316#endif
 317
 318#ifndef PRIo32
 319#define PRIo32 "o"
 320#endif
 321
 322#ifndef PATH_SEP
 323#define PATH_SEP ':'
 324#endif
 325
 326#ifdef HAVE_PATHS_H
 327#include <paths.h>
 328#endif
 329#ifndef _PATH_DEFPATH
 330#define _PATH_DEFPATH "/usr/local/bin:/usr/bin:/bin"
 331#endif
 332
 333#ifndef has_dos_drive_prefix
 334static inline int git_has_dos_drive_prefix(const char *path)
 335{
 336        return 0;
 337}
 338#define has_dos_drive_prefix git_has_dos_drive_prefix
 339#endif
 340
 341#ifndef skip_dos_drive_prefix
 342static inline int git_skip_dos_drive_prefix(char **path)
 343{
 344        return 0;
 345}
 346#define skip_dos_drive_prefix git_skip_dos_drive_prefix
 347#endif
 348
 349#ifndef is_dir_sep
 350static inline int git_is_dir_sep(int c)
 351{
 352        return c == '/';
 353}
 354#define is_dir_sep git_is_dir_sep
 355#endif
 356
 357#ifndef offset_1st_component
 358static inline int git_offset_1st_component(const char *path)
 359{
 360        return is_dir_sep(path[0]);
 361}
 362#define offset_1st_component git_offset_1st_component
 363#endif
 364
 365#ifndef find_last_dir_sep
 366static inline char *git_find_last_dir_sep(const char *path)
 367{
 368        return strrchr(path, '/');
 369}
 370#define find_last_dir_sep git_find_last_dir_sep
 371#endif
 372
 373#if defined(__HP_cc) && (__HP_cc >= 61000)
 374#define NORETURN __attribute__((noreturn))
 375#define NORETURN_PTR
 376#elif defined(__GNUC__) && !defined(NO_NORETURN)
 377#define NORETURN __attribute__((__noreturn__))
 378#define NORETURN_PTR __attribute__((__noreturn__))
 379#elif defined(_MSC_VER)
 380#define NORETURN __declspec(noreturn)
 381#define NORETURN_PTR
 382#else
 383#define NORETURN
 384#define NORETURN_PTR
 385#ifndef __GNUC__
 386#ifndef __attribute__
 387#define __attribute__(x)
 388#endif
 389#endif
 390#endif
 391
 392/* The sentinel attribute is valid from gcc version 4.0 */
 393#if defined(__GNUC__) && (__GNUC__ >= 4)
 394#define LAST_ARG_MUST_BE_NULL __attribute__((sentinel))
 395#else
 396#define LAST_ARG_MUST_BE_NULL
 397#endif
 398
 399#include "compat/bswap.h"
 400
 401#include "wildmatch.h"
 402
 403struct strbuf;
 404
 405/* General helper functions */
 406extern void vreportf(const char *prefix, const char *err, va_list params);
 407extern NORETURN void usage(const char *err);
 408extern NORETURN void usagef(const char *err, ...) __attribute__((format (printf, 1, 2)));
 409extern NORETURN void die(const char *err, ...) __attribute__((format (printf, 1, 2)));
 410extern NORETURN void die_errno(const char *err, ...) __attribute__((format (printf, 1, 2)));
 411extern int error(const char *err, ...) __attribute__((format (printf, 1, 2)));
 412extern int error_errno(const char *err, ...) __attribute__((format (printf, 1, 2)));
 413extern void warning(const char *err, ...) __attribute__((format (printf, 1, 2)));
 414extern void warning_errno(const char *err, ...) __attribute__((format (printf, 1, 2)));
 415
 416#ifndef NO_OPENSSL
 417#ifdef APPLE_COMMON_CRYPTO
 418#include "compat/apple-common-crypto.h"
 419#else
 420#include <openssl/evp.h>
 421#include <openssl/hmac.h>
 422#endif /* APPLE_COMMON_CRYPTO */
 423#include <openssl/x509v3.h>
 424#endif /* NO_OPENSSL */
 425
 426/*
 427 * Let callers be aware of the constant return value; this can help
 428 * gcc with -Wuninitialized analysis. We restrict this trick to gcc, though,
 429 * because some compilers may not support variadic macros. Since we're only
 430 * trying to help gcc, anyway, it's OK; other compilers will fall back to
 431 * using the function as usual.
 432 */
 433#if defined(__GNUC__)
 434static inline int const_error(void)
 435{
 436        return -1;
 437}
 438#define error(...) (error(__VA_ARGS__), const_error())
 439#define error_errno(...) (error_errno(__VA_ARGS__), const_error())
 440#endif
 441
 442extern void set_die_routine(NORETURN_PTR void (*routine)(const char *err, va_list params));
 443extern void set_error_routine(void (*routine)(const char *err, va_list params));
 444extern void (*get_error_routine(void))(const char *err, va_list params);
 445extern void set_warn_routine(void (*routine)(const char *warn, va_list params));
 446extern void (*get_warn_routine(void))(const char *warn, va_list params);
 447extern void set_die_is_recursing_routine(int (*routine)(void));
 448extern void set_error_handle(FILE *);
 449
 450extern int starts_with(const char *str, const char *prefix);
 451
 452/*
 453 * If the string "str" begins with the string found in "prefix", return 1.
 454 * The "out" parameter is set to "str + strlen(prefix)" (i.e., to the point in
 455 * the string right after the prefix).
 456 *
 457 * Otherwise, return 0 and leave "out" untouched.
 458 *
 459 * Examples:
 460 *
 461 *   [extract branch name, fail if not a branch]
 462 *   if (!skip_prefix(ref, "refs/heads/", &branch)
 463 *      return -1;
 464 *
 465 *   [skip prefix if present, otherwise use whole string]
 466 *   skip_prefix(name, "refs/heads/", &name);
 467 */
 468static inline int skip_prefix(const char *str, const char *prefix,
 469                              const char **out)
 470{
 471        do {
 472                if (!*prefix) {
 473                        *out = str;
 474                        return 1;
 475                }
 476        } while (*str++ == *prefix++);
 477        return 0;
 478}
 479
 480/*
 481 * Like skip_prefix, but promises never to read past "len" bytes of the input
 482 * buffer, and returns the remaining number of bytes in "out" via "outlen".
 483 */
 484static inline int skip_prefix_mem(const char *buf, size_t len,
 485                                  const char *prefix,
 486                                  const char **out, size_t *outlen)
 487{
 488        size_t prefix_len = strlen(prefix);
 489        if (prefix_len <= len && !memcmp(buf, prefix, prefix_len)) {
 490                *out = buf + prefix_len;
 491                *outlen = len - prefix_len;
 492                return 1;
 493        }
 494        return 0;
 495}
 496
 497/*
 498 * If buf ends with suffix, return 1 and subtract the length of the suffix
 499 * from *len. Otherwise, return 0 and leave *len untouched.
 500 */
 501static inline int strip_suffix_mem(const char *buf, size_t *len,
 502                                   const char *suffix)
 503{
 504        size_t suflen = strlen(suffix);
 505        if (*len < suflen || memcmp(buf + (*len - suflen), suffix, suflen))
 506                return 0;
 507        *len -= suflen;
 508        return 1;
 509}
 510
 511/*
 512 * If str ends with suffix, return 1 and set *len to the size of the string
 513 * without the suffix. Otherwise, return 0 and set *len to the size of the
 514 * string.
 515 *
 516 * Note that we do _not_ NUL-terminate str to the new length.
 517 */
 518static inline int strip_suffix(const char *str, const char *suffix, size_t *len)
 519{
 520        *len = strlen(str);
 521        return strip_suffix_mem(str, len, suffix);
 522}
 523
 524static inline int ends_with(const char *str, const char *suffix)
 525{
 526        size_t len;
 527        return strip_suffix(str, suffix, &len);
 528}
 529
 530#define SWAP(a, b) do {                                         \
 531        void *_swap_a_ptr = &(a);                               \
 532        void *_swap_b_ptr = &(b);                               \
 533        unsigned char _swap_buffer[sizeof(a)];                  \
 534        memcpy(_swap_buffer, _swap_a_ptr, sizeof(a));           \
 535        memcpy(_swap_a_ptr, _swap_b_ptr, sizeof(a) +            \
 536               BUILD_ASSERT_OR_ZERO(sizeof(a) == sizeof(b)));   \
 537        memcpy(_swap_b_ptr, _swap_buffer, sizeof(a));           \
 538} while (0)
 539
 540#if defined(NO_MMAP) || defined(USE_WIN32_MMAP)
 541
 542#ifndef PROT_READ
 543#define PROT_READ 1
 544#define PROT_WRITE 2
 545#define MAP_PRIVATE 1
 546#endif
 547
 548#define mmap git_mmap
 549#define munmap git_munmap
 550extern void *git_mmap(void *start, size_t length, int prot, int flags, int fd, off_t offset);
 551extern int git_munmap(void *start, size_t length);
 552
 553#else /* NO_MMAP || USE_WIN32_MMAP */
 554
 555#include <sys/mman.h>
 556
 557#endif /* NO_MMAP || USE_WIN32_MMAP */
 558
 559#ifdef NO_MMAP
 560
 561/* This value must be multiple of (pagesize * 2) */
 562#define DEFAULT_PACKED_GIT_WINDOW_SIZE (1 * 1024 * 1024)
 563
 564#else /* NO_MMAP */
 565
 566/* This value must be multiple of (pagesize * 2) */
 567#define DEFAULT_PACKED_GIT_WINDOW_SIZE \
 568        (sizeof(void*) >= 8 \
 569                ?  1 * 1024 * 1024 * 1024 \
 570                : 32 * 1024 * 1024)
 571
 572#endif /* NO_MMAP */
 573
 574#ifndef MAP_FAILED
 575#define MAP_FAILED ((void *)-1)
 576#endif
 577
 578#ifdef NO_ST_BLOCKS_IN_STRUCT_STAT
 579#define on_disk_bytes(st) ((st).st_size)
 580#else
 581#define on_disk_bytes(st) ((st).st_blocks * 512)
 582#endif
 583
 584#ifdef NEEDS_MODE_TRANSLATION
 585#undef S_IFMT
 586#undef S_IFREG
 587#undef S_IFDIR
 588#undef S_IFLNK
 589#undef S_IFBLK
 590#undef S_IFCHR
 591#undef S_IFIFO
 592#undef S_IFSOCK
 593#define S_IFMT   0170000
 594#define S_IFREG  0100000
 595#define S_IFDIR  0040000
 596#define S_IFLNK  0120000
 597#define S_IFBLK  0060000
 598#define S_IFCHR  0020000
 599#define S_IFIFO  0010000
 600#define S_IFSOCK 0140000
 601#ifdef stat
 602#undef stat
 603#endif
 604#define stat(path, buf) git_stat(path, buf)
 605extern int git_stat(const char *, struct stat *);
 606#ifdef fstat
 607#undef fstat
 608#endif
 609#define fstat(fd, buf) git_fstat(fd, buf)
 610extern int git_fstat(int, struct stat *);
 611#ifdef lstat
 612#undef lstat
 613#endif
 614#define lstat(path, buf) git_lstat(path, buf)
 615extern int git_lstat(const char *, struct stat *);
 616#endif
 617
 618#define DEFAULT_PACKED_GIT_LIMIT \
 619        ((1024L * 1024L) * (size_t)(sizeof(void*) >= 8 ? 8192 : 256))
 620
 621#ifdef NO_PREAD
 622#define pread git_pread
 623extern ssize_t git_pread(int fd, void *buf, size_t count, off_t offset);
 624#endif
 625/*
 626 * Forward decl that will remind us if its twin in cache.h changes.
 627 * This function is used in compat/pread.c.  But we can't include
 628 * cache.h there.
 629 */
 630extern ssize_t read_in_full(int fd, void *buf, size_t count);
 631
 632#ifdef NO_SETENV
 633#define setenv gitsetenv
 634extern int gitsetenv(const char *, const char *, int);
 635#endif
 636
 637#ifdef NO_MKDTEMP
 638#define mkdtemp gitmkdtemp
 639extern char *gitmkdtemp(char *);
 640#endif
 641
 642#ifdef NO_UNSETENV
 643#define unsetenv gitunsetenv
 644extern void gitunsetenv(const char *);
 645#endif
 646
 647#ifdef NO_STRCASESTR
 648#define strcasestr gitstrcasestr
 649extern char *gitstrcasestr(const char *haystack, const char *needle);
 650#endif
 651
 652#ifdef NO_STRLCPY
 653#define strlcpy gitstrlcpy
 654extern size_t gitstrlcpy(char *, const char *, size_t);
 655#endif
 656
 657#ifdef NO_STRTOUMAX
 658#define strtoumax gitstrtoumax
 659extern uintmax_t gitstrtoumax(const char *, char **, int);
 660#define strtoimax gitstrtoimax
 661extern intmax_t gitstrtoimax(const char *, char **, int);
 662#endif
 663
 664#ifdef NO_HSTRERROR
 665#define hstrerror githstrerror
 666extern const char *githstrerror(int herror);
 667#endif
 668
 669#ifdef NO_MEMMEM
 670#define memmem gitmemmem
 671void *gitmemmem(const void *haystack, size_t haystacklen,
 672                const void *needle, size_t needlelen);
 673#endif
 674
 675#ifdef OVERRIDE_STRDUP
 676#ifdef strdup
 677#undef strdup
 678#endif
 679#define strdup gitstrdup
 680char *gitstrdup(const char *s);
 681#endif
 682
 683#ifdef NO_GETPAGESIZE
 684#define getpagesize() sysconf(_SC_PAGESIZE)
 685#endif
 686
 687#ifndef O_CLOEXEC
 688#define O_CLOEXEC 0
 689#endif
 690
 691#ifdef FREAD_READS_DIRECTORIES
 692#ifdef fopen
 693#undef fopen
 694#endif
 695#define fopen(a,b) git_fopen(a,b)
 696extern FILE *git_fopen(const char*, const char*);
 697#endif
 698
 699#ifdef SNPRINTF_RETURNS_BOGUS
 700#ifdef snprintf
 701#undef snprintf
 702#endif
 703#define snprintf git_snprintf
 704extern int git_snprintf(char *str, size_t maxsize,
 705                        const char *format, ...);
 706#ifdef vsnprintf
 707#undef vsnprintf
 708#endif
 709#define vsnprintf git_vsnprintf
 710extern int git_vsnprintf(char *str, size_t maxsize,
 711                         const char *format, va_list ap);
 712#endif
 713
 714#ifdef __GLIBC_PREREQ
 715#if __GLIBC_PREREQ(2, 1)
 716#define HAVE_STRCHRNUL
 717#endif
 718#endif
 719
 720#ifndef HAVE_STRCHRNUL
 721#define strchrnul gitstrchrnul
 722static inline char *gitstrchrnul(const char *s, int c)
 723{
 724        while (*s && *s != c)
 725                s++;
 726        return (char *)s;
 727}
 728#endif
 729
 730#ifdef NO_INET_PTON
 731int inet_pton(int af, const char *src, void *dst);
 732#endif
 733
 734#ifdef NO_INET_NTOP
 735const char *inet_ntop(int af, const void *src, char *dst, size_t size);
 736#endif
 737
 738#ifdef NO_PTHREADS
 739#define atexit git_atexit
 740extern int git_atexit(void (*handler)(void));
 741#endif
 742
 743extern void release_pack_memory(size_t);
 744
 745typedef void (*try_to_free_t)(size_t);
 746extern try_to_free_t set_try_to_free_routine(try_to_free_t);
 747
 748static inline size_t st_add(size_t a, size_t b)
 749{
 750        if (unsigned_add_overflows(a, b))
 751                die("size_t overflow: %"PRIuMAX" + %"PRIuMAX,
 752                    (uintmax_t)a, (uintmax_t)b);
 753        return a + b;
 754}
 755#define st_add3(a,b,c)   st_add(st_add((a),(b)),(c))
 756#define st_add4(a,b,c,d) st_add(st_add3((a),(b),(c)),(d))
 757
 758static inline size_t st_mult(size_t a, size_t b)
 759{
 760        if (unsigned_mult_overflows(a, b))
 761                die("size_t overflow: %"PRIuMAX" * %"PRIuMAX,
 762                    (uintmax_t)a, (uintmax_t)b);
 763        return a * b;
 764}
 765
 766static inline size_t st_sub(size_t a, size_t b)
 767{
 768        if (a < b)
 769                die("size_t underflow: %"PRIuMAX" - %"PRIuMAX,
 770                    (uintmax_t)a, (uintmax_t)b);
 771        return a - b;
 772}
 773
 774#ifdef HAVE_ALLOCA_H
 775# include <alloca.h>
 776# define xalloca(size)      (alloca(size))
 777# define xalloca_free(p)    do {} while (0)
 778#else
 779# define xalloca(size)      (xmalloc(size))
 780# define xalloca_free(p)    (free(p))
 781#endif
 782extern char *xstrdup(const char *str);
 783extern void *xmalloc(size_t size);
 784extern void *xmallocz(size_t size);
 785extern void *xmallocz_gently(size_t size);
 786extern void *xmemdupz(const void *data, size_t len);
 787extern char *xstrndup(const char *str, size_t len);
 788extern void *xrealloc(void *ptr, size_t size);
 789extern void *xcalloc(size_t nmemb, size_t size);
 790extern void *xmmap(void *start, size_t length, int prot, int flags, int fd, off_t offset);
 791extern void *xmmap_gently(void *start, size_t length, int prot, int flags, int fd, off_t offset);
 792extern int xopen(const char *path, int flags, ...);
 793extern ssize_t xread(int fd, void *buf, size_t len);
 794extern ssize_t xwrite(int fd, const void *buf, size_t len);
 795extern ssize_t xpread(int fd, void *buf, size_t len, off_t offset);
 796extern int xdup(int fd);
 797extern FILE *xfopen(const char *path, const char *mode);
 798extern FILE *xfdopen(int fd, const char *mode);
 799extern int xmkstemp(char *template);
 800extern int xmkstemp_mode(char *template, int mode);
 801extern char *xgetcwd(void);
 802extern FILE *fopen_for_writing(const char *path);
 803
 804#define ALLOC_ARRAY(x, alloc) (x) = xmalloc(st_mult(sizeof(*(x)), (alloc)))
 805#define REALLOC_ARRAY(x, alloc) (x) = xrealloc((x), st_mult(sizeof(*(x)), (alloc)))
 806
 807#define COPY_ARRAY(dst, src, n) copy_array((dst), (src), (n), sizeof(*(dst)) + \
 808        BUILD_ASSERT_OR_ZERO(sizeof(*(dst)) == sizeof(*(src))))
 809static inline void copy_array(void *dst, const void *src, size_t n, size_t size)
 810{
 811        if (n)
 812                memcpy(dst, src, st_mult(size, n));
 813}
 814
 815/*
 816 * These functions help you allocate structs with flex arrays, and copy
 817 * the data directly into the array. For example, if you had:
 818 *
 819 *   struct foo {
 820 *     int bar;
 821 *     char name[FLEX_ARRAY];
 822 *   };
 823 *
 824 * you can do:
 825 *
 826 *   struct foo *f;
 827 *   FLEX_ALLOC_MEM(f, name, src, len);
 828 *
 829 * to allocate a "foo" with the contents of "src" in the "name" field.
 830 * The resulting struct is automatically zero'd, and the flex-array field
 831 * is NUL-terminated (whether the incoming src buffer was or not).
 832 *
 833 * The FLEXPTR_* variants operate on structs that don't use flex-arrays,
 834 * but do want to store a pointer to some extra data in the same allocated
 835 * block. For example, if you have:
 836 *
 837 *   struct foo {
 838 *     char *name;
 839 *     int bar;
 840 *   };
 841 *
 842 * you can do:
 843 *
 844 *   struct foo *f;
 845 *   FLEXPTR_ALLOC_STR(f, name, src);
 846 *
 847 * and "name" will point to a block of memory after the struct, which will be
 848 * freed along with the struct (but the pointer can be repointed anywhere).
 849 *
 850 * The *_STR variants accept a string parameter rather than a ptr/len
 851 * combination.
 852 *
 853 * Note that these macros will evaluate the first parameter multiple
 854 * times, and it must be assignable as an lvalue.
 855 */
 856#define FLEX_ALLOC_MEM(x, flexname, buf, len) do { \
 857        size_t flex_array_len_ = (len); \
 858        (x) = xcalloc(1, st_add3(sizeof(*(x)), flex_array_len_, 1)); \
 859        memcpy((void *)(x)->flexname, (buf), flex_array_len_); \
 860} while (0)
 861#define FLEXPTR_ALLOC_MEM(x, ptrname, buf, len) do { \
 862        size_t flex_array_len_ = (len); \
 863        (x) = xcalloc(1, st_add3(sizeof(*(x)), flex_array_len_, 1)); \
 864        memcpy((x) + 1, (buf), flex_array_len_); \
 865        (x)->ptrname = (void *)((x)+1); \
 866} while(0)
 867#define FLEX_ALLOC_STR(x, flexname, str) \
 868        FLEX_ALLOC_MEM((x), flexname, (str), strlen(str))
 869#define FLEXPTR_ALLOC_STR(x, ptrname, str) \
 870        FLEXPTR_ALLOC_MEM((x), ptrname, (str), strlen(str))
 871
 872static inline char *xstrdup_or_null(const char *str)
 873{
 874        return str ? xstrdup(str) : NULL;
 875}
 876
 877static inline size_t xsize_t(off_t len)
 878{
 879        if (len > (size_t) len)
 880                die("Cannot handle files this big");
 881        return (size_t)len;
 882}
 883
 884__attribute__((format (printf, 3, 4)))
 885extern int xsnprintf(char *dst, size_t max, const char *fmt, ...);
 886
 887/* in ctype.c, for kwset users */
 888extern const unsigned char tolower_trans_tbl[256];
 889
 890/* Sane ctype - no locale, and works with signed chars */
 891#undef isascii
 892#undef isspace
 893#undef isdigit
 894#undef isalpha
 895#undef isalnum
 896#undef isprint
 897#undef islower
 898#undef isupper
 899#undef tolower
 900#undef toupper
 901#undef iscntrl
 902#undef ispunct
 903#undef isxdigit
 904
 905extern const unsigned char sane_ctype[256];
 906#define GIT_SPACE 0x01
 907#define GIT_DIGIT 0x02
 908#define GIT_ALPHA 0x04
 909#define GIT_GLOB_SPECIAL 0x08
 910#define GIT_REGEX_SPECIAL 0x10
 911#define GIT_PATHSPEC_MAGIC 0x20
 912#define GIT_CNTRL 0x40
 913#define GIT_PUNCT 0x80
 914#define sane_istest(x,mask) ((sane_ctype[(unsigned char)(x)] & (mask)) != 0)
 915#define isascii(x) (((x) & ~0x7f) == 0)
 916#define isspace(x) sane_istest(x,GIT_SPACE)
 917#define isdigit(x) sane_istest(x,GIT_DIGIT)
 918#define isalpha(x) sane_istest(x,GIT_ALPHA)
 919#define isalnum(x) sane_istest(x,GIT_ALPHA | GIT_DIGIT)
 920#define isprint(x) ((x) >= 0x20 && (x) <= 0x7e)
 921#define islower(x) sane_iscase(x, 1)
 922#define isupper(x) sane_iscase(x, 0)
 923#define is_glob_special(x) sane_istest(x,GIT_GLOB_SPECIAL)
 924#define is_regex_special(x) sane_istest(x,GIT_GLOB_SPECIAL | GIT_REGEX_SPECIAL)
 925#define iscntrl(x) (sane_istest(x,GIT_CNTRL))
 926#define ispunct(x) sane_istest(x, GIT_PUNCT | GIT_REGEX_SPECIAL | \
 927                GIT_GLOB_SPECIAL | GIT_PATHSPEC_MAGIC)
 928#define isxdigit(x) (hexval_table[(unsigned char)(x)] != -1)
 929#define tolower(x) sane_case((unsigned char)(x), 0x20)
 930#define toupper(x) sane_case((unsigned char)(x), 0)
 931#define is_pathspec_magic(x) sane_istest(x,GIT_PATHSPEC_MAGIC)
 932
 933static inline int sane_case(int x, int high)
 934{
 935        if (sane_istest(x, GIT_ALPHA))
 936                x = (x & ~0x20) | high;
 937        return x;
 938}
 939
 940static inline int sane_iscase(int x, int is_lower)
 941{
 942        if (!sane_istest(x, GIT_ALPHA))
 943                return 0;
 944
 945        if (is_lower)
 946                return (x & 0x20) != 0;
 947        else
 948                return (x & 0x20) == 0;
 949}
 950
 951static inline int strtoul_ui(char const *s, int base, unsigned int *result)
 952{
 953        unsigned long ul;
 954        char *p;
 955
 956        errno = 0;
 957        /* negative values would be accepted by strtoul */
 958        if (strchr(s, '-'))
 959                return -1;
 960        ul = strtoul(s, &p, base);
 961        if (errno || *p || p == s || (unsigned int) ul != ul)
 962                return -1;
 963        *result = ul;
 964        return 0;
 965}
 966
 967static inline int strtol_i(char const *s, int base, int *result)
 968{
 969        long ul;
 970        char *p;
 971
 972        errno = 0;
 973        ul = strtol(s, &p, base);
 974        if (errno || *p || p == s || (int) ul != ul)
 975                return -1;
 976        *result = ul;
 977        return 0;
 978}
 979
 980#ifdef INTERNAL_QSORT
 981void git_qsort(void *base, size_t nmemb, size_t size,
 982               int(*compar)(const void *, const void *));
 983#define qsort git_qsort
 984#endif
 985
 986#define QSORT(base, n, compar) sane_qsort((base), (n), sizeof(*(base)), compar)
 987static inline void sane_qsort(void *base, size_t nmemb, size_t size,
 988                              int(*compar)(const void *, const void *))
 989{
 990        if (nmemb > 1)
 991                qsort(base, nmemb, size, compar);
 992}
 993
 994#ifndef HAVE_ISO_QSORT_S
 995int git_qsort_s(void *base, size_t nmemb, size_t size,
 996                int (*compar)(const void *, const void *, void *), void *ctx);
 997#define qsort_s git_qsort_s
 998#endif
 999
1000#define QSORT_S(base, n, compar, ctx) do {                      \
1001        if (qsort_s((base), (n), sizeof(*(base)), compar, ctx)) \
1002                die("BUG: qsort_s() failed");                   \
1003} while (0)
1004
1005#ifndef REG_STARTEND
1006#error "Git requires REG_STARTEND support. Compile with NO_REGEX=NeedsStartEnd"
1007#endif
1008
1009static inline int regexec_buf(const regex_t *preg, const char *buf, size_t size,
1010                              size_t nmatch, regmatch_t pmatch[], int eflags)
1011{
1012        assert(nmatch > 0 && pmatch);
1013        pmatch[0].rm_so = 0;
1014        pmatch[0].rm_eo = size;
1015        return regexec(preg, buf, nmatch, pmatch, eflags | REG_STARTEND);
1016}
1017
1018#ifndef DIR_HAS_BSD_GROUP_SEMANTICS
1019# define FORCE_DIR_SET_GID S_ISGID
1020#else
1021# define FORCE_DIR_SET_GID 0
1022#endif
1023
1024#ifdef NO_NSEC
1025#undef USE_NSEC
1026#define ST_CTIME_NSEC(st) 0
1027#define ST_MTIME_NSEC(st) 0
1028#else
1029#ifdef USE_ST_TIMESPEC
1030#define ST_CTIME_NSEC(st) ((unsigned int)((st).st_ctimespec.tv_nsec))
1031#define ST_MTIME_NSEC(st) ((unsigned int)((st).st_mtimespec.tv_nsec))
1032#else
1033#define ST_CTIME_NSEC(st) ((unsigned int)((st).st_ctim.tv_nsec))
1034#define ST_MTIME_NSEC(st) ((unsigned int)((st).st_mtim.tv_nsec))
1035#endif
1036#endif
1037
1038#ifdef UNRELIABLE_FSTAT
1039#define fstat_is_reliable() 0
1040#else
1041#define fstat_is_reliable() 1
1042#endif
1043
1044#ifndef va_copy
1045/*
1046 * Since an obvious implementation of va_list would be to make it a
1047 * pointer into the stack frame, a simple assignment will work on
1048 * many systems.  But let's try to be more portable.
1049 */
1050#ifdef __va_copy
1051#define va_copy(dst, src) __va_copy(dst, src)
1052#else
1053#define va_copy(dst, src) ((dst) = (src))
1054#endif
1055#endif
1056
1057#if defined(__GNUC__) || (_MSC_VER >= 1400) || defined(__C99_MACRO_WITH_VA_ARGS)
1058#define HAVE_VARIADIC_MACROS 1
1059#endif
1060
1061/*
1062 * Preserves errno, prints a message, but gives no warning for ENOENT.
1063 * Returns 0 on success, which includes trying to unlink an object that does
1064 * not exist.
1065 */
1066int unlink_or_warn(const char *path);
1067 /*
1068  * Tries to unlink file.  Returns 0 if unlink succeeded
1069  * or the file already didn't exist.  Returns -1 and
1070  * appends a message to err suitable for
1071  * 'error("%s", err->buf)' on error.
1072  */
1073int unlink_or_msg(const char *file, struct strbuf *err);
1074/*
1075 * Preserves errno, prints a message, but gives no warning for ENOENT.
1076 * Returns 0 on success, which includes trying to remove a directory that does
1077 * not exist.
1078 */
1079int rmdir_or_warn(const char *path);
1080/*
1081 * Calls the correct function out of {unlink,rmdir}_or_warn based on
1082 * the supplied file mode.
1083 */
1084int remove_or_warn(unsigned int mode, const char *path);
1085
1086/*
1087 * Call access(2), but warn for any error except "missing file"
1088 * (ENOENT or ENOTDIR).
1089 */
1090#define ACCESS_EACCES_OK (1U << 0)
1091int access_or_warn(const char *path, int mode, unsigned flag);
1092int access_or_die(const char *path, int mode, unsigned flag);
1093
1094/* Warn on an inaccessible file that ought to be accessible */
1095void warn_on_inaccessible(const char *path);
1096
1097#ifdef GMTIME_UNRELIABLE_ERRORS
1098struct tm *git_gmtime(const time_t *);
1099struct tm *git_gmtime_r(const time_t *, struct tm *);
1100#define gmtime git_gmtime
1101#define gmtime_r git_gmtime_r
1102#endif
1103
1104#if !defined(USE_PARENS_AROUND_GETTEXT_N) && defined(__GNUC__)
1105#define USE_PARENS_AROUND_GETTEXT_N 1
1106#endif
1107
1108#ifndef SHELL_PATH
1109# define SHELL_PATH "/bin/sh"
1110#endif
1111
1112#ifndef _POSIX_THREAD_SAFE_FUNCTIONS
1113#define flockfile(fh)
1114#define funlockfile(fh)
1115#define getc_unlocked(fh) getc(fh)
1116#endif
1117
1118extern int cmd_main(int, const char **);
1119
1120#endif