diff options
Diffstat (limited to 'git-compat-util.h')
| -rw-r--r-- | git-compat-util.h | 695 |
1 files changed, 558 insertions, 137 deletions
diff --git a/git-compat-util.h b/git-compat-util.h index 9a64998b24..1e6592624d 100644 --- a/git-compat-util.h +++ b/git-compat-util.h @@ -1,6 +1,31 @@ #ifndef GIT_COMPAT_UTIL_H #define GIT_COMPAT_UTIL_H +#if __STDC_VERSION__ - 0 < 199901L +/* + * Git is in a testing period for mandatory C99 support in the compiler. If + * your compiler is reasonably recent, you can try to enable C99 support (or, + * for MSVC, C11 support). If you encounter a problem and can't enable C99 + * support with your compiler (such as with "-std=gnu99") and don't have access + * to one with this support, such as GCC or Clang, you can remove this #if + * directive, but please report the details of your system to + * git@vger.kernel.org. + */ +#error "Required C99 support is in a test phase. Please see git-compat-util.h for more details." +#endif + +#ifdef USE_MSVC_CRTDBG +/* + * For these to work they must appear very early in each + * file -- before most of the standard header files. + */ +#include <stdlib.h> +#include <crtdbg.h> +#endif + +struct strbuf; + + #define _FILE_OFFSET_BITS 64 @@ -24,14 +49,23 @@ /* * See if our compiler is known to support flexible array members. */ -#if defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && (!defined(__SUNPRO_C) || (__SUNPRO_C > 0x580)) -# define FLEX_ARRAY /* empty */ + +/* + * Check vendor specific quirks first, before checking the + * __STDC_VERSION__, as vendor compilers can lie and we need to be + * able to work them around. Note that by not defining FLEX_ARRAY + * here, we can fall back to use the "safer but a bit wasteful" one + * later. + */ +#if defined(__SUNPRO_C) && (__SUNPRO_C <= 0x580) #elif defined(__GNUC__) # if (__GNUC__ >= 3) # define FLEX_ARRAY /* empty */ # else # define FLEX_ARRAY 0 /* older GNU extension */ # endif +#elif defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) +# define FLEX_ARRAY /* empty */ #endif /* @@ -63,12 +97,18 @@ # define BARF_UNLESS_AN_ARRAY(arr) \ BUILD_ASSERT_OR_ZERO(!__builtin_types_compatible_p(__typeof__(arr), \ __typeof__(&(arr)[0]))) +# define BARF_UNLESS_COPYABLE(dst, src) \ + BUILD_ASSERT_OR_ZERO(__builtin_types_compatible_p(__typeof__(*(dst)), \ + __typeof__(*(src)))) #else # define BARF_UNLESS_AN_ARRAY(arr) 0 +# define BARF_UNLESS_COPYABLE(dst, src) \ + BUILD_ASSERT_OR_ZERO(0 ? ((*(dst) = *(src)), 0) : \ + sizeof(*(dst)) == sizeof(*(src))) #endif /* * ARRAY_SIZE - get the number of elements in a visible array - * <at> x: the array whose size you want. + * @x: the array whose size you want. * * This does not work on pointers, or arrays declared as [], or * function parameters. With correct compiler support, such usage @@ -104,6 +144,14 @@ #define unsigned_mult_overflows(a, b) \ ((a) && (b) > maximum_unsigned_value_of_type(a) / (a)) +/* + * Returns true if the left shift of "a" by "shift" bits will + * overflow. The type of "a" must be unsigned. + */ +#define unsigned_left_shift_overflows(a, shift) \ + ((shift) < bitsizeof(a) && \ + (a) > maximum_unsigned_value_of_type(a) >> (shift)) + #ifdef __GNUC__ #define TYPEOF(x) (__typeof__(x)) #else @@ -118,7 +166,9 @@ /* Approximation of the length of the decimal representation of this type. */ #define decimal_length(x) ((int)(sizeof(x) * 2.56 + 0.5) + 1) -#if defined(__sun__) +#ifdef __MINGW64__ +#define _POSIX_C_SOURCE 1 +#elif defined(__sun__) /* * On Solaris, when _XOPEN_EXTENDED is set, its header file * forces the programs to be XPG4v2, defeating any _XOPEN_SOURCE @@ -145,12 +195,25 @@ #define _NETBSD_SOURCE 1 #define _SGI_SOURCE 1 +#if GIT_GNUC_PREREQ(4, 5) +#define UNUSED __attribute__((unused)) \ + __attribute__((deprecated ("parameter declared as UNUSED"))) +#elif defined(__GNUC__) +#define UNUSED __attribute__((unused)) \ + __attribute__((deprecated)) +#else +#define UNUSED +#endif + #if defined(WIN32) && !defined(__CYGWIN__) /* Both MinGW and MSVC */ -# if defined (_MSC_VER) && !defined(_WIN32_WINNT) -# define _WIN32_WINNT 0x0502 +# if !defined(_WIN32_WINNT) +# define _WIN32_WINNT 0x0600 # endif #define WIN32_LEAN_AND_MEAN /* stops windows.h including winsock.h */ #include <winsock2.h> +#ifndef NO_UNIX_SOCKETS +#include <afunix.h> +#endif #include <windows.h> #define GIT_WINDOWS_NATIVE #endif @@ -168,6 +231,7 @@ #endif #include <errno.h> #include <limits.h> +#include <locale.h> #ifdef NEEDS_SYS_PARAM_H #include <sys/param.h> #endif @@ -180,22 +244,33 @@ #include <regex.h> #include <utime.h> #include <syslog.h> -#ifndef NO_SYS_POLL_H +#if !defined(NO_POLL_H) +#include <poll.h> +#elif !defined(NO_SYS_POLL_H) #include <sys/poll.h> #else +/* Pull the compat stuff */ #include <poll.h> #endif #ifdef HAVE_BSD_SYSCTL #include <sys/sysctl.h> #endif +/* Used by compat/win32/path-utils.h, and more */ +static inline int is_xplatform_dir_sep(int c) +{ + return c == '/' || c == '\\'; +} + #if defined(__CYGWIN__) -#include "compat/cygwin.h" +#include "compat/win32/path-utils.h" #endif #if defined(__MINGW32__) /* pull in Windows compatibility stuff */ +#include "compat/win32/path-utils.h" #include "compat/mingw.h" #elif defined(_MSC_VER) +#include "compat/win32/path-utils.h" #include "compat/msvc.h" #else #include <sys/utsname.h> @@ -203,6 +278,7 @@ #include <sys/resource.h> #include <sys/socket.h> #include <sys/ioctl.h> +#include <sys/statvfs.h> #include <termios.h> #ifndef NO_SYS_SELECT_H #include <sys/select.h> @@ -218,9 +294,15 @@ #else #include <stdint.h> #endif +#ifdef HAVE_ARC4RANDOM_LIBBSD +#include <bsd/stdlib.h> +#endif +#ifdef HAVE_GETRANDOM +#include <sys/random.h> +#endif #ifdef NO_INTPTR_T /* - * On I16LP32, ILP32 and LP64 "long" is the save bet, however + * On I16LP32, ILP32 and LP64 "long" is the safe bet, however * on LLP86, IL33LLP64 and P64 it needs to be "long long", * while on IP16 and IP16L32 it is "int" (resp. "short") * Size needs to match (or exceed) 'sizeof(void *)'. @@ -238,14 +320,23 @@ typedef unsigned long uintptr_t; #ifdef PRECOMPOSE_UNICODE #include "compat/precompose_utf8.h" #else -#define precompose_str(in,i_nfd2nfc) -#define precompose_argv(c,v) +static inline const char *precompose_argv_prefix(int argc UNUSED, + const char **argv UNUSED, + const char *prefix) +{ + return prefix; +} +static inline const char *precompose_string_if_needed(const char *in) +{ + return in; +} + #define probe_utf8_pathname_composition() #endif #ifdef MKDIR_WO_TRAILING_SLASH #define mkdir(a,b) compat_mkdir_wo_trailing_slash((a),(b)) -extern int compat_mkdir_wo_trailing_slash(const char*, mode_t); +int compat_mkdir_wo_trailing_slash(const char*, mode_t); #endif #ifdef NO_STRUCT_ITIMERVAL @@ -256,16 +347,22 @@ struct itimerval { #endif #ifdef NO_SETITIMER -#define setitimer(which,value,ovalue) +static inline int git_setitimer(int which UNUSED, + const struct itimerval *value UNUSED, + struct itimerval *newvalue UNUSED) { + return 0; /* pretend success */ +} +#undef setitimer +#define setitimer(which,value,ovalue) git_setitimer(which,value,ovalue) #endif #ifndef NO_LIBGEN_H #include <libgen.h> #else #define basename gitbasename -extern char *gitbasename(char *); +char *gitbasename(char *); #define dirname gitdirname -extern char *gitdirname(char *); +char *gitdirname(char *); #endif #ifndef NO_ICONV @@ -306,30 +403,11 @@ extern char *gitdirname(char *); #define PATH_MAX 4096 #endif -#ifndef PRIuMAX -#define PRIuMAX "llu" -#endif - -#ifndef SCNuMAX -#define SCNuMAX PRIuMAX -#endif - -#ifndef PRIu32 -#define PRIu32 "u" -#endif - -#ifndef PRIx32 -#define PRIx32 "x" -#endif - -#ifndef PRIo32 -#define PRIo32 "o" -#endif - typedef uintmax_t timestamp_t; #define PRItime PRIuMAX #define parse_timestamp strtoumax #define TIME_MAX UINTMAX_MAX +#define TIME_MIN 0 #ifndef PATH_SEP #define PATH_SEP ':' @@ -342,8 +420,23 @@ typedef uintmax_t timestamp_t; #define _PATH_DEFPATH "/usr/local/bin:/usr/bin:/bin" #endif +#ifndef platform_core_config +static inline int noop_core_config(const char *var UNUSED, + const char *value UNUSED, + void *cb UNUSED) +{ + return 0; +} +#define platform_core_config noop_core_config +#endif + +int lstat_cache_aware_rmdir(const char *path); +#if !defined(__MINGW32__) && !defined(_MSC_VER) +#define rmdir lstat_cache_aware_rmdir +#endif + #ifndef has_dos_drive_prefix -static inline int git_has_dos_drive_prefix(const char *path) +static inline int git_has_dos_drive_prefix(const char *path UNUSED) { return 0; } @@ -351,18 +444,18 @@ static inline int git_has_dos_drive_prefix(const char *path) #endif #ifndef skip_dos_drive_prefix -static inline int git_skip_dos_drive_prefix(char **path) +static inline int git_skip_dos_drive_prefix(char **path UNUSED) { return 0; } #define skip_dos_drive_prefix git_skip_dos_drive_prefix #endif -#ifndef is_dir_sep static inline int git_is_dir_sep(int c) { return c == '/'; } +#ifndef is_dir_sep #define is_dir_sep git_is_dir_sep #endif @@ -374,6 +467,79 @@ static inline int git_offset_1st_component(const char *path) #define offset_1st_component git_offset_1st_component #endif +#ifndef is_valid_path +#define is_valid_path(path) 1 +#endif + +#ifndef is_path_owned_by_current_user + +#ifdef __TANDEM +#define ROOT_UID 65535 +#else +#define ROOT_UID 0 +#endif + +/* + * Do not use this function when + * (1) geteuid() did not say we are running as 'root', or + * (2) using this function will compromise the system. + * + * PORTABILITY WARNING: + * This code assumes uid_t is unsigned because that is what sudo does. + * If your uid_t type is signed and all your ids are positive then it + * should all work fine. + * If your version of sudo uses negative values for uid_t or it is + * buggy and return an overflowed value in SUDO_UID, then git might + * fail to grant access to your repository properly or even mistakenly + * grant access to someone else. + * In the unlikely scenario this happened to you, and that is how you + * got to this message, we would like to know about it; so sent us an + * email to git@vger.kernel.org indicating which platform you are + * using and which version of sudo, so we can improve this logic and + * maybe provide you with a patch that would prevent this issue again + * in the future. + */ +static inline void extract_id_from_env(const char *env, uid_t *id) +{ + const char *real_uid = getenv(env); + + /* discard anything empty to avoid a more complex check below */ + if (real_uid && *real_uid) { + char *endptr = NULL; + unsigned long env_id; + + errno = 0; + /* silent overflow errors could trigger a bug here */ + env_id = strtoul(real_uid, &endptr, 10); + if (!*endptr && !errno) + *id = env_id; + } +} + +static inline int is_path_owned_by_current_uid(const char *path, + struct strbuf *report UNUSED) +{ + struct stat st; + uid_t euid; + + if (lstat(path, &st)) + return 0; + + euid = geteuid(); + if (euid == ROOT_UID) + { + if (st.st_uid == ROOT_UID) + return 1; + else + extract_id_from_env("SUDO_UID", &euid); + } + + return st.st_uid == euid; +} + +#define is_path_owned_by_current_user is_path_owned_by_current_uid +#endif + #ifndef find_last_dir_sep static inline char *git_find_last_dir_sep(const char *path) { @@ -382,6 +548,31 @@ static inline char *git_find_last_dir_sep(const char *path) #define find_last_dir_sep git_find_last_dir_sep #endif +#ifndef has_dir_sep +static inline int git_has_dir_sep(const char *path) +{ + return !!strchr(path, '/'); +} +#define has_dir_sep(path) git_has_dir_sep(path) +#endif + +#ifndef query_user_email +#define query_user_email() NULL +#endif + +#ifdef __TANDEM +#include <floss.h(floss_execl,floss_execlp,floss_execv,floss_execvp)> +#include <floss.h(floss_getpwuid)> +#ifndef NSIG +/* + * NonStop NSE and NSX do not provide NSIG. SIGGUARDIAN(99) is the highest + * known, by detective work using kill -l as a list is all signals + * instead of signal.h where it should be. + */ +# define NSIG 100 +#endif +#endif + #if defined(__HP_cc) && (__HP_cc >= 61000) #define NORETURN __attribute__((noreturn)) #define NORETURN_PTR @@ -404,10 +595,15 @@ static inline char *git_find_last_dir_sep(const char *path) /* The sentinel attribute is valid from gcc version 4.0 */ #if defined(__GNUC__) && (__GNUC__ >= 4) #define LAST_ARG_MUST_BE_NULL __attribute__((sentinel)) +/* warn_unused_result exists as of gcc 3.4.0, but be lazy and check 4.0 */ +#define RESULT_MUST_BE_USED __attribute__ ((warn_unused_result)) #else #define LAST_ARG_MUST_BE_NULL +#define RESULT_MUST_BE_USED #endif +#define MAYBE_UNUSED __attribute__((__unused__)) + #include "compat/bswap.h" #include "wildmatch.h" @@ -415,15 +611,16 @@ static inline char *git_find_last_dir_sep(const char *path) struct strbuf; /* General helper functions */ -extern void vreportf(const char *prefix, const char *err, va_list params); -extern NORETURN void usage(const char *err); -extern NORETURN void usagef(const char *err, ...) __attribute__((format (printf, 1, 2))); -extern NORETURN void die(const char *err, ...) __attribute__((format (printf, 1, 2))); -extern NORETURN void die_errno(const char *err, ...) __attribute__((format (printf, 1, 2))); -extern int error(const char *err, ...) __attribute__((format (printf, 1, 2))); -extern int error_errno(const char *err, ...) __attribute__((format (printf, 1, 2))); -extern void warning(const char *err, ...) __attribute__((format (printf, 1, 2))); -extern void warning_errno(const char *err, ...) __attribute__((format (printf, 1, 2))); +NORETURN void usage(const char *err); +NORETURN void usagef(const char *err, ...) __attribute__((format (printf, 1, 2))); +NORETURN void die(const char *err, ...) __attribute__((format (printf, 1, 2))); +NORETURN void die_errno(const char *err, ...) __attribute__((format (printf, 1, 2))); +int die_message(const char *err, ...) __attribute__((format (printf, 1, 2))); +int die_message_errno(const char *err, ...) __attribute__((format (printf, 1, 2))); +int error(const char *err, ...) __attribute__((format (printf, 1, 2))); +int error_errno(const char *err, ...) __attribute__((format (printf, 1, 2))); +void warning(const char *err, ...) __attribute__((format (printf, 1, 2))); +void warning_errno(const char *err, ...) __attribute__((format (printf, 1, 2))); #ifndef NO_OPENSSL #ifdef APPLE_COMMON_CRYPTO @@ -435,12 +632,14 @@ extern void warning_errno(const char *err, ...) __attribute__((format (printf, 1 #include <openssl/x509v3.h> #endif /* NO_OPENSSL */ +#ifdef HAVE_OPENSSL_CSPRNG +#include <openssl/rand.h> +#endif + /* * Let callers be aware of the constant return value; this can help * gcc with -Wuninitialized analysis. We restrict this trick to gcc, though, - * because some compilers may not support variadic macros. Since we're only - * trying to help gcc, anyway, it's OK; other compilers will fall back to - * using the function as usual. + * because other compilers may be confused by this. */ #if defined(__GNUC__) static inline int const_error(void) @@ -451,15 +650,18 @@ static inline int const_error(void) #define error_errno(...) (error_errno(__VA_ARGS__), const_error()) #endif -extern void set_die_routine(NORETURN_PTR void (*routine)(const char *err, va_list params)); -extern void set_error_routine(void (*routine)(const char *err, va_list params)); -extern void (*get_error_routine(void))(const char *err, va_list params); -extern void set_warn_routine(void (*routine)(const char *warn, va_list params)); -extern void (*get_warn_routine(void))(const char *warn, va_list params); -extern void set_die_is_recursing_routine(int (*routine)(void)); +typedef void (*report_fn)(const char *, va_list params); + +void set_die_routine(NORETURN_PTR report_fn routine); +report_fn get_die_message_routine(void); +void set_error_routine(report_fn routine); +report_fn get_error_routine(void); +void set_warn_routine(report_fn routine); +report_fn get_warn_routine(void); +void set_die_is_recursing_routine(int (*routine)(void)); -extern int starts_with(const char *str, const char *prefix); -extern int istarts_with(const char *str, const char *prefix); +int starts_with(const char *str, const char *prefix); +int istarts_with(const char *str, const char *prefix); /* * If the string "str" begins with the string found in "prefix", return 1. @@ -582,8 +784,8 @@ static inline int ends_with(const char *str, const char *suffix) #define mmap git_mmap #define munmap git_munmap -extern void *git_mmap(void *start, size_t length, int prot, int flags, int fd, off_t offset); -extern int git_munmap(void *start, size_t length); +void *git_mmap(void *start, size_t length, int prot, int flags, int fd, off_t offset); +int git_munmap(void *start, size_t length); #else /* NO_MMAP || USE_WIN32_MMAP */ @@ -637,17 +839,17 @@ extern int git_munmap(void *start, size_t length); #undef stat #endif #define stat(path, buf) git_stat(path, buf) -extern int git_stat(const char *, struct stat *); +int git_stat(const char *, struct stat *); #ifdef fstat #undef fstat #endif #define fstat(fd, buf) git_fstat(fd, buf) -extern int git_fstat(int, struct stat *); +int git_fstat(int, struct stat *); #ifdef lstat #undef lstat #endif #define lstat(path, buf) git_lstat(path, buf) -extern int git_lstat(const char *, struct stat *); +int git_lstat(const char *, struct stat *); #endif #define DEFAULT_PACKED_GIT_LIMIT \ @@ -655,56 +857,56 @@ extern int git_lstat(const char *, struct stat *); #ifdef NO_PREAD #define pread git_pread -extern ssize_t git_pread(int fd, void *buf, size_t count, off_t offset); +ssize_t git_pread(int fd, void *buf, size_t count, off_t offset); #endif /* * Forward decl that will remind us if its twin in cache.h changes. * This function is used in compat/pread.c. But we can't include * cache.h there. */ -extern ssize_t read_in_full(int fd, void *buf, size_t count); +ssize_t read_in_full(int fd, void *buf, size_t count); #ifdef NO_SETENV #define setenv gitsetenv -extern int gitsetenv(const char *, const char *, int); +int gitsetenv(const char *, const char *, int); #endif #ifdef NO_MKDTEMP #define mkdtemp gitmkdtemp -extern char *gitmkdtemp(char *); +char *gitmkdtemp(char *); #endif #ifdef NO_UNSETENV #define unsetenv gitunsetenv -extern void gitunsetenv(const char *); +int gitunsetenv(const char *); #endif #ifdef NO_STRCASESTR #define strcasestr gitstrcasestr -extern char *gitstrcasestr(const char *haystack, const char *needle); +char *gitstrcasestr(const char *haystack, const char *needle); #endif #ifdef NO_STRLCPY #define strlcpy gitstrlcpy -extern size_t gitstrlcpy(char *, const char *, size_t); +size_t gitstrlcpy(char *, const char *, size_t); #endif #ifdef NO_STRTOUMAX #define strtoumax gitstrtoumax -extern uintmax_t gitstrtoumax(const char *, char **, int); +uintmax_t gitstrtoumax(const char *, char **, int); #define strtoimax gitstrtoimax -extern intmax_t gitstrtoimax(const char *, char **, int); +intmax_t gitstrtoimax(const char *, char **, int); #endif #ifdef NO_HSTRERROR #define hstrerror githstrerror -extern const char *githstrerror(int herror); +const char *githstrerror(int herror); #endif #ifdef NO_MEMMEM #define memmem gitmemmem void *gitmemmem(const void *haystack, size_t haystacklen, - const void *needle, size_t needlelen); + const void *needle, size_t needlelen); #endif #ifdef OVERRIDE_STRDUP @@ -730,7 +932,7 @@ char *gitstrdup(const char *s); # endif # define fopen(a,b) git_fopen(a,b) # endif -extern FILE *git_fopen(const char*, const char*); +FILE *git_fopen(const char*, const char*); #endif #ifdef SNPRINTF_RETURNS_BOGUS @@ -738,14 +940,20 @@ extern FILE *git_fopen(const char*, const char*); #undef snprintf #endif #define snprintf git_snprintf -extern int git_snprintf(char *str, size_t maxsize, - const char *format, ...); +int git_snprintf(char *str, size_t maxsize, + const char *format, ...); #ifdef vsnprintf #undef vsnprintf #endif #define vsnprintf git_vsnprintf -extern int git_vsnprintf(char *str, size_t maxsize, - const char *format, va_list ap); +int git_vsnprintf(char *str, size_t maxsize, + const char *format, va_list ap); +#endif + +#ifdef OPEN_RETURNS_EINTR +#undef open +#define open git_open_with_retry +int git_open_with_retry(const char *path, int flag, ...); #endif #ifdef __GLIBC_PREREQ @@ -774,12 +982,9 @@ const char *inet_ntop(int af, const void *src, char *dst, size_t size); #ifdef NO_PTHREADS #define atexit git_atexit -extern int git_atexit(void (*handler)(void)); +int git_atexit(void (*handler)(void)); #endif -typedef void (*try_to_free_t)(size_t); -extern try_to_free_t set_try_to_free_routine(try_to_free_t); - static inline size_t st_add(size_t a, size_t b) { if (unsigned_add_overflows(a, b)) @@ -806,6 +1011,53 @@ static inline size_t st_sub(size_t a, size_t b) return a - b; } +static inline size_t st_left_shift(size_t a, unsigned shift) +{ + if (unsigned_left_shift_overflows(a, shift)) + die("size_t overflow: %"PRIuMAX" << %u", + (uintmax_t)a, shift); + return a << shift; +} + +static inline unsigned long cast_size_t_to_ulong(size_t a) +{ + if (a != (unsigned long)a) + die("object too large to read on this platform: %" + PRIuMAX" is cut off to %lu", + (uintmax_t)a, (unsigned long)a); + return (unsigned long)a; +} + +static inline int cast_size_t_to_int(size_t a) +{ + if (a > INT_MAX) + die("number too large to represent as int on this platform: %"PRIuMAX, + (uintmax_t)a); + return (int)a; +} + +/* + * Limit size of IO chunks, because huge chunks only cause pain. OS X + * 64-bit is buggy, returning EINVAL if len >= INT_MAX; and even in + * the absence of bugs, large chunks can result in bad latencies when + * you decide to kill the process. + * + * We pick 8 MiB as our default, but if the platform defines SSIZE_MAX + * that is smaller than that, clip it to SSIZE_MAX, as a call to + * read(2) or write(2) larger than that is allowed to fail. As the last + * resort, we allow a port to pass via CFLAGS e.g. "-DMAX_IO_SIZE=value" + * to override this, if the definition of SSIZE_MAX given by the platform + * is broken. + */ +#ifndef MAX_IO_SIZE +# define MAX_IO_SIZE_DEFAULT (8*1024*1024) +# if defined(SSIZE_MAX) && (SSIZE_MAX < MAX_IO_SIZE_DEFAULT) +# define MAX_IO_SIZE SSIZE_MAX +# else +# define MAX_IO_SIZE MAX_IO_SIZE_DEFAULT +# endif +#endif + #ifdef HAVE_ALLOCA_H # include <alloca.h> # define xalloca(size) (alloca(size)) @@ -814,28 +1066,36 @@ static inline size_t st_sub(size_t a, size_t b) # define xalloca(size) (xmalloc(size)) # define xalloca_free(p) (free(p)) #endif -extern char *xstrdup(const char *str); -extern void *xmalloc(size_t size); -extern void *xmallocz(size_t size); -extern void *xmallocz_gently(size_t size); -extern void *xmemdupz(const void *data, size_t len); -extern char *xstrndup(const char *str, size_t len); -extern void *xrealloc(void *ptr, size_t size); -extern void *xcalloc(size_t nmemb, size_t size); -extern void *xmmap(void *start, size_t length, int prot, int flags, int fd, off_t offset); -extern void *xmmap_gently(void *start, size_t length, int prot, int flags, int fd, off_t offset); -extern int xopen(const char *path, int flags, ...); -extern ssize_t xread(int fd, void *buf, size_t len); -extern ssize_t xwrite(int fd, const void *buf, size_t len); -extern ssize_t xpread(int fd, void *buf, size_t len, off_t offset); -extern int xdup(int fd); -extern FILE *xfopen(const char *path, const char *mode); -extern FILE *xfdopen(int fd, const char *mode); -extern int xmkstemp(char *temp_filename); -extern int xmkstemp_mode(char *temp_filename, int mode); -extern char *xgetcwd(void); -extern FILE *fopen_for_writing(const char *path); -extern FILE *fopen_or_warn(const char *path, const char *mode); +char *xstrdup(const char *str); +void *xmalloc(size_t size); +void *xmallocz(size_t size); +void *xmallocz_gently(size_t size); +void *xmemdupz(const void *data, size_t len); +char *xstrndup(const char *str, size_t len); +void *xrealloc(void *ptr, size_t size); +void *xcalloc(size_t nmemb, size_t size); +void xsetenv(const char *name, const char *value, int overwrite); +void *xmmap(void *start, size_t length, int prot, int flags, int fd, off_t offset); +const char *mmap_os_err(void); +void *xmmap_gently(void *start, size_t length, int prot, int flags, int fd, off_t offset); +int xopen(const char *path, int flags, ...); +ssize_t xread(int fd, void *buf, size_t len); +ssize_t xwrite(int fd, const void *buf, size_t len); +ssize_t xpread(int fd, void *buf, size_t len, off_t offset); +int xdup(int fd); +FILE *xfopen(const char *path, const char *mode); +FILE *xfdopen(int fd, const char *mode); +int xmkstemp(char *temp_filename); +int xmkstemp_mode(char *temp_filename, int mode); +char *xgetcwd(void); +FILE *fopen_for_writing(const char *path); +FILE *fopen_or_warn(const char *path, const char *mode); + +/* + * Like strncmp, but only return zero if s is NUL-terminated and exactly len + * characters long. If it is not, consider it greater than t. + */ +int xstrncmpz(const char *s, const char *t, size_t len); /* * FREE_AND_NULL(ptr) is like free(ptr) followed by ptr = NULL. Note @@ -844,10 +1104,11 @@ extern FILE *fopen_or_warn(const char *path, const char *mode); #define FREE_AND_NULL(p) do { free(p); (p) = NULL; } while (0) #define ALLOC_ARRAY(x, alloc) (x) = xmalloc(st_mult(sizeof(*(x)), (alloc))) +#define CALLOC_ARRAY(x, alloc) (x) = xcalloc((alloc), sizeof(*(x))) #define REALLOC_ARRAY(x, alloc) (x) = xrealloc((x), st_mult(sizeof(*(x)), (alloc))) #define COPY_ARRAY(dst, src, n) copy_array((dst), (src), (n), sizeof(*(dst)) + \ - BUILD_ASSERT_OR_ZERO(sizeof(*(dst)) == sizeof(*(src)))) + BARF_UNLESS_COPYABLE((dst), (src))) static inline void copy_array(void *dst, const void *src, size_t n, size_t size) { if (n) @@ -855,13 +1116,18 @@ static inline void copy_array(void *dst, const void *src, size_t n, size_t size) } #define MOVE_ARRAY(dst, src, n) move_array((dst), (src), (n), sizeof(*(dst)) + \ - BUILD_ASSERT_OR_ZERO(sizeof(*(dst)) == sizeof(*(src)))) + BARF_UNLESS_COPYABLE((dst), (src))) static inline void move_array(void *dst, const void *src, size_t n, size_t size) { if (n) memmove(dst, src, st_mult(size, n)); } +#define DUP_ARRAY(dst, src, n) do { \ + size_t dup_array_n_ = (n); \ + COPY_ARRAY(ALLOC_ARRAY((dst), dup_array_n_), (src), dup_array_n_); \ +} while (0) + /* * These functions help you allocate structs with flex arrays, and copy * the data directly into the array. For example, if you had: @@ -926,21 +1192,19 @@ static inline char *xstrdup_or_null(const char *str) static inline size_t xsize_t(off_t len) { - size_t size = (size_t) len; - - if (len != (off_t) size) + if (len < 0 || (uintmax_t) len > SIZE_MAX) die("Cannot handle files this big"); - return size; + return (size_t) len; } __attribute__((format (printf, 3, 4))) -extern int xsnprintf(char *dst, size_t max, const char *fmt, ...); +int xsnprintf(char *dst, size_t max, const char *fmt, ...); #ifndef HOST_NAME_MAX #define HOST_NAME_MAX 256 #endif -extern int xgethostname(char *buf, size_t len); +int xgethostname(char *buf, size_t len); /* in ctype.c, for kwset users */ extern const unsigned char tolower_trans_tbl[256]; @@ -961,6 +1225,7 @@ extern const unsigned char tolower_trans_tbl[256]; #undef isxdigit extern const unsigned char sane_ctype[256]; +extern const signed char hexval_table[256]; #define GIT_SPACE 0x01 #define GIT_DIGIT 0x02 #define GIT_ALPHA 0x04 @@ -1023,6 +1288,25 @@ static inline int skip_iprefix(const char *str, const char *prefix, return 0; } +/* + * Like skip_prefix_mem, but compare case-insensitively. Note that the + * comparison is done via tolower(), so it is strictly ASCII (no multi-byte + * characters or locale-specific conversions). + */ +static inline int skip_iprefix_mem(const char *buf, size_t len, + const char *prefix, + const char **out, size_t *outlen) +{ + do { + if (!*prefix) { + *out = buf; + *outlen = len; + return 1; + } + } while (len-- > 0 && tolower(*buf++) == tolower(*prefix++)); + return 0; +} + static inline int strtoul_ui(char const *s, int base, unsigned int *result) { unsigned long ul; @@ -1052,10 +1336,10 @@ static inline int strtol_i(char const *s, int base, int *result) return 0; } +void git_stable_qsort(void *base, size_t nmemb, size_t size, + int(*compar)(const void *, const void *)); #ifdef INTERNAL_QSORT -void git_qsort(void *base, size_t nmemb, size_t size, - int(*compar)(const void *, const void *)); -#define qsort git_qsort +#define qsort git_stable_qsort #endif #define QSORT(base, n, compar) sane_qsort((base), (n), sizeof(*(base)), compar) @@ -1066,6 +1350,9 @@ static inline void sane_qsort(void *base, size_t nmemb, size_t size, qsort(base, nmemb, size, compar); } +#define STABLE_QSORT(base, n, compar) \ + git_stable_qsort((base), (n), sizeof(*(base)), compar) + #ifndef HAVE_ISO_QSORT_S int git_qsort_s(void *base, size_t nmemb, size_t size, int (*compar)(const void *, const void *, void *), void *ctx); @@ -1090,6 +1377,11 @@ static inline int regexec_buf(const regex_t *preg, const char *buf, size_t size, return regexec(preg, buf, nmatch, pmatch, eflags | REG_STARTEND); } +#ifdef USE_ENHANCED_BASIC_REGULAR_EXPRESSIONS +int git_regcomp(regex_t *preg, const char *pattern, int cflags); +#define regcomp git_regcomp +#endif + #ifndef DIR_HAS_BSD_GROUP_SEMANTICS # define FORCE_DIR_SET_GID S_ISGID #else @@ -1129,22 +1421,54 @@ static inline int regexec_buf(const regex_t *preg, const char *buf, size_t size, #endif #endif -#if defined(__GNUC__) || (_MSC_VER >= 1400) || defined(__C99_MACRO_WITH_VA_ARGS) -#define HAVE_VARIADIC_MACROS 1 -#endif - /* usage.c: only to be used for testing BUG() implementation (see test-tool) */ extern int BUG_exit_code; -#ifdef HAVE_VARIADIC_MACROS +/* usage.c: if bug() is called we should have a BUG_if_bug() afterwards */ +extern int bug_called_must_BUG; + __attribute__((format (printf, 3, 4))) NORETURN void BUG_fl(const char *file, int line, const char *fmt, ...); #define BUG(...) BUG_fl(__FILE__, __LINE__, __VA_ARGS__) +__attribute__((format (printf, 3, 4))) +void bug_fl(const char *file, int line, const char *fmt, ...); +#define bug(...) bug_fl(__FILE__, __LINE__, __VA_ARGS__) +#define BUG_if_bug(...) do { \ + if (bug_called_must_BUG) \ + BUG_fl(__FILE__, __LINE__, __VA_ARGS__); \ +} while (0) + +#ifndef FSYNC_METHOD_DEFAULT +#ifdef __APPLE__ +#define FSYNC_METHOD_DEFAULT FSYNC_METHOD_WRITEOUT_ONLY #else -__attribute__((format (printf, 1, 2))) NORETURN -void BUG(const char *fmt, ...); +#define FSYNC_METHOD_DEFAULT FSYNC_METHOD_FSYNC +#endif #endif +enum fsync_action { + FSYNC_WRITEOUT_ONLY, + FSYNC_HARDWARE_FLUSH +}; + +/* + * Issues an fsync against the specified file according to the specified mode. + * + * FSYNC_WRITEOUT_ONLY attempts to use interfaces available on some operating + * systems to flush the OS cache without issuing a flush command to the storage + * controller. If those interfaces are unavailable, the function fails with + * ENOSYS. + * + * FSYNC_HARDWARE_FLUSH does an OS writeout and hardware flush to ensure that + * changes are durable. It is not expected to fail. + */ +int git_fsync(int fd, enum fsync_action action); + +/* + * Writes out trace statistics for fsync using the trace2 API. + */ +void trace_git_fsync_stats(void); + /* * Preserves errno, prints a message, but gives no warning for ENOENT. * Returns 0 on success, which includes trying to unlink an object that does @@ -1181,27 +1505,52 @@ int access_or_die(const char *path, int mode, unsigned flag); /* Warn on an inaccessible file if errno indicates this is an error */ int warn_on_fopen_errors(const char *path); -#ifdef GMTIME_UNRELIABLE_ERRORS -struct tm *git_gmtime(const time_t *); -struct tm *git_gmtime_r(const time_t *, struct tm *); -#define gmtime git_gmtime -#define gmtime_r git_gmtime_r -#endif - -#if !defined(USE_PARENS_AROUND_GETTEXT_N) && defined(__GNUC__) -#define USE_PARENS_AROUND_GETTEXT_N 1 -#endif +/* + * Open with O_NOFOLLOW, or equivalent. Note that the fallback equivalent + * may be racy. Do not use this as protection against an attacker who can + * simultaneously create paths. + */ +int open_nofollow(const char *path, int flags); #ifndef SHELL_PATH # define SHELL_PATH "/bin/sh" #endif #ifndef _POSIX_THREAD_SAFE_FUNCTIONS -#define flockfile(fh) -#define funlockfile(fh) +static inline void git_flockfile(FILE *fh UNUSED) +{ + ; /* nothing */ +} +static inline void git_funlockfile(FILE *fh UNUSED) +{ + ; /* nothing */ +} +#undef flockfile +#undef funlockfile +#undef getc_unlocked +#define flockfile(fh) git_flockfile(fh) +#define funlockfile(fh) git_funlockfile(fh) #define getc_unlocked(fh) getc(fh) #endif +#ifdef FILENO_IS_A_MACRO +int git_fileno(FILE *stream); +# ifndef COMPAT_CODE_FILENO +# undef fileno +# define fileno(p) git_fileno(p) +# endif +#endif + +#ifdef NEED_ACCESS_ROOT_HANDLER +int git_access(const char *path, int mode); +# ifndef COMPAT_CODE_ACCESS +# ifdef access +# undef access +# endif +# define access(path, mode) git_access(path, mode) +# endif +#endif + /* * Our code often opens a path to an optional file, to work on its * contents when we can successfully open it. We can ignore a failure @@ -1217,7 +1566,14 @@ static inline int is_missing_file_error(int errno_) return (errno_ == ENOENT || errno_ == ENOTDIR); } -extern int cmd_main(int, const char **); +int cmd_main(int, const char **); + +/* + * Intercept all calls to exit() and route them to trace2 to + * optionally emit a message before calling the real exit(). + */ +int common_exit(const char *file, int line, int code); +#define exit(code) exit(common_exit(__FILE__, __LINE__, (code))) /* * You can mark a stack variable with UNLEAK(var) to avoid it being @@ -1233,10 +1589,75 @@ extern int cmd_main(int, const char **); * an annotation, and does nothing in non-leak-checking builds. */ #ifdef SUPPRESS_ANNOTATED_LEAKS -extern void unleak_memory(const void *ptr, size_t len); +void unleak_memory(const void *ptr, size_t len); #define UNLEAK(var) unleak_memory(&(var), sizeof(var)) #else #define UNLEAK(var) do {} while (0) #endif +#define z_const +#include <zlib.h> + +#if ZLIB_VERNUM < 0x1290 +/* + * This is uncompress2, which is only available in zlib >= 1.2.9 + * (released as of early 2017). See compat/zlib-uncompress2.c. + */ +int uncompress2(Bytef *dest, uLongf *destLen, const Bytef *source, + uLong *sourceLen); +#endif + +/* + * This include must come after system headers, since it introduces macros that + * replace system names. + */ +#include "banned.h" + +/* + * container_of - Get the address of an object containing a field. + * + * @ptr: pointer to the field. + * @type: type of the object. + * @member: name of the field within the object. + */ +#define container_of(ptr, type, member) \ + ((type *) ((char *)(ptr) - offsetof(type, member))) + +/* + * helper function for `container_of_or_null' to avoid multiple + * evaluation of @ptr + */ +static inline void *container_of_or_null_offset(void *ptr, size_t offset) +{ + return ptr ? (char *)ptr - offset : NULL; +} + +/* + * like `container_of', but allows returned value to be NULL + */ +#define container_of_or_null(ptr, type, member) \ + (type *)container_of_or_null_offset(ptr, offsetof(type, member)) + +/* + * like offsetof(), but takes a pointer to a variable of type which + * contains @member, instead of a specified type. + * @ptr is subject to multiple evaluation since we can't rely on __typeof__ + * everywhere. + */ +#if defined(__GNUC__) /* clang sets this, too */ +#define OFFSETOF_VAR(ptr, member) offsetof(__typeof__(*ptr), member) +#else /* !__GNUC__ */ +#define OFFSETOF_VAR(ptr, member) \ + ((uintptr_t)&(ptr)->member - (uintptr_t)(ptr)) +#endif /* !__GNUC__ */ + +void sleep_millisec(int millisec); + +/* + * Generate len bytes from the system cryptographically secure PRNG. + * Returns 0 on success and -1 on error, setting errno. The inability to + * satisfy the full request is an error. + */ +int csprng_bytes(void *buf, size_t len); + #endif |