delta/libgit2.git/src/buffer.c, branch ethomson/github_actions github.com: libgit2/libgit2.git tree-wide: do not compile deprecated functions with hard deprecation 2020-06-09T12:57:06+00:00 Patrick Steinhardt ps@pks.im 2020-06-08T19:07:36+00:00 c6184f0c4b209e462bf3f42ab20df2d13d8ee918 When compiling libgit2 with -DDEPRECATE_HARD, we add a preprocessor definition `GIT_DEPRECATE_HARD` which causes the "git2/deprecated.h" header to be empty. As a result, no function declarations are made available to callers, but the implementations are still available to link against. This has the problem that function declarations also aren't visible to the implementations, meaning that the symbol's visibility will not be set up correctly. As a result, the resulting library may not expose those deprecated symbols at all on some platforms and thus cause linking errors. Fix the issue by conditionally compiling deprecated functions, only. While it becomes impossible to link against such a library in case one uses deprecated functions, distributors of libgit2 aren't expected to pass -DDEPRECATE_HARD anyway. Instead, users of libgit2 should manually define GIT_DEPRECATE_HARD to hide deprecated functions. Using "real" hard deprecation still makes sense in the context of CI to test we don't use deprecated symbols ourselves and in case a dependant uses libgit2 in a vendored way and knows it won't ever use any of the deprecated symbols anyway. 
When compiling libgit2 with -DDEPRECATE_HARD, we add a preprocessor
definition `GIT_DEPRECATE_HARD` which causes the "git2/deprecated.h"
header to be empty. As a result, no function declarations are made
available to callers, but the implementations are still available to
link against. This has the problem that function declarations also
aren't visible to the implementations, meaning that the symbol's
visibility will not be set up correctly. As a result, the resulting
library may not expose those deprecated symbols at all on some platforms
and thus cause linking errors.

Fix the issue by conditionally compiling deprecated functions, only.
While it becomes impossible to link against such a library in case one
uses deprecated functions, distributors of libgit2 aren't expected to
pass -DDEPRECATE_HARD anyway. Instead, users of libgit2 should manually
define GIT_DEPRECATE_HARD to hide deprecated functions. Using "real"
hard deprecation still makes sense in the context of CI to test we don't
use deprecated symbols ourselves and in case a dependant uses libgit2 in
a vendored way and knows it won't ever use any of the deprecated symbols
anyway.
buf: add consume_bytes 2020-01-24T15:54:29+00:00 Edward Thomson ethomson@edwardthomson.com 2019-12-06T07:22:58+00:00 d68f2b1ab7aa7358f8ff0b75b72054bb9eeced3d Allow users to consume a buffer by the number of bytes, not just to an ending pointer. 
Allow users to consume a buffer by the number of bytes, not just to an
ending pointer.
buffer: fix printing into out-of-memory buffer 2019-09-21T13:20:28+00:00 Patrick Steinhardt ps@pks.im 2019-09-19T10:24:06+00:00 174b7a32d2ab480e4f3547758cf6c5ed30bbf5f4 Before printing into a `git_buf` structure, we always call `ENSURE_SIZE` first. This macro will reallocate the buffer as-needed depending on whether the current amount of allocated bytes is sufficient or not. If `asize` is big enough, then it will just do nothing, otherwise it will call out to `git_buf_try_grow`. But in fact, it is insufficient to only check `asize`. When we fail to allocate any more bytes e.g. via `git_buf_try_grow`, then we set the buffer's pointer to `git_buf__oom`. Note that we touch neither `asize` nor `size`. So if we just check `asize > targetsize`, then we will happily let the caller of `ENSURE_SIZE` proceed with an out-of-memory buffer. As a result, we will print all bytes into the out-of-memory buffer instead, resulting in an out-of-bounds write. Fix the issue by having `ENSURE_SIZE` verify that the buffer is not marked as OOM. Add a test to verify that we're not writing into the OOM buffer. 
Before printing into a `git_buf` structure, we always call `ENSURE_SIZE`
first. This macro will reallocate the buffer as-needed depending on
whether the current amount of allocated bytes is sufficient or not. If
`asize` is big enough, then it will just do nothing, otherwise it will
call out to `git_buf_try_grow`. But in fact, it is insufficient to only
check `asize`.

When we fail to allocate any more bytes e.g. via `git_buf_try_grow`,
then we set the buffer's pointer to `git_buf__oom`. Note that we touch
neither `asize` nor `size`. So if we just check `asize > targetsize`,
then we will happily let the caller of `ENSURE_SIZE` proceed with an
out-of-memory buffer. As a result, we will print all bytes into the
out-of-memory buffer instead, resulting in an out-of-bounds write.

Fix the issue by having `ENSURE_SIZE` verify that the buffer is not
marked as OOM. Add a test to verify that we're not writing into the OOM
buffer.
buffer: fix infinite loop when growing buffers 2019-09-21T13:20:28+00:00 Patrick Steinhardt ps@pks.im 2019-09-19T10:46:37+00:00 208f1d7a4d9603ec6781ed18c10b240c7c5d2e33 When growing buffers, we repeatedly multiply the currently allocated number of bytes by 1.5 until it exceeds the requested number of bytes. This has two major problems: 1. If the current number of bytes is tiny and one wishes to resize to a comparatively huge number of bytes, then we may need to loop thousands of times. 2. If resizing to a value close to `SIZE_MAX` (which would fail anyway), then we probably hit an infinite loop as multiplying the current amount of bytes will repeatedly result in integer overflows. When reallocating buffers, one typically chooses values close to 1.5 to enable re-use of resulting memory holes in later reallocations. But because of this, it really only makes sense to use a factor of 1.5 _once_, but not looping until we finally are able to fit it. Thus, we can completely avoid the loop and just opt for the much simpler algorithm of multiplying with 1.5 once and, if the result doesn't fit, just use the target size. This avoids both problems of looping extensively and hitting overflows. This commit also adds a test that would've previously resulted in an infinite loop. 
When growing buffers, we repeatedly multiply the currently allocated
number of bytes by 1.5 until it exceeds the requested number of bytes.
This has two major problems:

    1. If the current number of bytes is tiny and one wishes to resize
       to a comparatively huge number of bytes, then we may need to loop
       thousands of times.

    2. If resizing to a value close to `SIZE_MAX` (which would fail
       anyway), then we probably hit an infinite loop as multiplying the
       current amount of bytes will repeatedly result in integer
       overflows.

When reallocating buffers, one typically chooses values close to 1.5 to
enable re-use of resulting memory holes in later reallocations. But
because of this, it really only makes sense to use a factor of 1.5
_once_, but not looping until we finally are able to fit it. Thus, we
can completely avoid the loop and just opt for the much simpler
algorithm of multiplying with 1.5 once and, if the result doesn't fit,
just use the target size. This avoids both problems of looping
extensively and hitting overflows.

This commit also adds a test that would've previously resulted in an
infinite loop.
buffer: fix memory leak if unable to grow buffer 2019-09-21T13:20:28+00:00 Patrick Steinhardt ps@pks.im 2019-09-21T13:18:42+00:00 3e8a17b01b30a5aca5e10ef6f02635111315724e If growing a buffer fails, we set its pointer to the static `git_buf__oom` structure. While we correctly free the old pointer if `git__malloc` returned an error, we do not free it if there was an integer overflow while calculating the new allocation size. Fix this issue by freeing the pointer to plug the memory leak. 
If growing a buffer fails, we set its pointer to the static
`git_buf__oom` structure. While we correctly free the old pointer if
`git__malloc` returned an error, we do not free it if there was an
integer overflow while calculating the new allocation size. Fix this
issue by freeing the pointer to plug the memory leak.
buffer: explicitly cast 2019-01-25T22:47:39+00:00 Edward Thomson ethomson@edwardthomson.com 2019-01-21T00:57:39+00:00 e5e2fac82116fe83cea3649d886af89e68ba5378 Quiet down a warning from MSVC about how we're potentially losing data. This is safe since we've explicitly tested it. 
Quiet down a warning from MSVC about how we're potentially losing data.
This is safe since we've explicitly tested it.
git_error: use new names in internal APIs and usage 2019-01-22T22:30:35+00:00 Edward Thomson ethomson@edwardthomson.com 2018-12-27T19:47:34+00:00 f673e232afe22eb865cdc915e55a2df6493f0fbb Move to the `git_error` name in the internal API for error-related functions. 
Move to the `git_error` name in the internal API for error-related
functions.
Convert usage of `git_buf_free` to new `git_buf_dispose` 2018-06-10T17:34:37+00:00 Patrick Steinhardt ps@pks.im 2018-02-08T11:14:48+00:00 ecf4f33a4e327a91496f72816f9f02d923e5af05 






buffer: deprecate `git_buf_free` in favor of `git_buf_dispose`
2018-06-10T17:30:40+00:00

Patrick Steinhardt
ps@pks.im

2018-02-08T11:14:30+00:00

56ffdfc61e37b9e7634c7c73b05d84355bea61cd












Introduce `git_buf_decode_percent`
2018-03-19T23:08:01+00:00

Edward Thomson
ethomson@edwardthomson.com

2018-03-03T18:47:35+00:00

8070a357fb6e1dc60a65a2281c932f71bbbd65d6

Introduce a function to take a percent-encoded string (URI encoded,
described by RFC 1738) and decode it into a `git_buf`.





Introduce a function to take a percent-encoded string (URI encoded,
described by RFC 1738) and decode it into a `git_buf`.