Upgrade libgit2

[TortoiseGit.git] / src / TortoisePlink / PUTTYMEM.H

/*\r
 * PuTTY memory-handling header.\r
 */\r
\r
#ifndef PUTTY_PUTTYMEM_H\r
#define PUTTY_PUTTYMEM_H\r
\r
#include <stddef.h>                    /* for size_t */\r
#include <string.h>                    /* for memcpy() */\r
\r
#include "defs.h"\r
\r
#define smalloc(z) safemalloc(z,1,0)\r
#define snmalloc safemalloc\r
#define srealloc(y,z) saferealloc(y,z,1)\r
#define snrealloc saferealloc\r
#define sfree safefree\r
\r
void *safemalloc(size_t factor1, size_t factor2, size_t addend);\r
void *saferealloc(void *, size_t, size_t);\r
void safefree(void *);\r
\r
/*\r
 * Direct use of smalloc within the code should be avoided where\r
 * possible, in favour of these type-casting macros which ensure you\r
 * don't mistakenly allocate enough space for one sort of structure\r
 * and assign it to a different sort of pointer. sresize also uses\r
 * TYPECHECK to verify that the _input_ pointer is a pointer to the\r
 * correct type.\r
 */\r
#define snew(type) ((type *)snmalloc(1, sizeof(type), 0))\r
#define snewn(n, type) ((type *)snmalloc((n), sizeof(type), 0))\r
#define sresize(ptr, n, type) TYPECHECK((type *)0 == (ptr), \\r
    ((type *)snrealloc((ptr), (n), sizeof(type))))\r
\r
/*\r
 * For cases where you want to allocate a struct plus a subsidiary\r
 * data buffer in one step, this macro lets you add a constant to the\r
 * amount malloced.\r
 *\r
 * Since the return value is already cast to the struct type, a\r
 * pointer to that many bytes of extra data can be conveniently\r
 * obtained by simply adding 1 to the returned pointer!\r
 * snew_plus_get_aux is a handy macro that does that and casts the\r
 * result to void *, so you can assign it straight to wherever you\r
 * wanted it.\r
 */\r
#define snew_plus(type, extra) ((type *)snmalloc(1, sizeof(type), (extra)))\r
#define snew_plus_get_aux(ptr) ((void *)((ptr) + 1))\r
\r
/*\r
 * Helper macros to deal with the common use case of growing an array.\r
 *\r
 * The common setup is that 'array' is a pointer to the first element\r
 * of a dynamic array of some type, and 'size' represents the current\r
 * allocated size of that array (in elements). Both of those macro\r
 * parameters are implicitly written back to.\r
 *\r
 * Then sgrowarray(array, size, n) means: make sure the nth element of\r
 * the array exists (i.e. the size is at least n+1). You call that\r
 * before writing to the nth element, if you're looping round\r
 * appending to the array.\r
 *\r
 * If you need to grow the array by more than one element, you can\r
 * instead call sgrowarrayn(array, size, n, m), which will ensure the\r
 * size of the array is at least n+m. (So sgrowarray is just the\r
 * special case of that in which m == 1.)\r
 *\r
 * It's common to call sgrowarrayn with one of n,m equal to the\r
 * previous logical length of the array, and the other equal to the\r
 * new number of logical entries you want to add, so that n <= size on\r
 * entry. But that's not actually a mandatory precondition: the two\r
 * length parameters are just arbitrary integers that get added\r
 * together with an initial check for overflow, and the semantics are\r
 * simply 'make sure the array is big enough to take their sum, no\r
 * matter how big it was to start with'.)\r
 *\r
 * Another occasionally useful idiom is to call sgrowarray with n ==\r
 * size, i.e. sgrowarray(array, size, size). That just means: make\r
 * array bigger by _some_ amount, I don't particularly mind how much.\r
 * You might use that style if you were repeatedly calling an API\r
 * function outside your control, which would either fill your buffer\r
 * and return success, or else return a 'too big' error without\r
 * telling you how much bigger it needed to be.\r
 *\r
 * The _nm variants of the macro set the 'private' flag in the\r
 * underlying function, which forces array resizes to be done by a\r
 * manual allocate/copy/free instead of realloc, with careful clearing\r
 * of the previous memory block before we free it. This costs\r
 * performance, but if the block contains important secrets such as\r
 * private keys or passwords, it avoids the risk that a realloc that\r
 * moves the memory block might leave a copy of the data visible in\r
 * the freed memory at the previous location.\r
 */\r
void *safegrowarray(void *array, size_t *size, size_t eltsize,\r
                    size_t oldlen, size_t extralen, bool private);\r
\r
/* The master macro wrapper, of which all others are special cases */\r
#define sgrowarray_general(array, size, n, m, priv)                     \\r
    ((array) = safegrowarray(array, &(size), sizeof(*array), n, m, priv))\r
\r
/* The special-case macros that are easier to use in most situations */\r
#define sgrowarrayn(   a, s, n, m) sgrowarray_general(a, s, n, m, false)\r
#define sgrowarray(    a, s, n   ) sgrowarray_general(a, s, n, 1, false)\r
#define sgrowarrayn_nm(a, s, n, m) sgrowarray_general(a, s, n, m, true )\r
#define sgrowarray_nm( a, s, n   ) sgrowarray_general(a, s, n, 1, true )\r
\r
/*\r
 * This function is called by the innermost safemalloc/saferealloc\r
 * functions when allocation fails. Usually it's provided by an\r
 * implementation in utils, which ties it into an application's\r
 * existing modalfatalbox() system, but standalone test applications\r
 * can reimplement it some other way if they prefer.\r
 */\r
NORETURN void out_of_memory(void);\r
\r
#ifdef MINEFIELD\r
/*\r
 * Definitions for Minefield, PuTTY's own Windows-specific malloc\r
 * debugger in the style of Electric Fence. Implemented in\r
 * windows/utils/minefield.c, and referred to by the main malloc\r
 * wrappers in memory.c.\r
 */\r
void *minefield_c_malloc(size_t size);\r
void minefield_c_free(void *p);\r
void *minefield_c_realloc(void *p, size_t size);\r
#endif\r
\r
#endif\r