1 #ifndef GIT_COMPAT_UTIL_H
2 #define GIT_COMPAT_UTIL_H
4 #if __STDC_VERSION__ - 0 < 199901L
6 * Git is in a testing period for mandatory C99 support in the compiler. If
7 * your compiler is reasonably recent, you can try to enable C99 support (or,
8 * for MSVC, C11 support). If you encounter a problem and can't enable C99
9 * support with your compiler (such as with "-std=gnu99") and don't have access
10 * to one with this support, such as GCC or Clang, you can remove this #if
11 * directive, but please report the details of your system to
12 * git@vger.kernel.org.
14 #error "Required C99 support is in a test phase. Please see git-compat-util.h for more details."
17 #ifdef USE_MSVC_CRTDBG
19 * For these to work they must appear very early in each
20 * file -- before most of the standard header files.
29 #define _FILE_OFFSET_BITS 64
32 /* Derived from Linux "Features Test Macro" header
33 * Convenience macros to test the versions of gcc (or
34 * a compatible compiler).
36 * #if GIT_GNUC_PREREQ (2,8)
37 * ... code requiring gcc 2.8 or later ...
40 #if defined(__GNUC__) && defined(__GNUC_MINOR__)
41 # define GIT_GNUC_PREREQ(maj, min) \
42 ((__GNUC__ << 16) + __GNUC_MINOR__ >= ((maj) << 16) + (min))
44 #define GIT_GNUC_PREREQ(maj, min) 0
50 * See if our compiler is known to support flexible array members.
54 * Check vendor specific quirks first, before checking the
55 * __STDC_VERSION__, as vendor compilers can lie and we need to be
56 * able to work them around. Note that by not defining FLEX_ARRAY
57 * here, we can fall back to use the "safer but a bit wasteful" one
60 #if defined(__SUNPRO_C) && (__SUNPRO_C <= 0x580)
61 #elif defined(__GNUC__)
63 # define FLEX_ARRAY /* empty */
65 # define FLEX_ARRAY 0 /* older GNU extension */
67 #elif defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L)
68 # define FLEX_ARRAY /* empty */
72 * Otherwise, default to safer but a bit wasteful traditional style
81 * BUILD_ASSERT_OR_ZERO - assert a build-time dependency, as an expression.
82 * @cond: the compile-time condition which must be true.
84 * Your compile will fail if the condition isn't true, or can't be evaluated
85 * by the compiler. This can be used in an expression: its value is "0".
88 * #define foo_to_char(foo) \
90 * + BUILD_ASSERT_OR_ZERO(offsetof(struct foo, string) == 0))
92 #define BUILD_ASSERT_OR_ZERO(cond) \
93 (sizeof(char [1 - 2*!(cond)]) - 1)
95 #if GIT_GNUC_PREREQ(3, 1)
96 /* &arr[0] degrades to a pointer: a different type from an array */
97 # define BARF_UNLESS_AN_ARRAY(arr) \
98 BUILD_ASSERT_OR_ZERO(!__builtin_types_compatible_p(__typeof__(arr), \
99 __typeof__(&(arr)[0])))
101 # define BARF_UNLESS_AN_ARRAY(arr) 0
104 * ARRAY_SIZE - get the number of elements in a visible array
105 * @x: the array whose size you want.
107 * This does not work on pointers, or arrays declared as [], or
108 * function parameters. With correct compiler support, such usage
109 * will cause a build error (see the build_assert_or_zero macro).
111 #define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0]) + BARF_UNLESS_AN_ARRAY(x))
113 #define bitsizeof(x) (CHAR_BIT * sizeof(x))
115 #define maximum_signed_value_of_type(a) \
116 (INTMAX_MAX >> (bitsizeof(intmax_t) - bitsizeof(a)))
118 #define maximum_unsigned_value_of_type(a) \
119 (UINTMAX_MAX >> (bitsizeof(uintmax_t) - bitsizeof(a)))
122 * Signed integer overflow is undefined in C, so here's a helper macro
123 * to detect if the sum of two integers will overflow.
125 * Requires: a >= 0, typeof(a) equals typeof(b)
127 #define signed_add_overflows(a, b) \
128 ((b) > maximum_signed_value_of_type(a) - (a))
130 #define unsigned_add_overflows(a, b) \
131 ((b) > maximum_unsigned_value_of_type(a) - (a))
134 * Returns true if the multiplication of "a" and "b" will
135 * overflow. The types of "a" and "b" must match and must be unsigned.
136 * Note that this macro evaluates "a" twice!
138 #define unsigned_mult_overflows(a, b) \
139 ((a) && (b) > maximum_unsigned_value_of_type(a) / (a))
142 * Returns true if the left shift of "a" by "shift" bits will
143 * overflow. The type of "a" must be unsigned.
145 #define unsigned_left_shift_overflows(a, shift) \
146 ((shift) < bitsizeof(a) && \
147 (a) > maximum_unsigned_value_of_type(a) >> (shift))
150 #define TYPEOF(x) (__typeof__(x))
155 #define MSB(x, bits) ((x) & TYPEOF(x)(~0ULL << (bitsizeof(x) - (bits))))
156 #define HAS_MULTI_BITS(i) ((i) & ((i) - 1)) /* checks if an integer has more than 1 bit set */
158 #define DIV_ROUND_UP(n,d) (((n) + (d) - 1) / (d))
160 /* Approximation of the length of the decimal representation of this type. */
161 #define decimal_length(x) ((int)(sizeof(x) * 2.56 + 0.5) + 1)
164 #define _POSIX_C_SOURCE 1
165 #elif defined(__sun__)
167 * On Solaris, when _XOPEN_EXTENDED is set, its header file
168 * forces the programs to be XPG4v2, defeating any _XOPEN_SOURCE
169 * setting to say we are XPG5 or XPG6. Also on Solaris,
170 * XPG6 programs must be compiled with a c99 compiler, while
171 * non XPG6 programs must be compiled with a pre-c99 compiler.
173 # if __STDC_VERSION__ - 0 >= 199901L
174 # define _XOPEN_SOURCE 600
176 # define _XOPEN_SOURCE 500
178 #elif !defined(__APPLE__) && !defined(__FreeBSD__) && !defined(__USLC__) && \
179 !defined(_M_UNIX) && !defined(__sgi) && !defined(__DragonFly__) && \
180 !defined(__TANDEM) && !defined(__QNX__) && !defined(__MirBSD__) && \
182 #define _XOPEN_SOURCE 600 /* glibc2 and AIX 5.3L need 500, OpenBSD needs 600 for S_ISLNK() */
183 #define _XOPEN_SOURCE_EXTENDED 1 /* AIX 5.3L needs this */
185 #define _ALL_SOURCE 1
186 #define _GNU_SOURCE 1
187 #define _BSD_SOURCE 1
188 #define _DEFAULT_SOURCE 1
189 #define _NETBSD_SOURCE 1
190 #define _SGI_SOURCE 1
192 #if GIT_GNUC_PREREQ(4, 5)
193 #define UNUSED __attribute__((unused)) \
194 __attribute__((deprecated ("parameter declared as UNUSED")))
195 #elif defined(__GNUC__)
196 #define UNUSED __attribute__((unused)) \
197 __attribute__((deprecated))
202 #if defined(WIN32) && !defined(__CYGWIN__) /* Both MinGW and MSVC */
203 # if !defined(_WIN32_WINNT)
204 # define _WIN32_WINNT 0x0600
206 #define WIN32_LEAN_AND_MEAN /* stops windows.h including winsock.h */
207 #include <winsock2.h>
208 #ifndef NO_UNIX_SOCKETS
212 #define GIT_WINDOWS_NATIVE
217 #include <sys/stat.h>
223 #ifdef HAVE_STRINGS_H
224 #include <strings.h> /* for strcasecmp() */
228 #ifdef NEEDS_SYS_PARAM_H
229 #include <sys/param.h>
231 #include <sys/types.h>
233 #include <sys/time.h>
240 #if !defined(NO_POLL_H)
242 #elif !defined(NO_SYS_POLL_H)
243 #include <sys/poll.h>
245 /* Pull the compat stuff */
248 #ifdef HAVE_BSD_SYSCTL
249 #include <sys/sysctl.h>
252 /* Used by compat/win32/path-utils.h, and more */
253 static inline int is_xplatform_dir_sep(int c
)
255 return c
== '/' || c
== '\\';
258 #if defined(__CYGWIN__)
259 #include "compat/win32/path-utils.h"
261 #if defined(__MINGW32__)
262 /* pull in Windows compatibility stuff */
263 #include "compat/win32/path-utils.h"
264 #include "compat/mingw.h"
265 #elif defined(_MSC_VER)
266 #include "compat/win32/path-utils.h"
267 #include "compat/msvc.h"
269 #include <sys/utsname.h>
270 #include <sys/wait.h>
271 #include <sys/resource.h>
272 #include <sys/socket.h>
273 #include <sys/ioctl.h>
274 #include <sys/statvfs.h>
276 #ifndef NO_SYS_SELECT_H
277 #include <sys/select.h>
279 #include <netinet/in.h>
280 #include <netinet/tcp.h>
281 #include <arpa/inet.h>
285 #ifndef NO_INTTYPES_H
286 #include <inttypes.h>
290 #ifdef HAVE_ARC4RANDOM_LIBBSD
291 #include <bsd/stdlib.h>
293 #ifdef HAVE_GETRANDOM
294 #include <sys/random.h>
298 * On I16LP32, ILP32 and LP64 "long" is the safe bet, however
299 * on LLP86, IL33LLP64 and P64 it needs to be "long long",
300 * while on IP16 and IP16L32 it is "int" (resp. "short")
301 * Size needs to match (or exceed) 'sizeof(void *)'.
302 * We can't take "long long" here as not everybody has it.
304 typedef long intptr_t;
305 typedef unsigned long uintptr_t;
307 #undef _ALL_SOURCE /* AIX 5.3L defines a struct list with _ALL_SOURCE. */
309 #define _ALL_SOURCE 1
312 /* used on Mac OS X */
313 #ifdef PRECOMPOSE_UNICODE
314 #include "compat/precompose_utf8.h"
316 static inline const char *precompose_argv_prefix(int argc
, const char **argv
, const char *prefix
)
320 static inline const char *precompose_string_if_needed(const char *in
)
325 #define probe_utf8_pathname_composition()
328 #ifdef MKDIR_WO_TRAILING_SLASH
329 #define mkdir(a,b) compat_mkdir_wo_trailing_slash((a),(b))
330 int compat_mkdir_wo_trailing_slash(const char*, mode_t
);
333 #ifdef NO_STRUCT_ITIMERVAL
335 struct timeval it_interval
;
336 struct timeval it_value
;
341 static inline int setitimer(int which
, const struct itimerval
*value
, struct itimerval
*newvalue
) {
342 return 0; /* pretend success */
349 #define basename gitbasename
350 char *gitbasename(char *);
351 #define dirname gitdirname
352 char *gitdirname(char *);
361 #define __AVAILABILITY_MACROS_USES_AVAILABILITY 0
362 #include <AvailabilityMacros.h>
363 #undef DEPRECATED_ATTRIBUTE
364 #define DEPRECATED_ATTRIBUTE
365 #undef __AVAILABILITY_MACROS_USES_AVAILABILITY
367 #include <openssl/ssl.h>
368 #include <openssl/err.h>
372 # include <sys/sysinfo.h>
375 /* On most systems <netdb.h> would have given us this, but
376 * not on some systems (e.g. z/OS).
379 #define NI_MAXHOST 1025
383 #define NI_MAXSERV 32
386 /* On most systems <limits.h> would have given us this, but
387 * not on some systems (e.g. GNU/Hurd).
390 #define PATH_MAX 4096
393 typedef uintmax_t timestamp_t
;
394 #define PRItime PRIuMAX
395 #define parse_timestamp strtoumax
396 #define TIME_MAX UINTMAX_MAX
406 #ifndef _PATH_DEFPATH
407 #define _PATH_DEFPATH "/usr/local/bin:/usr/bin:/bin"
410 #ifndef platform_core_config
411 static inline int noop_core_config(const char *var UNUSED
,
412 const char *value UNUSED
,
417 #define platform_core_config noop_core_config
420 int lstat_cache_aware_rmdir(const char *path
);
421 #if !defined(__MINGW32__) && !defined(_MSC_VER)
422 #define rmdir lstat_cache_aware_rmdir
425 #ifndef has_dos_drive_prefix
426 static inline int git_has_dos_drive_prefix(const char *path
)
430 #define has_dos_drive_prefix git_has_dos_drive_prefix
433 #ifndef skip_dos_drive_prefix
434 static inline int git_skip_dos_drive_prefix(char **path
)
438 #define skip_dos_drive_prefix git_skip_dos_drive_prefix
441 static inline int git_is_dir_sep(int c
)
446 #define is_dir_sep git_is_dir_sep
449 #ifndef offset_1st_component
450 static inline int git_offset_1st_component(const char *path
)
452 return is_dir_sep(path
[0]);
454 #define offset_1st_component git_offset_1st_component
457 #ifndef is_valid_path
458 #define is_valid_path(path) 1
461 #ifndef is_path_owned_by_current_user
464 #define ROOT_UID 65535
470 * Do not use this function when
471 * (1) geteuid() did not say we are running as 'root', or
472 * (2) using this function will compromise the system.
474 * PORTABILITY WARNING:
475 * This code assumes uid_t is unsigned because that is what sudo does.
476 * If your uid_t type is signed and all your ids are positive then it
477 * should all work fine.
478 * If your version of sudo uses negative values for uid_t or it is
479 * buggy and return an overflowed value in SUDO_UID, then git might
480 * fail to grant access to your repository properly or even mistakenly
481 * grant access to someone else.
482 * In the unlikely scenario this happened to you, and that is how you
483 * got to this message, we would like to know about it; so sent us an
484 * email to git@vger.kernel.org indicating which platform you are
485 * using and which version of sudo, so we can improve this logic and
486 * maybe provide you with a patch that would prevent this issue again
489 static inline void extract_id_from_env(const char *env
, uid_t
*id
)
491 const char *real_uid
= getenv(env
);
493 /* discard anything empty to avoid a more complex check below */
494 if (real_uid
&& *real_uid
) {
496 unsigned long env_id
;
499 /* silent overflow errors could trigger a bug here */
500 env_id
= strtoul(real_uid
, &endptr
, 10);
501 if (!*endptr
&& !errno
)
506 static inline int is_path_owned_by_current_uid(const char *path
,
507 struct strbuf
*report UNUSED
)
512 if (lstat(path
, &st
))
516 if (euid
== ROOT_UID
)
518 if (st
.st_uid
== ROOT_UID
)
521 extract_id_from_env("SUDO_UID", &euid
);
524 return st
.st_uid
== euid
;
527 #define is_path_owned_by_current_user is_path_owned_by_current_uid
530 #ifndef find_last_dir_sep
531 static inline char *git_find_last_dir_sep(const char *path
)
533 return strrchr(path
, '/');
535 #define find_last_dir_sep git_find_last_dir_sep
539 static inline int git_has_dir_sep(const char *path
)
541 return !!strchr(path
, '/');
543 #define has_dir_sep(path) git_has_dir_sep(path)
546 #ifndef query_user_email
547 #define query_user_email() NULL
551 #include <floss.h(floss_execl,floss_execlp,floss_execv,floss_execvp)>
552 #include <floss.h(floss_getpwuid)>
555 * NonStop NSE and NSX do not provide NSIG. SIGGUARDIAN(99) is the highest
556 * known, by detective work using kill -l as a list is all signals
557 * instead of signal.h where it should be.
563 #if defined(__HP_cc) && (__HP_cc >= 61000)
564 #define NORETURN __attribute__((noreturn))
566 #elif defined(__GNUC__) && !defined(NO_NORETURN)
567 #define NORETURN __attribute__((__noreturn__))
568 #define NORETURN_PTR __attribute__((__noreturn__))
569 #elif defined(_MSC_VER)
570 #define NORETURN __declspec(noreturn)
576 #ifndef __attribute__
577 #define __attribute__(x)
582 /* The sentinel attribute is valid from gcc version 4.0 */
583 #if defined(__GNUC__) && (__GNUC__ >= 4)
584 #define LAST_ARG_MUST_BE_NULL __attribute__((sentinel))
585 /* warn_unused_result exists as of gcc 3.4.0, but be lazy and check 4.0 */
586 #define RESULT_MUST_BE_USED __attribute__ ((warn_unused_result))
588 #define LAST_ARG_MUST_BE_NULL
589 #define RESULT_MUST_BE_USED
592 #define MAYBE_UNUSED __attribute__((__unused__))
594 #include "compat/bswap.h"
596 #include "wildmatch.h"
600 /* General helper functions */
601 NORETURN
void usage(const char *err
);
602 NORETURN
void usagef(const char *err
, ...) __attribute__((format (printf
, 1, 2)));
603 NORETURN
void die(const char *err
, ...) __attribute__((format (printf
, 1, 2)));
604 NORETURN
void die_errno(const char *err
, ...) __attribute__((format (printf
, 1, 2)));
605 int die_message(const char *err
, ...) __attribute__((format (printf
, 1, 2)));
606 int die_message_errno(const char *err
, ...) __attribute__((format (printf
, 1, 2)));
607 int error(const char *err
, ...) __attribute__((format (printf
, 1, 2)));
608 int error_errno(const char *err
, ...) __attribute__((format (printf
, 1, 2)));
609 void warning(const char *err
, ...) __attribute__((format (printf
, 1, 2)));
610 void warning_errno(const char *err
, ...) __attribute__((format (printf
, 1, 2)));
613 #ifdef APPLE_COMMON_CRYPTO
614 #include "compat/apple-common-crypto.h"
616 #include <openssl/evp.h>
617 #include <openssl/hmac.h>
618 #endif /* APPLE_COMMON_CRYPTO */
619 #include <openssl/x509v3.h>
620 #endif /* NO_OPENSSL */
622 #ifdef HAVE_OPENSSL_CSPRNG
623 #include <openssl/rand.h>
627 * Let callers be aware of the constant return value; this can help
628 * gcc with -Wuninitialized analysis. We restrict this trick to gcc, though,
629 * because other compilers may be confused by this.
631 #if defined(__GNUC__)
632 static inline int const_error(void)
636 #define error(...) (error(__VA_ARGS__), const_error())
637 #define error_errno(...) (error_errno(__VA_ARGS__), const_error())
640 typedef void (*report_fn
)(const char *, va_list params
);
642 void set_die_routine(NORETURN_PTR report_fn routine
);
643 report_fn
get_die_message_routine(void);
644 void set_error_routine(report_fn routine
);
645 report_fn
get_error_routine(void);
646 void set_warn_routine(report_fn routine
);
647 report_fn
get_warn_routine(void);
648 void set_die_is_recursing_routine(int (*routine
)(void));
650 int starts_with(const char *str
, const char *prefix
);
651 int istarts_with(const char *str
, const char *prefix
);
654 * If the string "str" begins with the string found in "prefix", return 1.
655 * The "out" parameter is set to "str + strlen(prefix)" (i.e., to the point in
656 * the string right after the prefix).
658 * Otherwise, return 0 and leave "out" untouched.
662 * [extract branch name, fail if not a branch]
663 * if (!skip_prefix(ref, "refs/heads/", &branch)
666 * [skip prefix if present, otherwise use whole string]
667 * skip_prefix(name, "refs/heads/", &name);
669 static inline int skip_prefix(const char *str
, const char *prefix
,
677 } while (*str
++ == *prefix
++);
682 * If the string "str" is the same as the string in "prefix", then the "arg"
683 * parameter is set to the "def" parameter and 1 is returned.
684 * If the string "str" begins with the string found in "prefix" and then a
685 * "=" sign, then the "arg" parameter is set to "str + strlen(prefix) + 1"
686 * (i.e., to the point in the string right after the prefix and the "=" sign),
689 * Otherwise, return 0 and leave "arg" untouched.
691 * When we accept both a "--key" and a "--key=<val>" option, this function
692 * can be used instead of !strcmp(arg, "--key") and then
693 * skip_prefix(arg, "--key=", &arg) to parse such an option.
695 int skip_to_optional_arg_default(const char *str
, const char *prefix
,
696 const char **arg
, const char *def
);
698 static inline int skip_to_optional_arg(const char *str
, const char *prefix
,
701 return skip_to_optional_arg_default(str
, prefix
, arg
, "");
705 * Like skip_prefix, but promises never to read past "len" bytes of the input
706 * buffer, and returns the remaining number of bytes in "out" via "outlen".
708 static inline int skip_prefix_mem(const char *buf
, size_t len
,
710 const char **out
, size_t *outlen
)
712 size_t prefix_len
= strlen(prefix
);
713 if (prefix_len
<= len
&& !memcmp(buf
, prefix
, prefix_len
)) {
714 *out
= buf
+ prefix_len
;
715 *outlen
= len
- prefix_len
;
722 * If buf ends with suffix, return 1 and subtract the length of the suffix
723 * from *len. Otherwise, return 0 and leave *len untouched.
725 static inline int strip_suffix_mem(const char *buf
, size_t *len
,
728 size_t suflen
= strlen(suffix
);
729 if (*len
< suflen
|| memcmp(buf
+ (*len
- suflen
), suffix
, suflen
))
736 * If str ends with suffix, return 1 and set *len to the size of the string
737 * without the suffix. Otherwise, return 0 and set *len to the size of the
740 * Note that we do _not_ NUL-terminate str to the new length.
742 static inline int strip_suffix(const char *str
, const char *suffix
, size_t *len
)
745 return strip_suffix_mem(str
, len
, suffix
);
748 static inline int ends_with(const char *str
, const char *suffix
)
751 return strip_suffix(str
, suffix
, &len
);
754 #define SWAP(a, b) do { \
755 void *_swap_a_ptr = &(a); \
756 void *_swap_b_ptr = &(b); \
757 unsigned char _swap_buffer[sizeof(a)]; \
758 memcpy(_swap_buffer, _swap_a_ptr, sizeof(a)); \
759 memcpy(_swap_a_ptr, _swap_b_ptr, sizeof(a) + \
760 BUILD_ASSERT_OR_ZERO(sizeof(a) == sizeof(b))); \
761 memcpy(_swap_b_ptr, _swap_buffer, sizeof(a)); \
764 #if defined(NO_MMAP) || defined(USE_WIN32_MMAP)
769 #define MAP_PRIVATE 1
772 #define mmap git_mmap
773 #define munmap git_munmap
774 void *git_mmap(void *start
, size_t length
, int prot
, int flags
, int fd
, off_t offset
);
775 int git_munmap(void *start
, size_t length
);
777 #else /* NO_MMAP || USE_WIN32_MMAP */
779 #include <sys/mman.h>
781 #endif /* NO_MMAP || USE_WIN32_MMAP */
785 /* This value must be multiple of (pagesize * 2) */
786 #define DEFAULT_PACKED_GIT_WINDOW_SIZE (1 * 1024 * 1024)
790 /* This value must be multiple of (pagesize * 2) */
791 #define DEFAULT_PACKED_GIT_WINDOW_SIZE \
792 (sizeof(void*) >= 8 \
793 ? 1 * 1024 * 1024 * 1024 \
799 #define MAP_FAILED ((void *)-1)
802 #ifdef NO_ST_BLOCKS_IN_STRUCT_STAT
803 #define on_disk_bytes(st) ((st).st_size)
805 #define on_disk_bytes(st) ((st).st_blocks * 512)
808 #ifdef NEEDS_MODE_TRANSLATION
817 #define S_IFMT 0170000
818 #define S_IFREG 0100000
819 #define S_IFDIR 0040000
820 #define S_IFLNK 0120000
821 #define S_IFBLK 0060000
822 #define S_IFCHR 0020000
823 #define S_IFIFO 0010000
824 #define S_IFSOCK 0140000
828 #define stat(path, buf) git_stat(path, buf)
829 int git_stat(const char *, struct stat
*);
833 #define fstat(fd, buf) git_fstat(fd, buf)
834 int git_fstat(int, struct stat
*);
838 #define lstat(path, buf) git_lstat(path, buf)
839 int git_lstat(const char *, struct stat
*);
842 #define DEFAULT_PACKED_GIT_LIMIT \
843 ((1024L * 1024L) * (size_t)(sizeof(void*) >= 8 ? (32 * 1024L * 1024L) : 256))
846 #define pread git_pread
847 ssize_t
git_pread(int fd
, void *buf
, size_t count
, off_t offset
);
850 * Forward decl that will remind us if its twin in cache.h changes.
851 * This function is used in compat/pread.c. But we can't include
854 ssize_t
read_in_full(int fd
, void *buf
, size_t count
);
857 #define setenv gitsetenv
858 int gitsetenv(const char *, const char *, int);
862 #define mkdtemp gitmkdtemp
863 char *gitmkdtemp(char *);
867 #define unsetenv gitunsetenv
868 int gitunsetenv(const char *);
872 #define strcasestr gitstrcasestr
873 char *gitstrcasestr(const char *haystack
, const char *needle
);
877 #define strlcpy gitstrlcpy
878 size_t gitstrlcpy(char *, const char *, size_t);
882 #define strtoumax gitstrtoumax
883 uintmax_t gitstrtoumax(const char *, char **, int);
884 #define strtoimax gitstrtoimax
885 intmax_t gitstrtoimax(const char *, char **, int);
889 #define hstrerror githstrerror
890 const char *githstrerror(int herror
);
894 #define memmem gitmemmem
895 void *gitmemmem(const void *haystack
, size_t haystacklen
,
896 const void *needle
, size_t needlelen
);
899 #ifdef OVERRIDE_STRDUP
903 #define strdup gitstrdup
904 char *gitstrdup(const char *s
);
907 #ifdef NO_GETPAGESIZE
908 #define getpagesize() sysconf(_SC_PAGESIZE)
915 #ifdef FREAD_READS_DIRECTORIES
916 # if !defined(SUPPRESS_FOPEN_REDEFINITION)
920 # define fopen(a,b) git_fopen(a,b)
922 FILE *git_fopen(const char*, const char*);
925 #ifdef SNPRINTF_RETURNS_BOGUS
929 #define snprintf git_snprintf
930 int git_snprintf(char *str
, size_t maxsize
,
931 const char *format
, ...);
935 #define vsnprintf git_vsnprintf
936 int git_vsnprintf(char *str
, size_t maxsize
,
937 const char *format
, va_list ap
);
940 #ifdef OPEN_RETURNS_EINTR
942 #define open git_open_with_retry
943 int git_open_with_retry(const char *path
, int flag
, ...);
946 #ifdef __GLIBC_PREREQ
947 #if __GLIBC_PREREQ(2, 1)
948 #define HAVE_STRCHRNUL
952 #ifndef HAVE_STRCHRNUL
953 #define strchrnul gitstrchrnul
954 static inline char *gitstrchrnul(const char *s
, int c
)
956 while (*s
&& *s
!= c
)
963 int inet_pton(int af
, const char *src
, void *dst
);
967 const char *inet_ntop(int af
, const void *src
, char *dst
, size_t size
);
971 #define atexit git_atexit
972 int git_atexit(void (*handler
)(void));
975 static inline size_t st_add(size_t a
, size_t b
)
977 if (unsigned_add_overflows(a
, b
))
978 die("size_t overflow: %"PRIuMAX
" + %"PRIuMAX
,
979 (uintmax_t)a
, (uintmax_t)b
);
982 #define st_add3(a,b,c) st_add(st_add((a),(b)),(c))
983 #define st_add4(a,b,c,d) st_add(st_add3((a),(b),(c)),(d))
985 static inline size_t st_mult(size_t a
, size_t b
)
987 if (unsigned_mult_overflows(a
, b
))
988 die("size_t overflow: %"PRIuMAX
" * %"PRIuMAX
,
989 (uintmax_t)a
, (uintmax_t)b
);
993 static inline size_t st_sub(size_t a
, size_t b
)
996 die("size_t underflow: %"PRIuMAX
" - %"PRIuMAX
,
997 (uintmax_t)a
, (uintmax_t)b
);
1001 static inline size_t st_left_shift(size_t a
, unsigned shift
)
1003 if (unsigned_left_shift_overflows(a
, shift
))
1004 die("size_t overflow: %"PRIuMAX
" << %u",
1005 (uintmax_t)a
, shift
);
1009 static inline unsigned long cast_size_t_to_ulong(size_t a
)
1011 if (a
!= (unsigned long)a
)
1012 die("object too large to read on this platform: %"
1013 PRIuMAX
" is cut off to %lu",
1014 (uintmax_t)a
, (unsigned long)a
);
1015 return (unsigned long)a
;
1018 static inline int cast_size_t_to_int(size_t a
)
1021 die("number too large to represent as int on this platform: %"PRIuMAX
,
1027 * Limit size of IO chunks, because huge chunks only cause pain. OS X
1028 * 64-bit is buggy, returning EINVAL if len >= INT_MAX; and even in
1029 * the absence of bugs, large chunks can result in bad latencies when
1030 * you decide to kill the process.
1032 * We pick 8 MiB as our default, but if the platform defines SSIZE_MAX
1033 * that is smaller than that, clip it to SSIZE_MAX, as a call to
1034 * read(2) or write(2) larger than that is allowed to fail. As the last
1035 * resort, we allow a port to pass via CFLAGS e.g. "-DMAX_IO_SIZE=value"
1036 * to override this, if the definition of SSIZE_MAX given by the platform
1040 # define MAX_IO_SIZE_DEFAULT (8*1024*1024)
1041 # if defined(SSIZE_MAX) && (SSIZE_MAX < MAX_IO_SIZE_DEFAULT)
1042 # define MAX_IO_SIZE SSIZE_MAX
1044 # define MAX_IO_SIZE MAX_IO_SIZE_DEFAULT
1048 #ifdef HAVE_ALLOCA_H
1049 # include <alloca.h>
1050 # define xalloca(size) (alloca(size))
1051 # define xalloca_free(p) do {} while (0)
1053 # define xalloca(size) (xmalloc(size))
1054 # define xalloca_free(p) (free(p))
1056 char *xstrdup(const char *str
);
1057 void *xmalloc(size_t size
);
1058 void *xmallocz(size_t size
);
1059 void *xmallocz_gently(size_t size
);
1060 void *xmemdupz(const void *data
, size_t len
);
1061 char *xstrndup(const char *str
, size_t len
);
1062 void *xrealloc(void *ptr
, size_t size
);
1063 void *xcalloc(size_t nmemb
, size_t size
);
1064 void xsetenv(const char *name
, const char *value
, int overwrite
);
1065 void *xmmap(void *start
, size_t length
, int prot
, int flags
, int fd
, off_t offset
);
1066 const char *mmap_os_err(void);
1067 void *xmmap_gently(void *start
, size_t length
, int prot
, int flags
, int fd
, off_t offset
);
1068 int xopen(const char *path
, int flags
, ...);
1069 ssize_t
xread(int fd
, void *buf
, size_t len
);
1070 ssize_t
xwrite(int fd
, const void *buf
, size_t len
);
1071 ssize_t
xpread(int fd
, void *buf
, size_t len
, off_t offset
);
1073 FILE *xfopen(const char *path
, const char *mode
);
1074 FILE *xfdopen(int fd
, const char *mode
);
1075 int xmkstemp(char *temp_filename
);
1076 int xmkstemp_mode(char *temp_filename
, int mode
);
1077 char *xgetcwd(void);
1078 FILE *fopen_for_writing(const char *path
);
1079 FILE *fopen_or_warn(const char *path
, const char *mode
);
1082 * Like strncmp, but only return zero if s is NUL-terminated and exactly len
1083 * characters long. If it is not, consider it greater than t.
1085 int xstrncmpz(const char *s
, const char *t
, size_t len
);
1088 * FREE_AND_NULL(ptr) is like free(ptr) followed by ptr = NULL. Note
1089 * that ptr is used twice, so don't pass e.g. ptr++.
1091 #define FREE_AND_NULL(p) do { free(p); (p) = NULL; } while (0)
1093 #define ALLOC_ARRAY(x, alloc) (x) = xmalloc(st_mult(sizeof(*(x)), (alloc)))
1094 #define CALLOC_ARRAY(x, alloc) (x) = xcalloc((alloc), sizeof(*(x)))
1095 #define REALLOC_ARRAY(x, alloc) (x) = xrealloc((x), st_mult(sizeof(*(x)), (alloc)))
1097 #define COPY_ARRAY(dst, src, n) copy_array((dst), (src), (n), sizeof(*(dst)) + \
1098 BUILD_ASSERT_OR_ZERO(sizeof(*(dst)) == sizeof(*(src))))
1099 static inline void copy_array(void *dst
, const void *src
, size_t n
, size_t size
)
1102 memcpy(dst
, src
, st_mult(size
, n
));
1105 #define MOVE_ARRAY(dst, src, n) move_array((dst), (src), (n), sizeof(*(dst)) + \
1106 BUILD_ASSERT_OR_ZERO(sizeof(*(dst)) == sizeof(*(src))))
1107 static inline void move_array(void *dst
, const void *src
, size_t n
, size_t size
)
1110 memmove(dst
, src
, st_mult(size
, n
));
1114 * These functions help you allocate structs with flex arrays, and copy
1115 * the data directly into the array. For example, if you had:
1119 * char name[FLEX_ARRAY];
1125 * FLEX_ALLOC_MEM(f, name, src, len);
1127 * to allocate a "foo" with the contents of "src" in the "name" field.
1128 * The resulting struct is automatically zero'd, and the flex-array field
1129 * is NUL-terminated (whether the incoming src buffer was or not).
1131 * The FLEXPTR_* variants operate on structs that don't use flex-arrays,
1132 * but do want to store a pointer to some extra data in the same allocated
1133 * block. For example, if you have:
1143 * FLEXPTR_ALLOC_STR(f, name, src);
1145 * and "name" will point to a block of memory after the struct, which will be
1146 * freed along with the struct (but the pointer can be repointed anywhere).
1148 * The *_STR variants accept a string parameter rather than a ptr/len
1151 * Note that these macros will evaluate the first parameter multiple
1152 * times, and it must be assignable as an lvalue.
1154 #define FLEX_ALLOC_MEM(x, flexname, buf, len) do { \
1155 size_t flex_array_len_ = (len); \
1156 (x) = xcalloc(1, st_add3(sizeof(*(x)), flex_array_len_, 1)); \
1157 memcpy((void *)(x)->flexname, (buf), flex_array_len_); \
1159 #define FLEXPTR_ALLOC_MEM(x, ptrname, buf, len) do { \
1160 size_t flex_array_len_ = (len); \
1161 (x) = xcalloc(1, st_add3(sizeof(*(x)), flex_array_len_, 1)); \
1162 memcpy((x) + 1, (buf), flex_array_len_); \
1163 (x)->ptrname = (void *)((x)+1); \
1165 #define FLEX_ALLOC_STR(x, flexname, str) \
1166 FLEX_ALLOC_MEM((x), flexname, (str), strlen(str))
1167 #define FLEXPTR_ALLOC_STR(x, ptrname, str) \
1168 FLEXPTR_ALLOC_MEM((x), ptrname, (str), strlen(str))
1170 static inline char *xstrdup_or_null(const char *str
)
1172 return str
? xstrdup(str
) : NULL
;
1175 static inline size_t xsize_t(off_t len
)
1177 if (len
< 0 || (uintmax_t) len
> SIZE_MAX
)
1178 die("Cannot handle files this big");
1179 return (size_t) len
;
1182 __attribute__((format (printf
, 3, 4)))
1183 int xsnprintf(char *dst
, size_t max
, const char *fmt
, ...);
1185 #ifndef HOST_NAME_MAX
1186 #define HOST_NAME_MAX 256
1189 int xgethostname(char *buf
, size_t len
);
1191 /* in ctype.c, for kwset users */
1192 extern const unsigned char tolower_trans_tbl
[256];
1194 /* Sane ctype - no locale, and works with signed chars */
1209 extern const unsigned char sane_ctype
[256];
1210 #define GIT_SPACE 0x01
1211 #define GIT_DIGIT 0x02
1212 #define GIT_ALPHA 0x04
1213 #define GIT_GLOB_SPECIAL 0x08
1214 #define GIT_REGEX_SPECIAL 0x10
1215 #define GIT_PATHSPEC_MAGIC 0x20
1216 #define GIT_CNTRL 0x40
1217 #define GIT_PUNCT 0x80
1218 #define sane_istest(x,mask) ((sane_ctype[(unsigned char)(x)] & (mask)) != 0)
1219 #define isascii(x) (((x) & ~0x7f) == 0)
1220 #define isspace(x) sane_istest(x,GIT_SPACE)
1221 #define isdigit(x) sane_istest(x,GIT_DIGIT)
1222 #define isalpha(x) sane_istest(x,GIT_ALPHA)
1223 #define isalnum(x) sane_istest(x,GIT_ALPHA | GIT_DIGIT)
1224 #define isprint(x) ((x) >= 0x20 && (x) <= 0x7e)
1225 #define islower(x) sane_iscase(x, 1)
1226 #define isupper(x) sane_iscase(x, 0)
1227 #define is_glob_special(x) sane_istest(x,GIT_GLOB_SPECIAL)
1228 #define is_regex_special(x) sane_istest(x,GIT_GLOB_SPECIAL | GIT_REGEX_SPECIAL)
1229 #define iscntrl(x) (sane_istest(x,GIT_CNTRL))
1230 #define ispunct(x) sane_istest(x, GIT_PUNCT | GIT_REGEX_SPECIAL | \
1231 GIT_GLOB_SPECIAL | GIT_PATHSPEC_MAGIC)
1232 #define isxdigit(x) (hexval_table[(unsigned char)(x)] != -1)
1233 #define tolower(x) sane_case((unsigned char)(x), 0x20)
1234 #define toupper(x) sane_case((unsigned char)(x), 0)
1235 #define is_pathspec_magic(x) sane_istest(x,GIT_PATHSPEC_MAGIC)
1237 static inline int sane_case(int x
, int high
)
1239 if (sane_istest(x
, GIT_ALPHA
))
1240 x
= (x
& ~0x20) | high
;
1244 static inline int sane_iscase(int x
, int is_lower
)
1246 if (!sane_istest(x
, GIT_ALPHA
))
1250 return (x
& 0x20) != 0;
1252 return (x
& 0x20) == 0;
1256 * Like skip_prefix, but compare case-insensitively. Note that the comparison
1257 * is done via tolower(), so it is strictly ASCII (no multi-byte characters or
1258 * locale-specific conversions).
1260 static inline int skip_iprefix(const char *str
, const char *prefix
,
1268 } while (tolower(*str
++) == tolower(*prefix
++));
1272 static inline int strtoul_ui(char const *s
, int base
, unsigned int *result
)
1278 /* negative values would be accepted by strtoul */
1281 ul
= strtoul(s
, &p
, base
);
1282 if (errno
|| *p
|| p
== s
|| (unsigned int) ul
!= ul
)
1288 static inline int strtol_i(char const *s
, int base
, int *result
)
1294 ul
= strtol(s
, &p
, base
);
1295 if (errno
|| *p
|| p
== s
|| (int) ul
!= ul
)
1301 void git_stable_qsort(void *base
, size_t nmemb
, size_t size
,
1302 int(*compar
)(const void *, const void *));
1303 #ifdef INTERNAL_QSORT
1304 #define qsort git_stable_qsort
1307 #define QSORT(base, n, compar) sane_qsort((base), (n), sizeof(*(base)), compar)
1308 static inline void sane_qsort(void *base
, size_t nmemb
, size_t size
,
1309 int(*compar
)(const void *, const void *))
1312 qsort(base
, nmemb
, size
, compar
);
1315 #define STABLE_QSORT(base, n, compar) \
1316 git_stable_qsort((base), (n), sizeof(*(base)), compar)
1318 #ifndef HAVE_ISO_QSORT_S
1319 int git_qsort_s(void *base
, size_t nmemb
, size_t size
,
1320 int (*compar
)(const void *, const void *, void *), void *ctx
);
1321 #define qsort_s git_qsort_s
1324 #define QSORT_S(base, n, compar, ctx) do { \
1325 if (qsort_s((base), (n), sizeof(*(base)), compar, ctx)) \
1326 BUG("qsort_s() failed"); \
1329 #ifndef REG_STARTEND
1330 #error "Git requires REG_STARTEND support. Compile with NO_REGEX=NeedsStartEnd"
1333 static inline int regexec_buf(const regex_t
*preg
, const char *buf
, size_t size
,
1334 size_t nmatch
, regmatch_t pmatch
[], int eflags
)
1336 assert(nmatch
> 0 && pmatch
);
1337 pmatch
[0].rm_so
= 0;
1338 pmatch
[0].rm_eo
= size
;
1339 return regexec(preg
, buf
, nmatch
, pmatch
, eflags
| REG_STARTEND
);
1342 #ifndef DIR_HAS_BSD_GROUP_SEMANTICS
1343 # define FORCE_DIR_SET_GID S_ISGID
1345 # define FORCE_DIR_SET_GID 0
1350 #define ST_CTIME_NSEC(st) 0
1351 #define ST_MTIME_NSEC(st) 0
1353 #ifdef USE_ST_TIMESPEC
1354 #define ST_CTIME_NSEC(st) ((unsigned int)((st).st_ctimespec.tv_nsec))
1355 #define ST_MTIME_NSEC(st) ((unsigned int)((st).st_mtimespec.tv_nsec))
1357 #define ST_CTIME_NSEC(st) ((unsigned int)((st).st_ctim.tv_nsec))
1358 #define ST_MTIME_NSEC(st) ((unsigned int)((st).st_mtim.tv_nsec))
1362 #ifdef UNRELIABLE_FSTAT
1363 #define fstat_is_reliable() 0
1365 #define fstat_is_reliable() 1
1370 * Since an obvious implementation of va_list would be to make it a
1371 * pointer into the stack frame, a simple assignment will work on
1372 * many systems. But let's try to be more portable.
1375 #define va_copy(dst, src) __va_copy(dst, src)
1377 #define va_copy(dst, src) ((dst) = (src))
1381 /* usage.c: only to be used for testing BUG() implementation (see test-tool) */
1382 extern int BUG_exit_code
;
1384 /* usage.c: if bug() is called we should have a BUG_if_bug() afterwards */
1385 extern int bug_called_must_BUG
;
1387 __attribute__((format (printf
, 3, 4))) NORETURN
1388 void BUG_fl(const char *file
, int line
, const char *fmt
, ...);
1389 #define BUG(...) BUG_fl(__FILE__, __LINE__, __VA_ARGS__)
1390 __attribute__((format (printf
, 3, 4)))
1391 void bug_fl(const char *file
, int line
, const char *fmt
, ...);
1392 #define bug(...) bug_fl(__FILE__, __LINE__, __VA_ARGS__)
1393 #define BUG_if_bug(...) do { \
1394 if (bug_called_must_BUG) \
1395 BUG_fl(__FILE__, __LINE__, __VA_ARGS__); \
1398 #ifndef FSYNC_METHOD_DEFAULT
1400 #define FSYNC_METHOD_DEFAULT FSYNC_METHOD_WRITEOUT_ONLY
1402 #define FSYNC_METHOD_DEFAULT FSYNC_METHOD_FSYNC
1407 FSYNC_WRITEOUT_ONLY
,
1408 FSYNC_HARDWARE_FLUSH
1412 * Issues an fsync against the specified file according to the specified mode.
1414 * FSYNC_WRITEOUT_ONLY attempts to use interfaces available on some operating
1415 * systems to flush the OS cache without issuing a flush command to the storage
1416 * controller. If those interfaces are unavailable, the function fails with
1419 * FSYNC_HARDWARE_FLUSH does an OS writeout and hardware flush to ensure that
1420 * changes are durable. It is not expected to fail.
1422 int git_fsync(int fd
, enum fsync_action action
);
1425 * Writes out trace statistics for fsync using the trace2 API.
1427 void trace_git_fsync_stats(void);
1430 * Preserves errno, prints a message, but gives no warning for ENOENT.
1431 * Returns 0 on success, which includes trying to unlink an object that does
1434 int unlink_or_warn(const char *path
);
1436 * Tries to unlink file. Returns 0 if unlink succeeded
1437 * or the file already didn't exist. Returns -1 and
1438 * appends a message to err suitable for
1439 * 'error("%s", err->buf)' on error.
1441 int unlink_or_msg(const char *file
, struct strbuf
*err
);
1443 * Preserves errno, prints a message, but gives no warning for ENOENT.
1444 * Returns 0 on success, which includes trying to remove a directory that does
1447 int rmdir_or_warn(const char *path
);
1449 * Calls the correct function out of {unlink,rmdir}_or_warn based on
1450 * the supplied file mode.
1452 int remove_or_warn(unsigned int mode
, const char *path
);
1455 * Call access(2), but warn for any error except "missing file"
1456 * (ENOENT or ENOTDIR).
1458 #define ACCESS_EACCES_OK (1U << 0)
1459 int access_or_warn(const char *path
, int mode
, unsigned flag
);
1460 int access_or_die(const char *path
, int mode
, unsigned flag
);
1462 /* Warn on an inaccessible file if errno indicates this is an error */
1463 int warn_on_fopen_errors(const char *path
);
1466 * Open with O_NOFOLLOW, or equivalent. Note that the fallback equivalent
1467 * may be racy. Do not use this as protection against an attacker who can
1468 * simultaneously create paths.
1470 int open_nofollow(const char *path
, int flags
);
1473 # define SHELL_PATH "/bin/sh"
1476 #ifndef _POSIX_THREAD_SAFE_FUNCTIONS
1477 static inline void flockfile(FILE *fh
)
1481 static inline void funlockfile(FILE *fh
)
1485 #define getc_unlocked(fh) getc(fh)
1488 #ifdef FILENO_IS_A_MACRO
1489 int git_fileno(FILE *stream
);
1490 # ifndef COMPAT_CODE_FILENO
1492 # define fileno(p) git_fileno(p)
1496 #ifdef NEED_ACCESS_ROOT_HANDLER
1497 int git_access(const char *path
, int mode
);
1498 # ifndef COMPAT_CODE_ACCESS
1502 # define access(path, mode) git_access(path, mode)
1507 * Our code often opens a path to an optional file, to work on its
1508 * contents when we can successfully open it. We can ignore a failure
1509 * to open if such an optional file does not exist, but we do want to
1510 * report a failure in opening for other reasons (e.g. we got an I/O
1511 * error, or the file is there, but we lack the permission to open).
1513 * Call this function after seeing an error from open() or fopen() to
1514 * see if the errno indicates a missing file that we can safely ignore.
1516 static inline int is_missing_file_error(int errno_
)
1518 return (errno_
== ENOENT
|| errno_
== ENOTDIR
);
1521 int cmd_main(int, const char **);
1524 * Intercept all calls to exit() and route them to trace2 to
1525 * optionally emit a message before calling the real exit().
1527 int common_exit(const char *file
, int line
, int code
);
1528 #define exit(code) exit(common_exit(__FILE__, __LINE__, (code)))
1531 * You can mark a stack variable with UNLEAK(var) to avoid it being
1532 * reported as a leak by tools like LSAN or valgrind. The argument
1533 * should generally be the variable itself (not its address and not what
1534 * it points to). It's safe to use this on pointers which may already
1535 * have been freed, or on pointers which may still be in use.
1537 * Use this _only_ for a variable that leaks by going out of scope at
1538 * program exit (so only from cmd_* functions or their direct helpers).
1539 * Normal functions, especially those which may be called multiple
1540 * times, should actually free their memory. This is only meant as
1541 * an annotation, and does nothing in non-leak-checking builds.
1543 #ifdef SUPPRESS_ANNOTATED_LEAKS
1544 void unleak_memory(const void *ptr
, size_t len
);
1545 #define UNLEAK(var) unleak_memory(&(var), sizeof(var))
1547 #define UNLEAK(var) do {} while (0)
1553 #if ZLIB_VERNUM < 0x1290
1555 * This is uncompress2, which is only available in zlib >= 1.2.9
1556 * (released as of early 2017). See compat/zlib-uncompress2.c.
1558 int uncompress2(Bytef
*dest
, uLongf
*destLen
, const Bytef
*source
,
1563 * This include must come after system headers, since it introduces macros that
1564 * replace system names.
1569 * container_of - Get the address of an object containing a field.
1571 * @ptr: pointer to the field.
1572 * @type: type of the object.
1573 * @member: name of the field within the object.
1575 #define container_of(ptr, type, member) \
1576 ((type *) ((char *)(ptr) - offsetof(type, member)))
1579 * helper function for `container_of_or_null' to avoid multiple
1580 * evaluation of @ptr
1582 static inline void *container_of_or_null_offset(void *ptr
, size_t offset
)
1584 return ptr
? (char *)ptr
- offset
: NULL
;
1588 * like `container_of', but allows returned value to be NULL
1590 #define container_of_or_null(ptr, type, member) \
1591 (type *)container_of_or_null_offset(ptr, offsetof(type, member))
1594 * like offsetof(), but takes a pointer to a variable of type which
1595 * contains @member, instead of a specified type.
1596 * @ptr is subject to multiple evaluation since we can't rely on __typeof__
1599 #if defined(__GNUC__) /* clang sets this, too */
1600 #define OFFSETOF_VAR(ptr, member) offsetof(__typeof__(*ptr), member)
1601 #else /* !__GNUC__ */
1602 #define OFFSETOF_VAR(ptr, member) \
1603 ((uintptr_t)&(ptr)->member - (uintptr_t)(ptr))
1604 #endif /* !__GNUC__ */
1606 void sleep_millisec(int millisec
);
1609 * Generate len bytes from the system cryptographically secure PRNG.
1610 * Returns 0 on success and -1 on error, setting errno. The inability to
1611 * satisfy the full request is an error.
1613 int csprng_bytes(void *buf
, size_t len
);