git-cvsserver: protect against NULL in crypt(3)
[git.git] / strbuf.h
blob5b1113abf8fccd49c936ed3fb5fe5d9e5dc774aa
1 #ifndef STRBUF_H
2 #define STRBUF_H
4 struct string_list;
6 /**
7 * strbuf's are meant to be used with all the usual C string and memory
8 * APIs. Given that the length of the buffer is known, it's often better to
9 * use the mem* functions than a str* one (memchr vs. strchr e.g.).
10 * Though, one has to be careful about the fact that str* functions often
11 * stop on NULs and that strbufs may have embedded NULs.
13 * A strbuf is NUL terminated for convenience, but no function in the
14 * strbuf API actually relies on the string being free of NULs.
16 * strbufs have some invariants that are very important to keep in mind:
18 * - The `buf` member is never NULL, so it can be used in any usual C
19 * string operations safely. strbuf's _have_ to be initialized either by
20 * `strbuf_init()` or by `= STRBUF_INIT` before the invariants, though.
22 * Do *not* assume anything on what `buf` really is (e.g. if it is
23 * allocated memory or not), use `strbuf_detach()` to unwrap a memory
24 * buffer from its strbuf shell in a safe way. That is the sole supported
25 * way. This will give you a malloced buffer that you can later `free()`.
27 * However, it is totally safe to modify anything in the string pointed by
28 * the `buf` member, between the indices `0` and `len-1` (inclusive).
30 * - The `buf` member is a byte array that has at least `len + 1` bytes
31 * allocated. The extra byte is used to store a `'\0'`, allowing the
32 * `buf` member to be a valid C-string. Every strbuf function ensure this
33 * invariant is preserved.
35 * NOTE: It is OK to "play" with the buffer directly if you work it this
36 * way:
38 * strbuf_grow(sb, SOME_SIZE); <1>
39 * strbuf_setlen(sb, sb->len + SOME_OTHER_SIZE);
41 * <1> Here, the memory array starting at `sb->buf`, and of length
42 * `strbuf_avail(sb)` is all yours, and you can be sure that
43 * `strbuf_avail(sb)` is at least `SOME_SIZE`.
45 * NOTE: `SOME_OTHER_SIZE` must be smaller or equal to `strbuf_avail(sb)`.
47 * Doing so is safe, though if it has to be done in many places, adding the
48 * missing API to the strbuf module is the way to go.
50 * WARNING: Do _not_ assume that the area that is yours is of size `alloc
51 * - 1` even if it's true in the current implementation. Alloc is somehow a
52 * "private" member that should not be messed with. Use `strbuf_avail()`
53 * instead.
56 /**
57 * Data Structures
58 * ---------------
61 /**
62 * This is the string buffer structure. The `len` member can be used to
63 * determine the current length of the string, and `buf` member provides
64 * access to the string itself.
66 struct strbuf {
67 size_t alloc;
68 size_t len;
69 char *buf;
72 extern char strbuf_slopbuf[];
73 #define STRBUF_INIT { .alloc = 0, .len = 0, .buf = strbuf_slopbuf }
76 * Predeclare this here, since cache.h includes this file before it defines the
77 * struct.
79 struct object_id;
81 /**
82 * Life Cycle Functions
83 * --------------------
86 /**
87 * Initialize the structure. The second parameter can be zero or a bigger
88 * number to allocate memory, in case you want to prevent further reallocs.
90 void strbuf_init(struct strbuf *sb, size_t alloc);
92 /**
93 * Release a string buffer and the memory it used. After this call, the
94 * strbuf points to an empty string that does not need to be free()ed, as
95 * if it had been set to `STRBUF_INIT` and never modified.
97 * To clear a strbuf in preparation for further use without the overhead
98 * of free()ing and malloc()ing again, use strbuf_reset() instead.
100 void strbuf_release(struct strbuf *sb);
103 * Detach the string from the strbuf and returns it; you now own the
104 * storage the string occupies and it is your responsibility from then on
105 * to release it with `free(3)` when you are done with it.
107 * The strbuf that previously held the string is reset to `STRBUF_INIT` so
108 * it can be reused after calling this function.
110 char *strbuf_detach(struct strbuf *sb, size_t *sz);
113 * Attach a string to a buffer. You should specify the string to attach,
114 * the current length of the string and the amount of allocated memory.
115 * The amount must be larger than the string length, because the string you
116 * pass is supposed to be a NUL-terminated string. This string _must_ be
117 * malloc()ed, and after attaching, the pointer cannot be relied upon
118 * anymore, and neither be free()d directly.
120 void strbuf_attach(struct strbuf *sb, void *str, size_t len, size_t mem);
123 * Swap the contents of two string buffers.
125 static inline void strbuf_swap(struct strbuf *a, struct strbuf *b)
127 SWAP(*a, *b);
132 * Functions related to the size of the buffer
133 * -------------------------------------------
137 * Determine the amount of allocated but unused memory.
139 static inline size_t strbuf_avail(const struct strbuf *sb)
141 return sb->alloc ? sb->alloc - sb->len - 1 : 0;
145 * Ensure that at least this amount of unused memory is available after
146 * `len`. This is used when you know a typical size for what you will add
147 * and want to avoid repetitive automatic resizing of the underlying buffer.
148 * This is never a needed operation, but can be critical for performance in
149 * some cases.
151 void strbuf_grow(struct strbuf *sb, size_t amount);
154 * Set the length of the buffer to a given value. This function does *not*
155 * allocate new memory, so you should not perform a `strbuf_setlen()` to a
156 * length that is larger than `len + strbuf_avail()`. `strbuf_setlen()` is
157 * just meant as a 'please fix invariants from this strbuf I just messed
158 * with'.
160 static inline void strbuf_setlen(struct strbuf *sb, size_t len)
162 if (len > (sb->alloc ? sb->alloc - 1 : 0))
163 die("BUG: strbuf_setlen() beyond buffer");
164 sb->len = len;
165 if (sb->buf != strbuf_slopbuf)
166 sb->buf[len] = '\0';
167 else
168 assert(!strbuf_slopbuf[0]);
172 * Empty the buffer by setting the size of it to zero.
174 #define strbuf_reset(sb) strbuf_setlen(sb, 0)
178 * Functions related to the contents of the buffer
179 * -----------------------------------------------
183 * Strip whitespace from the beginning (`ltrim`), end (`rtrim`), or both side
184 * (`trim`) of a string.
186 void strbuf_trim(struct strbuf *sb);
187 void strbuf_rtrim(struct strbuf *sb);
188 void strbuf_ltrim(struct strbuf *sb);
190 /* Strip trailing directory separators */
191 void strbuf_trim_trailing_dir_sep(struct strbuf *sb);
193 /* Strip trailing LF or CR/LF */
194 void strbuf_trim_trailing_newline(struct strbuf *sb);
197 * Replace the contents of the strbuf with a reencoded form. Returns -1
198 * on error, 0 on success.
200 int strbuf_reencode(struct strbuf *sb, const char *from, const char *to);
203 * Lowercase each character in the buffer using `tolower`.
205 void strbuf_tolower(struct strbuf *sb);
208 * Compare two buffers. Returns an integer less than, equal to, or greater
209 * than zero if the first buffer is found, respectively, to be less than,
210 * to match, or be greater than the second buffer.
212 int strbuf_cmp(const struct strbuf *first, const struct strbuf *second);
216 * Adding data to the buffer
217 * -------------------------
219 * NOTE: All of the functions in this section will grow the buffer as
220 * necessary. If they fail for some reason other than memory shortage and the
221 * buffer hadn't been allocated before (i.e. the `struct strbuf` was set to
222 * `STRBUF_INIT`), then they will free() it.
226 * Add a single character to the buffer.
228 static inline void strbuf_addch(struct strbuf *sb, int c)
230 if (!strbuf_avail(sb))
231 strbuf_grow(sb, 1);
232 sb->buf[sb->len++] = c;
233 sb->buf[sb->len] = '\0';
237 * Add a character the specified number of times to the buffer.
239 void strbuf_addchars(struct strbuf *sb, int c, size_t n);
242 * Insert data to the given position of the buffer. The remaining contents
243 * will be shifted, not overwritten.
245 void strbuf_insert(struct strbuf *sb, size_t pos, const void *, size_t);
248 * Insert a NUL-terminated string to the given position of the buffer.
249 * The remaining contents will be shifted, not overwritten. It's an
250 * inline function to allow the compiler to resolve strlen() calls on
251 * constants at compile time.
253 static inline void strbuf_insertstr(struct strbuf *sb, size_t pos,
254 const char *s)
256 strbuf_insert(sb, pos, s, strlen(s));
260 * Insert data to the given position of the buffer giving a printf format
261 * string. The contents will be shifted, not overwritten.
263 void strbuf_vinsertf(struct strbuf *sb, size_t pos, const char *fmt,
264 va_list ap);
266 __attribute__((format (printf, 3, 4)))
267 void strbuf_insertf(struct strbuf *sb, size_t pos, const char *fmt, ...);
270 * Remove given amount of data from a given position of the buffer.
272 void strbuf_remove(struct strbuf *sb, size_t pos, size_t len);
275 * Remove the bytes between `pos..pos+len` and replace it with the given
276 * data.
278 void strbuf_splice(struct strbuf *sb, size_t pos, size_t len,
279 const void *data, size_t data_len);
282 * Add a NUL-terminated string to the buffer. Each line will be prepended
283 * by a comment character and a blank.
285 void strbuf_add_commented_lines(struct strbuf *out,
286 const char *buf, size_t size);
290 * Add data of given length to the buffer.
292 void strbuf_add(struct strbuf *sb, const void *data, size_t len);
295 * Add a NUL-terminated string to the buffer.
297 * NOTE: This function will *always* be implemented as an inline or a macro
298 * using strlen, meaning that this is efficient to write things like:
300 * strbuf_addstr(sb, "immediate string");
303 static inline void strbuf_addstr(struct strbuf *sb, const char *s)
305 strbuf_add(sb, s, strlen(s));
309 * Copy the contents of another buffer at the end of the current one.
311 void strbuf_addbuf(struct strbuf *sb, const struct strbuf *sb2);
314 * Join the arguments into a buffer. `delim` is put between every
315 * two arguments.
317 const char *strbuf_join_argv(struct strbuf *buf, int argc,
318 const char **argv, char delim);
321 * This function can be used to expand a format string containing
322 * placeholders. To that end, it parses the string and calls the specified
323 * function for every percent sign found.
325 * The callback function is given a pointer to the character after the `%`
326 * and a pointer to the struct strbuf. It is expected to add the expanded
327 * version of the placeholder to the strbuf, e.g. to add a newline
328 * character if the letter `n` appears after a `%`. The function returns
329 * the length of the placeholder recognized and `strbuf_expand()` skips
330 * over it.
332 * The format `%%` is automatically expanded to a single `%` as a quoting
333 * mechanism; callers do not need to handle the `%` placeholder themselves,
334 * and the callback function will not be invoked for this placeholder.
336 * All other characters (non-percent and not skipped ones) are copied
337 * verbatim to the strbuf. If the callback returned zero, meaning that the
338 * placeholder is unknown, then the percent sign is copied, too.
340 * In order to facilitate caching and to make it possible to give
341 * parameters to the callback, `strbuf_expand()` passes a context
342 * pointer with any kind of data.
344 typedef size_t (*expand_fn_t) (struct strbuf *sb,
345 const char *placeholder,
346 void *context);
347 void strbuf_expand(struct strbuf *sb,
348 const char *format,
349 expand_fn_t fn,
350 void *context);
353 * Used as callback for `strbuf_expand` to only expand literals
354 * (i.e. %n and %xNN). The context argument is ignored.
356 size_t strbuf_expand_literal_cb(struct strbuf *sb,
357 const char *placeholder,
358 void *context);
361 * Used as callback for `strbuf_expand()`, expects an array of
362 * struct strbuf_expand_dict_entry as context, i.e. pairs of
363 * placeholder and replacement string. The array needs to be
364 * terminated by an entry with placeholder set to NULL.
366 struct strbuf_expand_dict_entry {
367 const char *placeholder;
368 const char *value;
370 size_t strbuf_expand_dict_cb(struct strbuf *sb,
371 const char *placeholder,
372 void *context);
375 * Append the contents of one strbuf to another, quoting any
376 * percent signs ("%") into double-percents ("%%") in the
377 * destination. This is useful for literal data to be fed to either
378 * strbuf_expand or to the *printf family of functions.
380 void strbuf_addbuf_percentquote(struct strbuf *dst, const struct strbuf *src);
382 #define STRBUF_ENCODE_SLASH 1
385 * Append the contents of a string to a strbuf, percent-encoding any characters
386 * that are needed to be encoded for a URL.
388 * If STRBUF_ENCODE_SLASH is set in flags, percent-encode slashes. Otherwise,
389 * slashes are not percent-encoded.
391 void strbuf_add_percentencode(struct strbuf *dst, const char *src, int flags);
394 * Append the given byte size as a human-readable string (i.e. 12.23 KiB,
395 * 3.50 MiB).
397 void strbuf_humanise_bytes(struct strbuf *buf, off_t bytes);
400 * Append the given byte rate as a human-readable string (i.e. 12.23 KiB/s,
401 * 3.50 MiB/s).
403 void strbuf_humanise_rate(struct strbuf *buf, off_t bytes);
406 * Add a formatted string to the buffer.
408 __attribute__((format (printf,2,3)))
409 void strbuf_addf(struct strbuf *sb, const char *fmt, ...);
412 * Add a formatted string prepended by a comment character and a
413 * blank to the buffer.
415 __attribute__((format (printf, 2, 3)))
416 void strbuf_commented_addf(struct strbuf *sb, const char *fmt, ...);
418 __attribute__((format (printf,2,0)))
419 void strbuf_vaddf(struct strbuf *sb, const char *fmt, va_list ap);
422 * Add the time specified by `tm`, as formatted by `strftime`.
423 * `tz_offset` is in decimal hhmm format, e.g. -600 means six hours west
424 * of Greenwich, and it's used to expand %z internally. However, tokens
425 * with modifiers (e.g. %Ez) are passed to `strftime`.
426 * `suppress_tz_name`, when set, expands %Z internally to the empty
427 * string rather than passing it to `strftime`.
429 void strbuf_addftime(struct strbuf *sb, const char *fmt,
430 const struct tm *tm, int tz_offset,
431 int suppress_tz_name);
434 * Read a given size of data from a FILE* pointer to the buffer.
436 * NOTE: The buffer is rewound if the read fails. If -1 is returned,
437 * `errno` must be consulted, like you would do for `read(3)`.
438 * `strbuf_read()`, `strbuf_read_file()` and `strbuf_getline_*()`
439 * family of functions have the same behaviour as well.
441 size_t strbuf_fread(struct strbuf *sb, size_t size, FILE *file);
444 * Read the contents of a given file descriptor. The third argument can be
445 * used to give a hint about the file size, to avoid reallocs. If read fails,
446 * any partial read is undone.
448 ssize_t strbuf_read(struct strbuf *sb, int fd, size_t hint);
451 * Read the contents of a given file descriptor partially by using only one
452 * attempt of xread. The third argument can be used to give a hint about the
453 * file size, to avoid reallocs. Returns the number of new bytes appended to
454 * the sb.
456 ssize_t strbuf_read_once(struct strbuf *sb, int fd, size_t hint);
459 * Read the contents of a file, specified by its path. The third argument
460 * can be used to give a hint about the file size, to avoid reallocs.
461 * Return the number of bytes read or a negative value if some error
462 * occurred while opening or reading the file.
464 ssize_t strbuf_read_file(struct strbuf *sb, const char *path, size_t hint);
467 * Read the target of a symbolic link, specified by its path. The third
468 * argument can be used to give a hint about the size, to avoid reallocs.
470 int strbuf_readlink(struct strbuf *sb, const char *path, size_t hint);
473 * Write the whole content of the strbuf to the stream not stopping at
474 * NUL bytes.
476 ssize_t strbuf_write(struct strbuf *sb, FILE *stream);
479 * Read a line from a FILE *, overwriting the existing contents of
480 * the strbuf. The strbuf_getline*() family of functions share
481 * this signature, but have different line termination conventions.
483 * Reading stops after the terminator or at EOF. The terminator
484 * is removed from the buffer before returning. Returns 0 unless
485 * there was nothing left before EOF, in which case it returns `EOF`.
487 typedef int (*strbuf_getline_fn)(struct strbuf *, FILE *);
489 /* Uses LF as the line terminator */
490 int strbuf_getline_lf(struct strbuf *sb, FILE *fp);
492 /* Uses NUL as the line terminator */
493 int strbuf_getline_nul(struct strbuf *sb, FILE *fp);
496 * Similar to strbuf_getline_lf(), but additionally treats a CR that
497 * comes immediately before the LF as part of the terminator.
498 * This is the most friendly version to be used to read "text" files
499 * that can come from platforms whose native text format is CRLF
500 * terminated.
502 int strbuf_getline(struct strbuf *sb, FILE *file);
506 * Like `strbuf_getline`, but keeps the trailing terminator (if
507 * any) in the buffer.
509 int strbuf_getwholeline(struct strbuf *sb, FILE *file, int term);
512 * Like `strbuf_getwholeline`, but appends the line instead of
513 * resetting the buffer first.
515 int strbuf_appendwholeline(struct strbuf *sb, FILE *file, int term);
518 * Like `strbuf_getwholeline`, but operates on a file descriptor.
519 * It reads one character at a time, so it is very slow. Do not
520 * use it unless you need the correct position in the file
521 * descriptor.
523 int strbuf_getwholeline_fd(struct strbuf *sb, int fd, int term);
526 * Set the buffer to the path of the current working directory.
528 int strbuf_getcwd(struct strbuf *sb);
531 * Add a path to a buffer, converting a relative path to an
532 * absolute one in the process. Symbolic links are not
533 * resolved.
535 void strbuf_add_absolute_path(struct strbuf *sb, const char *path);
538 * Canonize `path` (make it absolute, resolve symlinks, remove extra
539 * slashes) and append it to `sb`. Die with an informative error
540 * message if there is a problem.
542 * The directory part of `path` (i.e., everything up to the last
543 * dir_sep) must denote a valid, existing directory, but the last
544 * component need not exist.
546 * Callers that don't mind links should use the more lightweight
547 * strbuf_add_absolute_path() instead.
549 void strbuf_add_real_path(struct strbuf *sb, const char *path);
553 * Normalize in-place the path contained in the strbuf. See
554 * normalize_path_copy() for details. If an error occurs, the contents of "sb"
555 * are left untouched, and -1 is returned.
557 int strbuf_normalize_path(struct strbuf *sb);
560 * Strip whitespace from a buffer. The second parameter controls if
561 * comments are considered contents to be removed or not.
563 void strbuf_stripspace(struct strbuf *buf, int skip_comments);
565 static inline int strbuf_strip_suffix(struct strbuf *sb, const char *suffix)
567 if (strip_suffix_mem(sb->buf, &sb->len, suffix)) {
568 strbuf_setlen(sb, sb->len);
569 return 1;
570 } else
571 return 0;
575 * Split str (of length slen) at the specified terminator character.
576 * Return a null-terminated array of pointers to strbuf objects
577 * holding the substrings. The substrings include the terminator,
578 * except for the last substring, which might be unterminated if the
579 * original string did not end with a terminator. If max is positive,
580 * then split the string into at most max substrings (with the last
581 * substring containing everything following the (max-1)th terminator
582 * character).
584 * The most generic form is `strbuf_split_buf`, which takes an arbitrary
585 * pointer/len buffer. The `_str` variant takes a NUL-terminated string,
586 * the `_max` variant takes a strbuf, and just `strbuf_split` is a convenience
587 * wrapper to drop the `max` parameter.
589 * For lighter-weight alternatives, see string_list_split() and
590 * string_list_split_in_place().
592 struct strbuf **strbuf_split_buf(const char *str, size_t len,
593 int terminator, int max);
595 static inline struct strbuf **strbuf_split_str(const char *str,
596 int terminator, int max)
598 return strbuf_split_buf(str, strlen(str), terminator, max);
601 static inline struct strbuf **strbuf_split_max(const struct strbuf *sb,
602 int terminator, int max)
604 return strbuf_split_buf(sb->buf, sb->len, terminator, max);
607 static inline struct strbuf **strbuf_split(const struct strbuf *sb,
608 int terminator)
610 return strbuf_split_max(sb, terminator, 0);
614 * Adds all strings of a string list to the strbuf, separated by the given
615 * separator. For example, if sep is
616 * ', '
617 * and slist contains
618 * ['element1', 'element2', ..., 'elementN'],
619 * then write:
620 * 'element1, element2, ..., elementN'
621 * to str. If only one element, just write "element1" to str.
623 void strbuf_add_separated_string_list(struct strbuf *str,
624 const char *sep,
625 struct string_list *slist);
628 * Free a NULL-terminated list of strbufs (for example, the return
629 * values of the strbuf_split*() functions).
631 void strbuf_list_free(struct strbuf **list);
634 * Add the abbreviation, as generated by find_unique_abbrev, of `sha1` to
635 * the strbuf `sb`.
637 void strbuf_add_unique_abbrev(struct strbuf *sb,
638 const struct object_id *oid,
639 int abbrev_len);
642 * Launch the user preferred editor to edit a file and fill the buffer
643 * with the file's contents upon the user completing their editing. The
644 * third argument can be used to set the environment which the editor is
645 * run in. If the buffer is NULL the editor is launched as usual but the
646 * file's contents are not read into the buffer upon completion.
648 int launch_editor(const char *path, struct strbuf *buffer,
649 const char *const *env);
651 int launch_sequence_editor(const char *path, struct strbuf *buffer,
652 const char *const *env);
655 * In contrast to `launch_editor()`, this function writes out the contents
656 * of the specified file first, then clears the `buffer`, then launches
657 * the editor and reads back in the file contents into the `buffer`.
658 * Finally, it deletes the temporary file.
660 * If `path` is relative, it refers to a file in the `.git` directory.
662 int strbuf_edit_interactively(struct strbuf *buffer, const char *path,
663 const char *const *env);
665 void strbuf_add_lines(struct strbuf *sb,
666 const char *prefix,
667 const char *buf,
668 size_t size);
671 * Append s to sb, with the characters '<', '>', '&' and '"' converted
672 * into XML entities.
674 void strbuf_addstr_xml_quoted(struct strbuf *sb,
675 const char *s);
678 * "Complete" the contents of `sb` by ensuring that either it ends with the
679 * character `term`, or it is empty. This can be used, for example,
680 * to ensure that text ends with a newline, but without creating an empty
681 * blank line if there is no content in the first place.
683 static inline void strbuf_complete(struct strbuf *sb, char term)
685 if (sb->len && sb->buf[sb->len - 1] != term)
686 strbuf_addch(sb, term);
689 static inline void strbuf_complete_line(struct strbuf *sb)
691 strbuf_complete(sb, '\n');
695 * Copy "name" to "sb", expanding any special @-marks as handled by
696 * interpret_branch_name(). The result is a non-qualified branch name
697 * (so "foo" or "origin/master" instead of "refs/heads/foo" or
698 * "refs/remotes/origin/master").
700 * Note that the resulting name may not be a syntactically valid refname.
702 * If "allowed" is non-zero, restrict the set of allowed expansions. See
703 * interpret_branch_name() for details.
705 void strbuf_branchname(struct strbuf *sb, const char *name,
706 unsigned allowed);
709 * Like strbuf_branchname() above, but confirm that the result is
710 * syntactically valid to be used as a local branch name in refs/heads/.
712 * The return value is "0" if the result is valid, and "-1" otherwise.
714 int strbuf_check_branch_ref(struct strbuf *sb, const char *name);
716 typedef int (*char_predicate)(char ch);
718 int is_rfc3986_unreserved(char ch);
719 int is_rfc3986_reserved_or_unreserved(char ch);
721 void strbuf_addstr_urlencode(struct strbuf *sb, const char *name,
722 char_predicate allow_unencoded_fn);
724 __attribute__((format (printf,1,2)))
725 int printf_ln(const char *fmt, ...);
726 __attribute__((format (printf,2,3)))
727 int fprintf_ln(FILE *fp, const char *fmt, ...);
729 char *xstrdup_tolower(const char *);
730 char *xstrdup_toupper(const char *);
733 * Create a newly allocated string using printf format. You can do this easily
734 * with a strbuf, but this provides a shortcut to save a few lines.
736 __attribute__((format (printf, 1, 0)))
737 char *xstrvfmt(const char *fmt, va_list ap);
738 __attribute__((format (printf, 1, 2)))
739 char *xstrfmt(const char *fmt, ...);
741 #endif /* STRBUF_H */