t1501: demonstrate NULL pointer access with invalid GIT_WORK_TREE
[git/debian.git] / strbuf.h
blobcf1b5409e7c39eba4981a0a23e8250249a9202f1
1 #ifndef STRBUF_H
2 #define STRBUF_H
4 /**
5 * strbuf's are meant to be used with all the usual C string and memory
6 * APIs. Given that the length of the buffer is known, it's often better to
7 * use the mem* functions than a str* one (memchr vs. strchr e.g.).
8 * Though, one has to be careful about the fact that str* functions often
9 * stop on NULs and that strbufs may have embedded NULs.
11 * A strbuf is NUL terminated for convenience, but no function in the
12 * strbuf API actually relies on the string being free of NULs.
14 * strbufs have some invariants that are very important to keep in mind:
16 * - The `buf` member is never NULL, so it can be used in any usual C
17 * string operations safely. strbuf's _have_ to be initialized either by
18 * `strbuf_init()` or by `= STRBUF_INIT` before the invariants, though.
20 * Do *not* assume anything on what `buf` really is (e.g. if it is
21 * allocated memory or not), use `strbuf_detach()` to unwrap a memory
22 * buffer from its strbuf shell in a safe way. That is the sole supported
23 * way. This will give you a malloced buffer that you can later `free()`.
25 * However, it is totally safe to modify anything in the string pointed by
26 * the `buf` member, between the indices `0` and `len-1` (inclusive).
28 * - The `buf` member is a byte array that has at least `len + 1` bytes
29 * allocated. The extra byte is used to store a `'\0'`, allowing the
30 * `buf` member to be a valid C-string. Every strbuf function ensure this
31 * invariant is preserved.
33 * NOTE: It is OK to "play" with the buffer directly if you work it this
34 * way:
36 * strbuf_grow(sb, SOME_SIZE); <1>
37 * strbuf_setlen(sb, sb->len + SOME_OTHER_SIZE);
39 * <1> Here, the memory array starting at `sb->buf`, and of length
40 * `strbuf_avail(sb)` is all yours, and you can be sure that
41 * `strbuf_avail(sb)` is at least `SOME_SIZE`.
43 * NOTE: `SOME_OTHER_SIZE` must be smaller or equal to `strbuf_avail(sb)`.
45 * Doing so is safe, though if it has to be done in many places, adding the
46 * missing API to the strbuf module is the way to go.
48 * WARNING: Do _not_ assume that the area that is yours is of size `alloc
49 * - 1` even if it's true in the current implementation. Alloc is somehow a
50 * "private" member that should not be messed with. Use `strbuf_avail()`
51 * instead.
54 /**
55 * Data Structures
56 * ---------------
59 /**
60 * This is the string buffer structure. The `len` member can be used to
61 * determine the current length of the string, and `buf` member provides
62 * access to the string itself.
64 struct strbuf {
65 size_t alloc;
66 size_t len;
67 char *buf;
70 extern char strbuf_slopbuf[];
71 #define STRBUF_INIT { 0, 0, strbuf_slopbuf }
73 /**
74 * Life Cycle Functions
75 * --------------------
78 /**
79 * Initialize the structure. The second parameter can be zero or a bigger
80 * number to allocate memory, in case you want to prevent further reallocs.
82 extern void strbuf_init(struct strbuf *, size_t);
84 /**
85 * Release a string buffer and the memory it used. You should not use the
86 * string buffer after using this function, unless you initialize it again.
88 extern void strbuf_release(struct strbuf *);
90 /**
91 * Detach the string from the strbuf and returns it; you now own the
92 * storage the string occupies and it is your responsibility from then on
93 * to release it with `free(3)` when you are done with it.
95 extern char *strbuf_detach(struct strbuf *, size_t *);
97 /**
98 * Attach a string to a buffer. You should specify the string to attach,
99 * the current length of the string and the amount of allocated memory.
100 * The amount must be larger than the string length, because the string you
101 * pass is supposed to be a NUL-terminated string. This string _must_ be
102 * malloc()ed, and after attaching, the pointer cannot be relied upon
103 * anymore, and neither be free()d directly.
105 extern void strbuf_attach(struct strbuf *, void *, size_t, size_t);
108 * Swap the contents of two string buffers.
110 static inline void strbuf_swap(struct strbuf *a, struct strbuf *b)
112 SWAP(*a, *b);
117 * Functions related to the size of the buffer
118 * -------------------------------------------
122 * Determine the amount of allocated but unused memory.
124 static inline size_t strbuf_avail(const struct strbuf *sb)
126 return sb->alloc ? sb->alloc - sb->len - 1 : 0;
130 * Ensure that at least this amount of unused memory is available after
131 * `len`. This is used when you know a typical size for what you will add
132 * and want to avoid repetitive automatic resizing of the underlying buffer.
133 * This is never a needed operation, but can be critical for performance in
134 * some cases.
136 extern void strbuf_grow(struct strbuf *, size_t);
139 * Set the length of the buffer to a given value. This function does *not*
140 * allocate new memory, so you should not perform a `strbuf_setlen()` to a
141 * length that is larger than `len + strbuf_avail()`. `strbuf_setlen()` is
142 * just meant as a 'please fix invariants from this strbuf I just messed
143 * with'.
145 static inline void strbuf_setlen(struct strbuf *sb, size_t len)
147 if (len > (sb->alloc ? sb->alloc - 1 : 0))
148 die("BUG: strbuf_setlen() beyond buffer");
149 sb->len = len;
150 sb->buf[len] = '\0';
154 * Empty the buffer by setting the size of it to zero.
156 #define strbuf_reset(sb) strbuf_setlen(sb, 0)
160 * Functions related to the contents of the buffer
161 * -----------------------------------------------
165 * Strip whitespace from the beginning (`ltrim`), end (`rtrim`), or both side
166 * (`trim`) of a string.
168 extern void strbuf_trim(struct strbuf *);
169 extern void strbuf_rtrim(struct strbuf *);
170 extern void strbuf_ltrim(struct strbuf *);
173 * Replace the contents of the strbuf with a reencoded form. Returns -1
174 * on error, 0 on success.
176 extern int strbuf_reencode(struct strbuf *sb, const char *from, const char *to);
179 * Lowercase each character in the buffer using `tolower`.
181 extern void strbuf_tolower(struct strbuf *sb);
184 * Compare two buffers. Returns an integer less than, equal to, or greater
185 * than zero if the first buffer is found, respectively, to be less than,
186 * to match, or be greater than the second buffer.
188 extern int strbuf_cmp(const struct strbuf *, const struct strbuf *);
192 * Adding data to the buffer
193 * -------------------------
195 * NOTE: All of the functions in this section will grow the buffer as
196 * necessary. If they fail for some reason other than memory shortage and the
197 * buffer hadn't been allocated before (i.e. the `struct strbuf` was set to
198 * `STRBUF_INIT`), then they will free() it.
202 * Add a single character to the buffer.
204 static inline void strbuf_addch(struct strbuf *sb, int c)
206 if (!strbuf_avail(sb))
207 strbuf_grow(sb, 1);
208 sb->buf[sb->len++] = c;
209 sb->buf[sb->len] = '\0';
213 * Add a character the specified number of times to the buffer.
215 extern void strbuf_addchars(struct strbuf *sb, int c, size_t n);
218 * Insert data to the given position of the buffer. The remaining contents
219 * will be shifted, not overwritten.
221 extern void strbuf_insert(struct strbuf *, size_t pos, const void *, size_t);
224 * Remove given amount of data from a given position of the buffer.
226 extern void strbuf_remove(struct strbuf *, size_t pos, size_t len);
229 * Remove the bytes between `pos..pos+len` and replace it with the given
230 * data.
232 extern void strbuf_splice(struct strbuf *, size_t pos, size_t len,
233 const void *, size_t);
236 * Add a NUL-terminated string to the buffer. Each line will be prepended
237 * by a comment character and a blank.
239 extern void strbuf_add_commented_lines(struct strbuf *out, const char *buf, size_t size);
243 * Add data of given length to the buffer.
245 extern void strbuf_add(struct strbuf *, const void *, size_t);
248 * Add a NUL-terminated string to the buffer.
250 * NOTE: This function will *always* be implemented as an inline or a macro
251 * using strlen, meaning that this is efficient to write things like:
253 * strbuf_addstr(sb, "immediate string");
256 static inline void strbuf_addstr(struct strbuf *sb, const char *s)
258 strbuf_add(sb, s, strlen(s));
262 * Copy the contents of another buffer at the end of the current one.
264 extern void strbuf_addbuf(struct strbuf *sb, const struct strbuf *sb2);
267 * Copy part of the buffer from a given position till a given length to the
268 * end of the buffer.
270 extern void strbuf_adddup(struct strbuf *sb, size_t pos, size_t len);
273 * This function can be used to expand a format string containing
274 * placeholders. To that end, it parses the string and calls the specified
275 * function for every percent sign found.
277 * The callback function is given a pointer to the character after the `%`
278 * and a pointer to the struct strbuf. It is expected to add the expanded
279 * version of the placeholder to the strbuf, e.g. to add a newline
280 * character if the letter `n` appears after a `%`. The function returns
281 * the length of the placeholder recognized and `strbuf_expand()` skips
282 * over it.
284 * The format `%%` is automatically expanded to a single `%` as a quoting
285 * mechanism; callers do not need to handle the `%` placeholder themselves,
286 * and the callback function will not be invoked for this placeholder.
288 * All other characters (non-percent and not skipped ones) are copied
289 * verbatim to the strbuf. If the callback returned zero, meaning that the
290 * placeholder is unknown, then the percent sign is copied, too.
292 * In order to facilitate caching and to make it possible to give
293 * parameters to the callback, `strbuf_expand()` passes a context pointer,
294 * which can be used by the programmer of the callback as she sees fit.
296 typedef size_t (*expand_fn_t) (struct strbuf *sb, const char *placeholder, void *context);
297 extern void strbuf_expand(struct strbuf *sb, const char *format, expand_fn_t fn, void *context);
300 * Used as callback for `strbuf_expand()`, expects an array of
301 * struct strbuf_expand_dict_entry as context, i.e. pairs of
302 * placeholder and replacement string. The array needs to be
303 * terminated by an entry with placeholder set to NULL.
305 struct strbuf_expand_dict_entry {
306 const char *placeholder;
307 const char *value;
309 extern size_t strbuf_expand_dict_cb(struct strbuf *sb, const char *placeholder, void *context);
312 * Append the contents of one strbuf to another, quoting any
313 * percent signs ("%") into double-percents ("%%") in the
314 * destination. This is useful for literal data to be fed to either
315 * strbuf_expand or to the *printf family of functions.
317 extern void strbuf_addbuf_percentquote(struct strbuf *dst, const struct strbuf *src);
320 * Append the given byte size as a human-readable string (i.e. 12.23 KiB,
321 * 3.50 MiB).
323 extern void strbuf_humanise_bytes(struct strbuf *buf, off_t bytes);
326 * Add a formatted string to the buffer.
328 __attribute__((format (printf,2,3)))
329 extern void strbuf_addf(struct strbuf *sb, const char *fmt, ...);
332 * Add a formatted string prepended by a comment character and a
333 * blank to the buffer.
335 __attribute__((format (printf, 2, 3)))
336 extern void strbuf_commented_addf(struct strbuf *sb, const char *fmt, ...);
338 __attribute__((format (printf,2,0)))
339 extern void strbuf_vaddf(struct strbuf *sb, const char *fmt, va_list ap);
342 * Add the time specified by `tm`, as formatted by `strftime`.
344 extern void strbuf_addftime(struct strbuf *sb, const char *fmt, const struct tm *tm);
347 * Read a given size of data from a FILE* pointer to the buffer.
349 * NOTE: The buffer is rewound if the read fails. If -1 is returned,
350 * `errno` must be consulted, like you would do for `read(3)`.
351 * `strbuf_read()`, `strbuf_read_file()` and `strbuf_getline_*()`
352 * family of functions have the same behaviour as well.
354 extern size_t strbuf_fread(struct strbuf *, size_t, FILE *);
357 * Read the contents of a given file descriptor. The third argument can be
358 * used to give a hint about the file size, to avoid reallocs. If read fails,
359 * any partial read is undone.
361 extern ssize_t strbuf_read(struct strbuf *, int fd, size_t hint);
364 * Read the contents of a given file descriptor partially by using only one
365 * attempt of xread. The third argument can be used to give a hint about the
366 * file size, to avoid reallocs. Returns the number of new bytes appended to
367 * the sb.
369 extern ssize_t strbuf_read_once(struct strbuf *, int fd, size_t hint);
372 * Read the contents of a file, specified by its path. The third argument
373 * can be used to give a hint about the file size, to avoid reallocs.
374 * Return the number of bytes read or a negative value if some error
375 * occurred while opening or reading the file.
377 extern ssize_t strbuf_read_file(struct strbuf *sb, const char *path, size_t hint);
380 * Read the target of a symbolic link, specified by its path. The third
381 * argument can be used to give a hint about the size, to avoid reallocs.
383 extern int strbuf_readlink(struct strbuf *sb, const char *path, size_t hint);
386 * Write the whole content of the strbuf to the stream not stopping at
387 * NUL bytes.
389 extern ssize_t strbuf_write(struct strbuf *sb, FILE *stream);
392 * Read a line from a FILE *, overwriting the existing contents of
393 * the strbuf. The strbuf_getline*() family of functions share
394 * this signature, but have different line termination conventions.
396 * Reading stops after the terminator or at EOF. The terminator
397 * is removed from the buffer before returning. Returns 0 unless
398 * there was nothing left before EOF, in which case it returns `EOF`.
400 typedef int (*strbuf_getline_fn)(struct strbuf *, FILE *);
402 /* Uses LF as the line terminator */
403 extern int strbuf_getline_lf(struct strbuf *sb, FILE *fp);
405 /* Uses NUL as the line terminator */
406 extern int strbuf_getline_nul(struct strbuf *sb, FILE *fp);
409 * Similar to strbuf_getline_lf(), but additionally treats a CR that
410 * comes immediately before the LF as part of the terminator.
411 * This is the most friendly version to be used to read "text" files
412 * that can come from platforms whose native text format is CRLF
413 * terminated.
415 extern int strbuf_getline(struct strbuf *, FILE *);
419 * Like `strbuf_getline`, but keeps the trailing terminator (if
420 * any) in the buffer.
422 extern int strbuf_getwholeline(struct strbuf *, FILE *, int);
425 * Like `strbuf_getwholeline`, but operates on a file descriptor.
426 * It reads one character at a time, so it is very slow. Do not
427 * use it unless you need the correct position in the file
428 * descriptor.
430 extern int strbuf_getwholeline_fd(struct strbuf *, int, int);
433 * Set the buffer to the path of the current working directory.
435 extern int strbuf_getcwd(struct strbuf *sb);
438 * Add a path to a buffer, converting a relative path to an
439 * absolute one in the process. Symbolic links are not
440 * resolved.
442 extern void strbuf_add_absolute_path(struct strbuf *sb, const char *path);
446 * Normalize in-place the path contained in the strbuf. See
447 * normalize_path_copy() for details. If an error occurs, the contents of "sb"
448 * are left untouched, and -1 is returned.
450 extern int strbuf_normalize_path(struct strbuf *sb);
453 * Strip whitespace from a buffer. The second parameter controls if
454 * comments are considered contents to be removed or not.
456 extern void strbuf_stripspace(struct strbuf *buf, int skip_comments);
459 * Temporary alias until all topic branches have switched to use
460 * strbuf_stripspace directly.
462 static inline void stripspace(struct strbuf *buf, int skip_comments)
464 strbuf_stripspace(buf, skip_comments);
467 static inline int strbuf_strip_suffix(struct strbuf *sb, const char *suffix)
469 if (strip_suffix_mem(sb->buf, &sb->len, suffix)) {
470 strbuf_setlen(sb, sb->len);
471 return 1;
472 } else
473 return 0;
477 * Split str (of length slen) at the specified terminator character.
478 * Return a null-terminated array of pointers to strbuf objects
479 * holding the substrings. The substrings include the terminator,
480 * except for the last substring, which might be unterminated if the
481 * original string did not end with a terminator. If max is positive,
482 * then split the string into at most max substrings (with the last
483 * substring containing everything following the (max-1)th terminator
484 * character).
486 * The most generic form is `strbuf_split_buf`, which takes an arbitrary
487 * pointer/len buffer. The `_str` variant takes a NUL-terminated string,
488 * the `_max` variant takes a strbuf, and just `strbuf_split` is a convenience
489 * wrapper to drop the `max` parameter.
491 * For lighter-weight alternatives, see string_list_split() and
492 * string_list_split_in_place().
494 extern struct strbuf **strbuf_split_buf(const char *, size_t,
495 int terminator, int max);
497 static inline struct strbuf **strbuf_split_str(const char *str,
498 int terminator, int max)
500 return strbuf_split_buf(str, strlen(str), terminator, max);
503 static inline struct strbuf **strbuf_split_max(const struct strbuf *sb,
504 int terminator, int max)
506 return strbuf_split_buf(sb->buf, sb->len, terminator, max);
509 static inline struct strbuf **strbuf_split(const struct strbuf *sb,
510 int terminator)
512 return strbuf_split_max(sb, terminator, 0);
516 * Free a NULL-terminated list of strbufs (for example, the return
517 * values of the strbuf_split*() functions).
519 extern void strbuf_list_free(struct strbuf **);
522 * Add the abbreviation, as generated by find_unique_abbrev, of `sha1` to
523 * the strbuf `sb`.
525 extern void strbuf_add_unique_abbrev(struct strbuf *sb,
526 const unsigned char *sha1,
527 int abbrev_len);
530 * Launch the user preferred editor to edit a file and fill the buffer
531 * with the file's contents upon the user completing their editing. The
532 * third argument can be used to set the environment which the editor is
533 * run in. If the buffer is NULL the editor is launched as usual but the
534 * file's contents are not read into the buffer upon completion.
536 extern int launch_editor(const char *path, struct strbuf *buffer, const char *const *env);
538 extern void strbuf_add_lines(struct strbuf *sb, const char *prefix, const char *buf, size_t size);
541 * Append s to sb, with the characters '<', '>', '&' and '"' converted
542 * into XML entities.
544 extern void strbuf_addstr_xml_quoted(struct strbuf *sb, const char *s);
547 * "Complete" the contents of `sb` by ensuring that either it ends with the
548 * character `term`, or it is empty. This can be used, for example,
549 * to ensure that text ends with a newline, but without creating an empty
550 * blank line if there is no content in the first place.
552 static inline void strbuf_complete(struct strbuf *sb, char term)
554 if (sb->len && sb->buf[sb->len - 1] != term)
555 strbuf_addch(sb, term);
558 static inline void strbuf_complete_line(struct strbuf *sb)
560 strbuf_complete(sb, '\n');
563 extern int strbuf_branchname(struct strbuf *sb, const char *name);
564 extern int strbuf_check_branch_ref(struct strbuf *sb, const char *name);
566 extern void strbuf_addstr_urlencode(struct strbuf *, const char *,
567 int reserved);
569 __attribute__((format (printf,1,2)))
570 extern int printf_ln(const char *fmt, ...);
571 __attribute__((format (printf,2,3)))
572 extern int fprintf_ln(FILE *fp, const char *fmt, ...);
574 char *xstrdup_tolower(const char *);
577 * Create a newly allocated string using printf format. You can do this easily
578 * with a strbuf, but this provides a shortcut to save a few lines.
580 __attribute__((format (printf, 1, 0)))
581 char *xstrvfmt(const char *fmt, va_list ap);
582 __attribute__((format (printf, 1, 2)))
583 char *xstrfmt(const char *fmt, ...);
585 #endif /* STRBUF_H */