delta/libgit2.git/src/util.h, branch ethomson/proxy github.com: libgit2/libgit2.git Merge pull request #4864 from pks-t/pks/object-parse-fixes 2018-10-26T10:33:59+00:00 Patrick Steinhardt ps@pks.im 2018-10-26T10:33:59+00:00 623647af9959e0ce8d265ef0060a01b0da6b5fd4 Object parse fixes 
Object parse fixes
 util: provide `git__memmem` function 2018-10-25T10:52:47+00:00 Patrick Steinhardt ps@pks.im 2018-10-18T14:08:46+00:00 83e8a6b36acc67f2702cbbc7d4e334c7f7737719 Unfortunately, neither the `memmem` nor the `strnstr` functions are part of any C standard but are merely extensions of C that are implemented by e.g. glibc. Thus, there is no standardized way to search for a string in a block of memory with a limited size, and using `strstr` is to be considered unsafe in case where the buffer has not been sanitized. In fact, there are some uses of `strstr` in exactly that unsafe way in our codebase. Provide a new function `git__memmem` that implements the `memmem` semantics. That is in a given haystack of `n` bytes, search for the occurrence of a byte sequence of `m` bytes and return a pointer to the first occurrence. The implementation chosen is the "Not So Naive" algorithm from [1]. It was chosen as the implementation is comparably simple while still being reasonably efficient in most cases. Preprocessing happens in constant time and space, searching has a time complexity of O(n*m) with a slightly sub-linear average case. [1]: http://www-igm.univ-mlv.fr/~lecroq/string/ 
Unfortunately, neither the `memmem` nor the `strnstr` functions are part
of any C standard but are merely extensions of C that are implemented by
e.g. glibc. Thus, there is no standardized way to search for a string in
a block of memory with a limited size, and using `strstr` is to be
considered unsafe in case where the buffer has not been sanitized. In
fact, there are some uses of `strstr` in exactly that unsafe way in our
codebase.

Provide a new function `git__memmem` that implements the `memmem`
semantics. That is in a given haystack of `n` bytes, search for the
occurrence of a byte sequence of `m` bytes and return a pointer to the
first occurrence. The implementation chosen is the "Not So Naive"
algorithm from [1]. It was chosen as the implementation is comparably
simple while still being reasonably efficient in most cases.
Preprocessing happens in constant time and space, searching has a time
complexity of O(n*m) with a slightly sub-linear average case.

[1]: http://www-igm.univ-mlv.fr/~lecroq/string/
util: remove `git__strtol32` 2018-10-18T10:04:07+00:00 Patrick Steinhardt ps@pks.im 2018-10-18T10:04:07+00:00 8d7fa88a9d5011b653035497b0f523e0f177b6a6 The function `git__strtol32` can easily be misused when untrusted data is passed to it that may not have been sanitized with trailing `NUL` bytes. As all usages of this function have now been removed, we can remove this function altogether to avoid future misuse of it. 
The function `git__strtol32` can easily be misused when untrusted data
is passed to it that may not have been sanitized with trailing `NUL`
bytes. As all usages of this function have now been removed, we can
remove this function altogether to avoid future misuse of it.
util: remove unsafe `git__strtol64` function 2018-10-18T09:49:23+00:00 Patrick Steinhardt ps@pks.im 2018-10-18T09:37:10+00:00 68deb2cc80ef19bf3a1915c26b5308b283a6d69a The function `git__strtol64` does not take a maximum buffer length as parameter. This has led to some unsafe usages of this function, and as such we may consider it as being unsafe to use. As we have now eradicated all usages of this function, let's remove it completely to avoid future misuse. 
The function `git__strtol64` does not take a maximum buffer length as
parameter. This has led to some unsafe usages of this function, and as
such we may consider it as being unsafe to use. As we have now
eradicated all usages of this function, let's remove it completely to
avoid future misuse.
util: extract allocators into its own "alloc.h" header 2018-06-07T10:57:39+00:00 Patrick Steinhardt ps@pks.im 2018-03-14T10:36:14+00:00 d2e996fa17c0c39afe32a703a88b5f1f7b256c1c Our "util.h" header is a grabbag of various different functions, where many don't have a clear group they belong to. Our set of allocator functions though can be clearly singled out as a single group of functions that always belongs together. Furthermore, we will need to implement additional functions relating to our allocators subsystem when moving to pluggable allocators. Thus, we should just move these functions into their own "alloc" module. 
Our "util.h" header is a grabbag of various different functions, where
many don't have a clear group they belong to. Our set of allocator
functions though can be clearly singled out as a single group of
functions that always belongs together. Furthermore, we will need to
implement additional functions relating to our allocators subsystem when
moving to pluggable allocators. Thus, we should just move these
functions into their own "alloc" module.
util: extract `stdalloc` allocator into its own module 2018-06-07T10:57:39+00:00 Patrick Steinhardt ps@pks.im 2018-03-14T10:34:59+00:00 c47f71551714006ee1aba26c49fdd1f187251da2 Right now, the standard allocator is being declared as part of the "util.h" header as a set of inline functions. As with the crtdbg allocator functions, these inline functions make it hard to convert to function pointers for our allocators. Create a new "stdalloc" module containing our standard allocations functions to split these out. Convert the existing allocators to macros which make use of the stdalloc functions. 
Right now, the standard allocator is being declared as part of the
"util.h" header as a set of inline functions. As with the crtdbg
allocator functions, these inline functions make it hard to convert to
function pointers for our allocators.

Create a new "stdalloc" module containing our standard allocations
functions to split these out. Convert the existing allocators to macros
which make use of the stdalloc functions.
win32: crtdbg: provide independent `free` function 2018-06-07T10:57:39+00:00 Patrick Steinhardt ps@pks.im 2018-03-14T10:28:50+00:00 496b0df2ca2a115d2e5a7099f2b8fd6d7409fcb2 Currently, the `git__free` function is being defined in a single place, only, disregarding whether we use our standard allocators or the crtdbg allocators. This makes it a bit harder to convert our code base to use pluggable allocators, and furthermore makes the border between our two allocators a bit more blurry. Implement a separate `git__crtdbg__free` function for the crtdbg allocator in order to completely separate both allocator implementations. 
Currently, the `git__free` function is being defined in a single place,
only, disregarding whether we use our standard allocators or the crtdbg
allocators. This makes it a bit harder to convert our code base to use
pluggable allocators, and furthermore makes the border between our two
allocators a bit more blurry.

Implement a separate `git__crtdbg__free` function for the crtdbg
allocator in order to completely separate both allocator
implementations.
Sanitize the hunk header to ensure it contains UTF-8 valid data 2018-05-05T21:54:27+00:00 Stan Hu stanhu@gmail.com 2018-02-23T06:55:50+00:00 9d83a2b08724211e564bffca740cd5fdc93d890e The diff driver truncates the hunk header text to 80 bytes, which can truncate 4-byte Unicode characters and introduce garbage characters in the diff output. This change sanitizes the hunk header before it is displayed. This mirrors the test in git: https://github.com/git/git/blob/master/t/t4025-hunk-header.sh Closes https://github.com/libgit2/rugged/issues/716 
The diff driver truncates the hunk header text to 80 bytes, which can truncate
4-byte Unicode characters and introduce garbage characters in the diff
output. This change sanitizes the hunk header before it is displayed.

This mirrors the test in git: https://github.com/git/git/blob/master/t/t4025-hunk-header.sh

Closes https://github.com/libgit2/rugged/issues/716
util: clean up header includes 2018-02-16T11:42:28+00:00 Patrick Steinhardt ps@pks.im 2018-02-16T11:28:53+00:00 92324d84921721035458ba8d128dea48436525ec While "util.h" declares the macro `git__tolower`, which simply resorts to tolower(3P) on Unix-like systems, the <ctype.h> header is only being included in "util.c". Thus, anybody who has included "util.h" without having <ctype.h> included will fail to compile as soon as the macro is in use. Furthermore, we can clean up additional includes in "util.c" and simply replace them with an include for "common.h". 
While "util.h" declares the macro `git__tolower`, which simply resorts
to tolower(3P) on Unix-like systems, the <ctype.h> header is only being
included in "util.c". Thus, anybody who has included "util.h" without
having <ctype.h> included will fail to compile as soon as the macro is
in use.

Furthermore, we can clean up additional includes in "util.c" and simply
replace them with an include for "common.h".
consistent header guards 2018-02-01T23:56:33+00:00 Edward Thomson ethomson@edwardthomson.com 2018-02-01T23:55:48+00:00 abb04caa2f74bb4783eb87202a904c0c3517df85 use consistent names for the #include / #define header guard pattern. 
use consistent names for the #include / #define header guard pattern.