alloc: set up an allocator that fails before library initethomson/friendlier_getting_started

We require the library to be initialized with git_libgit2_init before it
is functional.  However, if a user tries to uses the library without
doing so - as they might when getting started with the library for the
first time - we will likely crash.

This commit introduces some guard rails - now instead of having _no_
allocator by default, we'll have an allocator that always fails, and
never tries to set an error message (since the thread-local state is
set up by git_libgit2_init).  We've modified the error retrieval
function to (try to) ensure that the library has been initialized before
getting the thread-local error message.

(Unfortunately, we cannot determine if the thread local storage has
actually been configured, this does require initialization by
git_libgit2_init.  But a naive attempt should be good enough for most
cases.)

1 files changed, 14 insertions, 2 deletions

diff --git a/src/alloc.c b/src/alloc.c
index 6972e7b59..9ec90297f 100644
--- a/src/alloc.c
+++ b/src/alloc.c
@@ -8,6 +8,7 @@
 #include "alloc.h"
 #include "runtime.h"
 
+#include "allocators/failalloc.h"
 #include "allocators/stdalloc.h"
 #include "allocators/win32_crtdbg.h"
 
@@ -16,7 +17,18 @@
 # include "win32/w32_crtdbg_stacktrace.h"
 #endif
 
-git_allocator git__allocator;
+/* Fail any allocation until git_libgit2_init is called. */
+git_allocator git__allocator = {
+	git_failalloc_malloc,
+	git_failalloc_calloc,
+	git_failalloc_strdup,
+	git_failalloc_strndup,
+	git_failalloc_substrdup,
+	git_failalloc_realloc,
+	git_failalloc_reallocarray,
+	git_failalloc_mallocarray,
+	git_failalloc_free
+};
 
 static int setup_default_allocator(void)
 {
@@ -49,7 +61,7 @@ int git_allocator_global_init(void)
 	 * We don't want to overwrite any allocator which has been set before
 	 * the init function is called.
 	 */
-	if (git__allocator.gmalloc != NULL)
+	if (git__allocator.gmalloc != git_failalloc_malloc)
 		return 0;
 
 	return setup_default_allocator();