]> git.ipfire.org Git - thirdparty/git.git/blob - wrapper.c
projects / thirdparty / git.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
treewide: be explicit about dependence on gettext.h
[thirdparty/git.git] / wrapper.c
1 /*
2 * Various trivial helper wrappers around standard functions
3 */
4 #include "cache.h"
5 #include "config.h"
6 #include "gettext.h"
7
8 static intmax_t count_fsync_writeout_only;
9 static intmax_t count_fsync_hardware_flush;
10
11 #ifdef HAVE_RTLGENRANDOM
12 /* This is required to get access to RtlGenRandom. */
13 #define SystemFunction036 NTAPI SystemFunction036
14 #include <NTSecAPI.h>
15 #undef SystemFunction036
16 #endif
17
18 static int memory_limit_check(size_t size, int gentle)
19 {
20 static size_t limit = 0;
21 if (!limit) {
22 limit = git_env_ulong("GIT_ALLOC_LIMIT", 0);
23 if (!limit)
24 limit = SIZE_MAX;
25 }
26 if (size > limit) {
27 if (gentle) {
28 error("attempting to allocate %"PRIuMAX" over limit %"PRIuMAX,
29 (uintmax_t)size, (uintmax_t)limit);
30 return -1;
31 } else
32 die("attempting to allocate %"PRIuMAX" over limit %"PRIuMAX,
33 (uintmax_t)size, (uintmax_t)limit);
34 }
35 return 0;
36 }
37
38 char *xstrdup(const char *str)
39 {
40 char *ret = strdup(str);
41 if (!ret)
42 die("Out of memory, strdup failed");
43 return ret;
44 }
45
46 static void *do_xmalloc(size_t size, int gentle)
47 {
48 void *ret;
49
50 if (memory_limit_check(size, gentle))
51 return NULL;
52 ret = malloc(size);
53 if (!ret && !size)
54 ret = malloc(1);
55 if (!ret) {
56 if (!gentle)
57 die("Out of memory, malloc failed (tried to allocate %lu bytes)",
58 (unsigned long)size);
59 else {
60 error("Out of memory, malloc failed (tried to allocate %lu bytes)",
61 (unsigned long)size);
62 return NULL;
63 }
64 }
65 #ifdef XMALLOC_POISON
66 memset(ret, 0xA5, size);
67 #endif
68 return ret;
69 }
70
71 void *xmalloc(size_t size)
72 {
73 return do_xmalloc(size, 0);
74 }
75
76 static void *do_xmallocz(size_t size, int gentle)
77 {
78 void *ret;
79 if (unsigned_add_overflows(size, 1)) {
80 if (gentle) {
81 error("Data too large to fit into virtual memory space.");
82 return NULL;
83 } else
84 die("Data too large to fit into virtual memory space.");
85 }
86 ret = do_xmalloc(size + 1, gentle);
87 if (ret)
88 ((char*)ret)[size] = 0;
89 return ret;
90 }
91
92 void *xmallocz(size_t size)
93 {
94 return do_xmallocz(size, 0);
95 }
96
97 void *xmallocz_gently(size_t size)
98 {
99 return do_xmallocz(size, 1);
100 }
101
102 /*
103 * xmemdupz() allocates (len + 1) bytes of memory, duplicates "len" bytes of
104 * "data" to the allocated memory, zero terminates the allocated memory,
105 * and returns a pointer to the allocated memory. If the allocation fails,
106 * the program dies.
107 */
108 void *xmemdupz(const void *data, size_t len)
109 {
110 return memcpy(xmallocz(len), data, len);
111 }
112
113 char *xstrndup(const char *str, size_t len)
114 {
115 char *p = memchr(str, '\0', len);
116 return xmemdupz(str, p ? p - str : len);
117 }
118
119 int xstrncmpz(const char *s, const char *t, size_t len)
120 {
121 int res = strncmp(s, t, len);
122 if (res)
123 return res;
124 return s[len] == '\0' ? 0 : 1;
125 }
126
127 void *xrealloc(void *ptr, size_t size)
128 {
129 void *ret;
130
131 if (!size) {
132 free(ptr);
133 return xmalloc(0);
134 }
135
136 memory_limit_check(size, 0);
137 ret = realloc(ptr, size);
138 if (!ret)
139 die("Out of memory, realloc failed");
140 return ret;
141 }
142
143 void *xcalloc(size_t nmemb, size_t size)
144 {
145 void *ret;
146
147 if (unsigned_mult_overflows(nmemb, size))
148 die("data too large to fit into virtual memory space");
149
150 memory_limit_check(size * nmemb, 0);
151 ret = calloc(nmemb, size);
152 if (!ret && (!nmemb || !size))
153 ret = calloc(1, 1);
154 if (!ret)
155 die("Out of memory, calloc failed");
156 return ret;
157 }
158
159 void xsetenv(const char *name, const char *value, int overwrite)
160 {
161 if (setenv(name, value, overwrite))
162 die_errno(_("could not setenv '%s'"), name ? name : "(null)");
163 }
164
165 /**
166 * xopen() is the same as open(), but it die()s if the open() fails.
167 */
168 int xopen(const char *path, int oflag, ...)
169 {
170 mode_t mode = 0;
171 va_list ap;
172
173 /*
174 * va_arg() will have undefined behavior if the specified type is not
175 * compatible with the argument type. Since integers are promoted to
176 * ints, we fetch the next argument as an int, and then cast it to a
177 * mode_t to avoid undefined behavior.
178 */
179 va_start(ap, oflag);
180 if (oflag & O_CREAT)
181 mode = va_arg(ap, int);
182 va_end(ap);
183
184 for (;;) {
185 int fd = open(path, oflag, mode);
186 if (fd >= 0)
187 return fd;
188 if (errno == EINTR)
189 continue;
190
191 if ((oflag & (O_CREAT | O_EXCL)) == (O_CREAT | O_EXCL))
192 die_errno(_("unable to create '%s'"), path);
193 else if ((oflag & O_RDWR) == O_RDWR)
194 die_errno(_("could not open '%s' for reading and writing"), path);
195 else if ((oflag & O_WRONLY) == O_WRONLY)
196 die_errno(_("could not open '%s' for writing"), path);
197 else
198 die_errno(_("could not open '%s' for reading"), path);
199 }
200 }
201
202 static int handle_nonblock(int fd, short poll_events, int err)
203 {
204 struct pollfd pfd;
205
206 if (err != EAGAIN && err != EWOULDBLOCK)
207 return 0;
208
209 pfd.fd = fd;
210 pfd.events = poll_events;
211
212 /*
213 * no need to check for errors, here;
214 * a subsequent read/write will detect unrecoverable errors
215 */
216 poll(&pfd, 1, -1);
217 return 1;
218 }
219
220 /*
221 * xread() is the same a read(), but it automatically restarts read()
222 * operations with a recoverable error (EAGAIN and EINTR). xread()
223 * DOES NOT GUARANTEE that "len" bytes is read even if the data is available.
224 */
225 ssize_t xread(int fd, void *buf, size_t len)
226 {
227 ssize_t nr;
228 if (len > MAX_IO_SIZE)
229 len = MAX_IO_SIZE;
230 while (1) {
231 nr = read(fd, buf, len);
232 if (nr < 0) {
233 if (errno == EINTR)
234 continue;
235 if (handle_nonblock(fd, POLLIN, errno))
236 continue;
237 }
238 return nr;
239 }
240 }
241
242 /*
243 * xwrite() is the same a write(), but it automatically restarts write()
244 * operations with a recoverable error (EAGAIN and EINTR). xwrite() DOES NOT
245 * GUARANTEE that "len" bytes is written even if the operation is successful.
246 */
247 ssize_t xwrite(int fd, const void *buf, size_t len)
248 {
249 ssize_t nr;
250 if (len > MAX_IO_SIZE)
251 len = MAX_IO_SIZE;
252 while (1) {
253 nr = write(fd, buf, len);
254 if (nr < 0) {
255 if (errno == EINTR)
256 continue;
257 if (handle_nonblock(fd, POLLOUT, errno))
258 continue;
259 }
260
261 return nr;
262 }
263 }
264
265 /*
266 * xpread() is the same as pread(), but it automatically restarts pread()
267 * operations with a recoverable error (EAGAIN and EINTR). xpread() DOES
268 * NOT GUARANTEE that "len" bytes is read even if the data is available.
269 */
270 ssize_t xpread(int fd, void *buf, size_t len, off_t offset)
271 {
272 ssize_t nr;
273 if (len > MAX_IO_SIZE)
274 len = MAX_IO_SIZE;
275 while (1) {
276 nr = pread(fd, buf, len, offset);
277 if ((nr < 0) && (errno == EAGAIN || errno == EINTR))
278 continue;
279 return nr;
280 }
281 }
282
283 ssize_t read_in_full(int fd, void *buf, size_t count)
284 {
285 char *p = buf;
286 ssize_t total = 0;
287
288 while (count > 0) {
289 ssize_t loaded = xread(fd, p, count);
290 if (loaded < 0)
291 return -1;
292 if (loaded == 0)
293 return total;
294 count -= loaded;
295 p += loaded;
296 total += loaded;
297 }
298
299 return total;
300 }
301
302 ssize_t write_in_full(int fd, const void *buf, size_t count)
303 {
304 const char *p = buf;
305 ssize_t total = 0;
306
307 while (count > 0) {
308 ssize_t written = xwrite(fd, p, count);
309 if (written < 0)
310 return -1;
311 if (!written) {
312 errno = ENOSPC;
313 return -1;
314 }
315 count -= written;
316 p += written;
317 total += written;
318 }
319
320 return total;
321 }
322
323 ssize_t pread_in_full(int fd, void *buf, size_t count, off_t offset)
324 {
325 char *p = buf;
326 ssize_t total = 0;
327
328 while (count > 0) {
329 ssize_t loaded = xpread(fd, p, count, offset);
330 if (loaded < 0)
331 return -1;
332 if (loaded == 0)
333 return total;
334 count -= loaded;
335 p += loaded;
336 total += loaded;
337 offset += loaded;
338 }
339
340 return total;
341 }
342
343 int xdup(int fd)
344 {
345 int ret = dup(fd);
346 if (ret < 0)
347 die_errno("dup failed");
348 return ret;
349 }
350
351 /**
352 * xfopen() is the same as fopen(), but it die()s if the fopen() fails.
353 */
354 FILE *xfopen(const char *path, const char *mode)
355 {
356 for (;;) {
357 FILE *fp = fopen(path, mode);
358 if (fp)
359 return fp;
360 if (errno == EINTR)
361 continue;
362
363 if (*mode && mode[1] == '+')
364 die_errno(_("could not open '%s' for reading and writing"), path);
365 else if (*mode == 'w' || *mode == 'a')
366 die_errno(_("could not open '%s' for writing"), path);
367 else
368 die_errno(_("could not open '%s' for reading"), path);
369 }
370 }
371
372 FILE *xfdopen(int fd, const char *mode)
373 {
374 FILE *stream = fdopen(fd, mode);
375 if (!stream)
376 die_errno("Out of memory? fdopen failed");
377 return stream;
378 }
379
380 FILE *fopen_for_writing(const char *path)
381 {
382 FILE *ret = fopen(path, "w");
383
384 if (!ret && errno == EPERM) {
385 if (!unlink(path))
386 ret = fopen(path, "w");
387 else
388 errno = EPERM;
389 }
390 return ret;
391 }
392
393 static void warn_on_inaccessible(const char *path)
394 {
395 warning_errno(_("unable to access '%s'"), path);
396 }
397
398 int warn_on_fopen_errors(const char *path)
399 {
400 if (errno != ENOENT && errno != ENOTDIR) {
401 warn_on_inaccessible(path);
402 return -1;
403 }
404
405 return 0;
406 }
407
408 FILE *fopen_or_warn(const char *path, const char *mode)
409 {
410 FILE *fp = fopen(path, mode);
411
412 if (fp)
413 return fp;
414
415 warn_on_fopen_errors(path);
416 return NULL;
417 }
418
419 int xmkstemp(char *filename_template)
420 {
421 int fd;
422 char origtemplate[PATH_MAX];
423 strlcpy(origtemplate, filename_template, sizeof(origtemplate));
424
425 fd = mkstemp(filename_template);
426 if (fd < 0) {
427 int saved_errno = errno;
428 const char *nonrelative_template;
429
430 if (strlen(filename_template) != strlen(origtemplate))
431 filename_template = origtemplate;
432
433 nonrelative_template = absolute_path(filename_template);
434 errno = saved_errno;
435 die_errno("Unable to create temporary file '%s'",
436 nonrelative_template);
437 }
438 return fd;
439 }
440
441 /* Adapted from libiberty's mkstemp.c. */
442
443 #undef TMP_MAX
444 #define TMP_MAX 16384
445
446 int git_mkstemps_mode(char *pattern, int suffix_len, int mode)
447 {
448 static const char letters[] =
449 "abcdefghijklmnopqrstuvwxyz"
450 "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
451 "0123456789";
452 static const int num_letters = ARRAY_SIZE(letters) - 1;
453 static const char x_pattern[] = "XXXXXX";
454 static const int num_x = ARRAY_SIZE(x_pattern) - 1;
455 char *filename_template;
456 size_t len;
457 int fd, count;
458
459 len = strlen(pattern);
460
461 if (len < num_x + suffix_len) {
462 errno = EINVAL;
463 return -1;
464 }
465
466 if (strncmp(&pattern[len - num_x - suffix_len], x_pattern, num_x)) {
467 errno = EINVAL;
468 return -1;
469 }
470
471 /*
472 * Replace pattern's XXXXXX characters with randomness.
473 * Try TMP_MAX different filenames.
474 */
475 filename_template = &pattern[len - num_x - suffix_len];
476 for (count = 0; count < TMP_MAX; ++count) {
477 int i;
478 uint64_t v;
479 if (csprng_bytes(&v, sizeof(v)) < 0)
480 return error_errno("unable to get random bytes for temporary file");
481
482 /* Fill in the random bits. */
483 for (i = 0; i < num_x; i++) {
484 filename_template[i] = letters[v % num_letters];
485 v /= num_letters;
486 }
487
488 fd = open(pattern, O_CREAT | O_EXCL | O_RDWR, mode);
489 if (fd >= 0)
490 return fd;
491 /*
492 * Fatal error (EPERM, ENOSPC etc).
493 * It doesn't make sense to loop.
494 */
495 if (errno != EEXIST)
496 break;
497 }
498 /* We return the null string if we can't find a unique file name. */
499 pattern[0] = '\0';
500 return -1;
501 }
502
503 int git_mkstemp_mode(char *pattern, int mode)
504 {
505 /* mkstemp is just mkstemps with no suffix */
506 return git_mkstemps_mode(pattern, 0, mode);
507 }
508
509 int xmkstemp_mode(char *filename_template, int mode)
510 {
511 int fd;
512 char origtemplate[PATH_MAX];
513 strlcpy(origtemplate, filename_template, sizeof(origtemplate));
514
515 fd = git_mkstemp_mode(filename_template, mode);
516 if (fd < 0) {
517 int saved_errno = errno;
518 const char *nonrelative_template;
519
520 if (!filename_template[0])
521 filename_template = origtemplate;
522
523 nonrelative_template = absolute_path(filename_template);
524 errno = saved_errno;
525 die_errno("Unable to create temporary file '%s'",
526 nonrelative_template);
527 }
528 return fd;
529 }
530
531 /*
532 * Some platforms return EINTR from fsync. Since fsync is invoked in some
533 * cases by a wrapper that dies on failure, do not expose EINTR to callers.
534 */
535 static int fsync_loop(int fd)
536 {
537 int err;
538
539 do {
540 err = fsync(fd);
541 } while (err < 0 && errno == EINTR);
542 return err;
543 }
544
545 int git_fsync(int fd, enum fsync_action action)
546 {
547 switch (action) {
548 case FSYNC_WRITEOUT_ONLY:
549 count_fsync_writeout_only += 1;
550
551 #ifdef __APPLE__
552 /*
553 * On macOS, fsync just causes filesystem cache writeback but
554 * does not flush hardware caches.
555 */
556 return fsync_loop(fd);
557 #endif
558
559 #ifdef HAVE_SYNC_FILE_RANGE
560 /*
561 * On linux 2.6.17 and above, sync_file_range is the way to
562 * issue a writeback without a hardware flush. An offset of
563 * 0 and size of 0 indicates writeout of the entire file and the
564 * wait flags ensure that all dirty data is written to the disk
565 * (potentially in a disk-side cache) before we continue.
566 */
567
568 return sync_file_range(fd, 0, 0, SYNC_FILE_RANGE_WAIT_BEFORE |
569 SYNC_FILE_RANGE_WRITE |
570 SYNC_FILE_RANGE_WAIT_AFTER);
571 #endif
572
573 #ifdef fsync_no_flush
574 return fsync_no_flush(fd);
575 #endif
576
577 errno = ENOSYS;
578 return -1;
579
580 case FSYNC_HARDWARE_FLUSH:
581 count_fsync_hardware_flush += 1;
582
583 /*
584 * On macOS, a special fcntl is required to really flush the
585 * caches within the storage controller. As of this writing,
586 * this is a very expensive operation on Apple SSDs.
587 */
588 #ifdef __APPLE__
589 return fcntl(fd, F_FULLFSYNC);
590 #else
591 return fsync_loop(fd);
592 #endif
593 default:
594 BUG("unexpected git_fsync(%d) call", action);
595 }
596 }
597
598 static void log_trace_fsync_if(const char *key, intmax_t value)
599 {
600 if (value)
601 trace2_data_intmax("fsync", the_repository, key, value);
602 }
603
604 void trace_git_fsync_stats(void)
605 {
606 log_trace_fsync_if("fsync/writeout-only", count_fsync_writeout_only);
607 log_trace_fsync_if("fsync/hardware-flush", count_fsync_hardware_flush);
608 }
609
610 static int warn_if_unremovable(const char *op, const char *file, int rc)
611 {
612 int err;
613 if (!rc || errno == ENOENT)
614 return 0;
615 err = errno;
616 warning_errno("unable to %s '%s'", op, file);
617 errno = err;
618 return rc;
619 }
620
621 int unlink_or_msg(const char *file, struct strbuf *err)
622 {
623 int rc = unlink(file);
624
625 assert(err);
626
627 if (!rc || errno == ENOENT)
628 return 0;
629
630 strbuf_addf(err, "unable to unlink '%s': %s",
631 file, strerror(errno));
632 return -1;
633 }
634
635 int unlink_or_warn(const char *file)
636 {
637 return warn_if_unremovable("unlink", file, unlink(file));
638 }
639
640 int rmdir_or_warn(const char *file)
641 {
642 return warn_if_unremovable("rmdir", file, rmdir(file));
643 }
644
645 int remove_or_warn(unsigned int mode, const char *file)
646 {
647 return S_ISGITLINK(mode) ? rmdir_or_warn(file) : unlink_or_warn(file);
648 }
649
650 static int access_error_is_ok(int err, unsigned flag)
651 {
652 return (is_missing_file_error(err) ||
653 ((flag & ACCESS_EACCES_OK) && err == EACCES));
654 }
655
656 int access_or_warn(const char *path, int mode, unsigned flag)
657 {
658 int ret = access(path, mode);
659 if (ret && !access_error_is_ok(errno, flag))
660 warn_on_inaccessible(path);
661 return ret;
662 }
663
664 int access_or_die(const char *path, int mode, unsigned flag)
665 {
666 int ret = access(path, mode);
667 if (ret && !access_error_is_ok(errno, flag))
668 die_errno(_("unable to access '%s'"), path);
669 return ret;
670 }
671
672 char *xgetcwd(void)
673 {
674 struct strbuf sb = STRBUF_INIT;
675 if (strbuf_getcwd(&sb))
676 die_errno(_("unable to get current working directory"));
677 return strbuf_detach(&sb, NULL);
678 }
679
680 int xsnprintf(char *dst, size_t max, const char *fmt, ...)
681 {
682 va_list ap;
683 int len;
684
685 va_start(ap, fmt);
686 len = vsnprintf(dst, max, fmt, ap);
687 va_end(ap);
688
689 if (len < 0)
690 BUG("your snprintf is broken");
691 if (len >= max)
692 BUG("attempt to snprintf into too-small buffer");
693 return len;
694 }
695
696 void write_file_buf(const char *path, const char *buf, size_t len)
697 {
698 int fd = xopen(path, O_WRONLY | O_CREAT | O_TRUNC, 0666);
699 if (write_in_full(fd, buf, len) < 0)
700 die_errno(_("could not write to '%s'"), path);
701 if (close(fd))
702 die_errno(_("could not close '%s'"), path);
703 }
704
705 void write_file(const char *path, const char *fmt, ...)
706 {
707 va_list params;
708 struct strbuf sb = STRBUF_INIT;
709
710 va_start(params, fmt);
711 strbuf_vaddf(&sb, fmt, params);
712 va_end(params);
713
714 strbuf_complete_line(&sb);
715
716 write_file_buf(path, sb.buf, sb.len);
717 strbuf_release(&sb);
718 }
719
720 void sleep_millisec(int millisec)
721 {
722 poll(NULL, 0, millisec);
723 }
724
725 int xgethostname(char *buf, size_t len)
726 {
727 /*
728 * If the full hostname doesn't fit in buf, POSIX does not
729 * specify whether the buffer will be null-terminated, so to
730 * be safe, do it ourselves.
731 */
732 int ret = gethostname(buf, len);
733 if (!ret)
734 buf[len - 1] = 0;
735 return ret;
736 }
737
738 int is_empty_or_missing_file(const char *filename)
739 {
740 struct stat st;
741
742 if (stat(filename, &st) < 0) {
743 if (errno == ENOENT)
744 return 1;
745 die_errno(_("could not stat %s"), filename);
746 }
747
748 return !st.st_size;
749 }
750
751 int open_nofollow(const char *path, int flags)
752 {
753 #ifdef O_NOFOLLOW
754 return open(path, flags | O_NOFOLLOW);
755 #else
756 struct stat st;
757 if (lstat(path, &st) < 0)
758 return -1;
759 if (S_ISLNK(st.st_mode)) {
760 errno = ELOOP;
761 return -1;
762 }
763 return open(path, flags);
764 #endif
765 }
766
767 int csprng_bytes(void *buf, size_t len)
768 {
769 #if defined(HAVE_ARC4RANDOM) || defined(HAVE_ARC4RANDOM_LIBBSD)
770 /* This function never returns an error. */
771 arc4random_buf(buf, len);
772 return 0;
773 #elif defined(HAVE_GETRANDOM)
774 ssize_t res;
775 char *p = buf;
776 while (len) {
777 res = getrandom(p, len, 0);
778 if (res < 0)
779 return -1;
780 len -= res;
781 p += res;
782 }
783 return 0;
784 #elif defined(HAVE_GETENTROPY)
785 int res;
786 char *p = buf;
787 while (len) {
788 /* getentropy has a maximum size of 256 bytes. */
789 size_t chunk = len < 256 ? len : 256;
790 res = getentropy(p, chunk);
791 if (res < 0)
792 return -1;
793 len -= chunk;
794 p += chunk;
795 }
796 return 0;
797 #elif defined(HAVE_RTLGENRANDOM)
798 if (!RtlGenRandom(buf, len))
799 return -1;
800 return 0;
801 #elif defined(HAVE_OPENSSL_CSPRNG)
802 int res = RAND_bytes(buf, len);
803 if (res == 1)
804 return 0;
805 if (res == -1)
806 errno = ENOTSUP;
807 else
808 errno = EIO;
809 return -1;
810 #else
811 ssize_t res;
812 char *p = buf;
813 int fd, err;
814 fd = open("/dev/urandom", O_RDONLY);
815 if (fd < 0)
816 return -1;
817 while (len) {
818 res = xread(fd, p, len);
819 if (res < 0) {
820 err = errno;
821 close(fd);
822 errno = err;
823 return -1;
824 }
825 len -= res;
826 p += res;
827 }
828 close(fd);
829 return 0;
830 #endif
831 }
Unnamed repository; edit this file 'description' to name the repository.