buffer: don't allow growing borrowed buffers

When we don't own a buffer (asize=0) we currently allow the usage of
grow to copy the memory into a buffer we do own. This muddles the
meaning of grow, and lets us be a bit cavalier with ownership semantics.

Don't allow this any more. Usage of grow should be restricted to buffers
which we know own their own memory. If unsure, we must not attempt to
modify it.

1 files changed, 6 insertions, 6 deletions

diff --git a/src/buffer.c b/src/buffer.c
index f633c5e02..c066d8e84 100644
--- a/src/buffer.c
+++ b/src/buffer.c
@@ -33,7 +33,7 @@ void git_buf_init(git_buf *buf, size_t initial_size)
 }
 
 int git_buf_try_grow(
-	git_buf *buf, size_t target_size, bool mark_oom, bool preserve_external)
+	git_buf *buf, size_t target_size, bool mark_oom)
 {
 	char *new_ptr;
 	size_t new_size;
@@ -41,6 +41,9 @@ int git_buf_try_grow(
 	if (buf->ptr == git_buf__oom)
 		return -1;
 
+	if (buf->asize == 0 && buf->size != 0)
+		return GIT_EINVALIDSPEC;
+
 	if (!target_size)
 		target_size = buf->size;
 
@@ -82,9 +85,6 @@ int git_buf_try_grow(
 		return -1;
 	}
 
-	if (preserve_external && !buf->asize && buf->ptr != NULL && buf->size > 0)
-		memcpy(new_ptr, buf->ptr, min(buf->size, new_size));
-
 	buf->asize = new_size;
 	buf->ptr   = new_ptr;
 
@@ -98,7 +98,7 @@ int git_buf_try_grow(
 
 int git_buf_grow(git_buf *buffer, size_t target_size)
 {
-	return git_buf_try_grow(buffer, target_size, true, true);
+	return git_buf_try_grow(buffer, target_size, true);
 }
 
 int git_buf_grow_by(git_buf *buffer, size_t additional_size)
@@ -110,7 +110,7 @@ int git_buf_grow_by(git_buf *buffer, size_t additional_size)
 		return -1;
 	}
 
-	return git_buf_try_grow(buffer, newsize, true, true);	
+	return git_buf_try_grow(buffer, newsize, true);
 }
 
 void git_buf_free(git_buf *buf)