Rather than having to adjust all callers in a chain to deal with
indentation, it is nicer to have virBuffer do auto-indentation.

* src/util/buf.h (_virBuffer): Increase size.
(virBufferAdjustIndent, virBufferGetIndent): New prototypes.
* src/libvirt_private.syms (buf.h): Export new functions.
* src/util/buf.c (virBufferAdjustIndent, virBufferGetIndent): New
functions.
(virBufferSetError, virBufferAdd, virBufferAddChar)
(virBufferVasprintf, virBufferStrcat, virBufferURIEncodeString):
Implement auto-indentation.
* tests/virbuftest.c (testBufAutoIndent): Test it.
(testBufInfiniteLoop): Don't rely on internals.
Idea by Daniel P. Berrange.

The next patch wants to add some sanity checking, which would
be a different error than ENOMEM.  Many existing callers blindly
report OOM failure if virBuf reports an error, and this will be
wrong in the (unlikely) case that they actually had a usage error
instead; but since the most common error really is ENOMEM, I'm
not going to fix all callers.  Meanwhile, new discriminating
callers can react differently depending on what failure happened.

* src/util/buf.c (virBufferSetError): Add parameter.
(virBufferGrow, virBufferVasprintf, virBufferEscapeString)
(virBufferEscapeSexpr, virBufferEscapeShell): Adjust callers.

Although the compiler wasn't complaining (since it was the pointer,
rather than what was being pointed to, that was actually const), it
looks quite suspicious to call a function with an argument labeled
const when the nature of the pointer (virBufferPtr) is hidden behind
a typedef.  Dropping const makes the function declarations easier
to read.

* src/util/buf.h: Drop const from all functions that modify buffer
argument.
* src/util/buf.c (virBufferSetError, virBufferAdd)
(virBufferContentAndReset, virBufferFreeAndReset)
(virBufferAsprintf, virBufferVasprintf, virBufferEscapeString)
(virBufferEscapeSexpr, virBufferEscape): Fix fallout.

The statement

        virBufferAdd(buf, "''", 2);

triggers a syntax-check warning

* src/util/buf.c: Replace virBufferAdd with virBufferAddLit

Make the empty string return '' to match cmdEcho's behavior.

When checking if we need to escape a single quote we were looking at the
character after the quote instead of at the quote itself.

Escape strings so they're safe to pass to the shell. It's based on
virsh's cmdEcho.

Implement a generic helper to escape a given set of characters with a
leading '\'.  Generalizes virBufferEscapeSexpr().
Signed-off-by: NSage Weil <sage@newdream.net>

It's unlikely that we'll ever want to escape a string as long as
INT_MAX/6, but adding this check can't hurt.

* src/util/buf.c (virBufferEscapeSexpr, virBufferEscapeString):
Check for (unlikely) overflow.

Match the fact that we have virAsprintf and virVasprintf.

* src/util/buf.h (virBufferVasprintf): New prototype.
* src/util/buf.c (virBufferAsprintf): Move guts...
(virBufferVasprintf): ...to new function.
* src/libvirt_private.syms (buf.h): Export it.
* bootstrap.conf (gnulib_modules): Add stdarg, for va_copy.

We already have virAsprintf, so picking a similar name helps for
seeing a similar purpose.  Furthermore, the prefix V before printf
generally implies 'va_list', even though this variant was '...', and
the old name got in the way of adding a new va_list version.

global rename performed with:

$ git grep -l virBufferVSprintf \
  | xargs -L1 sed -i 's/virBufferVSprintf/virBufferAsprintf/g'

then revert the changes in ChangeLog-old.

When buf->error is 1, we do not return buf->content in the function
virBufferContentAndReset(). So we should free buf->content when
vsnprintf() failed.

If we don't escape ' or \ xend can't parse the generated sexpr. This
might over apply the EscapeSexpr routine, but it shouldn't hurt.

We are about to copy this function, so clean it up before we do.

The current code will go into an infinite loop if the printf generated
string is >= 1000, AND exactly 1 character smaller than the amount of free
space in the buffer. When this happens, we are dropped into the loop body,
but nothing will actually change, because count == (buf->size - buf->use - 1),
and virBufferGrow returns unchanged if count < (buf->size - buf->use)

Fix this by removing the '- 1' bit from 'size'. The *nprintf functions handle
the NULL byte for us anyways, so we shouldn't need to manually accommodate
for it.

Here's a bug where we are actually hitting this issue:
https://bugzilla.redhat.com/show_bug.cgi?id=602772

v2: Eric's improvements: while -> if (), remove extra va_list variable,
    make sure we report buffer error if snprintf fails

v3: Add tests/virbuftest which reproduces the infinite loop before this
    patch, works correctly after

* src/util/buf.c (virBufferVSprintf): Do not omit va_end(argptr).
Improved-by: Daniel Veillard.

* src/util/buf.c (virBufferStrcat): Do not skip va_end due to
an early return.

Replace free(virBufferContentAndReset()) with virBufferFreeAndReset().
Update documentation and replace all remaining calls to free() with
calls to VIR_FREE(). Also add missing calls to virBufferFreeAndReset()
and virReportOOMError() in OOM error cases.

* src/util/buf.c: if virBufferEscapeString was called on a buffer that
  had 0 bytes of space, a size of -1 will be passed to snprintf, resulting
  in a segmentation fault, this preallocate some space.

* src/bridge.c, src/bridge.h, src/buf.c, src/buf.h, src/cgroup.c,
  src/cgroup.h, src/conf.c, src/conf.h, src/event.c, src/event.h,
  src/hash.c, src/hash.h, src/hostusb.c, src/hostusb.h,
  src/iptables.c, src/iptables.h, src/logging.c, src/logging.h,
  src/memory.c, src/memory.h, src/pci.c, src/pci.h, src/qparams.c,
  src/qparams.h, src/stats_linux.c, src/stats_linux.h,
  src/threads-pthread.c, src/threads-pthread.h, src/threads-win32.c,
  src/threads-win32.h, src/threads.c, src/threads.h, src/util.c,
  src/util.h, src/uuid.c, src/uuid.h, src/virterror.c,
  src/virterror_internal.h, src/xml.c, src/xml.h: Move all files
  into src/util/
* daemon/Makefile.am: Add -Isrc/util/ to build flags
* src/Makefile.am: Add -Isrc/util/ to build flags and update for
  moved files
* src/libvirt_private.syms: Export cgroup APIs since they're now
  in util rather than linking directly to drivers
* src/xen/xs_internal.c: Disable bogus virEventRemoveHandle call
  when built under PROXY
* proxy/Makefile.am: Update for changed file locations. Remove
  bogus build of event.c
* tools/Makefile.am, tests/Makefile.am: Add -Isrc/util/ to build flags

Fix  https://bugzilla.redhat.com/show_bug.cgi?id=479517

* src/buf.c: Cast to 'unsigned char' before doing compare to
  avoid rejecting 8-bit high characters

daniel

	* qemud/internal.h, qemud/qemud.h: Rename this file so it
	doesn't conflict with src/internal.h.
	* HACKING: Document how header files should be used.
	* qemud/Makefile.am: Add src/ directory to includes.
	* qemud/event.c, qemud/mdns.c, qemud/qemud.c, qemud/remote.c,
	qemud/remote_protocol.c, qemud/remote_protocol.h,
	qemud/remote_protocol.x, src/buf.c, src/libvirt.c,
	src/nodeinfo.c, src/qemu_conf.c, src/qemu_driver.c,
	src/stats_linux.c, src/storage_backend.c, src/storage_backend_fs.c,
	src/storage_backend_iscsi.c, src/storage_backend_logical.c,
	src/storage_conf.c, src/storage_driver.c, src/util.c,
	src/util.h, src/virsh.c, src/virterror.c, src/xend_internal.c,
	src/xml.c, tests/reconnect.c, tests/xmlrpctest.c,
	tests/qparamtest.c: Standardize	use of header files.
	* docs/*, po/*: Rebuild docs.

Up to now, we've been avoiding ctype functions like isspace, isdigit,
etc.  because they are locale-dependent.  Now that we have the c-ctype
functions, we can start using *them*, to make the code more readable
with changes like these:

-        /* This may not work on EBCDIC. */
-        if ((*p >= 'a' && *p <= 'z') ||
-            (*p >= 'A' && *p <= 'Z') ||
-            (*p >= '0' && *p <= '9'))
+        if (c_isalnum(*p))

-    while ((*cur >= '0') && (*cur <= '9')) {
+    while (c_isdigit(*cur)) {

Also, some macros in conf.c used names that conflicted with
standard meaning of "BLANK" and "SPACE", so I've adjusted them
to be in line with the definition of e.g., isblank.
In addition, I've wrapped those statement macros with do {...} while (0),
so that we can't forget the ";" after a use.  There was one like that
already (fixed below).  The missing semicolon would mess up automatic
indenting.
* src/buf.c (virBufferURIEncodeString):
* src/conf.c (IS_EOL, SKIP_BLANKS_AND_EOL, SKIP_BLANKS)
(virConfParseLong, virConfParseValue, virConfParseName)
(virConfParseSeparator, virConfParseStatement, IS_BLANK, IS_CHAR)
(IS_DIGIT, IS_SPACE, SKIP_SPACES):
* src/nodeinfo.c:
* src/qemu_conf.c (qemudParseInterfaceXML):
* src/qemu_driver.c (qemudDomainBlockStats):
* src/sexpr.c:
* src/stats_linux.c:
* src/util.c (virParseNumber, virDiskNameToIndex):
* src/uuid.c (hextobin, virUUIDParse):
* src/virsh.c:
* src/xml.c (parseCpuNumber, virParseCpuSet):

# Convert uses of isspace to c_isspace, isdigit to c_isdigit, etc.
re=$(man isspace|grep is.....,.is|sed 's/ -.*//' \
  |tr -s ', \n' \||sed 's/^|//;s/|$//')
git grep -l -E "$re"|grep -Ev 'Chan|gnulib' \
  |xargs perl -pi -e 's/\b('"$re"')\b/c_$1/g'
# Remove all uses of to_uchar
git grep -l to_uchar|xargs perl -pi -e 's/to_uchar\((.*?)\)/$1/g'
* src/util.h (to_uchar): Remove definition.
(TOLOWER): Remove definition.
(__virMacAddrCompare): Use c_tolower, not TOLOWER.
Globally:
  Where needed, change <ctype.h> to <c-ctype.h>.
  Remove unnecessary inclusion of <ctype.h>.
Ensure the global changes are never needed again:
* Makefile.maint (sc_avoid_ctype_macros): Prohibit use of ctype
macros.   Recommend c-ctype.h instead.
(sc_prohibit_c_ctype_without_use): New rule.
(sc_prohibit_ctype_h): New rule.  Disallow use of <ctype.h>.

Done using this command (also includes .c.in and .h.in files):
for i in $(g ls-files|grep -E '\.[ch](\.in)?$'|grep -v gnulib); do
  expand -i $i > j && mv j $i;done

Done with these commands:
git grep -l Local.variab|xargs \
  perl -0x3b -pi -e 's,\n+/\*\n \* vim:(.|\n)*,\n,'

git grep -l Local.variab|xargs \
  perl -0x3b -pi -e 's,\n+/\*\n \* Local variables:\n(.|\n)*,\n,'

* Makefile.cfg (local-checks-to-skip): Remove sc_trailing_blank.
* .x-sc_trailing_blank: New file, to exempt the few binary files.

Use <config.h>, not "config.h", per autoconf documentation.
* Makefile.cfg (local-checks-to-skip) [sc_require_config_h]: Enable.
* .x-sc_require_config_h: New file, to list exempted files.
* Makefile.am (EXTRA_DIST): Add .x-sc_require_config_h.

Likewise, given if (foo != NULL) free (foo); remove the useless "if" test.

* proxy/libvirt_proxy.c: Remove unnecessary "if" test before free.
* python/generator.py: Likewise.
* qemud/qemud.c: Likewise.
* src/buf.c: Likewise.
* src/conf.c: Likewise.
* src/hash.c: Likewise.
* src/iptables.c: Likewise.
* src/libvirt.c: Likewise.
* src/openvz_conf.c: Likewise.
* src/qemu_conf.c: Likewise.
* src/qemu_driver.c: Likewise.
* src/remote_internal.c: Likewise.
* src/test.c: Likewise.
* src/virsh.c: Likewise.
* src/virterror.c: Likewise.
* src/xen_internal.c: Likewise.
* src/xen_unified.c: Likewise.
* src/xend_internal.c: Likewise.
* src/xm_internal.c: Likewise.
* src/xml.c: Likewise.
* src/xmlrpc.c: Likewise.
* src/xs_internal.c: Likewise.
* tests/testutils.c: Likewise.
* tests/xencapstest.c: Likewise.
* tests/xmconfigtest.c: Likewise.

	* src/buf.c, src/buf.h: Added utility functions
	  virBufferURIEncodeString and virBufferAddChar to the
	  buffer module.

        * src/buf.c (virBufferEscapeString): '<' escaped as "&lt;"

Given code like: T *var = calloc (n, sizeof (T));
Convert to this: T *var = calloc (n, sizeof (*var));
This first-cut change adjusts all malloc, calloc, and
realloc statements.

The only binary differences are in remote_internal.c
(due to the bug fix) and in xmlrpc.c (due to factorization).

* python/libvir.c: As above.
* qemud/event.c: Likewise.
* qemud/mdns.c: Likewise.
* qemud/qemud.c: Likewise.
* qemud/remote.c: Likewise.
* src/bridge.c: Likewise.
* src/buf.c: Likewise.
* src/conf.c: Likewise.
* src/hash.c: Likewise.
* src/iptables.c: Likewise.
* src/openvz_conf.c: Likewise.
* src/qemu_conf.c: Likewise.
* src/qemu_driver.c: Likewise.
* src/test.c: Likewise.
* src/xen_internal.c: Likewise.
* src/xen_unified.c: Likewise.
* src/xm_internal.c: Likewise.
* src/xml.c: Likewise.
* tests/qemuxml2argvtest.c: Likewise.
* src/xmlrpc.c (xmlRpcValuePtr): Likewise, and minor factorization.
* src/remote_internal.c (remoteAuthMakeCredentials): Use the right
type when allocating space for an array of cred _pointers_.

* qemud/event.c: Likewise.
* src/buf.c: Likewise.
* src/hash.c: Likewise.
* src/nodeinfo.c: Likewise.
* src/openvz_conf.c: Likewise.
* src/proxy_internal.c: Likewise.
* src/virterror.c: Likewise.
* src/xmlrpc.c: Likewise.
* src/xs_internal.c: Likewise.
* tests/conftest.c: Likewise.
* tests/xmlrpctest.c: Likewise.
This fixes a mingw build failure reported by Rich Jones.

Author: Jim Meyering <meyering@redhat.com>

* src/buf.c: fix virBufferContentAndFree to make sure the string is
  always 0 terminated.
Daniel

  due to an error in growing buffers.
Daniel