|
177dcfc7
|
2018-05-18T15:16:53
|
|
path: hide the dotgit file functions
These can't go into the public API yet as we don't want to introduce API or ABI
changes in a security release.
|
|
0aa65f8d
|
2018-05-16T15:56:04
|
|
path: add functions to detect .gitconfig and .gitattributes
|
|
22973e09
|
2018-05-16T14:47:04
|
|
path: provide a generic function for checking dogit files on NTFS
It checks against the 8.3 shortname variants, including the one which includes
the checksum as part of its name.
|
|
0283fc46
|
2018-05-16T11:56:04
|
|
path: provide a generic dogit checking function for HFS
This lets us check for other kinds of reserved files.
|
|
9de97ae7
|
2018-05-16T15:42:08
|
|
path: add a function to detect an .gitmodules file
Given a path component it knows what to pass to the filesystem-specific
functions so we're protected even from trees which try to use the 8.3 naming
rules to get around us matching on the filename exactly.
The logic and test strings come from the equivalent git change.
|
|
397abe98
|
2018-05-14T16:03:15
|
|
submodule: also validate Windows-separated paths for validity
Otherwise we would also admit `..\..\foo\bar` as a valid path and fail to
protect Windows users.
Ideally we would check for both separators without the need for the copied
string, but this'll get us over the RCE.
|
|
6b15ceac
|
2018-04-30T13:47:15
|
|
submodule: ignore submodules which include path traversal in their name
If the we decide that the "name" of the submodule (i.e. its path inside
`.git/modules/`) is trying to escape that directory or otherwise trick us, we
ignore the configuration for that submodule.
This leaves us with a half-configured submodule when looking it up by path, but
it's the same result as if the configuration really were missing.
The name check is potentially more strict than it needs to be, but it lets us
re-use the check we're doing for the checkout. The function that encapsulates
this logic is ready to be exported but we don't want to do that in a security
release so it remains internal for now.
|
|
86353a72
|
2018-04-22T14:57:02
|
|
Merge pull request #4173 from tiennou/mbedtls
mbedTLS support
|
|
5d346c11
|
2018-04-22T14:51:00
|
|
Merge pull request #4525 from pks-t/pks/config-iterate-in-order
Configuration entry iteration in order
|
|
2b967226
|
2018-04-22T14:43:18
|
|
Merge pull request #4580 from pks-t/pks/diff-like-git-coalesce
blame_git: fix coalescing step never being executed
|
|
0ad2372b
|
2018-04-20T21:25:01
|
|
Merge pull request #4636 from tiennou/fix/leaks
Fix leaks in master
|
|
232dd4de
|
2018-04-20T20:36:31
|
|
Merge pull request #4635 from tiennou/fix/leaks-v0.27.1
Leak fixes for v0.27.1
|
|
8d138f89
|
2018-04-20T20:28:48
|
|
Merge pull request #4577 from csware/reflog-worktree-head
worktree: Read worktree specific reflog for HEAD
|
|
592b200c
|
2018-04-18T21:41:44
|
|
refspec: check for valid parameters in git_refspec__dwim_one
CID:1383993, "In git_refspec__dwim_one: All paths that lead to this null pointer comparison already dereference the pointer earlier (CWE-476)"
|
|
df4937b8
|
2018-04-18T20:57:16
|
|
remote: repo is optional here
As per CID:1378747, we might be called with a NULL repo, which would be deferenced in write_add_refspec
|
|
8122ef98
|
2018-04-19T01:08:18
|
|
worktree: fix calloc of the wrong object type
|
|
836ec316
|
2018-04-19T01:05:05
|
|
local: fix a leaking reference when iterating over a symref
Valgrind log :
==17702== 18 bytes in 1 blocks are indirectly lost in loss record 69 of 1,123
==17702== at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==17702== by 0x5FDBB49: strdup (strdup.c:42)
==17702== by 0x632B3E: git__strdup (util.h:106)
==17702== by 0x632D2C: git_reference__alloc_symbolic (refs.c:64)
==17702== by 0x62E0AF: loose_lookup (refdb_fs.c:408)
==17702== by 0x62E636: refdb_fs_backend__iterator_next (refdb_fs.c:565)
==17702== by 0x62CD8E: git_refdb_iterator_next (refdb.c:147)
==17702== by 0x6347F2: git_reference_next (refs.c:838)
==17702== by 0x6345CB: git_reference_foreach (refs.c:748)
==17702== by 0x66BE62: local_download_pack (local.c:579)
==17702== by 0x5DB48F: git_fetch_download_pack (fetch.c:148)
==17702== by 0x639028: git_remote_download (remote.c:932)
==17702== by 0x63919A: git_remote_fetch (remote.c:969)
==17702== by 0x4ABEDD: test_fetchhead_nonetwork__fetch_into_repo_with_symrefs (nonetwork.c:362)
==17702== by 0x4125D9: clar_run_test (clar.c:222)
==17702== by 0x41287C: clar_run_suite (clar.c:286)
==17702== by 0x412DDE: clar_test_run (clar.c:433)
==17702== by 0x4105E1: main (main.c:24)
|
|
8529ac9b
|
2018-04-17T23:38:46
|
|
Merge pull request #4524 from pks-t/pks/worktree-refs
worktree: add ability to create worktree with pre-existing branch
|
|
1fd26760
|
2018-04-17T23:33:06
|
|
Merge pull request #4618 from tiennou/fix/pwned-references
refs: preserve the owning refdb when duping reference
|
|
99ec4fdb
|
2018-04-17T20:06:30
|
|
crlf: wrap line
|
|
a5115842
|
2017-01-28T18:31:11
|
|
crlf: update checkout logic to reflect Git 2.9+ behaviour
Signed-off-by: Sven Strickroth <email@cs-ware.de>
|
|
286a6765
|
2018-04-17T14:32:56
|
|
Merge pull request #4522 from csware/submodules-should-report-parse-errors
Submodules-API should report .gitmodules parse errors instead of ignoring them
|
|
e5f32e81
|
2018-04-17T00:08:20
|
|
Merge pull request #4514 from tiennou/fix/pkt-type-enum
Typedef git_pkt_type and clarify recv_pkt return type
|
|
17339cb3
|
2018-04-16T15:35:56
|
|
Merge pull request #4596 from pks-t/pks/ssh-disconnect
transports: ssh: disconnect session before freeing it
|
|
1926163a
|
2018-04-16T15:33:43
|
|
Merge pull request #4622 from pks-t/pks/revwalk-hide-newer-parents
revwalk: fix uninteresting revs sometimes not limiting graphwalk
|
|
69870a67
|
2018-04-16T15:19:37
|
|
Merge pull request #4614 from pks-t/pks/gitignore-trailing-spaces
attr_file: fix handling of directory patterns with trailing spaces
|
|
54fd80e3
|
2018-04-12T13:32:27
|
|
revwalk: fix uninteresting revs sometimes not limiting graphwalk
When we want to limit our graphwalk, we use the heuristic of checking
whether the newest limiting (uninteresting) revision is newer than the
oldest interesting revision. We do so by inspecting whether the first
item's commit time of the user-supplied list of revisions is newer than
the last added interesting revision. This is wrong though, as the user
supplied list is in no way guaranteed to be sorted by increasing commit
dates. This could lead us to abort the revwalk early before applying all
relevant limiting revisions, outputting revisions which should in fact
have been hidden.
Fix the heuristic by instead checking whether _any_ of the limiting
commits was made earlier than the last interesting commit. Add a test.
|
|
251d8771
|
2018-04-06T12:24:10
|
|
attr_file: fix handling of directory patterns with trailing spaces
When comparing whether a path matches a directory rule, we pass the
both the path and directory name to `fnmatch` with
`GIT_ATTR_FNMATCH_DIRECTORY` being set. `fnmatch` expects the pattern to
contain no trailing directory '/', which is why we try to always strip
patterns of trailing slashes. We do not handle that case correctly
though when the pattern itself has trailing spaces, causing the match to
fail.
Fix the issue by stripping trailing spaces and tabs for a rule previous
to checking whether the pattern is a directory pattern with a trailing
'/'. This replaces the whitespace-stripping in our ignore file parsing
code, which was stripping whitespaces too late. Add a test to catch
future breakage.
|
|
13a77274
|
2018-02-26T21:33:55
|
|
smart: typo
|
|
2cf9b84c
|
2018-04-11T19:13:42
|
|
smart: free the pkt when we fail to store it
|
|
32586d5e
|
2018-04-11T19:03:57
|
|
smart: separate error handling from pkt handling
|
|
01381149
|
2018-02-26T21:27:10
|
|
smart: make out arguments explicit on recv_pkt
|
|
08961c9d
|
2017-08-22T16:29:07
|
|
smart: typedef git_pkt_type and clarify recv_pkt return type
|
|
54554757
|
2018-03-29T22:14:14
|
|
cmake: make our preferred backend ordering consistent
|
|
b3e0280d
|
2018-03-29T22:14:11
|
|
mbedtls: display error codes as hex for consistency with mbedTLS docs
Remaining parts of https://github.com/JuliaLang/julia/blob/8d47a314537779c8fb86642c54925613628a91b0/deps/patches/libgit2-mbedtls-fixup.patch
|
|
382ed1e8
|
2018-03-29T22:14:09
|
|
mbedtls: load default CA certificates
|
|
1edde0bc
|
2018-03-29T22:14:08
|
|
mbedtls: use mbedTLS certificate verification
Taken from https://github.com/JuliaLang/julia/blob/8d47a314537779c8fb86642c54925613628a91b0/deps/patches/libgit2-mbedtls-verify.patch, with some modifications.
|
|
4165bb7f
|
2018-03-29T22:14:06
|
|
mbedtls: use our own certificate validation
Otherwise REQUIRED means that `git_stream_certificate` will always error.
We're doing the mbedtls check in verify_server_cert though.
|
|
ec79b0fd
|
2018-03-29T22:14:04
|
|
mbedtls: fix libgit2 hanging due to incomplete writes
|
|
2419cccd
|
2018-03-29T22:14:02
|
|
mbedtls: default cipher list support
|
|
60e1ad92
|
2018-03-29T22:14:01
|
|
mbedtls: add global initialization
|
|
6c6be3ce
|
2018-03-29T22:13:59
|
|
mbedtls: use libmbedcrypto for hashing
|
|
1a1875f3
|
2018-03-29T22:13:58
|
|
mbedtls: proper certificate verification
|
|
ca3b2234
|
2018-03-29T22:13:56
|
|
mbedtls: initial support
|
|
5e19a7f9
|
2018-04-10T21:16:43
|
|
refs: preserve the owning refdb when duping reference
This fixes a segfault in git_reference_owner on references returned from git_reference__read_head and git_reference_dup ones.
|
|
6c55fbf3
|
2018-04-06T10:39:16
|
|
transports: local: fix assert when fetching into repo with symrefs
When fetching into a repository which has symbolic references via the
"local" transport we run into an assert. The assert is being triggered
while we negotiate the packfile between the two repositories. When
hiding known revisions from the packbuilder revwalk, we unconditionally
hide all references of the local refdb. In case one of these references
is a symbolic reference, though, this means we're trying to hide a
`NULL` OID, which triggers the assert.
Fix the issue by only hiding OID references from the revwalk. Add a test
to catch this issue in the future.
|
|
bc5ced66
|
2018-04-04T21:28:31
|
|
diff: Add missing GIT_DELTA_TYPECHANGE -> 'T' mapping.
This adds the 'T' status character to git_diff_status_char() for diff
entries that change type.
|
|
d9007dc8
|
2018-04-03T11:36:27
|
|
Merge pull request #4607 from Sp1l/private/fix-libressl-2.7
Fix build with LibreSSL 2.7
|
|
c42261a3
|
2018-04-03T09:38:38
|
|
Merge pull request #4603 from pks-t/pks/appveyor-winhttp-workaround
appveyor: workaround for intermittent test failures
|
|
b5e0cfa7
|
2018-04-03T09:32:33
|
|
Merge pull request #4601 from bgermann/master
sha1dc: update to fix errors with endianess
|
|
7490d449
|
2018-04-02T20:00:07
|
|
Fix build with LibreSSL 2.7
LibreSSL 2.7 adds OpenSSL 1.1 API
Signed-off-by: Bernard Spil <brnrd@FreeBSD.org>
|
|
dc27772c
|
2018-03-30T13:12:26
|
|
Merge pull request #4378 from cjhoward92/fix/submodule-add-check-index
submodule: check index for path and prefix before adding submodule
|
|
fbe52fa3
|
2018-03-29T10:18:51
|
|
util: fix missing headers for MinGW environments
There are multiple references to undefined functions in the Microsoft
builds. Add headers to make them known.
|
|
b6276ae0
|
2018-03-29T09:15:48
|
|
odb: mempack: fix leaking objects when freeing mempacks
When a ODB mempack gets free'd, we take no measures at all to free its
contents, most notably the objects added to the database, resulting in a
memory leak. Call `git_mempack_reset` previous to freeing the ODB
structures themselves, which takes care of releasing all associated
data structures.
|
|
c9e5ba09
|
2018-03-28T17:37:39
|
|
sha1dc: update to fix errors with endianess
This updates the version of SHA1DC to c3e1304ea3.
|
|
69a282da
|
2018-03-28T06:48:55
|
|
submodule: add more robust error handling when a submodule path is found on add
|
|
75203d03
|
2018-03-16T11:18:02
|
|
blame_git: fix coalescing step never being executed
Since blame has been imported from git.git and had its first share of
refactorings in b6f60a4d9 (Clean up ported code, 2013-09-21), the code
is actually not doing the coalescing step of the generated blame. While
the code to do the coalescing does exist, it is never being called as
the function `git_blame__like_git` will directly return from its `while
(true)` loop.
The function that was being imported from git.git was the `assign_blame`
function from "builtin/blame.c" from 717d1462b (git-blame --incremental,
2007-01-28), which hasn't really changed much. Upon taking an initial
look, one can seet hat `coalesce` is actually never getting called in
`assign_blame`, as well, so one may assume that not calling `coalesce`
by accident is actually the right thing. But it is not, as `coalesce` is
being called ever since cee7f245d (git-pickaxe: blame rewritten.,
2006-10-19) after the blame has been done in the caller of
`assign_blame`. Thus we can conclude the code of libgit2 is actually
buggy since forever.
To fix the issue, simply break out of the loop instead of doing a direct
return. Note that this does not alter behaviour in any way visible to
our tests, which is unfortunate. But in order to not diverge from what
git.git does, I'd rather adapt to how it is being done upstream in order
to avoid breaking certain edge cases than to just remove that code.
|
|
eb0a3afd
|
2018-03-11T15:35:56
|
|
worktree: Read worktree specific reflog for HEAD
Signed-off-by: Sven Strickroth <email@cs-ware.de>
|
|
e55b5373
|
2018-02-08T12:36:47
|
|
Submodule API should report .gitmodules parse errors
Signed-off-by: Sven Strickroth <email@cs-ware.de>
|
|
c07abd65
|
2018-03-27T07:37:34
|
|
submodule: add better error handling to is_path_occupied
|
|
b282ca79
|
2018-01-06T10:57:32
|
|
submodule: change can_add_submodule to is_path_occupied
|
|
ef9a7749
|
2017-11-19T20:59:59
|
|
submodule: update index check to check path before directory and fix tests
|
|
9371149f
|
2017-10-20T14:24:01
|
|
submodule: fix styling errors
|
|
ad1c4350
|
2017-10-16T15:30:47
|
|
submodule: check index for prefix before adding submodule
submodule: check path and prefix before adding submodule
submodule: fix test errors
|
|
874ce161
|
2018-03-27T15:03:15
|
|
transports: ssh: replace deprecated function `libssh2_session_startup`
The function `libssh2_session_startup` has been deprecated since libssh2
version 1.2.8 in favor of `libssh2_session_handshake` introduced in the
same version. libssh2 1.2.8 was released in April 2011, so it is already
seven years old. It is available in Debian Wheezy, Ubuntu Trusty and
CentOS 7.4, so the most important and conservative distros already have
it available. As such, it seems safe to just use the new function.
|
|
2785cc8e
|
2018-03-27T14:49:21
|
|
transports: ssh: disconnect session before freeing it
The function `ssh_stream_free` takes over the responsibility of closing
channels and streams just before freeing their memory, but it does not
do so for the session. In fact, we never disconnect the session
ourselves at all, as libssh2 will not do so itself upon freeing the
structure. Quoting the documentation of `libssh2_session_free`:
> Frees all resources associated with a session instance. Typically
> called after libssh2_session_disconnect_ex,
The missing disconnect probably stems from a misunderstanding what it
actually does. As we are already closing the TCP socket ourselves, the
assumption was that no additional disconnect is required. But calling
`libssh2_session_disconnect` will notify the server that we are cleanly
closing the connection, such that the server can free his own resources.
Add a call to `libssh2_session_disconnect` to fix that issue.
[1]: https://www.libssh2.org/libssh2_session_free.html
|
|
cdd0bc2f
|
2018-03-26T18:44:13
|
|
checkout: change default strategy to SAFE
As per #4200, our default is quite surprising to users that expect checkout to just "do the thing".
|
|
6a15f657
|
2018-02-09T13:02:26
|
|
config_file: iterate over keys in the order they were added
Currently, all configuration entries were only held in a string map,
making iteration order mostly based on the hash of each entry's key. Now
that we have extended the `diskfile_entries` structure by a list of
config entries, we can effectively iterate through entries in the order
they were added, though.
|
|
3a82475f
|
2018-02-09T12:49:45
|
|
config_file: add list holding config entries in order of appearance
Right now, we only keep all configuration entries in a string map. This
is required to efficiently access configuration entries by keys. It has
the disadvantage of not being able to iterate through configuration
entries in the order they were read, though. Instead, we only iterate
through entries in a seemingly random order.
Extend `diskfile_entries` by another list holding configuration entries.
Like this, we maintain all entries in two data structures and can use
the required one based on the current use case.
|
|
8c0b0717
|
2018-02-09T12:32:24
|
|
config_file: pass complete entry structure into `append_entry`
Currently, we only parse the entry map into `append_entry` to append new
configuration entries to it. Instead, though, we can just pass the
complete `diskfile_entries` structure into it. This allows us to easily
extend `diskfile_entries` by another singly linked list of configuration
entries.
|
|
eafb8402
|
2018-02-09T12:29:16
|
|
config_file: rename `refcounted_strmap` to `diskfile_entries`
The config file parsing code all revolves around the `refcounted_strmap`
structure, which is a map of entry names to their respective keys. This
naming scheme made grasping the code quite hard, warranting a rename. A
good alternative is `diskfile_entries`, making clear that this really
only holds all configuration entries.
Furthermore, we are about to introduce a new linked list of
configuration entries into the configuration file code. This list will
be used to iterate over configuration entries in the order they are
listed inside of the parsed configuration file. After renaming
`refcounted_strmap` to `diskfile_entries`, this struct also becomes the
natural target where to add that new list. Like this, data structures
holding all entries are neatly contained inside of it.
|
|
e3c8462c
|
2018-02-09T11:50:28
|
|
config_file: rename parse_data struct
The struct `parse_data` sounds as if it was defined and passed to us
from the configuration parser, which is not true. Instead, `parse_data`
is specific to the diskfile backend parsing logic. Rename it to
`diskfile_parse_state` to make that clearer. This also follows existing
naming patterns with the "diskfile" prefix.
|
|
18117a6c
|
2018-02-09T11:43:13
|
|
config_file: use new line to declare new variable
|
|
b6f88706
|
2018-02-09T11:39:26
|
|
config_file: refactor freeing of config entry lists
The interface for freeing config list entries is more tangled than
required. Instead of calling `cvar_free` for every list entry in
`free_vars`, we now just provide a function `config_entry_list_free`.
This function will iterate through all list entries and free the
associated configuration entry as well as the list entry itself.
|
|
2d1f6676
|
2018-02-09T11:35:54
|
|
config_file: rename cvar_t struct to config_entry_list
The `cvar_t` structure is really awkward to grasp, because its name
actively hinders discovery of what it actually is. As it is nothing more
than a singly-linked list of configuration entries, name rename it to
just that: `config_entry_list`.
|
|
26cf48fc
|
2018-02-09T11:35:16
|
|
config_file: move include depth into config entry
In order to reject writes to included configuration entries, we need to
keep track of whether an entry was included via another configuration
file or not. This information is being stored in the `cvar` structure,
which is a rather weird location, as it is only used to create a list
structure of config entries.
Move the include depth into the structure `git_config_entry` instead.
While this fixes the layering issue, it enables users of libgit2 to
access the depth, too.
|
|
fcb0d841
|
2018-02-09T11:19:47
|
|
config_file: move cvar handling into `append_entry`
The code appending new configuration entries to our current list first
allocates the `cvar` structure and then passes it to `append_entry`. As
we want to extend `append_entry` to store configuration entries in a map
as well as in a list for ordered iteration, we will have to create two
`cvar` structures, though. As such, the future change will become much
easier when allocation of the `cvar` structure is doen in `append_entry`
itself.
|
|
dfcd923c
|
2018-02-09T11:15:32
|
|
config_file: remove unused list iteration macros
We currently provide a lot of macros for the `cvar_t` structure which
are never being used. In fact, the only macro we need is to access the
`next` pointer of `cvar_t`, which really does not require a macro at
all.
Remove all these macros and replace usage of `CVAR_LIST_NEXT(cvar)` with
`cvar->next`.
|
|
a52b4c51
|
2018-03-23T09:59:46
|
|
odb: fix writing to fake write streams
In commit 7ec7aa4a7 (odb: assert on logic errors when writing objects,
2018-02-01), the check for whether we are trying to overflowing the fake
stream buffer was changed from returning an error to raising an assert.
The conversion forgot though that the logic around `assert`s are
basically inverted. Previously, if the statement
stream->written + len > steram->size
evaluated to true, we would return a `-1`. Now we are asserting that
this statement is true, and in case it is not we will raise an error. So
the conversion to the `assert` in fact changed the behaviour to the
complete opposite intention.
Fix the assert by inverting its condition again and add a regression
test.
|
|
0e4f3d9d
|
2018-03-03T21:47:22
|
|
gitno_extract_url_parts: decode hostnames
RFC 3986 says that hostnames can be percent encoded. Percent decode
hostnames in our URLs.
|
|
05551ca0
|
2018-03-03T20:14:54
|
|
Remove now unnecessary `gitno_unescape`
|
|
60e7848e
|
2018-03-03T20:13:30
|
|
gitno_extract_url_parts: use `git_buf`s
Now that we can decode percent-encoded strings as part of `git_buf`s,
use that decoder in `gitno_extract_url_parts`.
|
|
6f577906
|
2018-03-03T20:09:09
|
|
ssh urls: use `git_buf_decode_percent`
Use `git_buf_decode_percent` so that we can avoid allocating a temporary
buffer.
|
|
8070a357
|
2018-03-03T18:47:35
|
|
Introduce `git_buf_decode_percent`
Introduce a function to take a percent-encoded string (URI encoded,
described by RFC 1738) and decode it into a `git_buf`.
|
|
16210877
|
2018-02-28T12:59:47
|
|
Unescape repo before constructing ssh request
|
|
8a2cdbd3
|
2018-02-28T12:58:58
|
|
Rename unescape and make non-static
|
|
3db1af1f
|
2018-03-08T12:36:46
|
|
index: error out on unreasonable prefix-compressed path lengths
When computing the complete path length from the encoded
prefix-compressed path, we end up just allocating the complete path
without ever checking what the encoded path length actually is. This can
easily lead to a denial of service by just encoding an unreasonable long
path name inside of the index. Git already enforces a maximum path
length of 4096 bytes. As we also have that enforcement ready in some
places, just make sure that the resulting path is smaller than
GIT_PATH_MAX.
Reported-by: Krishna Ram Prakash R <krp@gtux.in>
Reported-by: Vivek Parikh <viv0411.parikh@gmail.com>
|
|
3207ddb0
|
2018-03-08T12:00:27
|
|
index: fix out-of-bounds read with invalid index entry prefix length
The index format in version 4 has prefix-compressed entries, where every
index entry can compress its path by using a path prefix of the previous
entry. Since implmenting support for this index format version in commit
5625d86b9 (index: support index v4, 2016-05-17), though, we do not
correctly verify that the prefix length that we want to reuse is
actually smaller or equal to the amount of characters than the length of
the previous index entry's path. This can lead to a an integer underflow
and subsequently to an out-of-bounds read.
Fix this by verifying that the prefix is actually smaller than the
previous entry's path length.
Reported-by: Krishna Ram Prakash R <krp@gtux.in>
Reported-by: Vivek Parikh <viv0411.parikh@gmail.com>
|
|
58a6fe94
|
2018-03-08T11:49:19
|
|
index: convert `read_entry` to return entry size via an out-param
The function `read_entry` does not conform to our usual coding style of
returning stuff via the out parameter and to use the return value for
reporting errors. Due to most of our code conforming to that pattern, it
has become quite natural for us to actually return `-1` in case there is
any error, which has also slipped in with commit 5625d86b9 (index:
support index v4, 2016-05-17). As the function returns an `size_t` only,
though, the return value is wrapped around, causing the caller of
`read_tree` to continue with an invalid index entry. Ultimately, this
can lead to a double-free.
Improve code and fix the bug by converting the function to return the
index entry size via an out parameter and only using the return value to
indicate errors.
Reported-by: Krishna Ram Prakash R <krp@gtux.in>
Reported-by: Vivek Parikh <viv0411.parikh@gmail.com>
|
|
53e692af
|
2018-03-02T12:49:54
|
|
worktree: rename parameter creason to reason
|
|
12356076
|
2018-03-02T12:41:04
|
|
worktree: lock reason should be const
|
|
8a8ea1db
|
2018-02-28T18:14:52
|
|
Merge pull request #4552 from libgit2/cmn/config-header-common
Cast less blindly between configuration objects
|
|
e8e490b2
|
2018-02-28T17:01:47
|
|
Merge pull request #4554 from pks-t/pks/curl-init
curl: initialize and cleanup global curl state
|
|
9cd0c6f1
|
2018-02-28T16:01:16
|
|
config: return an error if config_refresh is called on a snapshot
Instead of treating it as a no-op, treat it as a programming error and return
the same kind of error as if you called to set or delete variables on a
snapshot.
|
|
2022b004
|
2018-02-28T12:06:59
|
|
curl: explicitly initialize and cleanup global curl state
Our curl-based streams make use of the easy curl interface. This
interface automatically initializes and de-initializes the global curl
state by calling out to `curl_global_init` and `curl_global_cleanup`.
Thus, all global state will be repeatedly re-initialized when creating
multiple curl streams in succession. Despite being inefficient, this is
not thread-safe due to `curl_global_init` being not thread-safe itself.
Thus a multi-threaded programing handling multiple curl streams at the
same time is inherently racy.
Fix the issue by globally initializing and cleaning up curl's state.
|
|
a33deeb4
|
2018-02-28T12:20:23
|
|
win32: strncmp -> git__strncmp
The win32 C library is compiled cdecl, however when configured with
`STDCALL=ON`, our functions (and function pointers) will use the stdcall
calling convention. You cannot set a `__stdcall` function pointer to a
`__cdecl` function, so it's easier to just use our `git__strncmp`
instead of sorting that mess out.
|
|
2424e64c
|
2018-02-28T12:06:02
|
|
config: harden our use of the backend objects a bit
When we create an iterator we don't actually know that we have a live config
object and we must instead only rely on the header. We fixed it to use this in a
previous commit, but this makes it harder to misuse by converting to use the
header object in the typecast.
We also guard inside the `config_refresh` function against being given a
snapshot (although callers right now do check).
|
|
1785de4e
|
2018-02-28T11:46:17
|
|
config: move the level field into the header
We use it in a few places where we might have a full object or a snapshot so
move it to where we can actually access it.
|
|
c1524b2e
|
2018-02-28T11:33:11
|
|
config: move the repository to the diskfile header
We pass this around and when creating a new iterator we need to read the
repository pointer.
Put it in a common place so we can reach it regardless of whether we got a full
object or a snapshot.
|
|
c9d59c61
|
2018-02-27T12:45:21
|
|
Merge pull request #4545 from libgit2/ethomson/checkout_filemode
Respect core.filemode in checkout
|