kmx git

Commit	Date	Message
1a9d7c95	2016-02-28T19:43:45	Merge pull request #3644 from ethomson/debug_pool travis ci: enable debug pool for valgrind builds
da033560	2016-02-28T11:34:36	travis ci: enable debug pool for valgrind builds
6cc4bac8	2016-02-28T11:31:10	Merge pull request #3577 from rossdylan/rossdylan/pooldebug Add a new build flag to disable the pool allocator
93e16642	2016-02-26T12:51:13	Fixed typo in one of the ifndef's in pool.h used to enable/disable debug mode
9f4e7c84	2016-02-25T18:42:09	Merge pull request #3638 from ethomson/nsec USE_NSECS fixes
0d9a7498	2016-02-25T12:09:49	Merge pull request #3628 from pks-t/pks/coverity-fixes Coverity fixes
fd129f28	2016-02-25T11:59:00	Merge pull request #3630 from libgit2/cmn/idx-extra-check Extra checks for packfile indices
3d6a42d1	2016-02-25T11:23:19	nsec: support NDK's crazy nanoseconds Android NDK does not have a `struct timespec` in its `struct stat` for nanosecond support, instead it has a single nanosecond member inside the struct stat itself. We will use that and use a macro to expand to the `st_mtim` / `st_mtimespec` definition on other systems (much like the existing `st_mtime` backcompat definition).
a4c55069	2016-02-25T11:31:18	nsec: update staging test for GIT_USE_NSECS The index::nsec::staging_maintains_other_nanos test was created to ensure that when we stage an entry when GIT_USE_NSECS is unset that we truncate the index entry and do not persist the (old, invalid) nanosec values. Ensure that when GIT_USE_NSECS is set that we do not do that, and actually write the correct nanosecond values.
6d97beb9	2016-02-25T15:46:59	pack: don't allow a negative offset
ea9e00cb	2016-02-23T18:15:43	pack: make sure we don't go out of bounds for extended entries A corrupt index might have data that tells us to go look past the end of the file for data. Catch these cases and return an appropriate error message.
9dfe1140	2016-02-25T09:08:23	Merge pull request #3637 from libgit2/cmn/conventions CONVENTIONS: update to include general public API principles
1f8cb02f	2016-02-25T14:51:00	CONVENTIONS: update to include general public API principles
68ad3156	2016-02-24T17:17:57	openssl: we already had the function, just needed the header
f3d1be7d	2016-02-24T16:38:22	openssl: export the locking function when building without OpenSSL This got lost duing the move and it lets the users call this function just in case.
43955927	2016-02-23T22:27:36	Merge pull request #3631 from ethomson/giterr_fixups Minor `giterr` fixups
cd59e0c0	2016-02-23T13:05:49	giterr_set_str: remove `GITERR_OS` documentation The `giterr_set_str` does not actually honor `GITERR_OS`. Remove the documentation that claims that we do.
04c3b35f	2016-02-23T13:02:07	map: use `giterr_set` internally Use the `giterr_set` function, which actually supports `GITERR_OS`. The `giterr_set_str` function is exposed for external users and will not append the operating system's error message.
32f07984	2016-02-23T11:07:03	diff_tform: fix potential NULL pointer access The `normalize_find_opts` function in theory allows for the incoming diff to have no repository. When the caller does not pass in diff find options or if the GIT_DIFF_FIND_BY_CONFIG value is set, though, we try to derive the configuration from the diff's repository configuration without first verifying that the repository is actually set to a non-NULL value. Fix this issue by explicitly checking if the repository is set and if it is not, fall back to a default value of GIT_DIFF_FIND_RENAMES.
3d1abc5a	2016-02-22T17:13:23	xmerge: fix memory leak on error path
05bf67b9	2016-02-23T11:16:36	openssl_stream: fix NULL pointer dereference
2baf854e	2016-02-22T16:08:56	openssl_stream: fix memory leak when creating new stream
2afb6fa4	2016-02-22T16:05:13	rebase: plug memory leak in `rebase_alloc` Convert `rebase_alloc` to use our usual error propagation patterns, that is accept an out-parameter and return an error code that is to be checked by the caller. This allows us to use the GITERR_CHECK_ALLOC macro, which helps static analysis.
d0cb11e7	2016-02-22T16:01:03	remote: set error code in `create_internal` Set the error code when an error occurs in any of the called functions. This ensures we pass the error up to callers and actually free the remote when an error occurs.
0f1e2d20	2016-02-23T11:23:26	index: fix contradicting comparison The overflow check in `read_reuc` tries to verify if the `git__strtol32` parses an integer bigger than UINT_MAX. The `tmp` variable is casted to an unsigned int for this and then checked for being greater than UINT_MAX, which obviously can never be true. Fix this by instead fixing the `mode` field's size in `struct git_index_reuc_entry` to `uint32_t`. We can now parse the int with `git__strtol64`, which can never return a value bigger than `UINT32_MAX`, and additionally checking if the returned value is smaller than zero. We do not need to handle overflows explicitly here, as `git__strtol64` returns an error when the returned value would overflow.
2129d6df	2016-02-22T13:33:48	crlf: do not ignore GIT_PASSTHROUGH error When no payload is set for `crlf_apply` we try to compute the crlf attributes ourselves with `crlf_check`. When the function determines that the current file does not require any treatment we return the GIT_PASSTHROUGH error code without actually allocating the out-pointer, which indicates the file should not be passed through the filter. The `crlf_apply` function explicitly checks for the GIT_PASSTHROUGH return code and ignores it. This means we will try to apply the crlf-filter to the current file, leading us to dereference the unallocated payload-pointer. Fix this obviously incorrect behavior by not treating GIT_PASSTHROUGH in any special way. This is the correct thing to do anyway, as the code indicates that the file should not be passed through the filter.
b9f28b8d	2016-02-23T10:09:03	refspec: check buffer with GITERR_CHECK_ALLOC_BUF
c5bd70d1	2016-02-23T11:48:30	revwalk: use GITERR_CHECK_ALLOC_BUF
6e2a3755	2016-02-23T11:45:43	smart_pkt: check buffer with GITERR_CHECK_ALLOC_BUF
42c05ed5	2016-02-23T10:02:44	path: use GITERR_CHECK_ALLOC_BUF to verify passed in buffer
859ed5dd	2016-02-23T09:54:26	common: introduce GITERR_CHECK_ALLOC_BUF We commonly have to check if a git_buf has been allocated correctly or if we ran out of memory. Introduce a new macro similar to `GITERR_CHECK_ALLOC` which checks if we ran OOM and if so returns an error. Provide a `#nodef` for Coverity to mark the error case as an abort path.
f2a554b4	2016-02-22T14:43:28	coverity: hint git_vector_foreach does not deref NULL contents Coverity does not comprehend the connection between a vector's size and the contents pointer, that is that the vector's pointer is non-NULL when its size is positive. As the vector code should be reasonably well tested and users are expected to not manually modify a vector's contents it seems save to assume that the macros will never dereference a NULL pointer. Fix Coverity warnings by overriding the foreach macros with macros that explicitly aborting when (v)->contents is NULL.
7808c937	2016-02-22T15:59:15	index: plug memory leak in `read_conflict_names`
003c5e46	2016-02-22T15:52:49	transports: smart_pkt: fix memory leaks on error paths
793e0855	2016-02-22T14:06:48	refdb_fs: remove unnecessary check for NULL The fail-label of `reflog_parse` explicitly checks the entry poitner for NULL before freeing it. When we jump to the label the variable has to be set to a non-NULL and valid pointer though: if the allocation fails we immediately return with an error code and if the loop was not entered we return with a success code, withouth executing the label's code. Remove the useless NULL-check to silence Coverity.
be8479c9	2016-02-22T14:01:50	diff_print: assert patch is non-NULL When invoking `diff_print_info_init_frompatch` it is obvious that the patch should be non-NULL. We explicitly check if the variable is set and continue afterwards, happily dereferencing the potential NULL-pointer. Fix this by instead asserting that patch is set. This also silences Coverity.
bac52ab0	2016-02-22T13:48:45	pack-objects: return early when computing write order fails The function `compute_write_order` may return a `NULL`-pointer when an error occurs. In such cases we jump to the `done`-label where we try to clean up allocated memory. Unfortunately we try to deallocate the `write_order` array, though, which may be NULL here. Fix this error by returning early instead of jumping to the `done` label. There is no data to be cleaned up anyway.
d1c9a48d	2016-02-23T10:45:09	pack-objects: check realloc in try_delta with GITERR_CHECK_ALLOC
fb96b28c	2016-02-23T08:16:12	Merge pull request #3629 from ethomson/set_user_agent_doc git_libgit2_opts: minor documentation & usage fixes
7bab2e8f	2016-02-22T23:04:40	git_libgit2_opts: validate key
5bc93eae	2016-02-22T22:26:01	git_libgit2_opts: document GIT_OPT_SET_USER_AGENT
305c4f95	2016-02-22T10:16:49	Merge pull request #3627 from libgit2/cmn/typo Fix a few checkout -> rebase typos
88ab3be6	2016-02-22T15:41:01	Fix a few checkout -> rebase typos
c8fe6c09	2016-02-19T16:23:14	openssl: re-export the last-resort locking function We need to include the header where we define the function. Otherwise it won't be available on the DLL.
f1260e03	2016-02-19T09:13:40	Remove unnecessary ifdef in pool.h
f596946f	2016-02-19T13:52:04	CHANGELOG: add a few missing changes
deecaa2e	2016-02-19T13:31:54	openssl: free the context even if we don't connect
bf127eec	2016-02-19T13:24:41	global: remove an unused variable
78e16c34	2016-02-19T13:06:51	Merge pull request #3597 from ethomson/filter_registration Filter registration
b643501d	2016-02-19T10:21:37	Merge pull request #3614 from pks-t/pks/coverity-fixes Coverity fixes
8a62bf11	2016-02-15T11:28:33	netops: fix memory leak when an error occurs
b0f7512f	2016-02-15T11:46:10	transports: smart_pkt: fix memory leaks
704554cd	2016-02-15T11:37:48	transports: smart: fix memory leak on OOM path
038d7af0	2016-02-15T11:30:48	signature: use GITERR_CHECK_ALLOC to check for OOM situation When checking for out of memory situations we usually use the GITERR_CHECK_ALLOC macro. Besides conforming to our current code base it adds the benefit of silencing errors in Coverity due to Coverity handling the macro's error path as abort.
40f6f225	2016-02-15T10:58:52	coverity: hint that string length is at least 2 When checking if a string is prefixed by a drive letter (e.g. "C:") we verify this by inspecting the first and second character of the string. Coverity thinks this is a defect as we do not check the string's length first, but in fact we only check the second character if the first character is part of the alphabet, that is it cannot be '\0'. Fix this by overriding the macro and explicitly checking the string's length.
5981ab1d	2016-02-15T09:41:08	coverity: add nodefs for abort macros Add nodefs for macros that abort the current flow due to errors. This includes macros that trigger on integer overflows and for the version check macro. This aids Coverity as we point out that these paths will cause a fatal error.
c1b75f05	2016-02-18T15:11:31	Merge pull request #3604 from ethomson/nsec_xplat Handle `USE_NSECS`
b85d0afd	2016-02-18T15:11:02	Merge pull request #3606 from ethomson/drop_xp win32: drop xp support in WideCharToMultiByte
5663d4f6	2016-02-18T12:31:56	Merge pull request #3613 from ethomson/fixups Remove most of the silly warnings
594a5d12	2016-02-18T12:28:06	Merge pull request #3619 from ethomson/win32_forbidden win32: allow us to read indexes with forbidden paths on win32
298d1b07	2016-02-18T11:44:04	Merge pull request #3621 from pra85/patch-1 Fix a typo
9c26f90c	2016-02-18T11:39:55	PROJECTS: remove a few things we do have
d50bf716	2016-02-18T13:26:08	Fix a typo `compatability` → `compatibility`
318b825e	2016-02-16T17:11:46	index: allow read of index w/ illegal entries Allow `git_index_read` to handle reading existing indexes with illegal entries. Allow the low-level `git_index_add` to add properly formed `git_index_entry`s even if they contain paths that would be illegal for the current filesystem (eg, `AUX`). Continue to disallow `git_index_add_bypath` from adding entries that are illegal universally illegal (eg, `.git`, `foo/../bar`).
4fea9cff	2016-02-16T13:08:55	iterator: assert tree_iterator has a frame Although a `tree_iterator` that failed to be properly created does not have a frame, all other `tree_iterator`s should. Do not call `pop` in the failure case, but assert that in all other cases there is a frame.
a218b2f6	2016-01-22T16:03:37	Validate pointer before access the member. When Git repository at network locations, sometimes git_iterator_for_tree fails at iterator__update_ignore_case so it goes to git_iterator_free. Null pointer will crash the process if not check. Signed-off-by: Colin Xu <colin.xu@gmail.com>
4be2aa57	2016-02-16T18:50:08	win32: tests around handling forbidden paths Introduce a repository that contains some paths that were illegal on PC-DOS circa 1981 (like `aux`, `con`, `com1`) and that in a bizarre fit of retrocomputing, remain illegal on some "modern" computers, despite being "new technology". Introduce some aspirational tests that suggest that we should be able to cope with trees and indexes that contain paths that would be illegal on the filesystem, so that we can at least diff them. Further ensure that checkout will not write a repository with forbidden paths.
474bd2c1	2016-02-16T14:45:32	Merge pull request #3617 from libgit2/cmn/extract-sig-errors commit: expose the different kinds of errors
eadd0f05	2016-02-16T14:06:48	commit: expose the different kinds of errors We should be checking whether the object we're looking up is a commit, and we should let the caller know whether the not-found return code comes from a bad object type or just a missing signature.
9ce0399c	2016-02-12T10:27:05	winhttp: use an unsigned iterator
3b2fa0fb	2016-02-12T10:25:50	submodule: explicitly cast to the teensy time value
b2ca8d9c	2016-02-12T10:22:54	index: explicitly cast the teeny index entry members
997e0301	2016-02-12T10:11:32	index: don't use `seek` return as an error code
9a634cba	2016-02-12T10:03:29	index: explicitly cast new hash size to an int
0d9a39ea	2016-02-12T10:02:18	win32: drop incorrect `const`ness
c4d23928	2016-02-11T15:41:07	fstat: use our custom `stat`
aadad405	2016-02-11T14:28:31	tree: zap warnings around `size_t` vs `uint16_t`
1aa14921	2016-02-16T08:54:43	Merge pull request #3615 from ethomson/rebase_bare rebase: persist a single in-memory index
f28bae0c	2016-02-15T17:16:00	rebase: persist a single in-memory index When performing an in-memory rebase, keep a single index for the duration, so that callers have the expected index lifecycle and do not hold on to an index that is free'd out from under them.
35439f59	2016-02-11T12:24:21	win32: introduce p_timeval that isn't stupid Windows defines `timeval` with `long`, which we cannot sanely cope with. Instead, use a custom timeval struct.
5a296ad0	2016-02-12T00:55:20	Merge pull request #3610 from ethomson/rebase_bare rebase: introduce bare rebasing
2f2129b1	2016-02-11T15:47:01	Merge pull request #3612 from arthurschreiber/arthur/fix-3173 Horrible fix for #3173.
3679ebae	2016-02-11T23:37:52	Horrible fix for #3173.
460ae11f	2016-02-11T22:19:20	commit: don't forget the last header field When we moved the logic to handle the first one, wrong loop logic was kept in place which meant we still finished early. But we now notice it because we're not reading past the last LF we find. This was not noticed before as the last field in the tested commit was multi-line which does not trigger the early break.
66ce08a6	2016-02-11T22:16:34	Merge pull request #3607 from pks-t/pks/coverity-improvements Coverity improvements for GITERR_CHECK_ALLOC
263e674e	2016-02-11T11:41:23	merge tests: correct casts
ad8aa112	2016-02-11T11:26:42	reset test: fix initialization warning
a202e0d4	2016-02-11T10:11:21	rebase: allow custom merge_options Allow callers of rebase to specify custom merge options. This may allow custom conflict resolution, or failing fast when conflicts are detected.
ee667307	2016-02-11T10:48:48	rebase: introduce inmemory rebasing Introduce the ability to rebase in-memory or in a bare repository. When `rebase_options.inmemory` is specified, the resultant `git_rebase` session will not be persisted to disk. Callers may still analyze the rebase operations, resolve any conflicts against the in-memory index and create the commits. Neither `HEAD` nor the working directory will be updated during this process.
50174ab4	2016-02-10T11:06:23	coverity: use https URL for posting build When posting our instrumented build results to Coverity we have to include sensitive information, in particular our authorization token. Currently we use an unencrypted channel to post this information, leading to the token being transferred in plain. Fix this by using a secured connection instead.
8dddea42	2016-02-10T10:59:14	coverity: provide nodef for GITERR_CHECK_ALLOC Coverity currently lists a lot of errors with regard to GITERR_CHECK_ALLOC causing resource leaks. We know this macro is only invoked when we want to abort because we are out of memory. Coverity allows for overriding the default model where we know that certain functions guarantee a desired behavior. The user_nodefs.h is used to override the behavior of macros. Re-define GITERR_CHECK_ALLOC inside of it to specify its abort nature.
82abd40d	2016-02-07T13:35:16	filter: clean up documentation around custom filters
494e61b8	2016-02-09T17:44:59	win32: drop xp support in WideCharToMultiByte
9447b9e5	2016-02-09T10:40:33	xplat: use st_mtimespec everywhere on mac
488e2b85	2016-02-09T16:26:58	Merge pull request #3599 from libgit2/gpgsign Introduce git_commit_extract_signature
534cc5a3	2016-02-09T16:10:43	Merge pull request #3603 from pks-t/pks/coverity-fixes Coverity fixes
a65afb75	2016-02-08T18:51:13	Introduce git_commit_extract_signature This returns the GPG signature for a commit and its contents without the signature block, allowing for the verification of the commit's signature.
ab87cb18	2016-02-09T14:53:10	Merge pull request #3602 from libgit2/cmn/header-field-2 commit: also match the first header field when searching
24b8ed2b	2016-02-09T11:11:38	attr_file: fix resource leak
e2625457	2016-02-09T11:07:50	checkout: fix resource leak

1a9d7c95

2016-02-28T19:43:45

Merge pull request #3644 from ethomson/debug_pool travis ci: enable debug pool for valgrind builds

da033560

2016-02-28T11:34:36

travis ci: enable debug pool for valgrind builds

6cc4bac8

2016-02-28T11:31:10

Merge pull request #3577 from rossdylan/rossdylan/pooldebug Add a new build flag to disable the pool allocator

93e16642

2016-02-26T12:51:13

Fixed typo in one of the ifndef's in pool.h used to enable/disable debug mode

9f4e7c84

2016-02-25T18:42:09

Merge pull request #3638 from ethomson/nsec USE_NSECS fixes

0d9a7498

2016-02-25T12:09:49

Merge pull request #3628 from pks-t/pks/coverity-fixes Coverity fixes

fd129f28

2016-02-25T11:59:00

Merge pull request #3630 from libgit2/cmn/idx-extra-check Extra checks for packfile indices

3d6a42d1

2016-02-25T11:23:19

nsec: support NDK's crazy nanoseconds Android NDK does not have a `struct timespec` in its `struct stat` for nanosecond support, instead it has a single nanosecond member inside the struct stat itself. We will use that and use a macro to expand to the `st_mtim` / `st_mtimespec` definition on other systems (much like the existing `st_mtime` backcompat definition).

a4c55069

2016-02-25T11:31:18

nsec: update staging test for GIT_USE_NSECS The index::nsec::staging_maintains_other_nanos test was created to ensure that when we stage an entry when GIT_USE_NSECS is *unset* that we truncate the index entry and do not persist the (old, invalid) nanosec values. Ensure that when GIT_USE_NSECS is *set* that we do not do that, and actually write the correct nanosecond values.

6d97beb9

2016-02-25T15:46:59

pack: don't allow a negative offset

ea9e00cb

2016-02-23T18:15:43

pack: make sure we don't go out of bounds for extended entries A corrupt index might have data that tells us to go look past the end of the file for data. Catch these cases and return an appropriate error message.

9dfe1140

2016-02-25T09:08:23

Merge pull request #3637 from libgit2/cmn/conventions CONVENTIONS: update to include general public API principles

1f8cb02f

2016-02-25T14:51:00

CONVENTIONS: update to include general public API principles

68ad3156

2016-02-24T17:17:57

openssl: we already had the function, just needed the header

f3d1be7d

2016-02-24T16:38:22

openssl: export the locking function when building without OpenSSL This got lost duing the move and it lets the users call this function just in case.

43955927

2016-02-23T22:27:36

Merge pull request #3631 from ethomson/giterr_fixups Minor `giterr` fixups

cd59e0c0

2016-02-23T13:05:49

giterr_set_str: remove `GITERR_OS` documentation The `giterr_set_str` does not actually honor `GITERR_OS`. Remove the documentation that claims that we do.

04c3b35f

2016-02-23T13:02:07

map: use `giterr_set` internally Use the `giterr_set` function, which actually supports `GITERR_OS`. The `giterr_set_str` function is exposed for external users and will not append the operating system's error message.

32f07984

2016-02-23T11:07:03

diff_tform: fix potential NULL pointer access The `normalize_find_opts` function in theory allows for the incoming diff to have no repository. When the caller does not pass in diff find options or if the GIT_DIFF_FIND_BY_CONFIG value is set, though, we try to derive the configuration from the diff's repository configuration without first verifying that the repository is actually set to a non-NULL value. Fix this issue by explicitly checking if the repository is set and if it is not, fall back to a default value of GIT_DIFF_FIND_RENAMES.

3d1abc5a

2016-02-22T17:13:23

xmerge: fix memory leak on error path

05bf67b9

2016-02-23T11:16:36

openssl_stream: fix NULL pointer dereference

2baf854e

2016-02-22T16:08:56

openssl_stream: fix memory leak when creating new stream

2afb6fa4

2016-02-22T16:05:13

rebase: plug memory leak in `rebase_alloc` Convert `rebase_alloc` to use our usual error propagation patterns, that is accept an out-parameter and return an error code that is to be checked by the caller. This allows us to use the GITERR_CHECK_ALLOC macro, which helps static analysis.

d0cb11e7

2016-02-22T16:01:03

remote: set error code in `create_internal` Set the error code when an error occurs in any of the called functions. This ensures we pass the error up to callers and actually free the remote when an error occurs.

0f1e2d20

2016-02-23T11:23:26

index: fix contradicting comparison The overflow check in `read_reuc` tries to verify if the `git__strtol32` parses an integer bigger than UINT_MAX. The `tmp` variable is casted to an unsigned int for this and then checked for being greater than UINT_MAX, which obviously can never be true. Fix this by instead fixing the `mode` field's size in `struct git_index_reuc_entry` to `uint32_t`. We can now parse the int with `git__strtol64`, which can never return a value bigger than `UINT32_MAX`, and additionally checking if the returned value is smaller than zero. We do not need to handle overflows explicitly here, as `git__strtol64` returns an error when the returned value would overflow.

2129d6df

2016-02-22T13:33:48

crlf: do not ignore GIT_PASSTHROUGH error When no payload is set for `crlf_apply` we try to compute the crlf attributes ourselves with `crlf_check`. When the function determines that the current file does not require any treatment we return the GIT_PASSTHROUGH error code without actually allocating the out-pointer, which indicates the file should not be passed through the filter. The `crlf_apply` function explicitly checks for the GIT_PASSTHROUGH return code and ignores it. This means we will try to apply the crlf-filter to the current file, leading us to dereference the unallocated payload-pointer. Fix this obviously incorrect behavior by not treating GIT_PASSTHROUGH in any special way. This is the correct thing to do anyway, as the code indicates that the file should not be passed through the filter.

b9f28b8d

2016-02-23T10:09:03

refspec: check buffer with GITERR_CHECK_ALLOC_BUF

c5bd70d1

2016-02-23T11:48:30

revwalk: use GITERR_CHECK_ALLOC_BUF

6e2a3755

2016-02-23T11:45:43

smart_pkt: check buffer with GITERR_CHECK_ALLOC_BUF

42c05ed5

2016-02-23T10:02:44

path: use GITERR_CHECK_ALLOC_BUF to verify passed in buffer

859ed5dd

2016-02-23T09:54:26

common: introduce GITERR_CHECK_ALLOC_BUF We commonly have to check if a git_buf has been allocated correctly or if we ran out of memory. Introduce a new macro similar to `GITERR_CHECK_ALLOC` which checks if we ran OOM and if so returns an error. Provide a `#nodef` for Coverity to mark the error case as an abort path.

f2a554b4

2016-02-22T14:43:28

coverity: hint git_vector_foreach does not deref NULL contents Coverity does not comprehend the connection between a vector's size and the contents pointer, that is that the vector's pointer is non-NULL when its size is positive. As the vector code should be reasonably well tested and users are expected to not manually modify a vector's contents it seems save to assume that the macros will never dereference a NULL pointer. Fix Coverity warnings by overriding the foreach macros with macros that explicitly aborting when (v)->contents is NULL.

7808c937

2016-02-22T15:59:15

index: plug memory leak in `read_conflict_names`

003c5e46

2016-02-22T15:52:49

transports: smart_pkt: fix memory leaks on error paths

793e0855

2016-02-22T14:06:48

refdb_fs: remove unnecessary check for NULL The fail-label of `reflog_parse` explicitly checks the entry poitner for NULL before freeing it. When we jump to the label the variable has to be set to a non-NULL and valid pointer though: if the allocation fails we immediately return with an error code and if the loop was not entered we return with a success code, withouth executing the label's code. Remove the useless NULL-check to silence Coverity.

be8479c9

2016-02-22T14:01:50

diff_print: assert patch is non-NULL When invoking `diff_print_info_init_frompatch` it is obvious that the patch should be non-NULL. We explicitly check if the variable is set and continue afterwards, happily dereferencing the potential NULL-pointer. Fix this by instead asserting that patch is set. This also silences Coverity.

bac52ab0

2016-02-22T13:48:45

pack-objects: return early when computing write order fails The function `compute_write_order` may return a `NULL`-pointer when an error occurs. In such cases we jump to the `done`-label where we try to clean up allocated memory. Unfortunately we try to deallocate the `write_order` array, though, which may be NULL here. Fix this error by returning early instead of jumping to the `done` label. There is no data to be cleaned up anyway.

d1c9a48d

2016-02-23T10:45:09

pack-objects: check realloc in try_delta with GITERR_CHECK_ALLOC

fb96b28c

2016-02-23T08:16:12

Merge pull request #3629 from ethomson/set_user_agent_doc git_libgit2_opts: minor documentation & usage fixes

7bab2e8f

2016-02-22T23:04:40

git_libgit2_opts: validate key

5bc93eae

2016-02-22T22:26:01

git_libgit2_opts: document GIT_OPT_SET_USER_AGENT

305c4f95

2016-02-22T10:16:49

Merge pull request #3627 from libgit2/cmn/typo Fix a few checkout -> rebase typos

88ab3be6

2016-02-22T15:41:01

Fix a few checkout -> rebase typos

c8fe6c09

2016-02-19T16:23:14

openssl: re-export the last-resort locking function We need to include the header where we define the function. Otherwise it won't be available on the DLL.

f1260e03

2016-02-19T09:13:40

Remove unnecessary ifdef in pool.h

f596946f

2016-02-19T13:52:04

CHANGELOG: add a few missing changes

deecaa2e

2016-02-19T13:31:54

openssl: free the context even if we don't connect

bf127eec

2016-02-19T13:24:41

global: remove an unused variable

78e16c34

2016-02-19T13:06:51

Merge pull request #3597 from ethomson/filter_registration Filter registration

b643501d

2016-02-19T10:21:37

Merge pull request #3614 from pks-t/pks/coverity-fixes Coverity fixes

8a62bf11

2016-02-15T11:28:33

netops: fix memory leak when an error occurs

b0f7512f

2016-02-15T11:46:10

transports: smart_pkt: fix memory leaks

704554cd

2016-02-15T11:37:48

transports: smart: fix memory leak on OOM path

038d7af0

2016-02-15T11:30:48

signature: use GITERR_CHECK_ALLOC to check for OOM situation When checking for out of memory situations we usually use the GITERR_CHECK_ALLOC macro. Besides conforming to our current code base it adds the benefit of silencing errors in Coverity due to Coverity handling the macro's error path as abort.

40f6f225

2016-02-15T10:58:52

coverity: hint that string length is at least 2 When checking if a string is prefixed by a drive letter (e.g. "C:") we verify this by inspecting the first and second character of the string. Coverity thinks this is a defect as we do not check the string's length first, but in fact we only check the second character if the first character is part of the alphabet, that is it cannot be '\0'. Fix this by overriding the macro and explicitly checking the string's length.

5981ab1d

2016-02-15T09:41:08

coverity: add nodefs for abort macros Add nodefs for macros that abort the current flow due to errors. This includes macros that trigger on integer overflows and for the version check macro. This aids Coverity as we point out that these paths will cause a fatal error.

c1b75f05

2016-02-18T15:11:31

Merge pull request #3604 from ethomson/nsec_xplat Handle `USE_NSECS`

b85d0afd

2016-02-18T15:11:02

Merge pull request #3606 from ethomson/drop_xp win32: drop xp support in WideCharToMultiByte

5663d4f6

2016-02-18T12:31:56

Merge pull request #3613 from ethomson/fixups Remove most of the silly warnings

594a5d12

2016-02-18T12:28:06

Merge pull request #3619 from ethomson/win32_forbidden win32: allow us to read indexes with forbidden paths on win32

298d1b07

2016-02-18T11:44:04

Merge pull request #3621 from pra85/patch-1 Fix a typo

9c26f90c

2016-02-18T11:39:55

PROJECTS: remove a few things we do have

d50bf716

2016-02-18T13:26:08

Fix a typo `compatability` → `compatibility`

318b825e

2016-02-16T17:11:46

index: allow read of index w/ illegal entries Allow `git_index_read` to handle reading existing indexes with illegal entries. Allow the low-level `git_index_add` to add properly formed `git_index_entry`s even if they contain paths that would be illegal for the current filesystem (eg, `AUX`). Continue to disallow `git_index_add_bypath` from adding entries that are illegal universally illegal (eg, `.git`, `foo/../bar`).

4fea9cff

2016-02-16T13:08:55

iterator: assert tree_iterator has a frame Although a `tree_iterator` that failed to be properly created does not have a frame, all other `tree_iterator`s should. Do not call `pop` in the failure case, but assert that in all other cases there is a frame.

a218b2f6

2016-01-22T16:03:37

Validate pointer before access the member. When Git repository at network locations, sometimes git_iterator_for_tree fails at iterator__update_ignore_case so it goes to git_iterator_free. Null pointer will crash the process if not check. Signed-off-by: Colin Xu <colin.xu@gmail.com>

4be2aa57

2016-02-16T18:50:08

win32: tests around handling forbidden paths Introduce a repository that contains some paths that were illegal on PC-DOS circa 1981 (like `aux`, `con`, `com1`) and that in a bizarre fit of retrocomputing, remain illegal on some "modern" computers, despite being "new technology". Introduce some aspirational tests that suggest that we should be able to cope with trees and indexes that contain paths that would be illegal on the filesystem, so that we can at least diff them. Further ensure that checkout will not write a repository with forbidden paths.

474bd2c1

2016-02-16T14:45:32

Merge pull request #3617 from libgit2/cmn/extract-sig-errors commit: expose the different kinds of errors

eadd0f05

2016-02-16T14:06:48

commit: expose the different kinds of errors We should be checking whether the object we're looking up is a commit, and we should let the caller know whether the not-found return code comes from a bad object type or just a missing signature.

9ce0399c

2016-02-12T10:27:05

winhttp: use an unsigned iterator

3b2fa0fb

2016-02-12T10:25:50

submodule: explicitly cast to the teensy time value

b2ca8d9c

2016-02-12T10:22:54

index: explicitly cast the teeny index entry members

997e0301

2016-02-12T10:11:32

index: don't use `seek` return as an error code

9a634cba

2016-02-12T10:03:29

index: explicitly cast new hash size to an int

0d9a39ea

2016-02-12T10:02:18

win32: drop incorrect `const`ness

c4d23928

2016-02-11T15:41:07

fstat: use our custom `stat`

aadad405

2016-02-11T14:28:31

tree: zap warnings around `size_t` vs `uint16_t`

1aa14921

2016-02-16T08:54:43

Merge pull request #3615 from ethomson/rebase_bare rebase: persist a single in-memory index

f28bae0c

2016-02-15T17:16:00

rebase: persist a single in-memory index When performing an in-memory rebase, keep a single index for the duration, so that callers have the expected index lifecycle and do not hold on to an index that is free'd out from under them.

35439f59

2016-02-11T12:24:21

win32: introduce p_timeval that isn't stupid Windows defines `timeval` with `long`, which we cannot sanely cope with. Instead, use a custom timeval struct.

5a296ad0

2016-02-12T00:55:20

Merge pull request #3610 from ethomson/rebase_bare rebase: introduce bare rebasing

2f2129b1

2016-02-11T15:47:01

Merge pull request #3612 from arthurschreiber/arthur/fix-3173 Horrible fix for #3173.

3679ebae

2016-02-11T23:37:52

Horrible fix for #3173.

460ae11f

2016-02-11T22:19:20

commit: don't forget the last header field When we moved the logic to handle the first one, wrong loop logic was kept in place which meant we still finished early. But we now notice it because we're not reading past the last LF we find. This was not noticed before as the last field in the tested commit was multi-line which does not trigger the early break.

66ce08a6

2016-02-11T22:16:34

Merge pull request #3607 from pks-t/pks/coverity-improvements Coverity improvements for GITERR_CHECK_ALLOC

263e674e

2016-02-11T11:41:23

merge tests: correct casts

ad8aa112

2016-02-11T11:26:42

reset test: fix initialization warning

a202e0d4

2016-02-11T10:11:21

rebase: allow custom merge_options Allow callers of rebase to specify custom merge options. This may allow custom conflict resolution, or failing fast when conflicts are detected.

ee667307

2016-02-11T10:48:48

rebase: introduce inmemory rebasing Introduce the ability to rebase in-memory or in a bare repository. When `rebase_options.inmemory` is specified, the resultant `git_rebase` session will not be persisted to disk. Callers may still analyze the rebase operations, resolve any conflicts against the in-memory index and create the commits. Neither `HEAD` nor the working directory will be updated during this process.

50174ab4

2016-02-10T11:06:23

coverity: use https URL for posting build When posting our instrumented build results to Coverity we have to include sensitive information, in particular our authorization token. Currently we use an unencrypted channel to post this information, leading to the token being transferred in plain. Fix this by using a secured connection instead.

8dddea42

2016-02-10T10:59:14

coverity: provide nodef for GITERR_CHECK_ALLOC Coverity currently lists a lot of errors with regard to GITERR_CHECK_ALLOC causing resource leaks. We know this macro is only invoked when we want to abort because we are out of memory. Coverity allows for overriding the default model where we know that certain functions guarantee a desired behavior. The user_nodefs.h is used to override the behavior of macros. Re-define GITERR_CHECK_ALLOC inside of it to specify its abort nature.

82abd40d

2016-02-07T13:35:16

filter: clean up documentation around custom filters

494e61b8

2016-02-09T17:44:59

win32: drop xp support in WideCharToMultiByte

9447b9e5

2016-02-09T10:40:33

xplat: use st_mtimespec everywhere on mac

488e2b85

2016-02-09T16:26:58

Merge pull request #3599 from libgit2/gpgsign Introduce git_commit_extract_signature

534cc5a3

2016-02-09T16:10:43

Merge pull request #3603 from pks-t/pks/coverity-fixes Coverity fixes

a65afb75

2016-02-08T18:51:13

Introduce git_commit_extract_signature This returns the GPG signature for a commit and its contents without the signature block, allowing for the verification of the commit's signature.

ab87cb18

2016-02-09T14:53:10

Merge pull request #3602 from libgit2/cmn/header-field-2 commit: also match the first header field when searching

24b8ed2b

2016-02-09T11:11:38

attr_file: fix resource leak

e2625457

2016-02-09T11:07:50

checkout: fix resource leak

thodg/libgit2

Log