Log

Author Commit Date CI Message
Patrick Steinhardt 2baf854e 2016-02-22T16:08:56 openssl_stream: fix memory leak when creating new stream
Patrick Steinhardt 2afb6fa4 2016-02-22T16:05:13 rebase: plug memory leak in `rebase_alloc` Convert `rebase_alloc` to use our usual error propagation patterns, that is accept an out-parameter and return an error code that is to be checked by the caller. This allows us to use the GITERR_CHECK_ALLOC macro, which helps static analysis.
Patrick Steinhardt d0cb11e7 2016-02-22T16:01:03 remote: set error code in `create_internal` Set the error code when an error occurs in any of the called functions. This ensures we pass the error up to callers and actually free the remote when an error occurs.
Patrick Steinhardt 0f1e2d20 2016-02-23T11:23:26 index: fix contradicting comparison The overflow check in `read_reuc` tries to verify if the `git__strtol32` parses an integer bigger than UINT_MAX. The `tmp` variable is casted to an unsigned int for this and then checked for being greater than UINT_MAX, which obviously can never be true. Fix this by instead fixing the `mode` field's size in `struct git_index_reuc_entry` to `uint32_t`. We can now parse the int with `git__strtol64`, which can never return a value bigger than `UINT32_MAX`, and additionally checking if the returned value is smaller than zero. We do not need to handle overflows explicitly here, as `git__strtol64` returns an error when the returned value would overflow.
Patrick Steinhardt be8479c9 2016-02-22T14:01:50 diff_print: assert patch is non-NULL When invoking `diff_print_info_init_frompatch` it is obvious that the patch should be non-NULL. We explicitly check if the variable is set and continue afterwards, happily dereferencing the potential NULL-pointer. Fix this by instead asserting that patch is set. This also silences Coverity.
Patrick Steinhardt 859ed5dd 2016-02-23T09:54:26 common: introduce GITERR_CHECK_ALLOC_BUF We commonly have to check if a git_buf has been allocated correctly or if we ran out of memory. Introduce a new macro similar to `GITERR_CHECK_ALLOC` which checks if we ran OOM and if so returns an error. Provide a `#nodef` for Coverity to mark the error case as an abort path.
Patrick Steinhardt f2a554b4 2016-02-22T14:43:28 coverity: hint git_vector_foreach does not deref NULL contents Coverity does not comprehend the connection between a vector's size and the contents pointer, that is that the vector's pointer is non-NULL when its size is positive. As the vector code should be reasonably well tested and users are expected to not manually modify a vector's contents it seems save to assume that the macros will never dereference a NULL pointer. Fix Coverity warnings by overriding the foreach macros with macros that explicitly aborting when (v)->contents is NULL.
Patrick Steinhardt bac52ab0 2016-02-22T13:48:45 pack-objects: return early when computing write order fails The function `compute_write_order` may return a `NULL`-pointer when an error occurs. In such cases we jump to the `done`-label where we try to clean up allocated memory. Unfortunately we try to deallocate the `write_order` array, though, which may be NULL here. Fix this error by returning early instead of jumping to the `done` label. There is no data to be cleaned up anyway.
Patrick Steinhardt 7808c937 2016-02-22T15:59:15 index: plug memory leak in `read_conflict_names`
Patrick Steinhardt d1c9a48d 2016-02-23T10:45:09 pack-objects: check realloc in try_delta with GITERR_CHECK_ALLOC
Patrick Steinhardt 2129d6df 2016-02-22T13:33:48 crlf: do not ignore GIT_PASSTHROUGH error When no payload is set for `crlf_apply` we try to compute the crlf attributes ourselves with `crlf_check`. When the function determines that the current file does not require any treatment we return the GIT_PASSTHROUGH error code without actually allocating the out-pointer, which indicates the file should not be passed through the filter. The `crlf_apply` function explicitly checks for the GIT_PASSTHROUGH return code and ignores it. This means we will try to apply the crlf-filter to the current file, leading us to dereference the unallocated payload-pointer. Fix this obviously incorrect behavior by not treating GIT_PASSTHROUGH in any special way. This is the correct thing to do anyway, as the code indicates that the file should not be passed through the filter.
Patrick Steinhardt 003c5e46 2016-02-22T15:52:49 transports: smart_pkt: fix memory leaks on error paths
Patrick Steinhardt b9f28b8d 2016-02-23T10:09:03 refspec: check buffer with GITERR_CHECK_ALLOC_BUF
Patrick Steinhardt c5bd70d1 2016-02-23T11:48:30 revwalk: use GITERR_CHECK_ALLOC_BUF
Patrick Steinhardt 793e0855 2016-02-22T14:06:48 refdb_fs: remove unnecessary check for NULL The fail-label of `reflog_parse` explicitly checks the entry poitner for NULL before freeing it. When we jump to the label the variable has to be set to a non-NULL and valid pointer though: if the allocation fails we immediately return with an error code and if the loop was not entered we return with a success code, withouth executing the label's code. Remove the useless NULL-check to silence Coverity.
Patrick Steinhardt 6e2a3755 2016-02-23T11:45:43 smart_pkt: check buffer with GITERR_CHECK_ALLOC_BUF
Patrick Steinhardt 42c05ed5 2016-02-23T10:02:44 path: use GITERR_CHECK_ALLOC_BUF to verify passed in buffer
Vicent Marti fb96b28c 2016-02-23T08:16:12 Merge pull request #3629 from ethomson/set_user_agent_doc git_libgit2_opts: minor documentation & usage fixes
Edward Thomson 7bab2e8f 2016-02-22T23:04:40 git_libgit2_opts: validate key
Edward Thomson 5bc93eae 2016-02-22T22:26:01 git_libgit2_opts: document GIT_OPT_SET_USER_AGENT
Edward Thomson 305c4f95 2016-02-22T10:16:49 Merge pull request #3627 from libgit2/cmn/typo Fix a few checkout -> rebase typos
Carlos Martín Nieto 88ab3be6 2016-02-22T15:41:01 Fix a few checkout -> rebase typos
Carlos Martín Nieto c8fe6c09 2016-02-19T16:23:14 openssl: re-export the last-resort locking function We need to include the header where we define the function. Otherwise it won't be available on the DLL.
Carlos Martín Nieto f596946f 2016-02-19T13:52:04 CHANGELOG: add a few missing changes
Carlos Martín Nieto deecaa2e 2016-02-19T13:31:54 openssl: free the context even if we don't connect
Carlos Martín Nieto bf127eec 2016-02-19T13:24:41 global: remove an unused variable
Carlos Martín Nieto 78e16c34 2016-02-19T13:06:51 Merge pull request #3597 from ethomson/filter_registration Filter registration
Carlos Martín Nieto b643501d 2016-02-19T10:21:37 Merge pull request #3614 from pks-t/pks/coverity-fixes Coverity fixes
Patrick Steinhardt 038d7af0 2016-02-15T11:30:48 signature: use GITERR_CHECK_ALLOC to check for OOM situation When checking for out of memory situations we usually use the GITERR_CHECK_ALLOC macro. Besides conforming to our current code base it adds the benefit of silencing errors in Coverity due to Coverity handling the macro's error path as abort.
Patrick Steinhardt 40f6f225 2016-02-15T10:58:52 coverity: hint that string length is at least 2 When checking if a string is prefixed by a drive letter (e.g. "C:") we verify this by inspecting the first and second character of the string. Coverity thinks this is a defect as we do not check the string's length first, but in fact we only check the second character if the first character is part of the alphabet, that is it cannot be '\0'. Fix this by overriding the macro and explicitly checking the string's length.
Patrick Steinhardt 5981ab1d 2016-02-15T09:41:08 coverity: add nodefs for abort macros Add nodefs for macros that abort the current flow due to errors. This includes macros that trigger on integer overflows and for the version check macro. This aids Coverity as we point out that these paths will cause a fatal error.
Patrick Steinhardt 8a62bf11 2016-02-15T11:28:33 netops: fix memory leak when an error occurs
Patrick Steinhardt b0f7512f 2016-02-15T11:46:10 transports: smart_pkt: fix memory leaks
Patrick Steinhardt 704554cd 2016-02-15T11:37:48 transports: smart: fix memory leak on OOM path
Carlos Martín Nieto c1b75f05 2016-02-18T15:11:31 Merge pull request #3604 from ethomson/nsec_xplat Handle `USE_NSECS`
Carlos Martín Nieto b85d0afd 2016-02-18T15:11:02 Merge pull request #3606 from ethomson/drop_xp win32: drop xp support in WideCharToMultiByte
Carlos Martín Nieto 5663d4f6 2016-02-18T12:31:56 Merge pull request #3613 from ethomson/fixups Remove most of the silly warnings
Carlos Martín Nieto 594a5d12 2016-02-18T12:28:06 Merge pull request #3619 from ethomson/win32_forbidden win32: allow us to read indexes with forbidden paths on win32
Carlos Martín Nieto 298d1b07 2016-02-18T11:44:04 Merge pull request #3621 from pra85/patch-1 Fix a typo
Carlos Martín Nieto 9c26f90c 2016-02-18T11:39:55 PROJECTS: remove a few things we do have
Prayag Verma d50bf716 2016-02-18T13:26:08 Fix a typo `compatability` → `compatibility`
Edward Thomson 318b825e 2016-02-16T17:11:46 index: allow read of index w/ illegal entries Allow `git_index_read` to handle reading existing indexes with illegal entries. Allow the low-level `git_index_add` to add properly formed `git_index_entry`s even if they contain paths that would be illegal for the current filesystem (eg, `AUX`). Continue to disallow `git_index_add_bypath` from adding entries that are illegal universally illegal (eg, `.git`, `foo/../bar`).
Edward Thomson 4fea9cff 2016-02-16T13:08:55 iterator: assert tree_iterator has a frame Although a `tree_iterator` that failed to be properly created does not have a frame, all other `tree_iterator`s should. Do not call `pop` in the failure case, but assert that in all other cases there is a frame.
Colin Xu a218b2f6 2016-01-22T16:03:37 Validate pointer before access the member. When Git repository at network locations, sometimes git_iterator_for_tree fails at iterator__update_ignore_case so it goes to git_iterator_free. Null pointer will crash the process if not check. Signed-off-by: Colin Xu <colin.xu@gmail.com>
Edward Thomson 4be2aa57 2016-02-16T18:50:08 win32: tests around handling forbidden paths Introduce a repository that contains some paths that were illegal on PC-DOS circa 1981 (like `aux`, `con`, `com1`) and that in a bizarre fit of retrocomputing, remain illegal on some "modern" computers, despite being "new technology". Introduce some aspirational tests that suggest that we should be able to cope with trees and indexes that contain paths that would be illegal on the filesystem, so that we can at least diff them. Further ensure that checkout will not write a repository with forbidden paths.
Carlos Martín Nieto 474bd2c1 2016-02-16T14:45:32 Merge pull request #3617 from libgit2/cmn/extract-sig-errors commit: expose the different kinds of errors
Carlos Martín Nieto eadd0f05 2016-02-16T14:06:48 commit: expose the different kinds of errors We should be checking whether the object we're looking up is a commit, and we should let the caller know whether the not-found return code comes from a bad object type or just a missing signature.
Edward Thomson 9ce0399c 2016-02-12T10:27:05 winhttp: use an unsigned iterator
Edward Thomson 3b2fa0fb 2016-02-12T10:25:50 submodule: explicitly cast to the teensy time value
Edward Thomson b2ca8d9c 2016-02-12T10:22:54 index: explicitly cast the teeny index entry members
Edward Thomson 997e0301 2016-02-12T10:11:32 index: don't use `seek` return as an error code
Edward Thomson 9a634cba 2016-02-12T10:03:29 index: explicitly cast new hash size to an int
Edward Thomson 0d9a39ea 2016-02-12T10:02:18 win32: drop incorrect `const`ness
Edward Thomson c4d23928 2016-02-11T15:41:07 fstat: use our custom `stat`
Edward Thomson aadad405 2016-02-11T14:28:31 tree: zap warnings around `size_t` vs `uint16_t`
Carlos Martín Nieto 1aa14921 2016-02-16T08:54:43 Merge pull request #3615 from ethomson/rebase_bare rebase: persist a single in-memory index
Edward Thomson f28bae0c 2016-02-15T17:16:00 rebase: persist a single in-memory index When performing an in-memory rebase, keep a single index for the duration, so that callers have the expected index lifecycle and do not hold on to an index that is free'd out from under them.
Edward Thomson 35439f59 2016-02-11T12:24:21 win32: introduce p_timeval that isn't stupid Windows defines `timeval` with `long`, which we cannot sanely cope with. Instead, use a custom timeval struct.
Carlos Martín Nieto 5a296ad0 2016-02-12T00:55:20 Merge pull request #3610 from ethomson/rebase_bare rebase: introduce bare rebasing
Edward Thomson 2f2129b1 2016-02-11T15:47:01 Merge pull request #3612 from arthurschreiber/arthur/fix-3173 Horrible fix for #3173.
Arthur Schreiber 3679ebae 2016-02-11T23:37:52 Horrible fix for #3173.
Carlos Martín Nieto 460ae11f 2016-02-11T22:19:20 commit: don't forget the last header field When we moved the logic to handle the first one, wrong loop logic was kept in place which meant we still finished early. But we now notice it because we're not reading past the last LF we find. This was not noticed before as the last field in the tested commit was multi-line which does not trigger the early break.
Carlos Martín Nieto 66ce08a6 2016-02-11T22:16:34 Merge pull request #3607 from pks-t/pks/coverity-improvements Coverity improvements for GITERR_CHECK_ALLOC
Edward Thomson 263e674e 2016-02-11T11:41:23 merge tests: correct casts
Edward Thomson ad8aa112 2016-02-11T11:26:42 reset test: fix initialization warning
Edward Thomson a202e0d4 2016-02-11T10:11:21 rebase: allow custom merge_options Allow callers of rebase to specify custom merge options. This may allow custom conflict resolution, or failing fast when conflicts are detected.
Edward Thomson ee667307 2016-02-11T10:48:48 rebase: introduce inmemory rebasing Introduce the ability to rebase in-memory or in a bare repository. When `rebase_options.inmemory` is specified, the resultant `git_rebase` session will not be persisted to disk. Callers may still analyze the rebase operations, resolve any conflicts against the in-memory index and create the commits. Neither `HEAD` nor the working directory will be updated during this process.
Patrick Steinhardt 50174ab4 2016-02-10T11:06:23 coverity: use https URL for posting build When posting our instrumented build results to Coverity we have to include sensitive information, in particular our authorization token. Currently we use an unencrypted channel to post this information, leading to the token being transferred in plain. Fix this by using a secured connection instead.
Patrick Steinhardt 8dddea42 2016-02-10T10:59:14 coverity: provide nodef for GITERR_CHECK_ALLOC Coverity currently lists a lot of errors with regard to GITERR_CHECK_ALLOC causing resource leaks. We know this macro is only invoked when we want to abort because we are out of memory. Coverity allows for overriding the default model where we know that certain functions guarantee a desired behavior. The user_nodefs.h is used to override the behavior of macros. Re-define GITERR_CHECK_ALLOC inside of it to specify its abort nature.
Edward Thomson 82abd40d 2016-02-07T13:35:16 filter: clean up documentation around custom filters
Edward Thomson 494e61b8 2016-02-09T17:44:59 win32: drop xp support in WideCharToMultiByte
Edward Thomson 9447b9e5 2016-02-09T10:40:33 xplat: use st_mtimespec everywhere on mac
Vicent Marti 488e2b85 2016-02-09T16:26:58 Merge pull request #3599 from libgit2/gpgsign Introduce git_commit_extract_signature
Carlos Martín Nieto 534cc5a3 2016-02-09T16:10:43 Merge pull request #3603 from pks-t/pks/coverity-fixes Coverity fixes
Carlos Martín Nieto a65afb75 2016-02-08T18:51:13 Introduce git_commit_extract_signature This returns the GPG signature for a commit and its contents without the signature block, allowing for the verification of the commit's signature.
Carlos Martín Nieto ab87cb18 2016-02-09T14:53:10 Merge pull request #3602 from libgit2/cmn/header-field-2 commit: also match the first header field when searching
Patrick Steinhardt 24b8ed2b 2016-02-09T11:11:38 attr_file: fix resource leak
Patrick Steinhardt e2625457 2016-02-09T11:07:50 checkout: fix resource leak
Patrick Steinhardt 39c9dd24 2016-02-09T10:53:30 pack-objects: fix memory leak in packbuilder_config
Patrick Steinhardt 0b2437bb 2016-02-09T10:43:28 pack-objects: fix memory leak in compute_write_order
Patrick Steinhardt a53d2e39 2016-02-09T09:58:56 pack: do not free passed in poiter on error The function `git_packfile_stream_open` tries to free the passed in stream when an error occurs. The only call site is `git_indexer_append`, though, which passes in the address of a stream struct which has not been allocated on the heap. Fix the issue by simply removing the call to free. In case of an error we did not allocate any memory yet and otherwise it should be the caller's responsibility to manage it's object's lifetime.
Carlos Martín Nieto f55eca16 2016-02-09T07:17:26 commit: also match the first header field when searching We were searching only past the first header field, which meant we were unable to find e.g. `tree` which is the first field. While here, make sure to set an error message in case we cannot find the field.
Carlos Martín Nieto e0bbe781 2016-02-09T06:41:02 Merge pull request #3598 from pks-t/pks/coverity-fixes Coverity fixes
Carlos Martín Nieto 463f5351 2016-02-09T06:26:21 Merge pull request #3601 from ethomson/merge_doc Better document `git_merge_commits` redux
Edward Thomson b00c959f 2016-02-08T17:55:22 Better document `git_merge_commits` redux `git_merge_commits` and `git_merge` now *do* handle recursive base building for criss-cross merges. Remove the documentation that says that they do not. This reverts commit 5e44d9bcb6d5b20922f49b1913723186f8ced8b5.
Edward Thomson 7cdbb39e 2016-02-08T17:14:43 Merge pull request #3600 from ethomson/mailmap mailmap: add ethomson@github.com
Edward Thomson 88a4d084 2016-02-02T14:50:35 mailmap: add ethomson@github.com
Edward Thomson 2ed855a9 2016-02-07T13:16:30 filter: avoid races during filter registration Previously we would set the global filter registry structure before adding filters to the structure, without a lock, which is quite racy. Now, register default filters during global registration and use an rwlock to read and write the filter registry (as appopriate).
Edward Thomson 6e0fc1a6 2016-02-07T14:10:38 mingw: use gcc-like memory barrier Use the gcc-like memory barrier (__sync_synchronize) on mingw.
Edward Thomson 8a6d6677 2016-02-08T16:14:03 global: make openssl registration like the rest
Edward Thomson bad2702c 2016-02-06T11:25:47 global: refactor setup and cleanup Move the common initialization and cleanup methods to reduce unnecessary duplication.
Patrick Steinhardt a001846b 2016-02-08T17:05:57 curl_stream: fix unused cert infos When copying contents of the cURL certiinfo we duplicate the data but forget to actually put it into the vector.
Patrick Steinhardt fac42ff9 2016-02-08T16:58:08 merge: fix memory leak
Carlos Martín Nieto 0f814deb 2016-02-06T16:41:59 Merge pull request #3592 from ethomson/code_of_conduct Introduce Contributor Covenant
Carlos Martín Nieto 240b6fed 2016-02-05T15:19:24 Merge pull request #3578 from bubaflub/fix_small_memory_leak Free allocated pointer to curl stream on error
Edward Thomson efa8208c 2016-02-05T09:37:40 Merge pull request #3579 from ethomson/mingw_winhttp winhttp: name mangle class / iid on mingw
Edward Thomson 45165b12 2016-02-04T16:43:23 Merge pull request #3584 from jbreeden/export_fn Export git_stash_apply_init_options
Edward Thomson d8f72159 2016-02-04T15:49:00 Merge pull request #3594 from Ephemera/patch-1 Fix typo
Ephemera 804bcd6b 2016-02-05T01:59:07 Fix typo
Edward Thomson 612f2a60 2016-02-04T08:43:47 Merge pull request #3593 from nvanheuverzwijn/patch-1 Fix a typo in documentation