|
68729289
|
2019-02-25T09:25:34
|
|
Merge pull request #5000 from augfab/branch_lookup_all
Have git_branch_lookup accept GIT_BRANCH_ALL
|
|
0a25141e
|
2019-02-21T21:42:25
|
|
branch: add test for git_branch_lookup to accept GIT_BRANCH_ALL
|
|
a1ef995d
|
2019-02-21T10:33:30
|
|
indexer: use git_indexer_progress throughout
Update internal usage of `git_transfer_progress` to
`git_indexer_progreses`.
|
|
4069f924
|
2019-02-22T10:56:08
|
|
Merge pull request #4901 from pks-t/pks/uniform-map-api
High-level map APIs
|
|
554b3b9a
|
2019-02-21T10:31:21
|
|
Merge pull request #4996 from eaigner/master
Prevent reading out of bounds memory
|
|
966b9440
|
2019-02-21T08:30:22
|
|
tests: apply: verify that we correctly truncate the source buffer
Previously, we would fail to correctly truncate the source buffer
if the source has more than one line and ends with a non-newline
character. In the following call, we thus truncate the source
string in the middle of the second line. Without the bug fixed,
we would successfully apply the patch to the source and return
success. With the overflow being fixed, we should return an
error now.
|
|
6b3730d4
|
2019-02-16T19:55:30
|
|
Fix a memory leak in odb_otype_fast()
This change frees a copy of a cached object in odb_otype_fast().
|
|
bd66925a
|
2018-12-01T10:29:32
|
|
oidmap: remove legacy low-level interface
Remove the low-level interface that was exposing implementation details of
`git_oidmap` to callers. From now on, only the high-level functions shall be
used to retrieve or modify values of a map. Adjust remaining existing callers.
|
|
fdfabdc4
|
2018-12-01T09:49:10
|
|
strmap: remove legacy low-level interface
Remove the low-level interface that was exposing implementation details of
`git_strmap` to callers. From now on, only the high-level functions shall be
used to retrieve or modify values of a map. Adjust remaining existing callers.
|
|
2e0a3048
|
2019-01-23T10:48:55
|
|
oidmap: introduce high-level setter for key/value pairs
Currently, one would use either `git_oidmap_insert` to insert key/value pairs
into a map or `git_oidmap_put` to insert a key only. These function have
historically been macros, which is why their syntax is kind of weird: instead of
returning an error code directly, they instead have to be passed a pointer to
where the return value shall be stored. This does not match libgit2's common
idiom of directly returning error codes.Furthermore, `git_oidmap_put` is tightly
coupled with implementation details of the map as it exposes the index of
inserted entries.
Introduce a new function `git_oidmap_set`, which takes as parameters the map,
key and value and directly returns an error code. Convert all trivial callers of
`git_oidmap_insert` and `git_oidmap_put` to make use of it.
|
|
9694ef20
|
2018-12-17T09:01:53
|
|
oidmap: introduce high-level getter for values
The current way of looking up an entry from a map is tightly coupled with the
map implementation, as one first has to look up the index of the key and then
retrieve the associated value by using the index. As a caller, you usually do
not care about any indices at all, though, so this is more complicated than
really necessary. Furthermore, it invites for errors to happen if the correct
error checking sequence is not being followed.
Introduce a new high-level function `git_oidmap_get` that takes a map and a key
and returns a pointer to the associated value if such a key exists. Otherwise,
a `NULL` pointer is returned. Adjust all callers that can trivially be
converted.
|
|
03555830
|
2019-01-23T10:44:33
|
|
strmap: introduce high-level setter for key/value pairs
Currently, one would use the function `git_strmap_insert` to insert key/value
pairs into a map. This function has historically been a macro, which is why its
syntax is kind of weird: instead of returning an error code directly, it instead
has to be passed a pointer to where the return value shall be stored. This does
not match libgit2's common idiom of directly returning error codes.
Introduce a new function `git_strmap_set`, which takes as parameters the map,
key and value and directly returns an error code. Convert all callers of
`git_strmap_insert` to make use of it.
|
|
ef507bc7
|
2019-01-23T10:44:02
|
|
strmap: introduce `git_strmap_get` and use it throughout the tree
The current way of looking up an entry from a map is tightly coupled with the
map implementation, as one first has to look up the index of the key and then
retrieve the associated value by using the index. As a caller, you usually do
not care about any indices at all, though, so this is more complicated than
really necessary. Furthermore, it invites for errors to happen if the correct
error checking sequence is not being followed.
Introduce a new high-level function `git_strmap_get` that takes a map and a key
and returns a pointer to the associated value if such a key exists. Otherwise,
a `NULL` pointer is returned. Adjust all callers that can trivially be
converted.
|
|
7e926ef3
|
2018-11-30T12:14:43
|
|
maps: provide a uniform entry count interface
There currently exist two different function names for getting the entry count
of maps, where offmaps offset and string maps use `num_entries` and OID maps use
`size`. In most programming languages with built-in map types, this is simply
called `size`, which is also shorter to type. Thus, this commit renames the
other two functions `num_entries` to match the common way and adjusts all
callers.
|
|
351eeff3
|
2019-01-23T10:42:46
|
|
maps: use uniform lifecycle management functions
Currently, the lifecycle functions for maps (allocation, deallocation, resize)
are not named in a uniform way and do not have a uniform function signature.
Rename the functions to fix that, and stick to libgit2's naming scheme of saying
`git_foo_new`. This results in the following new interface for allocation:
- `int git_<t>map_new(git_<t>map **out)` to allocate a new map, returning an
error code if we ran out of memory
- `void git_<t>map_free(git_<t>map *map)` to free a map
- `void git_<t>map_clear(git<t>map *map)` to remove all entries from a map
This commit also fixes all existing callers.
|
|
18cf5698
|
2018-12-01T09:37:40
|
|
maps: provide high-level iteration interface
Currently, our headers need to leak some implementation details of maps due to
their direct use of indices in the implementation of their foreach macros. This
makes it impossible to completely hide the map structures away, and also makes
it impossible to include the khash implementation header in the C files of the
respective map only.
This is now being fixed by providing a high-level iteration interface
`map_iterate`, which takes as inputs the map that shall be iterated over, an
iterator as well as the locations where keys and values shall be put into. For
simplicity's sake, the iterator is a simple `size_t` that shall initialized to
`0` on the first call. All existing foreach macros are then adjusted to make use
of this new function.
|
|
bda08397
|
2019-02-14T16:57:47
|
|
Merge pull request #4982 from pks-t/pks/worktree-add-bare-head
Enable creation of worktree from bare repo's default branch
|
|
48005936
|
2019-02-14T16:55:18
|
|
Merge pull request #4965 from hackworks/eliminate-check-for-keep-file
Allow bypassing check for '.keep' file
|
|
bf013fc0
|
2019-02-14T13:30:33
|
|
branch: fix `branch_is_checked_out` with bare repos
In a bare repository, HEAD usually points to the branch that is
considered the "default" branch. As the current implementation for
`git_branch_is_checked_out` only does a comparison of HEAD with the
branch that is to be checked, it will say that the branch pointed to by
HEAD in such a bare repo is checked out.
Fix this by skipping the main repo's HEAD when it is bare.
|
|
efb20825
|
2019-02-14T13:05:49
|
|
branches: introduce flag to skip enumeration of certain HEADs
Right now, the function `git_repository_foreach_head` will always
iterate over all HEADs of the main repository and its worktrees. In some
cases, it might be required to skip either of those, though. Add a flag
in preparation for the following commit that enables this behaviour.
|
|
788cd2d5
|
2019-02-14T13:49:35
|
|
branches: do not assert that the given ref is a branch
Libraries should use assert(3P) only very scarcely. First, we usually
shouldn't cause the caller of our library to abort in case where the
assert fails. Second, if code is compiled with -DNDEBUG, then the assert
will not be included at all.
In our `git_branch_is_checked_out` function, we have an assert that
verifies that the given reference parameter is non-NULL and in fact a
branch. While the first check is fine, the second is not. E.g. when
compiled with -DNDEBUG, we'd proceed and treat the given reference as a
branch in all cases.
Fix the issue by instead treating a non-branch reference as not being
checked out. This is the obvious solution, as references other than
branches cannot be directly checked out.
|
|
a0f87e16
|
2019-02-14T13:26:30
|
|
branches: add tests for `git_branch_is_checked_out`
We currently do not have any tests at all for the
`git_branch_is_checked_out` function. Add some basic ones.
|
|
24ac9e0c
|
2019-02-13T23:26:54
|
|
deprecation: ensure we GIT_EXTERN deprecated funcs
Although the error functions were deprecated, we did not properly mark
them as deprecated. We need to include the `deprecated.h` file in order
to ensure that the functions get their export attributes.
Similarly, do not define `GIT_DEPRECATE_HARD` within the library, or
those functions will also not get their export attributes. Define that
only on the tests and examples.
|
|
004a3398
|
2019-01-28T18:31:21
|
|
Allow bypassing check '.keep' files using libgit2 option 'GIT_OPT_IGNORE_PACK_KEEP_FILE_CHECK'
|
|
3fba5891
|
2019-01-20T23:53:33
|
|
test: cast to a char the zstream test
|
|
f25bb508
|
2019-01-20T23:52:50
|
|
index test: cast times explicitly
Cast actual filesystem data to the int32_t that index entries store.
|
|
826d9a4d
|
2019-01-25T09:43:20
|
|
Merge pull request #4858 from tiennou/fix/index-ext-read
index: preserve extension parsing errors
|
|
c951b825
|
2019-01-23T00:32:40
|
|
deprecation: define GIT_DEPRECATE_HARD internally
Ensure that we do not use any deprecated functions in the library
source, test code or examples.
|
|
9c5e05ad
|
2019-01-23T10:43:29
|
|
deprecation: move deprecated tests into their own file
Move the deprecated stream tests into their own compilation unit. This
will allow us to disable any preprocessor directives that apply to
deprecation just for these tests (eg, disabling `GIT_DEPRECATED_HARD`).
|
|
0bf7e043
|
2019-01-24T12:12:04
|
|
index: preserve extension parsing errors
Previously, we would clobber any extension-specific error message with
an "extension is truncated" message. This makes `read_extension`
correctly preserve those errors, takes responsibility for truncation
errors, and adds a new message with the actual extension signature for
unsupported mandatory extensions.
|
|
f673e232
|
2018-12-27T13:47:34
|
|
git_error: use new names in internal APIs and usage
Move to the `git_error` name in the internal API for error-related
functions.
|
|
f7416509
|
2019-01-20T20:15:31
|
|
Fix odb foreach to also close on positive error code
In include/git2/odb.h it states that callback can also return
positive value which should break looping.
Implementations of git_odb_foreach() and pack_backend__foreach()
did not respect that.
|
|
1758636b
|
2019-01-19T01:38:34
|
|
Merge pull request #4939 from libgit2/ethomson/git_ref
Move `git_ref_t` to `git_reference_t`
|
|
b2c2dc64
|
2019-01-19T01:36:40
|
|
Merge pull request #4940 from libgit2/ethomson/git_obj
More `git_obj` to `git_object` updates
|
|
c352e561
|
2019-01-19T01:34:21
|
|
Merge pull request #4943 from libgit2/ethomson/ci
ci: only run invasive tests in nightly
|
|
423d3e73
|
2019-01-19T00:08:05
|
|
ci: precisely identify the invasive tests
|
|
abe23675
|
2019-01-17T20:09:05
|
|
Merge pull request #4925 from lhchavez/fix-a-bunch-of-warnings
Fix a bunch of warnings
|
|
cd350852
|
2019-01-17T10:40:13
|
|
object_type: GIT_OBJECT_BAD is now GIT_OBJECT_INVALID
We use the term "invalid" to refer to bad or malformed data, eg
`GIT_REF_INVALID` and `GIT_EINVALIDSPEC`. Since we're changing the
names of the `git_object_t`s in this release, update it to be
`GIT_OBJECT_INVALID` instead of `BAD`.
|
|
ed8cfbf0
|
2019-01-17T00:32:31
|
|
references: use new names in internal usage
Update internal usage to use the `git_reference` names for constants.
|
|
7a43a892
|
2019-01-15T00:42:14
|
|
Convert tests/resources/push.sh to LF endings
This changes that file to use UNIX line-endings, which makes sense since
this is a UNIXy file.
|
|
a653f967
|
2019-01-14T16:08:05
|
|
Get rid of some test files that were accidentally committed
|
|
35d86c77
|
2019-01-14T10:14:36
|
|
proxy: fix crash on remote connection with GIT_PROXY_AUTO but no proxy is detected
|
|
54ae0528
|
2019-01-14T01:25:05
|
|
tests: fix test expectation mismatch
|
|
1b4ba844
|
2019-01-11T11:53:54
|
|
ci: enable some of the invasive testcases
|
|
8b599528
|
2019-01-08T17:26:14
|
|
Fix Linux warnings
This change fixes -Wmaybe-uninitialized and -Wdeprecated-declarations
warnings on Linux builds
|
|
321d19c1
|
2019-01-06T08:36:06
|
|
Windows is hard.
|
|
b5e8272f
|
2019-01-06T08:29:56
|
|
Attempt at fixing the MingW64 compilation
It seems like MingW64's size_t is defined differently than in Linux.
|
|
7b453e7e
|
2019-01-05T22:12:48
|
|
Fix a bunch of warnings
This change fixes a bunch of warnings that were discovered by compiling
with `clang -target=i386-pc-linux-gnu`. It turned out that the
intrinsics were not necessarily being used in all platforms! Especially
in GCC, since it does not support __has_builtin.
Some more warnings were gleaned from the Windows build, but I stopped
when I saw that some third-party dependencies (e.g. zlib) have warnings
of their own, so we might never be able to enable -Werror there.
|
|
50d4688c
|
2019-01-04T13:41:50
|
|
tests: add missing asserts
CID 1398597, 1398598
|
|
9084712b
|
2019-01-03T12:01:52
|
|
Merge pull request #4904 from libgit2/ethomson/crlf
Update CRLF filtering to match modern git
|
|
e385e647
|
2018-12-19T12:08:17
|
|
checkout::crlf: ensure success
Wrap function calls in the `checkout::crlf` tests with `cl_git_pass`,
`cl_assert`, etc. to ensure that they're successful.
|
|
bc219657
|
2018-12-19T11:01:55
|
|
Merge pull request #4833 from csware/drop-empty-dirs
Remove empty (sub-)directories when deleting refs
|
|
0f299365
|
2018-12-14T14:29:36
|
|
annotated_commit: add failing test for looking up from annotated tag
|
|
2a9b0102
|
2015-01-23T14:16:34
|
|
Additional core.autocrlf and core.safecrlf tests
This is a cherry-pick of the tests from the following commits:
core.autocrlf=true and core.safecrlf=true did not fail on LF-only file as vanilla git does
Adding a CRLF-file with core.autocrlf=input and core.safecrlf=true does not fail as with vanilla git
Make files with #CR!=#CRLF not fail with core.safecrlf=true
Reported-by: Yue Lin Ho <b8732003@student.nsysu.edu.tw>
Signed-off-by: Sven Strickroth <email@cs-ware.de>
|
|
59b054cb
|
2018-12-03T13:54:32
|
|
index::crlf: better error reporting in core git tests
Don't simply fail when the expected output does not match the data in
the index; instead, provide a detailed output about the system, file,
and settings that caused the failure so that developers can better
isolate the problem(s).
|
|
021a08b0
|
2018-12-01T22:33:16
|
|
index::crlf: simplify test case
|
|
e417fd99
|
2015-07-01T17:00:16
|
|
crlf tests: use known-good data produced by git
Given a variety of combinations of core.autocrlf, core.safecrlf settings
and attributes settings, test that we add files to index the same way
(regarding OIDs and fatal errors) as a known-good test resource created
by git.git.
Signed-off-by: Sven Strickroth <email@cs-ware.de>
|
|
3d804063
|
2018-12-01T21:46:51
|
|
crlf_data: add corpus of known-good odb-filtered data
Use the crlf data scripts to produce a corpus of known-good data in
"git" format (aka ODB format) from a variety of files with different
line endings. `git` created these files running `git add` to stage the
contents then extracting the data from the repository.
We'll use these to ensure that we create identical contents when we add
files into the index.
|
|
a0ab90b8
|
2018-12-01T21:53:07
|
|
crlf: re-use existing crlf script to create odb
Re-use the existing crlf data generation script for creating the to-odb
dataset. Also, store the actual file contents instead of the ID so that
we can identify differences instead of detecting that differences exist.
|
|
9065160b
|
2015-07-01T16:55:06
|
|
crlf: script to generate expected crlf data for adding files to index
Include a shell script that will generate the expected data of OIDs and
failures for calling git.git to capture its output as a test resource.
Right now, there is no need to differentiate different systems as git behaves
the same on all systems IIRC.
Signed-off-by: Sven Strickroth <email@cs-ware.de>
|
|
c3169e6f
|
2018-12-01T19:59:41
|
|
checkout::crlf clear the crlf workdir for checkout
After sandboxing the crlf directory, remove the working directory
contents. This allows us to package data within the crlf directory
(for simplicity, this allows us to script the to-odb and to-workdir
crlf filter conversion data in a single location).
|
|
13a8bc92
|
2018-12-01T18:32:01
|
|
crlf_data: move to a "to_workdir" folder
Move the crlf_data folders reponsible for holding the state of the
filters going into the working directory to "to_workdir" variations of
the folder name to accommodate future growth into the "to odb" filter
variation. Update the script to create these new folders as appopriate.
|
|
168fe39b
|
2018-11-28T14:26:57
|
|
object_type: use new enumeration names
Use the new object_type enumeration names within the codebase.
|
|
18e71e6d
|
2018-11-28T13:31:06
|
|
index: use new enum and structure names
Use the new-style index names throughout our own codebase.
|
|
0ddc6094
|
2018-11-30T09:46:14
|
|
Merge pull request #4770 from tiennou/feature/merge-analysis-any-branch
Allow merge analysis against any reference
|
|
e7873eb2
|
2018-11-29T08:00:31
|
|
Merge pull request #4888 from TheBB/add-cb
revwalk: Allow changing hide_cb
|
|
487233fa
|
2018-11-29T07:21:41
|
|
Merge pull request #4895 from pks-t/pks/unused-warnings
Unused function warnings
|
|
a904fc6d
|
2018-11-28T20:31:30
|
|
Merge pull request #4870 from libgit2/ethomson/proxy
Add builtin proxy support for the http transport
|
|
02bb39f4
|
2018-11-22T08:49:09
|
|
stream registration: take an enum type
Accept an enum (`git_stream_t`) during custom stream registration that
indicates whether the registration structure should be used for standard
(non-TLS) streams or TLS streams.
|
|
df2cc108
|
2018-11-18T10:29:07
|
|
stream: provide generic registration API
Update the new stream registration API to be `git_stream_register`
which takes a registration structure and a TLS boolean. This allows
callers to register non-TLS streams as well as TLS streams.
Provide `git_stream_register_tls` that takes just the init callback for
backward compatibliity.
|
|
45054732
|
2018-10-29T10:45:59
|
|
tests: optionally ignore https cert validation
For testing, we may wish to use a man-in-the-middle proxy that can
inspect the CONNECT traffic to our test endpoints. For this, we will
need to accept the proxy's certificate, which will not be valid for the
true endpoint.
Add a new environment variable, GITTEST_REMOTE_SSL_NOVERIFY to disable
https certificate validation for the tests.
|
|
43b592ac
|
2018-10-25T08:49:01
|
|
tls: introduce a wrap function
Introduce `git_tls_stream_wrap` which will take an existing `stream`
with an already connected socket and begin speaking TLS on top of it.
This is useful if you've built a connection to a proxy server and you
wish to begin CONNECT over it to tunnel a TLS connection.
Also update the pluggable TLS stream layer so that it can accept a
registration structure that provides an `init` and `wrap` function,
instead of a single initialization function.
|
|
6ba3e6af
|
2018-11-18T21:53:48
|
|
proxy tests: rename credential callback
Rename credential callback to proxy_cred_cb to match new cert callback.
|
|
394ae7e1
|
2018-10-22T17:35:35
|
|
proxy tests: support self-signed proxy cert
Give the proxy tests a proxy certificate callback, and allow self-signed
certificates when the `GITTEST_REMOTE_PROXY_SELFSIGNED` environment
variable is set (to anything). In that case, simply compare the hostname
from the callback to the hostname that we connected to.
|
|
4ecc14cd
|
2018-10-21T23:47:53
|
|
tests: support optional PROXY_SCHEME
As we want to support HTTPS proxies, support an optional
`GITTEST_REMOTE_PROXY_SCHEME` environment variable for tests that will
allow for HTTPS support. (When unset, the tests default to HTTP
proxies.)
|
|
de60d9b4
|
2018-10-21T21:00:37
|
|
tests: PROXY_URL is more accurately PROXY_HOST
Change the `GITTEST_REMOTE_PROXY_URL` environment variable to be
`GITTEST_REMOTE_PROXY_HOST`, since it is a host:port combination, not an
actual URL. (We cannot use a URL here since we may want to include the
username:password combination in the constructed URL.)
|
|
2521e11c
|
2018-11-23T20:02:31
|
|
tests: mailmap: avoid definition of unused static variables
The mailmap testdata header contains a set of static variable
definitions. As these variables aren't used in all places where they are
used, they trigger the unused-const-variable warnings. As we have
currently disabled those warnings explicitly, they are never triggered,
but we intend to enable them.
Avoid the issue by only keeping variable definitions that are actually
used in all locations. Move the others to where they are used.
|
|
852bc9f4
|
2018-11-23T19:26:24
|
|
khash: remove intricate knowledge of khash types
Instead of using the `khiter_t`, `git_strmap_iter` and `khint_t` types,
simply use `size_t` instead. This decouples code from the khash stuff
and makes it possible to move the khash includes into the implementation
files.
|
|
bbf9f5a7
|
2018-11-21T11:20:14
|
|
tests: path: only compile test_canonicalize on Win32 platforms
The function `test_canonicalize` is only used on Win32 platforms. It will thus
result in an unused function warning if these warnings are enabled and one is on
a platform different than Win32.
Fix the issue by only compiling in the function on Win32 platforms.
|
|
14a9a4f3
|
2018-11-21T11:18:46
|
|
tests: move apply_helpers functions into own compilation unit
Currently, the "apply_helper" functions used for testing the apply logic are all
statically defined in the "apply_helpers.h" header file. This may lead to
warnings from the compiler in case where this header file is included, but not
all functions it brings along are used in the compilation unit where it has been
included into.
Fix these potential warnings by moving the implementation into its own
compilation unit "apply_helpers.c".
|
|
0836f069
|
2018-11-14T16:08:30
|
|
revwalk: Allow changing hide_cb
Since git_revwalk objects are encouraged to be reused, a public
interface for changing hide_cb is desirable.
|
|
43cbe6b7
|
2018-11-28T13:36:47
|
|
config: fix adding files if their parent directory is a file
When we try to add a configuration file with `git_config_add_file_ondisk`, we
treat nonexisting files as empty. We do this by performing a stat call, ignoring
ENOENT errors. This works just fine in case the file or any of its parents
simply does not exist, but there is also the case where any of the parent
directories is not a directory, but a file. So e.g. trying to add a
configuration file "/dev/null/.gitconfig" will fail, as `errno` will be ENOTDIR
instead of ENOENT.
Catch ENOTDIR in addition to ENOENT to fix the issue. Add a test that verifies
we are able to add configuration files with such an invalid path file just fine.
|
|
0e3e832d
|
2018-11-21T13:30:01
|
|
Merge pull request #4884 from libgit2/ethomson/index_iterator
index: introduce git_index_iterator
|
|
11d33df8
|
2018-11-18T23:39:43
|
|
Merge branch 'tiennou/fix/logallrefupdates-always'
|
|
e226ad8f
|
2018-11-17T17:55:10
|
|
refs: add support for core.logAllRefUpdates=always
Since we were not expecting this config entry to contain a string, we
would fail as soon as its (cached) value would be accessed. Hence,
provide some constants for the 4 states we use, and account for "always"
when we decide to reflog changes.
|
|
646a94be
|
2018-11-18T23:15:56
|
|
Merge pull request #4847 from noahp/noahp/null-arg-fixes
tests: 🌀 address two null argument instances
|
|
7321cff0
|
2018-11-15T09:17:51
|
|
Merge pull request #4713 from libgit2/ethomson/win_symlinks
Support symlinks on Windows when core.symlinks=true
|
|
c358bbc5
|
2018-11-12T17:22:47
|
|
index: introduce git_index_iterator
Provide a public git_index_iterator API that is backed by an index
snapshot. This allows consumers to provide a stable iteration even
while manipulating the index during iteration.
|
|
4209a512
|
2018-11-14T12:04:42
|
|
strntol: fix out-of-bounds reads when parsing numbers with leading sign
When parsing a number, we accept a leading plus or minus sign to return
a positive or negative number. When the parsed string has such a leading
sign, we set up a flag indicating that the number is negative and
advance the pointer to the next character in that string. This misses
updating the number of bytes in the string, though, which is why the
parser may later on do an out-of-bounds read.
Fix the issue by correctly updating both the pointer and the number of
remaining bytes. Furthermore, we need to check whether we actually have
any bytes left after having advanced the pointer, as otherwise the
auto-detection of the base may do an out-of-bonuds access. Add a test
that detects the out-of-bound read.
Note that this is not actually security critical. While there are a lot
of places where the function is called, all of these places are guarded
or irrelevant:
- commit list: this operates on objects from the ODB, which are always
NUL terminated any may thus not trigger the off-by-one OOB read.
- config: the configuration is NUL terminated.
- curl stream: user input is being parsed that is always NUL terminated
- index: the index is read via `git_futils_readbuffer`, which always NUL
terminates it.
- loose objects: used to parse the length from the object's header. As
we check previously that the buffer contains a NUL byte, this is safe.
- rebase: this parses numbers from the rebase instruction sheet. As the
rebase code uses `git_futils_readbuffer`, the buffer is always NUL
terminated.
- revparse: this parses a user provided buffer that is NUL terminated.
- signature: this parser the header information of objects. As objects
read from the ODB are always NUL terminated, this is a non-issue. The
constructor `git_signature_from_buffer` does not accept a length
parameter for the buffer, so the buffer needs to be NUL terminated, as
well.
- smart transport: the buffer that is parsed is NUL terminated
- tree cache: this parses the tree cache from the index extension. The
index itself is read via `git_futils_readbuffer`, which always NUL
terminates it.
- winhttp transport: user input is being parsed that is always NUL
terminated
|
|
fd4e3b21
|
2018-11-13T15:33:20
|
|
Merge pull request #4885 from pks-t/pks/apply-test-fixups
apply: small fixups in the test suite
|
|
cf83809b
|
2018-11-13T14:26:26
|
|
Merge pull request #4883 from pks-t/pks/signature-tz-oob
signature: fix out-of-bounds read when parsing timezone offset
|
|
f127ce35
|
2018-11-13T08:22:25
|
|
tests: address two null argument instances
Handle two null argument cases that occur in the unit tests.
One is in library code, the other is in test code.
Detected by running unit tests with undefined behavior sanitizer:
```bash
# build
mkdir build && cd build
cmake -DBUILD_CLAR=ON -DCMAKE_C_FLAGS="-fsanitize=address \
-fsanitize=undefined -fstack-usage -static-libasan" ..
cmake --build .
# run with asan
ASAN_OPTIONS="allocator_may_return_null=1" ./libgit2_clar
...
............../libgit2/src/apply.c:316:3: runtime error: null pointer \
passed as argument 1, which is declared to never be null
...................../libgit2/tests/apply/fromfile.c:46:3: runtime \
error: null pointer passed as argument 1, which is declared to never be null
```
|
|
afc64bcd
|
2018-11-13T14:13:40
|
|
tests: apply: fix reference to deprecated `git_buf_free`
Since commit 56ffdfc61 (buffer: deprecate `git_buf_free` in favor of
`git_buf_dispose`, 2018-02-08), the function `git_buf_free` is
deprecated and shall not be used anymore. As part of the new apply
framework that has been cooking for quite some time some new references
have been introduced to that deprecated function. Replace them with
calls to `git_buf_dispose`.
|
|
fe215153
|
2018-11-13T14:08:49
|
|
tests: apply: fix missing `cl_git_pass` wrappers
Some function calls in the new "apply" test suite were missing the
checks whether they succeeded as expected. Fix this by adding the
missing `cl_git_pass` wrappers.
|
|
20cb30b6
|
2018-11-13T13:40:17
|
|
Merge pull request #4667 from tiennou/feature/remote-create-api
Remote creation API
|
|
28239be3
|
2018-11-13T13:27:41
|
|
Merge pull request #4818 from pks-t/pks/index-collision
Index collision fixes
|
|
11fbead8
|
2018-11-11T16:40:56
|
|
Merge pull request #4705 from libgit2/ethomson/apply
Patch (diff) application
|
|
52f859fd
|
2018-11-09T19:32:08
|
|
signature: fix out-of-bounds read when parsing timezone offset
When parsing a signature's timezone offset, we first check whether there
is a timezone at all by verifying that there are still bytes left to
read following the time itself. The check thus looks like `time_end + 1
< buffer_end`, which is actually correct in this case. After setting the
timezone's start pointer to that location, we compute the remaining
bytes by using the formula `buffer_end - tz_start + 1`, re-using the
previous `time_end + 1`. But this is in fact missing the braces around
`(tz_start + 1)`, thus leading to an overestimation of the remaining
bytes by a length of two. In case of a non-NUL terminated buffer, this
will result in an overflow.
The function `git_signature__parse` is only used in two locations. First
is `git_signature_from_buffer`, which only accepts a string without a
length. The string thus necessarily has to be NUL terminated and cannot
trigger the issue.
The other function is `git_commit__parse_raw`, which can in fact trigger
the error as it may receive non-NUL terminated commit data. But as
objects read from the ODB are always NUL-terminated by us as a
cautionary measure, it cannot trigger the issue either.
In other words, this error does not have any impact on security.
|
|
4e746d80
|
2018-11-05T15:49:11
|
|
test: ensure applying a patch can't delete a file twice
|
|
f8b9493b
|
2018-11-05T15:46:08
|
|
apply: test re-adding a file after removing it
Ensure that we can add a file back after it's been removed. Update the
renamed/deleted validation in application to not apply to deltas that
are adding files to support this.
|