tests


Log

Author Commit Date CI Message
Patrick Steinhardt 7655b2d8 2018-10-19T10:29:19 commit: fix reading out of bounds when parsing encoding The commit message encoding is currently being parsed by the `git__prefixcmp` function. As this function does not accept a buffer length, it will happily skip over a buffer's end if it is not `NUL` terminated. Fix the issue by using `git__prefixncmp` instead. Add a test that verifies that we are unable to parse the encoding field if it's cut off by the supplied buffer length.
Patrick Steinhardt c2e3d8ef 2018-10-25T12:01:18 tests: add tests that exercise commit parsing We currently do not have any test suites dedicated to parsing commits from their raw representations. Add one based on `git_object__from_raw` to be able to test special cases more easily.
Patrick Steinhardt 4c738e56 2018-10-19T09:44:14 tests: add tests that exercise tag parsing While the tests in object::tag::read exercises reading and parsing valid tags from the ODB, they barely try to verify that the parser fails in a sane way when parsing invalid tags. Create a new test suite object::tag::parse that directly exercise the parser by using `git_object__from_raw` and add various tests for valid and invalid tags.
Patrick Steinhardt ee11d47e 2018-10-19T09:47:50 tag: fix out of bounds read when searching for tag message When parsing tags, we skip all unknown fields that appear before the tag message. This skipping is done by using a plain `strstr(buffer, "\n\n")` to search for the two newlines that separate tag fields from tag message. As it is not possible to supply a buffer length to `strstr`, this call may skip over the buffer's end and thus result in an out of bounds read. As `strstr` may return a pointer that is out of bounds, the following computation of `buffer_end - buffer` will overflow and result in an allocation of an invalid length. Fix the issue by using `git__memmem` instead. Add a test that verifies parsing the tag fails not due to the allocation failure but due to the tag having no message.
Patrick Steinhardt 83e8a6b3 2018-10-18T16:08:46 util: provide `git__memmem` function Unfortunately, neither the `memmem` nor the `strnstr` functions are part of any C standard but are merely extensions of C that are implemented by e.g. glibc. Thus, there is no standardized way to search for a string in a block of memory with a limited size, and using `strstr` is to be considered unsafe in case where the buffer has not been sanitized. In fact, there are some uses of `strstr` in exactly that unsafe way in our codebase. Provide a new function `git__memmem` that implements the `memmem` semantics. That is in a given haystack of `n` bytes, search for the occurrence of a byte sequence of `m` bytes and return a pointer to the first occurrence. The implementation chosen is the "Not So Naive" algorithm from [1]. It was chosen as the implementation is comparably simple while still being reasonably efficient in most cases. Preprocessing happens in constant time and space, searching has a time complexity of O(n*m) with a slightly sub-linear average case. [1]: http://www-igm.univ-mlv.fr/~lecroq/string/
Patrick Steinhardt 814e7acb 2018-10-12T12:38:06 Merge pull request #4842 from nelhage/fuzz-config-memory config: Port config_file_fuzzer to the new in-memory backend.
Nelson Elhage 2d449a11 2018-10-09T02:42:14 config: Refactor `git_config_backend_from_string` to take a length
Edward Thomson 838a2f29 2018-10-07T12:00:48 Merge pull request #4828 from csware/git_futils_rmdir_r_failing Add some more tests for git_futils_rmdir_r and some cleanup
Edward Thomson 0cd976c8 2018-10-07T12:00:06 Merge pull request #4830 from pks-t/pks/diff-stats-rename-common diff_stats: use git's formatting of renames with common directories
Patrick Steinhardt a8d447f6 2018-10-05T20:13:34 Merge pull request #4837 from pks-t/cmn/reject-option-submodule-url-path submodule: ignore path and url attributes if they look like options
Patrick Steinhardt ce8803a2 2018-10-05T20:03:38 Merge pull request #4836 from pks-t/pks/smart-packets Smart packet security fixes
Patrick Steinhardt 84d6f439 2018-10-05T19:53:22 Merge pull request #4832 from pks-t/pks/config-includes-null-deref config_file: properly ignore includes without "path" value
Carlos Martín Nieto 4e0bdaa8 2018-10-05T11:42:00 submodule: add failing test for option-injection protection in url and path
Patrick Steinhardt ad273718 2018-10-04T10:32:07 tests: sanitize file hierarchy after running rmdir tests Currently, we do not clean up after ourselves after tests in core::rmdir have created new files in the directory hierarchy. This may leave stale files and/or directories after having run tests, confusing subsequent tests that expect a pristine test environment. Most importantly, it may cause the test initialization to fail which expects being able to re-create the testing hierarchy before each test in case where another test hasn't cleaned up after itself. Fix the issue by adding a cleanup function that removes the temporary testing hierarchy after each test if it still exists.
Sven Strickroth e886ab46 2018-10-02T19:50:29 tests: Add some more tests for git_futils_rmdir_r Signed-off-by: Sven Strickroth <email@cs-ware.de>
Patrick Steinhardt d06d4220 2018-10-05T10:56:02 config_file: properly ignore includes without "path" value In case a configuration includes a key "include.path=" without any value, the generated configuration entry will have its value set to `NULL`. This is unexpected by the logic handling includes, and as soon as we try to calculate the included path we will unconditionally dereference that `NULL` pointer and thus segfault. Fix the issue by returning early in both `parse_include` and `parse_conditional_include` in case where the `file` argument is `NULL`. Add a test to avoid future regression. The issue has been found by the oss-fuzz project, issue 10810.
Patrick Steinhardt bf662f7c 2018-10-05T10:55:29 tests: always unlink created config files While our tests in config::include create a plethora of configuration files, most of them do not get removed at the end of each test. This can cause weird interactions with tests that are being run at a later stage if these later tests try to create files or directories with the same name as any of the created configuration files. Fix the issue by unlinking all created files at the end of these tests.
Patrick Steinhardt dbb4a586 2018-10-05T10:27:33 tests: fix warning for implicit conversion of integer to pointer GCC warns by default when implicitly converting integers to pointers or the other way round, and commit fa48d2ea7 (vector: do not malloc 0-length vectors on dup, 2018-09-26) introduced such an implicit conversion into our vector tests. While this is totally fine in this test, as the pointer's value is never being used in the first place, we can trivially avoid the warning by instead just inserting a pointer for a variable allocated on the stack into the vector.
Patrick Steinhardt e5090ee3 2018-10-04T11:19:28 diff_stats: use git's formatting of renames with common directories In cases where a file gets renamed such that the directories containing it previous and after the rename have a common prefix, then git will avoid printing this prefix twice and instead format the rename as "prefix/{old => new}". We currently didn't do anything like that, but simply printed "prefix/old -> prefix/new". Adjust our behaviour to instead match upstream. Adjust the test for this behaviour to expect the new format.
Patrick Steinhardt 3148efd2 2018-10-04T11:13:57 tests: verify diff stats with renames in subdirectory Until now, we didn't have any tests that verified that our format for renames in subdirectories is correct. While our current behaviour is no different than for renames that do not happen with a common prefix shared between old and new file name, we intend to change the format to instead match the format that upstream git uses. Add a test case for this to document our current behaviour and to show how the next commit will change that format.
Patrick Steinhardt 0b3dfbf4 2018-08-09T11:13:59 smart_pkt: reorder and rename parameters of `git_pkt_parse_line` The parameters of the `git_pkt_parse_line` function are quite confusing. First, there is no real indicator what the `out` parameter is actually all about, and it's not really clear what the `bufflen` parameter refers to. Reorder and rename the parameters to make this more obvious.
Patrick Steinhardt a9f1ca09 2018-08-09T11:01:00 smart_pkt: fix buffer overflow when parsing "ok" packets There are two different buffer overflows present when parsing "ok" packets. First, we never verify whether the line already ends after "ok", but directly go ahead and also try to skip the expected space after "ok". Second, we then go ahead and use `strchr` to scan for the terminating newline character. But in case where the line isn't terminated correctly, this can overflow the line buffer. Fix the issues by using `git__prefixncmp` to check for the "ok " prefix and only checking for a trailing '\n' instead of using `memchr`. This also fixes the issue of us always requiring a trailing '\n'. Reported by oss-fuzz, issue 9749: Crash Type: Heap-buffer-overflow READ {*} Crash Address: 0x6310000389c0 Crash State: ok_pkt git_pkt_parse_line git_smart__store_refs Sanitizer: address (ASAN)
Patrick Steinhardt bc349045 2018-08-09T10:38:10 smart_pkt: fix buffer overflow when parsing "ACK" packets We are being quite lenient when parsing "ACK" packets. First, we didn't correctly verify that we're not overrunning the provided buffer length, which we fix here by using `git__prefixncmp` instead of `git__prefixcmp`. Second, we do not verify that the actual contents make any sense at all, as we simply ignore errors when parsing the ACKs OID and any unknown status strings. This may result in a parsed packet structure with invalid contents, which is being silently passed to the caller. This is being fixed by performing proper input validation and checking of return codes.
Patrick Steinhardt 365d2720 2018-10-03T15:39:40 tests: verify parsing logic for smart packets The commits following this commit are about to introduce quite a lot of refactoring and tightening of the smart packet parser. Unfortunately, we do not yet have any tests despite our online tests that verify that our parser does not regress upon changes. This is doubly unfortunate as our online tests aren't executed by default. Add new tests that exercise the smart parsing logic directly by executing `git_pkt_parse_line`.
Edward Thomson 1621a37d 2018-09-29T13:22:59 Merge pull request #4812 from libgit2/ethomson/ci-refactor CI: refactoring
Carlos Martín Nieto 0530d7d9 2018-09-28T18:04:23 Merge pull request #4767 from pks-t/pks/config-mem In-memory configuration
Patrick Steinhardt b944e137 2018-08-10T13:03:33 config: rename "config_file.h" to "config_backend.h" The header "config_file.h" has a list of inline-functions to access the contents of a config backend without directly messing with the struct's function pointers. While all these functions are called "git_config_file_*", they are in fact completely backend-agnostic and don't care whether it is a file or not. Rename all the function to instead be backend-agnostic versions called "git_config_backend_*" and rename the header to match.
Patrick Steinhardt 2be39cef 2018-08-10T19:38:57 config: introduce new read-only in-memory backend Now that we have abstracted away how to store and retrieve config entries, it became trivial to implement a new in-memory backend by making use of this. And thus we do so. This commit implements a new read-only in-memory backend that can parse a chunk of memory into a `git_config_backend` structure.
Patrick Steinhardt ba1cd495 2018-09-28T11:10:49 Merge pull request #4784 from tiennou/fix/warnings Some warnings
Patrick Steinhardt 367f6243 2018-09-28T11:04:06 Merge pull request #4803 from tiennou/fix/4802 index: release the snapshot instead of freeing the index
Etienne Samson fa48d2ea 2018-09-26T19:15:35 vector: do not malloc 0-length vectors on dup
Etienne Samson be4717d2 2018-09-18T12:12:06 path: fix "comparison always true" warning
Edward Thomson e84914fd 2018-09-20T20:11:36 online::clone: free url and username before resetting Before resetting the url and username, ensure that we free them in case they were set by environment variables.
Edward Thomson 943181c2 2018-09-10T12:36:51 Revert "clar: introduce CLAR_XML option" This reverts commit a2d73f5643814cddf90d5bf489332e14ada89ab8. Using clar to propagate the XML settings was a mistake.
Edward Thomson d17e67d0 2018-09-08T18:54:21 clar: iterate errors in report_all / report_errors Instead of trying to have a clever iterator pattern that increments the error number, just iterate over errors in the report errors or report all functions as it's easier to reason about in this fashion.
Edward Thomson e595eeb5 2018-08-27T01:06:37 ci: use more compatible strftime formats Windows lacks %F and %T formats for strftime. Expand them to the year/month/day and hour/minute/second formats, respectively.
Edward Thomson b67a93ff 2018-09-04T14:00:49 clar: remove globals; error-check fprintf/fclose Remove the global summary filename and file pointer; pass them in to the summary functions as needed. Error check the results of buffered I/O calls.
Edward Thomson a2d73f56 2018-08-24T11:23:19 clar: introduce CLAR_XML option Introduce a CLAR_XML option, to run the `ctest` commands with the new `-r` flag to clar. Permitted values are `OFF`, `ON` and a directory to write the XML test results to.
Edward Thomson baa5c20d 2018-08-26T15:31:14 clar: accept a value for the summary filename Accept an (optional) value for the summary filename. Continues to default to summary.xml.
Edward Thomson dbebcb04 2018-08-26T15:25:15 clar: don't use a variable named `time`
Etienne Samson 59f1e477 2018-07-27T23:00:09 Barebones JUnit XML output
Etienne Samson 3a9b9631 2018-07-26T23:02:34 Documentation
Etienne Samson bf9fc126 2018-07-26T23:02:20 Isolate test reports This makes it possible to keep track of every test status (even successful ones), and their errors, if any.
Edward Thomson 90753a96 2018-08-26T15:11:21 clar: refactor explicitly run test behavior Previously, supplying `-s` to explicitly enable some test(s) would run the tests immediately from the argument parser. This forces us to set up the entire clar environment (for example: sandboxing) before argument parsing takes place. Refactor the behavior of `-s` to add the explicitly chosen tests to a list that is executed later. This untangles the argument parsing from the setup lifecycle, allowing us to use the arguments to perform the setup.
Edward Thomson 85eb2cb6 2018-08-26T11:33:42 Merge pull request #4727 from libgit2/cmn/null-oid-existing-tree tree: accept null ids in existing trees when updating
Edward Thomson 50186ce8 2018-08-26T11:26:45 Merge pull request #4374 from pks-t/pks/pack-file-verify Pack file verification
Edward Thomson fd7ab1d7 2018-08-24T09:47:09 Merge pull request #4776 from pks-t/pks/test-index-invalid-filemode tests: verify adding index conflicts with invalid filemodes fails
Patrick Steinhardt 503af775 2018-08-24T10:08:09 Merge pull request #4769 from tiennou/fix/worktree-unlock worktree: unlock should return 1 when the worktree isn't locked
Patrick Steinhardt 3a1f5df8 2018-08-24T09:15:29 tests: verify adding index conflicts with invalid filemodes fails Commit 581d5492f (Fix leak in index.c, 2018-08-16) was fixing a memory leak in our code adding conflicts to the index when the added index entries have an invalid file mode. The memory leak was previously undiscovered as there are no tests covering this scenario, which is now being added by this commit.
Edward Thomson cada553c 2018-08-19T15:54:10 Merge pull request #4754 from libgit2/ethomson/threads threads::diff: use separate git_repository objects
Edward Thomson 2afd0185 2018-08-19T12:57:29 threads::iterator: use separate repository objects Our thread policies state that we cannot re-use the `git_repository` across threads. Our tests cannot deviate from that. Courtesy of Ximin Luo, https://github.com/infinity0: https://github.com/libgit2/libgit2/issues/4753#issuecomment-412247757
Etienne Samson 59c2e70e 2018-08-17T00:51:51 worktree: unlock should return 1 when the worktree isn't locked The documentation states that git_worktree_unlock returns 0 on success, and 1 on success if the worktree wasn't locked. Turns out we were returning 0 in any of those cases.
Nelson Elhage 6698e056 2018-08-14T04:22:14 Fix the test and comment.
Nelson Elhage f1409500 2018-08-14T03:54:01 Write a test.
Edward Thomson d1919485 2018-08-05T11:01:14 threads::diff: use separate git_repository objects Our thread policies state that we cannot re-use the `git_repository` across threads. Our tests cannot deviate from that.
Carlos Martín Nieto f00db9ed 2018-07-27T12:00:37 tree: rename from_tree to validate and clarify the tree in the test
Edward Thomson 219512e7 2018-07-20T14:14:16 buf tests: allocate a smaller size for the oom On Linux (where we run valgrind) allocate a smaller buffer, but still an insanely large size. This will cause malloc to fail but will not cause valgrind to report a likely error with a negative-sized malloc. Keep the original buffer size on non-Linux platforms: this is well-tested on them and changing it may be problematic. On macOS, for example, using the new size causes `malloc` to print a warning to stderr.
Edward Thomson ce798b25 2018-07-04T10:56:56 tests: simplify cmake test configuration Simplify the names for the tests, removing the unnecessary "libgit2-clar" prefix. Make "all" the new default test run, and include the online tests by default (since HTTPS should always be enabled). For the CI tests, create an offline-only test, then the various online tests.
Edward Thomson d285de73 2018-07-20T21:52:24 push tests: deeply free the specs Don't just free the spec vector, also free the specs themselves.
Edward Thomson dad99881 2018-07-20T21:51:36 push tests: deeply free the push status Don't just free the push status structure, actually free the strings that were strdup'd into the struct as well.
Patrick Steinhardt 0652abaa 2018-07-20T12:56:49 Merge pull request #4702 from tiennou/fix/coverity Assorted Coverity fixes
Carlos Martín Nieto 2dff7e28 2018-07-18T21:04:13 tree: accept null ids in existing trees when updating When we add entries to a treebuilder we validate them. But we validate even those that we're adding because they exist in the base tree. This disables using the normal mechanisms on these trees, even to fix them. Keep track of whether the entry we're appending comes from an existing tree and bypass the name and id validation if it's from existing data.
Patrick Steinhardt e1a4a8eb 2018-06-25T11:58:34 cmake: enforce C90 standard While the aim of libgit2 was to conform to C90 code, we never instructed the compiler to enforce C90 compliance. Thus, quite a few violations were able to get into our code base, which have been removed with the previous commits. As we are now able to build libgit2 with C90 enforced, we can set the C_STANDARD property for our own build targets. Note that we explicitly avoid setting the C standard for our third-party dependencies. At least the zlib target does not build with C90 enforced, and we do not want to fix them by deviating from upstream. Thus we simply enforce no standard for them.
Patrick Steinhardt c13e56f9 2018-06-25T14:12:53 cmake: distinguish internal and system include directories While we want to enforce strict C90 mode, this may cause issues with system provided header files which are themselves not strictly conforming. E.g. if a system header has C++ style comments, a compiler in strict C90 mode would produce an error and abort the build. As the user most likely doesn't want to change the system header, this would completely break the build on such systems. One example of this is mbedtls, which provides such header files. The problem can be worked around by distinguishing between system-provided and project-provided include directories. When adding include directories via "-isystem" instead of "-I", the compiler will skip certain checks and print out less warnings. To use system includes, we can simply add the "SYSTEM" flag to CMake's `INCLUDE_DIRECTORIES` and `TARGET_INCLUDE_DIRECTORIES` functions. Note that we have to split the include directories into two variables because of this, as we definitely still want to check for all warnings produced by our own header files.
Patrick Steinhardt 9994cd3f 2018-06-25T11:56:52 treewide: remove use of C++ style comments C++ style comment ("//") are not specified by the ISO C90 standard and thus do not conform to it. While libgit2 aims to conform to C90, we did not enforce it until now, which is why quite a lot of these non-conforming comments have snuck into our codebase. Do a tree-wide conversion of all C++ style comments to the supported C style comments to allow us enforcing strict C90 compliance in a later commit.
Edward Thomson 6dfc8bc2 2018-07-09T23:10:05 Merge pull request #4719 from pks-t/pks/delta-oob Delta OOB access
Etienne Samson 89091d36 2018-07-06T20:24:21 tests: fix a relative pathname issue The path given to `git_index_add_bypath` is relative to the root of the repository. That `describe/file` path is relative to the root of the sandbox directory, hence if I add the missing `cl_git_pass` I rightfully get an error that `$SANDBOX/describe/describe/file doesn't exist`. The path is thus changed to be made relative to the repository, which makes the failure go away and "restore" the test.
Etienne Samson 8455a270 2018-07-01T12:04:27 tests: add missing cl_git_pass to tests Reported by Coverity, CID 1393678-1393697.
Etienne Samson 17bd3b96 2018-06-19T20:15:49 tests: mailmap/parsing: add a missing cl_git_pass Reported by Coverity, CID 1393483
Edward Thomson f4633791 2018-07-06T12:36:05 Merge pull request #4687 from tiennou/fix/4672 patch_parse: populate line numbers while parsing diffs
Patrick Steinhardt f2a1cece 2018-07-06T11:25:47 Merge pull request #4686 from tiennou/fix/more-worktree-from-bare Fix git_worktree_validate failing on bare repositories
Patrick Steinhardt 8a00de08 2018-07-06T10:47:06 Merge pull request #4699 from nelhage/fetch-null-dst git_refspec_transform: Handle NULL dst
Edward Thomson c43658f6 2018-06-30T13:24:23 Merge pull request #4536 from libgit2/ethomson/index_dirty Add a "dirty" state to the index when it has unsaved changes
Nelson Elhage ff8edac9 2018-06-29T16:18:36 formatting fix
Edward Thomson bfa1f022 2018-06-22T19:17:08 settings: optional unsaved index safety Add the `GIT_OPT_ENABLE_UNSAVED_INDEX_SAFETY` option, which will cause commands that reload the on-disk index to fail if the current `git_index` has changed that have not been saved. This will prevent users from - for example - adding a file to the index then calling a function like `git_checkout` and having that file be silently removed from the index since it was re-read from disk. Now calls that would re-read the index will fail if the index is "dirty", meaning changes have been made to it but have not been written. Users can either `git_index_read` to discard those changes explicitly, or `git_index_write` to write them.
Edward Thomson 787768c2 2018-06-22T19:07:54 index: return a unique error code on dirty index When the index is dirty, return GIT_EINDEXDIRTY so that consumers can identify the exact problem programatically.
Edward Thomson 5e26391a 2018-06-18T18:28:08 checkout: FORCE doesn't halt on dirty index If the index is dirty, allow `GIT_CHECKOUT_FORCE` to obliterate unsaved changes. This is in keeping with its name and description.
Edward Thomson b242cdbf 2017-11-17T00:19:07 index: commit the changes to the index properly Now that the index has a "dirty" state, where it has changes that have not yet been committed or rolled back, our tests need to be adapted to actually commit or rollback the changes instead of assuming that the index can be operated on in its indeterminate state.
Edward Thomson dc4a18c7 2017-11-12T08:23:13 index: test dirty index bit Test that any changes to the index will mark the index as dirty. Also ensure that when we initialize a new index, read the index contents from disk, or write the index contents to disk that we reset the dirty flag to zero. Further ensure that an unforced read with dirty contents (when the on-disk index has not changed) does _not_ reset the dirty flag as we have not updated the contents of our index and our unsaved contents remain intact.
Edward Thomson 55a96606 2018-06-18T16:14:26 checkout tests: validate GIT_CHECKOUT_NO_REFRESH Add tests that ensure that we re-read the on-disk image by default during checkout, but when the `GIT_CHECKOUT_NO_REFRESH` option is specified, we do _not_ re-read the index.
Etienne Samson 8356bf7e 2018-06-29T14:39:14 tests: worktree/bare: test some paths
Etienne Samson d0921127 2018-06-29T14:39:13 tests: add a helper to build sandbox subpaths quickly
Etienne Samson 83c35f7e 2018-06-29T14:39:11 tests: worktree/bare: fix git_worktree_validate
Etienne Samson bd40f0d7 2018-06-29T14:39:10 tests: worktree/bare: check git_worktree_list
Etienne Samson 7e3c13e0 2018-06-29T14:39:08 tests: worktree/bare: gather all tests
Patrick Steinhardt af3088e4 2018-06-29T11:45:15 refspec: rename `git_refspec__free` to `git_refspec__dispose` Since commit 630a67366 (refspec: add public parsing api, 2018-02-07), we now have two functions `git_refspec_free` and `git_refspec__free`. The difference is that the first one will free the structure itself, while the second one will only free the structure's contents. Use our new `dispose` naming pattern for the latter function to help avoid confusion.
Patrick Steinhardt 7192e26f 2018-06-29T09:43:33 Merge pull request #4519 from cynecx/refspec-parsing refspec: add public parsing api
Patrick Steinhardt 24597812 2018-06-29T09:11:02 delta: fix out-of-bounds read of delta When computing the offset and length of the delta base, we repeatedly increment the `delta` pointer without checking whether we have advanced past its end already, which can thus result in an out-of-bounds read. Fix this by repeatedly checking whether we have reached the end. Add a test which would cause Valgrind to produce an error. Reported-by: Riccardo Schirone <rschiron@redhat.com> Test-provided-by: Riccardo Schirone <rschiron@redhat.com>
Patrick Steinhardt 7db25870 2018-06-29T07:45:18 delta: fix sign-extension of big left-shift Our delta code was originally adapted from JGit, which itself adapted it from git itself. Due to this heritage, we inherited a bug from git.git in how we compute the delta offset, which was fixed upstream in 48fb7deb5 (Fix big left-shifts of unsigned char, 2009-06-17). As explained by Linus: Shifting 'unsigned char' or 'unsigned short' left can result in sign extension errors, since the C integer promotion rules means that the unsigned char/short will get implicitly promoted to a signed 'int' due to the shift (or due to other operations). This normally doesn't matter, but if you shift things up sufficiently, it will now set the sign bit in 'int', and a subsequent cast to a bigger type (eg 'long' or 'unsigned long') will now sign-extend the value despite the original expression being unsigned. One example of this would be something like unsigned long size; unsigned char c; size += c << 24; where despite all the variables being unsigned, 'c << 24' ends up being a signed entity, and will get sign-extended when then doing the addition in an 'unsigned long' type. Since git uses 'unsigned char' pointers extensively, we actually have this bug in a couple of places. In our delta code, we inherited such a bogus shift when computing the offset at which the delta base is to be found. Due to the sign extension we can end up with an offset where all the bits are set. This can allow an arbitrary memory read, as the addition in `base_len < off + len` can now overflow if `off` has all its bits set. Fix the issue by casting the result of `*delta++ << 24UL` to an unsigned integer again. Add a test with a crafted delta that would actually succeed with an out-of-bounds read in case where the cast wouldn't exist. Reported-by: Riccardo Schirone <rschiron@redhat.com> Test-provided-by: Riccardo Schirone <rschiron@redhat.com>
Edward Thomson 7330ae67 2018-06-26T10:45:57 index::addall tests: write the index When running `git_index_add_all`, we should write the index to disk so that we can re-read it safely during status.
Edward Thomson 08ea0d7d 2018-02-18T11:49:08 index::reuc tests: test that checkout succeeds The index::reuc tests must test that the checkout itself succeeds, otherwise subsequent tests are not valid. In fact, the checkouts were failing because when checking out `SAFE`, they cannot update the files that are in conflict. Change the checkout level to `FORCE` to ensure that they get updated correctly.
Edward Thomson c4ce017f 2018-02-18T22:27:34 index::names tests: add conflicts with high stages We add entries into the main index to correspond with the NAME entries that we're going to test. NAME entries store the results of conflicts occuring with rename detection during merge, and they must correspond to conflicts in the index. This test was mistakenly adding regular entries. The checkout validation failed, since it requires NAME entries to correspond to high-stage (conflict) entries. Correct the test to actually create conflicts.
Nelson Elhage 46c9f26f 2018-06-25T15:47:31 Add a test. Verified that this breaks before the fix and passes afterwards.
Nika Layzell 4fd81c53 2018-06-18T19:43:53 Clear revwalk sorting when resetting Currently we fail to clear the sorting flag for revwalks when resetting. This caused a poor interaction with the limited flag during a recent patch. This patch clears the revwalk sorting flag and causes it to no longer persist over resets.
cynecx 630a6736 2018-02-07T22:30:27 refspec: add public parsing api Fix typo Fix some type issues More fixes Address requested changes Add test Fix naming Fix condition and tests Address requested changes Fix typo
Patrick Steinhardt 65a4b06e 2017-11-12T10:43:28 tests: indexer: add test to exercise our connectivity checking The new connectivity tests are not currently being verified at all due to being turned off by default. Create two test cases for a pack file which fails our checks and one which suceeds.
Patrick Steinhardt c16556aa 2017-11-12T10:31:48 indexer: introduce options struct to `git_indexer_new` We strive to keep an options structure to many functions to be able to extend options in the future without breaking the API. `git_indexer_new` doesn't have one right now, but we want to be able to add an option for enabling strict packfile verification. Add a new `git_indexer_options` structure and adjust callers to use that.
Etienne Samson f9e28026 2018-06-18T20:37:18 patch_parse: populate line numbers while parsing diffs
Sven Strickroth b5818dda 2018-06-18T13:05:08 Fix last references to deprecated git_buf_free Signed-off-by: Sven Strickroth <email@cs-ware.de>
Nika Layzell f98131be 2018-06-17T00:40:25 Require the length argument to git_mailmap_from_buffer and make mailmap_add_buffer internal