tests


Log

Author Commit Date CI Message
Etienne Samson 0e69485e 2018-10-23T20:34:47 clar: provide a way to run some shell before exiting
Edward Thomson 7c791f3d 2018-10-20T20:25:51 Merge pull request #4852 from libgit2/ethomson/unc_paths Win32 path canonicalization refactoring
Edward Thomson 6cc14ae3 2018-10-20T20:22:04 Merge pull request #4840 from libgit2/cmn/validity-tree-from-unowned-index Check object existence when creating a tree from an index
Edward Thomson a2f9f94b 2018-10-20T20:18:04 Merge branch 'issue-4203'
Edward Thomson c79e6081 2018-10-20T19:08:16 checkout: fix test fixture missing objects The testrepo test fixture has an index file that's damaged, missing an object. The index previously had an entry of `src/index.c` with id 3161df8cbf3a006b4ef85be6497a0ea6bde98541, but that object was missing in the repository. This commit adds an object to the repository and updates the index to use that existing blob. Similarly, the index has an entry for `readme` with an id of 97328ac7e3bd0bcd3900cb3e7a624d71dd0df888. This can be restored from other test repositories. With these fixed, now the write tree from index tests can pass since they validate object existence.
Edward Thomson 16fd9ba9 2018-10-17T11:34:38 win32: more tests for `git_win32_remove_path`
Edward Thomson b2e85f98 2018-10-17T08:48:43 win32: rename `git_win32__canonicalize_path` The internal API `git_win32__canonicalize_path` is far, far too easily confused with the internal API `git_win32_path_canonicalize`. The former removes the namespace prefix from a path (eg, given `\\?\C:\Temp\foo`, it returns `C:\Temp\foo`, and given `\\?\UNC\server\share`, it returns `\\server\share`). As such, rename it to `git_win32_path_remove_namespace`. `git_win32_path_canonicalize` remains unchanged.
Carlos Martín Nieto 1cbc9604 2018-09-28T10:57:50 config: add failing test for no newline after section header
Patrick Steinhardt 814e7acb 2018-10-12T12:38:06 Merge pull request #4842 from nelhage/fuzz-config-memory config: Port config_file_fuzzer to the new in-memory backend.
Nelson Elhage 2d449a11 2018-10-09T02:42:14 config: Refactor `git_config_backend_from_string` to take a length
Carlos Martín Nieto fbc0dcda 2018-10-08T13:01:23 index: add failing test for writing an invalid tree from an unowned index When the index does not belong to any repository, we do not do any checks of the target id going in as we cannot verify that it exists. When we then write it out to a repository as a tree, we fail to perform the object existance and type-matching check that we do in other code-paths. This leads to being able to write trees which point to non-existent blobs even with strict object creation enabled.
Edward Thomson 838a2f29 2018-10-07T12:00:48 Merge pull request #4828 from csware/git_futils_rmdir_r_failing Add some more tests for git_futils_rmdir_r and some cleanup
Edward Thomson 0cd976c8 2018-10-07T12:00:06 Merge pull request #4830 from pks-t/pks/diff-stats-rename-common diff_stats: use git's formatting of renames with common directories
Patrick Steinhardt a8d447f6 2018-10-05T20:13:34 Merge pull request #4837 from pks-t/cmn/reject-option-submodule-url-path submodule: ignore path and url attributes if they look like options
Patrick Steinhardt ce8803a2 2018-10-05T20:03:38 Merge pull request #4836 from pks-t/pks/smart-packets Smart packet security fixes
Patrick Steinhardt 84d6f439 2018-10-05T19:53:22 Merge pull request #4832 from pks-t/pks/config-includes-null-deref config_file: properly ignore includes without "path" value
Carlos Martín Nieto 4e0bdaa8 2018-10-05T11:42:00 submodule: add failing test for option-injection protection in url and path
Patrick Steinhardt ad273718 2018-10-04T10:32:07 tests: sanitize file hierarchy after running rmdir tests Currently, we do not clean up after ourselves after tests in core::rmdir have created new files in the directory hierarchy. This may leave stale files and/or directories after having run tests, confusing subsequent tests that expect a pristine test environment. Most importantly, it may cause the test initialization to fail which expects being able to re-create the testing hierarchy before each test in case where another test hasn't cleaned up after itself. Fix the issue by adding a cleanup function that removes the temporary testing hierarchy after each test if it still exists.
Sven Strickroth e886ab46 2018-10-02T19:50:29 tests: Add some more tests for git_futils_rmdir_r Signed-off-by: Sven Strickroth <email@cs-ware.de>
Patrick Steinhardt d06d4220 2018-10-05T10:56:02 config_file: properly ignore includes without "path" value In case a configuration includes a key "include.path=" without any value, the generated configuration entry will have its value set to `NULL`. This is unexpected by the logic handling includes, and as soon as we try to calculate the included path we will unconditionally dereference that `NULL` pointer and thus segfault. Fix the issue by returning early in both `parse_include` and `parse_conditional_include` in case where the `file` argument is `NULL`. Add a test to avoid future regression. The issue has been found by the oss-fuzz project, issue 10810.
Patrick Steinhardt bf662f7c 2018-10-05T10:55:29 tests: always unlink created config files While our tests in config::include create a plethora of configuration files, most of them do not get removed at the end of each test. This can cause weird interactions with tests that are being run at a later stage if these later tests try to create files or directories with the same name as any of the created configuration files. Fix the issue by unlinking all created files at the end of these tests.
Patrick Steinhardt dbb4a586 2018-10-05T10:27:33 tests: fix warning for implicit conversion of integer to pointer GCC warns by default when implicitly converting integers to pointers or the other way round, and commit fa48d2ea7 (vector: do not malloc 0-length vectors on dup, 2018-09-26) introduced such an implicit conversion into our vector tests. While this is totally fine in this test, as the pointer's value is never being used in the first place, we can trivially avoid the warning by instead just inserting a pointer for a variable allocated on the stack into the vector.
Gabriel DeBacker 3f096ca5 2018-10-04T13:03:25 Fix comment style and update test code
Patrick Steinhardt e5090ee3 2018-10-04T11:19:28 diff_stats: use git's formatting of renames with common directories In cases where a file gets renamed such that the directories containing it previous and after the rename have a common prefix, then git will avoid printing this prefix twice and instead format the rename as "prefix/{old => new}". We currently didn't do anything like that, but simply printed "prefix/old -> prefix/new". Adjust our behaviour to instead match upstream. Adjust the test for this behaviour to expect the new format.
Patrick Steinhardt 3148efd2 2018-10-04T11:13:57 tests: verify diff stats with renames in subdirectory Until now, we didn't have any tests that verified that our format for renames in subdirectories is correct. While our current behaviour is no different than for renames that do not happen with a common prefix shared between old and new file name, we intend to change the format to instead match the format that upstream git uses. Add a test case for this to document our current behaviour and to show how the next commit will change that format.
Patrick Steinhardt 0b3dfbf4 2018-08-09T11:13:59 smart_pkt: reorder and rename parameters of `git_pkt_parse_line` The parameters of the `git_pkt_parse_line` function are quite confusing. First, there is no real indicator what the `out` parameter is actually all about, and it's not really clear what the `bufflen` parameter refers to. Reorder and rename the parameters to make this more obvious.
Patrick Steinhardt a9f1ca09 2018-08-09T11:01:00 smart_pkt: fix buffer overflow when parsing "ok" packets There are two different buffer overflows present when parsing "ok" packets. First, we never verify whether the line already ends after "ok", but directly go ahead and also try to skip the expected space after "ok". Second, we then go ahead and use `strchr` to scan for the terminating newline character. But in case where the line isn't terminated correctly, this can overflow the line buffer. Fix the issues by using `git__prefixncmp` to check for the "ok " prefix and only checking for a trailing '\n' instead of using `memchr`. This also fixes the issue of us always requiring a trailing '\n'. Reported by oss-fuzz, issue 9749: Crash Type: Heap-buffer-overflow READ {*} Crash Address: 0x6310000389c0 Crash State: ok_pkt git_pkt_parse_line git_smart__store_refs Sanitizer: address (ASAN)
Patrick Steinhardt bc349045 2018-08-09T10:38:10 smart_pkt: fix buffer overflow when parsing "ACK" packets We are being quite lenient when parsing "ACK" packets. First, we didn't correctly verify that we're not overrunning the provided buffer length, which we fix here by using `git__prefixncmp` instead of `git__prefixcmp`. Second, we do not verify that the actual contents make any sense at all, as we simply ignore errors when parsing the ACKs OID and any unknown status strings. This may result in a parsed packet structure with invalid contents, which is being silently passed to the caller. This is being fixed by performing proper input validation and checking of return codes.
Patrick Steinhardt 365d2720 2018-10-03T15:39:40 tests: verify parsing logic for smart packets The commits following this commit are about to introduce quite a lot of refactoring and tightening of the smart packet parser. Unfortunately, we do not yet have any tests despite our online tests that verify that our parser does not regress upon changes. This is doubly unfortunate as our online tests aren't executed by default. Add new tests that exercise the smart parsing logic directly by executing `git_pkt_parse_line`.
Gabriel DeBacker 8ab11dd5 2018-09-30T16:40:22 Fix issue with path canonicalization for Win32 paths
Edward Thomson 1621a37d 2018-09-29T13:22:59 Merge pull request #4812 from libgit2/ethomson/ci-refactor CI: refactoring
Carlos Martín Nieto 0530d7d9 2018-09-28T18:04:23 Merge pull request #4767 from pks-t/pks/config-mem In-memory configuration
Patrick Steinhardt 2be39cef 2018-08-10T19:38:57 config: introduce new read-only in-memory backend Now that we have abstracted away how to store and retrieve config entries, it became trivial to implement a new in-memory backend by making use of this. And thus we do so. This commit implements a new read-only in-memory backend that can parse a chunk of memory into a `git_config_backend` structure.
Patrick Steinhardt b944e137 2018-08-10T13:03:33 config: rename "config_file.h" to "config_backend.h" The header "config_file.h" has a list of inline-functions to access the contents of a config backend without directly messing with the struct's function pointers. While all these functions are called "git_config_file_*", they are in fact completely backend-agnostic and don't care whether it is a file or not. Rename all the function to instead be backend-agnostic versions called "git_config_backend_*" and rename the header to match.
Patrick Steinhardt ba1cd495 2018-09-28T11:10:49 Merge pull request #4784 from tiennou/fix/warnings Some warnings
Patrick Steinhardt 367f6243 2018-09-28T11:04:06 Merge pull request #4803 from tiennou/fix/4802 index: release the snapshot instead of freeing the index
Etienne Samson fa48d2ea 2018-09-26T19:15:35 vector: do not malloc 0-length vectors on dup
Etienne Samson be4717d2 2018-09-18T12:12:06 path: fix "comparison always true" warning
Edward Thomson e84914fd 2018-09-20T20:11:36 online::clone: free url and username before resetting Before resetting the url and username, ensure that we free them in case they were set by environment variables.
Edward Thomson 943181c2 2018-09-10T12:36:51 Revert "clar: introduce CLAR_XML option" This reverts commit a2d73f5643814cddf90d5bf489332e14ada89ab8. Using clar to propagate the XML settings was a mistake.
Edward Thomson d17e67d0 2018-09-08T18:54:21 clar: iterate errors in report_all / report_errors Instead of trying to have a clever iterator pattern that increments the error number, just iterate over errors in the report errors or report all functions as it's easier to reason about in this fashion.
Edward Thomson e595eeb5 2018-08-27T01:06:37 ci: use more compatible strftime formats Windows lacks %F and %T formats for strftime. Expand them to the year/month/day and hour/minute/second formats, respectively.
Edward Thomson b67a93ff 2018-09-04T14:00:49 clar: remove globals; error-check fprintf/fclose Remove the global summary filename and file pointer; pass them in to the summary functions as needed. Error check the results of buffered I/O calls.
Edward Thomson a2d73f56 2018-08-24T11:23:19 clar: introduce CLAR_XML option Introduce a CLAR_XML option, to run the `ctest` commands with the new `-r` flag to clar. Permitted values are `OFF`, `ON` and a directory to write the XML test results to.
Edward Thomson baa5c20d 2018-08-26T15:31:14 clar: accept a value for the summary filename Accept an (optional) value for the summary filename. Continues to default to summary.xml.
Edward Thomson dbebcb04 2018-08-26T15:25:15 clar: don't use a variable named `time`
Etienne Samson 59f1e477 2018-07-27T23:00:09 Barebones JUnit XML output
Etienne Samson 3a9b9631 2018-07-26T23:02:34 Documentation
Etienne Samson bf9fc126 2018-07-26T23:02:20 Isolate test reports This makes it possible to keep track of every test status (even successful ones), and their errors, if any.
Edward Thomson 90753a96 2018-08-26T15:11:21 clar: refactor explicitly run test behavior Previously, supplying `-s` to explicitly enable some test(s) would run the tests immediately from the argument parser. This forces us to set up the entire clar environment (for example: sandboxing) before argument parsing takes place. Refactor the behavior of `-s` to add the explicitly chosen tests to a list that is executed later. This untangles the argument parsing from the setup lifecycle, allowing us to use the arguments to perform the setup.
Edward Thomson 85eb2cb6 2018-08-26T11:33:42 Merge pull request #4727 from libgit2/cmn/null-oid-existing-tree tree: accept null ids in existing trees when updating
Edward Thomson 50186ce8 2018-08-26T11:26:45 Merge pull request #4374 from pks-t/pks/pack-file-verify Pack file verification
Edward Thomson fd7ab1d7 2018-08-24T09:47:09 Merge pull request #4776 from pks-t/pks/test-index-invalid-filemode tests: verify adding index conflicts with invalid filemodes fails
Patrick Steinhardt 503af775 2018-08-24T10:08:09 Merge pull request #4769 from tiennou/fix/worktree-unlock worktree: unlock should return 1 when the worktree isn't locked
Patrick Steinhardt 3a1f5df8 2018-08-24T09:15:29 tests: verify adding index conflicts with invalid filemodes fails Commit 581d5492f (Fix leak in index.c, 2018-08-16) was fixing a memory leak in our code adding conflicts to the index when the added index entries have an invalid file mode. The memory leak was previously undiscovered as there are no tests covering this scenario, which is now being added by this commit.
Edward Thomson cada553c 2018-08-19T15:54:10 Merge pull request #4754 from libgit2/ethomson/threads threads::diff: use separate git_repository objects
Edward Thomson 2afd0185 2018-08-19T12:57:29 threads::iterator: use separate repository objects Our thread policies state that we cannot re-use the `git_repository` across threads. Our tests cannot deviate from that. Courtesy of Ximin Luo, https://github.com/infinity0: https://github.com/libgit2/libgit2/issues/4753#issuecomment-412247757
Etienne Samson 59c2e70e 2018-08-17T00:51:51 worktree: unlock should return 1 when the worktree isn't locked The documentation states that git_worktree_unlock returns 0 on success, and 1 on success if the worktree wasn't locked. Turns out we were returning 0 in any of those cases.
Nelson Elhage 6698e056 2018-08-14T04:22:14 Fix the test and comment.
Nelson Elhage f1409500 2018-08-14T03:54:01 Write a test.
Edward Thomson d1919485 2018-08-05T11:01:14 threads::diff: use separate git_repository objects Our thread policies state that we cannot re-use the `git_repository` across threads. Our tests cannot deviate from that.
Carlos Martín Nieto f00db9ed 2018-07-27T12:00:37 tree: rename from_tree to validate and clarify the tree in the test
Edward Thomson 219512e7 2018-07-20T14:14:16 buf tests: allocate a smaller size for the oom On Linux (where we run valgrind) allocate a smaller buffer, but still an insanely large size. This will cause malloc to fail but will not cause valgrind to report a likely error with a negative-sized malloc. Keep the original buffer size on non-Linux platforms: this is well-tested on them and changing it may be problematic. On macOS, for example, using the new size causes `malloc` to print a warning to stderr.
Edward Thomson ce798b25 2018-07-04T10:56:56 tests: simplify cmake test configuration Simplify the names for the tests, removing the unnecessary "libgit2-clar" prefix. Make "all" the new default test run, and include the online tests by default (since HTTPS should always be enabled). For the CI tests, create an offline-only test, then the various online tests.
Edward Thomson d285de73 2018-07-20T21:52:24 push tests: deeply free the specs Don't just free the spec vector, also free the specs themselves.
Edward Thomson dad99881 2018-07-20T21:51:36 push tests: deeply free the push status Don't just free the push status structure, actually free the strings that were strdup'd into the struct as well.
Patrick Steinhardt 0652abaa 2018-07-20T12:56:49 Merge pull request #4702 from tiennou/fix/coverity Assorted Coverity fixes
Carlos Martín Nieto 2dff7e28 2018-07-18T21:04:13 tree: accept null ids in existing trees when updating When we add entries to a treebuilder we validate them. But we validate even those that we're adding because they exist in the base tree. This disables using the normal mechanisms on these trees, even to fix them. Keep track of whether the entry we're appending comes from an existing tree and bypass the name and id validation if it's from existing data.
Patrick Steinhardt e1a4a8eb 2018-06-25T11:58:34 cmake: enforce C90 standard While the aim of libgit2 was to conform to C90 code, we never instructed the compiler to enforce C90 compliance. Thus, quite a few violations were able to get into our code base, which have been removed with the previous commits. As we are now able to build libgit2 with C90 enforced, we can set the C_STANDARD property for our own build targets. Note that we explicitly avoid setting the C standard for our third-party dependencies. At least the zlib target does not build with C90 enforced, and we do not want to fix them by deviating from upstream. Thus we simply enforce no standard for them.
Patrick Steinhardt c13e56f9 2018-06-25T14:12:53 cmake: distinguish internal and system include directories While we want to enforce strict C90 mode, this may cause issues with system provided header files which are themselves not strictly conforming. E.g. if a system header has C++ style comments, a compiler in strict C90 mode would produce an error and abort the build. As the user most likely doesn't want to change the system header, this would completely break the build on such systems. One example of this is mbedtls, which provides such header files. The problem can be worked around by distinguishing between system-provided and project-provided include directories. When adding include directories via "-isystem" instead of "-I", the compiler will skip certain checks and print out less warnings. To use system includes, we can simply add the "SYSTEM" flag to CMake's `INCLUDE_DIRECTORIES` and `TARGET_INCLUDE_DIRECTORIES` functions. Note that we have to split the include directories into two variables because of this, as we definitely still want to check for all warnings produced by our own header files.
Patrick Steinhardt 9994cd3f 2018-06-25T11:56:52 treewide: remove use of C++ style comments C++ style comment ("//") are not specified by the ISO C90 standard and thus do not conform to it. While libgit2 aims to conform to C90, we did not enforce it until now, which is why quite a lot of these non-conforming comments have snuck into our codebase. Do a tree-wide conversion of all C++ style comments to the supported C style comments to allow us enforcing strict C90 compliance in a later commit.
Edward Thomson 6dfc8bc2 2018-07-09T23:10:05 Merge pull request #4719 from pks-t/pks/delta-oob Delta OOB access
Etienne Samson 89091d36 2018-07-06T20:24:21 tests: fix a relative pathname issue The path given to `git_index_add_bypath` is relative to the root of the repository. That `describe/file` path is relative to the root of the sandbox directory, hence if I add the missing `cl_git_pass` I rightfully get an error that `$SANDBOX/describe/describe/file doesn't exist`. The path is thus changed to be made relative to the repository, which makes the failure go away and "restore" the test.
Etienne Samson 8455a270 2018-07-01T12:04:27 tests: add missing cl_git_pass to tests Reported by Coverity, CID 1393678-1393697.
Etienne Samson 17bd3b96 2018-06-19T20:15:49 tests: mailmap/parsing: add a missing cl_git_pass Reported by Coverity, CID 1393483
Edward Thomson f4633791 2018-07-06T12:36:05 Merge pull request #4687 from tiennou/fix/4672 patch_parse: populate line numbers while parsing diffs
Patrick Steinhardt f2a1cece 2018-07-06T11:25:47 Merge pull request #4686 from tiennou/fix/more-worktree-from-bare Fix git_worktree_validate failing on bare repositories
Patrick Steinhardt 8a00de08 2018-07-06T10:47:06 Merge pull request #4699 from nelhage/fetch-null-dst git_refspec_transform: Handle NULL dst
Edward Thomson c43658f6 2018-06-30T13:24:23 Merge pull request #4536 from libgit2/ethomson/index_dirty Add a "dirty" state to the index when it has unsaved changes
Nelson Elhage ff8edac9 2018-06-29T16:18:36 formatting fix
Edward Thomson bfa1f022 2018-06-22T19:17:08 settings: optional unsaved index safety Add the `GIT_OPT_ENABLE_UNSAVED_INDEX_SAFETY` option, which will cause commands that reload the on-disk index to fail if the current `git_index` has changed that have not been saved. This will prevent users from - for example - adding a file to the index then calling a function like `git_checkout` and having that file be silently removed from the index since it was re-read from disk. Now calls that would re-read the index will fail if the index is "dirty", meaning changes have been made to it but have not been written. Users can either `git_index_read` to discard those changes explicitly, or `git_index_write` to write them.
Edward Thomson 787768c2 2018-06-22T19:07:54 index: return a unique error code on dirty index When the index is dirty, return GIT_EINDEXDIRTY so that consumers can identify the exact problem programatically.
Edward Thomson 5e26391a 2018-06-18T18:28:08 checkout: FORCE doesn't halt on dirty index If the index is dirty, allow `GIT_CHECKOUT_FORCE` to obliterate unsaved changes. This is in keeping with its name and description.
Edward Thomson b242cdbf 2017-11-17T00:19:07 index: commit the changes to the index properly Now that the index has a "dirty" state, where it has changes that have not yet been committed or rolled back, our tests need to be adapted to actually commit or rollback the changes instead of assuming that the index can be operated on in its indeterminate state.
Edward Thomson dc4a18c7 2017-11-12T08:23:13 index: test dirty index bit Test that any changes to the index will mark the index as dirty. Also ensure that when we initialize a new index, read the index contents from disk, or write the index contents to disk that we reset the dirty flag to zero. Further ensure that an unforced read with dirty contents (when the on-disk index has not changed) does _not_ reset the dirty flag as we have not updated the contents of our index and our unsaved contents remain intact.
Edward Thomson 55a96606 2018-06-18T16:14:26 checkout tests: validate GIT_CHECKOUT_NO_REFRESH Add tests that ensure that we re-read the on-disk image by default during checkout, but when the `GIT_CHECKOUT_NO_REFRESH` option is specified, we do _not_ re-read the index.
Etienne Samson 8356bf7e 2018-06-29T14:39:14 tests: worktree/bare: test some paths
Etienne Samson d0921127 2018-06-29T14:39:13 tests: add a helper to build sandbox subpaths quickly
Etienne Samson 83c35f7e 2018-06-29T14:39:11 tests: worktree/bare: fix git_worktree_validate
Etienne Samson bd40f0d7 2018-06-29T14:39:10 tests: worktree/bare: check git_worktree_list
Etienne Samson 7e3c13e0 2018-06-29T14:39:08 tests: worktree/bare: gather all tests
Patrick Steinhardt af3088e4 2018-06-29T11:45:15 refspec: rename `git_refspec__free` to `git_refspec__dispose` Since commit 630a67366 (refspec: add public parsing api, 2018-02-07), we now have two functions `git_refspec_free` and `git_refspec__free`. The difference is that the first one will free the structure itself, while the second one will only free the structure's contents. Use our new `dispose` naming pattern for the latter function to help avoid confusion.
Patrick Steinhardt 7192e26f 2018-06-29T09:43:33 Merge pull request #4519 from cynecx/refspec-parsing refspec: add public parsing api
Patrick Steinhardt 24597812 2018-06-29T09:11:02 delta: fix out-of-bounds read of delta When computing the offset and length of the delta base, we repeatedly increment the `delta` pointer without checking whether we have advanced past its end already, which can thus result in an out-of-bounds read. Fix this by repeatedly checking whether we have reached the end. Add a test which would cause Valgrind to produce an error. Reported-by: Riccardo Schirone <rschiron@redhat.com> Test-provided-by: Riccardo Schirone <rschiron@redhat.com>
Patrick Steinhardt 7db25870 2018-06-29T07:45:18 delta: fix sign-extension of big left-shift Our delta code was originally adapted from JGit, which itself adapted it from git itself. Due to this heritage, we inherited a bug from git.git in how we compute the delta offset, which was fixed upstream in 48fb7deb5 (Fix big left-shifts of unsigned char, 2009-06-17). As explained by Linus: Shifting 'unsigned char' or 'unsigned short' left can result in sign extension errors, since the C integer promotion rules means that the unsigned char/short will get implicitly promoted to a signed 'int' due to the shift (or due to other operations). This normally doesn't matter, but if you shift things up sufficiently, it will now set the sign bit in 'int', and a subsequent cast to a bigger type (eg 'long' or 'unsigned long') will now sign-extend the value despite the original expression being unsigned. One example of this would be something like unsigned long size; unsigned char c; size += c << 24; where despite all the variables being unsigned, 'c << 24' ends up being a signed entity, and will get sign-extended when then doing the addition in an 'unsigned long' type. Since git uses 'unsigned char' pointers extensively, we actually have this bug in a couple of places. In our delta code, we inherited such a bogus shift when computing the offset at which the delta base is to be found. Due to the sign extension we can end up with an offset where all the bits are set. This can allow an arbitrary memory read, as the addition in `base_len < off + len` can now overflow if `off` has all its bits set. Fix the issue by casting the result of `*delta++ << 24UL` to an unsigned integer again. Add a test with a crafted delta that would actually succeed with an out-of-bounds read in case where the cast wouldn't exist. Reported-by: Riccardo Schirone <rschiron@redhat.com> Test-provided-by: Riccardo Schirone <rschiron@redhat.com>
Edward Thomson 7330ae67 2018-06-26T10:45:57 index::addall tests: write the index When running `git_index_add_all`, we should write the index to disk so that we can re-read it safely during status.
Edward Thomson 08ea0d7d 2018-02-18T11:49:08 index::reuc tests: test that checkout succeeds The index::reuc tests must test that the checkout itself succeeds, otherwise subsequent tests are not valid. In fact, the checkouts were failing because when checking out `SAFE`, they cannot update the files that are in conflict. Change the checkout level to `FORCE` to ensure that they get updated correctly.
Edward Thomson c4ce017f 2018-02-18T22:27:34 index::names tests: add conflicts with high stages We add entries into the main index to correspond with the NAME entries that we're going to test. NAME entries store the results of conflicts occuring with rename detection during merge, and they must correspond to conflicts in the index. This test was mistakenly adding regular entries. The checkout validation failed, since it requires NAME entries to correspond to high-stage (conflict) entries. Correct the test to actually create conflicts.
Nelson Elhage 46c9f26f 2018-06-25T15:47:31 Add a test. Verified that this breaks before the fix and passes afterwards.
Nika Layzell 4fd81c53 2018-06-18T19:43:53 Clear revwalk sorting when resetting Currently we fail to clear the sorting flag for revwalks when resetting. This caused a poor interaction with the limited flag during a recent patch. This patch clears the revwalk sorting flag and causes it to no longer persist over resets.