src


Log

Author Commit Date CI Message
Patrick Steinhardt 8d3ee96a 2016-03-10T16:11:51 refdb_fs: fail if refcache returns NULL pointer We usually check entries returned by `git_sortedcache_entry` for NULL pointers. As we have a write lock in `packed_write`, though, it really should not happen that the function returns NULL. Assert that ref is not NULL to silence a Coverity warning.
Patrick Steinhardt d96c0638 2016-03-01T19:11:33 submodule: avoid passing NULL pointers to strncmp In C89 it is undefined behavior to pass `NULL` pointers to `strncmp` and later on in C99 it has been explicitly stated that functions with an argument declared as `size_t nmemb` specifying the array length shall always have valid parameters, no matter if `nmemb` is 0 or not (see ISO 9899 §7.21.1.2). The function `str_equal_no_trailing_slash` always passes its parameters to `strncmp` if their lengths match. This means if one parameter is `NULL` and the other one either `NULL` or a string with length 0 we will pass the pointers to `strncmp` and cause undefined behavior. Fix this by explicitly handling the case when both lengths are 0.
Patrick Steinhardt 1a16e8b0 2016-03-01T17:55:40 pack-objects: fix memory leak on overflow
Patrick Steinhardt 851c51ab 2016-03-10T10:40:47 diff_tform: fix potential NULL pointer access When the user passes in a diff which has no repository associated we may call `git_config__get_int_force` with a NULL-pointer configuration. Even though `git_config__get_int_force` is designed to swallow errors, it is not intended to be called with a NULL pointer configuration. Fix the issue by only calling `git_config__get_int_force` only when configuration could be retrieved from the repository.
Patrick Steinhardt e114bbac 2016-03-01T16:00:49 index: assert required OID are non-NULL
Patrick Steinhardt d0780b81 2016-03-01T15:35:45 object: avoid call of memset with ouf of bounds pointer When computing a short OID we do this by first copying the leading parts into the new OID structure and then setting the trailing part to zero. In the case of the desired length being `GIT_OID_HEXSZ - 1` we will call `memset` with an out of bounds pointer and a length of 0. While this seems to cause no problems for common platforms the C89 standard does not explicitly state that calling `memset` with an out of bounds pointer and length of 0 is valid. Fix the potential issue by using the newly introduced `git_oid__cpy_prefix` function.
Edward Thomson fa4b93a6 2016-04-11T15:57:23 backport git_oid__cpy_prefix
Patrick Steinhardt e39ad747 2016-03-01T14:40:17 config_file: handle missing quotation marks in section header When parsing a section header we expect something along the format of '[section "subsection"]'. When a section is mal-formated and is entirely missing its quotation marks we catch this case by observing that `strchr(line, '"') - strrchr(line, '"') = NULL - NULL = 0` and error out. Unfortunately, the error message is misleading though, as we state that we are missing the closing quotation mark while we in fact miss both quotation marks. Improve the error message by explicitly checking if the first quotation mark could be found and, if not, stating that quotation marks are completely missing.
Patrick Steinhardt ffb1f419 2016-03-01T14:24:09 describe: handle error code returned by git_pqueue_insert
Carlos Martín Nieto 4ebf745f 2016-03-09T11:16:16 mwindow: free unused windows if we fail to mmap The first time may be due to memory fragmentation or just bad luck on a 32-bit system. When we hit the mmap error for the first time, free up the unused windows and try again.
Chris Hescock 9ee498e8 2016-03-08T10:16:37 Only buffer if necessary.
Edward Thomson eb09ead2 2016-03-04T01:18:30 odb: improved not found error messages When looking up an abbreviated oid, show the actual (abbreviated) oid the caller passed instead of a full (but ambiguously truncated) oid.
P.S.V.R cdded630 2016-01-13T11:07:14 Remove duplicated calls to git_mwindow_close
Chris Hescock e3862c9f 2016-01-11T17:09:32 Buffer sideband packet data The inner packet may be split across multiple sideband packets.
Yong Li 8ec3d88f 2015-12-24T10:04:44 Avoid subtraction overflow in git_indexer_commit
Chris Bargren 4a93a7fc 2015-12-28T11:37:39 Tabs
Chris Bargren e44f6586 2015-12-28T07:43:24 Removing #define for SSH_PREFIX_COUNT and using ARRAY_SIZE instead Also moving var declarations to top of blocks to support bad old compilers
Chris Bargren ff8e3f0e 2015-12-22T10:38:31 Handle git+ssh:// and ssh+git:// protocols support
Carlos Martín Nieto ea5bf6bb 2016-03-04T12:34:38 treebuilder: don't try to verify submodules exist in the odb Submodules don't exist in the objectdb and the code is making us try to look for a blob with its commit id, which is obviously not going to work. Skip the test if the user wants to insert a submodule.
Carlos Martín Nieto 22f3d3aa 2016-03-03T22:26:31 ssh: initialize libssh2 We should have been doing this, but it initializes itself upon first use, which works as long as nobody's doing concurrent network operations. Initialize it on our init to make sure it's not getting initialized concurrently.
Carlos Martín Nieto 66a530eb 2016-03-03T20:11:18 Merge pull request #3648 from libgit2/cmn/auth-retry test: make sure we retry the auth callback on all platforms
Carlos Martín Nieto 778fb695 2016-03-03T12:14:02 Merge pull request #3646 from pks-t/pks/xdiff-fix-from-upstream xdiff: fix memleak on error case
Carlos Martín Nieto a4cba9d4 2016-03-03T10:48:24 winhttp: retry authentication If the caller has provided bad authentication, give them another apportunity to get it right until they give up. This brings WinHTTP in line with the other transports.
Edward Thomson edaffe22 2016-03-01T17:16:27 Merge pull request #3633 from ethomson/safe_creation Stricter object dependency checking during creation
Patrick Steinhardt a4ea7faa 2016-03-01T08:54:00 xdiff: fix memleak on error case Commit 3d1abc5afce fixes a memory leak in the xdiff code. In the process of upstreaming the fix it was pointed out by Johannes Schindelin that there is another memory leak present (see [1]). Fix the second memory leak by applying the upstream fix to our code base. [1]: http://thread.gmane.org/gmane.comp.version-control.git/287034
Edward Thomson dbee6835 2016-02-28T20:13:24 Merge pull request #3567 from sba1/few-p_getaddrinfo-fixes Few p_getaddrinfo fixes
Edward Thomson f2dddf52 2016-02-28T15:51:38 turn on strict object validation by default
Edward Thomson 98c34149 2016-02-28T15:11:15 refs: honor strict object creation
Edward Thomson 3ef01e77 2016-02-28T14:37:37 git_object__is_valid: use `odb_read_header` This allows lighter weight validation in `git_object__is_valid` that does not require reading the entire object.
Edward Thomson 6ddf533a 2016-02-23T18:29:16 git_index_add: validate objects in index entries (optionally) When `GIT_OPT_ENABLE_STRICT_OBJECT_CREATION` is turned on, validate the index entries given to `git_index_add`.
Edward Thomson 2bbc7d3e 2016-02-23T15:00:27 treebuilder: validate tree entries (optionally) When `GIT_OPT_ENABLE_STRICT_OBJECT_CREATION` is turned on, validate the tree and parent ids given to treebuilder insertion.
Edward Thomson ef63bab3 2016-02-23T13:34:35 git_commit: validate tree and parent ids When `GIT_OPT_ENABLE_STRICT_OBJECT_CREATION` is turned on, validate the tree and parent ids given to commit creation functions.
Edward Thomson 7565dc65 2016-02-23T13:33:10 git_object__is_valid: simple object validity test
Edward Thomson 22a19f5b 2016-02-22T23:46:50 git_libgit2_opts: introduce `GIT_OPT_ENABLE_STRICT_OBJECT_CREATION`
Edward Thomson 6cc4bac8 2016-02-28T11:31:10 Merge pull request #3577 from rossdylan/rossdylan/pooldebug Add a new build flag to disable the pool allocator
Ross Delinger 93e16642 2016-02-26T12:51:13 Fixed typo in one of the ifndef's in pool.h used to enable/disable debug mode
Carlos Martín Nieto 9f4e7c84 2016-02-25T18:42:09 Merge pull request #3638 from ethomson/nsec USE_NSECS fixes
Edward Thomson 0d9a7498 2016-02-25T12:09:49 Merge pull request #3628 from pks-t/pks/coverity-fixes Coverity fixes
Edward Thomson fd129f28 2016-02-25T11:59:00 Merge pull request #3630 from libgit2/cmn/idx-extra-check Extra checks for packfile indices
Edward Thomson 3d6a42d1 2016-02-25T11:23:19 nsec: support NDK's crazy nanoseconds Android NDK does not have a `struct timespec` in its `struct stat` for nanosecond support, instead it has a single nanosecond member inside the struct stat itself. We will use that and use a macro to expand to the `st_mtim` / `st_mtimespec` definition on other systems (much like the existing `st_mtime` backcompat definition).
Carlos Martín Nieto 6d97beb9 2016-02-25T15:46:59 pack: don't allow a negative offset
Carlos Martín Nieto ea9e00cb 2016-02-23T18:15:43 pack: make sure we don't go out of bounds for extended entries A corrupt index might have data that tells us to go look past the end of the file for data. Catch these cases and return an appropriate error message.
Carlos Martín Nieto 68ad3156 2016-02-24T17:17:57 openssl: we already had the function, just needed the header
Carlos Martín Nieto f3d1be7d 2016-02-24T16:38:22 openssl: export the locking function when building without OpenSSL This got lost duing the move and it lets the users call this function just in case.
Edward Thomson 04c3b35f 2016-02-23T13:02:07 map: use `giterr_set` internally Use the `giterr_set` function, which actually supports `GITERR_OS`. The `giterr_set_str` function is exposed for external users and will not append the operating system's error message.
Patrick Steinhardt 32f07984 2016-02-23T11:07:03 diff_tform: fix potential NULL pointer access The `normalize_find_opts` function in theory allows for the incoming diff to have no repository. When the caller does not pass in diff find options or if the GIT_DIFF_FIND_BY_CONFIG value is set, though, we try to derive the configuration from the diff's repository configuration without first verifying that the repository is actually set to a non-NULL value. Fix this issue by explicitly checking if the repository is set and if it is not, fall back to a default value of GIT_DIFF_FIND_RENAMES.
Patrick Steinhardt 3d1abc5a 2016-02-22T17:13:23 xmerge: fix memory leak on error path
Patrick Steinhardt 05bf67b9 2016-02-23T11:16:36 openssl_stream: fix NULL pointer dereference
Patrick Steinhardt 2baf854e 2016-02-22T16:08:56 openssl_stream: fix memory leak when creating new stream
Patrick Steinhardt 2afb6fa4 2016-02-22T16:05:13 rebase: plug memory leak in `rebase_alloc` Convert `rebase_alloc` to use our usual error propagation patterns, that is accept an out-parameter and return an error code that is to be checked by the caller. This allows us to use the GITERR_CHECK_ALLOC macro, which helps static analysis.
Patrick Steinhardt d0cb11e7 2016-02-22T16:01:03 remote: set error code in `create_internal` Set the error code when an error occurs in any of the called functions. This ensures we pass the error up to callers and actually free the remote when an error occurs.
Patrick Steinhardt 0f1e2d20 2016-02-23T11:23:26 index: fix contradicting comparison The overflow check in `read_reuc` tries to verify if the `git__strtol32` parses an integer bigger than UINT_MAX. The `tmp` variable is casted to an unsigned int for this and then checked for being greater than UINT_MAX, which obviously can never be true. Fix this by instead fixing the `mode` field's size in `struct git_index_reuc_entry` to `uint32_t`. We can now parse the int with `git__strtol64`, which can never return a value bigger than `UINT32_MAX`, and additionally checking if the returned value is smaller than zero. We do not need to handle overflows explicitly here, as `git__strtol64` returns an error when the returned value would overflow.
Patrick Steinhardt 7808c937 2016-02-22T15:59:15 index: plug memory leak in `read_conflict_names`
Patrick Steinhardt 003c5e46 2016-02-22T15:52:49 transports: smart_pkt: fix memory leaks on error paths
Patrick Steinhardt 793e0855 2016-02-22T14:06:48 refdb_fs: remove unnecessary check for NULL The fail-label of `reflog_parse` explicitly checks the entry poitner for NULL before freeing it. When we jump to the label the variable has to be set to a non-NULL and valid pointer though: if the allocation fails we immediately return with an error code and if the loop was not entered we return with a success code, withouth executing the label's code. Remove the useless NULL-check to silence Coverity.
Patrick Steinhardt be8479c9 2016-02-22T14:01:50 diff_print: assert patch is non-NULL When invoking `diff_print_info_init_frompatch` it is obvious that the patch should be non-NULL. We explicitly check if the variable is set and continue afterwards, happily dereferencing the potential NULL-pointer. Fix this by instead asserting that patch is set. This also silences Coverity.
Patrick Steinhardt bac52ab0 2016-02-22T13:48:45 pack-objects: return early when computing write order fails The function `compute_write_order` may return a `NULL`-pointer when an error occurs. In such cases we jump to the `done`-label where we try to clean up allocated memory. Unfortunately we try to deallocate the `write_order` array, though, which may be NULL here. Fix this error by returning early instead of jumping to the `done` label. There is no data to be cleaned up anyway.
Patrick Steinhardt d1c9a48d 2016-02-23T10:45:09 pack-objects: check realloc in try_delta with GITERR_CHECK_ALLOC
Patrick Steinhardt 2129d6df 2016-02-22T13:33:48 crlf: do not ignore GIT_PASSTHROUGH error When no payload is set for `crlf_apply` we try to compute the crlf attributes ourselves with `crlf_check`. When the function determines that the current file does not require any treatment we return the GIT_PASSTHROUGH error code without actually allocating the out-pointer, which indicates the file should not be passed through the filter. The `crlf_apply` function explicitly checks for the GIT_PASSTHROUGH return code and ignores it. This means we will try to apply the crlf-filter to the current file, leading us to dereference the unallocated payload-pointer. Fix this obviously incorrect behavior by not treating GIT_PASSTHROUGH in any special way. This is the correct thing to do anyway, as the code indicates that the file should not be passed through the filter.
Patrick Steinhardt b9f28b8d 2016-02-23T10:09:03 refspec: check buffer with GITERR_CHECK_ALLOC_BUF
Patrick Steinhardt c5bd70d1 2016-02-23T11:48:30 revwalk: use GITERR_CHECK_ALLOC_BUF
Patrick Steinhardt 6e2a3755 2016-02-23T11:45:43 smart_pkt: check buffer with GITERR_CHECK_ALLOC_BUF
Patrick Steinhardt 42c05ed5 2016-02-23T10:02:44 path: use GITERR_CHECK_ALLOC_BUF to verify passed in buffer
Patrick Steinhardt 859ed5dd 2016-02-23T09:54:26 common: introduce GITERR_CHECK_ALLOC_BUF We commonly have to check if a git_buf has been allocated correctly or if we ran out of memory. Introduce a new macro similar to `GITERR_CHECK_ALLOC` which checks if we ran OOM and if so returns an error. Provide a `#nodef` for Coverity to mark the error case as an abort path.
Edward Thomson 7bab2e8f 2016-02-22T23:04:40 git_libgit2_opts: validate key
Carlos Martín Nieto c8fe6c09 2016-02-19T16:23:14 openssl: re-export the last-resort locking function We need to include the header where we define the function. Otherwise it won't be available on the DLL.
Ross Delinger f1260e03 2016-02-19T09:13:40 Remove unnecessary ifdef in pool.h
Carlos Martín Nieto deecaa2e 2016-02-19T13:31:54 openssl: free the context even if we don't connect
Carlos Martín Nieto bf127eec 2016-02-19T13:24:41 global: remove an unused variable
Carlos Martín Nieto 78e16c34 2016-02-19T13:06:51 Merge pull request #3597 from ethomson/filter_registration Filter registration
Patrick Steinhardt 8a62bf11 2016-02-15T11:28:33 netops: fix memory leak when an error occurs
Patrick Steinhardt b0f7512f 2016-02-15T11:46:10 transports: smart_pkt: fix memory leaks
Patrick Steinhardt 704554cd 2016-02-15T11:37:48 transports: smart: fix memory leak on OOM path
Patrick Steinhardt 038d7af0 2016-02-15T11:30:48 signature: use GITERR_CHECK_ALLOC to check for OOM situation When checking for out of memory situations we usually use the GITERR_CHECK_ALLOC macro. Besides conforming to our current code base it adds the benefit of silencing errors in Coverity due to Coverity handling the macro's error path as abort.
Carlos Martín Nieto c1b75f05 2016-02-18T15:11:31 Merge pull request #3604 from ethomson/nsec_xplat Handle `USE_NSECS`
Carlos Martín Nieto b85d0afd 2016-02-18T15:11:02 Merge pull request #3606 from ethomson/drop_xp win32: drop xp support in WideCharToMultiByte
Carlos Martín Nieto 5663d4f6 2016-02-18T12:31:56 Merge pull request #3613 from ethomson/fixups Remove most of the silly warnings
Carlos Martín Nieto 594a5d12 2016-02-18T12:28:06 Merge pull request #3619 from ethomson/win32_forbidden win32: allow us to read indexes with forbidden paths on win32
Edward Thomson 318b825e 2016-02-16T17:11:46 index: allow read of index w/ illegal entries Allow `git_index_read` to handle reading existing indexes with illegal entries. Allow the low-level `git_index_add` to add properly formed `git_index_entry`s even if they contain paths that would be illegal for the current filesystem (eg, `AUX`). Continue to disallow `git_index_add_bypath` from adding entries that are illegal universally illegal (eg, `.git`, `foo/../bar`).
Edward Thomson 4fea9cff 2016-02-16T13:08:55 iterator: assert tree_iterator has a frame Although a `tree_iterator` that failed to be properly created does not have a frame, all other `tree_iterator`s should. Do not call `pop` in the failure case, but assert that in all other cases there is a frame.
Colin Xu a218b2f6 2016-01-22T16:03:37 Validate pointer before access the member. When Git repository at network locations, sometimes git_iterator_for_tree fails at iterator__update_ignore_case so it goes to git_iterator_free. Null pointer will crash the process if not check. Signed-off-by: Colin Xu <colin.xu@gmail.com>
Carlos Martín Nieto eadd0f05 2016-02-16T14:06:48 commit: expose the different kinds of errors We should be checking whether the object we're looking up is a commit, and we should let the caller know whether the not-found return code comes from a bad object type or just a missing signature.
Edward Thomson 9ce0399c 2016-02-12T10:27:05 winhttp: use an unsigned iterator
Edward Thomson 3b2fa0fb 2016-02-12T10:25:50 submodule: explicitly cast to the teensy time value
Edward Thomson b2ca8d9c 2016-02-12T10:22:54 index: explicitly cast the teeny index entry members
Edward Thomson 997e0301 2016-02-12T10:11:32 index: don't use `seek` return as an error code
Edward Thomson 9a634cba 2016-02-12T10:03:29 index: explicitly cast new hash size to an int
Edward Thomson c4d23928 2016-02-11T15:41:07 fstat: use our custom `stat`
Edward Thomson aadad405 2016-02-11T14:28:31 tree: zap warnings around `size_t` vs `uint16_t`
Edward Thomson f28bae0c 2016-02-15T17:16:00 rebase: persist a single in-memory index When performing an in-memory rebase, keep a single index for the duration, so that callers have the expected index lifecycle and do not hold on to an index that is free'd out from under them.
Edward Thomson 35439f59 2016-02-11T12:24:21 win32: introduce p_timeval that isn't stupid Windows defines `timeval` with `long`, which we cannot sanely cope with. Instead, use a custom timeval struct.
Carlos Martín Nieto 5a296ad0 2016-02-12T00:55:20 Merge pull request #3610 from ethomson/rebase_bare rebase: introduce bare rebasing
Arthur Schreiber 3679ebae 2016-02-11T23:37:52 Horrible fix for #3173.
Carlos Martín Nieto 460ae11f 2016-02-11T22:19:20 commit: don't forget the last header field When we moved the logic to handle the first one, wrong loop logic was kept in place which meant we still finished early. But we now notice it because we're not reading past the last LF we find. This was not noticed before as the last field in the tested commit was multi-line which does not trigger the early break.
Edward Thomson a202e0d4 2016-02-11T10:11:21 rebase: allow custom merge_options Allow callers of rebase to specify custom merge options. This may allow custom conflict resolution, or failing fast when conflicts are detected.
Edward Thomson ee667307 2016-02-11T10:48:48 rebase: introduce inmemory rebasing Introduce the ability to rebase in-memory or in a bare repository. When `rebase_options.inmemory` is specified, the resultant `git_rebase` session will not be persisted to disk. Callers may still analyze the rebase operations, resolve any conflicts against the in-memory index and create the commits. Neither `HEAD` nor the working directory will be updated during this process.
Edward Thomson 494e61b8 2016-02-09T17:44:59 win32: drop xp support in WideCharToMultiByte
Edward Thomson 9447b9e5 2016-02-09T10:40:33 xplat: use st_mtimespec everywhere on mac
Vicent Marti 488e2b85 2016-02-09T16:26:58 Merge pull request #3599 from libgit2/gpgsign Introduce git_commit_extract_signature
Carlos Martín Nieto 534cc5a3 2016-02-09T16:10:43 Merge pull request #3603 from pks-t/pks/coverity-fixes Coverity fixes