kmx git

Commit	Date	Message
f673e232	2018-12-27T13:47:34	git_error: use new names in internal APIs and usage Move to the `git_error` name in the internal API for error-related functions.
168fe39b	2018-11-28T14:26:57	object_type: use new enumeration names Use the new object_type enumeration names within the codebase.
18e71e6d	2018-11-28T13:31:06	index: use new enum and structure names Use the new-style index names throughout our own codebase.
7fafec0e	2018-10-29T18:32:39	tree: fix integer overflow when reading unreasonably large filemodes The `parse_mode` option uses an open-coded octal number parser. The parser is quite naive in that it simply parses until hitting a character that is not in the accepted range of '0' - '7', completely ignoring the fact that we can at most accept a 16 bit unsigned integer as filemode. If the filemode is bigger than UINT16_MAX, it will thus overflow and provide an invalid filemode for the object entry. Fix the issue by using `git__strntol32` instead and doing a bounds check. As this function already handles overflows, it neatly solves the problem. Note that previously, `parse_mode` was also skipping the character immediately after the filemode. In proper trees, this should be a simple space, but in fact the parser accepted any character and simply skipped over it. As a consequence of using `git__strntol32`, we now need to an explicit check for a trailing whitespace after having parsed the filemode. Because of the newly introduced error message, the test object::tree::parse::mode_doesnt_cause_oob_read needs adjustment to its error message check, which in fact is a good thing as it demonstrates that we now fail looking for the whitespace immediately following the filemode. Add a test that shows that we will fail to parse such invalid filemodes now.
f647bbc8	2018-10-29T17:25:09	tree: fix mode parsing reading out-of-bounds When parsing a tree entry's mode, we will eagerly parse until we hit a character that is not in the accepted set of octal digits '0' - '7'. If the provided buffer is not a NUL terminated one, we may thus read out-of-bounds. Fix the issue by passing the buffer length to `parse_mode` and paying attention to it. Note that this is not a vulnerability in our usual code paths, as all object data read from the ODB is NUL terminated.
d4ad658a	2018-10-29T17:24:47	tree: add various tests exercising the tree parser We currently don't have any tests that directly exercise the tree parser. This is due to the fact that the parsers for raw object data has only been recently introduce with commit ca4db5f4a (object: implement function to parse raw data, 2017-10-13), and previous to that the setup simply was too cumbersome as it always required going through the ODB. Now that we have the infrastructure, add a suite of tests that directly exercise the tree parser and various edge cases.
f00db9ed	2018-07-27T12:00:37	tree: rename from_tree to validate and clarify the tree in the test
2dff7e28	2018-07-18T21:04:13	tree: accept null ids in existing trees when updating When we add entries to a treebuilder we validate them. But we validate even those that we're adding because they exist in the base tree. This disables using the normal mechanisms on these trees, even to fix them. Keep track of whether the entry we're appending comes from an existing tree and bypass the name and id validation if it's from existing data.
9994cd3f	2018-06-25T11:56:52	treewide: remove use of C++ style comments C++ style comment ("//") are not specified by the ISO C90 standard and thus do not conform to it. While libgit2 aims to conform to C90, we did not enforce it until now, which is why quite a lot of these non-conforming comments have snuck into our codebase. Do a tree-wide conversion of all C++ style comments to the supported C style comments to allow us enforcing strict C90 compliance in a later commit.
ecf4f33a	2018-02-08T11:14:48	Convert usage of `git_buf_free` to new `git_buf_dispose`
a554d588	2018-02-28T12:21:08	tree: initialize the id we use for testing submodule insertions Instead of laving it uninitialized and relying on luck for it to be non-zero, let's give it a dummy hash so we make valgrind happy (in this case the hash comes from `sha1sum </dev/null`.
c0487bde	2018-01-12T08:23:43	tree: reject writing null-OID entries to a tree In commit a96d3cc3f (cache-tree: reject entries with null sha1, 2017-04-21), the git.git project has changed its stance on null OIDs in tree objects. Previously, null OIDs were accepted in tree entries to help tools repair broken history. This resulted in some problems though in that many code paths mistakenly passed null OIDs to be added to a tree, which was not properly detected. Align our own code base according to the upstream change and reject writing tree entries early when the OID is all-zero.
1d41b86c	2016-11-14T12:22:20	tree: add a failing test for unsorted input We do not currently use the sorted version of this input in the function, which means we produce bad results.
a2cb4713	2016-05-24T14:30:43	tree: handle removal of all entries in the updater When we remove all entries in a tree, we should remove that tree from its parent rather than include the empty tree.
53412305	2016-05-19T15:29:53	tree: plug leaks in the tree updater
92249656	2016-05-19T15:21:26	tree: use testrepo2 for the tree updater tests This gives us trees with subdirectories, which the new test needs.
9464f9eb	2016-05-02T17:36:58	Introduce a function to create a tree based on a different one Instead of going through the usual steps of reading a tree recursively into an index, modifying it and writing it back out as a tree, introduce a function to perform simple updates more efficiently. `git_tree_create_updated` avoids reading trees which are not modified and supports upsert and delete operations. It is not as versatile as modifying the index, but it makes some common operations much more efficient.
60a194aa	2016-03-20T11:00:12	tree: re-use the id and filename in the odb object Instead of copying over the data into the individual entries, point to the originals, which are already in a format we can use.
ea5bf6bb	2016-03-04T12:34:38	treebuilder: don't try to verify submodules exist in the odb Submodules don't exist in the objectdb and the code is making us try to look for a blob with its commit id, which is obviously not going to work. Skip the test if the user wants to insert a submodule.
f2dddf52	2016-02-28T15:51:38	turn on strict object validation by default
4afe536b	2016-02-28T16:02:49	tests: use legitimate object ids Use legitimate (existing) object IDs in tests so that we have the ability to turn on strict object validation when running tests.
2bbc7d3e	2016-02-23T15:00:27	treebuilder: validate tree entries (optionally) When `GIT_OPT_ENABLE_STRICT_OBJECT_CREATION` is turned on, validate the tree and parent ids given to treebuilder insertion.
2f1080ea	2015-05-19T11:17:07	conflict tests: use GIT_IDXENTRY_STAGE_SET
c4a2fd5c	2015-01-04T17:39:43	Plug a couple of leaks
208a2c8a	2014-12-27T12:09:11	treebuilder: rename _create() to _new() This function is a constructor, so let's name it like one and leave _create() for the reference functions, which do create/write the reference.
dce7b1a4	2014-12-16T19:24:04	treebuilder: take a repository for path validation Path validation may be influenced by `core.protectHFS` and `core.protectNTFS` configuration settings, thus treebuilders can take a repository to influence their configuration.
4d3f1f97	2014-06-09T04:38:22	treebuilder: use a map instead of vector to store the entries Finding a filename in a vector means we need to resort it every time we want to read from it, which includes every time we want to write to it as well, as we want to find duplicate keys. A hash-map fits what we want to do much more accurately, as we do not care about sorting, but just the particular filename. We still keep removed entries around, as the interface let you assume they were going to be around until the treebuilder is cleared or freed, but in this case that involves an append to a vector in the filter case, which can now fail. The only time we care about sorting is when we write out the tree, so let's make that the only time we do any sorting.
629ba7f1	2014-02-05T13:07:46	Merge pull request #2027 from libgit2/rb/only-windows-is-windows Some tests of paths that can't actually be written to disk
d541170c	2014-01-24T11:36:41	index: rename an entry's id to 'id' This was not converted when we converted the rest, so do it now.
79ccb921	2014-01-03T14:26:02	Further tree building tests with hard paths
97bbf61e	2014-01-03T12:14:22	Tree accessor tests with hard path names
452c7de6	2013-12-12T14:16:40	Add git_treebuilder_insert test and clarify doc This wasn't being tested and since it has a callback, I fixed it even though the return value of this callback is not treated like any of the other callbacks in the API.
25e0b157	2013-12-06T15:07:57	Remove converting user error to GIT_EUSER This changes the behavior of callbacks so that the callback error code is not converted into GIT_EUSER and instead we propagate the return value through to the caller. Instead of using the giterr_capture and giterr_restore functions, we now rely on all functions to pass back the return value from a callback. To avoid having a return value with no error message, the user can call the public giterr_set_str or some such function to set an error message. There is a new helper 'giterr_set_callback' that functions can invoke after making a callback which ensures that some error message was set in case the callback did not set one. In places where the sign of the callback return value is meaningful (e.g. positive to skip, negative to abort), only the negative values are returned back to the caller, obviously, since the other values allow for continuing the loop. The hardest parts of this were in the checkout code where positive return values were overloaded as meaningful values for checkout. I fixed this by adding an output parameter to many of the internal checkout functions and removing the overload. This added some code, but it is probably a better implementation. There is some funkiness in the network code where user provided callbacks could be returning a positive or a negative value and we want to rely on that to cancel the loop. There are still a couple places where an user error might get turned into GIT_EUSER there, I think, though none exercised by the tests.
17820381	2013-11-14T14:05:52	Rename tests-clar to tests

f673e232

2018-12-27T13:47:34

git_error: use new names in internal APIs and usage Move to the `git_error` name in the internal API for error-related functions.

168fe39b

2018-11-28T14:26:57

object_type: use new enumeration names Use the new object_type enumeration names within the codebase.

18e71e6d

2018-11-28T13:31:06

index: use new enum and structure names Use the new-style index names throughout our own codebase.

7fafec0e

2018-10-29T18:32:39

tree: fix integer overflow when reading unreasonably large filemodes The `parse_mode` option uses an open-coded octal number parser. The parser is quite naive in that it simply parses until hitting a character that is not in the accepted range of '0' - '7', completely ignoring the fact that we can at most accept a 16 bit unsigned integer as filemode. If the filemode is bigger than UINT16_MAX, it will thus overflow and provide an invalid filemode for the object entry. Fix the issue by using `git__strntol32` instead and doing a bounds check. As this function already handles overflows, it neatly solves the problem. Note that previously, `parse_mode` was also skipping the character immediately after the filemode. In proper trees, this should be a simple space, but in fact the parser accepted any character and simply skipped over it. As a consequence of using `git__strntol32`, we now need to an explicit check for a trailing whitespace after having parsed the filemode. Because of the newly introduced error message, the test object::tree::parse::mode_doesnt_cause_oob_read needs adjustment to its error message check, which in fact is a good thing as it demonstrates that we now fail looking for the whitespace immediately following the filemode. Add a test that shows that we will fail to parse such invalid filemodes now.

f647bbc8

2018-10-29T17:25:09

tree: fix mode parsing reading out-of-bounds When parsing a tree entry's mode, we will eagerly parse until we hit a character that is not in the accepted set of octal digits '0' - '7'. If the provided buffer is not a NUL terminated one, we may thus read out-of-bounds. Fix the issue by passing the buffer length to `parse_mode` and paying attention to it. Note that this is not a vulnerability in our usual code paths, as all object data read from the ODB is NUL terminated.

d4ad658a

2018-10-29T17:24:47

tree: add various tests exercising the tree parser We currently don't have any tests that directly exercise the tree parser. This is due to the fact that the parsers for raw object data has only been recently introduce with commit ca4db5f4a (object: implement function to parse raw data, 2017-10-13), and previous to that the setup simply was too cumbersome as it always required going through the ODB. Now that we have the infrastructure, add a suite of tests that directly exercise the tree parser and various edge cases.

f00db9ed

2018-07-27T12:00:37

tree: rename from_tree to validate and clarify the tree in the test

2dff7e28

2018-07-18T21:04:13

tree: accept null ids in existing trees when updating When we add entries to a treebuilder we validate them. But we validate even those that we're adding because they exist in the base tree. This disables using the normal mechanisms on these trees, even to fix them. Keep track of whether the entry we're appending comes from an existing tree and bypass the name and id validation if it's from existing data.

9994cd3f

2018-06-25T11:56:52

treewide: remove use of C++ style comments C++ style comment ("//") are not specified by the ISO C90 standard and thus do not conform to it. While libgit2 aims to conform to C90, we did not enforce it until now, which is why quite a lot of these non-conforming comments have snuck into our codebase. Do a tree-wide conversion of all C++ style comments to the supported C style comments to allow us enforcing strict C90 compliance in a later commit.

ecf4f33a

2018-02-08T11:14:48

Convert usage of `git_buf_free` to new `git_buf_dispose`

a554d588

2018-02-28T12:21:08

tree: initialize the id we use for testing submodule insertions Instead of laving it uninitialized and relying on luck for it to be non-zero, let's give it a dummy hash so we make valgrind happy (in this case the hash comes from `sha1sum </dev/null`.

c0487bde

2018-01-12T08:23:43

tree: reject writing null-OID entries to a tree In commit a96d3cc3f (cache-tree: reject entries with null sha1, 2017-04-21), the git.git project has changed its stance on null OIDs in tree objects. Previously, null OIDs were accepted in tree entries to help tools repair broken history. This resulted in some problems though in that many code paths mistakenly passed null OIDs to be added to a tree, which was not properly detected. Align our own code base according to the upstream change and reject writing tree entries early when the OID is all-zero.

1d41b86c

2016-11-14T12:22:20

tree: add a failing test for unsorted input We do not currently use the sorted version of this input in the function, which means we produce bad results.

a2cb4713

2016-05-24T14:30:43

tree: handle removal of all entries in the updater When we remove all entries in a tree, we should remove that tree from its parent rather than include the empty tree.

53412305

2016-05-19T15:29:53

tree: plug leaks in the tree updater

92249656

2016-05-19T15:21:26

tree: use testrepo2 for the tree updater tests This gives us trees with subdirectories, which the new test needs.

9464f9eb

2016-05-02T17:36:58

Introduce a function to create a tree based on a different one Instead of going through the usual steps of reading a tree recursively into an index, modifying it and writing it back out as a tree, introduce a function to perform simple updates more efficiently. `git_tree_create_updated` avoids reading trees which are not modified and supports upsert and delete operations. It is not as versatile as modifying the index, but it makes some common operations much more efficient.

60a194aa

2016-03-20T11:00:12

tree: re-use the id and filename in the odb object Instead of copying over the data into the individual entries, point to the originals, which are already in a format we can use.

ea5bf6bb

2016-03-04T12:34:38

treebuilder: don't try to verify submodules exist in the odb Submodules don't exist in the objectdb and the code is making us try to look for a blob with its commit id, which is obviously not going to work. Skip the test if the user wants to insert a submodule.

f2dddf52

2016-02-28T15:51:38

turn on strict object validation by default

4afe536b

2016-02-28T16:02:49

tests: use legitimate object ids Use legitimate (existing) object IDs in tests so that we have the ability to turn on strict object validation when running tests.

2bbc7d3e

2016-02-23T15:00:27

treebuilder: validate tree entries (optionally) When `GIT_OPT_ENABLE_STRICT_OBJECT_CREATION` is turned on, validate the tree and parent ids given to treebuilder insertion.

2f1080ea

2015-05-19T11:17:07

conflict tests: use GIT_IDXENTRY_STAGE_SET

c4a2fd5c

2015-01-04T17:39:43

Plug a couple of leaks

208a2c8a

2014-12-27T12:09:11

treebuilder: rename _create() to _new() This function is a constructor, so let's name it like one and leave _create() for the reference functions, which do create/write the reference.

dce7b1a4

2014-12-16T19:24:04

treebuilder: take a repository for path validation Path validation may be influenced by `core.protectHFS` and `core.protectNTFS` configuration settings, thus treebuilders can take a repository to influence their configuration.

4d3f1f97

2014-06-09T04:38:22

treebuilder: use a map instead of vector to store the entries Finding a filename in a vector means we need to resort it every time we want to read from it, which includes every time we want to write to it as well, as we want to find duplicate keys. A hash-map fits what we want to do much more accurately, as we do not care about sorting, but just the particular filename. We still keep removed entries around, as the interface let you assume they were going to be around until the treebuilder is cleared or freed, but in this case that involves an append to a vector in the filter case, which can now fail. The only time we care about sorting is when we write out the tree, so let's make that the only time we do any sorting.

629ba7f1

2014-02-05T13:07:46

Merge pull request #2027 from libgit2/rb/only-windows-is-windows Some tests of paths that can't actually be written to disk

d541170c

2014-01-24T11:36:41

index: rename an entry's id to 'id' This was not converted when we converted the rest, so do it now.

79ccb921

2014-01-03T14:26:02

Further tree building tests with hard paths

97bbf61e

2014-01-03T12:14:22

Tree accessor tests with hard path names

452c7de6

2013-12-12T14:16:40

Add git_treebuilder_insert test and clarify doc This wasn't being tested and since it has a callback, I fixed it even though the return value of this callback is not treated like any of the other callbacks in the API.

25e0b157

2013-12-06T15:07:57

Remove converting user error to GIT_EUSER This changes the behavior of callbacks so that the callback error code is not converted into GIT_EUSER and instead we propagate the return value through to the caller. Instead of using the giterr_capture and giterr_restore functions, we now rely on all functions to pass back the return value from a callback. To avoid having a return value with no error message, the user can call the public giterr_set_str or some such function to set an error message. There is a new helper 'giterr_set_callback' that functions can invoke after making a callback which ensures that some error message was set in case the callback did not set one. In places where the sign of the callback return value is meaningful (e.g. positive to skip, negative to abort), only the negative values are returned back to the caller, obviously, since the other values allow for continuing the loop. The hardest parts of this were in the checkout code where positive return values were overloaded as meaningful values for checkout. I fixed this by adding an output parameter to many of the internal checkout functions and removing the overload. This added some code, but it is probably a better implementation. There is some funkiness in the network code where user provided callbacks could be returning a positive or a negative value and we want to rely on that to cancel the loop. There are still a couple places where an user error might get turned into GIT_EUSER there, I think, though none exercised by the tests.

17820381

2013-11-14T14:05:52

Rename tests-clar to tests

thodg/libgit2/tests/object/tree

tests/object/tree

Log