|
ea19efc1
|
2018-10-18T15:08:56
|
|
util: fix out of bounds read in error message
When an integer that is parsed with `git__strntol32` is too big to fit
into an int32, we will generate an error message that includes the
actual string that failed to parse. This does not acknowledge the fact
that the string may either not be NUL terminated or alternative include
additional characters after the number that is to be parsed. We may thus
end up printing characters into the buffer that aren't the number or,
worse, read out of bounds.
Fix the issue by utilizing the `endptr` that was set by
`git__strntol64`. This pointer is guaranteed to be set to the first
character following the number, and we can thus use it to compute the
width of the number that shall be printed. Create a test to verify that
we correctly truncate the number.
|
|
39087ab8
|
2018-10-18T12:11:33
|
|
tests: core::strtol: test for some more edge-cases
Some edge cases were currently completely untested, e.g. parsing numbers
greater than INT64_{MIN,MAX}, truncating buffers by length and invalid
characters. Add tests to verify that the system under test performs as
expected.
|
|
8d7fa88a
|
2018-10-18T12:04:07
|
|
util: remove `git__strtol32`
The function `git__strtol32` can easily be misused when untrusted data
is passed to it that may not have been sanitized with trailing `NUL`
bytes. As all usages of this function have now been removed, we can
remove this function altogether to avoid future misuse of it.
|
|
68deb2cc
|
2018-10-18T11:37:10
|
|
util: remove unsafe `git__strtol64` function
The function `git__strtol64` does not take a maximum buffer length as
parameter. This has led to some unsafe usages of this function, and as
such we may consider it as being unsafe to use. As we have now
eradicated all usages of this function, let's remove it completely to
avoid future misuse.
|
|
838a2f29
|
2018-10-07T12:00:48
|
|
Merge pull request #4828 from csware/git_futils_rmdir_r_failing
Add some more tests for git_futils_rmdir_r and some cleanup
|
|
ad273718
|
2018-10-04T10:32:07
|
|
tests: sanitize file hierarchy after running rmdir tests
Currently, we do not clean up after ourselves after tests in core::rmdir
have created new files in the directory hierarchy. This may leave stale
files and/or directories after having run tests, confusing subsequent
tests that expect a pristine test environment. Most importantly, it may
cause the test initialization to fail which expects being able to
re-create the testing hierarchy before each test in case where another
test hasn't cleaned up after itself.
Fix the issue by adding a cleanup function that removes the temporary
testing hierarchy after each test if it still exists.
|
|
e886ab46
|
2018-10-02T19:50:29
|
|
tests: Add some more tests for git_futils_rmdir_r
Signed-off-by: Sven Strickroth <email@cs-ware.de>
|
|
dbb4a586
|
2018-10-05T10:27:33
|
|
tests: fix warning for implicit conversion of integer to pointer
GCC warns by default when implicitly converting integers to pointers or
the other way round, and commit fa48d2ea7 (vector: do not malloc
0-length vectors on dup, 2018-09-26) introduced such an implicit
conversion into our vector tests. While this is totally fine in this
test, as the pointer's value is never being used in the first place, we
can trivially avoid the warning by instead just inserting a pointer for
a variable allocated on the stack into the vector.
|
|
ba1cd495
|
2018-09-28T11:10:49
|
|
Merge pull request #4784 from tiennou/fix/warnings
Some warnings
|
|
fa48d2ea
|
2018-09-26T19:15:35
|
|
vector: do not malloc 0-length vectors on dup
|
|
be4717d2
|
2018-09-18T12:12:06
|
|
path: fix "comparison always true" warning
|
|
9994cd3f
|
2018-06-25T11:56:52
|
|
treewide: remove use of C++ style comments
C++ style comment ("//") are not specified by the ISO C90 standard and
thus do not conform to it. While libgit2 aims to conform to C90, we did
not enforce it until now, which is why quite a lot of these
non-conforming comments have snuck into our codebase. Do a tree-wide
conversion of all C++ style comments to the supported C style comments
to allow us enforcing strict C90 compliance in a later commit.
|
|
ecf4f33a
|
2018-02-08T11:14:48
|
|
Convert usage of `git_buf_free` to new `git_buf_dispose`
|
|
e3d764a4
|
2018-03-29T22:14:12
|
|
tests: clarify comment
|
|
86219f40
|
2017-11-30T15:40:13
|
|
util: introduce `git__prefixncmp` and consolidate implementations
Introduce `git_prefixncmp` that will search up to the first `n`
characters of a string to see if it is prefixed by another string.
This is useful for examining if a non-null terminated character
array is prefixed by a particular substring.
Consolidate the various implementations of `git__prefixcmp` around a
single core implementation and add some test cases to validate its
behavior.
|
|
e9369856
|
2017-03-21T00:25:15
|
|
stream: Gather streams to src/streams
|
|
08c1b8fc
|
2017-08-28T21:24:13
|
|
cmake: simplify some HTTPS tests
|
|
89a34828
|
2017-06-16T13:34:43
|
|
diff: implement function to calculate patch ID
The upstream git project provides the ability to calculate a so-called
patch ID. Quoting from git-patch-id(1):
A "patch ID" is nothing but a sum of SHA-1 of the file diffs
associated with a patch, with whitespace and line numbers ignored."
Patch IDs can be used to identify two patches which are probably the
same thing, e.g. when a patch has been cherry-picked to another branch.
This commit implements a new function `git_diff_patchid`, which gets a
patch and derives an OID from the diff. Note the different terminology
here: a patch in libgit2 are the differences in a single file and a diff
can contain multiple patches for different files. The implementation
matches the upstream implementation and should derive the same OID for
the same diff. In fact, some code has been directly derived from the
upstream implementation.
The upstream implementation has two different modes to calculate patch
IDs, which is the stable and unstable mode. The old way of calculating
the patch IDs was unstable in a sense that a different ordering the
diffs was leading to different results. This oversight was fixed in git
1.9, but as git tries hard to never break existing workflows, the old
and unstable way is still default. The newer and stable way does not
care for ordering of the diff hunks, and in fact it is the mode that
should probably be used today. So right now, we only implement the
stable way of generating the patch ID.
|
|
8296da5f
|
2017-06-14T10:49:28
|
|
Merge pull request #4267 from mohseenrm/master
adding GIT_FILTER_VERSION to GIT_FILTER_INIT as part of convention
|
|
a78441bc
|
2017-06-13T11:05:40
|
|
Adding git_filter_init for initializing `git_filter` struct + unit test
|
|
95170294
|
2017-06-13T11:08:28
|
|
tests: core: test initialization of `git_proxy_options`
Initialization of the `git_proxy_options` structure is never tested
anywhere. Include it in our usual initialization test in
"core::structinit::compare".
|
|
8a5e7aae
|
2017-05-22T12:53:44
|
|
varint: fix computation for remaining buffer space
When encoding varints to a buffer, we want to remain sure that the
required buffer space does not exceed what is actually available. Our
current check does not do the right thing, though, in that it does not
honor that our `pos` variable counts the position down instead of up. As
such, we will require too much memory for small varints and not enough
memory for big varints.
Fix the issue by correctly calculating the required size as
`(sizeof(varint) - pos)`. Add a test which failed before.
|
|
417319cc
|
2017-04-25T10:14:37
|
|
tests: core::features: only check for HTTPS if it is supported
|
|
983979fa
|
2017-03-22T19:52:38
|
|
inet_pton: don't assume addr families don't exist
Address family 5 might exist on some crazy system like Haiku.
Use `INT_MAX-1` as an unsupported address family.
|
|
31059923
|
2017-03-20T12:16:18
|
|
Merge pull request #4169 from csware/absolute-symlink
|
|
c10ce7c2
|
2017-03-20T12:11:05
|
|
tests: filebuf: test writing to symlink with absolute paths
|
|
d087c8f8
|
2017-02-24T14:14:56
|
|
hash: test for sha1 collision attack detection
|
|
40170177
|
2017-02-25T10:21:59
|
|
Fix inet_pton tests triggering an assert in Haiku
Haiku will assert in a nightly build if the "dst" input to inet_pton() is NULL.
|
|
0d716905
|
2017-01-27T15:23:15
|
|
oidmap: remove GIT__USE_OIDMAP macro
|
|
13c3bc9a
|
2017-01-27T14:32:23
|
|
strmap: remove GIT__USE_STRMAP macro
|
|
73028af8
|
2017-01-27T14:20:24
|
|
khash: avoid using macro magic to get return address
|
|
85d2748c
|
2017-01-27T14:05:10
|
|
khash: avoid using `kh_key`/`kh_val` as lvalue
|
|
f31cb45a
|
2017-01-25T15:31:12
|
|
khash: avoid using `kh_put` directly
|
|
cb18386f
|
2017-01-25T14:26:58
|
|
khash: avoid using `kh_val`/`kh_value` directly
|
|
a853c527
|
2017-01-25T14:14:32
|
|
khash: avoid using `kh_get` directly
|
|
64e46dc3
|
2017-01-25T14:14:12
|
|
khash: avoid using `kh_end` directly
|
|
9e8d75c7
|
2017-02-08T11:41:10
|
|
path: ensure dirname on Win32 prefix always has a trailing '/'
When calling `git_path_dirname_r` on a Win32 prefix, e.g. a drive
or network share prefix, we always want to return the trailing
'/'. This does not work currently when passing in a path like
'C:', where the '/' would not be appended correctly.
Fix this by appending a '/' if we try to normalize a Win32 prefix
and there is no trailing '/'.
|
|
5d59520c
|
2017-02-07T20:30:11
|
|
path: get correct dirname for Windows root
Getting the dirname of a filesystem root should return the filesystem
root itself. E.g. the dirname of "/" is always "/". On Windows, we
emulate this behavior and as such, we should return e.g. "C:/" if
calling dirname on "C:/". But we currently fail to do so and instead
return ".", as we do not check if we actually have a Windows prefix
before stripping off the last directory component.
Fix this by calling out to `win32_prefix_length` immediately after
stripping trailing slashes, returning early if we have a prefix.
|
|
410855fc
|
2016-12-17T18:18:30
|
|
sysdir: add failing test for variable substitution
When given $PATH as part of a search path, we guess again instead of
substituting what the user already set.
|
|
99479062
|
2016-11-18T16:50:34
|
|
core::init tests: reverse init/shutdown
We want a predictable number of initializations in our multithreaded
init test, but we also want to make sure that we have _actually_
initialized `git_libgit2_init` before calling `git_thread_create` (since
it now has a sanity check that `git_libgit2_init` has been called).
Since `git_thread_create` is internal-only, keep this sanity check.
Flip the invocation so that we `git_libgit2_init` before our thread
tests and `git_libgit2_shutdown` again after.
|
|
5fe5557e
|
2016-11-04T18:18:46
|
|
Merge pull request #3974 from libgit2/pks/synchronize-shutdown
global: synchronize initialization and shutdown with pthreads
|
|
1c33ecc4
|
2016-11-01T14:30:38
|
|
tests: core: test deinitialization and concurrent initialization
Exercise the logic surrounding deinitialization of the libgit2
library as well as repeated concurrent de- and reinitialization.
This tries to catch races and makes sure that it is possible to
reinitialize libgit2 multiple times.
After deinitializing libgit2, we have to make sure to setup
options required for testing. Currently, this only includes
setting up the configuration search path again. Before, this has
been set up once in `tests/main.c`.
|
|
95fa3880
|
2016-10-28T16:07:40
|
|
pqueue: resolve possible NULL pointer dereference
The `git_pqueue` struct allows being fixed in its total number of
entries. In this case, we simply throw away items that are
inserted into the priority queue by examining wether the new item
to be inserted has a higher priority than the previous smallest
one.
This feature somewhat contradicts our pqueue implementation in
that it is allowed to not have a comparison function. In fact, we
also fail to check if the comparison function is actually set in
the case where we add a new item into a fully filled fixed-size
pqueue.
As we cannot determine which item is the smallest item in absence
of a comparison function, we fix the `NULL` pointer dereference
by simply dropping all new items which are about to be inserted
into a full fixed-size pqueue.
|
|
61ad9bcd
|
2016-10-27T11:26:52
|
|
tests: vector: fix memory leak
|
|
36117978
|
2016-10-06T18:30:30
|
|
Fix the existence check for `regcomp_l`.
`xlocale.h` only defines `regcomp_l` if `regex.h` was included as well.
Also change the test cases to actually test `p_regcomp` works with
a multibyte locale.
|
|
45dc219f
|
2016-10-07T16:01:28
|
|
Merge pull request #3921 from libgit2/cmn/walk-limit-enough
Improve revision walk preparation logic
|
|
ab96ca55
|
2016-10-06T13:15:31
|
|
Make sure we use the `C` locale for `regcomp` on macOS.
|
|
0bd43371
|
2016-09-23T12:42:33
|
|
vector, pqueue: add git_vector_reverse and git_pqueue_reverse
This is a convenience function to reverse the contents of a vector and a pqueue
in-place.
The pqueue function is useful in the case where we're treating it as a
LIFO queue.
|
|
aeb5ee5a
|
2016-05-17T15:40:46
|
|
varint: Add varint encoding/decoding
This code is ported from git.git
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Signed-off-by: David Turner <dturner@twopensource.com>
|
|
78b500bf
|
2016-08-04T12:45:19
|
|
Merge pull request #3850 from wildart/custom-tls
Enable https transport for custom TLS streams
|
|
bdec62dc
|
2016-07-06T13:06:25
|
|
remove conditions that prevent use of custom TLS stream
|
|
c18a2bc4
|
2016-07-05T15:51:01
|
|
Merge pull request #3851 from txdv/get-user-agent
Add get user agent functionality.
|
|
f1dba144
|
2016-07-05T09:41:51
|
|
Add get user agent functionality.
|
|
70b9b841
|
2016-06-28T20:19:52
|
|
Fixed bug while parsing INT64_MIN
|
|
53571f2f
|
2015-11-21T15:16:01
|
|
vector: more sensible names for `grow_at`/`shrink_at`
|
|
e564fc65
|
2015-09-25T12:41:15
|
|
git_vector_grow/shrink: correct shrink, and tests
|
|
6278fbc5
|
2015-09-24T09:40:42
|
|
patch parsing: squash some memory leaks
|
|
b8dc2fdb
|
2015-07-09T18:36:53
|
|
zstream: fail when asked to inflate garbage
When we are provided some input buffer (with a length) to inflate,
and it contains more data than simply the deflated data, fail.
zlib will helpfully tell us when it is done reading (via Z_STREAM_END),
so if there is data leftover in the input buffer, fail lest we
continually try to inflate it.
|
|
5b78dbdb
|
2015-07-09T13:04:10
|
|
git_buf: decode base85 inputs
|
|
b88f1713
|
2015-06-17T08:07:34
|
|
zstream: offer inflating, `git_zstream_inflatebuf`
Introduce `git_zstream_inflatebuf` for simple uses.
|
|
04f47a43
|
2016-04-06T10:37:30
|
|
tests: fix core/stream test when built with openssl off
When passing -DUSE_OPENSSL:BOOL=OFF to cmake the testsuite will
fail with the following error:
core::stream::register_tls [/tmp/libgit2/tests/core/stream.c:40]
Function call failed: (error)
error -1 - <no message>
Fix test to assume failure for tls when built without openssl.
While at it also fix GIT_WIN32 cpp to check if it's defined
or not.
|
|
f5c874a4
|
2016-03-29T14:47:31
|
|
Plug a few leaks
|
|
ba6f86eb
|
2016-03-18T17:33:46
|
|
Introduce `git_path_common_dirlen`
|
|
e2e4bae9
|
2016-03-22T00:18:44
|
|
tree: drop the now-unnecessary entries vector
Remove the now-unnecessary entries vector. Add `git_array_search`
to binary search through an array to accomplish this.
|
|
6cc4bac8
|
2016-02-28T11:31:10
|
|
Merge pull request #3577 from rossdylan/rossdylan/pooldebug
Add a new build flag to disable the pool allocator
|
|
7bab2e8f
|
2016-02-22T23:04:40
|
|
git_libgit2_opts: validate key
|
|
35439f59
|
2016-02-11T12:24:21
|
|
win32: introduce p_timeval that isn't stupid
Windows defines `timeval` with `long`, which we cannot
sanely cope with. Instead, use a custom timeval struct.
|
|
ed0571f8
|
2016-01-12T16:08:38
|
|
Add a new build flag to disable the pool allocator and pass all git_pool_malloc calls straight to git__malloc
|
|
87428c55
|
2015-11-20T20:48:51
|
|
Fix some warnings
|
|
7ff7ca62
|
2015-11-12T20:51:01
|
|
pool: Never return unaligned buffers
|
|
75a0ccf5
|
2015-11-12T19:53:09
|
|
Merge pull request #3170 from CmdrMoozy/nsec_fix
git_index_entry__init_from_stat: set nsec fields in entry stats
|
|
2c26c867
|
2015-11-12T19:22:31
|
|
Merge pull request #3499 from ethomson/ref_dir_errmsgs
Improve error messages when dirs prevent ref/reflog creation
|
|
de870533
|
2015-10-02T03:43:11
|
|
settings: add a setter for a custom user-agent
|
|
ec50b23a
|
2015-11-03T17:02:07
|
|
filebuf: detect directories in our way
When creating a filebuf, detect a directory that exists in our
target file location. This prevents a failure later, when we try
to move the lock file to the destination.
|
|
7fafde63
|
2015-10-13T11:25:41
|
|
stream: allow registering a user-provided TLS constructor
This allows the application to use their own TLS stream, regardless of
the capabilities of libgit2 itself.
|
|
66eb7660
|
2015-10-28T10:29:00
|
|
pool: Handle 32 bit systems
|
|
1e5e02b4
|
2015-10-27T17:26:04
|
|
pool: Simplify implementation
|
|
c7b17fb5
|
2015-10-01T18:01:32
|
|
Merge branch 'master' into nsec_fix_next
|
|
5c5df666
|
2015-09-27T23:32:20
|
|
Plug some leaks
|
|
2be78557
|
2015-06-02T12:45:30
|
|
caps: add test for GIT_FEATURES_NSEC
|
|
e24c60db
|
2015-09-17T09:42:05
|
|
mkdir: find component paths for mkdir_relative
`git_futils_mkdir` does not blindly call `git_futils_mkdir_relative`.
`git_futils_mkdir_relative` is used when you have some base directory
and want to create some path inside of it, potentially removing blocking
symlinks and files in the process. This is not suitable for a general
recursive mkdir within the filesystem.
Instead, when `mkdir` is being recursive, locate the first existent
parent directory and use that as the base for `mkdir_relative`.
|
|
0862ec2e
|
2015-09-17T09:58:38
|
|
core::mkdir tests: ensure we don't stomp symlinks in mkdir
In `mkdir` and `mkdir_r`, ensure that we don't try to remove symlinks
that are in our way.
|
|
08df6630
|
2015-09-16T18:07:56
|
|
core::mkdir tests: include absolute mkdirs
|
|
ac2fba0e
|
2015-09-16T15:07:27
|
|
git_futils_mkdir_*: make a relative-to-base mkdir
Untangle git_futils_mkdir from git_futils_mkdir_ext - the latter
assumes that we own everything beneath the base, as if it were
being called with a base of the repository or working directory,
and is tailored towards checkout and ensuring that there is no
bogosity beneath the base that must be cleaned up.
This is (at best) slow and (at worst) unsafe in the larger context
of a filesystem where we do not own things and cannot do things like
unlink symlinks that are in our way.
|
|
2cde210d
|
2015-09-13T13:52:19
|
|
diriter: test we can iterate root
Ensure that we can iterate the filesystem root and that paths come
back well-formed, not with an additional '/'. (eg, when iterating
`c:/`, expect that we do not get some path like `c://autoexec.bat`).
|
|
8e736a73
|
2015-09-08T15:48:44
|
|
futils: ensure we can write a hidden file
|
|
ea3f2c29
|
2015-09-08T14:35:53
|
|
filebuf: ensure we can lock a hidden file
|
|
d83b2e9f
|
2015-09-05T03:54:06
|
|
filebuf: follow symlinks when creating a lock file
We create a lockfile to update files under GIT_DIR. Sometimes these
files are actually located elsewhere and a symlink takes their place. In
that case we should lock and update the file at its final location
rather than overwrite the symlink.
|
|
ef4857c2
|
2015-08-03T16:50:27
|
|
errors: tighten up git_error_state OOMs a bit more
When an error state is an OOM, make sure that we treat is specially
and do not try to free it.
|
|
988ea594
|
2015-07-27T10:13:49
|
|
Test: check restored oom error points to static buffer
|
|
5ef4b860
|
2015-07-23T13:16:19
|
|
Add failing test for capture/restore oom error
|
|
19d9beb7
|
2015-07-24T19:22:41
|
|
filebuf: remove lockfile upon rename errors
When we have an error renaming the lockfile, we need to make sure
that we remove it upon cleanup. For this, we need to keep track of
whether we opened the file and whether the rename succeeded.
If we did create the lockfile but the rename did not succeed, we
remove the lockfile. This won't protect against all errors, but
the most common ones (target file is open) does get handled.
|
|
668053be
|
2015-07-24T18:44:29
|
|
filebuf: failing test for leaving the lockfile when failing to rename
When we fail to rename, we currently leave the lockfile laying
around. This shows that behaviour.
|
|
e069c621
|
2015-07-02T09:25:48
|
|
git__getenv: utf-8 aware env reader
Introduce `git__getenv` which is a UTF-8 aware `getenv` everywhere.
Make `cl_getenv` use this to keep consistent memory handling around
return values (free everywhere, as opposed to only some platforms).
|
|
a6599235
|
2015-06-24T19:32:56
|
|
buffer: make use of EINVALID for growing a borrowed buffer
This explains more closely what happens. While here, set an error
message.
|
|
caab22c0
|
2015-06-23T15:41:58
|
|
buffer: don't allow growing borrowed buffers
When we don't own a buffer (asize=0) we currently allow the usage of
grow to copy the memory into a buffer we do own. This muddles the
meaning of grow, and lets us be a bit cavalier with ownership semantics.
Don't allow this any more. Usage of grow should be restricted to buffers
which we know own their own memory. If unsure, we must not attempt to
modify it.
|
|
8293c8f9
|
2015-06-08T13:51:28
|
|
git_buf_text_lf_to_crlf: allow mixed line endings
Allow files to have mixed line endings instead of skipping processing
on them.
|
|
a56db992
|
2015-06-17T08:15:49
|
|
Merge pull request #3219 from libgit2/cmn/racy-diff
Zero out racily-clean entries' file_size
|
|
121c3171
|
2015-06-16T15:18:04
|
|
Introduce p_utimes and p_futimes
Provide functionality to set the time on a filesystem entry,
using utimes or futimes on POSIX type systems or SetFileTime
on Win32.
|
|
0f4d9c03
|
2015-06-15T09:52:40
|
|
Fixed Xcode 6.1 build warnings
|