From 5914f2d057c259668695bccab8e9bec3a4bead53 Mon Sep 17 00:00:00 2001 From: Jeff King Date: Thu, 8 Dec 2011 03:43:19 -0500 Subject: fetch: create status table using strbuf When we fetch from a remote, we print a status table like: From url * [new branch] foo -> origin/foo We create this table in a static buffer using sprintf. If the remote refnames are long, they can overflow this buffer and smash the stack. Instead, let's use a strbuf to build the string. Signed-off-by: Jeff King Signed-off-by: Junio C Hamano --- builtin/fetch.c | 87 ++++++++++++++++++++++++++++++++------------------------- 1 file changed, 49 insertions(+), 38 deletions(-) diff --git a/builtin/fetch.c b/builtin/fetch.c index 93c99385a9..4f4af2a699 100644 --- a/builtin/fetch.c +++ b/builtin/fetch.c @@ -239,23 +239,23 @@ static int s_update_ref(const char *action, static int update_local_ref(struct ref *ref, const char *remote, - char *display) + struct strbuf *display) { struct commit *current = NULL, *updated; enum object_type type; struct branch *current_branch = branch_get(NULL); const char *pretty_ref = prettify_refname(ref->name); - *display = 0; type = sha1_object_info(ref->new_sha1, NULL); if (type < 0) die(_("object %s not found"), sha1_to_hex(ref->new_sha1)); if (!hashcmp(ref->old_sha1, ref->new_sha1)) { if (verbosity > 0) - sprintf(display, "= %-*s %-*s -> %s", TRANSPORT_SUMMARY_WIDTH, - _("[up to date]"), REFCOL_WIDTH, remote, - pretty_ref); + strbuf_addf(display, "= %-*s %-*s -> %s", + TRANSPORT_SUMMARY_WIDTH, + _("[up to date]"), REFCOL_WIDTH, + remote, pretty_ref); return 0; } @@ -267,9 +267,10 @@ static int update_local_ref(struct ref *ref, * If this is the head, and it's not okay to update * the head, and the old value of the head isn't empty... */ - sprintf(display, _("! %-*s %-*s -> %s (can't fetch in current branch)"), - TRANSPORT_SUMMARY_WIDTH, _("[rejected]"), REFCOL_WIDTH, remote, - pretty_ref); + strbuf_addf(display, + _("! %-*s %-*s -> %s (can't fetch in current branch)"), + TRANSPORT_SUMMARY_WIDTH, _("[rejected]"), + REFCOL_WIDTH, remote, pretty_ref); return 1; } @@ -277,9 +278,11 @@ static int update_local_ref(struct ref *ref, !prefixcmp(ref->name, "refs/tags/")) { int r; r = s_update_ref("updating tag", ref, 0); - sprintf(display, "%c %-*s %-*s -> %s%s", r ? '!' : '-', - TRANSPORT_SUMMARY_WIDTH, _("[tag update]"), REFCOL_WIDTH, remote, - pretty_ref, r ? _(" (unable to update local ref)") : ""); + strbuf_addf(display, "%c %-*s %-*s -> %s%s", + r ? '!' : '-', + TRANSPORT_SUMMARY_WIDTH, _("[tag update]"), + REFCOL_WIDTH, remote, pretty_ref, + r ? _(" (unable to update local ref)") : ""); return r; } @@ -302,9 +305,11 @@ static int update_local_ref(struct ref *ref, } r = s_update_ref(msg, ref, 0); - sprintf(display, "%c %-*s %-*s -> %s%s", r ? '!' : '*', - TRANSPORT_SUMMARY_WIDTH, what, REFCOL_WIDTH, remote, pretty_ref, - r ? _(" (unable to update local ref)") : ""); + strbuf_addf(display, "%c %-*s %-*s -> %s%s", + r ? '!' : '*', + TRANSPORT_SUMMARY_WIDTH, what, + REFCOL_WIDTH, remote, pretty_ref, + r ? _(" (unable to update local ref)") : ""); return r; } @@ -318,9 +323,11 @@ static int update_local_ref(struct ref *ref, (recurse_submodules != RECURSE_SUBMODULES_ON)) check_for_new_submodule_commits(ref->new_sha1); r = s_update_ref("fast-forward", ref, 1); - sprintf(display, "%c %-*s %-*s -> %s%s", r ? '!' : ' ', - TRANSPORT_SUMMARY_WIDTH, quickref, REFCOL_WIDTH, remote, - pretty_ref, r ? _(" (unable to update local ref)") : ""); + strbuf_addf(display, "%c %-*s %-*s -> %s%s", + r ? '!' : ' ', + TRANSPORT_SUMMARY_WIDTH, quickref, + REFCOL_WIDTH, remote, pretty_ref, + r ? _(" (unable to update local ref)") : ""); return r; } else if (force || ref->force) { char quickref[84]; @@ -332,15 +339,17 @@ static int update_local_ref(struct ref *ref, (recurse_submodules != RECURSE_SUBMODULES_ON)) check_for_new_submodule_commits(ref->new_sha1); r = s_update_ref("forced-update", ref, 1); - sprintf(display, "%c %-*s %-*s -> %s (%s)", r ? '!' : '+', - TRANSPORT_SUMMARY_WIDTH, quickref, REFCOL_WIDTH, remote, - pretty_ref, - r ? _("unable to update local ref") : _("forced update")); + strbuf_addf(display, "%c %-*s %-*s -> %s (%s)", + r ? '!' : '+', + TRANSPORT_SUMMARY_WIDTH, quickref, + REFCOL_WIDTH, remote, pretty_ref, + r ? _("unable to update local ref") : _("forced update")); return r; } else { - sprintf(display, "! %-*s %-*s -> %s %s", - TRANSPORT_SUMMARY_WIDTH, _("[rejected]"), REFCOL_WIDTH, remote, - pretty_ref, _("(non-fast-forward)")); + strbuf_addf(display, "! %-*s %-*s -> %s %s", + TRANSPORT_SUMMARY_WIDTH, _("[rejected]"), + REFCOL_WIDTH, remote, pretty_ref, + _("(non-fast-forward)")); return 1; } } @@ -350,8 +359,8 @@ static int store_updated_refs(const char *raw_url, const char *remote_name, { FILE *fp; struct commit *commit; - int url_len, i, note_len, shown_url = 0, rc = 0; - char note[1024]; + int url_len, i, shown_url = 0, rc = 0; + struct strbuf note = STRBUF_INIT; const char *what, *kind; struct ref *rm; char *url, *filename = dry_run ? "/dev/null" : git_path("FETCH_HEAD"); @@ -407,19 +416,17 @@ static int store_updated_refs(const char *raw_url, const char *remote_name, if (4 < i && !strncmp(".git", url + i - 3, 4)) url_len = i - 3; - note_len = 0; + strbuf_reset(¬e); if (*what) { if (*kind) - note_len += sprintf(note + note_len, "%s ", - kind); - note_len += sprintf(note + note_len, "'%s' of ", what); + strbuf_addf(¬e, "%s ", kind); + strbuf_addf(¬e, "'%s' of ", what); } - note[note_len] = '\0'; fprintf(fp, "%s\t%s\t%s", sha1_to_hex(commit ? commit->object.sha1 : rm->old_sha1), rm->merge ? "" : "not-for-merge", - note); + note.buf); for (i = 0; i < url_len; ++i) if ('\n' == url[i]) fputs("\\n", fp); @@ -427,21 +434,24 @@ static int store_updated_refs(const char *raw_url, const char *remote_name, fputc(url[i], fp); fputc('\n', fp); + strbuf_reset(¬e); if (ref) { - rc |= update_local_ref(ref, what, note); + rc |= update_local_ref(ref, what, ¬e); free(ref); } else - sprintf(note, "* %-*s %-*s -> FETCH_HEAD", - TRANSPORT_SUMMARY_WIDTH, *kind ? kind : "branch", - REFCOL_WIDTH, *what ? what : "HEAD"); - if (*note) { + strbuf_addf(¬e, "* %-*s %-*s -> FETCH_HEAD", + TRANSPORT_SUMMARY_WIDTH, + *kind ? kind : "branch", + REFCOL_WIDTH, + *what ? what : "HEAD"); + if (note.len) { if (verbosity >= 0 && !shown_url) { fprintf(stderr, _("From %.*s\n"), url_len, url); shown_url = 1; } if (verbosity >= 0) - fprintf(stderr, " %s\n", note); + fprintf(stderr, " %s\n", note.buf); } } free(url); @@ -450,6 +460,7 @@ static int store_updated_refs(const char *raw_url, const char *remote_name, error(_("some local refs could not be updated; try running\n" " 'git remote prune %s' to remove any old, conflicting " "branches"), remote_name); + strbuf_release(¬e); return rc; } -- cgit v1.2.1 From c3ea051544cb1d98a5ae7f64d077084a9a5db5c1 Mon Sep 17 00:00:00 2001 From: Jeff King Date: Thu, 8 Dec 2011 05:25:54 -0500 Subject: blame: don't overflow time buffer When showing the raw timestamp, we format the numeric seconds-since-epoch into a buffer, followed by the timezone string. This string has come straight from the commit object. A well-formed object should have a timezone string of only a few bytes, but we could be operating on data pushed by a malicious user. Signed-off-by: Jeff King Signed-off-by: Junio C Hamano --- builtin/blame.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/builtin/blame.c b/builtin/blame.c index 26a5d424b8..3e1f7e1e45 100644 --- a/builtin/blame.c +++ b/builtin/blame.c @@ -1598,7 +1598,7 @@ static const char *format_time(unsigned long time, const char *tz_str, int tz; if (show_raw_time) { - sprintf(time_buf, "%lu %s", time, tz_str); + snprintf(time_buf, sizeof(time_buf), "%lu %s", time, tz_str); } else { tz = atoi(tz_str); -- cgit v1.2.1 From 15b7898c5e9fc6fed9a6064213cfcd08cf7d7314 Mon Sep 17 00:00:00 2001 From: Junio C Hamano Date: Tue, 13 Dec 2011 21:30:40 -0800 Subject: Git 1.7.6.5 Signed-off-by: Junio C Hamano --- Documentation/RelNotes/1.7.6.5.txt | 26 ++++++++++++++++++++++++++ Documentation/git.txt | 3 ++- GIT-VERSION-GEN | 2 +- RelNotes | 2 +- 4 files changed, 30 insertions(+), 3 deletions(-) create mode 100644 Documentation/RelNotes/1.7.6.5.txt diff --git a/Documentation/RelNotes/1.7.6.5.txt b/Documentation/RelNotes/1.7.6.5.txt new file mode 100644 index 0000000000..6713132a9e --- /dev/null +++ b/Documentation/RelNotes/1.7.6.5.txt @@ -0,0 +1,26 @@ +Git v1.7.6.5 Release Notes +========================== + +Fixes since v1.7.6.4 +-------------------- + + * The date parser did not accept timezone designators that lack minutes + part and also has a colon between "hh:mm". + + * After fetching from a remote that has very long refname, the reporting + output could have corrupted by overrunning a static buffer. + + * "git mergetool" did not use its arguments as pathspec, but as a path to + the file that may not even have any conflict. + + * "git name-rev --all" tried to name all _objects_, naturally failing to + describe many blobs and trees, instead of showing only commits as + advertised in its documentation. + + * "git remote rename $a $b" were not careful to match the remote name + against $a (i.e. source side of the remote nickname). + + * "gitweb" used to produce a non-working link while showing the contents + of a blob, when JavaScript actions are enabled. + +Also contains minor fixes and documentation updates. diff --git a/Documentation/git.txt b/Documentation/git.txt index d1481354a8..bcedfc1a54 100644 --- a/Documentation/git.txt +++ b/Documentation/git.txt @@ -44,9 +44,10 @@ unreleased) version of git, that is available from 'master' branch of the `git.git` repository. Documentation for older releases are available here: -* link:v1.7.6.4/git.html[documentation for release 1.7.6.4] +* link:v1.7.6.5/git.html[documentation for release 1.7.6.5] * release notes for + link:RelNotes/1.7.6.5.txt[1.7.6.5], link:RelNotes/1.7.6.4.txt[1.7.6.4], link:RelNotes/1.7.6.3.txt[1.7.6.3], link:RelNotes/1.7.6.2.txt[1.7.6.2], diff --git a/GIT-VERSION-GEN b/GIT-VERSION-GEN index b42c77c392..0595495446 100755 --- a/GIT-VERSION-GEN +++ b/GIT-VERSION-GEN @@ -1,7 +1,7 @@ #!/bin/sh GVF=GIT-VERSION-FILE -DEF_VER=v1.7.6.4 +DEF_VER=v1.7.6.5 LF=' ' diff --git a/RelNotes b/RelNotes index 2b3ea813c8..08cae90a05 120000 --- a/RelNotes +++ b/RelNotes @@ -1 +1 @@ -Documentation/RelNotes/1.7.6.4.txt \ No newline at end of file +Documentation/RelNotes/1.7.6.5.txt \ No newline at end of file -- cgit v1.2.1