delta/libgit2.git/tests/core/buffer.c, branch ethomson/assert_macros github.com: libgit2/libgit2.git buffer: fix printing into out-of-memory buffer 2019-09-21T13:20:28+00:00 Patrick Steinhardt ps@pks.im 2019-09-19T10:24:06+00:00 174b7a32d2ab480e4f3547758cf6c5ed30bbf5f4 Before printing into a `git_buf` structure, we always call `ENSURE_SIZE` first. This macro will reallocate the buffer as-needed depending on whether the current amount of allocated bytes is sufficient or not. If `asize` is big enough, then it will just do nothing, otherwise it will call out to `git_buf_try_grow`. But in fact, it is insufficient to only check `asize`. When we fail to allocate any more bytes e.g. via `git_buf_try_grow`, then we set the buffer's pointer to `git_buf__oom`. Note that we touch neither `asize` nor `size`. So if we just check `asize > targetsize`, then we will happily let the caller of `ENSURE_SIZE` proceed with an out-of-memory buffer. As a result, we will print all bytes into the out-of-memory buffer instead, resulting in an out-of-bounds write. Fix the issue by having `ENSURE_SIZE` verify that the buffer is not marked as OOM. Add a test to verify that we're not writing into the OOM buffer. 
Before printing into a `git_buf` structure, we always call `ENSURE_SIZE`
first. This macro will reallocate the buffer as-needed depending on
whether the current amount of allocated bytes is sufficient or not. If
`asize` is big enough, then it will just do nothing, otherwise it will
call out to `git_buf_try_grow`. But in fact, it is insufficient to only
check `asize`.

When we fail to allocate any more bytes e.g. via `git_buf_try_grow`,
then we set the buffer's pointer to `git_buf__oom`. Note that we touch
neither `asize` nor `size`. So if we just check `asize > targetsize`,
then we will happily let the caller of `ENSURE_SIZE` proceed with an
out-of-memory buffer. As a result, we will print all bytes into the
out-of-memory buffer instead, resulting in an out-of-bounds write.

Fix the issue by having `ENSURE_SIZE` verify that the buffer is not
marked as OOM. Add a test to verify that we're not writing into the OOM
buffer.
buffer: fix infinite loop when growing buffers 2019-09-21T13:20:28+00:00 Patrick Steinhardt ps@pks.im 2019-09-19T10:46:37+00:00 208f1d7a4d9603ec6781ed18c10b240c7c5d2e33 When growing buffers, we repeatedly multiply the currently allocated number of bytes by 1.5 until it exceeds the requested number of bytes. This has two major problems: 1. If the current number of bytes is tiny and one wishes to resize to a comparatively huge number of bytes, then we may need to loop thousands of times. 2. If resizing to a value close to `SIZE_MAX` (which would fail anyway), then we probably hit an infinite loop as multiplying the current amount of bytes will repeatedly result in integer overflows. When reallocating buffers, one typically chooses values close to 1.5 to enable re-use of resulting memory holes in later reallocations. But because of this, it really only makes sense to use a factor of 1.5 _once_, but not looping until we finally are able to fit it. Thus, we can completely avoid the loop and just opt for the much simpler algorithm of multiplying with 1.5 once and, if the result doesn't fit, just use the target size. This avoids both problems of looping extensively and hitting overflows. This commit also adds a test that would've previously resulted in an infinite loop. 
When growing buffers, we repeatedly multiply the currently allocated
number of bytes by 1.5 until it exceeds the requested number of bytes.
This has two major problems:

    1. If the current number of bytes is tiny and one wishes to resize
       to a comparatively huge number of bytes, then we may need to loop
       thousands of times.

    2. If resizing to a value close to `SIZE_MAX` (which would fail
       anyway), then we probably hit an infinite loop as multiplying the
       current amount of bytes will repeatedly result in integer
       overflows.

When reallocating buffers, one typically chooses values close to 1.5 to
enable re-use of resulting memory holes in later reallocations. But
because of this, it really only makes sense to use a factor of 1.5
_once_, but not looping until we finally are able to fit it. Thus, we
can completely avoid the loop and just opt for the much simpler
algorithm of multiplying with 1.5 once and, if the result doesn't fit,
just use the target size. This avoids both problems of looping
extensively and hitting overflows.

This commit also adds a test that would've previously resulted in an
infinite loop.
fileops: rename to "futils.h" to match function signatures 2019-07-20T17:11:20+00:00 Patrick Steinhardt ps@pks.im 2019-06-29T07:17:32+00:00 e54343a4024e75dfaa940e652c2c9799d33634b2 Our file utils functions all have a "futils" prefix, e.g. `git_futils_touch`. One would thus naturally guess that their definitions and implementation would live in files "futils.h" and "futils.c", respectively, but in fact they live in "fileops.h". Rename the files to match expectations. 
Our file utils functions all have a "futils" prefix, e.g.
`git_futils_touch`. One would thus naturally guess that their
definitions and implementation would live in files "futils.h" and
"futils.c", respectively, but in fact they live in "fileops.h".

Rename the files to match expectations.
Convert usage of `git_buf_free` to new `git_buf_dispose` 2018-06-10T17:34:37+00:00 Patrick Steinhardt ps@pks.im 2018-02-08T11:14:48+00:00 ecf4f33a4e327a91496f72816f9f02d923e5af05 






patch parsing: squash some memory leaks
2016-05-26T18:01:07+00:00

Edward Thomson
ethomson@edwardthomson.com

2015-09-24T13:40:42+00:00

6278fbc5dd5467e3f66f31dc9c4bb4a1a3519ba5












git_buf: decode base85 inputs
2016-05-26T18:01:04+00:00

Edward Thomson
ethomson@edwardthomson.com

2015-07-09T18:04:10+00:00

5b78dbdbf30d863760936ee6755dfd3db951c1e3












git_futils_mkdir_*: make a relative-to-base mkdir
2015-09-17T14:00:35+00:00

Edward Thomson
ethomson@microsoft.com

2015-09-16T19:07:27+00:00

ac2fba0ecd68e8eae348dec688cbcd0828432cdf

Untangle git_futils_mkdir from git_futils_mkdir_ext - the latter
assumes that we own everything beneath the base, as if it were
being called with a base of the repository or working directory,
and is tailored towards checkout and ensuring that there is no
bogosity beneath the base that must be cleaned up.

This is (at best) slow and (at worst) unsafe in the larger context
of a filesystem where we do not own things and cannot do things like
unlink symlinks that are in our way.





Untangle git_futils_mkdir from git_futils_mkdir_ext - the latter
assumes that we own everything beneath the base, as if it were
being called with a base of the repository or working directory,
and is tailored towards checkout and ensuring that there is no
bogosity beneath the base that must be cleaned up.

This is (at best) slow and (at worst) unsafe in the larger context
of a filesystem where we do not own things and cannot do things like
unlink symlinks that are in our way.







buffer: make use of EINVALID for growing a borrowed buffer
2015-06-24T21:49:10+00:00

Carlos Martín Nieto
cmn@dwim.me

2015-06-24T17:32:56+00:00

a65992355dac71490f4b22b3f2c0d55a1beca01b

This explains more closely what happens. While here, set an error
message.





This explains more closely what happens. While here, set an error
message.







buffer: don't allow growing borrowed buffers
2015-06-24T21:49:10+00:00

Carlos Martín Nieto
cmn@dwim.me

2015-06-23T13:41:58+00:00

caab22c0d468e90b6a95072f3092d5dcf331b3ef

When we don't own a buffer (asize=0) we currently allow the usage of
grow to copy the memory into a buffer we do own. This muddles the
meaning of grow, and lets us be a bit cavalier with ownership semantics.

Don't allow this any more. Usage of grow should be restricted to buffers
which we know own their own memory. If unsure, we must not attempt to
modify it.





When we don't own a buffer (asize=0) we currently allow the usage of
grow to copy the memory into a buffer we do own. This muddles the
meaning of grow, and lets us be a bit cavalier with ownership semantics.

Don't allow this any more. Usage of grow should be restricted to buffers
which we know own their own memory. If unsure, we must not attempt to
modify it.







git_buf_text_lf_to_crlf: allow mixed line endings
2015-06-22T16:00:23+00:00

Edward Thomson
ethomson@microsoft.com

2015-06-08T17:51:28+00:00

8293c8f9a3ea18131af98b71fa9100dcba0ad438

Allow files to have mixed line endings instead of skipping processing
on them.





Allow files to have mixed line endings instead of skipping processing
on them.