summaryrefslogtreecommitdiff
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* revwalk: formatting updatescmn/revwalk-iterationEdward Thomson2018-06-181-17/+17
|
* revwalk: remove one useless layer of functionsCarlos Martín Nieto2018-04-111-32/+17
| | | | | | We don't currently need to have anything that's different between `get_revision` and `get_one_revision` so let's just remove the inner function and make the code more straightforward.
* revwalk: avoid walking the entire history when output is unsortedCarlos Martín Nieto2018-04-012-10/+59
| | | | | | | | | | | | | | | | | | | As part of reducing our divergence from git, its code for revwalk was ported into our codebase. A detail about when to limit the list was lost and we ended up always calling that code. Limiting the list means performing the walk and creating the final list of commits to be output during the preparation stage. This is unavoidable when sorting and when there are negative refs. We did this even when asked for unsorted output with no negative refs, which you might do to retrieve something like the "last 10 commits on HEAD" for a nominally unsorted meaning of "last". This commit adds and sets a flag indicating when we do need to limit the list, letting us avoid doing so when we can. The previously mentioned query thus no longer loads the entire history of the project during the prepare stage, but loads it iteratively during the walk.
* Merge pull request #4378 from cjhoward92/fix/submodule-add-check-indexPatrick Steinhardt2018-03-301-0/+54
|\ | | | | submodule: check index for path and prefix before adding submodule
| * submodule: add more robust error handling when a submodule path is found on addCarson Howard2018-03-281-11/+14
| |
| * submodule: add better error handling to is_path_occupiedCarson Howard2018-03-271-1/+4
| |
| * submodule: change can_add_submodule to is_path_occupiedCarson Howard2018-03-271-6/+11
| |
| * submodule: update index check to check path before directory and fix testsCarson Howard2018-03-271-19/+24
| |
| * submodule: fix styling errorsCarson Howard2018-03-271-29/+36
| |
| * submodule: check index for prefix before adding submoduleCarson Howard2018-03-271-0/+31
| | | | | | | | | | | | | | submodule: check path and prefix before adding submodule submodule: fix test errors
* | odb: mempack: fix leaking objects when freeing mempacksPatrick Steinhardt2018-03-291-0/+1
|/ | | | | | | | When a ODB mempack gets free'd, we take no measures at all to free its contents, most notably the objects added to the database, resulting in a memory leak. Call `git_mempack_reset` previous to freeing the ODB structures themselves, which takes care of releasing all associated data structures.
* checkout: change default strategy to SAFEEtienne Samson2018-03-262-6/+0
| | | As per #4200, our default is quite surprising to users that expect checkout to just "do the thing".
* odb: fix writing to fake write streamsPatrick Steinhardt2018-03-231-1/+1
| | | | | | | | | | | | | | | | | | In commit 7ec7aa4a7 (odb: assert on logic errors when writing objects, 2018-02-01), the check for whether we are trying to overflowing the fake stream buffer was changed from returning an error to raising an assert. The conversion forgot though that the logic around `assert`s are basically inverted. Previously, if the statement stream->written + len > steram->size evaluated to true, we would return a `-1`. Now we are asserting that this statement is true, and in case it is not we will raise an error. So the conversion to the `assert` in fact changed the behaviour to the complete opposite intention. Fix the assert by inverting its condition again and add a regression test.
* gitno_extract_url_parts: decode hostnamesEdward Thomson2018-03-191-1/+1
| | | | | RFC 3986 says that hostnames can be percent encoded. Percent decode hostnames in our URLs.
* Remove now unnecessary `gitno_unescape`Edward Thomson2018-03-192-20/+0
|
* gitno_extract_url_parts: use `git_buf`sEdward Thomson2018-03-191-42/+73
| | | | | Now that we can decode percent-encoded strings as part of `git_buf`s, use that decoder in `gitno_extract_url_parts`.
* ssh urls: use `git_buf_decode_percent`Edward Thomson2018-03-191-8/+6
| | | | | Use `git_buf_decode_percent` so that we can avoid allocating a temporary buffer.
* Introduce `git_buf_decode_percent`Edward Thomson2018-03-192-1/+34
| | | | | Introduce a function to take a percent-encoded string (URI encoded, described by RFC 1738) and decode it into a `git_buf`.
* Unescape repo before constructing ssh requestSteven King Jr2018-03-191-1/+5
|
* Rename unescape and make non-staticSteven King Jr2018-03-192-3/+5
|
* index: error out on unreasonable prefix-compressed path lengthsPatrick Steinhardt2018-03-101-0/+4
| | | | | | | | | | | | | | When computing the complete path length from the encoded prefix-compressed path, we end up just allocating the complete path without ever checking what the encoded path length actually is. This can easily lead to a denial of service by just encoding an unreasonable long path name inside of the index. Git already enforces a maximum path length of 4096 bytes. As we also have that enforcement ready in some places, just make sure that the resulting path is smaller than GIT_PATH_MAX. Reported-by: Krishna Ram Prakash R <krp@gtux.in> Reported-by: Vivek Parikh <viv0411.parikh@gmail.com>
* index: fix out-of-bounds read with invalid index entry prefix lengthPatrick Steinhardt2018-03-101-9/+10
| | | | | | | | | | | | | | | | | The index format in version 4 has prefix-compressed entries, where every index entry can compress its path by using a path prefix of the previous entry. Since implmenting support for this index format version in commit 5625d86b9 (index: support index v4, 2016-05-17), though, we do not correctly verify that the prefix length that we want to reuse is actually smaller or equal to the amount of characters than the length of the previous index entry's path. This can lead to a an integer underflow and subsequently to an out-of-bounds read. Fix this by verifying that the prefix is actually smaller than the previous entry's path length. Reported-by: Krishna Ram Prakash R <krp@gtux.in> Reported-by: Vivek Parikh <viv0411.parikh@gmail.com>
* index: convert `read_entry` to return entry size via an out-paramPatrick Steinhardt2018-03-101-9/+13
| | | | | | | | | | | | | | | | | | | The function `read_entry` does not conform to our usual coding style of returning stuff via the out parameter and to use the return value for reporting errors. Due to most of our code conforming to that pattern, it has become quite natural for us to actually return `-1` in case there is any error, which has also slipped in with commit 5625d86b9 (index: support index v4, 2016-05-17). As the function returns an `size_t` only, though, the return value is wrapped around, causing the caller of `read_tree` to continue with an invalid index entry. Ultimately, this can lead to a double-free. Improve code and fix the bug by converting the function to return the index entry size via an out parameter and only using the return value to indicate errors. Reported-by: Krishna Ram Prakash R <krp@gtux.in> Reported-by: Vivek Parikh <viv0411.parikh@gmail.com>
* worktree: rename parameter creason to reasonJacques Germishuys2018-03-031-3/+3
|
* worktree: lock reason should be constJacques Germishuys2018-03-021-1/+1
|
* Merge pull request #4552 from libgit2/cmn/config-header-commonPatrick Steinhardt2018-02-281-8/+10
|\ | | | | Cast less blindly between configuration objects
| * config: return an error if config_refresh is called on a snapshotcmn/config-header-commonCarlos Martín Nieto2018-02-281-1/+1
| | | | | | | | | | | | Instead of treating it as a no-op, treat it as a programming error and return the same kind of error as if you called to set or delete variables on a snapshot.
| * config: harden our use of the backend objects a bitCarlos Martín Nieto2018-02-281-2/+5
| | | | | | | | | | | | | | | | | | | | When we create an iterator we don't actually know that we have a live config object and we must instead only rely on the header. We fixed it to use this in a previous commit, but this makes it harder to misuse by converting to use the header object in the typecast. We also guard inside the `config_refresh` function against being given a snapshot (although callers right now do check).
| * config: move the level field into the headerCarlos Martín Nieto2018-02-281-5/+4
| | | | | | | | | | We use it in a few places where we might have a full object or a snapshot so move it to where we can actually access it.
| * config: move the repository to the diskfile headerCarlos Martín Nieto2018-02-281-4/+4
| | | | | | | | | | | | | | | | We pass this around and when creating a new iterator we need to read the repository pointer. Put it in a common place so we can reach it regardless of whether we got a full object or a snapshot.
* | Merge pull request #4554 from pks-t/pks/curl-initEdward Thomson2018-02-283-2/+23
|\ \ | | | | | | curl: initialize and cleanup global curl state
| * | curl: explicitly initialize and cleanup global curl statePatrick Steinhardt2018-02-283-2/+23
| |/ | | | | | | | | | | | | | | | | | | | | | | | | Our curl-based streams make use of the easy curl interface. This interface automatically initializes and de-initializes the global curl state by calling out to `curl_global_init` and `curl_global_cleanup`. Thus, all global state will be repeatedly re-initialized when creating multiple curl streams in succession. Despite being inefficient, this is not thread-safe due to `curl_global_init` being not thread-safe itself. Thus a multi-threaded programing handling multiple curl streams at the same time is inherently racy. Fix the issue by globally initializing and cleaning up curl's state.
* | win32: strncmp -> git__strncmpethomson/strncmp_stdcallEdward Thomson2018-02-281-1/+1
|/ | | | | | | | The win32 C library is compiled cdecl, however when configured with `STDCALL=ON`, our functions (and function pointers) will use the stdcall calling convention. You cannot set a `__stdcall` function pointer to a `__cdecl` function, so it's easier to just use our `git__strncmp` instead of sorting that mess out.
* Merge pull request #4545 from libgit2/ethomson/checkout_filemodev0.27.0-rc2Edward Thomson2018-02-271-13/+21
|\ | | | | Respect core.filemode in checkout
| * checkout: respect core.filemode when comparing filemodesethomson/checkout_filemodeEdward Thomson2018-02-231-13/+21
| | | | | | | | Fixes #4504
* | winhttp: enable TLS 1.2 on Windows 7 and earlierethomson/winhttpEdward Thomson2018-02-271-0/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | Versions of Windows prior to Windows 8 do not enable TLS 1.2 by default, though support may exist. Try to enable TLS 1.2 support explicitly on connections. This request may fail if the operating system does not have TLS 1.2 support - the initial release of Vista lacks TLS 1.2 support (though it is available as a software update) and XP completely lacks TLS 1.2 support. If this request does fail, the HTTP context is still valid, and still maintains the original protocol support. So we ignore the failure from this operation.
* | winhttp: include constants for TLS 1.1/1.2 supportEdward Thomson2018-02-271-5/+8
| | | | | | | | | | For platforms that do not define `WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_1` and/or `WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_2`.
* | mingw: update TLS option flagsEdward Thomson2018-02-271-0/+5
|/ | | | | | | | Include the constants for `WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_1` and `WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_2` so that they can be used by mingw. This updates both the `deps/winhttp` framework (for classic mingw) and adds the defines for mingw64, which does not use that framework.
* Merge pull request #4535 from ↵Patrick Steinhardt2018-02-201-10/+16
|\ | | | | | | | | libgit2/ethomson/checkout_typechange_with_index_and_wd checkout: when examining index (instead of workdir), also examine mode
| * checkout: take mode into account when comparing index to baselineEdward Thomson2018-02-191-10/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When checking out a file, we determine whether the baseline (what we expect to be in the working directory) actually matches the contents of the working directory. This is safe behavior to prevent us from overwriting changes in the working directory. We look at the index to optimize this test: if we know that the index matches the working directory, then we can simply look at the index data compared to the baseline. We have historically compared the baseline to the index entry by oid. However, we must also compare the mode of the two items to ensure that they are identical. Otherwise, we will refuse to update the working directory for a mode change.
* | diff_tform: fix rename detection with rewrite/delete pairPatrick Steinhardt2018-02-201-1/+3
|/ | | | | | | | | | | | | | | | | | | | | A rewritten file can either be classified as a modification of its contents or of a delete of the complete file followed by an addition of the new content. This distinction becomes important when we want to detect renames for rewrites. Given a scenario where a file "a" has been deleted and another file "b" has been renamed to "a", this should be detected as a deletion of "a" followed by a rename of "a" -> "b". Thus, splitting of the original rewrite into a delete/add pair is important here. This splitting is represented by a flag we can set at the current delta. While the flag is already being set in case we want to break rewrites, we do not do so in case where the `GIT_DIFF_FIND_RENAMES_FROM_REWRITES` flag is set. This can trigger an assert when we try to match the source and target deltas. Fix the issue by setting the `GIT_DIFF_FLAG__TO_SPLIT` flag at the delta when it is a rename target and `GIT_DIFF_FIND_RENAMES_FROM_REWRITES` is set.
* Merge pull request #4529 from libgit2/ethomson/index_add_requires_filesEdward Thomson2018-02-181-5/+9
|\ | | | | git_index_add_frombuffer: only accept files/links
| * git_index_add_frombuffer: only accept files/linksethomson/index_add_requires_filesEdward Thomson2018-02-181-5/+9
| | | | | | | | | | | | | | Ensure that the buffer given to `git_index_add_frombuffer` represents a regular blob, an executable blob, or a link. Explicitly reject commit entries (submodules) - it makes little sense to allow users to add a submodule from a string; there's no possible path to success.
* | util: clean up header includesPatrick Steinhardt2018-02-162-6/+7
| | | | | | | | | | | | | | | | | | | | | | While "util.h" declares the macro `git__tolower`, which simply resorts to tolower(3P) on Unix-like systems, the <ctype.h> header is only being included in "util.c". Thus, anybody who has included "util.h" without having <ctype.h> included will fail to compile as soon as the macro is in use. Furthermore, we can clean up additional includes in "util.c" and simply replace them with an include for "common.h".
* | Explicitly mark fallthrough cases with commentsPatrick Steinhardt2018-02-164-6/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | A lot of compilers nowadays generate warnings when there are cases in a switch statement which implicitly fall through to the next case. To avoid this warning, the last line in the case that is falling through can have a comment matching a regular expression, where one possible comment body would be `/* fall through */`. An alternative to the comment would be an explicit attribute like e.g. `[[clang::fallthrough]` or `__attribute__ ((fallthrough))`. But GCC only introduced support for such an attribute recently with GCC 7. Thus, and also because the fallthrough comment is supported by most compilers, we settle for using comments instead. One shortcoming of that method is that compilers are very strict about that. Most interestingly, that comment _really_ has to be the last line. In case a closing brace follows the comment, the heuristic will fail.
* | index: shut up warning on uninitialized variablePatrick Steinhardt2018-02-161-1/+1
| | | | | | | | | | | | | | | | Even though the `entry` variable will always be initialized when `read_entry` returns success and even though we never dereference `entry` in case `read_entry` fails, GCC prints a warning about uninitialized use. Just initialize the pointer to `NULL` in order to shut GCC up.
* | streams: openssl: fix use of uninitialized variablePatrick Steinhardt2018-02-161-3/+3
|/ | | | | | | | | | | | | | When verifying the server certificate, we do try to make sure that the hostname actually matches the certificate alternative names. In cases where the host is either an IPv4 or IPv6 address, we have to compare the binary representations of the hostname with the declared IP address of the certificate. We only do that comparison in case we were successfully able to parse the hostname as an IP, which would always result in the memory region being initialized. Still, GCC 6.4.0 was complaining about usage of non-initialized memory. Fix the issue by simply asserting that `addr` needs to be initialized. This shuts up the GCC warning.
* http: standardize user-agent additionethomson/user_agentEdward Thomson2018-02-103-27/+30
| | | | | | | | | | | The winhttp and posix http each need to add the user-agent to their requests. Standardize on a single function to include this so that we do not get the version numbers we're sending out of sync. Assemble the complete user agent in `git_http__user_agent`, returning assembled strings. Co-authored-by: Patrick Steinhardt <ps@pks.im>
* hash: win32: fix missing comma in `giterr_set`Patrick Steinhardt2018-02-091-1/+1
|
* odb_loose: only close file descriptor if it was opened successfullyPatrick Steinhardt2018-02-091-1/+2
|
View Lorry Controller Status