| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
| |
To determine whether another reflog entry needs to be written for HEAD
on a reference update, we need to see whether HEAD directly or
indirectly points to the reference we're updating. The resolve logic is
currently completely unbounded except an error occurs, which effectively
means that we'd be spinning forever in case we have a symref loop in the
repository refdb.
Let's fix the issue by using `git_refdb_resolve` instead, which is
always bounded.
|
| |
|
|
|
|
|
|
| |
The refs code currently has a second implementation that resolves
references in order to find any final symbolic reference pointing to a
nonexistent target branch. As we've just extended `git_refdb_resolve` to
also return such references, let's use that one instead in order to
reduce code duplication.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
In some cases, resolving references requires us to also know about the
final symbolic reference that's pointing to a nonexistent branch, e.g.
in an empty repository where the main branch is yet unborn but HEAD
already points to it. Right now, the resolving logic is thus split up
into two, where one is the new refdb implementation and the second one
is an ad-hoc implementation inside "refs.c".
Let's extend `git_refdb_resolve` to also return such final dangling
references pointing to nonexistent branches so we can deduplicate the
resolving logic.
|
| |
|
|
|
|
|
|
|
| |
Resolving of symbolic references is currently implemented inside the
"refs" layer. As a result, it's hard to call this function from
low-level parts that only have a refdb available, but no repository, as
the "refs" layer always operates on the repository-level. So let's move
the function into the generic "refdb" implementation to lift this
restriction.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The logic to determine whether a reflog entry should be for the HEAD
reference is non-trivial. Currently, the only user of this is the
filesystem-based refdb, but with the advent of the reftable refdb we're
going to add a second user that's interested in having the same
behaviour.
Let's pull out a new function that checks whether a given reference
should cause a entry to be written to the HEAD reflog as a preparatory
step.
|
| |
|
|
|
|
|
|
|
|
| |
The logic to determine whether a reflog should be written is
non-trivial. Currently, the only user of this is the filesystem-based
refdb, but with the advent of the reftable refdb we're going to add a
second user that's interested in having the same behaviour.
Let's pull out a new function that checks whether a given reference
should cause a reflog to be written as a preparatory step.
|
| |\
| |
| | |
Make the tests run cleanly under UndefinedBehaviorSanitizer
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This change makes the tests run cleanly under
`-fsanitize=undefined,nullability` and comprises of:
* Avoids some arithmetic with NULL pointers (which UBSan does not like).
* Avoids an overflow in a shift, due to an uint8_t being implicitly
converted to a signed 32-bit signed integer after being shifted by a
32-bit signed integer.
* Avoids a unaligned read in libgit2.
* Ignores unaligned reads in the SHA1 library, since it only happens on
Intel processors, where it is _still_ undefined behavior, but the
semantics are moderately well-understood.
Of notable omission is `-fsanitize=integer`, since there are lots of
warnings in zlib and the SHA1 library which probably don't make sense to
fix and I could not figure out how to silence easily. libgit2 itself
also has ~100s of warnings which are mostly innocuous (e.g. use of enum
constants that only fit on an `uint32_t`, but there is no way to do that
in a simple fashion because the data type chosen for enumerated types is
implementation-defined), and investigating whether there are worrying
warnings would need reducing the noise significantly.
|
| |\ \
| | |
| | | |
Make the tests pass cleanly with MemorySanitizer
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| | |
This change:
* Initializes a few variables that were being read before being
initialized.
* Includes https://github.com/madler/zlib/pull/393. As such,
it only works reliably with `-DUSE_BUNDLED_ZLIB=ON`.
|
| | |
| |
| |
| | |
Fix the default LIBGIT2_FILENAME for GNU windres
|
| | | |
|
| |/ |
|
| | |
|
| |
|
|
|
|
| |
We currently don't check for out-of-memory situations on exiting
`format_binary` and, as a result, may return a partially filled buffer.
Fix this by checking the buffer via `git_buf_oom`.
|
| |
|
|
|
|
|
|
|
|
| |
Calling abort(3P) in a library is rather rude and shouldn't happen, as
we effectively prohibit any corrective actions made by the application
linking to it. We thus shouldn't call it at all, but instead use our new
`GIT_ASSERT` macros.
Remove the call to abort(3P) in case a diff delta has an unexpected type
to fix this.
|
| |
|
|
|
|
|
|
|
|
|
| |
When printing the diff to a `FILE *` handle, we neither check the return
value of fputc(3P) nor the one of fwrite(3P). As a result, we'll
silently return successful even if we didn't print anything at all.
Futhermore, the arguments to fwrite(3P) are reversed: we have one item
of length `content_len`, and not `content_len` items of one byte.
Fix both issues by checking return values as well as reversing the
arguments to fwrite(3P).
|
| |\
| |
| | |
Random code cleanups and fixes
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
With commit 05f690122 (checkout: remove blocking dir when FORCEd,
2015-03-31), the last case was removde that actually queued a deferred
removal. This is now more than five years in the past and nobody
complained, so we can rest quite assured that the deferred removal is
not really needed at all.
Let's remove all related code to simplify the already complicated
checkout logic.
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When extracting curly braces (e.g. the "upstream" part in
"HEAD@{upstream}"), we put the curly braces' contents into a `git_buf`
structure, but don't check the return value of `git_buf_putc`. So when
we run out-of-memory, we'll use a partially filled buffer without
noticing.
Let's fix this issue by checking `git_buf_putc`'s return value.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Over time, we have accumulated quite a lot of functions with missing
prototypes, missing `static` keywords or which were completely unused.
It's easy to miss these mistakes, but luckily GCC and Clang both have
the `-Wmissing-declarations` warning. Enabling this will cause them to
emit warnings for every not-static function that doesn't have a previous
declaration. This is a very sane thing to enable, and with the preceding
commits all these new warnings have been fixed.
So let's always enable this warning so we won't introduce new instances
of them.
|
| | |
| |
| |
| |
| |
| | |
The function `git_reference__is_note` is not declared anywhere. Let's
add the declaration to avoid having non-static functions without
declaration.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When compiling libgit2 with -DDEPRECATE_HARD, we add a preprocessor
definition `GIT_DEPRECATE_HARD` which causes the "git2/deprecated.h"
header to be empty. As a result, no function declarations are made
available to callers, but the implementations are still available to
link against. This has the problem that function declarations also
aren't visible to the implementations, meaning that the symbol's
visibility will not be set up correctly. As a result, the resulting
library may not expose those deprecated symbols at all on some platforms
and thus cause linking errors.
Fix the issue by conditionally compiling deprecated functions, only.
While it becomes impossible to link against such a library in case one
uses deprecated functions, distributors of libgit2 aren't expected to
pass -DDEPRECATE_HARD anyway. Instead, users of libgit2 should manually
define GIT_DEPRECATE_HARD to hide deprecated functions. Using "real"
hard deprecation still makes sense in the context of CI to test we don't
use deprecated symbols ourselves and in case a dependant uses libgit2 in
a vendored way and knows it won't ever use any of the deprecated symbols
anyway.
|
| | |
| |
| |
| |
| |
| |
| | |
We're missing some header includes leading to missing function
prototypes. While we currently don't warn about these, we should have
their respective headers included in order to detect the case where a
function signature change results in an incompatibility.
|
| | |
| |
| |
| |
| |
| |
| | |
We've accumulated quite some functions which are never used outside of
their respective code unit, but which are lacking the `static` keyword.
Add it to reduce their linkage scope and allow the compiler to optimize
better.
|
| |/
|
|
|
| |
We have some functions which aren't used anywhere. Let's remove them to
get rid of unneeded baggage.
|
| |\
| |
| | |
httpclient: support googlesource
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The httpclient implementation keeps a `read_buf` that holds the data
in the body of the response after the headers have been written. We
store that data for subsequent calls to `git_http_client_read_body`. If
we want to stop reading body data and send another request, we need to
clear that cached data.
Clear the cached body data on new requests, just like we read any
outstanding data from the socket.
|
| | |
| |
| |
| |
| |
| |
| | |
When `git_http_client_read_body` is invoked, it provides the size of the
buffer that can be read into. This will be set as the parser context's
`output_size` member. Use this as an upper limit on our reads, and
ensure that we do not read more than the client requests.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When users call `git_http_client_read_body`, it should return 0 at the
end of a message. When the `on_message_complete` callback is called,
this will set `client->state` to `DONE`. In our read loop, we look for
this condition and exit.
Without this, when there is no data left except the end of message chunk
(`0\r\n`) in the http stream, we would block by reading the three bytes
off the stream but not making progress in any `on_body` callbacks.
Listening to the `on_message_complete` callback allows us to stop trying
to read from the socket when we've read the end of message chunk.
|
| |\ \
| | |
| | | |
git_packbuilder_write: Allow setting path to NULL to use the default path
|
| | | |
| | |
| | |
| | |
| | |
| | | |
If given a NULL path, write to the object path of the repository.
Add tests for the new behavior.
|
| | | |
| | |
| | |
| | |
| | |
| | | |
Clean up and return via a single label, to avoid duplicate error
handling before each return, and to make it easier to extend the set of
cleanups needed.
|
| |\ \ \
| | | |
| | | | |
mempack: Use threads when building the pack
|
| | |/ /
| | |
| | |
| | |
| | |
| | | |
The mempack ODB backend creates a packbuilder internally to write out a
pack; call git_packbuilder_set_threads on that packbuilder, to use
threads for packing if available.
|
| | | |
| | |
| | |
| | |
| | |
| | | |
We _dispose_ the contents of objects; we _free_ objects (and their
contents). Update `git_strarray_free` to be `git_strarray_dispose`.
`git_strarray_free` remains as a deprecated proxy function.
|
| | |/
|/| |
|
| |\ \
| | |
| | | |
git_pool_init: allow the function to fail
|
| | | |
| | |
| | |
| | | |
Propagate failures caused by pool initialization errors.
|
| | | |
| | |
| | |
| | | |
Let `git_pool_init` return an int so that it could fail.
|
| |\ \ \
| | | |
| | | | |
Handle unreadable configuration files
|
| | | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Modified `config_file_open()` so it returns 0 if the config file is
not readable, which happens on global config files under macOS
sandboxing (note that for some reason `access(F_OK)` DOES work with
sandboxing, but it is lying). Without this read check sandboxed
applications on macOS can not open any repository, because
`config_file_read()` will return GIT_ERROR when it cannot read the
global /Users/username/.gitconfig file, and the upper layers will
just completely abort on GIT_ERROR when attempting to load the
global config file, so no repositories can be opened.
|
| |/ /
| |
| |
| |
| | |
According to index-format.txt of git, the path of an entry is prefixed
with N, where N indicates the length of bytes to be stripped.
|
| |\ \
| |/
|/| |
OpenSSL certificate memory leak
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
When creating a `git_cert` from the OpenSSL X509 certificate of a given
stream, we do not call `X509_free()` on the certificate, leading to a
memory leak as soon as the certificate is requested e.g. by the
certificate check callback.
Fix the issue by properly calling `X509_free()`.
|
| |\ \
| | |
| | | |
tests: checkout: fix flaky test due to mtime race
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When trying to determine whether a file changed, we try to avoid heavy
operations by fist taking a look at the index, seeing whether the index
entry is modified already. This doesn't seem to cut it, though, as we
currently have the racy checkout::index::can_disable_pathspec_match test
case: sometimes the files get restored to their original contents,
sometimes they aren't.
The issue is caused by a racy index [1]: in case we modify a file, add
it to the index and then modify it again in-place without changing its
file, then we may end up with a modified file that has the same stat(3P)
info as we've currently got it in its corresponding index entry. The
mitigation for this is to treat files with the same mtime as the index
are treated as racily modified. We already have this logic in place for
the index, but not when doing a checkout.
Fix the issue by only consulting the index entry in case it has an older
mtime as the index. Previously, the following script reliably had at
least 20 failures, while now there is no failure to be observed anymore:
```bash
j=0
for i in $(seq 100)
do
if ! ./libgit2_clar -scheckout::index::can_disable_pathspec_match >/dev/null
then
j=$(($j + 1))
fi
done
echo "Failures: $j"
```
[1]: https://git-scm.com/docs/racy-git
|
| |\ \ \
| |/ /
|/| | |
cmake: Sort source files for reproducible builds
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We currently use `FILE(GLOB ...)` in most places to find source and
header files. This is problematic in that the order of files returned
depends on the operating system's directory iteration order and may thus
not be deterministic. As a result, we link object files in unspecified
order, which may cause the linker to emit different code across runs.
Fix this issue by sorting all code used as input to the libgit2 library
to improve the reliability of reproducible builds.
|
