summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2017-10-18Merge branch 'jk/sha1-loose-object-info-fix' into maintLibravatar Junio C Hamano1-2/+6
Leakfix and futureproofing. * jk/sha1-loose-object-info-fix: sha1_loose_object_info: handle errors from unpack_sha1_rest
2017-10-18Merge branch 'sb/branch-avoid-repeated-strbuf-release' into maintLibravatar Junio C Hamano1-2/+3
* sb/branch-avoid-repeated-strbuf-release: branch: reset instead of release a strbuf
2017-10-18Merge branch 'rs/qsort-s' into maintLibravatar Junio C Hamano1-1/+1
* rs/qsort-s: test-stringlist: avoid buffer underrun when sorting nothing
2017-10-18Merge branch 'jn/strbuf-doc-re-reuse' into maintLibravatar Junio C Hamano1-2/+9
* jn/strbuf-doc-re-reuse: strbuf doc: reuse after strbuf_release is fine
2017-10-18Merge branch 'rs/run-command-use-alloc-array' into maintLibravatar Junio C Hamano1-1/+1
Code clean-up. * rs/run-command-use-alloc-array: run-command: use ALLOC_ARRAY
2017-10-18Merge branch 'rs/tag-null-pointer-arith-fix' into maintLibravatar Junio C Hamano1-4/+4
Code clean-up. * rs/tag-null-pointer-arith-fix: tag: avoid NULL pointer arithmetic
2017-10-18Merge branch 'rs/cocci-de-paren-call-params' into maintLibravatar Junio C Hamano1-5/+5
Code clean-up. * rs/cocci-de-paren-call-params: coccinelle: remove parentheses that become unnecessary
2017-10-18Merge branch 'ad/doc-markup-fix' into maintLibravatar Junio C Hamano1-1/+1
Docfix. * ad/doc-markup-fix: doc: correct command formatting
2017-10-18Merge branch 'mr/doc-negative-pathspec' into maintLibravatar Junio C Hamano5-2/+24
Doc updates. * mr/doc-negative-pathspec: docs: improve discoverability of exclude pathspec
2017-10-18Merge branch 'jk/validate-headref-fix' into maintLibravatar Junio C Hamano1-11/+12
Code clean-up. * jk/validate-headref-fix: validate_headref: use get_oid_hex for detached HEADs validate_headref: use skip_prefix for symref parsing validate_headref: NUL-terminate HEAD buffer
2017-10-18Merge branch 'ks/doc-use-camelcase-for-config-name' into maintLibravatar Junio C Hamano2-3/+3
Doc update. * ks/doc-use-camelcase-for-config-name: doc: camelCase the config variables to improve readability
2017-10-18Merge branch 'jk/doc-read-tree-table-asciidoctor-fix' into maintLibravatar Junio C Hamano1-0/+2
A docfix. * jk/doc-read-tree-table-asciidoctor-fix: doc: put literal block delimiter around table
2017-10-18Merge branch 'hn/typofix' into maintLibravatar Junio C Hamano1-1/+1
* hn/typofix: submodule.h: typofix
2017-10-18Merge branch 'ks/test-readme-phrasofix' into maintLibravatar Junio C Hamano1-3/+3
Doc updates. * ks/test-readme-phrasofix: t/README: fix typo and grammatically improve a sentence
2017-10-18Merge branch 'ez/doc-duplicated-words-fix' into maintLibravatar Junio C Hamano4-4/+4
Typofix. * ez/doc-duplicated-words-fix: doc: fix minor typos (extra/duplicated words)
2017-10-18Merge branch 'kd/doc-for-each-ref' into maintLibravatar Junio C Hamano1-16/+17
Doc update. * kd/doc-for-each-ref: doc/for-each-ref: explicitly specify option names doc/for-each-ref: consistently use '=' to between argument names and values
2017-10-18Merge branch 'cc/subprocess-handshake-missing-capabilities' into maintLibravatar Junio C Hamano1-2/+2
Finishing touches to a topic already in 'master'. * cc/subprocess-handshake-missing-capabilities: subprocess: loudly die when subprocess asks for an unsupported capability
2017-10-18Merge branch 'jk/system-path-cleanup' into maintLibravatar Junio C Hamano1-14/+28
Code clean-up. * jk/system-path-cleanup: git_extract_argv0_path: do nothing without RUNTIME_PREFIX system_path: move RUNTIME_PREFIX to a sub-function
2017-10-18Merge branch 'bb/doc-eol-dirty' into maintLibravatar Junio C Hamano1-1/+4
Doc update. * bb/doc-eol-dirty: Documentation: mention that `eol` can change the dirty status of paths
2017-10-18Merge branch 'mg/timestamp-t-fix' into maintLibravatar Junio C Hamano1-1/+1
A mismerge fix. * mg/timestamp-t-fix: name-rev: change ULONG_MAX to TIME_MAX
2017-10-18Merge branch 'ma/pkt-line-leakfix' into maintLibravatar Junio C Hamano1-1/+2
A leakfix. * ma/pkt-line-leakfix: pkt-line: re-'static'-ify buffer in packet_write_fmt_1()
2017-10-18Merge branch 'jk/config-lockfile-leak-fix' into maintLibravatar Junio C Hamano1-17/+7
A leakfix. * jk/config-lockfile-leak-fix: config: use a static lock_file struct
2017-10-18Merge branch 'dw/diff-highlight-makefile-fix' into maintLibravatar Junio C Hamano1-0/+3
Build clean-up. * dw/diff-highlight-makefile-fix: diff-highlight: add clean target to Makefile
2017-10-18Merge branch 'jk/drop-sha1-entry-pos' into maintLibravatar Junio C Hamano5-244/+1
Code clean-up. * jk/drop-sha1-entry-pos: sha1-lookup: remove sha1_entry_pos() from header file sha1_file: drop experimental GIT_USE_LOOKUP search
2017-10-18Merge branch 'tb/ref-filter-empty-modifier' into maintLibravatar Junio C Hamano2-1/+10
In the "--format=..." option of the "git for-each-ref" command (and its friends, i.e. the listing mode of "git branch/tag"), "%(atom:)" (e.g. "%(refname:)", "%(body:)" used to error out. Instead, treat them as if the colon and an empty string that follows it were not there. * tb/ref-filter-empty-modifier: ref-filter.c: pass empty-string as NULL to atom parsers
2017-10-18Merge branch 'rb/compat-poll-fix' into maintLibravatar Junio C Hamano1-0/+4
Backports a moral equivalent of 2015 fix to the poll emulation from the upstream gnulib to fix occasional breakages on HPE NonStop. * rb/compat-poll-fix: poll.c: always set revents, even if to zero
2017-10-18Merge branch 'tg/memfixes' into maintLibravatar Junio C Hamano3-8/+6
Fixes for a handful memory access issues identified by valgrind. * tg/memfixes: sub-process: use child_process.args instead of child_process.argv http-push: fix construction of hex value from path path.c: fix uninitialized memory access
2017-10-18Merge branch 'ar/request-pull-phrasofix' into maintLibravatar Junio C Hamano2-3/+3
Spell the name of our system as "Git" in the output from request-pull script. * ar/request-pull-phrasofix: request-pull: capitalise "Git" to make it a proper noun
2017-10-18Merge branch 'jc/merge-x-theirs-docfix' into maintLibravatar Junio C Hamano1-1/+2
The documentation for '-X<option>' for merges was misleadingly written to suggest that "-s theirs" exists, which is not the case. * jc/merge-x-theirs-docfix: merge-strategies: avoid implying that "-s theirs" exists
2017-10-18Merge branch 'rs/mailinfo-qp-decode-fix' into maintLibravatar Junio C Hamano1-3/+8
"git mailinfo" was loose in decoding quoted printable and produced garbage when the two letters after the equal sign are not hexadecimal. This has been fixed. * rs/mailinfo-qp-decode-fix: mailinfo: don't decode invalid =XY quoted-printable sequences
2017-10-18Merge branch 'ik/userdiff-html-h-element-fix' into maintLibravatar Junio C Hamano1-1/+1
The built-in pattern to detect the "function header" for HTML did not match <H1>..<H6> elements without any attributes, which has been fixed. * ik/userdiff-html-h-element-fix: userdiff: fix HTML hunk header regexp
2017-10-18Merge branch 'jk/diff-blob' into maintLibravatar Junio C Hamano2-2/+7
"git cat-file --textconv" started segfaulting recently, which has been corrected. * jk/diff-blob: cat-file: handle NULL object_context.path
2017-10-18Merge branch 'jk/describe-omit-some-refs' into maintLibravatar Junio C Hamano2-4/+11
"git describe --match" learned to take multiple patterns in v2.13 series, but the feature ignored the patterns after the first one and did not work at all. This has been fixed. * jk/describe-omit-some-refs: describe: fix matching to actually match all patterns
2017-10-18Merge branch 'mh/for-each-string-list-item-empty-fix' into maintLibravatar Junio C Hamano1-2/+4
Code cmp.std.c nitpick. * mh/for-each-string-list-item-empty-fix: for_each_string_list_item: avoid undefined behavior for empty list
2017-10-18Merge branch 'tb/test-lint-echo-e' into maintLibravatar Junio C Hamano1-1/+1
The test linter has been taught that we do not like "echo -e". * tb/test-lint-echo-e: test-lint: echo -e (or -E) is not portable
2017-10-18Merge branch 'aw/gc-lockfile-fscanf-fix' into maintLibravatar Junio C Hamano1-1/+1
"git gc" tries to avoid running two instances at the same time by reading and writing pid/host from and to a lock file; it used to use an incorrect fscanf() format when reading, which has been corrected. * aw/gc-lockfile-fscanf-fix: gc: call fscanf() with %<len>s, not %<len>c, when reading hostname
2017-10-18Merge branch 'tg/refs-allowed-flags' into maintLibravatar Junio C Hamano2-0/+10
API error-proofing which happens to also squelch warnings from GCC. * tg/refs-allowed-flags: refs: strip out not allowed flags from ref_transaction_update
2017-10-18Merge branch 'rs/archive-excluded-directory' into maintLibravatar Junio C Hamano4-21/+6
"git archive", especially when used with pathspec, stored an empty directory in its output, even though Git itself never does so. This has been fixed. * rs/archive-excluded-directory: archive: don't add empty directories to archives
2017-10-18Merge branch 'rk/commit-tree-make-F-verbatim' into maintLibravatar Junio C Hamano1-1/+0
Unlike "git commit-tree < file", "git commit-tree -F file" did not pass the contents of the file verbatim and instead completed an incomplete line at the end, if exists. The latter has been updated to match the behaviour of the former. * rk/commit-tree-make-F-verbatim: commit-tree: do not complete line in -F input
2017-10-18Merge branch 'mh/packed-ref-store-prep' into maintLibravatar Junio C Hamano2-4/+18
Fix regression to "gitk --bisect" by a recent update. * mh/packed-ref-store-prep: rev-parse: don't trim bisect refnames
2017-10-18Merge branch 'mm/send-email-cc-cruft' into maintLibravatar Junio C Hamano2-8/+29
In addition to "cc: <a@dd.re.ss> # cruft", "cc: a@dd.re.ss # cruft" was taught to "git send-email" as a valid way to tell it that it needs to also send a carbon copy to <a@dd.re.ss> in the trailer section. * mm/send-email-cc-cruft: send-email: don't use Mail::Address, even if available send-email: fix garbage removal after address
2017-10-18Merge branch 'rs/strbuf-getwholeline-fix' into maintLibravatar Junio C Hamano1-0/+1
A helper function to read a single whole line into strbuf mistakenly triggered OOM error at EOF under certain conditions, which has been fixed. * rs/strbuf-getwholeline-fix: strbuf: clear errno before calling getdelim(3)
2017-10-06sha1_loose_object_info: handle errors from unpack_sha1_restLibravatar Jeff King1-2/+6
When a caller of sha1_object_info_extended() sets the "contentp" field in object_info, we call unpack_sha1_rest() but do not check whether it signaled an error. This causes two problems: 1. We pass back NULL to the caller via the contentp field, but the function returns "0" for success. A caller might reasonably expect after a successful return that it can access contentp without a NULL check and segfault. As it happens, this is impossible to trigger in the current code. There is exactly one caller which uses contentp, read_object(). And the only thing it does after a successful call is to return the content pointer to its caller, using NULL as a sentinel for errors. So in effect it converts the success code from sha1_object_info_extended() back into an error! But this is still worth addressing avoid problems for future users of "contentp". 2. Callers of unpack_sha1_rest() are expected to close the zlib stream themselves on error. Which means that we're leaking the stream. The problem in (1) comes from from c84a1f3ed4 (sha1_file: refactor read_object, 2017-06-21), which added the contentp field. Before that, we called unpack_sha1_rest() via unpack_sha1_file(), which directly used the NULL to signal an error. But note that the leak in (2) is actually older than that. The original unpack_sha1_file() directly returned the result of unpack_sha1_rest() to its caller, when it should have been closing the zlib stream itself on error. Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-10-05ref-filter.c: pass empty-string as NULL to atom parsersLibravatar Taylor Blau2-1/+10
Peff points out that different atom parsers handle the empty "sub-argument" list differently. An example of this is the format "%(refname:)". Since callers often use `string_list_split` (which splits the empty string with any delimiter as a 1-ary string_list containing the empty string), this makes handling empty sub-argument strings non-ergonomic. Let's fix this by declaring that atom parser implementations must not care about distinguishing between the empty string "%(refname:)" and no sub-arguments "%(refname)". Current code aborts, either with "unrecognised arg" (e.g. "refname:") or "does not take args" (e.g. "body:") as an error message. Signed-off-by: Taylor Blau <me@ttaylorr.com> Reviewed-by: Jeff King <peff@peff.net> Reviewed-by: Jonathan Nieder <jrnieder@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-10-04strbuf doc: reuse after strbuf_release is fineLibravatar Jonathan Nieder1-2/+9
strbuf_release leaves the strbuf in a valid, initialized state, so there is no need to call strbuf_init after it. Moreover, this is not likely to change in the future: strbuf_release leaving the strbuf in a valid state has been easy to maintain and has been very helpful for Git's robustness and simplicity (e.g., preventing use-after-free vulnerabilities). Document the semantics so the next generation of Git developers can become familiar with them without reading the implementation. It is still not advisable to call strbuf_release too often because it is wasteful, so add a note pointing to strbuf_reset for that. The same semantics apply to strbuf_detach. Add a similar note to its docstring to make that clear. Improved-by: Jeff King <peff@peff.net> Signed-off-by: Jonathan Nieder <jrnieder@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-10-04branch: reset instead of release a strbufLibravatar Stefan Beller1-2/+3
Our documentation advises to not re-use a strbuf, after strbuf_release has been called on it. Use the proper reset instead. Currently 'strbuf_release' releases and re-initializes the strbuf, so it is safe, but slow. 'strbuf_reset' only resets the internal length variable, such that this could also be accounted for as a micro-optimization. Reviewed-by: Jonathan Nieder <jrnieder@gmail.com> Signed-off-by: Stefan Beller <sbeller@google.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-10-04sub-process: use child_process.args instead of child_process.argvLibravatar Johannes Sixt1-2/+1
Currently the argv is only allocated on the stack, and then assigned to process->argv. When the start_subprocess function goes out of scope, the local argv variable is eliminated from the stack, but the pointer is still kept around in process->argv. Much later when we try to access the same process->argv in finish_command, this leads us to access a memory location that no longer contains what we want. As argv0 is only used for printing errors, this is not easily noticed in normal git operations. However when running t0021-conversion.sh through valgrind, valgrind rightfully complains: ==21024== Invalid read of size 8 ==21024== at 0x2ACF64: finish_command (run-command.c:869) ==21024== by 0x2D6B18: subprocess_exit_handler (sub-process.c:72) ==21024== by 0x2AB41E: cleanup_children (run-command.c:45) ==21024== by 0x2AB526: cleanup_children_on_exit (run-command.c:81) ==21024== by 0x54AD487: __run_exit_handlers (in /usr/lib/libc-2.26.so) ==21024== by 0x54AD4D9: exit (in /usr/lib/libc-2.26.so) ==21024== by 0x11A9EF: handle_builtin (git.c:550) ==21024== by 0x11ABCC: run_argv (git.c:602) ==21024== by 0x11AD8E: cmd_main (git.c:679) ==21024== by 0x1BF125: main (common-main.c:43) ==21024== Address 0x1ffeffec00 is on thread 1's stack ==21024== 1504 bytes below stack pointer ==21024== These days, the child_process structure has its own args array, and the standard way to set up its argv[] is to use that one, instead of assigning to process->argv to point at an array that is outside. Use that facility automatically fixes this issue. Reported-by: Thomas Gummerer <t.gummerer@gmail.com> Signed-off-by: Johannes Sixt <j6t@kdbg.org> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-10-04http-push: fix construction of hex value from pathLibravatar Thomas Gummerer1-1/+1
The get_oid_hex_from_objpath takes care of creating a oid from a pathname. It does this by memcpy'ing the first two bytes of the path to the "hex" string, then skipping the '/', and then copying the rest of the path to the "hex" string. Currently it fails to increase the pointer to the hex string, so the second memcpy invocation just mashes over what was copied in the first one, and leaves the last two bytes in the string uninitialized. This breaks valgrind in t5540, although the test passes without valgrind: ==5490== Use of uninitialised value of size 8 ==5490== at 0x13C6B5: hexval (cache.h:1238) ==5490== by 0x13C6DB: hex2chr (cache.h:1247) ==5490== by 0x13C734: get_sha1_hex (hex.c:42) ==5490== by 0x13C78E: get_oid_hex (hex.c:53) ==5490== by 0x118BDA: get_oid_hex_from_objpath (http-push.c:1023) ==5490== by 0x118C92: process_ls_object (http-push.c:1038) ==5490== by 0x118E5B: handle_remote_ls_ctx (http-push.c:1077) ==5490== by 0x118227: xml_end_tag (http-push.c:815) ==5490== by 0x50C1448: ??? (in /usr/lib/libexpat.so.1.6.6) ==5490== by 0x50C221B: ??? (in /usr/lib/libexpat.so.1.6.6) ==5490== by 0x50BFBF2: ??? (in /usr/lib/libexpat.so.1.6.6) ==5490== by 0x50C0B24: ??? (in /usr/lib/libexpat.so.1.6.6) ==5490== Uninitialised value was created by a stack allocation ==5490== at 0x118B63: get_oid_hex_from_objpath (http-push.c:1012) ==5490== Fix this by correctly incrementing the pointer to the "hex" variable, so the first two bytes are left untouched by the memcpy call, and the last two bytes are correctly initialized. Signed-off-by: Thomas Gummerer <t.gummerer@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-10-04path.c: fix uninitialized memory accessLibravatar Jeff King1-5/+4
In cleanup_path we're passing in a char array, run a memcmp on it, and run through it without ever checking if something is in the array in the first place. This can lead us to access uninitialized memory, for example in t5541-http-push-smart.sh test 7, when run under valgrind: ==4423== Conditional jump or move depends on uninitialised value(s) ==4423== at 0x242FA9: cleanup_path (path.c:35) ==4423== by 0x242FA9: mkpath (path.c:456) ==4423== by 0x256CC7: refname_match (refs.c:364) ==4423== by 0x26C181: count_refspec_match (remote.c:1015) ==4423== by 0x26C181: match_explicit_lhs (remote.c:1126) ==4423== by 0x26C181: check_push_refs (remote.c:1409) ==4423== by 0x2ABB4D: transport_push (transport.c:870) ==4423== by 0x186703: push_with_options (push.c:332) ==4423== by 0x18746D: do_push (push.c:409) ==4423== by 0x18746D: cmd_push (push.c:566) ==4423== by 0x1183E0: run_builtin (git.c:352) ==4423== by 0x11973E: handle_builtin (git.c:539) ==4423== by 0x11973E: run_argv (git.c:593) ==4423== by 0x11973E: main (git.c:698) ==4423== Uninitialised value was created by a heap allocation ==4423== at 0x4C2CD8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==4423== by 0x4C2F195: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==4423== by 0x2C196B: xrealloc (wrapper.c:137) ==4423== by 0x29A30B: strbuf_grow (strbuf.c:66) ==4423== by 0x29A30B: strbuf_vaddf (strbuf.c:277) ==4423== by 0x242F9F: mkpath (path.c:454) ==4423== by 0x256CC7: refname_match (refs.c:364) ==4423== by 0x26C181: count_refspec_match (remote.c:1015) ==4423== by 0x26C181: match_explicit_lhs (remote.c:1126) ==4423== by 0x26C181: check_push_refs (remote.c:1409) ==4423== by 0x2ABB4D: transport_push (transport.c:870) ==4423== by 0x186703: push_with_options (push.c:332) ==4423== by 0x18746D: do_push (push.c:409) ==4423== by 0x18746D: cmd_push (push.c:566) ==4423== by 0x1183E0: run_builtin (git.c:352) ==4423== by 0x11973E: handle_builtin (git.c:539) ==4423== by 0x11973E: run_argv (git.c:593) ==4423== by 0x11973E: main (git.c:698) ==4423== Avoid this by using skip_prefix(), which knows not to go beyond the end of the string. Reported-by: Thomas Gummerer <t.gummerer@gmail.com> Signed-off-by: Jeff King <peff@peff.net> Reviewed-by: Jonathan Nieder <jrnieder@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-10-04test-stringlist: avoid buffer underrun when sorting nothingLibravatar René Scharfe1-1/+1
Check if the strbuf containing data to sort is empty before attempting to trim a trailing newline character. Signed-off-by: Rene Scharfe <l.s.r@web.de> Reviewed-by: Jonathan Nieder <jrnieder@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>