When posting our instrumented build results to Coverity we have
to include sensitive information, in particular our authorization
token. Currently we use an unencrypted channel to post this
information, leading to the token being transferred in plain.
Coverity currently lists a lot of errors with regard to
GITERR_CHECK_ALLOC causing resource leaks. We know this macro is
only invoked when we want to abort because we are out of memory.
Coverity allows for overriding the default model where we know
that certain functions guarantee a desired behavior. The
user_nodefs.h is used to override the behavior of macros.
Re-define GITERR_CHECK_ALLOC inside of it to specify its abort
nature.
The function `git_packfile_stream_open` tries to free the passed
in stream when an error occurs. The only call site is
`git_indexer_append`, though, which passes in the address of a
stream struct which has not been allocated on the heap.
Fix the issue by simply removing the call to free. In case of an
error we did not allocate any memory yet and otherwise it should
be the caller's responsibility to manage it's object's lifetime.
Edward Thomson [Tue, 9 Feb 2016 01:55:22 +0000 (17:55 -0800)]
Better document `git_merge_commits` redux
`git_merge_commits` and `git_merge` now *do* handle recursive base
building for criss-cross merges. Remove the documentation that says
that they do not.
Edward Thomson [Tue, 19 Jan 2016 17:13:23 +0000 (11:13 -0600)]
winhttp: name mangle class / iid on mingw
Standard Windows type systems define CLSID_InternetSecurityManager
and IID_IInternetSecurityManager, but MinGW lacks these definitions.
As a result, we must hardcode these definitions ourselves. However,
we should not use a public struct with those names, lest another
library do the same thing and consumers cannot link to both.
We don't support using an index object from multiple threads at the same
time, so the locking doesn't have any effect when following the
rules. If not following the rules, things are going to break down
anyway.
Edward Thomson [Sun, 27 Dec 2015 04:39:22 +0000 (22:39 -0600)]
git_repository_init: include dotfiles when copying templates
Include dotfiles when copying template directory, which will handle
both a template directory itself that begins with a dotfile, and
any dotfiles inside the directory.
Michał Górny [Sat, 26 Dec 2015 16:17:05 +0000 (17:17 +0100)]
ssh_stream_read(): fix possible *bytes_read < 0 branch
Fix the possibility of returning successfully from ssh_stream_read()
with *bytes_read < 0. This would occur if stdout channel read resulted
in 0, and stderr channel read failed afterwards.
Vicent Marti [Wed, 16 Dec 2015 18:36:50 +0000 (19:36 +0100)]
index: Also size-hint the hash table
Note that we're not checking whether the resize succeeds; in OOM cases,
we let it run with a "small" vector and hash table and see if by chance
we can grow it dynamically as we insert the new entries. Nothing to
lose really.
Vicent Marti [Wed, 16 Dec 2015 11:30:52 +0000 (12:30 +0100)]
merge: Use `git_index__fill` to populate the index
Instead of calling `git_index_add` in a loop, use the new
`git_index_fill` internal API to fill the index with the initial staged
entries.
The new `fill` helper assumes that all the entries will be unique and
valid, so it can append them at the end of the entries vector and only
sort it once at the end. It performs no validation checks.
This prevents the quadratic behavior caused by having to sort the
entries list once after every insertion.
When replacing an index with a new one, we need to iterate
through all index entries in order to determine which entries are
equal. When it is not possible to re-use old entries for the new
index, we move it into a list of entries that are to be removed
and thus free'd.
When we encounter a non-zero error code, though, we skip adding
the current index entry to the remove-queue. `INSERT_MAP_EX`,
which is the function last run before adding to the remove-queue,
may return a positive non-zero code that indicates what exactly
happened while inserting the element. In this case we skip adding
the entry to the remove-queue but still continue the current
operation, leading to a leak of the current entry.
Fix this by checking for a negative return value instead of a
non-zero one when we want to add the current index entry to the
remove-queue.
Edward Thomson [Thu, 3 Dec 2015 21:27:15 +0000 (16:27 -0500)]
index: canonicalize inserted paths safely
When adding to the index, we look to see if a portion of the given
path matches a portion of a path in the index. If so, we will use
the existing path information. For example, when adding `foo/bar.c`,
if there is an index entry to `FOO/other` and the filesystem is case
insensitive, then we will put `bar.c` into the existing tree instead
of creating a new one with a different case.
Use `strncmp` to do that instead of `memcmp`. When we `bsearch`
into the index, we locate the position where the new entry would
go. The index entry at that position does not necessarily have
a relation to the entry we're adding, so we cannot make assumptions
and use `memcmp`. Instead, compare them as strings.
When canonicalizing paths, we look for the first index entry that
matches a given substring.
Michał Górny [Tue, 1 Dec 2015 19:41:23 +0000 (20:41 +0100)]
checkout test: Apply umask to file-mode test as well
Fix the file-mode test to expect system umask being applied to the
created file as well (it is currently applied to the directory only).
This fixes the test on systems where umask != 022.
When duplicating a `struct git_tree_entry` with
`git_tree_entry_dup` the resulting structure is not allocated
inside a memory pool. As we do a 1:1 copy of the original struct,
though, we also copy the `pooled` field, which is set to `true`
for pooled entries. This results in a huge memory leak as we
never free tree entries that were duplicated from a pooled
tree entry.
Fix this by marking the newly duplicated entry as un-pooled.
diff: include commit message when formatting patch
When formatting a patch as email we do not include the commit's
message in the formatted patch output. Implement this and add a
test that verifies behavior.
It is already possible to get a commit's summary with the
`git_commit_summary` function. It is not possible to get the
remaining part of the commit message, that is the commit
message's body.
Fix this by introducing a new function `git_commit_body`.
blame: use size_t for line counts in git_blame__entry
The `git_blame__entry` struct keeps track of line counts with
`int` fields. Since `int` is only guaranteed to be at least 16
bits we may overflow on certain platforms when line counts exceed
2^15.
Fix this by instead storing line counts in `size_t`.
blame: use size_t for line counts in git_blame_hunk
It is not unreasonable to have versioned files with a line count
exceeding 2^16. Upon blaming such files we fail to correctly keep
track of the lines as `git_blame_hunk` stores them in `uint16_t`
fields.
Fix this by converting the line fields of `git_blame_hunk` to
`size_t`. Add test to verify behavior.
This reduces the size of the struct from 32 to 26 bytes, and leaves a
single padding byte at the end of the struct (which comes from the
zero-length array).
projects / libgit2.git / log