Mirror of https://git.kernel.org/pub/scm/git/git.git/ https://git.shady.money/git/atom?h=v2.7.3 2016-02-22T22:51:09Z 2016-02-22T22:51:09Z Jeff King peff@peff.net 2016-02-22T22:44:42Z urn:sha1:e0b837351084c3cb52c5acaf8a505835e631744a We perform unchecked additions when computing the size of a "struct ondisk_untracked_cache". This is unlikely to have an integer overflow in practice, but we'd like to avoid this dangerous pattern to make further audits easier. Note that there's one subtlety here, though. We protect ourselves against a NULL exclude_per_dir entry in our source, and avoid calling strlen() on it, keeping "len" at 0. But later, we unconditionally memcpy "len + 1" bytes to get the trailing NUL byte. If we did have a NULL exclude_per_dir, we would read from bogus memory. As it turns out, though, we always create this field pointing to a string literal, so there's no bug. We can just get rid of the pointless extra conditional. Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com> 2016-02-22T22:51:09Z Jeff King peff@peff.net 2016-02-22T22:44:35Z urn:sha1:50a6c8efa2bbeddf46ca34c7765024108202e04b If our size computation overflows size_t, we may allocate a much smaller buffer than we expected and overflow it. It's probably impossible to trigger an overflow in most of these sites in practice, but it is easy enough convert their additions and multiplications into overflow-checking variants. This may be fixing real bugs, and it makes auditing the code easier. Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com> 2016-02-22T22:51:09Z Jeff King peff@peff.net 2016-02-22T22:44:32Z urn:sha1:96ffc06f72f693d80f05059a1f0e5ca9007d5f1b Using FLEX_ARRAY macros reduces the amount of manual computation size we have to do. It also ensures we don't overflow size_t, and it makes sure we write the same number of bytes that we allocated. Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com> 2016-02-22T22:51:09Z Jeff King peff@peff.net 2016-02-22T22:44:28Z urn:sha1:3733e6946465d4a3a1d89026a5ec911d3af339ab We frequently allocate strings as xmalloc(len + 1), where the extra 1 is for the NUL terminator. This can be done more simply with xmallocz, which also checks for integer overflow. There's no case where switching xmalloc(n+1) to xmallocz(n) is wrong; the result is the same length, and malloc made no guarantees about what was in the buffer anyway. But in some cases, we can stop manually placing NUL at the end of the allocated buffer. But that's only safe if it's clear that the contents will always fill the buffer. In each case where this patch does so, I manually examined the control flow, and I tried to err on the side of caution. Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com> 2016-02-22T22:51:09Z Jeff King peff@peff.net 2016-02-22T22:44:25Z urn:sha1:b32fa95fd8293ebfecb2b7b6c8d460579318f9fe Each of these cases can be converted to use ALLOC_ARRAY or REALLOC_ARRAY, which has two advantages: 1. It automatically checks the array-size multiplication for overflow. 2. It always uses sizeof(*array) for the element-size, so that it can never go out of sync with the declared type of the array. Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com> 2016-02-05T22:54:11Z Junio C Hamano gitster@pobox.com 2016-02-05T22:54:11Z urn:sha1:9496acc1449e3e536f50eed081df0702b54cf0a8 The ignore mechanism saw a few regressions around untracked file listing and sparse checkout selection areas in 2.7.0; the change that is responsible for the regression has been reverted. * nd/exclusion-regression-fix: Revert "dir.c: don't exclude whole dir prematurely if neg pattern may match" 2016-02-05T22:54:08Z Junio C Hamano gitster@pobox.com 2016-02-05T22:54:08Z urn:sha1:af3e464a60d43ebf0431aa291014d32983a502e2 The "exclude_list" structure has the usual "alloc, nr" pair of fields to be used by ALLOC_GROW(), but clear_exclude_list() forgot to reset 'alloc' to 0 when it cleared 'nr' to discard the managed array. * nd/dir-exclude-cleanup: dir.c: clean the entire struct in clear_exclude_list() 2016-01-08T19:24:14Z Nguyễn Thái Ngọc Duy pclouds@gmail.com 2016-01-08T12:05:25Z urn:sha1:8c722360d1277259d4baec951e1488086f775214 This reverts commit 57534ee77d22e725d971ee89c77dc6aad61c573f. The feature added in that commit requires that patterns behave the same way from anywhere. But some patterns can behave differently depending on current "working" directory. The conditions to catch and avoid these patterns are too loose. The untracked listing[1] and sparse-checkout selection[2] can become incorrect as a result. [1] http://article.gmane.org/gmane.comp.version-control.git/283520 [2] http://article.gmane.org/gmane.comp.version-control.git/283532 Signed-off-by: Nguyễn Thái Ngọc Duy <pclouds@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com> 2015-12-28T20:48:27Z Nguyễn Thái Ngọc Duy pclouds@gmail.com 2015-12-27T01:54:34Z urn:sha1:2653a8c6fa0466828061a3132421cf13a5d6d924 Make sure "el" can be reuseable again. The problem was el->alloc is not cleared and may cause segfaults next time because add_exclude() thinks el->excludes (being NULL) has enough space. Just clear the entire struct to be safe. Signed-off-by: Nguyễn Thái Ngọc Duy <pclouds@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com> 2015-10-29T20:59:19Z Junio C Hamano gitster@pobox.com 2015-10-29T20:59:19Z urn:sha1:69fe31887bf8be496bb0adb4db3150cec52e1a2c The name-hash subsystem that is used to cope with case insensitive filesystems keeps track of directories and their on-filesystem cases for all the paths in the index by holding a pointer to a randomly chosen cache entry that is inside the directory (for its ce->ce_name component). This pointer was not updated even when the cache entry was removed from the index, leading to use after free. This was fixed by recording the path for each directory instead of borrowing cache entries and restructuring the API somewhat. * dt/name-hash-dir-entry-fix: name-hash: don't reuse cache_entry in dir_entry