Mirror of https://git.kernel.org/pub/scm/git/git.git/ https://git.shady.money/git/atom?h=v2.8.2 2016-04-15T01:37:15Z 2016-04-15T01:37:15Z Junio C Hamano gitster@pobox.com 2016-04-15T01:37:15Z urn:sha1:9fabc7083275f455ef21123cbdcbdd31b21a8251 Code clean-up. * ss/exc-flag-is-a-collection-of-bits: dir: store EXC_FLAG_* values in unsigned integers 2016-03-18T18:06:15Z Junio C Hamano gitster@pobox.com 2016-03-18T18:06:15Z urn:sha1:5cee349370bd2dce48d0d653ab4ce99bb79a3415 This reverts commit 5e57f9c3dfe7dd44a1b56bb5b3327d7a1356ec7c, reversing changes made to e79112d21024beb997951381db21a70b087d459d. We will be postponing nd/exclusion-regression-fix topic to later cycle. 2016-03-01T18:20:22Z Saurav Sachidanand sauravsachidanand@gmail.com 2016-03-01T17:02:59Z urn:sha1:f870899864e077a54776af838c6476d5850cfaaf The values defined by the macro EXC_FLAG_* (1, 4, 8, 16) are stored in fields of the structs "pattern" and "exclude", some functions arguments and a local variable. None of these uses its most significant bit in any special way and there is no good reason to use a signed integer for them. And while we're at it, document "flags" of "exclude" to explicitly state the values it's supposed to take on. Signed-off-by: Saurav Sachidanand <sauravsachidanand@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com> 2016-02-26T21:37:16Z Junio C Hamano gitster@pobox.com 2016-02-26T21:37:16Z urn:sha1:11529ecec914d2f0d7575e6d443c2d5a6ff75424 Update various codepaths to avoid manually-counted malloc(). * jk/tighten-alloc: (22 commits) ewah: convert to REALLOC_ARRAY, etc convert ewah/bitmap code to use xmalloc diff_populate_gitlink: use a strbuf transport_anonymize_url: use xstrfmt git-compat-util: drop mempcpy compat code sequencer: simplify memory allocation of get_message test-path-utils: fix normalize_path_copy output buffer size fetch-pack: simplify add_sought_entry fast-import: simplify allocation in start_packfile write_untracked_extension: use FLEX_ALLOC helper prepare_{git,shell}_cmd: use argv_array use st_add and st_mult for allocation size computation convert trivial cases to FLEX_ARRAY macros use xmallocz to avoid size arithmetic convert trivial cases to ALLOC_ARRAY convert manual allocations to argv_array argv-array: add detach function add helpers for allocating flex-array structs harden REALLOC_ARRAY and xcalloc against size_t overflow tree-diff: catch integer overflow in combine_diff_path allocation ... 2016-02-22T22:51:09Z Jeff King peff@peff.net 2016-02-22T22:44:42Z urn:sha1:e0b837351084c3cb52c5acaf8a505835e631744a We perform unchecked additions when computing the size of a "struct ondisk_untracked_cache". This is unlikely to have an integer overflow in practice, but we'd like to avoid this dangerous pattern to make further audits easier. Note that there's one subtlety here, though. We protect ourselves against a NULL exclude_per_dir entry in our source, and avoid calling strlen() on it, keeping "len" at 0. But later, we unconditionally memcpy "len + 1" bytes to get the trailing NUL byte. If we did have a NULL exclude_per_dir, we would read from bogus memory. As it turns out, though, we always create this field pointing to a string literal, so there's no bug. We can just get rid of the pointless extra conditional. Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com> 2016-02-22T22:51:09Z Jeff King peff@peff.net 2016-02-22T22:44:35Z urn:sha1:50a6c8efa2bbeddf46ca34c7765024108202e04b If our size computation overflows size_t, we may allocate a much smaller buffer than we expected and overflow it. It's probably impossible to trigger an overflow in most of these sites in practice, but it is easy enough convert their additions and multiplications into overflow-checking variants. This may be fixing real bugs, and it makes auditing the code easier. Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com> 2016-02-22T22:51:09Z Jeff King peff@peff.net 2016-02-22T22:44:32Z urn:sha1:96ffc06f72f693d80f05059a1f0e5ca9007d5f1b Using FLEX_ARRAY macros reduces the amount of manual computation size we have to do. It also ensures we don't overflow size_t, and it makes sure we write the same number of bytes that we allocated. Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com> 2016-02-22T22:51:09Z Jeff King peff@peff.net 2016-02-22T22:44:28Z urn:sha1:3733e6946465d4a3a1d89026a5ec911d3af339ab We frequently allocate strings as xmalloc(len + 1), where the extra 1 is for the NUL terminator. This can be done more simply with xmallocz, which also checks for integer overflow. There's no case where switching xmalloc(n+1) to xmallocz(n) is wrong; the result is the same length, and malloc made no guarantees about what was in the buffer anyway. But in some cases, we can stop manually placing NUL at the end of the allocated buffer. But that's only safe if it's clear that the contents will always fill the buffer. In each case where this patch does so, I manually examined the control flow, and I tried to err on the side of caution. Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com> 2016-02-22T22:51:09Z Jeff King peff@peff.net 2016-02-22T22:44:25Z urn:sha1:b32fa95fd8293ebfecb2b7b6c8d460579318f9fe Each of these cases can be converted to use ALLOC_ARRAY or REALLOC_ARRAY, which has two advantages: 1. It automatically checks the array-size multiplication for overflow. 2. It always uses sizeof(*array) for the element-size, so that it can never go out of sync with the declared type of the array. Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com> 2016-02-15T23:32:33Z Nguyễn Thái Ngọc Duy pclouds@gmail.com 2016-02-15T09:03:39Z urn:sha1:d589a67eceacd1cc171bbe94906ca7c9a0edd8c5 If there is a pattern "!foo/bar", this patch makes it not exclude "foo" right away. This gives us a chance to examine "foo" and re-include "foo/bar". Helped-by: brian m. carlson <sandals@crustytoothpaste.net> Helped-by: Micha Wiedenmann <mw-u2@gmx.de> Signed-off-by: Nguyễn Thái Ngọc Duy <pclouds@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>