Commit Graph

60442 Commits

Author SHA1 Message Date
Ævar Arnfjörð Bjarmason
1d42b4d01c remote-mediawiki tests: use CLI installer
Replace the use of screen-scraping in the test environment
installation with simply invoking MediaWiki's command-line
installer.

The old code being deleted here relied on our own hardcoded POST
parameter names & the precise layout of MediaWiki's GUI installer at a
given version. Somewhere between [1] and now this inevitably broke.

As far as I can tell there was never a reason for this screen-scraping
hack, when [1] was introduced it hardcoded MediaWiki 1.19.0, the CLI
installer was introduced in 1.17.0. Perhaps the authors weren't aware
of it, or this code was written for an older version.

This allows us to simply delete our own template version of
LocalSettings.php, it'll instead be provided by the CLI installer.

While we're at it let's fix a few things, these changes weren't
practical to split up (I'd need to fix code I was about to mostly
delete)

  * Use MediaWiki's own defaults where possible, e.g. before we'd name
    the database "wikidb.sqlite", now we'll simply use whatever name
    MediaWiki prefers (currently my_wiki.sqlite) by only supplying the
    directory name the SQLite file will be dropped into, not the full
    path.

  * Put all of our database & download assets into a new "mediawiki/"
    folder. This makes it easier to reason about as the current &
    template "backup" database the tests keep swapping around live
    next to each other.

    This'll also prevent future potential breakage as there isn't a
    single SQLite database. MediaWiki also creates a job queue
    database and a couple of cache databases. In practice it seems we
    got away with not resetting these when we reset the main database,
    but it's the sort of thing that could break in the future (reset,
    main store doesn't have the article, but the cache does).

  * The "delete" function now only deletes the MediaWiki installation
    & database, not the downloaded .tar.gz file. This makes us
    friendlier to a developer on a slow connection.

1. 5ef6ad1785 ("git-remote-mediawiki: scripts to install, delete and
   clear a MediaWiki", 2012-07-06)

Signed-off-by: Ævar Arnfjörð Bjarmason <avarab@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2020-09-21 12:37:38 -07:00
Ævar Arnfjörð Bjarmason
2388541a77 remote-mediawiki tests: use inline PerlIO for readability
Replace the use of the "open" pragma with a three-arg open in the
places that actually care about UTF-8, while leaving those that
don't (the config parsing).

Unlike the previous "encoding" pragma change this isn't needed for
compatibility with anything. I just think it's easier to read code
that has localized effects than code that changes global settings.

Signed-off-by: Ævar Arnfjörð Bjarmason <avarab@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2020-09-21 12:37:38 -07:00
Ævar Arnfjörð Bjarmason
4f80bc9bc2 remote-mediawiki tests: replace deprecated Perl construct
The use of the encoding pragma has been a hard error since Perl
5.18 (released in 2013).

What this script really wanted to do was to decode @ARGV and write out
some files with the UTF-8 PerlIO layer. Let's just do that explicitly
instead.

This explicitly does not retain the previous UTF-8 semantics of the
script. The "encoding" pragma had all sorts of global effects (program
text being UTF-8, stdin/stdout etc.). But the only thing that was
required was decoding @ARGV and writing out UTF-8 data, which is
currently facilitated with the "open" pragma.

Signed-off-by: Ævar Arnfjörð Bjarmason <avarab@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2020-09-21 12:37:38 -07:00
Ævar Arnfjörð Bjarmason
dde66eb6f1 remote-mediawiki tests: use a more idiomatic dispatch table
Change the dispatch table code in test-gitmw.pl to use a hash where
subroutine references are the values. This is more obvious than a hash
where the values are strings we'll use to go searching around in the
symbol table for the function.

Signed-off-by: Ævar Arnfjörð Bjarmason <avarab@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2020-09-21 12:37:38 -07:00
Ævar Arnfjörð Bjarmason
9ff2958dd8 remote-mediawiki tests: use "$dir/" instead of "$dir."
Change UI messages to use "$dir/" instead of "$dir.". I think this is
less confusing when referring to an absolute directory path.

Signed-off-by: Ævar Arnfjörð Bjarmason <avarab@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2020-09-21 12:37:38 -07:00
Ævar Arnfjörð Bjarmason
730ecc10c7 remote-mediawiki tests: change [] to test
Convert `[]` to `test` and break if-then into separate lines, both of
which bring the style in line with Git's coding guidelines.

Signed-off-by: Ævar Arnfjörð Bjarmason <avarab@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2020-09-21 12:37:38 -07:00
Ævar Arnfjörð Bjarmason
090850e1b0 remote-mediawiki tests: use test_cmp in tests
Change code that used an ad-hoc "diff -b" invocation to use our
test_cmp helper instead. I'm also changing the order of arguments to
be the standard "test_cmp <expected> <actual>".

Using test_cmp has different semantics since the "-b" option to diff
causes it to ignore whitespace, but in these cases the use of "-b" was
just meaningless boilerplate. The desired semantics here are to
compare "git log" lines with know-good data, so we don't want to
ignore whitespace.

Signed-off-by: Ævar Arnfjörð Bjarmason <avarab@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2020-09-21 12:37:38 -07:00
Ævar Arnfjörð Bjarmason
128efae6dc remote-mediawiki tests: use a 10 character password
In more recent versions of MediaWiki this is a requirement, e.g. the
current stable version of 1.32.2.

The web installer now refuses our old 9 character password, the
command-line one (will be used in a subsequent change) will accept it,
but trying to use it in the web UI will emit an error asking the user
to reset the password. Let's use a password that'll just work and
allow us to log in as the admin user.

Signed-off-by: Ævar Arnfjörð Bjarmason <avarab@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2020-09-21 12:37:38 -07:00
Ævar Arnfjörð Bjarmason
5e87dceae0 remote-mediawiki tests: use the login/password variables
Change a hardcoded user/password for the corresponding variable
defined in contrib/mw-to-git/t/test.config.

Signed-off-by: Ævar Arnfjörð Bjarmason <avarab@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2020-09-21 12:37:38 -07:00
Ævar Arnfjörð Bjarmason
e35973b2c9 remote-mediawiki doc: don't hardcode Debian PHP versions
Change the hardcoded version 5 PHP versions to the version-agnostic
packages. Currently Debian stable's version is 7.3, and there's a
php7.3, php7.3-cli etc. package available (but no php5-*).

The corresponding version-less package is a dependency package which
depends on whatever the current stable version is. By not hardcoding
the version these instructions won't be out of date when the next
Debian/Ubuntu release happens.

Signed-off-by: Ævar Arnfjörð Bjarmason <avarab@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2020-09-21 12:37:38 -07:00
Ævar Arnfjörð Bjarmason
872977b10d remote-mediawiki doc: link to MediaWiki's current version
Amend a comment in the test.config file to point to the latest
upstream version, which makes it easier for the user to tweak this.

Signed-off-by: Ævar Arnfjörð Bjarmason <avarab@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2020-09-16 16:11:53 -07:00
Ævar Arnfjörð Bjarmason
442f5aaccc remote-mediawiki doc: correct link to GitHub project
Change the link to the canonical one, the old link redirects to the
new one.

Signed-off-by: Ævar Arnfjörð Bjarmason <avarab@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2020-09-16 16:11:53 -07:00
Junio C Hamano
54e85e7af1 Fourteenth batch
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2020-09-09 13:53:09 -07:00
Junio C Hamano
ff75e6c99c Merge branch 'os/vcbuild'
Fix build procedure for MSVC.

* os/vcbuild:
  contrib/buildsystems: fix expat library name for generated vcxproj
  vcbuild: fix batch file name in README
  vcbuild: fix library name for expat with make MSVC=1
2020-09-09 13:53:09 -07:00
Junio C Hamano
0df670bc0b Merge branch 'jt/interpret-branch-name-fallback'
"git status" has trouble showing where it came from by interpreting
reflog entries that recordcertain events, e.g. "checkout @{u}", and
gives a hard/fatal error.  Even though it inherently is impossible
to give a correct answer because the reflog entries lose some
information (e.g. "@{u}" does not record what branch the user was
on hence which branch 'the upstream' needs to be computed, and even
if the record were available, the relationship between branches may
have changed), at least hide the error to allow "status" show its
output.

* jt/interpret-branch-name-fallback:
  wt-status: tolerate dangling marks
  refs: move dwim_ref() to header file
  sha1-name: replace unsigned int with option struct
2020-09-09 13:53:09 -07:00
Junio C Hamano
7364aee138 Merge branch 'js/ci-squelch-false-failure'
CI noise reduction.

* js/ci-squelch-false-failure:
  ci: avoid ugly "failure" in the `ci-config` job
  ci: fix indentation of the `ci-config` job
2020-09-09 13:53:08 -07:00
Junio C Hamano
6e5f930fe2 Merge branch 'pb/imap-send-updates'
"git imap-send" updates.

* pb/imap-send-updates:
  git-imap-send.txt: add note about localized Gmail folders
  git-imap-send.txt: do verify SSL certificate for gmail.com
  git-imap-send.txt: don't duplicate 'Examples' sections
2020-09-09 13:53:08 -07:00
Junio C Hamano
c25fba986b Merge branch 'hv/ref-filter-misc'
The "--format=" option to the "for-each-ref" command and friends
learned a few more tricks, e.g. the ":short" suffix that applies to
"objectname" now also can be used for "parent", "tree", etc.

* hv/ref-filter-misc:
  ref-filter: add `sanitize` option for 'subject' atom
  pretty: refactor `format_sanitized_subject()`
  ref-filter: add `short` modifier to 'parent' atom
  ref-filter: add `short` modifier to 'tree' atom
  ref-filter: rename `objectname` related functions and fields
  ref-filter: modify error messages in `grab_objectname()`
  ref-filter: refactor `grab_objectname()`
  ref-filter: support different email formats
2020-09-09 13:53:07 -07:00
Junio C Hamano
9f7833fd55 Merge branch 'ss/submodule-summary-in-c-fixes'
Fixups to a topic in 'next'.

* ss/submodule-summary-in-c-fixes:
  t7421: eliminate 'grep' check in t7421.4 for mingw compatibility
  submodule: fix style in function definition
  submodule: eliminate unused parameters from print_submodule_summary()
2020-09-09 13:53:07 -07:00
Junio C Hamano
c1ce30d364 Merge branch 'so/separate-field-for-m-and-diff-merges'
Internal API clean-up to handle two options "diff-index" and "log"
have, which happen to share the same short form, more sensibly.

* so/separate-field-for-m-and-diff-merges:
  revision: add separate field for "-m" of "diff-index -m"
2020-09-09 13:53:07 -07:00
Junio C Hamano
eb7460fd31 Merge branch 'es/worktree-repair'
"git worktree" gained a "repair" subcommand to help users recover
after moving the worktrees or repository manually without telling
Git.  Also, "git init --separate-git-dir" no longer corrupts
administrative data related to linked worktrees.

* es/worktree-repair:
  init: make --separate-git-dir work from within linked worktree
  init: teach --separate-git-dir to repair linked worktrees
  worktree: teach "repair" to fix outgoing links to worktrees
  worktree: teach "repair" to fix worktree back-links to main worktree
  worktree: add skeleton "repair" command
2020-09-09 13:53:07 -07:00
Junio C Hamano
1aadb47aad Merge branch 'jk/worktree-check-clean-leakfix'
Leakfix.

* jk/worktree-check-clean-leakfix:
  worktree: fix leak in check_clean_worktree()
2020-09-09 13:53:07 -07:00
Junio C Hamano
a31677dde3 Merge branch 'tb/repack-clearing-midx'
When a packfile is removed by "git repack", multi-pack-index gets
cleared; the code was taught to do so less aggressively by first
checking if the midx actually refers to a pack that no longer
exists.

* tb/repack-clearing-midx:
  midx: traverse the local MIDX first
  builtin/repack.c: invalidate MIDX only when necessary
2020-09-09 13:53:06 -07:00
Junio C Hamano
bbdba3d883 Merge branch 'ss/submodule-summary-in-c'
Yet another subcommand of "git submodule" is getting rewritten in C.

* ss/submodule-summary-in-c:
  submodule: port submodule subcommand 'summary' from shell to C
  t7421: introduce a test script for verifying 'summary' output
  submodule: rename helper functions to avoid ambiguity
  submodule: remove extra line feeds between callback struct and macro
2020-09-09 13:53:05 -07:00
Orgad Shaneh
e58e40556f contrib/buildsystems: fix expat library name for generated vcxproj
expat.lib -> libexpat.lib (libexpatd.lib for debug build).

Signed-off-by: Orgad Shaneh <orgads@gmail.com>
Acked-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2020-09-08 14:50:00 -07:00
Junio C Hamano
3a238e539b Thirteenth batch
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2020-09-03 12:37:09 -07:00
Junio C Hamano
cd332b2a31 Merge branch 'pb/doc-external-diff-env'
Doc update.

* pb/doc-external-diff-env:
  git.txt: correct stale 'GIT_EXTERNAL_DIFF' description
2020-09-03 12:37:09 -07:00
Junio C Hamano
56b891ead1 Merge branch 'jk/xrealloc-avoid-use-after-free'
It was possible for xrealloc() to send a non-NULL pointer that has
been freed, which has been fixed.

* jk/xrealloc-avoid-use-after-free:
  xrealloc: do not reuse pointer freed by zero-length realloc()
2020-09-03 12:37:08 -07:00
Junio C Hamano
2f1757e60a Merge branch 'jc/post-checkout-doc'
Doc update.

* jc/post-checkout-doc:
  doc: clarify how exit status of post-checkout hook is used
2020-09-03 12:37:07 -07:00
Junio C Hamano
ed9d8331d2 Merge branch 'pb/doc-sequence-editor-configuration'
Doc update.

* pb/doc-sequence-editor-configuration:
  doc: mention GIT_SEQUENCE_EDITOR and 'sequence.editor' more
2020-09-03 12:37:06 -07:00
Junio C Hamano
da6b99c39a Merge branch 'hl/bisect-doc-clarify-bad-good-ordering'
Doc update.

* hl/bisect-doc-clarify-bad-good-ordering:
  bisect: swap command-line options in documentation
2020-09-03 12:37:06 -07:00
Junio C Hamano
b720ad266d Merge branch 'so/pretty-abbrev-doc'
Documentation update for "--no-abbrev-commit".

* so/pretty-abbrev-doc:
  pretty-options.txt: fix --no-abbrev-commit description
2020-09-03 12:37:06 -07:00
Junio C Hamano
b58e47a929 Merge branch 'mr/diff-hide-stat-wo-textual-change'
"git diff --stat -w" showed 0-line changes for paths whose changes
were only whitespaces, which was not intuitive.  We now omit such
paths from the stat output.

* mr/diff-hide-stat-wo-textual-change:
  diff: teach --stat to ignore uninteresting modifications
2020-09-03 12:37:05 -07:00
Junio C Hamano
b4100f366c Merge branch 'jt/lazy-fetch'
Updates to on-demand fetching code in lazily cloned repositories.

* jt/lazy-fetch:
  fetch: no FETCH_HEAD display if --no-write-fetch-head
  fetch-pack: remove no_dependents code
  promisor-remote: lazy-fetch objects in subprocess
  fetch-pack: do not lazy-fetch during ref iteration
  fetch: only populate existing_refs if needed
  fetch: avoid reading submodule config until needed
  fetch: allow refspecs specified through stdin
  negotiator/noop: add noop fetch negotiator
2020-09-03 12:37:04 -07:00
Junio C Hamano
3f02c0ad36 Merge branch 'jc/run-command-use-embedded-args'
Various callers of run_command API has been modernized.

* jc/run-command-use-embedded-args:
  run_command: teach API users to use embedded 'args' more
2020-09-03 12:37:04 -07:00
Junio C Hamano
18aff08e04 Merge branch 'jc/undash-in-tree-git-callers'
A handful of places in in-tree code still relied on being able to
execute the git subcommands, especially built-ins, in "git-foo"
form, which have been corrected.

* jc/undash-in-tree-git-callers:
  credential-cache: use child_process.args
  cvsexportcommit: do not run git programs in dashed form
  transport-helper: do not run git-remote-ext etc. in dashed form
2020-09-03 12:37:03 -07:00
Junio C Hamano
afd49c39dd Merge branch 'jk/slimmed-down'
Trim an unused binary and turn a bunch of commands into built-in.

* jk/slimmed-down:
  drop vcs-svn experiment
  make git-fast-import a builtin
  make git-bugreport a builtin
  make credential helpers builtins
  Makefile: drop builtins from MSVC pdb list
2020-09-03 12:37:02 -07:00
Junio C Hamano
cce5178c30 Merge branch 'pw/add-p-allowed-options-fix'
"git add -p" update.

* pw/add-p-allowed-options-fix:
  add -p: fix checking of user input
  add -p: use ALLOC_GROW_BY instead of ALLOW_GROW
2020-09-03 12:37:02 -07:00
Junio C Hamano
bdccf5e086 Merge branch 'jt/fetch-pack-loosen-validation-with-packfile-uri'
Bugfix for "git fetch" when the packfile URI capability is in use.

* jt/fetch-pack-loosen-validation-with-packfile-uri:
  fetch-pack: make packfile URIs work with transfer.fsckobjects
  fetch-pack: document only_packfile in get_pack()
  (various): document from_promisor parameter
2020-09-03 12:37:01 -07:00
Junio C Hamano
3cbff011b0 Merge branch 'ss/t7401-modernize'
Test clean-up.

* ss/t7401-modernize:
  t7401: add a NEEDSWORK
  t7401: change indentation for enhanced readability
  t7401: change syntax of test_i18ncmp calls for clarity
  t7401: use 'short' instead of 'verify' and cut in rev-parse calls
  t7401: modernize style
2020-09-03 12:37:01 -07:00
Junio C Hamano
9c31b19dd0 Merge branch 'pw/rebase-i-more-options'
"git rebase -i" learns a bit more options.

* pw/rebase-i-more-options:
  t3436: do not run git-merge-recursive in dashed form
  rebase: add --reset-author-date
  rebase -i: support --ignore-date
  rebase -i: support --committer-date-is-author-date
  am: stop exporting GIT_COMMITTER_DATE
  rebase -i: add --ignore-whitespace flag
2020-09-03 12:37:01 -07:00
Orgad Shaneh
3384a1ef78 vcbuild: fix batch file name in README
Signed-off-by: Orgad Shaneh <orgads@gmail.com>
Acked-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2020-09-03 10:19:48 -07:00
Orgad Shaneh
c2f3ef8d8f vcbuild: fix library name for expat with make MSVC=1
Signed-off-by: Orgad Shaneh <orgads@gmail.com>
Acked-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2020-09-03 10:19:42 -07:00
Jonathan Tan
f24c30e0b6 wt-status: tolerate dangling marks
When a user checks out the upstream branch of HEAD, the upstream branch
not being a local branch, and then runs "git status", like this:

  git clone $URL client
  cd client
  git checkout @{u}
  git status

no status is printed, but instead an error message:

  fatal: HEAD does not point to a branch

(This error message when running "git branch" persists even after
checking out other things - it only stops after checking out a branch.)

This is because "git status" reads the reflog when determining the "HEAD
detached" message, and thus attempts to DWIM "@{u}", but that doesn't
work because HEAD no longer points to a branch.

Therefore, when calculating the status of a worktree, tolerate dangling
marks. This is done by adding an additional parameter to
dwim_ref() and repo_dwim_ref().

Signed-off-by: Jonathan Tan <jonathantanmy@google.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2020-09-02 14:39:25 -07:00
Jonathan Tan
ec06b05568 refs: move dwim_ref() to header file
This makes it clear that dwim_ref() is just repo_dwim_ref() without the
first parameter.

Signed-off-by: Jonathan Tan <jonathantanmy@google.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2020-09-02 14:39:17 -07:00
Jonathan Tan
a4f66a7876 sha1-name: replace unsigned int with option struct
In preparation for a future patch adding a boolean parameter to
repo_interpret_branch_name(), which might be easily confused with an
existing unsigned int parameter, refactor repo_interpret_branch_name()
to take an option struct instead of the unsigned int parameter.

The static function interpret_branch_mark() is also updated to take the
option struct in preparation for that future patch, since it will also
make use of the to-be-introduced boolean parameter.

Signed-off-by: Jonathan Tan <jonathantanmy@google.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2020-09-02 14:39:17 -07:00
Jonathan Tan
db3c293ecd fetch: no FETCH_HEAD display if --no-write-fetch-head
887952b8c6 ("fetch: optionally allow disabling FETCH_HEAD update",
2020-08-18) introduced the ability to disable writing to FETCH_HEAD
during fetch, but did not suppress the "<source> -> FETCH_HEAD" message
when this ability is used. This message is misleading in this case,
because FETCH_HEAD is not written. Also, because "fetch" is used to
lazy-fetch missing objects in a partial clone, this significantly
clutters up the output in that case since the objects to be fetched are
potentially numerous.

Therefore, suppress this message when --no-write-fetch-head is passed
(but not when --dry-run is set).

Signed-off-by: Jonathan Tan <jonathantanmy@google.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2020-09-02 14:26:55 -07:00
Johannes Schindelin
2fcf7a8c65 ci: avoid ugly "failure" in the ci-config job
In the common case where users have _not_ pushed a `ci-config` branch to
configure which branches should be included in the GitHub workflow runs,
there is a big fat ugly annotation about a failure in the run's log:

	X Check failure on line 1 in .github

	  @github-actions github-actions / ci-config

	  .github#L1

	  Process completed with exit code 128.

The reason is that the `ci-config` job tries to clone that `ci-config`
branch, and even if it is configured to continue on error, the
annotation is displayed, and it is distracting.

Let's just handle this on the shell script level, so that the job's step
is not marked as a failure.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Acked-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2020-09-02 12:21:45 -07:00
Johannes Schindelin
b01aff8c1c ci: fix indentation of the ci-config job
The section added in e76eec3554 (ci: allow per-branch config for
GitHub Actions, 2020-05-07) contains a `&&`-chain that connects several
commands. The first command is actually so long that it stretches over
multiple lines, and as per usual, the continuation lines are indented one
more level than the first.

However, the subsequent commands in the `&&`-chain were also indented
one more level than the first command, which was almost certainly
unintended.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Acked-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2020-09-02 12:21:41 -07:00
Jeff King
6479ea4a8a xrealloc: do not reuse pointer freed by zero-length realloc()
This patch fixes a bug where xrealloc(ptr, 0) can double-free and
corrupt the heap on some platforms (including at least glibc).

The C99 standard says of malloc (section 7.20.3):

  If the size of the space requested is zero, the behavior is
  implementation-defined: either a null pointer is returned, or the
  behavior is as if the size were some nonzero value, except that the
  returned pointer shall not be used to access an object.

So we might get NULL back, or we might get an actual pointer (but we're
not allowed to look at its contents). To simplify our code, our
xmalloc() handles a NULL return by converting it into a single-byte
allocation. That way callers get consistent behavior. This was done way
back in 4e7a2eccc2 (?alloc: do not return NULL when asked for zero
bytes, 2005-12-29).

We also gave xcalloc() and xrealloc() the same treatment. And according
to C99, that is fine; the text above is in a paragraph that applies to
all three. But what happens to the memory we passed to realloc() in such
a case? I.e., if we do:

  ret = realloc(ptr, 0);

and "ptr" is non-NULL, but we get NULL back, is "ptr" still valid? C99
doesn't cover this case specifically, but says (section 7.20.3.4):

  The realloc function deallocates the old object pointed to by ptr and
  returns a pointer to a new object that has the size specified by size.

So "ptr" is now deallocated, and we must only look at "ret". And since
"ret" is NULL, that means we have no allocated object at all. But that's
not quite the whole story. It also says:

  If memory for the new object cannot be allocated, the old object is
  not deallocated and its value is unchanged.
  [...]
  The realloc function returns a pointer to the new object (which may
  have the same value as a pointer to the old object), or a null pointer
  if the new object could not be allocated.

So if we see a NULL return with a non-zero size, we can expect that the
original object _is_ still valid. But with a non-zero size, it's
ambiguous. The NULL return might mean a failure (in which case the
object is valid), or it might mean that we successfully allocated
nothing, and used NULL to represent that.

The glibc manpage for realloc() explicitly says:

  [...]if size is equal to zero, and ptr is not NULL, then the call is
  equivalent to free(ptr).

Likewise, this StackOverflow answer:

  https://stackoverflow.com/a/2135302

claims that C89 gave similar guidance (but I don't have a copy to verify
it). A comment on this answer:

  https://stackoverflow.com/a/2022410

claims that Microsoft's CRT behaves the same.

But our current "retry with 1 byte" code passes the original pointer
again. So on glibc, we effectively free() the pointer and then try to
realloc() it again, which is undefined behavior.

The simplest fix here is to just pass "ret" (which we know to be NULL)
to the follow-up realloc(). But that means that a system which _doesn't_
free the original pointer would leak it. It's not clear if any such
systems exist, and that interpretation of the standard seems unlikely
(I'd expect a system that doesn't deallocate to simply return the
original pointer in this case). But it's easy enough to err on the safe
side, and just never pass a zero size to realloc() at all.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2020-09-02 12:18:14 -07:00