Commit Graph

3894 Commits

Author SHA1 Message Date
Junio C Hamano
253ce7a15c Merge branch 'jk/path-name-safety-2.4' into jk/path-name-safety-2.5
* jk/path-name-safety-2.4:
  list-objects: pass full pathname to callbacks
  list-objects: drop name_path entirely
  list-objects: convert name_path to a strbuf
  show_object_with_name: simplify by using path_name()
  http-push: stop using name_path
  tree-diff: catch integer overflow in combine_diff_path allocation
  add helpers for detecting size_t overflow
2016-03-16 10:41:43 -07:00
Jeff King
2824e1841b list-objects: pass full pathname to callbacks
When we find a blob at "a/b/c", we currently pass this to
our show_object_fn callbacks as two components: "a/b/" and
"c". Callbacks which want the full value then call
path_name(), which concatenates the two. But this is an
inefficient interface; the path is a strbuf, and we could
simply append "c" to it temporarily, then roll back the
length, without creating a new copy.

So we could improve this by teaching the callsites of
path_name() this trick (and there are only 3). But we can
also notice that no callback actually cares about the
broken-down representation, and simply pass each callback
the full path "a/b/c" as a string. The callback code becomes
even simpler, then, as we do not have to worry about freeing
an allocated buffer, nor rolling back our modification to
the strbuf.

This is theoretically less efficient, as some callbacks
would not bother to format the final path component. But in
practice this is not measurable. Since we use the same
strbuf over and over, our work to grow it is amortized, and
we really only pay to memcpy a few bytes.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-03-16 10:41:04 -07:00
Jeff King
dc06dc8800 list-objects: drop name_path entirely
In the previous commit, we left name_path as a thin wrapper
around a strbuf. This patch drops it entirely. As a result,
every show_object_fn callback needs to be adjusted. However,
none of their code needs to be changed at all, because the
only use was to pass it to path_name(), which now handles
the bare strbuf.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-03-16 10:41:03 -07:00
Junio C Hamano
11a458befc Sync with 2.4.10 2015-09-28 15:33:56 -07:00
Junio C Hamano
6343e2f6f2 Sync with 2.3.10 2015-09-28 15:28:31 -07:00
Jeff King
83c4d38017 merge-file: enforce MAX_XDIFF_SIZE on incoming files
The previous commit enforces MAX_XDIFF_SIZE at the
interfaces to xdiff: xdi_diff (which calls xdl_diff) and
ll_xdl_merge (which calls xdl_merge).

But we have another direct call to xdl_merge in
merge-file.c. If it were written today, this probably would
just use the ll_merge machinery. But it predates that code,
and uses slightly different options to xdl_merge (e.g.,
ZEALOUS_ALNUM).

We could try to abstract out an xdi_merge to match the
existing xdi_diff, but even that is difficult. Rather than
simply report error, we try to treat large files as binary,
and that distinction would happen outside of xdi_merge.

The simplest fix is to just replicate the MAX_XDIFF_SIZE
check in merge-file.c.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-09-28 14:58:13 -07:00
Jeff King
3efb988098 react to errors in xdi_diff
When we call into xdiff to perform a diff, we generally lose
the return code completely. Typically by ignoring the return
of our xdi_diff wrapper, but sometimes we even propagate
that return value up and then ignore it later.  This can
lead to us silently producing incorrect diffs (e.g., "git
log" might produce no output at all, not even a diff header,
for a content-level diff).

In practice this does not happen very often, because the
typical reason for xdiff to report failure is that it
malloc() failed (it uses straight malloc, and not our
xmalloc wrapper).  But it could also happen when xdiff
triggers one our callbacks, which returns an error (e.g.,
outf() in builtin/rerere.c tries to report a write failure
in this way). And the next patch also plans to add more
failure modes.

Let's notice an error return from xdiff and react
appropriately. In most of the diff.c code, we can simply
die(), which matches the surrounding code (e.g., that is
what we do if we fail to load a file for diffing in the
first place). This is not that elegant, but we are probably
better off dying to let the user know there was a problem,
rather than simply generating bogus output.

We could also just die() directly in xdi_diff, but the
callers typically have a bit more context, and can provide a
better message (and if we do later decide to pass errors up,
we're one step closer to doing so).

There is one interesting case, which is in diff_grep(). Here
if we cannot generate the diff, there is nothing to match,
and we silently return "no hits". This is actually what the
existing code does already, but we make it a little more
explicit.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-09-28 14:57:10 -07:00
Junio C Hamano
3d3caf0b78 Sync with 2.4.9 2015-09-04 10:43:23 -07:00
Junio C Hamano
ef0e938a1a Sync with 2.3.9 2015-09-04 10:34:19 -07:00
Junio C Hamano
8267cd11d6 Sync with 2.2.3 2015-09-04 10:29:28 -07:00
Jeff King
78f23bdf68 show-branch: use a strbuf for reflog descriptions
When we show "branch@{0}", we format into a fixed-size
buffer using sprintf. This can overflow if you have long
branch names. We can fix it by using a temporary strbuf.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-09-04 09:48:26 -07:00
Junio C Hamano
311e5ce2cc Merge branch 'dt/commit-preserve-base-index-upon-opportunistic-cache-tree-update' into maint
When re-priming the cache-tree opportunistically while committing
the in-core index as-is, we mistakenly invalidated the in-core
index too aggressively, causing the experimental split-index code
to unnecessarily rewrite the on-disk index file(s).

* dt/commit-preserve-base-index-upon-opportunistic-cache-tree-update:
  commit: don't rewrite shared index unnecessarily
2015-09-03 19:18:02 -07:00
Junio C Hamano
ae6ac8483b Merge branch 'jc/calloc-pathspec' into maint
Minor code cleanup.

* jc/calloc-pathspec:
  ps_matched: xcalloc() takes nmemb and then element size
2015-09-03 19:18:00 -07:00
Junio C Hamano
e654e3b574 Merge branch 'jk/rev-list-has-no-notes' into maint
"git rev-list" does not take "--notes" option, but did not complain
when one is given.

* jk/rev-list-has-no-notes:
  rev-list: make it obvious that we do not support notes
2015-09-03 19:17:53 -07:00
Junio C Hamano
03ea02771a Merge branch 'mh/get-remote-group-fix' into maint
An off-by-one error made "git remote" to mishandle a remote with a
single letter nickname.

* mh/get-remote-group-fix:
  get_remote_group(): use skip_prefix()
  get_remote_group(): eliminate superfluous call to strcspn()
  get_remote_group(): rename local variable "space" to "wordlen"
  get_remote_group(): handle remotes with single-character names
2015-09-03 19:17:48 -07:00
David Turner
475a34451f commit: don't rewrite shared index unnecessarily
Remove a cache invalidation which would cause the shared index to be
rewritten on as-is commits.

When the cache-tree has changed, we need to update it.  But we don't
necessarily need to update the shared index.  So setting
active_cache_changed to SOMETHING_CHANGED is unnecessary.  Instead, we
let update_main_cache_tree just update the CACHE_TREE_CHANGED bit.

In order to test this, make test-dump-split-index not segfault on
missing replace_bitmap/delete_bitmap.  This new codepath is not called
now that the test passes, but is necessary to avoid a segfault when the
new test is run with the old builtin/commit.c code.

Signed-off-by: David Turner <dturner@twopensource.com>
Acked-by: Nguyễn Thái Ngọc Duy <pclouds@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-08-31 08:41:07 -07:00
Junio C Hamano
52f6893d35 Merge branch 'jk/guess-repo-name-regression-fix' into maint
"git clone $URL" in recent releases of Git contains a regression in
the code that invents a new repository name incorrectly based on
the $URL.  This has been corrected.

* jk/guess-repo-name-regression-fix:
  clone: use computed length in guess_dir_name
  clone: add tests for output directory
2015-08-25 16:09:17 -07:00
Jeff King
2aea7a51a1 rev-list: make it obvious that we do not support notes
The rev-list command does not have the internal
infrastructure to display notes. Running:

  git rev-list --notes HEAD

will silently ignore the "--notes" option. Running:

  git rev-list --notes --grep=. HEAD

will crash on an assert. Running:

  git rev-list --format=%N HEAD

will place a literal "%N" in the output (it does not even
expand to an empty string).

Let's have rev-list tell the user that it cannot fill the
user's request, rather than silently producing wrong data.
Likewise, let's remove mention of the notes options from the
rev-list documentation.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-08-24 10:33:15 -07:00
Junio C Hamano
8b54c23437 ps_matched: xcalloc() takes nmemb and then element size
Even though multiplication is commutative, the order of arguments
should be xcalloc(nmemb, size).  ps_matched is an array of 1-byte
element whose size is the same as the number of pathspec elements.

Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-08-20 09:57:38 -07:00
Junio C Hamano
223b55a577 Merge branch 'sb/remove-unused-var-from-builtin-add' into maint
* sb/remove-unused-var-from-builtin-add:
  add: remove dead code
2015-08-19 14:41:33 -07:00
Junio C Hamano
d3ac359841 Merge branch 'ib/scripted-parse-opt-better-hint-string' into maint
The "rev-parse --parseopt" mode parsed the option specification
and the argument hint in a strange way to allow '=' and other
special characters in the option name while forbidding them from
the argument hint.  This made it impossible to define an option
like "--pair <key>=<value>" with "pair=key=value" specification,
which instead would have defined a "--pair=key <value>" option.

* ib/scripted-parse-opt-better-hint-string:
  rev-parse --parseopt: allow [*=?!] in argument hints
2015-08-19 14:41:29 -07:00
Junio C Hamano
7e7ce32f7a Merge branch 'db/send-pack-user-signingkey' into maint
The low-level "git send-pack" did not honor 'user.signingkey'
configuration variable when sending a signed-push.

* db/send-pack-user-signingkey:
  builtin/send-pack.c: respect user.signingkey
2015-08-19 14:41:26 -07:00
Junio C Hamano
17850efa5f Merge branch 'jx/do-not-crash-receive-pack-wo-head' into maint
An attempt to delete a ref by pushing into a repositorywhose HEAD
symbolic reference points at an unborn branch that cannot be
created due to ref D/F conflict (e.g. refs/heads/a/b exists, HEAD
points at refs/heads/a) failed.

* jx/do-not-crash-receive-pack-wo-head:
  receive-pack: crash when checking with non-exist HEAD
2015-08-19 14:41:26 -07:00
Jeff King
db2e220447 clone: use computed length in guess_dir_name
Commit 7e837c6 (clone: simplify string handling in
guess_dir_name(), 2015-07-09) changed clone to use
strip_suffix instead of hand-rolled pointer manipulation.
However, strip_suffix will strip from the end of a
NUL-terminated string, and we may have already stripped some
characters (like directory separators, or "/.git"). This
leads to commands like:

  git clone host:foo.git/

failing to strip the ".git".

We must instead convert our pointer arithmetic into a
computed length and feed that to strip_suffix_mem, which will
then reduce the length further for us.

It would be nicer if we could drop the pointer manipulation
entirely, and just continually strip using strip_suffix. But
that doesn't quite work for two reasons:

  1. The early suffixes we're stripping are not constant; we
     need to look for is_dir_sep, which could be one of
     several characters.

  2. Mid-way through the stripping we compute the pointer
     "start", which shows us the beginning of the pathname.
     Which really give us two lengths to work with: the
     offset from the start of the string, and from the start
     of the path. By using pointers for the early part, we
     can just compute the length from "start" when we need
     it.

Signed-off-by: Jeff King <peff@peff.net>
Acked-by: Sebastian Schuberth <sschuberth@gmail.com>
Signed-off-by: Patrick Steinhardt <ps@pks.im>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-08-10 11:01:05 -07:00
Junio C Hamano
de67af4a8f Merge branch 'ss/clone-guess-dir-name-simplify' into maint
Code simplification.

* ss/clone-guess-dir-name-simplify:
  clone: simplify string handling in guess_dir_name()
2015-08-03 10:41:33 -07:00
Junio C Hamano
0533a9b70c Merge branch 'mh/reporting-broken-refs-from-for-each-ref' into maint
"git for-each-ref" reported "missing object" for 0{40} when it
encounters a broken ref.  The lack of object whose name is 0{40} is
not the problem; the ref being broken is.

* mh/reporting-broken-refs-from-for-each-ref:
  read_loose_refs(): treat NULL_SHA1 loose references as broken
  read_loose_refs(): simplify function logic
  for-each-ref: report broken references correctly
  t6301: new tests of for-each-ref error handling
2015-08-03 10:41:31 -07:00
Stefan Beller
45abdee662 add: remove dead code
Signed-off-by: Stefan Beller <sbeller@google.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-07-31 08:49:33 -07:00
Michael Haggerty
bc598c32ae get_remote_group(): use skip_prefix()
Signed-off-by: Michael Haggerty <mhagger@alum.mit.edu>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-07-28 14:39:26 -07:00
Michael Haggerty
5f65499fa2 get_remote_group(): eliminate superfluous call to strcspn()
There is no need to call it if value is the empty string. This also
eliminates code duplication.

Signed-off-by: Michael Haggerty <mhagger@alum.mit.edu>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-07-28 14:39:24 -07:00
Michael Haggerty
e286542de0 get_remote_group(): rename local variable "space" to "wordlen"
Signed-off-by: Michael Haggerty <mhagger@alum.mit.edu>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-07-28 14:39:21 -07:00
Michael Haggerty
c26f7d7b26 get_remote_group(): handle remotes with single-character names
The code for splitting a whitespace-separated list of values in
"remotes.<name>" had an off-by-one error that caused it to skip over
remotes whose names consist of a single character.

Also remove unnecessary braces.

Signed-off-by: Michael Haggerty <mhagger@alum.mit.edu>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-07-28 14:39:10 -07:00
Junio C Hamano
3afcec9057 Merge branch 'ls/hint-rev-list-count' into maint
* ls/hint-rev-list-count:
  rev-list: add --count to usage guide
2015-07-27 12:21:47 -07:00
Junio C Hamano
726359be47 Merge branch 'jk/rev-list-no-bitmap-while-pruning' into maint
A minor bugfix when pack bitmap is used with "rev-list --count".

* jk/rev-list-no-bitmap-while-pruning:
  rev-list: disable --use-bitmap-index when pruning commits
2015-07-27 12:21:42 -07:00
Junio C Hamano
de62fe8c42 Merge branch 'jk/index-pack-reduce-recheck' into maint
Disable "have we lost a race with competing repack?" check while
receiving a huge object transfer that runs index-pack.

* jk/index-pack-reduce-recheck:
  index-pack: avoid excessive re-reading of pack directory
2015-07-27 12:21:38 -07:00
Jiang Xin
b112b14d78 receive-pack: crash when checking with non-exist HEAD
If HEAD of a repository points to a conflict reference, such as:

* There exist a reference named 'refs/heads/jx/feature1', but HEAD
  points to 'refs/heads/jx', or

* There exist a reference named 'refs/heads/feature', but HEAD points
  to 'refs/heads/feature/bad'.

When we push to delete a reference for this repo, such as:

        git push /path/to/bad-head-repo.git :some/good/reference

The git-receive-pack process will crash.

This is because if HEAD points to a conflict reference, the function
`resolve_refdup("HEAD", ...)` does not return a valid reference name,
but a null buffer.  Later matching the delete reference against the null
buffer will cause git-receive-pack crash.

Signed-off-by: Jiang Xin <worldhello.net@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-07-22 14:18:22 -07:00
Junio C Hamano
d830d395a1 builtin/send-pack.c: respect user.signingkey
When git-send-pack is exec'ed, as is done by git-remote-http, it
does not read the config, and configured value of user.signingkey is
ignored. Thus it was impossible to specify a signing key over HTTP,
other than the default key in the keyring having a User ID matching
the "Name <email>" format.

This patch at least partially fixes the problem by reading in the GPG
config from within send-pack. It does not address the related problem
of plumbing a value for this configuration option using
`git -c user.signingkey push ...`.

Signed-off-by: Dave Borowitz <dborowitz@google.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-07-21 15:24:27 -07:00
Junio C Hamano
697f67ac9f Merge branch 'mh/fsck-reflog-entries' into maint
"git fsck" used to ignore missing or invalid objects recorded in reflog.

* mh/fsck-reflog-entries:
  fsck: report errors if reflog entries point at invalid objects
  fsck_handle_reflog_sha1(): new function
2015-07-15 11:41:19 -07:00
Junio C Hamano
93eba05b4f Merge branch 'jc/do-not-feed-tags-to-clear-commit-marks' into maint
"git format-patch --ignore-if-upstream A..B" did not like to be fed
tags as boundary commits.

* jc/do-not-feed-tags-to-clear-commit-marks:
  format-patch: do not feed tags to clear_commit_marks()
2015-07-15 11:41:16 -07:00
Ilya Bobyr
2d893dff4c rev-parse --parseopt: allow [*=?!] in argument hints
A line in the input to "rev-parse --parseopt" describes an option by
listing a short and/or long name, optional flags [*=?!], argument hint,
and then whitespace and help string.

We did not allow any of the [*=?!] characters in the argument hints.
The following input

    pair=key=value  equals sign in the hint

used to generate a help line like this:

    --pair=key <value>   equals sign in the hint

and used to expect "pair=key" as the argument name.

That is not very helpful as we generally do not want any of the [*=?!]
characters in the argument names.  But we do want to use at least the
equals sign in the argument hints.

Update the parser to make long argument names stop at the first [*=?!]
character.

Add test case with equals sign in the argument hint and update the test
to perform all the operations in test_expect_success matching the
t/README requirements and allowing commands like

    ./t1502-rev-parse-parseopt.sh --run=1-2

to stop at the test case 2 without any further modification of the test
state area.

Signed-off-by: Ilya Bobyr <ilya.bobyr@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-07-15 10:30:54 -07:00
Junio C Hamano
799767cc98 Merge branch 'es/worktree-add'
Update to the "linked checkout" in 2.5.0-rc1.

Instead of "checkout --to" that does not do what "checkout"
normally does, move the functionality to "git worktree add".

* es/worktree-add: (24 commits)
  Revert "checkout: retire --ignore-other-worktrees in favor of --force"
  checkout: retire --ignore-other-worktrees in favor of --force
  worktree: add: auto-vivify new branch when <branch> is omitted
  worktree: add: make -b/-B default to HEAD when <branch> is omitted
  worktree: extract basename computation to new function
  checkout: require worktree unconditionally
  checkout: retire --to option
  tests: worktree: retrofit "checkout --to" tests for "worktree add"
  worktree: add -b/-B options
  worktree: add --detach option
  worktree: add --force option
  worktree: introduce "add" command
  checkout: drop 'checkout_opts' dependency from prepare_linked_checkout
  checkout: make --to unconditionally verbose
  checkout: prepare_linked_checkout: drop now-unused 'new' argument
  checkout: relocate --to's "no branch specified" check
  checkout: fix bug with --to and relative HEAD
  Documentation/git-worktree: add EXAMPLES section
  Documentation/git-worktree: add high-level 'lock' overview
  Documentation/git-worktree: split technical info from general description
  ...
2015-07-13 14:02:19 -07:00
Junio C Hamano
7783eb2e59 Merge branch 'nd/multiple-work-trees'
"git checkout [<tree-ish>] <paths>" spent unnecessary cycles
checking if the current branch was checked out elsewhere, when we
know we are not switching the branches ourselves.

* nd/multiple-work-trees:
  worktree: new place for "git prune --worktrees"
  checkout: don't check worktrees when not necessary
2015-07-13 14:02:02 -07:00
Junio C Hamano
721f5bb896 Merge branch 'ss/clone-guess-dir-name-simplify'
Code simplification.

* ss/clone-guess-dir-name-simplify:
  clone: simplify string handling in guess_dir_name()
2015-07-13 14:00:28 -07:00
Junio C Hamano
c925fe2368 Revert "checkout: retire --ignore-other-worktrees in favor of --force"
This reverts commit 0d1a151783.

When trying to switch to a different branch, that happens to be
checked out in another working tree, the user shouldn't have to
give up the other safety measures (like protecting the local changes
that overlap the difference between the branches) while defeating
the "no two checkouts of the same branch" safety.

Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-07-12 09:38:21 -07:00
Junio C Hamano
b3a30f6e0c Merge branch 'ls/hint-rev-list-count'
* ls/hint-rev-list-count:
  rev-list: add --count to usage guide
2015-07-10 14:26:13 -07:00
Junio C Hamano
ace6325ddf Merge branch 'jk/rev-list-no-bitmap-while-pruning'
A minor bugfix when pack bitmap is used with "rev-list --count".

* jk/rev-list-no-bitmap-while-pruning:
  rev-list: disable --use-bitmap-index when pruning commits
2015-07-10 14:26:12 -07:00
Junio C Hamano
0bf46af089 Merge branch 'jc/fix-alloc-sortbuf-in-index-pack'
A hotfix for what is in 2.5-rc but not in 2.4.

* jc/fix-alloc-sortbuf-in-index-pack:
  index-pack: fix allocation of sorted_by_pos array
2015-07-09 14:31:42 -07:00
Sebastian Schuberth
7e837c6477 clone: simplify string handling in guess_dir_name()
Signed-off-by: Sebastian Schuberth <sschuberth@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-07-09 14:21:29 -07:00
Eric Sunshine
0d1a151783 checkout: retire --ignore-other-worktrees in favor of --force
As a safeguard, checking out a branch already checked out by a different
worktree is disallowed. This behavior can be overridden with
--ignore-other-worktrees, however, this option is neither obvious nor
particularly discoverable. As a common safeguard override, --force is
more likely to come to mind. Therefore, overload it to also suppress the
check for a branch already checked out elsewhere.

Signed-off-by: Eric Sunshine <sunshine@sunshineco.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-07-07 14:34:46 -07:00
Eric Sunshine
1eb07d829f worktree: add: auto-vivify new branch when <branch> is omitted
As a convenience, when <branch> is omitted from "git worktree <path>
<branch>" and neither -b nor -B is used, automatically create a new
branch named after <path>, as if "-b $(basename <path>)" was specified.
Thus, "git worktree add ../hotfix" creates a new branch named "hotfix"
and associates it with new worktree "../hotfix".

Signed-off-by: Eric Sunshine <sunshine@sunshineco.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-07-07 14:34:32 -07:00
Eric Sunshine
0f4af3b9ea worktree: add: make -b/-B default to HEAD when <branch> is omitted
As a convenience, like "git branch" and "git checkout -b", make
"git worktree add -b <newbranch> <path> <branch>" default to HEAD when
<branch> is omitted.

Signed-off-by: Eric Sunshine <sunshine@sunshineco.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-07-06 11:07:48 -07:00