Commit Graph

65618 Commits

Author SHA1 Message Date
Junio C Hamano
9a329bdb49 Merge branch 'ab/reftable-build-fixes'
A few portability tweaks.

* ab/reftable-build-fixes:
  reftable tests: avoid "int" overflow, use "uint64_t"
  reftable: avoid initializing structs from structs
2022-01-14 15:25:15 -08:00
Junio C Hamano
31e3912369 Merge branch 'ab/refs-errno-cleanup'
A brown-paper-bag fix on top of a topic that was merged during this
cycle.

* ab/refs-errno-cleanup:
  refs API: use "failure_errno", not "errno"
2022-01-14 15:25:15 -08:00
Ævar Arnfjörð Bjarmason
22d2f70e85 reftable tests: avoid "int" overflow, use "uint64_t"
Change code added in 1ae2b8cda8 (reftable: add merged table view,
2021-10-07) to consistently use the "uint64_t" type. These "min" and
"max" variables get passed in the body of this function to a function
whose prototype is:

    [...] reftable_writer_set_limits([...], uint64_t min, uint64_t max

This avoids the following warning on SunCC 12.5 on
gcc211.fsffrance.org:

    "reftable/merged_test.c", line 27: warning: initializer does not fit or is out of range: 0xffffffff

Signed-off-by: Ævar Arnfjörð Bjarmason <avarab@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2022-01-13 13:39:09 -08:00
Han-Wen Nienhuys
f2b255141b reftable: avoid initializing structs from structs
Apparently, the IBM xlc compiler doesn't like this.

Signed-off-by: Han-Wen Nienhuys <hanwen@google.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2022-01-13 13:36:34 -08:00
Ævar Arnfjörð Bjarmason
cac15b3fb4 refs API: use "failure_errno", not "errno"
Fix a logic error in refs_resolve_ref_unsafe() introduced in a recent
series of mine to abstract the refs API away from errno. See
96f6623ada (Merge branch 'ab/refs-errno-cleanup', 2021-11-29)for that
series.

In that series introduction of "failure_errno" to
refs_resolve_ref_unsafe came in ef18119dec (refs API: add a version
of refs_resolve_ref_unsafe() with "errno", 2021-10-16). There we'd set
"errno = 0" immediately before refs_read_raw_ref(), and then set
"failure_errno" to "errno" if errno was non-zero afterwards.

Then in the next commit 8b72fea7e9 (refs API: make
refs_read_raw_ref() not set errno, 2021-10-16) we started expecting
"refs_read_raw_ref()" to set "failure_errno". It would do that if
refs_read_raw_ref() failed, but it wouldn't be the same errno.

So we might set the "errno" here to any arbitrary bad value, and end
up e.g. returning NULL when we meant to return the refname from
refs_resolve_ref_unsafe(), or the other way around. Instrumenting this
code will reveal cases where refs_read_raw_ref() will fail, and
"errno" and "failure_errno" will be set to different values.

In practice I haven't found a case where this scary bug changed
anything in practice. The reason for that is that we'll not care about
the actual value of "errno" here per-se, but only whether:

 1. We have an errno
 2. If it's one of ENOENT, EISDIR or ENOTDIR. See the adjacent code
    added in a1c1d8170d (refs_resolve_ref_unsafe: handle d/f
    conflicts for writes, 2017-10-06)

I.e. if we clobber "failure_errno" with "errno", but it happened to be
one of those three, and we'll clobber it with another one of the three
we were OK.

Perhaps there are cases where the difference ended up mattering, but I
haven't found them. Instrumenting the test suite to fail if "errno"
and "failure_errno" are different shows a lot of failures, checking if
they're different *and* one is but not the other is outside that list
of three "errno" values yields no failures.

But let's fix the obvious bug. We should just stop paying attention to
"errno" in refs_resolve_ref_unsafe(). In addition let's change the
partial resetting of "errno" in files_read_raw_ref() to happen just
before the "return", to ensure that any such bug will be more easily
spotted in the future.

Signed-off-by: Ævar Arnfjörð Bjarmason <avarab@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2022-01-13 10:53:54 -08:00
Junio C Hamano
1ffcbaa1a5 Last minute fixes before -rc1
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2022-01-12 16:27:08 -08:00
Junio C Hamano
12f82b0dd7 Merge branch 'ps/lockfile-cleanup-fix'
Some lockfile code called free() in signal-death code path, which
has been corrected.

* ps/lockfile-cleanup-fix:
  fetch: fix deadlock when cleaning up lockfiles in async signals
2022-01-12 15:11:43 -08:00
Junio C Hamano
453cef7455 Merge branch 'ma/header-dup-cleanup'
Code clean-up.

* ma/header-dup-cleanup:
  cache.h: drop duplicate `ensure_full_index()` declaration
2022-01-12 15:11:43 -08:00
Junio C Hamano
83ca08298e Merge branch 'fs/gpg-unknown-key-test-fix'
Test simplification.

* fs/gpg-unknown-key-test-fix:
  t/gpg: simplify test for unknown key
2022-01-12 15:11:42 -08:00
Junio C Hamano
2a72807f6d Merge branch 'ak/protect-any-current-branch'
* ak/protect-any-current-branch:
  branch: missing space fix at line 313
2022-01-12 15:11:41 -08:00
Junio C Hamano
c9c082850d Merge branch 'jt/pack-header-lshift-overflow'
* jt/pack-header-lshift-overflow:
  packfile: fix off-by-one error in decoding logic
2022-01-12 15:11:41 -08:00
Junio C Hamano
4e2e2a4ffe Merge branch 'rb/nonstop-lacks-uncompress2'
* rb/nonstop-lacks-uncompress2:
  build: NonStop ships with an older zlib
2022-01-12 15:11:41 -08:00
Junio C Hamano
a4510f8106 Merge branch 'ma/windows-dynload-fix'
Fix calling dynamically loaded functions on Windows.

* ma/windows-dynload-fix:
  lazyload: use correct calling conventions
2022-01-12 15:11:41 -08:00
Junio C Hamano
cde28af37b Merge branch 'fs/ssh-signing-key-lifetime'
"git merge $signed_tag" started to drop the tag message from the
default merge message it uses by accident, which has been corrected.

* fs/ssh-signing-key-lifetime:
  fmt-merge-msg: prevent use-after-free with signed tags
2022-01-12 15:11:41 -08:00
Randall S. Becker
68d1da41c4 build: NonStop ships with an older zlib
Notably, it lacks uncompress2(); use the fallback we ship in our
tree instead.

Signed-off-by: Randall S. Becker <rsbecker@nexbridge.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2022-01-12 12:17:29 -08:00
Junio C Hamano
a5c97b0164 packfile: fix off-by-one error in decoding logic
shift count being exactly at 7-bit smaller than the long is OK; on
32-bit architecture, shift count starts at 4 and goes through 11, 18
and 25, at which point the guard triggers one iteration too early.

Reported-by: Marc Strapetz <marc.strapetz@syntevo.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2022-01-12 12:14:49 -08:00
Fabian Stelzer
0517f591ca t/gpg: simplify test for unknown key
To test for a key that is completely unknown to the keyring we need one
to sign the commit with. This was done by generating a new key and not
add it into the keyring. To avoid the key generation overhead and
problems where GPG did hang in CI during it, switch GNUPGHOME to the
empty $GNUPGHOME_NOT_USED instead, therefore making all used keys unknown
for this single `verify-commit` call.

Reported-by: Ævar Arnfjörð Bjarmason <avarab@gmail.com>
Signed-off-by: Fabian Stelzer <fs@gigacodes.de>
Reviewed-by: Taylor Blau <me@ttaylorr.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2022-01-12 11:21:22 -08:00
Bagas Sanjaya
68d924e1de branch: missing space fix at line 313
The message introduced by commit 593a2a5d06 (branch: protect branches
checked out in all worktrees, 2021-12-01) is missing a space in the
first line, add it.

Signed-off-by: Bagas Sanjaya <bagasdotme@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2022-01-12 10:52:52 -08:00
Taylor Blau
c39fc06b99 fmt-merge-msg: prevent use-after-free with signed tags
When merging a signed tag, fmt_merge_msg_sigs() is responsible for
populating the body of the merge message with the names of the signed
tags, their signatures, and the validity of those signatures.

In 02769437e1 (ssh signing: use sigc struct to pass payload,
2021-12-09), check_signature() was taught to pass the object payload via
the sigc struct instead of passing the payload buffer separately.

In effect, 02769437e1 causes buf, and sigc.payload to point at the same
region in memory. This causes a problem for fmt_tag_signature(), which
wants to read from this location, since it is freed beforehand by
signature_check_clear() (which frees it via sigc's `payload` member).

That makes the subsequent use in fmt_tag_signature() a use-after-free.

As a result, merge messages did not contain the body of any signed tags.
Luckily, they tend not to contain garbage, either, since the result of
strstr()-ing the object buffer in fmt_tag_signature() is guarded:

    const char *tag_body = strstr(buf, "\n\n");
    if (tag_body) {
      tag_body += 2;
      strbuf_add(tagbuf, tag_body, buf + len - tag_body);
    }

Unfortunately, the tests in t6200 did not catch this at the time because
they do not search for the body of signed tags in fmt-merge-msg's
output.

Resolve this by waiting to call signature_check_clear() until after its
contents can be safely discarded. Harden ourselves against any future
regressions in this area by making sure we can find signed tag messages
in the output of fmt-merge-msg, too.

Reported-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Taylor Blau <me@ttaylorr.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2022-01-10 13:57:40 -08:00
Junio C Hamano
90d242d36e Git 2.35-rc0
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2022-01-10 11:52:57 -08:00
Junio C Hamano
6e22345591 Merge branch 'en/stash-df-fix'
"git stash apply" forgot to attempt restoring untracked files when
it failed to restore changes to tracked ones.

* en/stash-df-fix:
  stash: do not return before restoring untracked files
2022-01-10 11:52:57 -08:00
Junio C Hamano
27a70fa044 Merge branch 'ms/t-readme-typofix'
Typofix.

* ms/t-readme-typofix:
  t/README: fix typo
2022-01-10 11:52:56 -08:00
Junio C Hamano
c17de5a505 Merge branch 'ja/i18n-similar-messages'
Similar message templates have been consolidated so that
translators need to work on fewer number of messages.

* ja/i18n-similar-messages:
  i18n: turn even more messages into "cannot be used together" ones
  i18n: ref-filter: factorize "%(foo) atom used without %(bar) atom"
  i18n: factorize "--foo outside a repository"
  i18n: refactor "unrecognized %(foo) argument" strings
  i18n: factorize "no directory given for --foo"
  i18n: factorize "--foo requires --bar" and the like
  i18n: tag.c factorize i18n strings
  i18n: standardize "cannot open" and "cannot read"
  i18n: turn "options are incompatible" into "cannot be used together"
  i18n: refactor "%s, %s and %s are mutually exclusive"
  i18n: refactor "foo and bar are mutually exclusive"
2022-01-10 11:52:56 -08:00
Junio C Hamano
2c5410480e Merge branch 'en/merge-ort-renorm-with-rename-delete-conflict-fix'
A corner case bug in the ort merge strategy has been corrected.

* en/merge-ort-renorm-with-rename-delete-conflict-fix:
  merge-ort: fix bug with renormalization and rename/delete conflicts
2022-01-10 11:52:55 -08:00
Junio C Hamano
def8c6a05d Merge branch 'jc/doc-submitting-patches-choice-of-base'
Extend the guidance to choose the base commit to build your work
on, and hint/nudge contributors to read others' changes.

* jc/doc-submitting-patches-choice-of-base:
  SubmittingPatchs: clarify choice of base and testing
2022-01-10 11:52:55 -08:00
Junio C Hamano
9b6eda0785 Merge branch 'jl/subtree-check-parents-argument-passing-fix'
Fix performance-releated bug in "git subtree" (in contrib/).

* jl/subtree-check-parents-argument-passing-fix:
  subtree: fix argument handling in check_parents
2022-01-10 11:52:54 -08:00
Junio C Hamano
c0450ca098 Merge branch 'lh/use-gnu-color-in-grep'
The color palette used by "git grep" has been updated to match that
of GNU grep.

* lh/use-gnu-color-in-grep:
  grep: align default colors with GNU grep ones
2022-01-10 11:52:54 -08:00
Junio C Hamano
0669bdf4eb Merge branch 'js/branch-track-inherit'
"git -c branch.autosetupmerge=inherit branch new old" makes "new"
to have the same upstream as the "old" branch, instead of marking
"old" itself as its upstream.

* js/branch-track-inherit:
  config: require lowercase for branch.*.autosetupmerge
  branch: add flags and config to inherit tracking
  branch: accept multiple upstream branches for tracking
2022-01-10 11:52:54 -08:00
Junio C Hamano
4b51386bbf Merge branch 'ab/usage-die-message'
Code clean-up to hide vreportf() from public API.

* ab/usage-die-message:
  config API: use get_error_routine(), not vreportf()
  usage.c + gc: add and use a die_message_errno()
  gc: return from cmd_gc(), don't call exit()
  usage.c API users: use die_message() for error() + exit 128
  usage.c API users: use die_message() for "fatal :" + exit 128
  usage.c: add a die_message() routine
2022-01-10 11:52:53 -08:00
Junio C Hamano
bc61dbac77 Merge branch 'jz/apply-3-corner-cases'
"git apply --3way" bypasses the attempt to do a three-way
application in more cases to address the regression caused by the
recent change to use direct application as a fallback.

* jz/apply-3-corner-cases:
  git-apply: skip threeway in add / rename cases
2022-01-10 11:52:53 -08:00
Junio C Hamano
78e696c9dd Merge branch 'hn/reftable-fixes'
Assorted fixlets in reftable code.

* hn/reftable-fixes:
  reftable: support preset file mode for writing
  reftable: signal overflow
  reftable: fix typo in header
2022-01-10 11:52:52 -08:00
Junio C Hamano
626f2cabe6 Merge branch 'ab/reflog-prep'
Code refactoring in the reflog part of refs API.

* ab/reflog-prep:
  reflog + refs-backend: move "verbose" out of the backend
  refs files-backend: assume cb->newlog if !EXPIRE_REFLOGS_DRY_RUN
  reflog: reduce scope of "struct rev_info"
  reflog expire: don't use lookup_commit_reference_gently()
  reflog expire: refactor & use "tip_commit" only for UE_NORMAL
  reflog expire: use "switch" over enum values
  reflog: change one->many worktree->refnames to use a string_list
  reflog expire: narrow scope of "cb" in cmd_reflog_expire()
  reflog delete: narrow scope of "cmd" passed to count_reflog_ent()
2022-01-10 11:52:52 -08:00
Junio C Hamano
8ab404ea04 Merge branch 'ab/do-not-limit-stash-help-to-push'
"git stash" by default triggers its "push" action, but its
implementation also made "git stash -h" to show short help only for
"git stash push", which has been corrected.

* ab/do-not-limit-stash-help-to-push:
  stash: don't show "git stash push" usage on bad "git stash" usage
2022-01-10 11:52:52 -08:00
Junio C Hamano
077e120a1e Merge branch 'ab/makefile-hook-list-dependency-fix'
Fix dependency rules to generate hook-list.h header file.

* ab/makefile-hook-list-dependency-fix:
  Makefile: correct the dependency graph of hook-list.h
2022-01-10 11:52:52 -08:00
Junio C Hamano
114d64b783 Merge branch 'ab/makefile-pager-env-is-used-only-by-pager.c'
* ab/makefile-pager-env-is-used-only-by-pager.c:
  Makefile: move -DPAGER_ENV from BASIC_CFLAGS to EXTRA_CPPFLAGS
2022-01-10 11:52:51 -08:00
Junio C Hamano
43f196cec2 Merge branch 'ab/makefile-msgfmt-wo-stats'
Make the recipe that runs msgfmt less noisy.

* ab/makefile-msgfmt-wo-stats:
  Makefile: don't invoke msgfmt with --statistics
2022-01-10 11:52:51 -08:00
Junio C Hamano
01ea04f76e Merge branch 'hn/refs-debug-update'
Debugging support for refs API.

* hn/refs-debug-update:
  refs: centralize initialization of the base ref_store.
  refs: print error message in debug output
  refs: pass gitdir to packed_ref_store_create
2022-01-10 11:52:51 -08:00
Junio C Hamano
3c0e417827 Merge branch 'ds/fetch-pull-with-sparse-index'
"git fetch" and "git pull" are now declared sparse-index clean.
Also "git ls-files" learns the "--sparse" option to help debugging.

* ds/fetch-pull-with-sparse-index:
  test-read-cache: remove --table, --expand options
  t1091/t3705: remove 'test-tool read-cache --table'
  t1092: replace 'read-cache --table' with 'ls-files --sparse'
  ls-files: add --sparse option
  fetch/pull: use the sparse index
2022-01-10 11:52:50 -08:00
Junio C Hamano
b48c69c3c8 Merge branch 'hn/ref-api-tests-update'
Test updates.

* hn/ref-api-tests-update:
  t7004: use "test-tool ref-store" for reflog inspection
  t7004: create separate tags for different tests
  t5550: require REFFILES
  t5540: require REFFILES
2022-01-10 11:52:50 -08:00
Junio C Hamano
9dbb375f94 Merge branch 'jh/p4-remove-unused'
Remove a few commands from "git p4" that aren't very useful.

* jh/p4-remove-unused:
  git-p4: remove "rollback" verb
  git-p4: remove "debug" verb
2022-01-10 11:52:50 -08:00
Junio C Hamano
be69d35e48 Merge branch 'ja/perf-use-specified-shell'
Perf tests were run with end-user's shell, but it has been
corrected to use the shell specified by $TEST_SHELL_PATH.

* ja/perf-use-specified-shell:
  t/perf: do not run tests in user's $SHELL
2022-01-10 11:52:50 -08:00
Junio C Hamano
321f7f4fa4 Merge branch 'hn/test-ref-store-show-hash-algo'
Debugging support for refs API.

* hn/test-ref-store-show-hash-algo:
  test-ref-store: print hash algorithm
2022-01-10 11:52:50 -08:00
Junio C Hamano
98ab07ace5 Merge branch 'ws/fast-export-with-revision-options'
Use of certain "git rev-list" options with "git fast-export"
created nonsense results (the worst two of which being "--reverse"
and "--invert-grep --grep=<foo>").  The use of "--first-parent" is
made to behave a bit more sensible than before.

* ws/fast-export-with-revision-options:
  fast-export: fix surprising behavior with --first-parent
2022-01-10 11:52:50 -08:00
Junio C Hamano
b6f538f296 Merge branch 'js/l10n-mention-ngettext-early-in-readme'
Localization doc update.

* js/l10n-mention-ngettext-early-in-readme:
  l10n: README: call more attention to plural strings
2022-01-10 11:52:49 -08:00
Junio C Hamano
66f6c18e5b Merge branch 'jh/p4-human-unit-numbers'
The way "git p4" shows file sizes in its output has been updated to
use human-readable units.

* jh/p4-human-unit-numbers:
  git-p4: show progress as an integer
  git-p4: print size values in appropriate units
2022-01-10 11:52:49 -08:00
Junio C Hamano
09481fec21 Merge branch 'ds/sparse-checkout-malformed-pattern-fix'
Certain sparse-checkout patterns that are valid in non-cone mode
led to segfault in cone mode, which has been corrected.

* ds/sparse-checkout-malformed-pattern-fix:
  sparse-checkout: refuse to add to bad patterns
  sparse-checkout: fix OOM error with mixed patterns
  sparse-checkout: fix segfault on malformed patterns
2022-01-10 11:52:49 -08:00
Martin Ågren
97d6fb5a1f cache.h: drop duplicate ensure_full_index() declaration
There are two identical declarations of `ensure_full_index()` in
cache.h.

Commit 3964fc2aae ("sparse-index: add guard to ensure full index",
2021-03-30) provided an empty implementation of `ensure_full_index()`,
declaring it in a new file sparse-index.h. When commit 4300f8442a
("sparse-index: implement ensure_full_index()", 2021-03-30) fleshed out
the implementation, it added an identical declaration to cache.h.

Then 118a2e8bde ("cache: move ensure_full_index() to cache.h",
2021-04-01) favored having the declaration in cache.h. Because of the
double declaration, at that point we could have just dropped the one in
sparse-index.h, but instead it got moved to cache.h.

As a result, cache.h contains the exact same function declaration twice.
Drop the one under "/* Name hashing */", in favor of the one under
"/* Initialize and use the cache information */".

Signed-off-by: Martin Ågren <martin.agren@gmail.com>
Acked-by: Victoria Dye <vdye@github.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2022-01-10 11:30:33 -08:00
Matthias Aßhauer
4a9b204920 lazyload: use correct calling conventions
Christoph Reiter reported on the Git for Windows issue tracker[1], that
mingw_strftime() imports strftime() from ucrtbase.dll with the wrong
calling convention. It should be __cdecl instead of WINAPI, which we
always use in DECLARE_PROC_ADDR().

The MSYS2 project encountered cmake sefaults on x86 Windows caused by
the same issue in the cmake source. [2] There are no known git crashes
that where caused by this, yet, but we should try to prevent them.

We import two other non-WINAPI functions via DECLARE_PROC_ADDR(), too.

* NtSetSystemInformation() (NTAPI)
* GetUserNameExW()         (SEC_ENTRY)

NTAPI, SEC_ENTRY and WINAPI are all ususally defined as __stdcall,
but there are circumstances where they're defined differently.

Teach DECLARE_PROC_ADDR() about calling conventions and be explicit
about when we want to use which calling convention.

Import winnt.h for the definition of NTAPI and sspi.h for SEC_ENTRY
near their respective only users.

[1] https://github.com/git-for-windows/git/issues/3560
[2] https://github.com/msys2/MINGW-packages/issues/10152

Reported-By: Christoph Reiter <reiter.christoph@gmail.com>
Signed-off-by: Matthias Aßhauer <mha1993@live.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2022-01-09 10:34:53 -08:00
Patrick Steinhardt
58d4d7f1c5 fetch: fix deadlock when cleaning up lockfiles in async signals
When fetching packfiles, we write a bunch of lockfiles for the packfiles
we're writing into the repository. In order to not leave behind any
cruft in case we exit or receive a signal, we register both an exit
handler as well as signal handlers for common signals like SIGINT. These
handlers will then unlink the locks and free the data structure tracking
them. We have observed a deadlock in this logic though:

    (gdb) bt
    #0  __lll_lock_wait_private () at ../sysdeps/unix/sysv/linux/x86_64/lowlevellock.S:95
    #1  0x00007f4932bea2cd in _int_free (av=0x7f4932f2eb20 <main_arena>, p=0x3e3e4200, have_lock=0) at malloc.c:3969
    #2  0x00007f4932bee58c in __GI___libc_free (mem=<optimized out>) at malloc.c:2975
    #3  0x0000000000662ab1 in string_list_clear ()
    #4  0x000000000044f5bc in unlock_pack_on_signal ()
    #5  <signal handler called>
    #6  _int_free (av=0x7f4932f2eb20 <main_arena>, p=<optimized out>, have_lock=0) at malloc.c:4024
    #7  0x00007f4932bee58c in __GI___libc_free (mem=<optimized out>) at malloc.c:2975
    #8  0x000000000065afd5 in strbuf_release ()
    #9  0x000000000066ddb9 in delete_tempfile ()
    #10 0x0000000000610d0b in files_transaction_cleanup.isra ()
    #11 0x0000000000611718 in files_transaction_abort ()
    #12 0x000000000060d2ef in ref_transaction_abort ()
    #13 0x000000000060d441 in ref_transaction_prepare ()
    #14 0x000000000060e0b5 in ref_transaction_commit ()
    #15 0x00000000004511c2 in fetch_and_consume_refs ()
    #16 0x000000000045279a in cmd_fetch ()
    #17 0x0000000000407c48 in handle_builtin ()
    #18 0x0000000000408df2 in cmd_main ()
    #19 0x00000000004078b5 in main ()

The process was killed with a signal, which caused the signal handler to
kick in and try free the data structures after we have unlinked the
locks. It then deadlocks while calling free(3P).

The root cause of this is that it is not allowed to call certain
functions in async-signal handlers, as specified by signal-safety(7).
Next to most I/O functions, this list of disallowed functions also
includes memory-handling functions like malloc(3P) and free(3P) because
they may not be reentrant. As a result, if we execute such functions in
the signal handler, then they may operate on inconistent state and fail
in unexpected ways.

Fix this bug by not calling non-async-signal-safe functions when running
in the signal handler. We're about to re-raise the signal anyway and
will thus exit, so it's not much of a problem to keep the string list of
lockfiles untouched. Note that it's fine though to call unlink(2), so
we'll still clean up the lockfiles correctly.

Signed-off-by: Patrick Steinhardt <ps@pks.im>
Reviewed-by: brian m. carlson <sandals@crustytoothpaste.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2022-01-07 13:49:19 -08:00
Junio C Hamano
e83ba647f7 The seventh batch
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2022-01-05 14:01:31 -08:00