Commit Graph

46172 Commits

Author SHA1 Message Date
Junio C Hamano
7e02ec2c5d Merge branch 'jk/t6300-cleanup' into maint
A test that creates a confusing branch whose name is HEAD has been
corrected not to do so.

* jk/t6300-cleanup:
  t6300: avoid creating refs/heads/HEAD
2017-03-21 15:03:30 -07:00
Junio C Hamano
d6bc22e64b Merge branch 'rs/commit-parsing-optim' into maint
The code that parses header fields in the commit object has been
updated for (micro)performance and code hygiene.

* rs/commit-parsing-optim:
  commit: don't check for space twice when looking for header
  commit: be more precise when searching for headers
2017-03-21 15:03:29 -07:00
Junio C Hamano
93abd17871 Merge branch 'jk/show-branch-lift-name-len-limit' into maint
"git show-branch" expected there were only very short branch names
in the repository and used a fixed-length buffer to hold them
without checking for overflow.

* jk/show-branch-lift-name-len-limit:
  show-branch: use skip_prefix to drop magic numbers
  show-branch: store resolved head in heap buffer
  show-branch: drop head_len variable
2017-03-21 15:03:29 -07:00
Junio C Hamano
f63df942a3 Merge branch 'jk/tempfile-ferror-fclose-confusion' into maint
A caller of tempfile API that uses stdio interface to write to
files may ignore errors while writing, which is detected when
tempfile is closed (with a call to ferror()).  By that time, the
original errno that may have told us what went wrong is likely to
be long gone and was overwritten by an irrelevant value.
close_tempfile() now resets errno to EIO to make errno at least
predictable.

* jk/tempfile-ferror-fclose-confusion:
  tempfile: set errno to a known value before calling ferror()
2017-03-21 15:03:28 -07:00
Junio C Hamano
0d9f9424ad Merge branch 'rl/remote-allow-missing-branch-name-merge' into maint
"git remote rm X", when a branch has remote X configured as the
value of its branch.*.remote, tried to remove branch.*.remote and
branch.*.merge and failed if either is unset.

* rl/remote-allow-missing-branch-name-merge:
  remote: ignore failure to remove missing branch.<name>.merge
2017-03-21 15:03:28 -07:00
Junio C Hamano
d30ec1bece Merge branch 'dt/gc-ignore-old-gc-logs' into maint
A "gc.log" file left by a backgrounded "gc --auto" disables further
automatic gc; it has been taught to run at least once a day (by
default) by ignoring a stale "gc.log" file that is too old.

* dt/gc-ignore-old-gc-logs:
  gc: ignore old gc.log files
2017-03-21 15:03:28 -07:00
Junio C Hamano
f4470f2db0 Merge branch 'jt/upload-pack-error-report' into maint
"git upload-pack", which is a counter-part of "git fetch", did not
report a request for a ref that was not advertised as invalid.
This is generally not a problem (because "git fetch" will stop
before making such a request), but is the right thing to do.

* jt/upload-pack-error-report:
  upload-pack: report "not our ref" to client
2017-03-21 15:03:27 -07:00
Junio C Hamano
e36e28e697 Merge branch 'rs/sha1-file-plug-fallback-base-leak' into maint
A leak in a codepath to read from a packed object in (rare) cases
has been plugged.

* rs/sha1-file-plug-fallback-base-leak:
  sha1_file: release fallback base's memory in unpack_entry()
2017-03-21 15:03:27 -07:00
Junio C Hamano
d46d432577 Merge branch 'ss/remote-bzr-hg-placeholder-wo-python' into maint
There is no need for Python only to give a few messages to the
standard error stream, but we somehow did.

* ss/remote-bzr-hg-placeholder-wo-python:
  contrib: git-remote-{bzr,hg} placeholders don't need Python
2017-03-21 15:03:27 -07:00
Junio C Hamano
cc8e385a7c Merge branch 'jc/diff-populate-filespec-size-only-fix' into maint
"git diff --quiet" relies on the size field in diff_filespec to be
correctly populated, but diff_populate_filespec() helper function
made an incorrect short-cut when asked only to populate the size
field for paths that need to go through convert_to_git() (e.g. CRLF
conversion).

* jc/diff-populate-filespec-size-only-fix:
  diff: do not short-cut CHECK_SIZE_ONLY check in diff_populate_filespec()
2017-03-21 15:03:26 -07:00
Junio C Hamano
36238fc4a5 Merge branch 'jk/http-walker-buffer-underflow-fix' into maint
"Dumb http" transport used to misparse a nonsense http-alternates
response, which has been fixed.

* jk/http-walker-buffer-underflow-fix:
  http-walker: fix buffer underflow processing remote alternates
2017-03-21 15:03:25 -07:00
Junio C Hamano
1a61be2a52 Merge branch 'mg/status-porcelain-no-i18n' into maint
"git status --porcelain" is supposed to give a stable output, but a
few strings were left as translatable by mistake.

* mg/status-porcelain-no-i18n:
  git-status: make porcelain more robust
2017-03-21 15:03:25 -07:00
Junio C Hamano
5c6bc96896 Merge branch 'ps/docs-diffcore' into maint
Doc update.

* ps/docs-diffcore:
  docs/diffcore: unquote "Complete Rewrites" in headers
  docs/diffcore: fix grammar in diffcore-rename header
2017-03-21 15:03:25 -07:00
Junio C Hamano
c157ae9c91 Merge branch 'ew/markdown-url-in-readme' into maint
Doc update.

* ew/markdown-url-in-readme:
  README: create HTTP/HTTPS links from URLs in Markdown
2017-03-21 15:03:24 -07:00
Junio C Hamano
f56a4390ee Merge branch 'rj/remove-unused-mktemp' into maint
Code cleanup.

* rj/remove-unused-mktemp:
  wrapper.c: remove unused gitmkstemps() function
  wrapper.c: remove unused git_mkstemp() function
2017-03-21 15:03:24 -07:00
Junio C Hamano
06c0ed7bfb Merge branch 'jk/ewah-use-right-type-in-sizeof' into maint
Code clean-up.

* jk/ewah-use-right-type-in-sizeof:
  ewah: fix eword_t/uint64_t confusion
2017-03-21 15:03:24 -07:00
Junio C Hamano
1f6b1afea0 Git 2.12.1
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-03-20 13:17:08 -07:00
Ævar Arnfjörð Bjarmason
e4e016f65d push: mention "push.default=tracking" in the documentation
Change the documentation for push.tracking=* to re-include a mention
of what "tracking" does.

The "tracking" option was renamed to "upstream" back in
53c4031 ("push.default: Rename 'tracking' to 'upstream'", 2011-02-16),
this section was then subsequently rewritten in 87a70e4 ("config doc:
rewrite push.default section", 2013-06-19) to remove any mention of
"tracking".

Maybe we should just warn or die nowadays if this option is in the
config, but I had some old config of mine use this option, I'd
forgotten that it was a synonym, and nothing in git's documentation
mentioned that.

That's bad, either we shouldn't support it at all, or we should
document what it does. This patch does the latter.

Signed-off-by: Ævar Arnfjörð Bjarmason <avarab@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-03-20 10:59:43 -07:00
Nguyễn Thái Ngọc Duy
baced9e4e5 git-commit.txt: list post-rewrite in HOOKS section
The hook was added in a86ed83cce (Merge branch 'tr/notes-display' -
2010-03-24), which updated githooks.txt but not git-commit.txt.

git-commit.txt was later updated in e858af6d50 (commit: document a
couple of options - 2012-06-08). Since this commit focused on command
line options, this section was probably forgotten.

Signed-off-by: Nguyễn Thái Ngọc Duy <pclouds@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-03-20 10:53:29 -07:00
Ævar Arnfjörð Bjarmason
2c7ee986c7 doc: change erroneous --[no]-whatever into --[no-]whatever
Change these two obvious typos to be in line with the rest of the
documentation, which uses the correct --[no-]whatever form.

Signed-off-by: Ævar Arnfjörð Bjarmason <avarab@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-03-20 10:04:57 -07:00
SZEDER Gábor
f53c5de29c pickaxe: fix segfault with '-S<...> --pickaxe-regex'
'git {log,diff,...} -S<...> --pickaxe-regex' can segfault as a result
of out-of-bounds memory reads.

diffcore-pickaxe.c:contains() looks for all matches of the given regex
in a buffer in a loop, advancing the buffer pointer to the end of the
last match in each iteration.  When we switched to REG_STARTEND in
b7d36ffca (regex: use regexec_buf(), 2016-09-21), we started passing
the size of that buffer to the regexp engine, too.  Unfortunately,
this buffer size is never updated on subsequent iterations, and as the
buffer pointer advances on each iteration, this "bufptr+bufsize"
points past the end of the buffer.  This results in segmentation
fault, if that memory can't be accessed.  In case of 'git log' it can
also result in erroneously listed commits, if the memory past the end
of buffer is accessible and happens to contain data matching the
regex.

Reduce the buffer size on each iteration as the buffer pointer is
advanced, thus maintaining the correct end of buffer location.
Furthermore, make sure that the buffer pointer is not dereferenced in
the control flow statements when we already reached the end of the
buffer.

The new test is flaky, I've never seen it fail on my Linux box even
without the fix, but this is expected according to db5dfa3 (regex:
-G<pattern> feeds a non NUL-terminated string to regexec() and fails,
2016-09-21).  However, it did fail on Travis CI with the first (and
incomplete) version of the fix, and based on that commit message I
would expect the new test without the fix to fail most of the time on
Windows.

Signed-off-by: SZEDER Gábor <szeder.dev@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-03-18 12:22:33 -07:00
Jeff King
7b91929ba0 run-command: fix segfault when cleaning forked async process
Callers of the run-command API may mark a child as
"clean_on_exit"; it gets added to a list and killed when the
main process dies.  Since commit 46df6906f
(execv_dashed_external: wait for child on signal death,
2017-01-06), we respect an extra "wait_after_clean" flag,
which we expect to find in the child_process struct.

When Git is built with NO_PTHREADS, we start "struct
async" processes by forking rather than spawning a thread.
The resulting processes get added to the cleanup list but
they don't have a child_process struct, and the cleanup
function ends up dereferencing NULL.

We should notice this case and assume that the processes do
not need to be waited for (i.e., the same behavior they had
before 46df6906f).

Reported-by: Brandon Williams <bmwill@google.com>
Signed-off-by: Jeff King <peff@peff.net>
Reviewed-by: Jonathan Nieder <jrnieder@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-03-18 10:29:15 -07:00
René Scharfe
d41626ff9e shortlog: don't set after_subject to an empty string
The string after_subject is added to a strbuf by pp_title_line() if
it's not NULL.  Adding an empty string has the same effect as not
adding anything, but the latter is easier, so don't bother changing
the context member from NULL to "".

Signed-off-by: Rene Scharfe <l.s.r@web.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-03-18 10:28:45 -07:00
SZEDER Gábor
59210dd56c tests: make the 'test_pause' helper work in non-verbose mode
When the 'test_pause' helper function invokes the shell mid-test, it
explicitly redirects the shell's stdout and stderr to file descriptors
3 and 4, which are the stdout and stderr of the tests (i.e. where they
would be connected anyway without those redirections).  These file
descriptors are only attached to the terminal in verbose mode, hence
the restriction of 'test_pause' to work only with '-v'.

Redirect the shell's stdout and stderr to the test environment's
original stdout and stderr, allowing it to work properly even in
non-verbose mode, and the restriction can be lifted.

Signed-off-by: SZEDER Gábor <szeder.dev@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-03-18 10:18:22 -07:00
SZEDER Gábor
4ecae3c8c1 tests: create an interactive gdb session with the 'debug' helper
The 'debug' test helper is supposed to facilitate debugging by running
a command of the test suite under gdb.  Unfortunately, its usefulness
is severely limited, because that gdb session is not interactive,
since the test's, and thus gdb's standard input is redirected from
/dev/null (for a good reason, see 781f76b15 (test-lib: redirect stdin
of tests, 2011-12-15)).

Redirect gdb's standard file descriptors from/to the test
environment's stdin, stdout and stderr in the 'debug' helper, thus
creating an interactive gdb session (even in non-verbose mode), which
is much, much more useful.

Signed-off-by: SZEDER Gábor <szeder.dev@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-03-18 10:18:20 -07:00
René Scharfe
ba6746c08f revision: remove declaration of path_name()
The definition of path_name() was removed by 2824e1841 (list-objects:
pass full pathname to callbacks); remove its declaration as well.

Signed-off-by: Rene Scharfe <l.s.r@web.de>
Acked-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-03-18 10:15:03 -07:00
René Scharfe
e94eac49e6 http-push: don't check return value of lookup_unknown_object()
This function always returns a reference to an object, creating one if
needed, so remove the unnecessary NULL check.

Signed-off-by: Rene Scharfe <l.s.r@web.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-03-18 10:14:07 -07:00
René Scharfe
dce96c41f9 receive-pack: simplify run_update_post_hook()
Instead of counting the arguments to see if there are any and then
building the full command use a single loop and add the hook command
just before the first argument.  This reduces duplication and overall
code size.

Signed-off-by: Rene Scharfe <l.s.r@web.de>
Reviewed-by: Jonathan Nieder <jrnieder@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-03-18 10:13:09 -07:00
Stefan Beller
d4aae459cd wt-status: simplify by using for_each_string_list_item
Improve readability by using the for_each_string_list_item helper
instead of manually iterating with an integer counter.

Signed-off-by: Stefan Beller <sbeller@google.com>
Reviewed-by: Jonathan Nieder <jrnieder@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-03-17 10:32:45 -07:00
Junio C Hamano
7c9c2f8c39 Preparing for 2.12.1
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-03-16 14:01:20 -07:00
Junio C Hamano
2846ef3e27 Merge branch 'js/realpath-pathdup-fix' into maint
Git v2.12 was shipped with an embarrassing breakage where various
operations that verify paths given from the user stopped dying when
seeing an issue, and instead later triggering segfault.
... and then to down to 'maint'.

* js/realpath-pathdup-fix:
  real_pathdup(): fix callsites that wanted it to die on error
  t1501: demonstrate NULL pointer access with invalid GIT_WORK_TREE
2017-03-16 13:57:00 -07:00
Junio C Hamano
f989ac276d Merge branch 'mm/two-more-xstrfmt' into maint
Code clean-up and a string truncation fix.

* mm/two-more-xstrfmt:
  bisect_next_all: convert xsnprintf to xstrfmt
  stop_progress_msg: convert xsnprintf to xstrfmt
2017-03-16 13:56:43 -07:00
Junio C Hamano
3d0449ded8 Merge branch 'vn/line-log-memcpy-size-fix' into maint
The command-line parsing of "git log -L" copied internal data
structures using incorrect size on ILP32 systems.

* vn/line-log-memcpy-size-fix:
  line-log: use COPY_ARRAY to fix mis-sized memcpy
2017-03-16 13:56:42 -07:00
Junio C Hamano
c5bd9e5a97 Merge branch 'ax/line-log-range-merge-fix' into maint
The code to parse "git log -L..." command line was buggy when there
are many ranges specified with -L; overrun of the allocated buffer
has been fixed.

* ax/line-log-range-merge-fix:
  line-log.c: prevent crash during union of too many ranges
2017-03-16 13:56:42 -07:00
Junio C Hamano
abe62a403f Merge branch 'jk/add-i-patch-do-prompt' into maint
The patch subcommand of "git add -i" was meant to have paths
selection prompt just like other subcommand, unlike "git add -p"
directly jumps to hunk selection.  Recently, this was broken and
"add -i" lost the paths selection dialog, but it now has been
fixed.

* jk/add-i-patch-do-prompt:
  add--interactive: fix missing file prompt for patch mode with "-i"
2017-03-16 13:56:42 -07:00
Junio C Hamano
68e12d7d97 Merge branch 'jt/http-base-url-update-upon-redirect' into maint
When a redirected http transport gets an error during the
redirected request, we ignored the error we got from the server,
and ended up giving a not-so-useful error message.

* jt/http-base-url-update-upon-redirect:
  http: attempt updating base URL only if no error
2017-03-16 13:56:42 -07:00
Junio C Hamano
8e87cbc740 Merge branch 'js/travis-32bit-linux' into maint
Add 32-bit Linux variant to the set of platforms to be tested with
Travis CI.

* js/travis-32bit-linux:
  Travis: also test on 32-bit Linux
2017-03-16 13:56:42 -07:00
Junio C Hamano
890d76504c Merge branch 'jh/mingw-openssl-sha1' into maint
Windows port wants to use OpenSSL's implementation of SHA-1
routines, so let them.

* jh/mingw-openssl-sha1:
  mingw: use OpenSSL's SHA-1 routines
2017-03-16 13:56:41 -07:00
Junio C Hamano
d880bfd947 Merge branch 'jk/http-auth' into maint
Reduce authentication round-trip over HTTP when the server supports
just a single authentication method.

* jk/http-auth:
  http: add an "auto" mode for http.emptyauth
  http: restrict auth methods to what the server advertises
2017-03-16 13:56:41 -07:00
Jeff King
f20754802a index-pack: make pointer-alias fallbacks safer
The final() function accepts a NULL value for certain
parameters, and falls back to writing into a reusable "name"
buffer, and then either:

  1. For "keep_name", requiring all uses to do "keep_name ?
     keep_name : name.buf". This is awkward, and it's easy
     to accidentally look at the maybe-NULL keep_name.

  2. For "final_index_name" and "final_pack_name", aliasing
     those pointers to the "name" buffer. This is easier to
     use, but the aliased pointers become invalid after the
     buffer is reused (this isn't a bug now, but it's a
     potential pitfall).

One way to make this safer would be to introduce an extra
pointer to do the aliasing, and have its lifetime match the
validity of the "name" buffer. But it's still easy to
accidentally use the wrong name (i.e., to use
"final_pack_name" instead of the aliased pointer).

Instead, let's use three separate buffers that will remain
valid through the function. That makes it safe to alias the
pointers and use them consistently. The extra allocations
shouldn't matter, as this function is not performance
sensitive.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-03-16 11:33:43 -07:00
Jeff King
ba47a3088f replace snprintf with odb_pack_name()
In several places we write the name of the pack filename
into a fixed-size buffer using snprintf(), but do not check
the return value.  As a result, a very long object directory
could cause us to quietly truncate the pack filename
(potentially leading to a corrupted repository, as a newly
written packfile could be missing its .pack extension).

We can use odb_pack_name() to do this with a strbuf (and
shorten the code, as well).

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-03-16 11:26:18 -07:00
Jeff King
eaeefc3276 odb_pack_keep(): stop generating keepfile name
The odb_pack_keep() function generates the name of a .keep
file and opens it. This has two problems:

  1. It requires a fixed-size buffer to create the filename
     and doesn't notice when the result is truncated.

  2. Of the two callers, one sometimes wants to open a
     filename it already has, which makes things awkward (it
     has to do so manually, and skips the leading-directory
     creation).

Instead, let's have odb_pack_keep() just open the file.
Generating the name isn't hard, and a future patch will
switch callers over to odb_pack_name() anyway.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-03-16 11:17:00 -07:00
Jeff King
1cec8c634f sha1_file.c: make pack-name helper globally accessible
We provide sha1_pack_name() and sha1_pack_index_name(), but
the more generic form (which takes its own strbuf and an
arbitrary extension) is only used to implement the other
two.  Let's make it available, but clean up a few things:

  1. Name it odb_pack_name(), as the original
     sha1_get_pack_name() is long but not all that
     descriptive.

  2. Switch the strbuf argument to the beginning, so that it
     matches similar path-building functions like
     git_path_buf().

  3. Clean up the out-dated docstring and move it to the
     public declaration.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-03-16 11:05:17 -07:00
Jeff King
82c9d6614b move odb_* declarations out of git-compat-util.h
These functions were originally conceived as wrapper
functions similar to xmkstemp(). They were later moved by
463db9b10 (wrapper: move odb_* to environment.c,
2010-11-06). The more appropriate place for a declaration is
in cache.h.

While we're at it, let's add some basic docstrings.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-03-16 11:04:34 -07:00
Jeff King
ffddfc6328 rev-parse: simplify parsing of ref options
All of these options do the same thing "--foo" iterates over
the "foo" refs, and "--foo=<glob>" does the same with a
glob. We can factor this into its own function to avoid
repeating ourselves.

There are two subtleties to note:

  - the original called for_each_branch_ref(), etc, in the
    non-glob case. Now we will call for_each_ref_in("refs/heads/")
    which is exactly what for_each_branch_ref() did under
    the hood.

  - for --glob, we'll call for_each_glob_ref_in() with a
    NULL "prefix" argument. Which is exactly what
    for_each_glob_ref() was doing already.

So both cases should behave identically, and it seems
reasonable to assume that this will remain the same. The
functions we are calling now are the more-generic ones, and
the ones we are dropping are just convenience wrappers.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-03-15 14:02:36 -07:00
Jeff King
9d16ca65bb rev-parse: add helper for parsing "--foo/--foo="
We can't just use a bare skip_prefix() for these cases,
because we need to match both the "--foo" form and the
"--foo=<value>" form (and tell the difference between the
two in the caller).

We can wrap this in a simple helper which has two obvious
callsites, and will gain some more in the next patch.

Note that the error output for abbrev-ref changes slightly,
as we don't keep our original "arg" pointer. However, the
new output should hopefully be more clear:

  [before]
  fatal: unknown mode for --abbrev-ref=foo

  [after]
  fatal: unknown mode for --abbrev-ref: foo

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-03-15 14:01:51 -07:00
Jeff King
ef87cc79df rev-parse: use skip_prefix when parsing options
Using skip_prefix lets us avoid manually-counted offsets
into the argument string. This patch converts the simple and
obvious cases.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-03-15 14:00:28 -07:00
Stefan Beller
5ea304896e submodule-config: correct error reporting for invalid ignore value
As 'var' contains the whole value we get error messages that repeat
the section and key currently:

warning: Invalid parameter 'true' for config option 'submodule.submodule.plugins/hooks.ignore.ignore'

Fix this by only giving the section name in the warning.

Signed-off-by: Stefan Beller <sbeller@google.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-03-15 11:26:08 -07:00
Michael J Gruber
b9e2bc560a git-status: make porcelain more robust
git status provides a porcelain mode for porcelain writers with a
supposedly stable (plumbing) interface.
7a76c28ff2 ("status: disable translation when --porcelain is used", 2014-03-20)
made sure that ahead/behind info is not translated (i.e. is stable).

Make sure that the remaining two strings (initial commit, detached head)
are stable, too.

These changes are for the v1 porcelain interface. While we do have a perfectly
stable v2 porcelain interface now, some tools (such as
powerline-gitstatus) are written against v1 and profit from fixing v1
without any changes on their side.

Signed-off-by: Michael J Gruber <git@drmicha.warpmail.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-03-14 13:15:18 -07:00
Jeff King
d61434ae81 http-walker: fix buffer underflow processing remote alternates
If we parse a remote alternates (or http-alternates), we
expect relative lines like:

  ../../foo.git/objects

which we convert into "$URL/../foo.git/" (and then use that
as a base for fetching more objects).

But if the remote feeds us nonsense like just:

  ../

we will try to blindly strip the last 7 characters, assuming
they contain the string "objects". Since we don't _have_ 7
characters at all, this results in feeding a small negative
value to strbuf_add(), which converts it to a size_t,
resulting in a big positive value. This should consistently
fail (since we can't generall allocate the max size_t minus
7 bytes), so there shouldn't be any security implications.

Let's fix this by using strbuf_strip_suffix() to drop the
characters we want. If they're not present, we'll ignore the
alternate (in theory we could use it as-is, but the rest of
the http-walker code unconditionally tacks "objects/" back
on, so it is it not prepared to handle such a case).

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-03-13 10:20:29 -07:00