1. 21 Sep, 2018 1 commit
    • submodule: fix submodule names depending on config-owned memory · 0b9c68b1
      When populating the list of submodule names, we use the submodule
      configuration entry's name as the key in the map of submodule names.
      This creates a hidden dependency on the liveliness of the configuration
      that was used to parse the submodule, which is fragile and unexpected.
      
      Fix the issue by duplicating the string before writing it into the
      submodule name map.
      Patrick Steinhardt committed
  2. 19 Sep, 2018 2 commits
  3. 18 Sep, 2018 6 commits
  4. 17 Sep, 2018 4 commits
  5. 12 Sep, 2018 1 commit
    • path validation: `char` is not signed by default. · 44291868
      ARM treats its `char` type as `unsigned type` by default; as a result,
      testing a `char` value as being `< 0` is always false.  This is a
      warning on ARM, which is promoted to an error given our use of
      `-Werror`.
      
      Per ISO 9899:199, section "6.2.5 Types":
      
      > The three types char, signed char, and unsigned char are collectively
      > called the character types. The implementation shall define char to
      > have the same range, representation, and behavior as either signed
      > char or unsigned char.
      >
      ...
      
      > Irrespective of the choice made, char is a separate type from the other
      > two and is not compatible with either.
      Edward Thomson committed
  6. 09 Sep, 2018 1 commit
  7. 08 Sep, 2018 1 commit
  8. 07 Sep, 2018 2 commits
  9. 06 Sep, 2018 19 commits
  10. 05 Sep, 2018 1 commit
    • Prevent heap-buffer-overflow · d22cd1f4
      When running repack while doing repo writes, `packfile_load__cb()` can see some temporary files in the directory that are bigger than the usual, and makes `memcmp` overflow on the `p->pack_name` string. ASAN detected this. This just uses `strncmp`, that should not have any performance impact and is safe for comparing strings of different sizes.
      
      ```
      ERROR: AddressSanitizer: heap-buffer-overflow on address 0x61200001a3f3 at pc 0x7f4a9e1976ec bp 0x7ffc1f80e100 sp 0x7ffc1f80d8b0
      READ of size 89 at 0x61200001a3f3 thread T0
      SCARINESS: 26 (multi-byte-read-heap-buffer-overflow)
          #0 0x7f4a9e1976eb in __interceptor_memcmp.part.78 (/build/cfgr-admin#link-tree/libtools_build_sanitizers_asan-ubsan-py.so+0xcf6eb)
          #1 0x7f4a518c5431 in packfile_load__cb /build/libgit2/0.27.0/src/libgit2-0.27.0/src/odb_pack.c:213
          #2 0x7f4a518d9582 in git_path_direach /build/libgit2/0.27.0/src/libgit2-0.27.0/src/path.c:1134
          #3 0x7f4a518c58ad in pack_backend__refresh /build/libgit2/0.27.0/src/libgit2-0.27.0/src/odb_pack.c:347
          #4 0x7f4a518c1b12 in git_odb_refresh /build/libgit2/0.27.0/src/libgit2-0.27.0/src/odb.c:1511
          #5 0x7f4a518bff5f in git_odb__freshen /build/libgit2/0.27.0/src/libgit2-0.27.0/src/odb.c:752
          #6 0x7f4a518c17d4 in git_odb_stream_finalize_write /build/libgit2/0.27.0/src/libgit2-0.27.0/src/odb.c:1415
          #7 0x7f4a51b9d015 in Repository_write /build/pygit2/0.27.0/src/pygit2-0.27.0/src/repository.c:509
      ```
      bisho committed
  11. 03 Sep, 2018 2 commits