1. 24 Jan, 2020 1 commit
  2. 20 Jul, 2019 1 commit
  3. 24 Jun, 2019 1 commit
  4. 15 Jun, 2019 1 commit
  5. 15 Feb, 2019 4 commits
    • strmap: introduce high-level setter for key/value pairs · 03555830
      Currently, one would use the function `git_strmap_insert` to insert key/value
      pairs into a map. This function has historically been a macro, which is why its
      syntax is kind of weird: instead of returning an error code directly, it instead
      has to be passed a pointer to where the return value shall be stored. This does
      not match libgit2's common idiom of directly returning error codes.
      
      Introduce a new function `git_strmap_set`, which takes as parameters the map,
      key and value and directly returns an error code. Convert all callers of
      `git_strmap_insert` to make use of it.
      Patrick Steinhardt committed
    • strmap: introduce `git_strmap_get` and use it throughout the tree · ef507bc7
      The current way of looking up an entry from a map is tightly coupled with the
      map implementation, as one first has to look up the index of the key and then
      retrieve the associated value by using the index. As a caller, you usually do
      not care about any indices at all, though, so this is more complicated than
      really necessary. Furthermore, it invites for errors to happen if the correct
      error checking sequence is not being followed.
      
      Introduce a new high-level function `git_strmap_get` that takes a map and a key
      and returns a pointer to the associated value if such a key exists. Otherwise,
      a `NULL` pointer is returned. Adjust all callers that can trivially be
      converted.
      Patrick Steinhardt committed
    • maps: provide a uniform entry count interface · 7e926ef3
      There currently exist two different function names for getting the entry count
      of maps, where offmaps offset and string maps use `num_entries` and OID maps use
      `size`. In most programming languages with built-in map types, this is simply
      called `size`, which is also shorter to type. Thus, this commit renames the
      other two functions `num_entries` to match the common way and adjusts all
      callers.
      Patrick Steinhardt committed
    • maps: use uniform lifecycle management functions · 351eeff3
      Currently, the lifecycle functions for maps (allocation, deallocation, resize)
      are not named in a uniform way and do not have a uniform function signature.
      Rename the functions to fix that, and stick to libgit2's naming scheme of saying
      `git_foo_new`. This results in the following new interface for allocation:
      
      - `int git_<t>map_new(git_<t>map **out)` to allocate a new map, returning an
        error code if we ran out of memory
      
      - `void git_<t>map_free(git_<t>map *map)` to free a map
      
      - `void git_<t>map_clear(git<t>map *map)` to remove all entries from a map
      
      This commit also fixes all existing callers.
      Patrick Steinhardt committed
  6. 25 Jan, 2019 1 commit
  7. 22 Jan, 2019 1 commit
  8. 01 Dec, 2018 1 commit
  9. 28 Nov, 2018 1 commit
  10. 02 Nov, 2018 2 commits
    • tree: fix integer overflow when reading unreasonably large filemodes · 7fafec0e
      The `parse_mode` option uses an open-coded octal number parser. The
      parser is quite naive in that it simply parses until hitting a character
      that is not in the accepted range of '0' - '7', completely ignoring the
      fact that we can at most accept a 16 bit unsigned integer as filemode.
      If the filemode is bigger than UINT16_MAX, it will thus overflow and
      provide an invalid filemode for the object entry.
      
      Fix the issue by using `git__strntol32` instead and doing a bounds
      check. As this function already handles overflows, it neatly solves the
      problem.
      
      Note that previously, `parse_mode` was also skipping the character
      immediately after the filemode. In proper trees, this should be a simple
      space, but in fact the parser accepted any character and simply skipped
      over it. As a consequence of using `git__strntol32`, we now need to an
      explicit check for a trailing whitespace after having parsed the
      filemode. Because of the newly introduced error message, the test
      object::tree::parse::mode_doesnt_cause_oob_read needs adjustment to its
      error message check, which in fact is a good thing as it demonstrates
      that we now fail looking for the whitespace immediately following the
      filemode.
      
      Add a test that shows that we will fail to parse such invalid filemodes
      now.
      Patrick Steinhardt committed
    • tree: fix mode parsing reading out-of-bounds · f647bbc8
      When parsing a tree entry's mode, we will eagerly parse until we hit a
      character that is not in the accepted set of octal digits '0' - '7'. If
      the provided buffer is not a NUL terminated one, we may thus read
      out-of-bounds.
      
      Fix the issue by passing the buffer length to `parse_mode` and paying
      attention to it. Note that this is not a vulnerability in our usual code
      paths, as all object data read from the ODB is NUL terminated.
      Patrick Steinhardt committed
  11. 08 Oct, 2018 1 commit
    • tree: unify the entry validity checks · fd490d3e
      We have two similar functions, `git_treebuilder_insert` and `append_entry` which
      are used in different codepaths as part of creating a new tree. The former
      learnt to check for object existence under strict object creation, but the
      latter did not.
      
      This allowed the creation of a tree from an unowned index to bypass some of the
      checks and create a tree pointing to a nonexistent object.
      
      Extract a single function which performs these checks and call it from both
      codepaths. In `append_entry` we still do not validate when asked not to, as this
      is data which is already in the tree and we want to allow users to deal with
      repositories which already have some invalid data.
      Carlos Martín Nieto committed
  12. 27 Jul, 2018 1 commit
  13. 18 Jul, 2018 1 commit
    • tree: accept null ids in existing trees when updating · 2dff7e28
      When we add entries to a treebuilder we validate them. But we validate even
      those that we're adding because they exist in the base tree. This disables
      using the normal mechanisms on these trees, even to fix them.
      
      Keep track of whether the entry we're appending comes from an existing tree and
      bypass the name and id validation if it's from existing data.
      Carlos Martín Nieto committed
  14. 22 Jun, 2018 1 commit
    • tree: implement function to parse raw data · 73bd6411
      Currently, parsing objects is strictly tied to having an ODB object
      available. This makes it hard to parse an object when all that is
      available is its raw object and size. Furthermore, hacking around that
      limitation by directly creating an ODB structure either on stack or on
      heap does not really work that well due to ODB objects being reference
      counted and then automatically free'd when reaching a reference count of
      zero.
      
      Implement a function `git_tree__parse_raw` to parse a tree object from a
      pair of `data` and `size`.
      Patrick Steinhardt committed
  15. 15 Jun, 2018 2 commits
  16. 10 Jun, 2018 1 commit
  17. 23 May, 2018 1 commit
  18. 16 Feb, 2018 1 commit
    • Explicitly mark fallthrough cases with comments · 06b8a40f
      A lot of compilers nowadays generate warnings when there are cases in a
      switch statement which implicitly fall through to the next case. To
      avoid this warning, the last line in the case that is falling through
      can have a comment matching a regular expression, where one possible
      comment body would be `/* fall through */`.
      
      An alternative to the comment would be an explicit attribute like e.g.
      `[[clang::fallthrough]` or `__attribute__ ((fallthrough))`. But GCC only
      introduced support for such an attribute recently with GCC 7. Thus, and
      also because the fallthrough comment is supported by most compilers, we
      settle for using comments instead.
      
      One shortcoming of that method is that compilers are very strict about
      that. Most interestingly, that comment _really_ has to be the last line.
      In case a closing brace follows the comment, the heuristic will fail.
      Patrick Steinhardt committed
  19. 26 Jan, 2018 1 commit
    • tree: reject writing null-OID entries to a tree · c0487bde
      In commit a96d3cc3f (cache-tree: reject entries with null sha1,
      2017-04-21), the git.git project has changed its stance on null OIDs in
      tree objects. Previously, null OIDs were accepted in tree entries to
      help tools repair broken history. This resulted in some problems though
      in that many code paths mistakenly passed null OIDs to be added to a
      tree, which was not properly detected.
      
      Align our own code base according to the upstream change and reject
      writing tree entries early when the OID is all-zero.
      Patrick Steinhardt committed
  20. 31 Dec, 2017 1 commit
  21. 03 Jul, 2017 1 commit
    • Make sure to always include "common.h" first · 0c7f49dd
      Next to including several files, our "common.h" header also declares
      various macros which are then used throughout the project. As such, we
      have to make sure to always include this file first in all
      implementation files. Otherwise, we might encounter problems or even
      silent behavioural differences due to macros or defines not being
      defined as they should be. So in fact, our header and implementation
      files should make sure to always include "common.h" first.
      
      This commit does so by establishing a common include pattern. Header
      files inside of "src" will now always include "common.h" as its first
      other file, separated by a newline from all the other includes to make
      it stand out as special. There are two cases for the implementation
      files. If they do have a matching header file, they will always include
      this one first, leading to "common.h" being transitively included as
      first file. If they do not have a matching header file, they instead
      include "common.h" as first file themselves.
      
      This fixes the outlined problems and will become our standard practice
      for header and source files inside of the "src/" from now on.
      Patrick Steinhardt committed
  22. 28 Mar, 2017 3 commits
  23. 17 Feb, 2017 2 commits
  24. 29 Dec, 2016 1 commit
  25. 12 Dec, 2016 1 commit
    • write_tree: use shared buffer for writing trees · 87aaefe2
      The function to write trees allocates a new buffer for each tree.
      This causes problems with performance when performing a lot
      of actions involving writing trees, e.g. when doing many merges.
      Fix the issue by instead handing in a shared buffer, which is then
      re-used across the calls without having to re-allocate between
      calls.
      Michael Tesch committed
  26. 14 Nov, 2016 3 commits
  27. 07 Oct, 2016 1 commit
  28. 24 May, 2016 1 commit
  29. 19 May, 2016 2 commits