1. 14 Nov, 2016 1 commit
  2. 11 Nov, 2016 2 commits
    • curl_stream: check for -1 after CURLINFO_LASTSOCKET · 5ca75fd5
      We're recently trying to upgrade to the current master of libgit2
      in Cargo but we're unfortunately hitting a segfault in one of our
      tests. This particular test is just a small smoke test that https
      works (e.g. it's configured in libgit2). It attempts to clone
      from a URL which simply immediately drops connections after
      they're accepted (e.g. terminate abnormally). We expect to see a
      standard error from libgit2 but unfortunately we're seeing a
      segfault.
      
      This segfault is happening inside of the `wait_for` function of
      `curl_stream.c` at the line `FD_SET(fd, &errfd)` because `fd` is
      -1. This ends up doing an out-of-bounds array access that faults
      the program. I tracked back to where this -1 came from to the
      line here (returned by `CURLINFO_LASTSOCKET`) and added a check
      to return an error.
      Alex Crichton committed
  3. 04 Nov, 2016 3 commits
  4. 02 Nov, 2016 9 commits
  5. 01 Nov, 2016 2 commits
  6. 31 Oct, 2016 6 commits
  7. 28 Oct, 2016 4 commits
    • pqueue: resolve possible NULL pointer dereference · 95fa3880
      The `git_pqueue` struct allows being fixed in its total number of
      entries. In this case, we simply throw away items that are
      inserted into the priority queue by examining wether the new item
      to be inserted has a higher priority than the previous smallest
      one.
      
      This feature somewhat contradicts our pqueue implementation in
      that it is allowed to not have a comparison function. In fact, we
      also fail to check if the comparison function is actually set in
      the case where we add a new item into a fully filled fixed-size
      pqueue.
      
      As we cannot determine which item is the smallest item in absence
      of a comparison function, we fix the `NULL` pointer dereference
      by simply dropping all new items which are about to be inserted
      into a full fixed-size pqueue.
      Patrick Steinhardt committed
    • coverity: only analyze the master branch of the main repository · 561276ee
      We used to only execute Coverity analysis on the 'development'
      branch before commit 998f0016 (Refine build limitation,
      2014-01-15), which refined Coverity build limitations. While we
      do not really use the 'development' branch anymore, it does
      still make sense to only analyze a single branch, as otherwise
      Coverity might get confused.
      
      Re-establish the restriction such that we only analyze libgit2's
      'master' branch. Also fix the message announcing why we do not
      actually analyze a certain build.
      Patrick Steinhardt committed
    • Merge pull request #3973 from pks-t/pks/memleak-fixes · e3298a33
      Trivial memory leak fixes in test suite
      Patrick Steinhardt committed
  8. 27 Oct, 2016 2 commits
  9. 16 Oct, 2016 1 commit
  10. 15 Oct, 2016 1 commit
  11. 12 Oct, 2016 1 commit
  12. 10 Oct, 2016 8 commits