1. 14 Jul, 2022 1 commit
  2. 20 Jun, 2022 1 commit
  3. 15 Jun, 2022 1 commit
  4. 10 Apr, 2022 1 commit
    • tree: move git_oid into tree entry · ab042161
      A tree entry previously pointed directly into the object id within the
      tree object itself; this is useful to avoid any unnecessary memory copy
      (and an unnecessary use of 40 bytes per tree entry) but difficult if we
      change the underlying `git_oid` object to not simply be a raw object id
      but have additional structure.
      
      This commit moves the `git_oid` directly into the tree entry; this
      simplifies the tree entry creation from user data.  We now copy the
      `git_oid` into place when parsing.
      Edward Thomson committed
  5. 23 Feb, 2022 1 commit
  6. 05 Jan, 2022 1 commit
  7. 01 Dec, 2021 1 commit
    • object: return GIT_EINVALID on parse errors · fc1a3f45
      Return `GIT_EINVALID` on parse errors so that direct callers of parse
      functions can determine when there was a failure to parse the object.
      
      The object parser functions will swallow this error code to prevent it
      from propagating down the chain to end-users.  (`git_merge` should not
      return `GIT_EINVALID` when a commit it tries to look up is not valid,
      this would be too vague to be useful.)
      
      The only public function that this affects is
      `git_signature_from_buffer`, which is now documented as returning
      `GIT_EINVALID` when appropriate.
      Edward Thomson committed
  8. 09 Nov, 2021 2 commits
  9. 17 Oct, 2021 1 commit
    • str: introduce `git_str` for internal, `git_buf` is external · f0e693b1
      libgit2 has two distinct requirements that were previously solved by
      `git_buf`.  We require:
      
      1. A general purpose string class that provides a number of utility APIs
         for manipulating data (eg, concatenating, truncating, etc).
      2. A structure that we can use to return strings to callers that they
         can take ownership of.
      
      By using a single class (`git_buf`) for both of these purposes, we have
      confused the API to the point that refactorings are difficult and
      reasoning about correctness is also difficult.
      
      Move the utility class `git_buf` to be called `git_str`: this represents
      its general purpose, as an internal string buffer class.  The name also
      is an homage to Junio Hamano ("gitstr").
      
      The public API remains `git_buf`, and has a much smaller footprint.  It
      is generally only used as an "out" param with strict requirements that
      follow the documentation.  (Exceptions exist for some legacy APIs to
      avoid breaking callers unnecessarily.)
      
      Utility functions exist to convert a user-specified `git_buf` to a
      `git_str` so that we can call internal functions, then converting it
      back again.
      Edward Thomson committed
  10. 25 Aug, 2021 1 commit
  11. 14 Apr, 2021 1 commit
  12. 04 Mar, 2021 1 commit
    • tree: deprecate `git_treebuilder_write_with_buffer` · 7eb21516
      The function `git_treebuilder_write_with_buffer` is unnecessary; it
      is used internally as part of treebuilder writing, but it has little
      use to external callers.  For callers that repeatedly write a
      treebuilder, we can supply them with a buffer in the treebuilder struct
      instead of recreating it.  For ourselves, when we want a single buffer
      in our write loop, we can use an internal function.
      Edward Thomson committed
  13. 27 Nov, 2020 1 commit
  14. 24 Jan, 2020 1 commit
  15. 20 Jul, 2019 1 commit
  16. 24 Jun, 2019 1 commit
  17. 15 Jun, 2019 1 commit
  18. 15 Feb, 2019 4 commits
    • strmap: introduce high-level setter for key/value pairs · 03555830
      Currently, one would use the function `git_strmap_insert` to insert key/value
      pairs into a map. This function has historically been a macro, which is why its
      syntax is kind of weird: instead of returning an error code directly, it instead
      has to be passed a pointer to where the return value shall be stored. This does
      not match libgit2's common idiom of directly returning error codes.
      
      Introduce a new function `git_strmap_set`, which takes as parameters the map,
      key and value and directly returns an error code. Convert all callers of
      `git_strmap_insert` to make use of it.
      Patrick Steinhardt committed
    • strmap: introduce `git_strmap_get` and use it throughout the tree · ef507bc7
      The current way of looking up an entry from a map is tightly coupled with the
      map implementation, as one first has to look up the index of the key and then
      retrieve the associated value by using the index. As a caller, you usually do
      not care about any indices at all, though, so this is more complicated than
      really necessary. Furthermore, it invites for errors to happen if the correct
      error checking sequence is not being followed.
      
      Introduce a new high-level function `git_strmap_get` that takes a map and a key
      and returns a pointer to the associated value if such a key exists. Otherwise,
      a `NULL` pointer is returned. Adjust all callers that can trivially be
      converted.
      Patrick Steinhardt committed
    • maps: provide a uniform entry count interface · 7e926ef3
      There currently exist two different function names for getting the entry count
      of maps, where offmaps offset and string maps use `num_entries` and OID maps use
      `size`. In most programming languages with built-in map types, this is simply
      called `size`, which is also shorter to type. Thus, this commit renames the
      other two functions `num_entries` to match the common way and adjusts all
      callers.
      Patrick Steinhardt committed
    • maps: use uniform lifecycle management functions · 351eeff3
      Currently, the lifecycle functions for maps (allocation, deallocation, resize)
      are not named in a uniform way and do not have a uniform function signature.
      Rename the functions to fix that, and stick to libgit2's naming scheme of saying
      `git_foo_new`. This results in the following new interface for allocation:
      
      - `int git_<t>map_new(git_<t>map **out)` to allocate a new map, returning an
        error code if we ran out of memory
      
      - `void git_<t>map_free(git_<t>map *map)` to free a map
      
      - `void git_<t>map_clear(git<t>map *map)` to remove all entries from a map
      
      This commit also fixes all existing callers.
      Patrick Steinhardt committed
  19. 25 Jan, 2019 1 commit
  20. 22 Jan, 2019 1 commit
  21. 01 Dec, 2018 1 commit
  22. 28 Nov, 2018 1 commit
  23. 02 Nov, 2018 2 commits
    • tree: fix integer overflow when reading unreasonably large filemodes · 7fafec0e
      The `parse_mode` option uses an open-coded octal number parser. The
      parser is quite naive in that it simply parses until hitting a character
      that is not in the accepted range of '0' - '7', completely ignoring the
      fact that we can at most accept a 16 bit unsigned integer as filemode.
      If the filemode is bigger than UINT16_MAX, it will thus overflow and
      provide an invalid filemode for the object entry.
      
      Fix the issue by using `git__strntol32` instead and doing a bounds
      check. As this function already handles overflows, it neatly solves the
      problem.
      
      Note that previously, `parse_mode` was also skipping the character
      immediately after the filemode. In proper trees, this should be a simple
      space, but in fact the parser accepted any character and simply skipped
      over it. As a consequence of using `git__strntol32`, we now need to an
      explicit check for a trailing whitespace after having parsed the
      filemode. Because of the newly introduced error message, the test
      object::tree::parse::mode_doesnt_cause_oob_read needs adjustment to its
      error message check, which in fact is a good thing as it demonstrates
      that we now fail looking for the whitespace immediately following the
      filemode.
      
      Add a test that shows that we will fail to parse such invalid filemodes
      now.
      Patrick Steinhardt committed
    • tree: fix mode parsing reading out-of-bounds · f647bbc8
      When parsing a tree entry's mode, we will eagerly parse until we hit a
      character that is not in the accepted set of octal digits '0' - '7'. If
      the provided buffer is not a NUL terminated one, we may thus read
      out-of-bounds.
      
      Fix the issue by passing the buffer length to `parse_mode` and paying
      attention to it. Note that this is not a vulnerability in our usual code
      paths, as all object data read from the ODB is NUL terminated.
      Patrick Steinhardt committed
  24. 08 Oct, 2018 1 commit
    • tree: unify the entry validity checks · fd490d3e
      We have two similar functions, `git_treebuilder_insert` and `append_entry` which
      are used in different codepaths as part of creating a new tree. The former
      learnt to check for object existence under strict object creation, but the
      latter did not.
      
      This allowed the creation of a tree from an unowned index to bypass some of the
      checks and create a tree pointing to a nonexistent object.
      
      Extract a single function which performs these checks and call it from both
      codepaths. In `append_entry` we still do not validate when asked not to, as this
      is data which is already in the tree and we want to allow users to deal with
      repositories which already have some invalid data.
      Carlos Martín Nieto committed
  25. 27 Jul, 2018 1 commit
  26. 18 Jul, 2018 1 commit
    • tree: accept null ids in existing trees when updating · 2dff7e28
      When we add entries to a treebuilder we validate them. But we validate even
      those that we're adding because they exist in the base tree. This disables
      using the normal mechanisms on these trees, even to fix them.
      
      Keep track of whether the entry we're appending comes from an existing tree and
      bypass the name and id validation if it's from existing data.
      Carlos Martín Nieto committed
  27. 22 Jun, 2018 1 commit
    • tree: implement function to parse raw data · 73bd6411
      Currently, parsing objects is strictly tied to having an ODB object
      available. This makes it hard to parse an object when all that is
      available is its raw object and size. Furthermore, hacking around that
      limitation by directly creating an ODB structure either on stack or on
      heap does not really work that well due to ODB objects being reference
      counted and then automatically free'd when reaching a reference count of
      zero.
      
      Implement a function `git_tree__parse_raw` to parse a tree object from a
      pair of `data` and `size`.
      Patrick Steinhardt committed
  28. 15 Jun, 2018 2 commits
  29. 10 Jun, 2018 1 commit
  30. 23 May, 2018 1 commit
  31. 16 Feb, 2018 1 commit
    • Explicitly mark fallthrough cases with comments · 06b8a40f
      A lot of compilers nowadays generate warnings when there are cases in a
      switch statement which implicitly fall through to the next case. To
      avoid this warning, the last line in the case that is falling through
      can have a comment matching a regular expression, where one possible
      comment body would be `/* fall through */`.
      
      An alternative to the comment would be an explicit attribute like e.g.
      `[[clang::fallthrough]` or `__attribute__ ((fallthrough))`. But GCC only
      introduced support for such an attribute recently with GCC 7. Thus, and
      also because the fallthrough comment is supported by most compilers, we
      settle for using comments instead.
      
      One shortcoming of that method is that compilers are very strict about
      that. Most interestingly, that comment _really_ has to be the last line.
      In case a closing brace follows the comment, the heuristic will fail.
      Patrick Steinhardt committed
  32. 26 Jan, 2018 1 commit
    • tree: reject writing null-OID entries to a tree · c0487bde
      In commit a96d3cc3f (cache-tree: reject entries with null sha1,
      2017-04-21), the git.git project has changed its stance on null OIDs in
      tree objects. Previously, null OIDs were accepted in tree entries to
      help tools repair broken history. This resulted in some problems though
      in that many code paths mistakenly passed null OIDs to be added to a
      tree, which was not properly detected.
      
      Align our own code base according to the upstream change and reject
      writing tree entries early when the OID is all-zero.
      Patrick Steinhardt committed
  33. 31 Dec, 2017 1 commit
  34. 03 Jul, 2017 1 commit
    • Make sure to always include "common.h" first · 0c7f49dd
      Next to including several files, our "common.h" header also declares
      various macros which are then used throughout the project. As such, we
      have to make sure to always include this file first in all
      implementation files. Otherwise, we might encounter problems or even
      silent behavioural differences due to macros or defines not being
      defined as they should be. So in fact, our header and implementation
      files should make sure to always include "common.h" first.
      
      This commit does so by establishing a common include pattern. Header
      files inside of "src" will now always include "common.h" as its first
      other file, separated by a newline from all the other includes to make
      it stand out as special. There are two cases for the implementation
      files. If they do have a matching header file, they will always include
      this one first, leading to "common.h" being transitively included as
      first file. If they do not have a matching header file, they instead
      include "common.h" as first file themselves.
      
      This fixes the outlined problems and will become our standard practice
      for header and source files inside of the "src/" from now on.
      Patrick Steinhardt committed