1. 23 Feb, 2022 1 commit
  2. 01 Dec, 2021 1 commit
    • object: return GIT_EINVALID on parse errors · fc1a3f45
      Return `GIT_EINVALID` on parse errors so that direct callers of parse
      functions can determine when there was a failure to parse the object.
      
      The object parser functions will swallow this error code to prevent it
      from propagating down the chain to end-users.  (`git_merge` should not
      return `GIT_EINVALID` when a commit it tries to look up is not valid,
      this would be too vague to be useful.)
      
      The only public function that this affects is
      `git_signature_from_buffer`, which is now documented as returning
      `GIT_EINVALID` when appropriate.
      Edward Thomson committed
  3. 17 Oct, 2021 1 commit
    • str: introduce `git_str` for internal, `git_buf` is external · f0e693b1
      libgit2 has two distinct requirements that were previously solved by
      `git_buf`.  We require:
      
      1. A general purpose string class that provides a number of utility APIs
         for manipulating data (eg, concatenating, truncating, etc).
      2. A structure that we can use to return strings to callers that they
         can take ownership of.
      
      By using a single class (`git_buf`) for both of these purposes, we have
      confused the API to the point that refactorings are difficult and
      reasoning about correctness is also difficult.
      
      Move the utility class `git_buf` to be called `git_str`: this represents
      its general purpose, as an internal string buffer class.  The name also
      is an homage to Junio Hamano ("gitstr").
      
      The public API remains `git_buf`, and has a much smaller footprint.  It
      is generally only used as an "out" param with strict requirements that
      follow the documentation.  (Exceptions exist for some legacy APIs to
      avoid breaking callers unnecessarily.)
      
      Utility functions exist to convert a user-specified `git_buf` to a
      `git_str` so that we can call internal functions, then converting it
      back again.
      Edward Thomson committed
  4. 27 Nov, 2020 2 commits
  5. 22 Jan, 2019 1 commit
  6. 09 Nov, 2018 1 commit
    • signature: fix out-of-bounds read when parsing timezone offset · 52f859fd
      When parsing a signature's timezone offset, we first check whether there
      is a timezone at all by verifying that there are still bytes left to
      read following the time itself. The check thus looks like `time_end + 1
      < buffer_end`, which is actually correct in this case. After setting the
      timezone's start pointer to that location, we compute the remaining
      bytes by using the formula `buffer_end - tz_start + 1`, re-using the
      previous `time_end + 1`. But this is in fact missing the braces around
      `(tz_start + 1)`, thus leading to an overestimation of the remaining
      bytes by a length of two. In case of a non-NUL terminated buffer, this
      will result in an overflow.
      
      The function `git_signature__parse` is only used in two locations. First
      is `git_signature_from_buffer`, which only accepts a string without a
      length. The string thus necessarily has to be NUL terminated and cannot
      trigger the issue.
      
      The other function is `git_commit__parse_raw`, which can in fact trigger
      the error as it may receive non-NUL terminated commit data. But as
      objects read from the ODB are always NUL-terminated by us as a
      cautionary measure, it cannot trigger the issue either.
      
      In other words, this error does not have any impact on security.
      Patrick Steinhardt committed
  7. 18 Oct, 2018 1 commit
  8. 13 Jul, 2018 1 commit
    • treewide: remove use of C++ style comments · 9994cd3f
      C++ style comment ("//") are not specified by the ISO C90 standard and
      thus do not conform to it. While libgit2 aims to conform to C90, we did
      not enforce it until now, which is why quite a lot of these
      non-conforming comments have snuck into our codebase. Do a tree-wide
      conversion of all C++ style comments to the supported C style comments
      to allow us enforcing strict C90 compliance in a later commit.
      Patrick Steinhardt committed
  9. 15 Jun, 2018 5 commits
  10. 12 Nov, 2017 1 commit
    • signature: distinguish +0000 and -0000 UTC offsets · f063dafb
      Git considers '-0000' a valid offset for signature lines.  They need to
      be treated as _not_ equal to a '+0000' signature offset.  Parsing a
      signature line stores the offset in a signed integer which does not
      distinguish between `+0` and `-0`.
      
      This patch adds an additional flag `sign` to the `git_time` in the
      `signature` object which is populated with the sign of the offset.  In
      addition to exposing this information to the user, this information is
      also used to compare signatures.
      
      /cc @pks-t @ethomson
      Henry Kleynhans committed
  11. 12 Jul, 2017 1 commit
  12. 03 Jul, 2017 1 commit
    • Make sure to always include "common.h" first · 0c7f49dd
      Next to including several files, our "common.h" header also declares
      various macros which are then used throughout the project. As such, we
      have to make sure to always include this file first in all
      implementation files. Otherwise, we might encounter problems or even
      silent behavioural differences due to macros or defines not being
      defined as they should be. So in fact, our header and implementation
      files should make sure to always include "common.h" first.
      
      This commit does so by establishing a common include pattern. Header
      files inside of "src" will now always include "common.h" as its first
      other file, separated by a newline from all the other includes to make
      it stand out as special. There are two cases for the implementation
      files. If they do have a matching header file, they will always include
      this one first, leading to "common.h" being transitively included as
      first file. If they do not have a matching header file, they instead
      include "common.h" as first file themselves.
      
      This fixes the outlined problems and will become our standard practice
      for header and source files inside of the "src/" from now on.
      Patrick Steinhardt committed
  13. 01 May, 2017 1 commit
  14. 29 Dec, 2016 1 commit
  15. 17 Dec, 2016 1 commit
  16. 28 Apr, 2016 1 commit
  17. 18 Feb, 2016 1 commit
  18. 21 Oct, 2015 1 commit
  19. 27 Oct, 2014 1 commit
  20. 30 Sep, 2014 1 commit
  21. 10 Sep, 2014 1 commit
  22. 07 May, 2014 1 commit
  23. 18 Apr, 2014 1 commit
  24. 08 Feb, 2014 1 commit
    • Add git_commit_amend API · 80c29fe9
      This adds an API to amend an existing commit, basically a shorthand
      for creating a new commit filling in missing parameters from the
      values of an existing commit.  As part of this, I also added a new
      "sys" API to create a commit using a callback to get the parents.
      This allowed me to rewrite all the other commit creation APIs so
      that temporary allocations are no longer needed.
      Russell Belfer committed
  25. 14 Jan, 2014 1 commit
  26. 13 Nov, 2013 1 commit
  27. 16 Aug, 2013 1 commit
  28. 11 Jun, 2013 1 commit
  29. 10 Jun, 2013 1 commit
    • Reorganize diff and add basic diff driver · 114f5a6c
      This is a significant reorganization of the diff code to break it
      into a set of more clearly distinct files and to document the new
      organization.  Hopefully this will make the diff code easier to
      understand and to extend.
      
      This adds a new `git_diff_driver` object that looks of diff driver
      information from the attributes and the config so that things like
      function content in diff headers can be provided.  The full driver
      spec is not implemented in the commit - this is focused on the
      reorganization of the code and putting the driver hooks in place.
      
      This also removes a few #includes from src/repository.h that were
      overbroad, but as a result required extra #includes in a variety
      of places since including src/repository.h no longer results in
      pulling in the whole world.
      Russell Belfer committed
  30. 02 Jun, 2013 1 commit
  31. 15 May, 2013 2 commits
  32. 18 Apr, 2013 1 commit
  33. 20 Feb, 2013 2 commits