- 25 Jan, 2019 18 commits
-
-
Validate that the return value of the read is not less than INT_MAX, then cast.
Edward Thomson committed -
Index entries are 32 bit unsigned ints, not `size_t`s.
Edward Thomson committed -
The git_describe_format_options.abbreviated_size type is an unsigned int. There's no need for it to be anything else; keep it what it is.
Edward Thomson committed -
Quiet down a warning from MSVC about how we're potentially losing data. Validate that our data will fit into the type provided then cast.
Edward Thomson committed -
The transport code returns an `int` with the number of bytes written; thus only attempt to write at most `INT_MAX`.
Edward Thomson committed -
Windows doesn't include ssize_t or its _MAX value by default. We are already declaring ssize_t as SSIZE_T, which is __int64_t on Win64 and long otherwise. Include its _MAX value as a correspondence to its type.
Edward Thomson committed -
Our streams implementation takes a `size_t` that indicates the length of the data buffer to be written, and returns an `ssize_t` that indicates the length that _was_ written. Clearly no such implementation can write more than `SSIZE_MAX` bytes. Ensure that each TLS stream implementation does not try to write more than `SSIZE_MAX` bytes (or smaller; if the given implementation takes a smaller size).
Edward Thomson committed -
Quiet down a warning from MSVC about how we're potentially losing data. This is safe since we've explicitly tested it.
Edward Thomson committed -
Edward Thomson committed
-
Edward Thomson committed
-
The filesystem iterator takes `stat` data from disk and puts them into index entries, which use 32 bit ints for time (the seconds portion) and filesize. However, on most systems these are not 32 bit, thus will typically invoke a warning. Most users ignore these fields entirely. Diff and checkout code do use the values, however only for the cache to determine if they should check file modification. Thus, this is not a critical error (and will cause a hash recomputation at worst).
Edward Thomson committed -
Our blob size is a `git_off_t`, which is a signed 64 bit int. This may be erroneously negative or larger than `SIZE_MAX`. Ensure that the blob size fits into a `size_t` before casting.
Edward Thomson committed -
Quiet down a warning from MSVC about how we're potentially losing data. Ensure that we're within a uint16_t before we do.
Edward Thomson committed -
Quiet down a warning from MSVC about how we're potentially losing data. This is safe since we've explicitly tested that it's positive and less than SIZE_MAX.
Edward Thomson committed -
Quiet down a warning from MSVC about how we're potentially losing data. This is safe since we've explicitly tested that it's within the range of 0-100.
Edward Thomson committed -
Quiet down a warning from MSVC about how we're potentially losing data. This cast is safe since we've explicitly tested that `strip_len` <= `last_len`.
Edward Thomson committed -
Quiet down a warning from MSVC about how we're potentially losing data.
Edward Thomson committed -
Avoid the deprecated `git_stream_cb` typedef since we want to compile the library without deprecated functions or types. Instead, we can unroll the alias to its actual type.
Edward Thomson committed
-
- 24 Jan, 2019 3 commits
-
-
Follow up for PR #4917. Signed-off-by: Sven Strickroth <email@cs-ware.de>
Sven Strickroth committed -
Previously, we would clobber any extension-specific error message with an "extension is truncated" message. This makes `read_extension` correctly preserve those errors, takes responsibility for truncation errors, and adds a new message with the actual extension signature for unsupported mandatory extensions.
Etienne Samson committed -
Signed-off-by: Sven Strickroth <email@cs-ware.de>
Sven Strickroth committed
-
- 22 Jan, 2019 3 commits
-
-
Move to the `git_error` name in the internal API for error-related functions.
Edward Thomson committed -
Replace the `GITERR` values with a `const int` to deprecate error values.
Edward Thomson committed -
Move to the `git_error` name in error-related functions, deprecating the `giterr` functions. This means, for example, that `giterr_last` is now `git_error_last`. The old names are retained for compatibility. This only updates the public API; internal API and function usage remains unchanged.
Edward Thomson committed
-
- 20 Jan, 2019 6 commits
-
-
In include/git2/odb.h it states that callback can also return positive value which should break looping. Implementations of git_odb_foreach() and pack_backend__foreach() did not respect that.
Marijan Šuflaj committed -
Edward Thomson committed
-
Correct the documentation on the fallback add/multiply with overflow functions.
Edward Thomson committed -
Windows provides <intsafe.h> which provides "performant" add and multiply with overflow operations. Use them when possible.
Edward Thomson committed -
Edward Thomson committed
-
Use the smallest unsigned type that is equivalent to `size_t` to simplify the conditionals. Error if we're on a system that we believe offers builtins but we cannot determine which one to use.
Edward Thomson committed
-
- 17 Jan, 2019 3 commits
-
-
Update some missed types that were continuing to use the old `GIT_OBJ` names.
Edward Thomson committed -
We use the term "invalid" to refer to bad or malformed data, eg `GIT_REF_INVALID` and `GIT_EINVALIDSPEC`. Since we're changing the names of the `git_object_t`s in this release, update it to be `GIT_OBJECT_INVALID` instead of `BAD`.
Edward Thomson committed -
Update internal usage to use the `git_reference` names for constants.
Edward Thomson committed
-
- 14 Jan, 2019 1 commit
-
-
Jason Haslam committed
-
- 10 Jan, 2019 1 commit
-
-
This change tweaks the macros for git__{add,multiply}_sizet_overflow so that GCC can use them. It also stops using the uadd,umul versions since the add,mul can handle way more cases.
lhchavez committed
-
- 09 Jan, 2019 3 commits
- 07 Jan, 2019 1 commit
-
-
Signed-off-by: Sven Strickroth <email@cs-ware.de>
Sven Strickroth committed
-
- 06 Jan, 2019 1 commit
-
-
lhchavez committed
-