Re: [PATCH v2 14/25] shallow.c: implement a generic shallow boundary finder based on rev-list

On Tue, Feb 9, 2016 at 4:09 AM, Junio C Hamano wrote: >> + is_repository_shallow(); /* make sure shallows are read */ >> + >> + init_revisions(, NULL); >> + save_commit_buffer = 0; >> + setup_revisions(ac, av, , NULL); >> + >> + /* Mark all reachable commits

Good day! Dear Sir or Madam! - please help our school site - пожалуйста, помогите нашему школьному сайту - будь ласка, допоможіть нашому шкільному сайту http://bilokaminsky-nvk.pp.ua/

Good day! Dear Sir or Madam! please at the top of any page of site click once on the advertising banner, so that we could pay for hosting our school site, Thank you ad...@bilokaminsky-nvk.pp.ua http://bilokaminsky-nvk.pp.ua/ добрий день, просимо на будь-якій сторінці вгорі один раз натиснути на

Re: Custom merge driver with no rename detection

Hi Junio, On Sun, 14 Feb 2016, Junio C Hamano wrote: > Felipe Gonçalves Assis writes: > > > The usual workaround is using the resolve strategy, but apparently it > > ignores the custom merge driver. > > Hmph. > > Indeed, git-merge-file seems to call xdl_merge()

Re: Custom merge driver with no rename detection

Hi Felipe, On Sun, 14 Feb 2016, Felipe Gonçalves Assis wrote: > Attached is a quick and dirty patch that emulates the effect by > allowing greater than 100% rename thresholds to mean "no-renames". It is really hard to comment on attached patches. First comment: the commit message is awfully

Re: [PATCH v2 21/25] fetch: define shallow boundary with --shallow-exclude

On Mon, Feb 15, 2016 at 12:52:26AM -0500, Eric Sunshine wrote: > Yes, dropping 'const' was implied. I didn't examine it too deeply, but > it did not appear as if there would be any major fallout from dropping > 'const'. It feels a bit cleaner to keep it all self-contained than to > have that

Issues with cc-cmd

Hi Guys, I am facing a strange issue with git send-email, with cccmd and was looking for some help. I am using it with Linux Kernel.. I used get-maintainers today to submit few patches for OPP framework and that is defined as below in MAINTAINERS: OPERATING PERFORMANCE POINTS (OPP) M:

[PATCH 0/4] .gitignore, reinclude rules, take 2

Take one was bad and reverted in commit 8c72236. Take two provides a more complete solution to the pair of rules exclude/this !exclude/this/except/this 3/4 should do a better job at stopping regressions in take 1. 4/4 provides the solution. I think I have tested (and wrote tests) for all the

[PATCH 1/4] dir.c: fix match_pathname()

Given the pattern "1/2/3/4" and the path "1/2/3/4/f", the pattern prefix is "1/2/3/4". We will compare and remove the prefix from both pattern and path and come to this code /* * If the whole pattern did not have a wildcard, * then our prefix match is all we need; we

[PATCH 2/4] dir.c: support tracing exclude

Signed-off-by: Nguyễn Thái Ngọc Duy --- Documentation/git-check-ignore.txt | 1 + Documentation/git.txt | 5 + dir.c | 20 3 files changed, 26 insertions(+) diff --git a/Documentation/git-check-ignore.txt

[PATCH 3/4] dir.c: support marking some patterns already matched

Given path "a" and the pattern "a", it's matched. But if we throw path "a/b" to pattern "a", the code fails to realize that if "a" matches "a" then "a/b" should also be matched. When the pattern is matched the first time, we can mark it "sticky", so that all files and dirs inside the matched path

[PATCH 4/4] dir.c: don't exclude whole dir prematurely

If there is a pattern "!foo/bar", this patch makes it not exclude "foo" right away. This gives us a chance to examine "foo" and re-include "foo/bar". Helped-by: brian m. carlson Helped-by: Micha Wiedenmann Signed-off-by: Nguyễn Thái Ngọc Duy

Re: [PATCH v3 3/3] config: add '--show-origin' option to print the origin of a config value

On 13 Feb 2016, at 19:15, Jeff King wrote: > On Sat, Feb 13, 2016 at 01:04:12PM -0500, Jeff King wrote: > >> On Sat, Feb 13, 2016 at 12:44:49PM -0500, Jeff King wrote: >> +test_expect_success '--show-origin' ' >>> [...] >>> I see you split this up more, but there's still

Re: git worktree fails to recreate existing branch even with -B

On Tue, Feb 09, 2016 at 05:54:01PM +0300, Kirill Likhodedov wrote: > Git doesn’t allow me to execute > git worktree add -B > where already exists in the repository. > > The command prints the following: > Preparing (identifier ) > fatal: Refusing to point HEAD outside of refs/ >

Re: [PATCH v4 20/21] refs: add LMDB refs storage backend

On Sun, Feb 14, 2016 at 7:04 PM, Duy Nguyen wrote: > On Sat, Feb 6, 2016 at 2:44 AM, David Turner wrote: >> +static char *get_refdb_path(const char *base) >> +{ >> + static struct strbuf path_buf = STRBUF_INIT; >> + strbuf_reset(_buf); >>

Re: Custom merge driver with no rename detection

Johannes Schindelin writes: > On Sun, 14 Feb 2016, Junio C Hamano wrote: > >> Felipe Gonçalves Assis writes: >> >> > The usual workaround is using the resolve strategy, but apparently it >> > ignores the custom merge driver. >> >> Hmph. >>

stdout vs stderr

Hi, is there a reason why those messages for pull are sent to stdout and for push are sent to stderr? flo@p3:~$ git pull Already up-to-date. flo@p3:~$ git pull >/dev/null flo@p3:~$ git push Everything up-to-date flo@p3:~$ git push >/dev/null Everything up-to-date I am regularly trying to build

Re: git svn dcommit doesn't support --username option for file:/// urls

Tim Ringenbach wrote: > Hi, > > 'git svn dcommit' doesn't seem to honor the --username argument when > my svn repository url is a file:/// url. It doesn't complain either, > it just seems to silently ignore the option. My dcommits show up as > the user I'm logged in

Re: Issues with cc-cmd

Viresh Kumar writes: > linux...@vger.kernel.org) (open list:OPERATING PERFORMANCE POINTS > (OPP), Hmm http://lists.kernelnewbies.org/pipermail/kernelnewbies/2014-July/011343.html comes to mind. It tells you not to blindly automate this process. I do not offhand know

Re: Issues with cc-cmd

On 15-02-16, 02:06, Junio C Hamano wrote: > Viresh Kumar writes: > > > linux...@vger.kernel.org) (open list:OPERATING PERFORMANCE POINTS > > (OPP), > > Hmm > > http://lists.kernelnewbies.org/pipermail/kernelnewbies/2014-July/011343.html > > comes to mind. It tells

[PATCH v4 0/3] config: add '--sources' option to print the source of a config value

From: Lars Schneider diff to v3: * pass type as parameter to "git_config_from_mem" (renamed from "git_config_from_buf") and "do_config_from_file" * split current_config_type_name into two functions * explain usage of fwrite with a comment * use tabs instead of spaces

[PATCH v4 1/3] t: do not hide Git's exit code in tests

From: Lars Schneider Git should not be on the left-hand side of a pipe, because it hides the exit code, and we want to make sure git does not fail. There is one more occurrence of this pattern in t9010-svn-fe.sh which is to evolved to change it easily. Helped-by: Jeff

[PATCH v4 3/3] config: add '--show-origin' option to print the origin of a config value

From: Lars Schneider If config values are queried using 'git config' (e.g. via --get, --get-all, --get-regexp, or --list flag) then it is sometimes hard to find the configuration file where the values were defined. Teach 'git config' the '--show-origin' option to print

[PATCH v4 2/3] config: add 'type' to config_source struct that identifies config type

From: Lars Schneider Use the config type to print more detailed error messages that inform the user about the origin of a config error (file, stdin, blob). Signed-off-by: Lars Schneider --- cache.h| 6 -- config.c

Re: Custom merge driver with no rename detection

On 15 February 2016 at 06:06, Johannes Schindelin wrote: > Hi Felipe, > > On Sun, 14 Feb 2016, Felipe Gonçalves Assis wrote: > >> Attached is a quick and dirty patch that emulates the effect by >> allowing greater than 100% rename thresholds to mean "no-renames". > >

Re: Custom merge driver with no rename detection

Felipe Gonçalves Assis writes: > However, if you do find this approach acceptable/desirable > (rename-threshold > 100%), I can work on the issues pointed out and > propose a proper patch. The caller asks diffcore-rename to detect rename, and the algorithm compares

[PATCH 1/2] worktree: fix "add -B"

Current code does not update "symref" when -B is used. This string contains the new HEAD. Because it's empty "git worktree add -B" fails at symbolic-ref step. Because branch creation is already done before calling add_worktree(), -B is equivalent to -b from add_worktree() point of view. We do not

[PATCH 2/2] worktree add -B: do the checkout test before update branch

If --force is not given but -B is, we should not proceed if the given branch is already checked out elsewhere. add_worktree() has this test, but it kicks in too late when "git branch --force" is already executed. As a result, even though we correctly refuse to create a new worktree, we have

Re: [PATCH] Implement https public key pinning

Jeff King writes: > We can't do this perfectly, because older versions of git do not yet > know about the option, and will therefore just silently ignore it. And > for consistency there, we usually do the same for features that we know > about but are unsupported. Jep that's why I

[PATCH +warn] Implement https public key pinning

Add the http.pinnedpubkey configuration option for public key pinning. It allows any string supported by libcurl -- base64(sha256(pubkey)) or filename of the full public key. If cURL does not support pinning (is too old) output a warning to the user. Signed-off-by: Christoph Egger

[PATCH] Disown ssh+git and git+ssh

These were silly from the beginning, but we have to support them for compatibility. That doesn't mean we have to show them in the documentation. These were already left out of the main list, but a reference in the main manpage was left, so remove that. Also add a note to discourage their use if

颞下颌关节炎

你的老朋友邀你来Q群:343257759

How can I get a list of checkout history?

As you know, I can checkout the Nth checked out branch via this syntax: $ git checkout @{-N} Is there a built-in mechanism to get a listing of previously checked out refs? Basically, this would be similar to 'history' command in linux where instead of actual commands, it lists like this:

Re: How can I get a list of checkout history?

On Mon, Feb 15, 2016 at 09:18:50AM -0600, Robert Dailey wrote: > As you know, I can checkout the Nth checked out branch via this syntax: > > $ git checkout @{-N} > > Is there a built-in mechanism to get a listing of previously checked > out refs? Basically, this would be similar to 'history'

Re: 'Failed to create .git/index.lock'

Hi Andreas, I am looking into a similar issue with SourceTree on Windows right now. However, in my case it only happens when I switch branches. I investigated the Git commands that SourceTree triggers and it looks like it is doing something like this: (1) Run checkout command git.exe

Re: [PATCH v4 1/3] t: do not hide Git's exit code in tests

On Mon, Feb 15, 2016 at 11:17:44AM +0100, larsxschnei...@gmail.com wrote: > From: Lars Schneider > > Git should not be on the left-hand side of a pipe, because it hides the exit > code, and we want to make sure git does not fail. I think this is a nice cleanup. >

Re: [PATCH v4 2/3] config: add 'type' to config_source struct that identifies config type

On Mon, Feb 15, 2016 at 11:17:45AM +0100, larsxschnei...@gmail.com wrote: > From: Lars Schneider > > Use the config type to print more detailed error messages that inform > the user about the origin of a config error (file, stdin, blob). > > Signed-off-by: Lars

[PATCH 2/4] remote: simplify remote_is_configured()

The remote_is_configured() function allows checking whether a remote exists or not. The function however only works if remote_get() wasn't called before calling it. In addition, it only checks the configuration for remotes, but not remotes or branches files. Make use of the origin member of

[PATCH 0/4] git remote improvements

In builtin/remote.c there are a few cases which check whether a remote exists or not. These checks are however done inconsistently, and in a few cases they don't check anything at all. This patch series tries to improve the situation. I stumbled upon this when I mistyped the remote name in git

[PATCH 3/4] remote: actually check if remote exits

When converting the git remote command to a builtin in 211c89 ("Make git-remote a builtin"), a few calls to check if a remote exists were converted from: if (!exists $remote->{$name}) { [...] to: remote = remote_get(argv[1]); if (!remote) [...] The new

[PATCH 4/4] remote: use remote_is_configured() for add and rename

Both remote add and remote rename use a slightly different hand-rolled check if the remote exits. The hand-rolled check may have some subtle cases in which it might fail to detect when a remote already exists. One such case was fixed in fb86e32 ("git remote: allow adding remotes agreeing with

[PATCH 1/4] remote: use skip_prefix

95b567c7 ("use skip_prefix to avoid repeating strings") transformed calls using starts_with() and then skipping the length of the prefix to skip_prefix() calls. In remote.c there are a few calls like: if (starts_with(foo, "bar")) foo += 3 These calls weren't touched by the commit

Re: What's cooking in git.git (Feb 2016, #04; Fri, 12)

On 15/02/16 05:50, Junio C Hamano wrote: Torsten Bögershausen writes: * tb/conversion (2016-02-10) 6 commits (merged to 'next' on 2016-02-12 at 6faf27b) Could we keep it in next for a while ? I found issues that needs to be fixed before going to master, updates follow

Re: [PATCH v4 0/3] config: add '--sources' option to print the source of a config value

On Mon, Feb 15, 2016 at 11:17:43AM +0100, larsxschnei...@gmail.com wrote: > I like the idea of a "test set up block" within a test script. In order > to clean up nicely before any subsequent tests I would like to propose > a "tear down" block. Would that work as a compromise in our "test cases >

Re: [PATCH v4 3/3] config: add '--show-origin' option to print the origin of a config value

On Mon, Feb 15, 2016 at 11:17:46AM +0100, larsxschnei...@gmail.com wrote: > From: Lars Schneider > > If config values are queried using 'git config' (e.g. via --get, > --get-all, --get-regexp, or --list flag) then it is sometimes hard to > find the configuration file

Re: [PATCH] Disown ssh+git and git+ssh

On Mon, Feb 15, 2016 at 9:29 AM, Carlos Martín Nieto wrote: > These were silly from the beginning, but we have to support them for It might be helpful to cite some reference to support the claim that they are "silly" since it's not necessarily obvious to readers who did not

Re: [PATCH 1/4] remote: use skip_prefix

On Mon, Feb 15, 2016 at 06:42:27PM +0100, Thomas Gummerer wrote: > 95b567c7 ("use skip_prefix to avoid repeating strings") transformed > calls using starts_with() and then skipping the length of the prefix to > skip_prefix() calls. In remote.c there are a few calls like: > > if

Re: [PATCH 2/4] remote: simplify remote_is_configured()

On Mon, Feb 15, 2016 at 06:42:28PM +0100, Thomas Gummerer wrote: > The remote_is_configured() function allows checking whether a remote > exists or not. The function however only works if remote_get() wasn't > called before calling it. In addition, it only checks the configuration > for

Re: [PATCH 3/4] remote: actually check if remote exits

On Mon, Feb 15, 2016 at 06:42:29PM +0100, Thomas Gummerer wrote: > When converting the git remote command to a builtin in 211c89 ("Make > git-remote a builtin"), a few calls to check if a remote exists were > converted from: >if (!exists $remote->{$name}) { > [...] > to: >

Re: [PATCH 4/4] remote: use remote_is_configured() for add and rename

On Mon, Feb 15, 2016 at 06:42:30PM +0100, Thomas Gummerer wrote: > Both remote add and remote rename use a slightly different hand-rolled > check if the remote exits. The hand-rolled check may have some subtle > cases in which it might fail to detect when a remote already exists. > One such case

Re: [PATCH 1/4] remote: use skip_prefix

On Mon, Feb 15, 2016 at 1:18 PM, Jeff King wrote: > This is definitely an improvement, but I think we can actually go a step > further here, and use parse_config_key. Like: > > - if (starts_with(key, "branch.")) { > - name = key + 7; > - subkey =

Re: [PATCH 1/4] remote: use skip_prefix

On Mon, Feb 15, 2016 at 01:35:03PM -0500, Eric Sunshine wrote: > On Mon, Feb 15, 2016 at 1:18 PM, Jeff King wrote: > > This is definitely an improvement, but I think we can actually go a step > > further here, and use parse_config_key. Like: > > > > - if (starts_with(key,

[PATCH] http: add option to try authentication without username

Performing GSS-Negotiate authentication using Kerberos does not require specifying a username or password, since that information is already included in the ticket itself. However, libcurl refuses to perform authentication if it has not been provided with a username and password. Add an option,

Re: git svn dcommit doesn't support --username option for file:/// urls

On Mon, Feb 15, 2016 at 4:06 AM, Eric Wong wrote: [snip] > Totally untested, but does flipping the order of auth providers > help at all? Thanks for looking into this. Unfortunately, that didn't seem to make a difference. I tried several times, and I tried both with and

Re: [PATCH] http: add option to try authentication without username

On Mon, Feb 15, 2016 at 1:44 PM, brian m. carlson wrote: > Performing GSS-Negotiate authentication using Kerberos does not require > specifying a username or password, since that information is already > included in the ticket itself. However, libcurl refuses to

Re: git archive should use vendor extension in pax header

Am 06.02.2016 um 15:57 schrieb f...@fuz.su: On Sat, Feb 06, 2016 at 02:23:11PM +0100, René Scharfe wrote: Am 28.01.2016 um 00:45 schrieb f...@fuz.su: There is git get-tar-commit-id, which prints the commit ID if it finds a comment entry which looks like a hexadecimal SHA-1 hash. It's better

Re: [PATCH] http: add option to try authentication without username

On Mon, Feb 15, 2016 at 03:19:25PM -0500, Eric Sunshine wrote: > On Mon, Feb 15, 2016 at 1:44 PM, brian m. carlson > wrote: > > Performing GSS-Negotiate authentication using Kerberos does not require > > specifying a username or password, since that information is

Re: [PATCH] http: add option to try authentication without username

On Mon, Feb 15, 2016 at 08:29:37PM +, brian m. carlson wrote: > > Rather than sprinkling curl_empty_auth special cases here and there, > > would it be possible to simply set http_auth.username and > > http_auth.password to empty strings early on if they are not already > > set and

Re: [PATCH] http: add option to try authentication without username

On Mon, Feb 15, 2016 at 03:34:51PM -0500, Jeff King wrote: > On Mon, Feb 15, 2016 at 08:29:37PM +, brian m. carlson wrote: > > That would work. I was concerned about the credential_fill call > > actually prompting the user, but it appears that it doesn't do that if > > the password already

Re: [PATCH 1/4] remote: use skip_prefix

On 02/15, Jeff King wrote: > On Mon, Feb 15, 2016 at 06:42:27PM +0100, Thomas Gummerer wrote: > > > 95b567c7 ("use skip_prefix to avoid repeating strings") transformed > > calls using starts_with() and then skipping the length of the prefix to > > skip_prefix() calls. In remote.c there are a few

Re: [PATCH 2/4] remote: simplify remote_is_configured()

On 02/15, Jeff King wrote: > On Mon, Feb 15, 2016 at 06:42:28PM +0100, Thomas Gummerer wrote: > > > The remote_is_configured() function allows checking whether a remote > > exists or not. The function however only works if remote_get() wasn't > > called before calling it. In addition, it only

Re: [PATCH 4/4] remote: use remote_is_configured() for add and rename

On 02/15, Jeff King wrote: > On Mon, Feb 15, 2016 at 06:42:30PM +0100, Thomas Gummerer wrote: > > > Both remote add and remote rename use a slightly different hand-rolled > > check if the remote exits. The hand-rolled check may have some subtle > > cases in which it might fail to detect when a

Re: [PATCH v4 3/3] config: add '--show-origin' option to print the origin of a config value

On Mon, Feb 15, 2016 at 5:17 AM, wrote: > If config values are queried using 'git config' (e.g. via --get, > --get-all, --get-regexp, or --list flag) then it is sometimes hard to > find the configuration file where the values were defined. > > Teach 'git config' the

Re: [PATCH v4 3/3] config: add '--show-origin' option to print the origin of a config value

On Mon, Feb 15, 2016 at 03:58:12PM -0500, Eric Sunshine wrote: > > diff --git a/builtin/config.c b/builtin/config.c > > @@ -27,6 +28,7 @@ static int actions, types; > > static const char *get_color_slot, *get_colorbool_slot; > > static int end_null; > > Not related to your changes, but I just

Re: git svn dcommit doesn't support --username option for file:/// urls

Tim Ringenbach wrote: > On Mon, Feb 15, 2016 at 4:06 AM, Eric Wong wrote: > [snip] > > Totally untested, but does flipping the order of auth providers > > help at all? > > Thanks for looking into this. Unfortunately, that didn't seem to make > a

Re: What's cooking in git.git (Feb 2016, #04; Fri, 12)

Torsten Bögershausen writes: > On 15/02/16 05:50, Junio C Hamano wrote: >> Torsten Bögershausen writes: >> * tb/conversion (2016-02-10) 6 commits (merged to 'next' on 2016-02-12 at 6faf27b) >>> Could we keep it in next for a while ? >>> >>> I found

Re: [PATCH v4 2/3] config: add 'type' to config_source struct that identifies config type

On 15/02/16 10:17, larsxschnei...@gmail.com wrote: > From: Lars Schneider > > Use the config type to print more detailed error messages that inform > the user about the origin of a config error (file, stdin, blob). > > Signed-off-by: Lars Schneider

Re: [PULL] svn pathnameencoding for git svn dcommit

Eric Wong writes: > I've amended tests to both commits, but the URL encoding one > requires an HTTP server to test effectively. > > I couldn't find a test prereq for httpd, but perhaps it's good > to test by default regardless in case a future SVN changes > file://

Re: 'Failed to create .git/index.lock'

On Mon, 15 Feb 2016 18:06:33 +, Lars Schneider wrote: > Hi Andreas, > > I am looking into a similar issue with SourceTree on Windows right now. > However, in my case it only happens when I switch branches. Semi-bingo. That is actually a difference between the workspace this happens in and

Re: [PATCH v4 3/3] config: add '--show-origin' option to print the origin of a config value

On 15/02/16 10:17, larsxschnei...@gmail.com wrote: > From: Lars Schneider > > If config values are queried using 'git config' (e.g. via --get, > --get-all, --get-regexp, or --list flag) then it is sometimes hard to > find the configuration file where the values were

Re: [PATCH 2/4] remote: simplify remote_is_configured()

Thomas Gummerer writes: > Agreed, will change. Thanks. Thanks for working on this, and thanks reviewers for helping. -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majord...@vger.kernel.org More majordomo info at

Re: [PATCH] http: add option to try authentication without username

"brian m. carlson" writes: > On Mon, Feb 15, 2016 at 03:34:51PM -0500, Jeff King wrote: > ... >> So I think this hack should remain purely at the curl level, and never >> touch the credential struct at all. >> >> Which is a shame, because I think Eric's suggestion

Re: [PATCH v4 3/3] config: add '--show-origin' option to print the origin of a config value

On Mon, Feb 15, 2016 at 09:36:23PM +, Ramsay Jones wrote: > > +test_expect_success '--show-origin stdin' ' > > + cat >expect <<-\EOF && > > + stdin: user.custom=true > > So, as with the previous patch, I think this should be: > file:user.custom=true That's

Re: [PATCH] http: add option to try authentication without username

On Mon, Feb 15, 2016 at 01:39:30PM -0800, Junio C Hamano wrote: > "brian m. carlson" writes: > > > On Mon, Feb 15, 2016 at 03:34:51PM -0500, Jeff King wrote: > > ... > >> So I think this hack should remain purely at the curl level, and never > >> touch the

Re: [PATCH v4 3/3] config: add '--show-origin' option to print the origin of a config value

Ramsay Jones writes: >> +--show-origin:: >> +Augment the output of all queried config options with the >> +origin type (file, stdin, blob, cmdline) and the actual origin > > file, blob, cmdline (hmm, maybe cmd-line? ;-) ) If we are going to spell it out,

[PATCH 0/18] hardening allocations against integer overflow

About 6 months or so ago, I did an audit of git's code base for uses of strcpy and sprintf that could overflow, fixing any bugs and cleaning up any suspect spots to make further audits simpler. This is a continuation of that work, for size computations which can overflow and cause us to allocate

malloc memory corruption on merge-tree with leading newline

Hi, in one specific circumstance, git-merge-tree exits with a segfault caused by "*** Error in `git': malloc(): memory corruption (fast)": There has to be at least one commit first (as far as I can tell it doesn't matter what content). Then create a tree containing a file with a leading

Re: [PATCH] http: add option to try authentication without username

On Mon, Feb 15, 2016 at 4:39 PM, Junio C Hamano wrote: > "brian m. carlson" writes: >> On Mon, Feb 15, 2016 at 03:34:51PM -0500, Jeff King wrote: >>> So I think this hack should remain purely at the curl level, and never >>> touch the credential

[PATCH 01/18] add helpers for detecting size_t overflow

Performing computations on size_t variables that we feed to xmalloc and friends can be dangerous, as an integer overflow can cause us to allocate a much smaller chunk than we realized. We already have unsigned_add_overflows(), but let's add unsigned_mult_overflows() to that. Furthermore, rather

[PATCH 02/18] tree-diff: catch integer overflow in combine_diff_path allocation

A combine_diff_path struct has two "flex" members allocated alongside the struct: a string to hold the pathname, and an array of parent pointers. We use an "int" to compute this, meaning we may easily overflow it if the pathname is extremely long. We can fix this by using size_t, and checking for

[PATCH 03/18] harden REALLOC_ARRAY and xcalloc against size_t overflow

REALLOC_ARRAY inherently involves a multiplication which can overflow size_t, resulting in a much smaller buffer than we think we've allocated. We can easily harden it by using st_mult() to check for overflow. Likewise, we can add ALLOC_ARRAY to do the same thing for xmalloc calls. xcalloc()

[PATCH 04/18] add helpers for allocating flex-array structs

Allocating a struct with a flex array is pretty simple in practice: you over-allocate the struct, then copy some data into the over-allocation. But it can be a slight pain to make sure you're allocating and copying the right amounts. This patch adds a few helpers to turn simple cases of into a

[PATCH 05/18] convert trivial cases to ALLOC_ARRAY

Each of these cases can be converted to use ALLOC_ARRAY or REALLOC_ARRAY, which has two advantages: 1. It automatically checks the array-size multiplication for overflow. 2. It always uses sizeof(*array) for the element-size, so that it can never go out of sync with the declared

Re: [PATCH] http: add option to try authentication without username

On Mon, Feb 15, 2016 at 04:46:43PM -0500, Eric Sunshine wrote: > On Mon, Feb 15, 2016 at 4:39 PM, Junio C Hamano wrote: > > "brian m. carlson" writes: > >> On Mon, Feb 15, 2016 at 03:34:51PM -0500, Jeff King wrote: > >>> So I think this hack

[PATCH 07/18] convert trivial cases to FLEX_ARRAY macros

Using FLEX_ARRAY macros reduces the amount of manual computation size we have to do. It also ensures we don't overflow size_t, and it makes sure we write the same number of bytes that we allocated. Signed-off-by: Jeff King --- attr.c | 4 +--- builtin/blame.c

[PATCH 06/18] use xmallocz to avoid size arithmetic

We frequently allocate strings as xmalloc(len + 1), where the extra 1 is for the NUL terminator. This can be done more simply with xmallocz, which also checks for integer overflow. There's no case where switching xmalloc(n+1) to xmallocz(n) is wrong; the result is the same length, and malloc made

[PATCH 08/18] use st_add and st_mult for allocation size computation

If our size computation overflows size_t, we may allocate a much smaller buffer than we expected and overflow it. It's probably impossible to trigger an overflow in most of these sites in practice, but it is easy enough convert their additions and multiplications into overflow-checking variants.

[PATCH 09/18] write_untracked_extension: use FLEX_ALLOC helper

We perform unchecked additions when computing the size of a "struct ondisk_untracked_cache". This is unlikely to have an integer overflow in practice, but we'd like to avoid this dangerous pattern to make further audits easier. Note that there's one subtlety here, though. We protect ourselves

[PATCH 10/18] fast-import: simplify allocation in start_packfile

This function allocates a packed_git flex-array, and adds a mysterious 2 bytes to the length of the pack_name field. One is for the trailing NUL, but the other has no purpose. This is probably cargo-culted from add_packed_git, which gets the ".idx" path and needs to allocate enough space to hold

[PATCH 11/18] fetch-pack: simplify add_sought_entry

We have two variants of this function, one that takes a string and one that takes a ptr/len combo. But we only call the latter with the length of a NUL-terminated string, so our first simplification is to drop it in favor of the string variant. Since we know we have a string, we can also replace

Re: malloc memory corruption on merge-tree with leading newline

Addendum: Problem occurs with version 2.7.1 as well as version 1.9.1. On 15/02/16 22:39, Stefan Frühwirth wrote: in one specific circumstance, git-merge-tree exits with a segfault caused by "*** Error in `git': malloc(): memory corruption (fast)": Stefan -- To unsubscribe from this list:

[PATCH 12/18] test-path-utils: fix normalize_path_copy output buffer size

The normalize_path_copy function needs an output buffer that is at least as long as its input (it may shrink the path, but never expand it). However, this test program feeds it static PATH_MAX-sized buffers, which have no relation to the input size. In the normalize_ceiling_entry case, we do at

[PATCH 13/18] sequencer: simplify memory allocation of get_message

For a commit with has "1234abcd" and subject "foo", this function produces a struct with three strings: 1. "foo" 2. "1234abcd... foo" 3. "parent of 1234abcd... foo" It takes advantage of the fact that these strings are subsets of each other, and allocates only _one_ string, with pointers

[PATCH 14/18] git-compat-util: drop mempcpy compat code

There are no callers of this left, as the last one was dropped in the previous patch. And there are no likely to be new ones, as the function has been around since 2010 without gaining any new callers. Signed-off-by: Jeff King --- git-compat-util.h | 9 - 1 file changed,

[PATCH 16/18] diff_populate_gitlink: use a strbuf

We allocate 100 bytes to hold the "Submodule commit ..." text. This is enough, but it's not immediately obvious that this is the case, and we have to repeat the magic 100 twice. We could get away with xstrfmt here, but we want to know the size, as well, so let's use a real strbuf. And while we're

[PATCH 15/18] transport_anonymize_url: use xstrfmt

This function uses xcalloc and two memcpy calls to concatenate two strings. We can do this as an xstrfmt one-liner, and then it is more clear that we are allocating the correct amount of memory. Signed-off-by: Jeff King --- transport.c | 8 +++- 1 file changed, 3

[PATCH 18/18] ewah: convert to REALLOC_ARRAY, etc

Now that we're built around xmalloc and friends, we can use helpers like REALLOC_ARRAY, ALLOC_GROW, and so on to make the code shorter and protect against integer overflow. Signed-off-by: Jeff King --- ewah/bitmap.c | 16 ewah/ewah_bitmap.c | 5 ++---

[PATCH 17/18] convert ewah/bitmap code to use xmalloc

This code was originally written with the idea that it could be spun off into its own ewah library, and uses the overrideable ewah_malloc to do allocations. We plug in xmalloc as our ewah_malloc, of course. But over the years the ewah code itself has become more entangled with git, and the return

Re: git svn dcommit doesn't support --username option for file:/// urls

On Mon, Feb 15, 2016 at 3:14 PM, Eric Wong wrote: > It might take a while for me to get around to looking at this > more, so it would be very helpful if you poked around and tried > some different things in the source. Ok, I played around with it some and found something

Re: [PATCH 0/18] hardening allocations against integer overflow

On Mon, Feb 15, 2016 at 04:45:16PM -0500, Jeff King wrote: > The only bug I have actually confirmed in practice here is fixed by > patch 2 (which is why it's at the front). There's another one in > path_name(), but that function is already dropped by the nearby > jk/lose-name-path topic. > > The

Re: [PATCH v4 3/3] config: add '--show-origin' option to print the origin of a config value

larsxschnei...@gmail.com writes: > +test_expect_success 'set up custom config file' ' > + CUSTOM_CONFIG_FILE=$(printf "file\twith\ttabs.conf") && > + cat >"$CUSTOM_CONFIG_FILE" <<-\EOF > + [user] > + custom = true > + EOF > +' > + > +test_expect_success

  1   2   >