summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* ci: fail if requested test name is not foundethomson/027Edward Thomson2018-10-261-0/+6
|
* cmake: define new-style test names in old-style cmakeEdward Thomson2018-10-262-65/+6
|
* version: bump to v0.26.8Patrick Steinhardt2018-10-261-2/+2
|
* CHANGELOG: update changelog for v0.26.8Patrick Steinhardt2018-10-261-0/+48
|
* commit: fix reading out of bounds when parsing encodingPatrick Steinhardt2018-10-251-1/+1
| | | | | | | | | | | | | The commit message encoding is currently being parsed by the `git__prefixcmp` function. As this function does not accept a buffer length, it will happily skip over a buffer's end if it is not `NUL` terminated. Fix the issue by using `git__prefixncmp` instead. Add a test that verifies that we are unable to parse the encoding field if it's cut off by the supplied buffer length. (cherry picked from commit 7655b2d89e8275853d9921dd903dcdad9b3d4a7b)
* tag: fix out of bounds read when searching for tag messagePatrick Steinhardt2018-10-251-5/+5
| | | | | | | | | | | | | | | | | When parsing tags, we skip all unknown fields that appear before the tag message. This skipping is done by using a plain `strstr(buffer, "\n\n")` to search for the two newlines that separate tag fields from tag message. As it is not possible to supply a buffer length to `strstr`, this call may skip over the buffer's end and thus result in an out of bounds read. As `strstr` may return a pointer that is out of bounds, the following computation of `buffer_end - buffer` will overflow and result in an allocation of an invalid length. Fix the issue by using `git__memmem` instead. Add a test that verifies parsing the tag fails not due to the allocation failure but due to the tag having no message. (cherry picked from commit ee11d47e3d907b66eeff99e0ba1e1c71e05164b7)
* util: provide `git__memmem` functionPatrick Steinhardt2018-10-253-0/+90
| | | | | | | | | | | | | | | | | | | | | | | Unfortunately, neither the `memmem` nor the `strnstr` functions are part of any C standard but are merely extensions of C that are implemented by e.g. glibc. Thus, there is no standardized way to search for a string in a block of memory with a limited size, and using `strstr` is to be considered unsafe in case where the buffer has not been sanitized. In fact, there are some uses of `strstr` in exactly that unsafe way in our codebase. Provide a new function `git__memmem` that implements the `memmem` semantics. That is in a given haystack of `n` bytes, search for the occurrence of a byte sequence of `m` bytes and return a pointer to the first occurrence. The implementation chosen is the "Not So Naive" algorithm from [1]. It was chosen as the implementation is comparably simple while still being reasonably efficient in most cases. Preprocessing happens in constant time and space, searching has a time complexity of O(n*m) with a slightly sub-linear average case. [1]: http://www-igm.univ-mlv.fr/~lecroq/string/ (cherry picked from commit 83e8a6b36acc67f2702cbbc7d4e334c7f7737719)
* util: fix out of bounds read in error messagePatrick Steinhardt2018-10-192-3/+14
| | | | | | | | | | | | | | | | | | When an integer that is parsed with `git__strntol32` is too big to fit into an int32, we will generate an error message that includes the actual string that failed to parse. This does not acknowledge the fact that the string may either not be NUL terminated or alternative include additional characters after the number that is to be parsed. We may thus end up printing characters into the buffer that aren't the number or, worse, read out of bounds. Fix the issue by utilizing the `endptr` that was set by `git__strntol64`. This pointer is guaranteed to be set to the first character following the number, and we can thus use it to compute the width of the number that shall be printed. Create a test to verify that we correctly truncate the number. (cherry picked from commit ea19efc19fa683d632af3e172868bc4350724813)
* util: avoid signed integer overflows in `git__strntol64`Patrick Steinhardt2018-10-191-3/+13
| | | | | | | | | | | | | | | | | | While `git__strntol64` tries to detect integer overflows when doing the necessary arithmetics to come up with the final result, it does the detection only after the fact. This check thus relies on undefined behavior of signed integer overflows. Fix this by instead checking up-front whether the multiplications or additions will overflow. Note that a detected overflow will not cause us to abort parsing the current sequence of digits. In the case of an overflow, previous behavior was to still set up the end pointer correctly to point to the first character immediately after the currently parsed number. We do not want to change this now as code may rely on the end pointer being set up correctly even if the parsed number is too big to be represented as 64 bit integer. (cherry picked from commit b09c1c7b636c4112e247adc24245c65f3f9478d0)
* tests: core::strtol: test for some more edge-casesPatrick Steinhardt2018-10-191-0/+31
| | | | | | | | | Some edge cases were currently completely untested, e.g. parsing numbers greater than INT64_{MIN,MAX}, truncating buffers by length and invalid characters. Add tests to verify that the system under test performs as expected. (cherry picked from commit 39087ab8ef77004c9f3b8984c38a834a6cb238bc)
* util: remove `git__strtol32`Patrick Steinhardt2018-10-193-19/+19
| | | | | | | | | The function `git__strtol32` can easily be misused when untrusted data is passed to it that may not have been sanitized with trailing `NUL` bytes. As all usages of this function have now been removed, we can remove this function altogether to avoid future misuse of it. (cherry picked from commit 8d7fa88a9d5011b653035497b0f523e0f177b6a6)
* global: replace remaining use of `git__strtol32`Patrick Steinhardt2018-10-195-6/+8
| | | | | | | | | Replace remaining uses of the `git__strtol32` function. While these uses are all safe as the strings were either sanitized or from a trusted source, we want to remove `git__strtol32` altogether to avoid future misuse. (cherry picked from commit 2613fbb26a3e1a34dda8a5d198c108626cfd6cc3)
* tree-cache: avoid out-of-bound reads when parsing treesPatrick Steinhardt2018-10-191-2/+2
| | | | | | | | | | | | We use the `git__strtol32` function to parse the child and entry count of treecaches from the index, which do not accept a buffer length. As the buffer that is being passed in is untrusted data and may thus be malformed and may not contain a terminating `NUL` byte, we can overrun the buffer and thus perform an out-of-bounds read. Fix the issue by uzing `git__strntol32` instead. (cherry picked from commit 21652ee9de439e042cc2e69b208aa2ef8ce31147)
* util: remove unsafe `git__strtol64` functionPatrick Steinhardt2018-10-193-29/+16
| | | | | | | | | | The function `git__strtol64` does not take a maximum buffer length as parameter. This has led to some unsafe usages of this function, and as such we may consider it as being unsafe to use. As we have now eradicated all usages of this function, let's remove it completely to avoid future misuse. (cherry picked from commit 68deb2cc80ef19bf3a1915c26b5308b283a6d69a)
* config: remove last instance of `git__strntol64`Patrick Steinhardt2018-10-191-1/+1
| | | | | | | | | | | When parsing integers from configuration values, we use `git__strtol64`. This is fine to do, as we always sanitize values and can thus be sure that they'll have a terminating `NUL` byte. But as this is the last call-site of `git__strtol64`, let's just pass in the length explicitly by calling `strlen` on the value to be able to remove `git__strtol64` altogether. (cherry picked from commit 1a2efd10bde66f798375e2f47ba57ef00ad5c193)
* signature: avoid out-of-bounds reads when parsing signature datesPatrick Steinhardt2018-10-191-3/+5
| | | | | | | | | | | | We use `git__strtol64` and `git__strtol32` to parse the trailing commit or author date and timezone of signatures. As signatures are usually part of a commit or tag object and thus essentially untrusted data, the buffer may be misformatted and may not be `NUL` terminated. This may lead to an out-of-bounds read. Fix the issue by using `git__strntol64` and `git__strntol32` instead. (cherry picked from commit 3db9aa6f79711103a331a2bbbd044a3c37d4f136)
* index: avoid out-of-bounds read when reading reuc entry stagePatrick Steinhardt2018-10-191-1/+1
| | | | | | | | | | | | | We use `git__strtol64` to parse file modes of the index entries, which does not limit the parsed buffer length. As the index can be essentially treated as "untrusted" in that the data stems from the file system, it may be misformatted and may not contain terminating `NUL` bytes. This may lead to out-of-bounds reads when trying to parse index entries with such malformatted modes. Fix the issue by using `git__strntol64` instead. (cherry picked from commit 600ceadd1426b874ae0618651210a690a68b27e9)
* commit_list: avoid use of strtol64 without length limitPatrick Steinhardt2018-10-191-1/+3
| | | | | | | | | | | | When quick-parsing a commit, we use `git__strtol64` to parse the commit's time. The buffer that's passed to `commit_quick_parse` is the raw data of an ODB object, though, whose data may not be properly formatted and also does not have to be `NUL` terminated. This may lead to out-of-bound reads. Use `git__strntol64` to avoid this problem. (cherry picked from commit 1a3fa1f5fafd433bdcf1834426d6963eff532125)
* ci: don't stop on failureEdward Thomson2018-10-192-7/+16
| | | | | | Don't stop on test failures; run all the tests, even when a test fails. (cherry picked from commit 429c7f1141f812d266cfd7d33a142871c21f8874)
* ci: append -r flag to clar on windowsEdward Thomson2018-10-191-7/+24
| | | | | | | | Similar to the way we parse the ctest output on POSIX systems, do the same on Windows. This allows us to append the `-r` flag to clar after we've identified the command to run. (cherry picked from commit 7c9769d94799c7bc6341d64e18bbd13bc8993ad6)
* ci: add SKIP_*_TESTS for windows buildsEdward Thomson2018-10-191-19/+26
| | | | | | | Introduce SKIP_*_TEST variables for Windows builds to match POSIX builds. (cherry picked from commit a8301b0c19cc738961604a14b7e132b2b97e064c)
* ci: write test result XMLEdward Thomson2018-10-191-3/+6
| | | | | | Add the clar flags to produce JUnit-style XML output before invocation. (cherry picked from commit fff33a1b65994e1f781f73d06e22d3f8778eff02)
* Revert "clar: introduce CLAR_XML option"Patrick Steinhardt2018-10-194-26/+8
| | | | | | | This reverts commit a2d73f5643814cddf90d5bf489332e14ada89ab8. Using clar to propagate the XML settings was a mistake. (cherry picked from commit 943181c2efe20b705aa40d30197693e7a4c1d0ac)
* ci: only run the exact named testEdward Thomson2018-10-191-1/+1
| | | | | | | | | Our CI test system invokes ctest with the name of the given tests it wishes to invoke. ctest (with the `-R` flag) treats this name as a regular expression. Provide anchors in the regular expression to avoid matching additional tests in this search. (cherry picked from commit 7e353b7a140dade32f1f1db6afd1721cf2c18a4a)
* README: rename "VSTS" to "Azure DevOps"Edward Thomson2018-10-191-1/+1
| | | | | | | Visual Studio Team Services is now a family of applications named "Azure DevOps". Update the README to refer to it thusly. (cherry picked from commit e2613039b34b9f119ca948c70ba75dd93dc1803f)
* README: update the build badge to Azure PipelinesEdward Thomson2018-10-191-1/+1
| | | | | | | VSTS is now a family of components; "Azure Pipelines" is the build and release pipeline application. (cherry picked from commit 464305b74e87bd008cb9b18af632844f16806327)
* ci: rename vsts to azure-pipelinesPatrick Steinhardt2018-10-195-7/+7
| | | | (cherry picked from commit d7d0139eb3ef9d306d0229223092a9cac7da1db5)
* clar: iterate errors in report_all / report_errorsEdward Thomson2018-10-191-19/+15
| | | | | | | | Instead of trying to have a clever iterator pattern that increments the error number, just iterate over errors in the report errors or report all functions as it's easier to reason about in this fashion. (cherry picked from commit d17e67d08d6e73dbf0daeae5049f92a38c2d8bb6)
* ci: use more compatible strftime formatsEdward Thomson2018-10-191-1/+1
| | | | | | | Windows lacks %F and %T formats for strftime. Expand them to the year/month/day and hour/minute/second formats, respectively. (cherry picked from commit e595eeb5ab88142b97798ed65e651de6560515e9)
* ci: use templates for VSTS buildsPatrick Steinhardt2018-10-194-140/+97
| | | | | | | Our build YAML is becoming unweildly and full of copy-pasta. Simplify with templates. (cherry picked from commit 6b2d8f09bc9e5bdf74f98b7470ebc39436be600f)
* ci: explicitly run in the build directoryEdward Thomson2018-10-191-0/+13
| | | | | | | Explicitly run from the build directory, not the source. (I was mistaken about the default working directory for VSTS agents.) (cherry picked from commit 306875bc1c0c4cf82a4feb9436d161750c3f0aad)
* ci: escape xml output path on WindowsEdward Thomson2018-10-191-1/+3
| | | | | | | CMake treats backslashes as escape characters; use forward slashes for the XML output path. (cherry picked from commit f3f2c45ee6d8f46692ebcc71f2ee688868629830)
* ci: upload test resultsPatrick Steinhardt2018-10-191-0/+49
| | | | (cherry picked from commit bfcbde5009db3175cb924687d9273e6f7c5aa1b7)
* ci: write xml during test runsPatrick Steinhardt2018-10-192-3/+3
| | | | (cherry picked from commit a84863fc8dfa51cafc1223181e17003383889350)
* clar: remove globals; error-check fprintf/fcloseEdward Thomson2018-10-192-44/+87
| | | | | | | | Remove the global summary filename and file pointer; pass them in to the summary functions as needed. Error check the results of buffered I/O calls. (cherry picked from commit b67a93ff81e2fbfcf9ebb52dd15db9aa4e9ca708)
* clar: introduce CLAR_XML optionEdward Thomson2018-10-192-5/+21
| | | | | | | | Introduce a CLAR_XML option, to run the `ctest` commands with the new `-r` flag to clar. Permitted values are `OFF`, `ON` and a directory to write the XML test results to. (cherry picked from commit a2d73f5643814cddf90d5bf489332e14ada89ab8)
* clar: accept a value for the summary filenameEdward Thomson2018-10-192-12/+25
| | | | | | | Accept an (optional) value for the summary filename. Continues to default to summary.xml. (cherry picked from commit baa5c20d0815441cac2d2135d2b0190cb543e637)
* clar: don't use a variable named `time`Edward Thomson2018-10-191-4/+4
| | | | (cherry picked from commit dbebcb04b42047df0d52ad3515077a134c5b7da7)
* Barebones JUnit XML outputEtienne Samson2018-10-192-1/+111
| | | | (cherry picked from commit 59f1e477f772c73c76bc654a0853fdcf491a32a7)
* DocumentationEtienne Samson2018-10-191-0/+2
| | | | (cherry picked from commit 3a9b96311d6f0ff364c6417cf3aab7c9745b18d4)
* Isolate test reportsEtienne Samson2018-10-193-36/+82
| | | | | | | This makes it possible to keep track of every test status (even successful ones), and their errors, if any. (cherry picked from commit bf9fc126709af948c2a324ceb1b2696046c91cfe)
* clar: refactor explicitly run test behaviorEdward Thomson2018-10-191-11/+44
| | | | | | | | | | | | | | Previously, supplying `-s` to explicitly enable some test(s) would run the tests immediately from the argument parser. This forces us to set up the entire clar environment (for example: sandboxing) before argument parsing takes place. Refactor the behavior of `-s` to add the explicitly chosen tests to a list that is executed later. This untangles the argument parsing from the setup lifecycle, allowing us to use the arguments to perform the setup. (cherry picked from commit 90753a96515f85e2d0e79a16d3a06ba5b363c68e)
* README: remove travisEdward Thomson2018-10-191-1/+0
| | | | (cherry picked from commit 76cfeb20fc75f02eee8e1b672889039be282666f)
* ci: remove travisEdward Thomson2018-10-191-93/+0
| | | | (cherry picked from commit 6fc946e87025f22315c481509b6658726725b7a4)
* Update .vsts-ci.ymlPatrick Steinhardt2018-10-191-22/+18
| | | | (cherry picked from commit 7238a1e8c7e6b48439ce553c99b83915cb33b394)
* Update .vsts-nightly.ymlDavid Staheli2018-10-191-4/+4
| | | | (cherry picked from commit 40c3a974656a3a9bb0b63e0bb0eb770bb1648303)
* ci: Correct the status code check so Coverity doesn't force-fail TravisEtienne Samson2018-10-191-1/+1
| | | | | | | | | | | | | | | | | | | | | | | Otherwise you get something like Emitted 525 C/C++ compilation units (100%) successfully 525 C/C++ compilation units (100%) are ready for analysis The cov-build utility completed successfully. Build successfully submitted. Received error code 200 from Coverity travis_time:end:14cf6373:start=1534254309066933889,finish=1534254728190974302,duration=419124040413 The command "if [ -n "$COVERITY" ]; then ../ci/coverity.sh; fi" exited with 1. travis_time:start:01ed61d4 $ if [ -z "$COVERITY" ]; then ../ci/build.sh && ../ci/test.sh; fi travis_time:end:01ed61d4:start=1534254728197560961,finish=1534254728202711214,duration=5150253 The command "if [ -z "$COVERITY" ]; then ../ci/build.sh && ../ci/test.sh; fi" exited with 0. Done. Your build exited with 1. (cherry picked from commit 351ca66126b08530d96556eb4521b601c69125e3)
* readme: remove appveyor build badgeEdward Thomson2018-10-191-1/+0
| | | | (cherry picked from commit 658b8e8a59341a7042a839d0417723d494d7b4cb)
* ci: remove appveyorEdward Thomson2018-10-191-44/+0
| | | | (cherry picked from commit 3ce31df3ff34b494a67f7d18dced9930c69883bd)
* ci: add VSTS build badge to READMEEdward Thomson2018-10-191-0/+1
| | | | (cherry picked from commit a1ae41b80b56cd49ecec049b7d2509f17596e116)
View Lorry Controller Status