| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
| |
`git_time_monotonic` was added so that non-native bindings like rugged
could get high-resolution timing for benchmarking. However, this is
outside the scope of libgit2 *and* rugged decided not to use this
function in the first place.
Google suggests that absolutely _nobody_ is using this function and we
don't want to be in the benchmarking business. Remove the function.
|
| |\
| |
| | |
Enable creation of worktree from bare repo's default branch
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
In a bare repository, HEAD usually points to the branch that is
considered the "default" branch. As the current implementation for
`git_branch_is_checked_out` only does a comparison of HEAD with the
branch that is to be checked, it will say that the branch pointed to by
HEAD in such a bare repo is checked out.
Fix this by skipping the main repo's HEAD when it is bare.
|
| | |
| |
| |
| |
| |
| |
| | |
Right now, the function `git_repository_foreach_head` will always
iterate over all HEADs of the main repository and its worktrees. In some
cases, it might be required to skip either of those, though. Add a flag
in preparation for the following commit that enables this behaviour.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Libraries should use assert(3P) only very scarcely. First, we usually
shouldn't cause the caller of our library to abort in case where the
assert fails. Second, if code is compiled with -DNDEBUG, then the assert
will not be included at all.
In our `git_branch_is_checked_out` function, we have an assert that
verifies that the given reference parameter is non-NULL and in fact a
branch. While the first check is fine, the second is not. E.g. when
compiled with -DNDEBUG, we'd proceed and treat the given reference as a
branch in all cases.
Fix the issue by instead treating a non-branch reference as not being
checked out. This is the obvious solution, as references other than
branches cannot be directly checked out.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When adding a new worktree, we only verify that an optionally given
reference is valid half-way through the function. At this point, some
data structures have already been created on-disk. If we bail out due to
an invalid reference, these will be left behind and need to be manually
cleaned up by the user.
Improve the situation by moving the reference checks to the function's
preamble. Like this, we error out as early as possible and will not
leave behind any files.
|
| |\ \
| | |
| | | |
Allow bypassing check for '.keep' file
|
| | |/
| |
| |
| | |
'GIT_OPT_IGNORE_PACK_KEEP_FILE_CHECK'
|
| |/
|
|
|
|
|
|
|
|
| |
Although the error functions were deprecated, we did not properly mark
them as deprecated. We need to include the `deprecated.h` file in order
to ensure that the functions get their export attributes.
Similarly, do not define `GIT_DEPRECATE_HARD` within the library, or
those functions will also not get their export attributes. Define that
only on the tests and examples.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The mbedtls library uses a callback mechanism to allow downstream users
to plug in their own receive and send functions. We implement `bio_read`
and `bio_write` functions, which simply wrap the `git_stream_read` and
`git_stream_write` functions, respectively.
The problem arises due to the return value of the callback functions:
mbedtls expects us to return an `int` containing the actual number of
bytes that were read or written. But this is in fact completely
misdesigned, as callers are allowed to pass in a buffer with length
`SIZE_MAX`. We thus may be unable to represent the number of bytes
written via the return value.
Fix this by only ever reading or writing at most `INT_MAX` bytes.
|
| |
|
|
|
|
| |
The mbedtls stream implementation makes use of some global variables
which are not marked as `static`, even though they're only used in this
compilation unit. Fix this and remove a duplicate declaration.
|
| |
|
|
|
|
|
| |
Our `openssl_write` function calls `SSL_write` by passing in both `data`
and `len` arguments directly. Thing is, our `len` parameter is of type
`size_t` and theirs is of type `int`. We thus need to clamp our length
to be at most `INT_MAX`.
|
| |
|
|
|
|
|
|
| |
Now that the function `git_stream__write_full` exists and callers of
`git_stream_write` have been adjusted, we can lift logic for short
writes out of the stream implementations. Instead, this is now handled
either by `git_stream__write_full` or by callers of `git_stream_write`
directly.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Similar to the write(3) function, implementations of `git_stream_write`
do not guarantee that all bytes are written. Instead, they return the
number of bytes that actually have been written, which may be smaller
than the total number of bytes. Furthermore, due to an interface design
issue, we cannot ever write more than `SSIZE_MAX` bytes at once, as
otherwise we cannot represent the number of bytes written to the caller.
Unfortunately, no caller of `git_stream_write` ever checks the return
value, except to verify that no error occurred. Due to this, they are
susceptible to the case where only partial data has been written.
Fix this by introducing a new function `git_stream__write_full`. In
contrast to `git_stream_write`, it will always return either success or
failure, without returning the number of bytes written. Thus, it is able
to write all `SIZE_MAX` bytes and loop around `git_stream_write` until
all data has been written. Adjust all callers except the BIO callbacks
in our mbedtls and OpenSSL streams, which already do the right thing and
require the amount of bytes written.
|
| |
|
|
|
|
| |
The callback functions that implement the `git_stream` structure are
only used inside of their respective implementation files, but they are
not marked as `static`. Fix this.
|
| |
|
|
|
| |
Validate that the return value of the read is not less than INT_MAX,
then cast.
|
| |
|
|
| |
Index entries are 32 bit unsigned ints, not `size_t`s.
|
| |
|
|
|
| |
The git_describe_format_options.abbreviated_size type is an unsigned
int. There's no need for it to be anything else; keep it what it is.
|
| |
|
|
|
| |
Quiet down a warning from MSVC about how we're potentially losing data.
Validate that our data will fit into the type provided then cast.
|
| |
|
|
|
| |
The transport code returns an `int` with the number of bytes written;
thus only attempt to write at most `INT_MAX`.
|
| |
|
|
|
|
| |
Windows doesn't include ssize_t or its _MAX value by default. We are
already declaring ssize_t as SSIZE_T, which is __int64_t on Win64 and
long otherwise. Include its _MAX value as a correspondence to its type.
|
| |
|
|
|
|
|
|
|
| |
Our streams implementation takes a `size_t` that indicates the length of
the data buffer to be written, and returns an `ssize_t` that indicates
the length that _was_ written. Clearly no such implementation can write
more than `SSIZE_MAX` bytes. Ensure that each TLS stream implementation
does not try to write more than `SSIZE_MAX` bytes (or smaller; if the
given implementation takes a smaller size).
|
| |
|
|
|
| |
Quiet down a warning from MSVC about how we're potentially losing data.
This is safe since we've explicitly tested it.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The filesystem iterator takes `stat` data from disk and puts them into
index entries, which use 32 bit ints for time (the seconds portion) and
filesize. However, on most systems these are not 32 bit, thus will
typically invoke a warning.
Most users ignore these fields entirely. Diff and checkout code do use
the values, however only for the cache to determine if they should check
file modification. Thus, this is not a critical error (and will cause a
hash recomputation at worst).
|
| |
|
|
|
|
| |
Our blob size is a `git_off_t`, which is a signed 64 bit int. This may
be erroneously negative or larger than `SIZE_MAX`. Ensure that the blob
size fits into a `size_t` before casting.
|
| |
|
|
|
| |
Quiet down a warning from MSVC about how we're potentially losing data.
Ensure that we're within a uint16_t before we do.
|
| |
|
|
|
|
| |
Quiet down a warning from MSVC about how we're potentially losing data.
This is safe since we've explicitly tested that it's positive and less
than SIZE_MAX.
|
| |
|
|
|
|
| |
Quiet down a warning from MSVC about how we're potentially losing data.
This is safe since we've explicitly tested that it's within the range of
0-100.
|
| |
|
|
|
|
| |
Quiet down a warning from MSVC about how we're potentially losing data.
This cast is safe since we've explicitly tested that `strip_len` <=
`last_len`.
|
| |
|
|
| |
Quiet down a warning from MSVC about how we're potentially losing data.
|
| |\
| |
| | |
index: preserve extension parsing errors
|
| | |
| |
| |
| |
| |
| |
| | |
Previously, we would clobber any extension-specific error message with
an "extension is truncated" message. This makes `read_extension`
correctly preserve those errors, takes responsibility for truncation
errors, and adds a new message with the actual extension signature for
unsupported mandatory extensions.
|
| | |
| |
| |
| |
| |
| | |
Avoid the deprecated `git_stream_cb` typedef since we want to compile
the library without deprecated functions or types. Instead, we can
unroll the alias to its actual type.
|
| | |
| |
| |
| |
| |
| | |
Follow up for PR #4917.
Signed-off-by: Sven Strickroth <email@cs-ware.de>
|
| |/
|
|
| |
Signed-off-by: Sven Strickroth <email@cs-ware.de>
|
| |
|
|
|
| |
Move to the `git_error` name in the internal API for error-related
functions.
|
| |
|
|
|
| |
Replace the `GITERR` values with a `const int` to deprecate error
values.
|
| |
|
|
|
|
|
|
|
| |
Move to the `git_error` name in error-related functions, deprecating the
`giterr` functions. This means, for example, that `giterr_last` is now
`git_error_last`. The old names are retained for compatibility.
This only updates the public API; internal API and function usage
remains unchanged.
|
| |
|
|
|
|
|
|
| |
In include/git2/odb.h it states that callback can also return
positive value which should break looping.
Implementations of git_odb_foreach() and pack_backend__foreach()
did not respect that.
|
| | |
|
| |\
| |
| | |
Add/multiply with overflow tweaks
|
| | |
| |
| |
| |
| | |
Correct the documentation on the fallback add/multiply with overflow
functions.
|
| | |
| |
| |
| |
| | |
Windows provides <intsafe.h> which provides "performant" add and
multiply with overflow operations. Use them when possible.
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
Use the smallest unsigned type that is equivalent to `size_t` to
simplify the conditionals. Error if we're on a system that we believe
offers builtins but we cannot determine which one to use.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
This change tweaks the macros for git__{add,multiply}_sizet_overflow so
that GCC can use them.
It also stops using the uadd,umul versions since the add,mul can handle
way more cases.
|
| |\ \
| | |
| | | |
Move `git_ref_t` to `git_reference_t`
|
| | | |
| | |
| | |
| | | |
Update internal usage to use the `git_reference` names for constants.
|
