Commit graph

48308 commits

Author SHA1 Message Date
Junio C Hamano
073a1fd9e4 Merge branch 'rs/tag-null-pointer-arith-fix' into maint
Code clean-up.

* rs/tag-null-pointer-arith-fix:
  tag: avoid NULL pointer arithmetic
2017-10-18 14:19:12 +09:00
Junio C Hamano
ff35d2a998 Merge branch 'rs/cocci-de-paren-call-params' into maint
Code clean-up.

* rs/cocci-de-paren-call-params:
  coccinelle: remove parentheses that become unnecessary
2017-10-18 14:19:12 +09:00
Junio C Hamano
1fa0526876 Merge branch 'ad/doc-markup-fix' into maint
Docfix.

* ad/doc-markup-fix:
  doc: correct command formatting
2017-10-18 14:19:12 +09:00
Junio C Hamano
8a19eeed79 Merge branch 'mr/doc-negative-pathspec' into maint
Doc updates.

* mr/doc-negative-pathspec:
  docs: improve discoverability of exclude pathspec
2017-10-18 14:19:12 +09:00
Junio C Hamano
41052b11bc Merge branch 'jk/validate-headref-fix' into maint
Code clean-up.

* jk/validate-headref-fix:
  validate_headref: use get_oid_hex for detached HEADs
  validate_headref: use skip_prefix for symref parsing
  validate_headref: NUL-terminate HEAD buffer
2017-10-18 14:19:12 +09:00
Junio C Hamano
7f607f6bfb Merge branch 'ks/doc-use-camelcase-for-config-name' into maint
Doc update.

* ks/doc-use-camelcase-for-config-name:
  doc: camelCase the config variables to improve readability
2017-10-18 14:19:12 +09:00
Junio C Hamano
e1a05be9d0 Merge branch 'jk/doc-read-tree-table-asciidoctor-fix' into maint
A docfix.

* jk/doc-read-tree-table-asciidoctor-fix:
  doc: put literal block delimiter around table
2017-10-18 14:19:11 +09:00
Junio C Hamano
9554e71f60 Merge branch 'hn/typofix' into maint
* hn/typofix:
  submodule.h: typofix
2017-10-18 14:19:11 +09:00
Junio C Hamano
8e81361a0e Merge branch 'ks/test-readme-phrasofix' into maint
Doc updates.

* ks/test-readme-phrasofix:
  t/README: fix typo and grammatically improve a sentence
2017-10-18 14:19:10 +09:00
Junio C Hamano
0c521503a0 Merge branch 'ez/doc-duplicated-words-fix' into maint
Typofix.

* ez/doc-duplicated-words-fix:
  doc: fix minor typos (extra/duplicated words)
2017-10-18 14:19:10 +09:00
Junio C Hamano
5a4ec5cb22 Merge branch 'kd/doc-for-each-ref' into maint
Doc update.

* kd/doc-for-each-ref:
  doc/for-each-ref: explicitly specify option names
  doc/for-each-ref: consistently use '=' to between argument names and values
2017-10-18 14:19:10 +09:00
Junio C Hamano
1c45e39809 Merge branch 'cc/subprocess-handshake-missing-capabilities' into maint
Finishing touches to a topic already in 'master'.

* cc/subprocess-handshake-missing-capabilities:
  subprocess: loudly die when subprocess asks for an unsupported capability
2017-10-18 14:19:10 +09:00
Junio C Hamano
110a642801 Merge branch 'jk/system-path-cleanup' into maint
Code clean-up.

* jk/system-path-cleanup:
  git_extract_argv0_path: do nothing without RUNTIME_PREFIX
  system_path: move RUNTIME_PREFIX to a sub-function
2017-10-18 14:19:10 +09:00
Junio C Hamano
28a925bc51 Merge branch 'bb/doc-eol-dirty' into maint
Doc update.

* bb/doc-eol-dirty:
  Documentation: mention that `eol` can change the dirty status of paths
2017-10-18 14:19:09 +09:00
Junio C Hamano
0445bd7b55 Merge branch 'mg/timestamp-t-fix' into maint
A mismerge fix.

* mg/timestamp-t-fix:
  name-rev: change ULONG_MAX to TIME_MAX
2017-10-18 14:19:09 +09:00
Junio C Hamano
6da2d14c8b Merge branch 'ma/pkt-line-leakfix' into maint
A leakfix.

* ma/pkt-line-leakfix:
  pkt-line: re-'static'-ify buffer in packet_write_fmt_1()
2017-10-18 14:19:08 +09:00
Junio C Hamano
96d14cbb91 Merge branch 'jk/config-lockfile-leak-fix' into maint
A leakfix.

* jk/config-lockfile-leak-fix:
  config: use a static lock_file struct
2017-10-18 14:19:08 +09:00
Junio C Hamano
f77196e365 Merge branch 'dw/diff-highlight-makefile-fix' into maint
Build clean-up.

* dw/diff-highlight-makefile-fix:
  diff-highlight: add clean target to Makefile
2017-10-18 14:19:07 +09:00
Junio C Hamano
7c9375db0e Merge branch 'jk/drop-sha1-entry-pos' into maint
Code clean-up.

* jk/drop-sha1-entry-pos:
  sha1-lookup: remove sha1_entry_pos() from header file
  sha1_file: drop experimental GIT_USE_LOOKUP search
2017-10-18 14:19:06 +09:00
Junio C Hamano
d9e8586056 Merge branch 'tb/ref-filter-empty-modifier' into maint
In the "--format=..." option of the "git for-each-ref" command (and
its friends, i.e. the listing mode of "git branch/tag"), "%(atom:)"
(e.g. "%(refname:)", "%(body:)" used to error out.  Instead, treat
them as if the colon and an empty string that follows it were not
there.

* tb/ref-filter-empty-modifier:
  ref-filter.c: pass empty-string as NULL to atom parsers
2017-10-18 14:19:06 +09:00
Junio C Hamano
96d4b17bd6 Merge branch 'rb/compat-poll-fix' into maint
Backports a moral equivalent of 2015 fix to the poll emulation from
the upstream gnulib to fix occasional breakages on HPE NonStop.

* rb/compat-poll-fix:
  poll.c: always set revents, even if to zero
2017-10-18 14:19:05 +09:00
Junio C Hamano
dd5c88a7a5 Merge branch 'tg/memfixes' into maint
Fixes for a handful memory access issues identified by valgrind.

* tg/memfixes:
  sub-process: use child_process.args instead of child_process.argv
  http-push: fix construction of hex value from path
  path.c: fix uninitialized memory access
2017-10-18 14:19:05 +09:00
Junio C Hamano
d9f5ea42ff Merge branch 'ar/request-pull-phrasofix' into maint
Spell the name of our system as "Git" in the output from
request-pull script.

* ar/request-pull-phrasofix:
  request-pull: capitalise "Git" to make it a proper noun
2017-10-18 14:19:04 +09:00
Junio C Hamano
77cdf8c6f9 Merge branch 'jc/merge-x-theirs-docfix' into maint
The documentation for '-X<option>' for merges was misleadingly
written to suggest that "-s theirs" exists, which is not the case.

* jc/merge-x-theirs-docfix:
  merge-strategies: avoid implying that "-s theirs" exists
2017-10-18 14:19:03 +09:00
Junio C Hamano
01ae81e028 Merge branch 'rs/mailinfo-qp-decode-fix' into maint
"git mailinfo" was loose in decoding quoted printable and produced
garbage when the two letters after the equal sign are not
hexadecimal.  This has been fixed.

* rs/mailinfo-qp-decode-fix:
  mailinfo: don't decode invalid =XY quoted-printable sequences
2017-10-18 14:19:03 +09:00
Junio C Hamano
b8a4e894d4 Merge branch 'ik/userdiff-html-h-element-fix' into maint
The built-in pattern to detect the "function header" for HTML did
not match <H1>..<H6> elements without any attributes, which has
been fixed.

* ik/userdiff-html-h-element-fix:
  userdiff: fix HTML hunk header regexp
2017-10-18 14:19:02 +09:00
Junio C Hamano
16ba0f44c0 Merge branch 'jk/diff-blob' into maint
"git cat-file --textconv" started segfaulting recently, which
has been corrected.

* jk/diff-blob:
  cat-file: handle NULL object_context.path
2017-10-18 14:19:01 +09:00
Junio C Hamano
501ec0dad3 Merge branch 'jk/describe-omit-some-refs' into maint
"git describe --match" learned to take multiple patterns in v2.13
series, but the feature ignored the patterns after the first one
and did not work at all.  This has been fixed.

* jk/describe-omit-some-refs:
  describe: fix matching to actually match all patterns
2017-10-18 14:19:01 +09:00
Junio C Hamano
8dc1d0bf64 Merge branch 'mh/for-each-string-list-item-empty-fix' into maint
Code cmp.std.c nitpick.

* mh/for-each-string-list-item-empty-fix:
  for_each_string_list_item: avoid undefined behavior for empty list
2017-10-18 14:19:00 +09:00
Junio C Hamano
181f145de3 Merge branch 'tb/test-lint-echo-e' into maint
The test linter has been taught that we do not like "echo -e".

* tb/test-lint-echo-e:
  test-lint: echo -e (or -E) is not portable
2017-10-18 14:19:00 +09:00
Junio C Hamano
14431c717d Merge branch 'aw/gc-lockfile-fscanf-fix' into maint
"git gc" tries to avoid running two instances at the same time by
reading and writing pid/host from and to a lock file; it used to
use an incorrect fscanf() format when reading, which has been
corrected.

* aw/gc-lockfile-fscanf-fix:
  gc: call fscanf() with %<len>s, not %<len>c, when reading hostname
2017-10-18 14:18:59 +09:00
Junio C Hamano
0f213754f6 Merge branch 'tg/refs-allowed-flags' into maint
API error-proofing which happens to also squelch warnings from GCC.

* tg/refs-allowed-flags:
  refs: strip out not allowed flags from ref_transaction_update
2017-10-18 14:18:59 +09:00
Junio C Hamano
550e41c437 Merge branch 'rs/archive-excluded-directory' into maint
"git archive", especially when used with pathspec, stored an empty
directory in its output, even though Git itself never does so.
This has been fixed.

* rs/archive-excluded-directory:
  archive: don't add empty directories to archives
2017-10-18 14:18:58 +09:00
Junio C Hamano
aec2eb8bfd Merge branch 'rk/commit-tree-make-F-verbatim' into maint
Unlike "git commit-tree < file", "git commit-tree -F file" did not
pass the contents of the file verbatim and instead completed an
incomplete line at the end, if exists.  The latter has been updated
to match the behaviour of the former.

* rk/commit-tree-make-F-verbatim:
  commit-tree: do not complete line in -F input
2017-10-18 14:18:58 +09:00
Junio C Hamano
6b895039f4 Merge branch 'mh/packed-ref-store-prep' into maint
Fix regression to "gitk --bisect" by a recent update.

* mh/packed-ref-store-prep:
  rev-parse: don't trim bisect refnames
2017-10-18 14:18:58 +09:00
Junio C Hamano
05e408dd1a Merge branch 'mm/send-email-cc-cruft' into maint
In addition to "cc: <a@dd.re.ss> # cruft", "cc: a@dd.re.ss # cruft"
was taught to "git send-email" as a valid way to tell it that it
needs to also send a carbon copy to <a@dd.re.ss> in the trailer
section.

* mm/send-email-cc-cruft:
  send-email: don't use Mail::Address, even if available
  send-email: fix garbage removal after address
2017-10-18 14:18:58 +09:00
Junio C Hamano
6c9d19598d Merge branch 'rs/strbuf-getwholeline-fix' into maint
A helper function to read a single whole line into strbuf
mistakenly triggered OOM error at EOF under certain conditions,
which has been fixed.

* rs/strbuf-getwholeline-fix:
  strbuf: clear errno before calling getdelim(3)
2017-10-18 14:18:58 +09:00
Taylor Blau
bea4dbeafd ref-filter.c: pass empty-string as NULL to atom parsers
Peff points out that different atom parsers handle the empty
"sub-argument" list differently. An example of this is the format
"%(refname:)".

Since callers often use `string_list_split` (which splits the empty
string with any delimiter as a 1-ary string_list containing the empty
string), this makes handling empty sub-argument strings non-ergonomic.

Let's fix this by declaring that atom parser implementations must
not care about distinguishing between the empty string "%(refname:)"
and no sub-arguments "%(refname)".  Current code aborts, either with
"unrecognised arg" (e.g. "refname:") or "does not take args"
(e.g. "body:") as an error message.

Signed-off-by: Taylor Blau <me@ttaylorr.com>
Reviewed-by: Jeff King <peff@peff.net>
Reviewed-by: Jonathan Nieder <jrnieder@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-10-05 10:41:57 +09:00
Johannes Sixt
2944a94c6b sub-process: use child_process.args instead of child_process.argv
Currently the argv is only allocated on the stack, and then assigned to
process->argv.  When the start_subprocess function goes out of scope,
the local argv variable is eliminated from the stack, but the pointer is
still kept around in process->argv.

Much later when we try to access the same process->argv in
finish_command, this leads us to access a memory location that no longer
contains what we want.  As argv0 is only used for printing errors, this
is not easily noticed in normal git operations.  However when running
t0021-conversion.sh through valgrind, valgrind rightfully complains:

==21024== Invalid read of size 8
==21024==    at 0x2ACF64: finish_command (run-command.c:869)
==21024==    by 0x2D6B18: subprocess_exit_handler (sub-process.c:72)
==21024==    by 0x2AB41E: cleanup_children (run-command.c:45)
==21024==    by 0x2AB526: cleanup_children_on_exit (run-command.c:81)
==21024==    by 0x54AD487: __run_exit_handlers (in /usr/lib/libc-2.26.so)
==21024==    by 0x54AD4D9: exit (in /usr/lib/libc-2.26.so)
==21024==    by 0x11A9EF: handle_builtin (git.c:550)
==21024==    by 0x11ABCC: run_argv (git.c:602)
==21024==    by 0x11AD8E: cmd_main (git.c:679)
==21024==    by 0x1BF125: main (common-main.c:43)
==21024==  Address 0x1ffeffec00 is on thread 1's stack
==21024==  1504 bytes below stack pointer
==21024==

These days, the child_process structure has its own args array, and
the standard way to set up its argv[] is to use that one, instead of
assigning to process->argv to point at an array that is outside.
Use that facility automatically fixes this issue.

Reported-by: Thomas Gummerer <t.gummerer@gmail.com>
Signed-off-by: Johannes Sixt <j6t@kdbg.org>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-10-04 13:58:15 +09:00
Thomas Gummerer
51bfb734df http-push: fix construction of hex value from path
The get_oid_hex_from_objpath takes care of creating a oid from a
pathname.  It does this by memcpy'ing the first two bytes of the path to
the "hex" string, then skipping the '/', and then copying the rest of the
path to the "hex" string.  Currently it fails to increase the pointer to
the hex string, so the second memcpy invocation just mashes over what
was copied in the first one, and leaves the last two bytes in the string
uninitialized.

This breaks valgrind in t5540, although the test passes without
valgrind:

==5490== Use of uninitialised value of size 8
==5490==    at 0x13C6B5: hexval (cache.h:1238)
==5490==    by 0x13C6DB: hex2chr (cache.h:1247)
==5490==    by 0x13C734: get_sha1_hex (hex.c:42)
==5490==    by 0x13C78E: get_oid_hex (hex.c:53)
==5490==    by 0x118BDA: get_oid_hex_from_objpath (http-push.c:1023)
==5490==    by 0x118C92: process_ls_object (http-push.c:1038)
==5490==    by 0x118E5B: handle_remote_ls_ctx (http-push.c:1077)
==5490==    by 0x118227: xml_end_tag (http-push.c:815)
==5490==    by 0x50C1448: ??? (in /usr/lib/libexpat.so.1.6.6)
==5490==    by 0x50C221B: ??? (in /usr/lib/libexpat.so.1.6.6)
==5490==    by 0x50BFBF2: ??? (in /usr/lib/libexpat.so.1.6.6)
==5490==    by 0x50C0B24: ??? (in /usr/lib/libexpat.so.1.6.6)
==5490==  Uninitialised value was created by a stack allocation
==5490==    at 0x118B63: get_oid_hex_from_objpath (http-push.c:1012)
==5490==

Fix this by correctly incrementing the pointer to the "hex" variable, so
the first two bytes are left untouched by the memcpy call, and the last
two bytes are correctly initialized.

Signed-off-by: Thomas Gummerer <t.gummerer@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-10-04 13:48:35 +09:00
Jeff King
8262715b8e path.c: fix uninitialized memory access
In cleanup_path we're passing in a char array, run a memcmp on it, and
run through it without ever checking if something is in the array in the
first place.  This can lead us to access uninitialized memory, for
example in t5541-http-push-smart.sh test 7, when run under valgrind:

==4423== Conditional jump or move depends on uninitialised value(s)
==4423==    at 0x242FA9: cleanup_path (path.c:35)
==4423==    by 0x242FA9: mkpath (path.c:456)
==4423==    by 0x256CC7: refname_match (refs.c:364)
==4423==    by 0x26C181: count_refspec_match (remote.c:1015)
==4423==    by 0x26C181: match_explicit_lhs (remote.c:1126)
==4423==    by 0x26C181: check_push_refs (remote.c:1409)
==4423==    by 0x2ABB4D: transport_push (transport.c:870)
==4423==    by 0x186703: push_with_options (push.c:332)
==4423==    by 0x18746D: do_push (push.c:409)
==4423==    by 0x18746D: cmd_push (push.c:566)
==4423==    by 0x1183E0: run_builtin (git.c:352)
==4423==    by 0x11973E: handle_builtin (git.c:539)
==4423==    by 0x11973E: run_argv (git.c:593)
==4423==    by 0x11973E: main (git.c:698)
==4423==  Uninitialised value was created by a heap allocation
==4423==    at 0x4C2CD8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==4423==    by 0x4C2F195: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==4423==    by 0x2C196B: xrealloc (wrapper.c:137)
==4423==    by 0x29A30B: strbuf_grow (strbuf.c:66)
==4423==    by 0x29A30B: strbuf_vaddf (strbuf.c:277)
==4423==    by 0x242F9F: mkpath (path.c:454)
==4423==    by 0x256CC7: refname_match (refs.c:364)
==4423==    by 0x26C181: count_refspec_match (remote.c:1015)
==4423==    by 0x26C181: match_explicit_lhs (remote.c:1126)
==4423==    by 0x26C181: check_push_refs (remote.c:1409)
==4423==    by 0x2ABB4D: transport_push (transport.c:870)
==4423==    by 0x186703: push_with_options (push.c:332)
==4423==    by 0x18746D: do_push (push.c:409)
==4423==    by 0x18746D: cmd_push (push.c:566)
==4423==    by 0x1183E0: run_builtin (git.c:352)
==4423==    by 0x11973E: handle_builtin (git.c:539)
==4423==    by 0x11973E: run_argv (git.c:593)
==4423==    by 0x11973E: main (git.c:698)
==4423==

Avoid this by using skip_prefix(), which knows not to go beyond the
end of the string.

Reported-by: Thomas Gummerer <t.gummerer@gmail.com>
Signed-off-by: Jeff King <peff@peff.net>
Reviewed-by: Jonathan Nieder <jrnieder@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-10-04 13:47:16 +09:00
Ann T Ropea
e66d7c37a5 request-pull: capitalise "Git" to make it a proper noun
Of the many ways to spell the three-letter word, the variant "Git"
should be used when referring to a repository in a description; or, in
general, when it is used as a proper noun.

We thus change the pull-request template message so that it reads

   "...in the Git repository at:"

Besides, this brings us in line with the documentation, see
Documentation/howto/using-signed-tag-in-pull-request.txt

Signed-off-by: Ann T Ropea <bedhanger@gmx.de>
Acked-by: Jonathan Nieder <jrnieder@gmail.com>
Reviewed-by: Jonathan Nieder <jrnieder@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-10-03 13:11:57 +09:00
René Scharfe
7099153e8d tag: avoid NULL pointer arithmetic
lookup_blob() etc. can return NULL if the referenced object isn't of the
expected type.  In theory it's wrong to reference the object member in
that case.  In practice it's OK because it's located at offset 0 for all
types, so the pointer arithmetic (NULL + 0) is optimized out by the
compiler.  The issue is reported by Clang's AddressSanitizer, though.

Avoid the ASan error by casting the results of the lookup functions to
struct object pointers.  That works fine with NULL pointers as well.  We
already rely on the object member being first in all object types in
other places in the code.

Signed-off-by: Rene Scharfe <l.s.r@web.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-10-02 13:14:33 +09:00
René Scharfe
9ca356fa8b coccinelle: remove parentheses that become unnecessary
Transformations that hide multiplications can end up with an pair of
parentheses that is no longer needed.  E.g. with a rule like this:

  @@
  expression E;
  @@
  - E * 2
  + double(E)

... we might get a patch like this:

  -	x = (a + b) * 2;
  +	x = double((a + b));

Add a pair of parentheses to the preimage side of such rules.
Coccinelle will generate patches that remove them if they are present,
and it will still match expressions that lack them.

Signed-off-by: Rene Scharfe <l.s.r@web.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-10-02 13:02:26 +09:00
Randall S. Becker
61b2a1acaa poll.c: always set revents, even if to zero
Match what is done to pfd[i].revents when compute_revents() returns
0 to the upstream gnulib's commit d42461c3 ("poll: fixes for large
fds", 2015-02-20).  The revents field is set to 0, without
incrementing the value rc to be returned from the function.  The
original code left the field to whatever random value the field was
initialized to.

This fixes occasional hangs in git-upload-pack on HPE NonStop.

Signed-off-by: Randall S. Becker <randall.becker@nexbridge.ca>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-09-29 18:33:22 +09:00
Adam Dinwoodie
5e633326e4 doc: correct command formatting
Leaving spaces around the `-delimeters for commands means asciidoc fails
to parse them as the start of a literal string.  Remove an extraneous
space that is causing a literal to not be formatted as such.

Signed-off-by: Adam Dinwoodie <adam@dinwoodie.org>
Acked-by: Andreas Heiduk <asheiduk@gmail.com>
Reviewed-by: Jonathan Nieder <jrnieder@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-09-29 10:54:38 +09:00
Jeff King
0bca165fdb validate_headref: use get_oid_hex for detached HEADs
If a candidate HEAD isn't a symref, we check that it
contains a viable sha1. But in a post-sha1 world, we should
be checking whether it has any plausible object-id.

We can do that by switching to get_oid_hex().

Note that both before and after this patch, we only check
for a plausible object id at the start of the file, and then
call that good enough.  We ignore any content _after_ the
hex, so a string like:

  0123456789012345678901234567890123456789 foo

is accepted. Though we do put extra bytes like this into
some pseudorefs (e.g., FETCH_HEAD), we don't typically do so
with HEAD. We could tighten this up by using parse_oid_hex(),
like:

  if (!parse_oid_hex(buffer, &oid, &end) &&
      *end++ == '\n' && *end == '\0')
          return 0;

But we're probably better to remain on the loose side. We're
just checking here for a plausible-looking repository
directory, so heuristics are acceptable (if we really want
to be meticulous, we should use the actual ref code to parse
HEAD).

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-09-27 16:07:22 +09:00
Jeff King
7eb4b9d025 validate_headref: use skip_prefix for symref parsing
Since the previous commit guarantees that our symref buffer
is NUL-terminated, we can just use skip_prefix() and friends
to parse it. This is shorter and saves us having to deal
with magic numbers and keeping the "len" counter up to date.

While we're at it, let's name the rather obscure "buf" to
"refname", since that is the thing we are parsing with it.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-09-27 16:06:31 +09:00
Jeff King
6e68c91410 validate_headref: NUL-terminate HEAD buffer
When we are checking to see if we have a git repo, we peek
into the HEAD file and see if it's a plausible symlink,
symref, or detached HEAD.

For the latter two, we read the contents with read_in_full(),
which means they aren't NUL-terminated. The symref check is
careful to respect the length we got, but the sha1 check
will happily parse up to 40 bytes, even if we read fewer.

E.g.,:

  echo 1234 >.git/HEAD
  git rev-parse

will parse 36 uninitialized bytes from our stack buffer.

This isn't a big deal in practice. Our buffer is 256 bytes,
so we know we'll never read outside of it. The worst case is
that the uninitialized bytes look like valid hex, and we
claim a bogus HEAD file is valid. The chances of this
happening randomly are quite slim, but let's be careful.

One option would be to check that "len == 41" before feeding
the buffer to get_sha1_hex(). But we'd like to eventually
prepare for a world with variable-length hashes. Let's
NUL-terminate as soon as we've read the buffer (we already
even leave a spare byte to do so!). That fixes this problem
without depending on the size of an object id.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-09-27 16:01:24 +09:00
Manav Rathi
93dbefb389 docs: improve discoverability of exclude pathspec
The ability to exclude paths with a negative pathspec is not mentioned
in the man pages for git grep and other commands where it might be
useful.

Add an example and a pointer to the pathspec glossary entry in the man
page for git grep to help the user to discover this ability.

Add similar pointers from the git-add and git-status man pages.

Additionally,

- Add a test for the behaviour when multiple exclusions are present.
- Add a test for the ^ alias.
- Improve name of existing test.
- Improve grammar in glossary description of the exclude pathspec.

Helped-by: Junio C Hamano <gitster@pobox.com>
Signed-off-by: Manav Rathi <mnvrth@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-09-25 17:54:36 +09:00