Commit graph

211 commits

Author SHA1 Message Date
Christian Couder
179070b91c builtin/apply: move 'numstat' global into 'struct apply_state'
To libify the apply functionality the 'numstat' variable should
not be static and global to the file. Let's move it into
'struct apply_state'.

Reviewed-by: Stefan Beller <sbeller@google.com>
Signed-off-by: Christian Couder <chriscool@tuxfamily.org>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-06-01 10:10:16 -07:00
Christian Couder
c4f5c39862 builtin/apply: move 'diffstat' global into 'struct apply_state'
To libify the apply functionality the 'diffstat' variable should
not be static and global to the file. Let's move it into
'struct apply_state'.

Reviewed-by: Stefan Beller <sbeller@google.com>
Signed-off-by: Christian Couder <chriscool@tuxfamily.org>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-06-01 10:10:16 -07:00
Christian Couder
885eefb12d builtin/apply: move 'cached' global into 'struct apply_state'
To libify the apply functionality the 'cached' variable should
not be static and global to the file. Let's move it into
'struct apply_state'.

Reviewed-by: Stefan Beller <sbeller@google.com>
Signed-off-by: Christian Couder <chriscool@tuxfamily.org>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-06-01 10:10:16 -07:00
Christian Couder
6ca4c39093 builtin/apply: move 'allow_overlap' global into 'struct apply_state'
To libify the apply functionality the 'allow_overlap' variable should
not be static and global to the file. Let's move it into
'struct apply_state'.

Reviewed-by: Stefan Beller <sbeller@google.com>
Signed-off-by: Christian Couder <chriscool@tuxfamily.org>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-06-01 10:10:16 -07:00
Christian Couder
901f9c6d42 builtin/apply: move 'update_index' global into 'struct apply_state'
To libify the apply functionality the 'update_index' variable should
not be static and global to the file. Let's move it into
'struct apply_state'.

Reviewed-by: Stefan Beller <sbeller@google.com>
Signed-off-by: Christian Couder <chriscool@tuxfamily.org>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-06-01 10:10:16 -07:00
Christian Couder
5cae882d27 builtin/apply: move 'apply_verbosely' global into 'struct apply_state'
To libify the apply functionality the 'apply_verbosely' variable should
not be static and global to the file. Let's move it into
'struct apply_state'.

Reviewed-by: Stefan Beller <sbeller@google.com>
Signed-off-by: Christian Couder <chriscool@tuxfamily.org>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-06-01 10:10:16 -07:00
Christian Couder
30b5ae4d41 builtin/apply: move 'apply_with_reject' global into 'struct apply_state'
To libify the apply functionality the 'apply_with_reject' variable should
not be static and global to the file. Let's move it into
'struct apply_state'.

Reviewed-by: Stefan Beller <sbeller@google.com>
Signed-off-by: Christian Couder <chriscool@tuxfamily.org>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-06-01 10:10:16 -07:00
Christian Couder
2595a8b146 builtin/apply: move 'apply_in_reverse' global into 'struct apply_state'
To libify the apply functionality the 'apply_in_reverse' variable should
not be static and global to the file. Let's move it into
'struct apply_state'.

Reviewed-by: Stefan Beller <sbeller@google.com>
Signed-off-by: Christian Couder <chriscool@tuxfamily.org>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-06-01 10:10:16 -07:00
Christian Couder
ee87a6e740 builtin/apply: move 'check_index' global into 'struct apply_state'
To libify the apply functionality the 'check_index' variable should
not be static and global to the file. Let's move it into
'struct apply_state'.

Reviewed-by: Stefan Beller <sbeller@google.com>
Signed-off-by: Christian Couder <chriscool@tuxfamily.org>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-06-01 10:10:16 -07:00
Christian Couder
22a7233584 builtin/apply: move 'check' global into 'struct apply_state'
To libify the apply functionality the 'check' variable should
not be static and global to the file. Let's move it into
'struct apply_state'.

Reviewed-by: Stefan Beller <sbeller@google.com>
Signed-off-by: Christian Couder <chriscool@tuxfamily.org>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-06-01 10:10:16 -07:00
Christian Couder
1da16e1ed8 builtin/apply: move 'unidiff_zero' global into 'struct apply_state'
To libify the apply functionality the 'unidiff_zero' variable should
not be static and global to the file. Let's move it into
'struct apply_state'.

Reviewed-by: Stefan Beller <sbeller@google.com>
Signed-off-by: Christian Couder <chriscool@tuxfamily.org>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-06-01 10:10:16 -07:00
Christian Couder
6f27b941f2 builtin/apply: move 'state' init into init_apply_state()
When the apply functionality will be libified, the 'struct apply_state'
will be used by different pieces of code.

To properly initialize a 'struct apply_state', let's provide a nice
and easy to use init_apply_state() function.

Let's also provide clear_apply_state() to release memory used by
'struct apply_state' members, so that a 'struct apply_state' instance
can be easily reused without leaking memory.

Note that clear_apply_state() does nothing for now, but it will later.

While at it, let's rename 'prefix_' parameter to 'prefix'.

Helped-by: Eric Sunshine <sunshine@sunshineco.com>
Reviewed-by: Stefan Beller <sbeller@google.com>
Signed-off-by: Christian Couder <chriscool@tuxfamily.org>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-06-01 10:10:16 -07:00
Christian Couder
2fc0f1849b builtin/apply: introduce 'struct apply_state' to start libifying
Currently commands that want to use the apply functionality have to launch
a "git apply" process which can be bad for performance.

Let's start libifying the apply functionality and to do that we first need
to get rid of the global variables in "builtin/apply.c".

This patch introduces "struct apply_state" into which all the previously
global variables will be moved. A new parameter called "state" that is a
pointer to the "apply_state" structure will come at the beginning of the
helper functions that need it and will be passed around the call chain.

To start let's move the "prefix" and "prefix_length" global variables into
"struct apply_state".

Reviewed-by: Stefan Beller <sbeller@google.com>
Signed-off-by: Christian Couder <chriscool@tuxfamily.org>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-05-12 12:21:25 -07:00
Christian Couder
dcde8b3dcd builtin/apply: move 'read_stdin' global into cmd_apply()
The 'read_stdin' variable doesn't need to be static and global to the
file. It can be local to cmd_apply(), so let's move it there.

This will make it easier to libify the apply functionality.

Reviewed-by: Stefan Beller <sbeller@google.com>
Signed-off-by: Christian Couder <chriscool@tuxfamily.org>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-05-12 12:21:24 -07:00
Christian Couder
d1b27ced9a builtin/apply: move 'options' variable into cmd_apply()
The 'options' variable doesn't need to be static and global to the
file. It can be local to cmd_apply(), so let's move it there.

This will make it easier to libify the apply functionality.

Reviewed-by: Stefan Beller <sbeller@google.com>
Signed-off-by: Christian Couder <chriscool@tuxfamily.org>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-05-12 12:21:19 -07:00
Christian Couder
7a3eb9e222 builtin/apply: extract line_by_line_fuzzy_match() from match_fragment()
The match_fragment() function is very big and contains a big special case
algorithm that does line by line fuzzy matching. So let's extract this
algorithm in a separate line_by_line_fuzzy_match() function.

Reviewed-by: Stefan Beller <sbeller@google.com>
Signed-off-by: Christian Couder <chriscool@tuxfamily.org>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-05-12 12:12:48 -07:00
Christian Couder
bb0ba99743 builtin/apply: avoid local variable shadowing 'len' parameter
This is just a cleanup to avoid errors when compiling with -Wshadow and
to make it safer to later move global variables into a "state" struct.

Reviewed-by: Stefan Beller <sbeller@google.com>
Signed-off-by: Christian Couder <chriscool@tuxfamily.org>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-05-12 12:11:14 -07:00
Christian Couder
eb8fdbff3c builtin/apply: avoid parameter shadowing 'linenr' global
Let's just rename the global 'state_linenr' as it will become
'state->linenr' in a following patch.

This also avoid errors when compiling with -Wshadow and makes
it safer to later move global variables into a "state" struct.

Reviewed-by: Stefan Beller <sbeller@google.com>
Signed-off-by: Christian Couder <chriscool@tuxfamily.org>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-05-12 12:09:43 -07:00
Christian Couder
560e35468f builtin/apply: avoid parameter shadowing 'p_value' global
Let's just rename the global 'state_p_value' as it will become
'state->p_value' in a following patch.

This also avoid errors when compiling with -Wshadow and makes
it safer to later move global variables into a "state" struct.

Helped-by: Nguyễn Thái Ngọc Duy <pclouds@gmail.com>
Reviewed-by: Stefan Beller <sbeller@google.com>
Signed-off-by: Christian Couder <chriscool@tuxfamily.org>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-05-12 12:07:15 -07:00
Christian Couder
12913a78ce builtin/apply: make gitdiff_verify_name() return void
As the value returned by gitdiff_verify_name() is put into the
same variable that is passed as a parameter to this function,
it is simpler to pass the address of the variable and have
gitdiff_verify_name() change the variable itself.

This also makes it possible to later have this function return
-1 instead of die()ing in case of error.

Reviewed-by: Stefan Beller <sbeller@google.com>
Signed-off-by: Christian Couder <chriscool@tuxfamily.org>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-05-12 12:07:11 -07:00
Junio C Hamano
5b3b015999 Merge branch 'cc/apply'
Minor code clean-up.

* cc/apply:
  builtin/apply: free patch when parse_chunk() fails
  builtin/apply: handle parse_binary() failure
  apply: remove unused call to free() in gitdiff_{old,new}name()
  builtin/apply: get rid of useless 'name' variable
2016-04-13 14:12:34 -07:00
Christian Couder
7a6a44c2dc builtin/apply: free patch when parse_chunk() fails
When parse_chunk() fails it can return -1, for example
when find_header() doesn't find a patch header.

In this case it's better in apply_patch() to free the
"struct patch" that we just allocated instead of
leaking it.

Signed-off-by: Christian Couder <chriscool@tuxfamily.org>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-04-01 10:21:55 -07:00
Christian Couder
484e776158 builtin/apply: handle parse_binary() failure
In parse_binary() there is:

	forward = parse_binary_hunk(&buffer, &size, &status, &used);
	if (!forward && !status)
		/* there has to be one hunk (forward hunk) */
		return error(_("unrecognized binary patch at line %d"), linenr-1);

so parse_binary() can return -1, because that's what error() returns.

Also parse_binary_hunk() sets "status" to -1 in case of error and
parse_binary() does "if (status) return status;".

In this case parse_chunk() should not add -1 to the patchsize it computes.
It is better for future libification efforts to make it just return -1.

Signed-off-by: Christian Couder <chriscool@tuxfamily.org>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-04-01 10:21:19 -07:00
Nguyễn Thái Ngọc Duy
3f5794493c apply: report patch skipping in verbose mode
Signed-off-by: Nguyễn Thái Ngọc Duy <pclouds@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-03-24 10:18:31 -07:00
Junio C Hamano
db354b7f1b apply: remove unused call to free() in gitdiff_{old,new}name()
These two functions keep a copy of filename it was given, let
gitdiff_verify_name() to rewrite it to a new filename and then free
the original if they receive a newly minted filename.

However

 (1) when the original name is NULL, gitdiff_verify_name() returns
     either NULL or a newly minted value.  Either case, we do not
     have to worry about calling free() on the original NULL.

 (2) when the original name is not NULL, gitdiff_verify_name()
     either returns that as-is, or calls die() when it finds
     inconsistency in the patch.  When the function returns, we know
     that "if ()" statement always is false.

Noticed by Christian Couder.

Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-03-22 14:41:08 -07:00
Christian Couder
fda3e2cf01 builtin/apply: get rid of useless 'name' variable
While at it put an 'else' on the same line as the previous '}'.

Signed-off-by: Christian Couder <chriscool@tuxfamily.org>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-03-22 14:21:07 -07:00
Junio C Hamano
11529ecec9 Merge branch 'jk/tighten-alloc'
Update various codepaths to avoid manually-counted malloc().

* jk/tighten-alloc: (22 commits)
  ewah: convert to REALLOC_ARRAY, etc
  convert ewah/bitmap code to use xmalloc
  diff_populate_gitlink: use a strbuf
  transport_anonymize_url: use xstrfmt
  git-compat-util: drop mempcpy compat code
  sequencer: simplify memory allocation of get_message
  test-path-utils: fix normalize_path_copy output buffer size
  fetch-pack: simplify add_sought_entry
  fast-import: simplify allocation in start_packfile
  write_untracked_extension: use FLEX_ALLOC helper
  prepare_{git,shell}_cmd: use argv_array
  use st_add and st_mult for allocation size computation
  convert trivial cases to FLEX_ARRAY macros
  use xmallocz to avoid size arithmetic
  convert trivial cases to ALLOC_ARRAY
  convert manual allocations to argv_array
  argv-array: add detach function
  add helpers for allocating flex-array structs
  harden REALLOC_ARRAY and xcalloc against size_t overflow
  tree-diff: catch integer overflow in combine_diff_path allocation
  ...
2016-02-26 13:37:16 -08:00
Jeff King
50a6c8efa2 use st_add and st_mult for allocation size computation
If our size computation overflows size_t, we may allocate a
much smaller buffer than we expected and overflow it. It's
probably impossible to trigger an overflow in most of these
sites in practice, but it is easy enough convert their
additions and multiplications into overflow-checking
variants. This may be fixing real bugs, and it makes
auditing the code easier.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-02-22 14:51:09 -08:00
Jeff King
1f3c79a9d6 apply, ls-files: simplify "-z" parsing
As a short option, we cannot handle negation. Thus a callback
handling "unset" is overkill, and we can just use OPT_SET_INT
instead to handle setting the option.

Anybody who adds "--nul" synonym to this later would need to be
careful not to break "--no-nul", which should mean that lines are
terminated with LF at the end.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-02-01 14:14:20 -08:00
Jeff King
6c31c22ceb apply: convert root string to strbuf
We use manual computation and strcpy to allocate the "root"
variable. This would be much simpler using xstrfmt.  But
since we store the length, too, we can just use a strbuf,
which handles that for us.

Note that we stop distinguishing between "no root" and
"empty root" in some cases, but that's OK; the results are
the same (e.g., inserting an empty string is a noop).

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-10-05 11:08:04 -07:00
Jeff King
75faa45ae0 replace trivial malloc + sprintf / strcpy calls with xstrfmt
It's a common pattern to do:

  foo = xmalloc(strlen(one) + strlen(two) + 1 + 1);
  sprintf(foo, "%s %s", one, two);

(or possibly some variant with strcpy()s or a more
complicated length computation).  We can switch these to use
xstrfmt, which is shorter, involves less error-prone manual
computation, and removes many sprintf and strcpy calls which
make it harder to audit the code for real buffer overflows.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-09-25 10:18:18 -07:00
Junio C Hamano
e0eeba263c Merge branch 'gb/apply-comment-typofix'
* gb/apply-comment-typofix:
  apply: comment grammar fix
2015-09-14 11:44:44 -07:00
Junio C Hamano
59c465d5c0 Merge branch 'jc/apply-reject-noop-hunk'
"git apply" cannot diagnose a patch corruption when the breakage is
to mark the length of the hunk shorter than it really is on the
hunk header line "@@ -l,k +m,n @@"; one special case it could is
when the hunk becomes no-op (e.g. k == n == 2 for two-line context
patch output), and it learned how to do so.

* jc/apply-reject-noop-hunk:
  apply: reject a hunk that does not do anything
2015-06-24 12:21:39 -07:00
Junio C Hamano
ad6e8ed37b apply: reject a hunk that does not do anything
A hunk like this in a hand-edited patch without correctly adjusting
the line counts:

     @@ -660,2 +660,2 @@ inline struct sk_buff *ieee80211_authentic...
             auth = (struct ieee80211_authentication *)
                     skb_put(skb, sizeof(struct ieee80211_authentication));
     -       some old text
     +       some new text
     --
     2.1.0

     dev mailing list

at the end of the input does not have a good way for us to diagnose
it as a corrupt patch.  We just read two context lines and discard
the remainder as cruft, which we must do in order to ignore the
e-mail footer.  Notice that the patch does not change anything and
signal an error.

Note that this fix will not help if the hand-edited hunk header were
"@@ -660,3, +660,2" to include the removal.  We would just remove
the old text without adding the new one, and treat "+ some new text"
and everything after that line as trailing cruft.  So it is dubious
that this patch alone would help very much in practice, but it may
be better than nothing.

Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-06-01 12:12:04 -07:00
Junio C Hamano
a916cb5fb4 Merge branch 'bc/object-id'
Identify parts of the code that knows that we use SHA-1 hash to
name our objects too much, and use (1) symbolic constants instead
of hardcoded 20 as byte count and/or (2) use struct object_id
instead of unsigned char [20] for object names.

* bc/object-id:
  apply: convert threeway_stage to object_id
  patch-id: convert to use struct object_id
  commit: convert parts to struct object_id
  diff: convert struct combine_diff_path to object_id
  bulk-checkin.c: convert to use struct object_id
  zip: use GIT_SHA1_HEXSZ for trailers
  archive.c: convert to use struct object_id
  bisect.c: convert leaf functions to use struct object_id
  define utility functions for object IDs
  define a structure for object IDs
2015-05-05 21:00:23 -07:00
Stefan Beller
f0b1f1ece7 builtin/apply.c: fix a memleak
oldlines is allocated earlier in the function and also freed on the
successful code path.

Signed-off-by: Stefan Beller <sbeller@google.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-03-23 11:12:58 -07:00
brian m. carlson
d07d4ab401 apply: convert threeway_stage to object_id
Signed-off-by: brian m. carlson <sandals@crustytoothpaste.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-03-13 22:43:14 -07:00
Junio C Hamano
73b690a634 Merge branch 'jc/apply-ws-fix-expands-report'
"git apply --whitespace=fix" fixed whitespace errors in the common
context lines but did so without reporting.

* jc/apply-ws-fix-expands-report:
  apply: detect and mark whitespace errors in context lines when fixing
2015-03-03 14:37:02 -08:00
Junio C Hamano
71f19cce36 Merge branch 'jc/apply-beyond-symlink'
"git apply" was not very careful about reading from, removing,
updating and creating paths outside the working tree (under
--index/--cached) or the current directory (when used as a
replacement for GNU patch).

* jc/apply-beyond-symlink:
  apply: do not touch a file beyond a symbolic link
  apply: do not read from beyond a symbolic link
  apply: do not read from the filesystem under --index
  apply: reject input that touches outside the working area
2015-03-03 14:37:01 -08:00
Junio C Hamano
2764442ac9 Merge branch 'jc/apply-ws-fix-expands' into maint
"git apply --whitespace=fix" used to under-allocate the memory
when the fix resulted in a longer text than the original patch.

* jc/apply-ws-fix-expands:
  apply: count the size of postimage correctly
  apply: make update_pre_post_images() sanity check the given postlen
  apply.c: typofix
2015-02-24 22:10:41 -08:00
Junio C Hamano
faf723a631 Merge branch 'jk/blame-commit-label' into maint
"git blame HEAD -- missing" failed to correctly say "HEAD" when it
tried to say "No such path 'missing' in HEAD".

* jk/blame-commit-label:
  blame.c: fix garbled error message
  use xstrdup_or_null to replace ternary conditionals
  builtin/commit.c: use xstrdup_or_null instead of envdup
  builtin/apply.c: use xstrdup_or_null instead of null_strdup
  git-compat-util: add xstrdup_or_null helper
2015-02-24 22:09:54 -08:00
Junio C Hamano
38459ee6af Merge branch 'jc/apply-ws-fix-expands'
"git apply --whitespace=fix" used to under-allocate the memory
when the fix resulted in a longer text than the original patch.

* jc/apply-ws-fix-expands:
  apply: count the size of postimage correctly
  apply: make update_pre_post_images() sanity check the given postlen
  apply.c: typofix
2015-02-17 10:15:21 -08:00
Junio C Hamano
bb831db677 Merge branch 'ah/usage-strings'
* ah/usage-strings:
  standardize usage info string format
2015-02-11 13:44:20 -08:00
Junio C Hamano
092c4be7f5 Merge branch 'jk/blame-commit-label'
"git blame HEAD -- missing" failed to correctly say "HEAD" when it
tried to say "No such path 'missing' in HEAD".

* jk/blame-commit-label:
  blame.c: fix garbled error message
  use xstrdup_or_null to replace ternary conditionals
  builtin/commit.c: use xstrdup_or_null instead of envdup
  builtin/apply.c: use xstrdup_or_null instead of null_strdup
  git-compat-util: add xstrdup_or_null helper
2015-02-11 13:39:50 -08:00
Junio C Hamano
e0d201b616 apply: do not touch a file beyond a symbolic link
Because Git tracks symbolic links as symbolic links, a path that
has a symbolic link in its leading part (e.g. path/to/dir/file,
where path/to/dir is a symbolic link to somewhere else, be it
inside or outside the working tree) can never appear in a patch
that validly applies, unless the same patch first removes the
symbolic link to allow a directory to be created there.

Detect and reject such a patch.

Things to note:

 - Unfortunately, we cannot reuse the has_symlink_leading_path()
   from dir.c, as that is only about the working tree, but "git
   apply" can be told to apply the patch only to the index or to
   both the index and to the working tree.

 - We cannot directly use has_symlink_leading_path() even when we
   are applying only to the working tree, as an early patch of a
   valid input may remove a symbolic link path/to/dir and then a
   later patch of the input may create a path path/to/dir/file, but
   "git apply" first checks the input without touching either the
   index or the working tree.  The leading symbolic link check must
   be done on the interim result we compute in-core (i.e. after the
   first patch, there is no path/to/dir symbolic link and it is
   perfectly valid to create path/to/dir/file).

   Similarly, when an input creates a symbolic link path/to/dir and
   then creates a file path/to/dir/file, we need to flag it as an
   error without actually creating path/to/dir symbolic link in the
   filesystem.

Instead, for any patch in the input that leaves a path (i.e. a non
deletion) in the result, we check all leading paths against the
resulting tree that the patch would create by inspecting all the
patches in the input and then the target of patch application
(either the index or the working tree).

This way, we catch a mischief or a mistake to add a symbolic link
path/to/dir and a file path/to/dir/file at the same time, while
allowing a valid patch that removes a symbolic link path/to/dir and
then adds a file path/to/dir/file.

Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-02-10 14:19:48 -08:00
Junio C Hamano
fdc2c3a926 apply: do not read from beyond a symbolic link
We should reject a patch, whether it renames/copies dir/file to
elsewhere with or without modificiation, or updates dir/file in
place, if "dir/" part is actually a symbolic link to elsewhere,
by making sure that the code to read the preimage does not read
from a path that is beyond a symbolic link.

Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-02-10 13:41:39 -08:00
Junio C Hamano
3c37a2e339 apply: do not read from the filesystem under --index
We currently read the preimage to apply a patch from the index only
when the --cached option is given.  Do so also when the command is
running under the --index option.  With --index, the index entry and
the working tree file for a path that is involved in a patch must be
identical, so this should not affect the result, but by reading from
the index, we will get the protection to avoid reading an unintended
path beyond a symbolic link automatically.

Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-02-10 13:41:16 -08:00
Junio C Hamano
c536c0755f apply: reject input that touches outside the working area
By default, a patch that affects outside the working area (either a
Git controlled working tree, or the current working directory when
"git apply" is used as a replacement of GNU patch) is rejected as a
mistake (or a mischief).  Git itself does not create such a patch,
unless the user bends over backwards and specifies a non-standard
prefix to "git diff" and friends.

When `git apply` is used as a "better GNU patch", the user can pass
the `--unsafe-paths` option to override this safety check. This
option has no effect when `--index` or `--cached` is in use.

The new test was stolen from Jeff King with slight enhancements.
Note that a few new tests for touching outside the working area by
following a symbolic link are still expected to fail at this step,
but will be fixed in later steps.

Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-02-10 13:40:20 -08:00
Junio C Hamano
0a80bc9f13 apply: detect and mark whitespace errors in context lines when fixing
When the incoming patch has whitespace errors in a common context
line (i.e. a line that is expected to be found and is not modified
by the patch), "apply --whitespace=fix" corrects the whitespace
errors the line has, in addition to the whitespace error on a line
that is updated by the patch.  However, we did not count and report
that we fixed whitespace errors on such lines.

[jc: This is iffy.  What if the whitespace error has been fixed in
the target since the patch was written?  A common context line we
see in the patch has errors, and it matches a line in the target
that has the errors already corrected, resulting in no change, which
we may not want to count after all.  On the other hand, we are
reporting whitespace errors _in_ the incoming patch, so...]

Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-01-22 12:57:24 -08:00
Junio C Hamano
407a792ef7 apply: count the size of postimage correctly
Under --whitespace=fix option, match_fragment() function examines
the preimage (the common context and the removed lines in the patch)
and the file being patched and checks if they match after correcting
all whitespace errors.  When they are found to match, the common
context lines in the preimage is replaced with the fixed copy,
because these lines will then be copied to the corresponding place
in the postimage by a later call to update_pre_post_images().  Lines
that are added in the postimage, under --whitespace=fix, have their
whitespace errors already fixed when apply_one_fragment() prepares
the preimage and the postimage, so in the end, application of the
patch can be done by replacing the block of text in the file being
patched that matched the preimage with what is in the postimage that
was updated by update_pre_post_images().

In the earlier days, fixing whitespace errors always resulted in
reduction of size, either collapsing runs of spaces in the indent to
a tab or removing the trailing whitespaces.  These days, however,
some whitespace error fix results in extending the size.

250b3c6c (apply --whitespace=fix: avoid running over the postimage
buffer, 2013-03-22) tried to compute the final postimage size but
its math was flawed.  It counted the size of the block of text in
the original being patched after fixing the whitespace errors on its
lines that correspond to the preimage.  That number does not have
much to do with how big the final postimage would be.

Instead count (1) the added lines in the postimage, whose size is
the same as in the final patch result because their whitespace
errors have already been corrected, and (2) the fixed size of the
lines that are common.

Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-01-22 12:57:24 -08:00