[PATCH 4/4] gc: remove broken refs

When encountering broken refs, such as a stale remote HEAD (which can happen if the active branch was renamed in the remote), it is more helpful to remove those refs than to exit with an error. This fixes https://github.com/git-for-windows/git/issues/423 Signed-off-by: Johannes Schindelin

[PATCH] branch: handle errors on setting tracking branches

The function `install_branch_config`, which is used to set up tracking branches, does not verify return codes of `git_config_set`. Due to this we may incorrectly print that a tracking branch has been set up when in fact we did not due to an error. Fix this by checking the return value of

Re: What's cooking in git.git (Sep 2015, #06; Wed, 23)

Hi Junio, On 2015-09-24 00:56, Junio C Hamano wrote: > * jc/fsck-dropped-errors (2015-09-23) 1 commit > - fsck: exit with non-zero when problems are found > > There were some classes of errors that "git fsck" diagnosed to its > standard error that did not cause it to exit with non-zero

Re: [PATCH v6 0/8] port branch.c to use the filtering part of ref-filter.

On Thu, Sep 24, 2015 at 12:46 AM, Junio C Hamano wrote: > Matthieu Moy writes: > >> The series looks good to me. I did a minor remark on PATCH 5/8 but this >> should not block inclusion. > > Thanks. As long as the log message is telling the

Re: [PATCH v6 5/8] branch: drop non-commit error reporting

On Thu, Sep 24, 2015 at 12:44 AM, Junio C Hamano wrote: > Karthik Nayak writes: > >> Remove the error reporting variable to make the code easier to port >> over to using ref-filter APIs. >> >> This also removes the error from being displayed. As branch.c

Re: [PATCH v6 5/8] branch: drop non-commit error reporting

Junio C Hamano writes: > Junio C Hamano writes: > >> Perhaps something like this (not even compile tested as both of my >> worktrees are doing something else) > > This time with a few additional tests. > > -- >8 -- > Subject: [PATCH] fsck: exit with

[PATCH 3/4] mark_reachable_objects(): optionally collect broken refs

The behavior of `mark_reachable_objects()` without this patch is that it dies if it encounters a broken ref. This is sometimes undesirable, e.g. when garbage collecting in a repository with a stale remote HEAD. So let's introduce an optional parameter to collect such broken refs. The behavior of

[PATCH 2/4] pack-objects: do not get distracted by stale refs

It is quite possible for, say, a remote HEAD to become stale, e.g. when the default branch was renamed. We should still be able to pack our objects when such a thing happens; simply ignore invalid refs (because they cannot matter for the packing process anyway). Signed-off-by: Johannes

[PATCH 1/4] gc: demonstrate failure with stale remote HEAD

Signed-off-by: Johannes Schindelin --- t/t6500-gc.sh | 15 +++ 1 file changed, 15 insertions(+) diff --git a/t/t6500-gc.sh b/t/t6500-gc.sh index 63194d8..b736774 100755 --- a/t/t6500-gc.sh +++ b/t/t6500-gc.sh @@ -30,4 +30,19 @@ test_expect_success 'gc -h

[PATCH 0/4] Fix gc failure when a remote HEAD goes stale

There has been a report in the Git for Windows project that gc fails sometimes: https://github.com/git-for-windows/git/issues/423 It turns out that there are cases when a remote HEAD can go stale and it is not the user's fault at all. It can happen, for example, if the active branch in the remote

Re: [PATCH v6 5/8] branch: drop non-commit error reporting

On Thu, Sep 24, 2015 at 12:27 AM, Matthieu Moy wrote: > Karthik Nayak writes: > >> Remove the error reporting variable to make the code easier to port >> over to using ref-filter APIs. >> >> This also removes the error from being displayed. As

Re: git-p4: t9819 failing

On 23 September 2015 at 13:28, Lars Schneider wrote: > >> Here's the last bit of the crash dump from git-p4 I get: >> >> File "/home/ldiamand/git/git/git-p4", line 2580, in streamP4FilesCbSelf >>self.streamP4FilesCb(entry) >> File "/home/ldiamand/git/git/git-p4",

[PATCH] connect: Fix typo in result string of prot_name()

Replace 'unkown' with 'unknown'. Signed-off-by: Tobias Klauser --- connect.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/connect.c b/connect.c index c0144d8..777f31c 100644 --- a/connect.c +++ b/connect.c @@ -254,7 +254,7 @@ static const char

Re: [PATCH] branch: handle errors on setting tracking branches

On Thu, Sep 24, 2015 at 12:32:01PM +0200, Patrick Steinhardt wrote: > The function `install_branch_config`, which is used to set up > tracking branches, does not verify return codes of > `git_config_set`. Due to this we may incorrectly print that a > tracking branch has been set up when in fact

Re: [PATCH 4/4] gc: remove broken refs

On Thu, Sep 24, 2015 at 11:14:02AM +0200, Johannes Schindelin wrote: > When encountering broken refs, such as a stale remote HEAD (which can > happen if the active branch was renamed in the remote), it is more > helpful to remove those refs than to exit with an error. For the same reasons as in

[PATCH] t5561: get rid of racy appending to logfile

The definition of log_div() appended information to the web server's logfile to make the test more readable. However, log_div() was called right after a request is served (which is done by git-http-backend); the web server waits for the git-http-backend process to exit before it writes to the log

Re: [PATCH 3/4] mark_reachable_objects(): optionally collect broken refs

On Thu, Sep 24, 2015 at 11:13:52AM +0200, Johannes Schindelin wrote: > The behavior of `mark_reachable_objects()` without this patch is that it > dies if it encounters a broken ref. This is sometimes undesirable, e.g. > when garbage collecting in a repository with a stale remote HEAD. > > So

Business Deal

I have a business deal for you worth 24.5m usd, Reply: wl548...@gmail.com for more details if interested. Thank You --- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus -- To unsubscribe from this list: send the line "unsubscribe git" in the

Re: [PATCH] t5561: get rid of racy appending to logfile

On Thu, Sep 24, 2015 at 08:12:22PM +0200, Stephan Beyer wrote: > The definition of log_div() appended information to the web server's > logfile to make the test more readable. However, log_div() was called > right after a request is served (which is done by git-http-backend); > the web server

[PATCH v6b 5/8] branch: drop non-commit error reporting

Remove the error "branch '%s' does not point at a commit" in apppend_ref() which reports branch refs which do not point to commits. Also remove the error "some refs could not be read" in print_ref_list() which is triggered as a consequence of the first error. This seems to be the wrong codepath

[PATCH 42/68] apply: convert root string to strbuf

We use manual computation and strcpy to allocate the "root" variable. This would be much simpler using xstrfmt. But since we store the length, too, we can just use a strbuf, which handles that for us. Note that we stop distinguishing between "no root" and "empty root" in some cases, but that's

[PATCH 63/68] convert strncpy to memcpy

strncpy is known to be a confusing function because of its termination semantics. These calls are all correct, but it takes some examination to see why. In particular, every one of them expects to copy up to the length limit, and then makes some arrangement for terminating the result. We can

[PATCH 04/68] fsck: don't fsck alternates for connectivity-only check

Commit 02976bf (fsck: introduce `git fsck --connectivity-only`, 2015-06-22) recently gave fsck an option to perform only a subset of the checks, by skipping the fsck_object_dir() call. However, it does so only for the local object directory, and we still do expensive checks on any alternate repos.

[RFC/PATCH v1] Add Travis CI support

From: Lars Schneider The tests are executed on "Ubuntu 12.04 LTS Server Edition 64 bit" and on "OS X Mavericks" using gcc and clang. Perforce and Git-LFS are installed and therefore available for the respective tests. Signed-off-by: Lars Schneider

[RFC/PATCH v1] Add Travis CI support

From: Lars Schneider Hi, I recently broke a few tests... In order to avoid that in the future I configured Travis CI for Git. With this patch Travis can run all Git tests including the "git-p4" and "Git-LFS" tests. The tests are executed on "Ubuntu 12.04 LTS Server

[PATCH 1/2] SQUASH???

This is a mixed bag of squashes. * pp_start_one() stuffed unborn child to the list of children when start_command() failed and start_failure() did not die(); return to the caller without corrupting children[] list in this case. * make poll(2) timeout used in pp_buffer_stderr()

[PATCH] t5561: get rid of racy appending to logfile

The definition of log_div() appended information to the web server's logfile to make the test more readable. However, log_div() was called right after a request is served (which is done by git-http-backend); the web server waits for the git-http-backend process to exit before it writes to the log

Re: [PATCH v7 0/7] git-p4: add support for large file systems

On 23 September 2015 at 12:42, Lars Schneider wrote: > > On 23 Sep 2015, at 13:25, Luke Diamand wrote: > >> Adding back git@vger.kernel.org, which I inadvertently dropped off the >> thread. >> >> On 23 September 2015 at 12:22, Luke Diamand

[PATCH 07/68] strbuf: make strbuf_complete_line more generic

The strbuf_complete_line function makes sure that a buffer ends in a newline. But we may want to do this for any character (e.g., "/" on the end of a path). Let's factor out a generic version, and keep strbuf_complete_line as a thin wrapper. Signed-off-by: Jeff King --- strbuf.h

[PATCH 26/68] replace trivial malloc + sprintf / strcpy calls with xstrfmt

It's a common pattern to do: foo = xmalloc(strlen(one) + strlen(two) + 1 + 1); sprintf(foo, "%s %s", one, two); (or possibly some variant with strcpy()s or a more complicated length computation). We can switch these to use xstrfmt, which is shorter, involves less error-prone manual

[PATCH 18/68] find_short_object_filename: convert sprintf to xsnprintf

We use sprintf() to format some hex data into a buffer. The buffer is clearly long enough, and using snprintf here is not necessary. And in fact, it does not really make anything easier to audit, as the size we feed to snprintf accounts for the magic extra 42 bytes found in each alt->name field of

[PATCH 23/68] add_packed_git: convert strcpy into xsnprintf

We have the path "foo.idx", and we create a buffer big enough to hold "foo.pack" and "foo.keep", and then strcpy straight into it. This isn't a bug (we have enough space), but it's very hard to tell from the strcpy that this is so. Let's instead use strip_suffix to take off the ".idx", record the

[PATCH 10/68] mailsplit: make PATH_MAX buffers dynamic

There are several PATH_MAX-sized buffers in mailsplit, along with some questionable uses of sprintf. These are not really of security interest, as local mailsplit pathnames are not typically under control of an attacker, and you could generally only overflow a few numbers at the end of a path

[PATCH 20/68] compat/hstrerror: convert sprintf to snprintf

This is a trivially correct use of sprintf, as our error number should not be excessively long. But it's still nice to drop an sprintf call. Note that we cannot use xsnprintf here, because this is compat code which does not load git-compat-util.h. Signed-off-by: Jeff King ---

[PATCH 13/68] test-dump-cache-tree: avoid overflow of cache-tree name

When dumping a cache-tree, we sprintf sub-tree names directly into a fixed-size buffer, which can overflow. We can trivially fix this by converting to xsnprintf to at least notice and die. This probably should handle arbitrary-sized names, but there's not much point. It's used only by the test

[PATCH 14/68] compat/inet_ntop: fix off-by-one in inet_ntop4

Our compat inet_ntop4 function writes to a temporary buffer with snprintf, and then uses strcpy to put the result into the final "dst" buffer. We check the return value of snprintf against the size of "dst", but fail to account for the NUL terminator. As a result, we may overflow "dst" with a

[PATCH 05/68] add xsnprintf helper function

There are a number of places in the code where we call sprintf(), with the assumption that the output will fit into the buffer. In many cases this is true (e.g., formatting a number into a large buffer), but it is hard to tell immediately from looking at the code. It would be nice if we had some

[PATCH 21/68] grep: use xsnprintf to format failure message

This looks at first glance like the sprintf can overflow our buffer, but it's actually fine; the p->origin string is something constant and small, like "command line" or "-e option". Signed-off-by: Jeff King --- grep.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)

[PATCH 19/68] stop_progress_msg: convert sprintf to xsnprintf

The usual arguments for using xsnprintf over sprintf apply, but this case is a little tricky. We print to a fixed-size buffer if we have room, and otherwise to an allocated buffer. So there should be no overflow here, but it is still good to communicate our intention, as well as to check our

[PATCH 15/68] convert trivial sprintf / strcpy calls to xsnprintf

We sometimes sprintf into fixed-size buffers when we know that the buffer is large enough to fit the input (either because it's a constant, or because it's numeric input that is bounded in size). Likewise with strcpy of constant strings. However, these sites make it hard to audit sprintf and

[PATCH 12/68] progress: store throughput display in a strbuf

Coverity noticed that we strncpy() into a fixed-size buffer without making sure that it actually ended up NUL-terminated. This is unlikely to be a bug in practice, since throughput strings rarely hit 32 characters, but it would be nice to clean it up. The most obvious way to do so is to add a

[PATCH 08/68] add reentrant variants of sha1_to_hex and find_unique_abbrev

The sha1_to_hex and find_unique_abbrev functions always write into reusable static buffers. There are a few problems with this: - future calls overwrite our result. This is especially annoying with find_unique_abbrev, which does not have a ring of buffers, so you cannot even printf() a

[PATCH 11/68] trace: use strbuf for quote_crnl output

When we output GIT_TRACE_SETUP paths, we quote any meta-characters. But our buffer to hold the result is only PATH_MAX bytes, and we could double the size of the input path (if every character needs quoting). We could use a 2*PATH_MAX buffer, if we assume the input will never be more than

[PATCH 25/68] receive-pack: convert strncpy to xsnprintf

This strncpy is pointless; we pass the strlen() of the src string, meaning that it works just like a memcpy. Worse, though, is that the size has no relation to the destination buffer, meaning it is a potential overflow. In practice, it's not. We pass only short constant strings like "warning: "

[PATCH 22/68] entry.c: convert strcpy to xsnprintf

This particular conversion is non-obvious, because nobody has passed our function the length of the destination buffer. However, the interface to checkout_entry specifies that the buffer must be at least TEMPORARY_FILENAME_LENGTH bytes long, so we can check that (meaning the existing code was not

[PATCH 09/68] fsck: use strbuf to generate alternate directories

When fsck-ing alternates, we make a copy of the alternate directory in a fixed PATH_MAX buffer. We memcpy directly, without any check whether we are overflowing the buffer. This is OK if PATH_MAX is a true representation of the maximum path on the system, because any path here will have already

[PATCH 17/68] use xsnprintf for generating git object headers

We generally use 32-byte buffers to format git's "type size" header fields. These should not generally overflow unless you can produce some truly gigantic objects (and our types come from our internal array of constant strings). But it is a good idea to use xsnprintf to make sure this is the case.

[PATCH 16/68] archive-tar: use xsnprintf for trivial formatting

When we generate tar headers, we sprintf() values directly into a struct with the fixed-size header values. For the most part this is fine, as we are formatting small values (e.g., the octal format of "mode & 0x" is of fixed length). But it's still a good idea to use xsnprintf here. It

[PATCH 06/68] add git_path_buf helper function

If you have a function that uses git_path a lot, but would prefer to avoid the static buffers, it's useful to keep a single scratch buffer locally and reuse it for each call. You used to be able to do this with git_snpath: char buf[PATH_MAX]; foo(git_snpath(buf, sizeof(buf), "foo"));

[PATCH v2 0/68] war on sprintf

This is a revised version of the series I sent earlier[1]. For those just joining us, the goal is to remove sprintf, strcpy, etc, to make it easier to audit the code base for buffer overflows. I've been addressing review comments for individual patches as the discussion progressed, so there's

[PATCH 02/68] mailsplit: fix FILE* leak in split_maildir

If we encounter an error while splitting a maildir, we exit the function early, leaking the open filehandle. This isn't a big deal, since we exit the program soon after, but it's easy enough to be careful. Signed-off-by: Jeff King --- builtin/mailsplit.c | 5 - 1 file

Re: [PATCH 54/68] drop strcpy in favor of raw sha1_to_hex

On Thu, Sep 24, 2015 at 5:08 PM, Jeff King wrote: > In some cases where we strcpy() the result of sha1_to_hex(), > there's no need; the result goes directly into a printf > statement, and we can simply pass the return value from > sha1_to_hex() directly. > > When this code was

Re: git-p4: t9819 failing

OK, slight correction there - it now doesn't crash getting the disk usage, but I think it still needs to be updated following the other changes to case-handling. Luke On 24 September 2015 at 08:45, Luke Diamand wrote: > On 23 September 2015 at 13:28, Lars Schneider

Re: diff not finding difference

On Thu, Sep 24, 2015 at 5:09 PM, Jack Adrian Zappa wrote: > This is a weird one: > > [file-1 begin] > > abcd efg hijklmnop > > [file-1 end] > > [file-2 begin] > > blah blah blah > / > abdc boo

[PATCH 0/2] Another squash on run-command: add an asynchronous parallel child processor

Here is another proposal for squashing. It's basically both squash proposals by Junio, plus another issues I think should be done right from the beginning. [added by sb:] * If you do not die() in start_failure_fn or return_value_fn, you don't want to write to stderr directly as you would

[PATCH 2/2] SQUASH for "fetch_populated_submodules: use new parallel job processing"

This fixes the function signature in the first user of the async run processor. Signed-off-by: Stefan Beller --- submodule.c | 6 -- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/submodule.c b/submodule.c index d7c7a6e..2c4396b 100644 --- a/submodule.c

Re: [PATCH 4/4] gc: remove broken refs

Jeff King writes: > For the same reasons as in my earlier responses, I think it's dangerous > to remove broken refs (it makes a small corruption much worse). It seems > reasonably sane to remove a dangling symref, though if we teach > for_each_ref to gracefully skip them, then

Re: [PATCH 1/1] configure: make curl-config path configurable

Remi Pommarel writes: > There are situations, ie during cross compilation, where curl-config program > is not present in the PATH. > > Make configure check that a custom curl-config program is passed by the user > through ac_cv_prog_CURL_CONFIG then set CURL_CONFIG variable

Teak Furniture

Teak Furniture, Famous teak wood is very strong and durable, therefore many processed into garden furniture, interior furniture and handicrafts. To see a variety of teak wood furniture you can visit http://www.horestco.com and you can also order it to your liking. -- View this message in

Re: [RFC/PATCH v1] Add Travis CI support

On do, 2015-09-24 at 17:41 -0700, Junio C Hamano wrote: > larsxschnei...@gmail.com writes: > > > My idea is that the owner of "https://github.com/git/git; enables this > > account > > for Travis (it's free!). Then we would automatically get the test state for > > all > > official branches. > >

Re: [PATCH v2 1/1] Makefile: link libcurl before openssl and crypto

Remi Pommarel writes: > For static linking especially library order while linking is important. For > example libssl contains symbol from libcrypto so the former should be linked > before the latter. That example is not a very good one to use for two reasons: (1)

[PATCH] t/perf: make runner work even if Git is not installed

aggregate.perl did not work when Git.pm is not installed to a directory contained in the default Perl library path list or PERLLIB. This commit prepends the Perl library path of the current Git source tree to enable this. Note that this commit adds a hard-coded relative path use lib

Re: [PATCH 2/4] pack-objects: do not get distracted by stale refs

On Thu, Sep 24, 2015 at 11:13:44AM +0200, Johannes Schindelin wrote: > It is quite possible for, say, a remote HEAD to become stale, e.g. when > the default branch was renamed. > > We should still be able to pack our objects when such a thing happens; > simply ignore invalid refs (because they

Re: [PATCH 4/4] gc: remove broken refs

On Thu, Sep 24, 2015 at 05:08:41PM -0700, Junio C Hamano wrote: > One thing I wondered was if we can reliably tell between a ref that > wanted to be a real ref that records a broken object name and a ref > that wanted to be a symbolic ref that points a bogus thing, and if > we can't, should we

Re: [PATCH v6b 5/8] branch: drop non-commit error reporting

Karthik Nayak writes: > Remove the error "branch '%s' does not point at a commit" in > apppend_ref() which reports branch refs which do not point to > commits. Also remove the error "some refs could not be read" in > print_ref_list() which is triggered as a consequence of

[PATCH v2 1/1] Makefile: link libcurl before openssl and crypto

For static linking especially library order while linking is important. For example libssl contains symbol from libcrypto so the former should be linked before the latter. The global link order should be libcurl then libssl then libcrypto then libintl and finally zlib. Signed-off-by: Remi

[PATCH 1/1] configure.ac: detect ssl need with libcurl

When libcurl has been statically compiled with openssl support they both need to be linked in everytime libcurl is used. During configuration this can be detected by looking for Curl_ssl_init function symbol in libcurl, which will only be present if libcurl has been compiled statically built with

Re: [PATCH 1/2] SQUASH???

Stefan Beller writes: > * If you do not die() in start_failure_fn or return_value_fn, you >don't want to write to stderr directly as you would destroy the fine >ordering of the processes output. So make the err strbuf available in >both these functions, and make

Re: [PATCH 0/2] Another squash on run-command: add an asynchronous parallel child processor

Stefan Beller writes: > * If you do not die() in start_failure_fn or return_value_fn, you >don't want to write to stderr directly as you would destroy the fine >ordering of the processes output. So make the err strbuf available in >both these functions, and make

Re: [PATCH 1/2] SQUASH???

Junio C Hamano writes: > I think that is a sensible change. Don't we want the same for the > other failure handler, though. Capture any message from it and > append it to the output of the process that just finished, or > something? Ah, that is already done. Scratch that

Re: [RFC/PATCH v1] Add Travis CI support

larsxschnei...@gmail.com writes: > In order to avoid that in the future I configured Travis CI for Git. With this > patch Travis can run all Git tests including the "git-p4" and "Git-LFS" tests. Interesting. I was wondering about the "p4" part myself. > My idea is that the owner of

[PATCH 1/1] configure: make curl-config path configurable

There are situations, ie during cross compilation, where curl-config program is not present in the PATH. Make configure check that a custom curl-config program is passed by the user through ac_cv_prog_CURL_CONFIG then set CURL_CONFIG variable accordingly in config.mak.autogen. Makefile uses this

[PATCH 03/68] archive-tar: fix minor indentation violation

This looks like a simple omission from 8539070 (archive-tar: unindent write_tar_entry by one level, 2012-05-03). Signed-off-by: Jeff King --- archive-tar.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/archive-tar.c b/archive-tar.c index 0d1e6bd..b6b30bb

[PATCH 01/68] show-branch: avoid segfault with --reflog of unborn branch

When no branch is given to the "--reflog" option, we resolve HEAD to get the default branch. However, if HEAD points to an unborn branch, resolve_ref returns NULL, and we later segfault trying to access it. Signed-off-by: Jeff King --- builtin/show-branch.c | 2 ++ 1 file

[PATCH 48/68] diagnose_invalid_index_path: use strbuf to avoid strcpy/strcat

We dynamically allocate a buffer and then strcpy and strcat into it. This isn't buggy, but we'd prefer to avoid these suspicious functions. This would be a good candidate for converstion to xstrfmt, but we need to record the length for dealing with index entries. A strbuf handles that for us.

[PATCH 55/68] color: add overflow checks for parsing colors

Our color parsing is designed to never exceed COLOR_MAXLEN bytes. But the relationship between that hand-computed number and the parsing code is not at all obvious, and we merely hope that it has been computed correctly for all cases. Let's mark the expected "end" pointer for the destination

[PATCH 61/68] color: add color_set helper for copying raw colors

To set up default colors, we sometimes strcpy() from the default string literals into our color buffers. This isn't a bug (assuming the destination is COLOR_MAXLEN bytes), but makes it harder to audit the code for problematic strcpy calls. Let's introduce a color_set which copies under the

[PATCH 60/68] prefer memcpy to strcpy

When we already know the length of a string (e.g., because we just malloc'd to fit it), it's nicer to use memcpy than strcpy, as it makes it more obvious that we are not going to overflow the buffer (because the size we pass matches the size in the allocation). This also eliminates calls to

[PATCH 24/68] http-push: replace strcat with xsnprintf

We account for these strcats in our initial allocation, but the code is confusing to follow and verify. Let's remember our original allocation length, and then xsnprintf can verify that we don't exceed it. Note that we can't just use xstrfmt here (which would be even cleaner) because the code

[PATCH 66/68] fsck: use for_each_loose_file_in_objdir

Since 27e1e22 (prune: factor out loose-object directory traversal, 2014-10-15), we now have a generic callback system for iterating over the loose object directories. This is used by prune, count-objects, etc. We did not convert git-fsck at the time because it implemented an inode-sorting scheme

[PATCH 68/68] name-rev: use strip_suffix to avoid magic numbers

The manual size computations here are correct, but using strip_suffix makes that obvious, and hopefully communicates the intent of the code more clearly. Signed-off-by: Jeff King --- builtin/name-rev.c | 9 - 1 file changed, 4 insertions(+), 5 deletions(-) diff --git

[PATCH 52/68] daemon: use cld->env_array when re-spawning

This avoids an ugly strcat into a fixed-size buffer. It's not wrong (the buffer is plenty large enough for an IPv6 address plus some minor formatting), but it takes some effort to verify that. Unfortunately we are still stuck with some fixed-size buffers to hold the output of inet_ntop. But at

[PATCH 44/68] merge-recursive: convert malloc / strcpy to strbuf

This would be a fairly routine use of xstrfmt, except that we need to remember the length of the result to pass to cache_name_pos. So just use a strbuf, which makes this simple. As a bonus, this gets rid of confusing references to "pathlen+1". The "1" is for the trailing slash we added, but that

[PATCH 41/68] init: use strbufs to store paths

The init code predates strbufs, and uses PATH_MAX-sized buffers along with many manual checks on intermediate sizes (some of which make magic assumptions, such as that init will not create a path inside .git longer than 50 characters). We can simplify this greatly by using strbufs, which drops

[PATCH 37/68] remote-ext: simplify git pkt-line generation

We format a pkt-line into a heap buffer, which requires manual computation of the required size, and uses some bare sprintf calls. We could use a strbuf instead, which would take care of the computation for us. But it's even easier still to use packet_write(). Besides handling the formatting and

Fwd: diff not finding difference

This is a weird one: [file-1 begin] abcd efg hijklmnop [file-1 end] [file-2 begin] blah blah blah / abdc boo ya! [file-2 end] Do a diff between these and it won't find any difference. Same with the following

[PATCH 30/68] ref-filter: drop sprintf and strcpy calls

The ref-filter code comes from for-each-ref, and inherited a number of raw sprintf and strcpy calls. These are generally all safe, as we custom-size the buffers, or are formatting numbers into sufficiently large buffers. But we can make the resulting code even simpler and more obviously correct by

[PATCH 31/68] help: drop prepend function in favor of xstrfmt

This function predates xstrfmt, and its functionality is a subset. Let's just use xstrfmt. Signed-off-by: Jeff King --- builtin/help.c | 14 ++ 1 file changed, 2 insertions(+), 12 deletions(-) diff --git a/builtin/help.c b/builtin/help.c index 3422e73..fba8c01 100644

[PATCH 64/68] fsck: drop inode-sorting code

Fsck tries to access loose objects in order of inode number, with the hope that this would make cold cache access faster on a spinning disk. This dates back to 7e8c174 (fsck-cache: sort entries by inode number, 2005-05-02), which predates the invention of packfiles. These days, there's not much

[PATCH 54/68] drop strcpy in favor of raw sha1_to_hex

In some cases where we strcpy() the result of sha1_to_hex(), there's no need; the result goes directly into a printf statement, and we can simply pass the return value from sha1_to_hex() directly. When this code was originally written, sha1_to_hex used a single buffer, and it was not safe to use

[PATCH 40/68] sha1_get_pack_name: use a strbuf

We do some manual memory computation here, and there's no check that our 60 is not overflowed by the raw sprintf (it isn't, because the "which" parameter is never longer than "pack"). We can simplify this greatly with a strbuf. Technically the end result is not identical, as the original took

[PATCH 53/68] use sha1_to_hex_r() instead of strcpy

Before sha1_to_hex_r() existed, a simple way to get hex sha1 into a buffer was with: strcpy(buf, sha1_to_hex(sha1)); This isn't wrong (assuming the buf is 41 characters), but it makes auditing the code base for bad strcpy() calls harder, as these become false positives. Let's convert them to

[PATCH 38/68] http-push: use strbuf instead of fwrite_buffer

The http-push code defines an fwrite_buffer function for use as a curl callback; it just writes to a strbuf. There's no reason we need to use it ourselves, as we know we have a strbuf. This lets us format directly into it, rather than dealing with an extra temporary buffer (which required manual

[PATCH 62/68] notes: document length of fanout path with a constant

We know that a fanned-out sha1 in a notes tree cannot be more than "aa/bb/cc/...", and we have an assert() to confirm that. But let's factor out that length into a constant so we can be sure it is used consistently. And even though we assert() earlier, let's replace a strcpy with xsnprintf, so it

[PATCH 67/68] use strbuf_complete to conditionally append slash

When working with paths in strbufs, we frequently want to ensure that a directory contains a trailing slash before appending to it. We can shorten this code (and make the intent more obvious) by calling strbuf_complete. Most of these cases are trivially identical conversions, but there are two

[PATCH 49/68] fetch-pack: use argv_array for index-pack / unpack-objects

This cleans up a magic number that must be kept in sync with the rest of the code (the number of argv slots). It also lets us drop some fixed buffers and an sprintf (since we can now use argv_array_pushf). We do still have to keep one fixed buffer for calling gethostname, but at least now the

[PATCH 45/68] enter_repo: convert fixed-size buffers to strbufs

We use two PATH_MAX-sized buffers to represent the repo path, and must make sure not to overflow them. We do take care to check the lengths, but the logic is rather hard to follow, as we use several magic numbers (e.g., "PATH_MAX - 10"). And in fact you _can_ overflow the buffer if you have a

[PATCH 65/68] Makefile: drop D_INO_IN_DIRENT build knob

Now that fsck has dropped its inode-sorting, there are no longer any users of this knob, and it can go away. Signed-off-by: Jeff King --- Makefile | 5 - config.mak.uname | 3 --- configure.ac | 7 --- 3 files changed, 15 deletions(-) diff --git a/Makefile

[PATCH 32/68] mailmap: replace strcpy with xstrdup

We want to make a copy of a string without any leading whitespace. To do so, we allocate a buffer large enough to hold the original, skip past the whitespace, then copy that. It's much simpler to just allocate after we've skipped, in which case we can just copy the remainder of the string, leaving

[PATCH 39/68] http-walker: store url in a strbuf

We do an unchecked sprintf directly into our url buffer. This doesn't overflow because we know that it was sized for "$base/objects/info/http-alternates", and we are writing "$base/objects/info/alternates", which must be smaller. But that is not immediately obvious to a reader who is looking for

  1   2   >