Ything-RepoMirrors/libgit2
2
0
Fork 0
mirror of https://github.com/libgit2/libgit2.git synced 2026-01-25 11:06:32 +00:00
Code Issues Packages Projects Releases Wiki Activity
10,570 Commits 119 Branches 117 Tags
ethomson/027
Commit Graph

10570 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Edward Thomson
956395a529 ci: fail if requested test name is not found 2018-10-26 12:31:39 +01:00
Edward Thomson
19611316e7 cmake: define new-style test names in old-style cmake 2018-10-26 12:31:35 +01:00
Patrick Steinhardt
34d816bedf version: bump to v0.26.8 2018-10-26 12:41:05 +02:00
Patrick Steinhardt
79326221a3 CHANGELOG: update changelog for v0.26.8 2018-10-26 12:41:05 +02:00
Patrick Steinhardt
dabc26c728 commit: fix reading out of bounds when parsing encoding 
The commit message encoding is currently being parsed by the
`git__prefixcmp` function. As this function does not accept a buffer
length, it will happily skip over a buffer's end if it is not `NUL`
terminated.

Fix the issue by using `git__prefixncmp` instead. Add a test that
verifies that we are unable to parse the encoding field if it's cut off
by the supplied buffer length.

(cherry picked from commit 7655b2d89e)
 2018-10-25 12:56:06 +02:00
Patrick Steinhardt
53fd88739e tag: fix out of bounds read when searching for tag message 
When parsing tags, we skip all unknown fields that appear before the tag
message. This skipping is done by using a plain `strstr(buffer, "\n\n")`
to search for the two newlines that separate tag fields from tag
message. As it is not possible to supply a buffer length to `strstr`,
this call may skip over the buffer's end and thus result in an out of
bounds read. As `strstr` may return a pointer that is out of bounds, the
following computation of `buffer_end - buffer` will overflow and result
in an allocation of an invalid length.

Fix the issue by using `git__memmem` instead. Add a test that verifies
parsing the tag fails not due to the allocation failure but due to the
tag having no message.

(cherry picked from commit ee11d47e3d)
 2018-10-25 12:56:06 +02:00
Patrick Steinhardt
74a1557b6c util: provide git__memmem function 
Unfortunately, neither the `memmem` nor the `strnstr` functions are part
of any C standard but are merely extensions of C that are implemented by
e.g. glibc. Thus, there is no standardized way to search for a string in
a block of memory with a limited size, and using `strstr` is to be
considered unsafe in case where the buffer has not been sanitized. In
fact, there are some uses of `strstr` in exactly that unsafe way in our
codebase.

Provide a new function `git__memmem` that implements the `memmem`
semantics. That is in a given haystack of `n` bytes, search for the
occurrence of a byte sequence of `m` bytes and return a pointer to the
first occurrence. The implementation chosen is the "Not So Naive"
algorithm from [1]. It was chosen as the implementation is comparably
simple while still being reasonably efficient in most cases.
Preprocessing happens in constant time and space, searching has a time
complexity of O(n*m) with a slightly sub-linear average case.

[1]: http://www-igm.univ-mlv.fr/~lecroq/string/

(cherry picked from commit 83e8a6b36a)
 2018-10-25 12:56:06 +02:00
Patrick Steinhardt
3b57921f79 util: fix out of bounds read in error message 
When an integer that is parsed with `git__strntol32` is too big to fit
into an int32, we will generate an error message that includes the
actual string that failed to parse. This does not acknowledge the fact
that the string may either not be NUL terminated or alternative include
additional characters after the number that is to be parsed. We may thus
end up printing characters into the buffer that aren't the number or,
worse, read out of bounds.

Fix the issue by utilizing the `endptr` that was set by
`git__strntol64`. This pointer is guaranteed to be set to the first
character following the number, and we can thus use it to compute the
width of the number that shall be printed. Create a test to verify that
we correctly truncate the number.

(cherry picked from commit ea19efc19f)
 2018-10-19 13:52:43 +02:00
Patrick Steinhardt
fdb4d3a1fa util: avoid signed integer overflows in git__strntol64 
While `git__strntol64` tries to detect integer overflows when doing the
necessary arithmetics to come up with the final result, it does the
detection only after the fact. This check thus relies on undefined
behavior of signed integer overflows. Fix this by instead checking
up-front whether the multiplications or additions will overflow.

Note that a detected overflow will not cause us to abort parsing the
current sequence of digits. In the case of an overflow, previous
behavior was to still set up the end pointer correctly to point to the
first character immediately after the currently parsed number. We do not
want to change this now as code may rely on the end pointer being set up
correctly even if the parsed number is too big to be represented as
64 bit integer.

(cherry picked from commit b09c1c7b63)
 2018-10-19 13:52:43 +02:00
Patrick Steinhardt
8172b4d5fb tests: core::strtol: test for some more edge-cases 
Some edge cases were currently completely untested, e.g. parsing numbers
greater than INT64_{MIN,MAX}, truncating buffers by length and invalid
characters. Add tests to verify that the system under test performs as
expected.

(cherry picked from commit 39087ab8ef)
 2018-10-19 13:52:43 +02:00
Patrick Steinhardt
70bf984153 util: remove git__strtol32 
The function `git__strtol32` can easily be misused when untrusted data
is passed to it that may not have been sanitized with trailing `NUL`
bytes. As all usages of this function have now been removed, we can
remove this function altogether to avoid future misuse of it.

(cherry picked from commit 8d7fa88a9d)
 2018-10-19 13:52:43 +02:00
Patrick Steinhardt
bc0db2f9ae global: replace remaining use of git__strtol32 
Replace remaining uses of the `git__strtol32` function. While these uses
are all safe as the strings were either sanitized or from a trusted
source, we want to remove `git__strtol32` altogether to avoid future
misuse.

(cherry picked from commit 2613fbb26a)
 2018-10-19 13:52:43 +02:00
Patrick Steinhardt
bb20ebc07d tree-cache: avoid out-of-bound reads when parsing trees 
We use the `git__strtol32` function to parse the child and entry count
of treecaches from the index, which do not accept a buffer length. As
the buffer that is being passed in is untrusted data and may thus be
malformed and may not contain a terminating `NUL` byte, we can overrun
the buffer and thus perform an out-of-bounds read.

Fix the issue by uzing `git__strntol32` instead.

(cherry picked from commit 21652ee9de)
 2018-10-19 13:52:43 +02:00
Patrick Steinhardt
782d6f0e4c util: remove unsafe git__strtol64 function 
The function `git__strtol64` does not take a maximum buffer length as
parameter. This has led to some unsafe usages of this function, and as
such we may consider it as being unsafe to use. As we have now
eradicated all usages of this function, let's remove it completely to
avoid future misuse.

(cherry picked from commit 68deb2cc80)
 2018-10-19 13:52:43 +02:00
Patrick Steinhardt
8ae87727e6 config: remove last instance of git__strntol64 
When parsing integers from configuration values, we use `git__strtol64`.
This is fine to do, as we always sanitize values and can thus be sure
that they'll have a terminating `NUL` byte. But as this is the last
call-site of `git__strtol64`, let's just pass in the length explicitly
by calling `strlen` on the value to be able to remove `git__strtol64`
altogether.

(cherry picked from commit 1a2efd10bd)
 2018-10-19 13:52:43 +02:00
Patrick Steinhardt
c6d95b2a57 signature: avoid out-of-bounds reads when parsing signature dates 
We use `git__strtol64` and `git__strtol32` to parse the trailing commit
or author date and timezone of signatures. As signatures are usually
part of a commit or tag object and thus essentially untrusted data, the
buffer may be misformatted and may not be `NUL` terminated. This may
lead to an out-of-bounds read.

Fix the issue by using `git__strntol64` and `git__strntol32` instead.

(cherry picked from commit 3db9aa6f79)
 2018-10-19 13:52:39 +02:00
Patrick Steinhardt
fa56db3ca5 index: avoid out-of-bounds read when reading reuc entry stage 
We use `git__strtol64` to parse file modes of the index entries, which
does not limit the parsed buffer length. As the index can be essentially
treated as "untrusted" in that the data stems from the file system, it
may be misformatted and may not contain terminating `NUL` bytes. This
may lead to out-of-bounds reads when trying to parse index entries with
such malformatted modes.

Fix the issue by using `git__strntol64` instead.

(cherry picked from commit 600ceadd14)
 2018-10-19 13:51:28 +02:00
Patrick Steinhardt
9893abb396 commit_list: avoid use of strtol64 without length limit 
When quick-parsing a commit, we use `git__strtol64` to parse the
commit's time. The buffer that's passed to `commit_quick_parse` is the
raw data of an ODB object, though, whose data may not be properly
formatted and also does not have to be `NUL` terminated. This may lead
to out-of-bound reads.

Use `git__strntol64` to avoid this problem.

(cherry picked from commit 1a3fa1f5fa)
 2018-10-19 13:51:28 +02:00
Edward Thomson
0dc9dcd69d ci: don't stop on failure 
Don't stop on test failures; run all the tests, even when a test fails.

(cherry picked from commit 429c7f1141)
 2018-10-19 13:48:54 +02:00
Edward Thomson
f19a987035 ci: append -r flag to clar on windows 
Similar to the way we parse the ctest output on POSIX systems, do the
same on Windows.  This allows us to append the `-r` flag to clar after
we've identified the command to run.

(cherry picked from commit 7c9769d947)
 2018-10-19 13:48:54 +02:00
Edward Thomson
e12ecd032b ci: add SKIP_*_TESTS for windows builds 
Introduce SKIP_*_TEST variables for Windows builds to match POSIX
builds.

(cherry picked from commit a8301b0c19)
 2018-10-19 13:48:54 +02:00
Edward Thomson
65adf201c8 ci: write test result XML 
Add the clar flags to produce JUnit-style XML output before invocation.

(cherry picked from commit fff33a1b65)
 2018-10-19 13:48:54 +02:00
Patrick Steinhardt
d11f174c8e Revert "clar: introduce CLAR_XML option" 
This reverts commit a2d73f5643.
Using clar to propagate the XML settings was a mistake.

(cherry picked from commit 943181c2ef)
 2018-10-19 13:48:52 +02:00
Edward Thomson
18c17acf71 ci: only run the exact named test 
Our CI test system invokes ctest with the name of the given tests it
wishes to invoke.  ctest (with the `-R` flag) treats this name as a
regular expression.  Provide anchors in the regular expression to avoid
matching additional tests in this search.

(cherry picked from commit 7e353b7a14)
 2018-10-19 13:48:18 +02:00
Edward Thomson
9d1c4a0575 README: rename "VSTS" to "Azure DevOps" 
Visual Studio Team Services is now a family of applications named "Azure
DevOps".  Update the README to refer to it thusly.

(cherry picked from commit e2613039b3)
 2018-10-19 13:48:18 +02:00
Edward Thomson
57ad5c1c65 README: update the build badge to Azure Pipelines 
VSTS is now a family of components; "Azure Pipelines" is the build and
release pipeline application.

(cherry picked from commit 464305b74e)
 2018-10-19 13:48:18 +02:00
Patrick Steinhardt
a52c8cdb62 ci: rename vsts to azure-pipelines 
(cherry picked from commit d7d0139eb3)
 2018-10-19 13:48:18 +02:00
Edward Thomson
11cda4ba91 clar: iterate errors in report_all / report_errors 
Instead of trying to have a clever iterator pattern that increments the
error number, just iterate over errors in the report errors or report
all functions as it's easier to reason about in this fashion.

(cherry picked from commit d17e67d08d)
 2018-10-19 13:48:18 +02:00
Edward Thomson
e4664d20b9 ci: use more compatible strftime formats 
Windows lacks %F and %T formats for strftime.  Expand them to the
year/month/day and hour/minute/second formats, respectively.

(cherry picked from commit e595eeb5ab)
 2018-10-19 13:48:18 +02:00
Patrick Steinhardt
8c2d6c0d5a ci: use templates for VSTS builds 
Our build YAML is becoming unweildly and full of copy-pasta.  Simplify
with templates.

(cherry picked from commit 6b2d8f09bc)
 2018-10-19 13:48:18 +02:00
Edward Thomson
c509687d22 ci: explicitly run in the build directory 
Explicitly run from the build directory, not the source.  (I was
mistaken about the default working directory for VSTS agents.)

(cherry picked from commit 306875bc1c)
 2018-10-19 13:48:18 +02:00
Edward Thomson
0cbf011b37 ci: escape xml output path on Windows 
CMake treats backslashes as escape characters; use forward slashes for
the XML output path.

(cherry picked from commit f3f2c45ee6)
 2018-10-19 13:48:18 +02:00
Patrick Steinhardt
1e35c372e9 ci: upload test results 
(cherry picked from commit bfcbde5009)
 2018-10-19 13:48:18 +02:00
Patrick Steinhardt
05829da051 ci: write xml during test runs 
(cherry picked from commit a84863fc8d)
 2018-10-19 13:48:16 +02:00
Edward Thomson
f55a34fefb clar: remove globals; error-check fprintf/fclose 
Remove the global summary filename and file pointer; pass them in to the
summary functions as needed.  Error check the results of buffered I/O
calls.

(cherry picked from commit b67a93ff81)
 2018-10-19 13:47:21 +02:00
Edward Thomson
18932798e1 clar: introduce CLAR_XML option 
Introduce a CLAR_XML option, to run the `ctest` commands with the new
`-r` flag to clar.  Permitted values are `OFF`, `ON` and a directory to
write the XML test results to.

(cherry picked from commit a2d73f5643)
 2018-10-19 13:47:21 +02:00
Edward Thomson
7e656bad95 clar: accept a value for the summary filename 
Accept an (optional) value for the summary filename.  Continues to
default to summary.xml.

(cherry picked from commit baa5c20d08)
 2018-10-19 13:47:21 +02:00
Edward Thomson
4d380756db clar: don't use a variable named time 
(cherry picked from commit dbebcb04b4)
 2018-10-19 13:47:20 +02:00
Etienne Samson
f1f1f15df6 Barebones JUnit XML output 
(cherry picked from commit 59f1e477f7)
 2018-10-19 13:47:20 +02:00
Etienne Samson
d0098dbb85 Documentation 
(cherry picked from commit 3a9b96311d)
 2018-10-19 13:47:20 +02:00
Etienne Samson
52c3ef35ad Isolate test reports 
This makes it possible to keep track of every test status (even
successful ones), and their errors, if any.

(cherry picked from commit bf9fc12670)
 2018-10-19 13:47:20 +02:00
Edward Thomson
1cce9bb593 clar: refactor explicitly run test behavior 
Previously, supplying `-s` to explicitly enable some test(s) would run
the tests immediately from the argument parser.  This forces us to set
up the entire clar environment (for example: sandboxing) before argument
parsing takes place.

Refactor the behavior of `-s` to add the explicitly chosen tests to a
list that is executed later.  This untangles the argument parsing from
the setup lifecycle, allowing us to use the arguments to perform the
setup.

(cherry picked from commit 90753a9651)
 2018-10-19 13:47:20 +02:00
Edward Thomson
05b700a9dd README: remove travis 
(cherry picked from commit 76cfeb20fc)
 2018-10-19 13:47:20 +02:00
Edward Thomson
839b33664e ci: remove travis 
(cherry picked from commit 6fc946e870)
 2018-10-19 13:47:20 +02:00
Patrick Steinhardt
9a3fc39f56 Update .vsts-ci.yml 
(cherry picked from commit 7238a1e8c7)
 2018-10-19 13:47:20 +02:00
David Staheli
2e7ff77ff7 Update .vsts-nightly.yml 
(cherry picked from commit 40c3a97465)
 2018-10-19 13:47:20 +02:00
Etienne Samson
8cb1836182 ci: Correct the status code check so Coverity doesn't force-fail Travis 
Otherwise you get something like

Emitted 525 C/C++ compilation units (100%) successfully

525 C/C++ compilation units (100%) are ready for analysis
The cov-build utility completed successfully.
Build successfully submitted.
Received error code 200 from Coverity

travis_time:end:14cf6373:start=1534254309066933889,finish=1534254728190974302,duration=419124040413
The command "if [ -n "$COVERITY" ]; then ../ci/coverity.sh; fi" exited with 1.
travis_time:start:01ed61d4
$ if [ -z "$COVERITY" ]; then ../ci/build.sh && ../ci/test.sh; fi

travis_time:end:01ed61d4:start=1534254728197560961,finish=1534254728202711214,duration=5150253
The command "if [ -z "$COVERITY" ]; then ../ci/build.sh && ../ci/test.sh; fi" exited with 0.

Done. Your build exited with 1.

(cherry picked from commit 351ca66126)
 2018-10-19 13:47:20 +02:00
Edward Thomson
dde5d2774b readme: remove appveyor build badge 
(cherry picked from commit 658b8e8a59)
 2018-10-19 13:47:20 +02:00
Edward Thomson
dfe31dcac6 ci: remove appveyor 
(cherry picked from commit 3ce31df3ff)
 2018-10-19 13:47:20 +02:00
Edward Thomson
ddd1cf9bc8 ci: add VSTS build badge to README 
(cherry picked from commit a1ae41b80b)
 2018-10-19 13:47:20 +02:00