`has_dir_name` is used to check for directory/file collisions,
and attempts to determine whether the index contains a file with
a directory name that is a proper subset of the new index entry
that we're trying to add.
To determine directory name, the function would walk the path string
backwards to identify a `/`, stopping at the end of the string. However,
the function assumed that the strings did not start with a `/`. If the
paths contain only a single `/` at the beginning of the string, then the
function would continue the loop, erroneously, when they should have
stopped at the first character.
Correct the order of the tests to terminate properly.
Credit to Michael Rodler (@f0rki) and Amazon AWS Security.
When parsing a revspec that ends with a trailing `@`, explicitly stop
parsing. Introduce a sentinel variable to explicitly stop parsing.
Prior to this, we would set `spec` to `HEAD`, but were looping on the
value of `spec[pos]`, so we would continue walking the (new) `spec`
at offset `pos`, looking for a NUL. This is obviously an out-of-bounds
read.
Credit to Michael Rodler (@f0rki) and Amazon AWS Security.
Introduce a url parser that defaults to treating poorly specified URLs
as http URLs. For example: `localhost:8080` is treated as
`http://localhost:8080/` by the http-biased url parsing, instead of a
URL with a scheme `localhost` and a path of `8080`..
We are allowed to call `git_repository__cleanup` multiple times, and this
happens e.g. in rugged if we want to free up resources before GC gets around to
them.
This means that we cannot leave dangling pointers in it, which we were doing
with the grafts. Fix this by setting the pointers to NULL after freeing the resources.
This commit update the contributing documents with the
new IRC server and remove the old freenode.
Signed-off-by: Vincenzo Palazzo <vincenzopalazzodev@gmail.com>
Similar to previous issues around doing way too much verification at loading
time, checking whether the object index chunk is monotonic is better left for
git-fsck instead of every single time we want to look at something in the
repository.
As midx files grow, this starts taking more and more times. As an example, I
went looking for this because it's taking about 1.5s to do a single object
lookup in a repository that's ended up with a 7G multi-pack-index file.
Similar to a previous change where we had to change the casting when loading the
index file, we also need to make sure we don't restrict the numbers to 32-bit
when looking up objects in packfiles.
This was done about three years ago in git itself, but we never got he update in
this library.
These chunks work like extensions where it's fine not to know what one means. We
can skip over it and keep processing the file instead of erroring out.
