From 13d5bbdf72aab109c9b69994c90aaff2a0b7e42f Mon Sep 17 00:00:00 2001 From: Ronan Pigott Date: Wed, 9 Nov 2022 12:07:07 -0700 Subject: [PATCH 1/4] for-each-repo: interpolate repo path arguments This is a quality of life change for git-maintenance, so repos can be recorded with the tilde syntax. The register subcommand will not record repos in this format by default. Signed-off-by: Ronan Pigott Signed-off-by: Taylor Blau --- builtin/for-each-repo.c | 5 ++++- t/t0068-for-each-repo.sh | 6 ++++++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/builtin/for-each-repo.c b/builtin/for-each-repo.c index d45d873f57..6aeac37148 100644 --- a/builtin/for-each-repo.c +++ b/builtin/for-each-repo.c @@ -14,13 +14,16 @@ static int run_command_on_repo(const char *path, int argc, const char ** argv) { int i; struct child_process child = CHILD_PROCESS_INIT; + char *abspath = interpolate_path(path, 0); child.git_cmd = 1; - strvec_pushl(&child.args, "-C", path, NULL); + strvec_pushl(&child.args, "-C", abspath, NULL); for (i = 0; i < argc; i++) strvec_push(&child.args, argv[i]); + free(abspath); + return run_command(&child); } diff --git a/t/t0068-for-each-repo.sh b/t/t0068-for-each-repo.sh index 4675e85251..c6e0d65563 100755 --- a/t/t0068-for-each-repo.sh +++ b/t/t0068-for-each-repo.sh @@ -8,9 +8,11 @@ test_expect_success 'run based on configured value' ' git init one && git init two && git init three && + git init ~/four && git -C two commit --allow-empty -m "DID NOT RUN" && git config run.key "$TRASH_DIRECTORY/one" && git config --add run.key "$TRASH_DIRECTORY/three" && + git config --add run.key "~/four" && git for-each-repo --config=run.key commit --allow-empty -m "ran" && git -C one log -1 --pretty=format:%s >message && grep ran message && @@ -18,12 +20,16 @@ test_expect_success 'run based on configured value' ' ! grep ran message && git -C three log -1 --pretty=format:%s >message && grep ran message && + git -C ~/four log -1 --pretty=format:%s >message && + grep ran message && git for-each-repo --config=run.key -- commit --allow-empty -m "ran again" && git -C one log -1 --pretty=format:%s >message && grep again message && git -C two log -1 --pretty=format:%s >message && ! grep again message && git -C three log -1 --pretty=format:%s >message && + grep again message && + git -C ~/four log -1 --pretty=format:%s >message && grep again message ' From 1f80129d61bcc9a77b34b30bc42b2770b4b96deb Mon Sep 17 00:00:00 2001 From: Ronan Pigott Date: Wed, 9 Nov 2022 12:07:08 -0700 Subject: [PATCH 2/4] maintenance: add option to register in a specific config maintenance register currently records the maintenance repo exclusively within the user's global configuration, but other configuration files may be relevant when running maintenance if they are included from the global config. This option allows the user to choose where maintenance repos are recorded. Signed-off-by: Ronan Pigott Signed-off-by: Taylor Blau --- Documentation/git-maintenance.txt | 14 +++++----- builtin/gc.c | 45 ++++++++++++++++++++++--------- t/t7900-maintenance.sh | 21 ++++++++++++++- 3 files changed, 59 insertions(+), 21 deletions(-) diff --git a/Documentation/git-maintenance.txt b/Documentation/git-maintenance.txt index bb888690e4..805e5a2e3a 100644 --- a/Documentation/git-maintenance.txt +++ b/Documentation/git-maintenance.txt @@ -50,13 +50,13 @@ stop:: the background maintenance is restarted later. register:: - Initialize Git config values so any scheduled maintenance will - start running on this repository. This adds the repository to the - `maintenance.repo` config variable in the current user's global - config and enables some recommended configuration values for - `maintenance..schedule`. The tasks that are enabled are safe - for running in the background without disrupting foreground - processes. + Initialize Git config values so any scheduled maintenance will start + running on this repository. This adds the repository to the + `maintenance.repo` config variable in the current user's global config, + or the config specified by --config-file option, and enables some + recommended configuration values for `maintenance..schedule`. The + tasks that are enabled are safe for running in the background without + disrupting foreground processes. + The `register` subcommand will also set the `maintenance.strategy` config value to `incremental`, if this value is not previously set. The diff --git a/builtin/gc.c b/builtin/gc.c index 24ea85c7af..56b107e7f0 100644 --- a/builtin/gc.c +++ b/builtin/gc.c @@ -1454,13 +1454,15 @@ static char *get_maintpath(void) } static char const * const builtin_maintenance_register_usage[] = { - "git maintenance register", + "git maintenance register [--config-file ]", NULL }; static int maintenance_register(int argc, const char **argv, const char *prefix) { + char *config_file = NULL; struct option options[] = { + OPT_STRING(0, "config-file", &config_file, N_("file"), N_("use given config file")), OPT_END(), }; int found = 0; @@ -1497,12 +1499,16 @@ static int maintenance_register(int argc, const char **argv, const char *prefix) if (!found) { int rc; - char *user_config, *xdg_config; - git_global_config(&user_config, &xdg_config); - if (!user_config) - die(_("$HOME not set")); + char *user_config = NULL, *xdg_config = NULL; + + if (!config_file) { + git_global_config(&user_config, &xdg_config); + config_file = user_config; + if (!user_config) + die(_("$HOME not set")); + } rc = git_config_set_multivar_in_file_gently( - user_config, "maintenance.repo", maintpath, + config_file, "maintenance.repo", maintpath, CONFIG_REGEX_NONE, 0); free(user_config); free(xdg_config); @@ -1517,14 +1523,16 @@ static int maintenance_register(int argc, const char **argv, const char *prefix) } static char const * const builtin_maintenance_unregister_usage[] = { - "git maintenance unregister [--force]", + "git maintenance unregister [--config-file ] [--force]", NULL }; static int maintenance_unregister(int argc, const char **argv, const char *prefix) { int force = 0; + char *config_file = NULL; struct option options[] = { + OPT_STRING(0, "config-file", &config_file, N_("file"), N_("use given config file")), OPT__FORCE(&force, N_("return success even if repository was not registered"), PARSE_OPT_NOCOMPLETE), @@ -1542,7 +1550,14 @@ static int maintenance_unregister(int argc, const char **argv, const char *prefi usage_with_options(builtin_maintenance_unregister_usage, options); - list = git_config_get_value_multi(key); + struct config_set cs; + if (config_file) { + git_configset_init(&cs); + git_configset_add_file(&cs, config_file); + list = git_configset_get_value_multi(&cs, key); + } else { + list = git_config_get_value_multi(key); + } if (list) { for_each_string_list_item(item, list) { if (!strcmp(maintpath, item->string)) { @@ -1554,12 +1569,15 @@ static int maintenance_unregister(int argc, const char **argv, const char *prefi if (found) { int rc; - char *user_config, *xdg_config; - git_global_config(&user_config, &xdg_config); - if (!user_config) - die(_("$HOME not set")); + char *user_config = NULL, *xdg_config = NULL; + if (!config_file) { + git_global_config(&user_config, &xdg_config); + config_file = user_config; + if (!user_config) + die(_("$HOME not set")); + } rc = git_config_set_multivar_in_file_gently( - user_config, key, NULL, maintpath, + config_file, key, NULL, maintpath, CONFIG_FLAGS_MULTI_REPLACE | CONFIG_FLAGS_FIXED_VALUE); free(user_config); free(xdg_config); @@ -1572,6 +1590,7 @@ static int maintenance_unregister(int argc, const char **argv, const char *prefi die(_("repository '%s' is not registered"), maintpath); } + git_configset_clear(&cs); free(maintpath); return 0; } diff --git a/t/t7900-maintenance.sh b/t/t7900-maintenance.sh index 96bdd42045..823331e44a 100755 --- a/t/t7900-maintenance.sh +++ b/t/t7900-maintenance.sh @@ -500,9 +500,28 @@ test_expect_success 'register and unregister' ' git config --global --get-all maintenance.repo >actual && test_cmp before actual && + git config --file ./other --add maintenance.repo /existing1 && + git config --file ./other --add maintenance.repo /existing2 && + git config --file ./other --get-all maintenance.repo >before && + + git maintenance register --config-file ./other && + test_cmp_config false maintenance.auto && + git config --file ./other --get-all maintenance.repo >between && + cp before expect && + pwd >>expect && + test_cmp expect between && + + git maintenance unregister --config-file ./other && + git config --file ./other --get-all maintenance.repo >actual && + test_cmp before actual && + test_must_fail git maintenance unregister 2>err && grep "is not registered" err && - git maintenance unregister --force + git maintenance unregister --force && + + test_must_fail git maintenance unregister --config-file ./other 2>err && + grep "is not registered" err && + git maintenance unregister --config-file ./other --force ' test_expect_success !MINGW 'register and unregister with regex metacharacters' ' From be0fd5722853e56fab8bc99cea9791d7b90fd0dd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=86var=20Arnfj=C3=B6r=C3=B0=20Bjarmason?= Date: Tue, 15 Nov 2022 17:04:27 +0100 Subject: [PATCH 3/4] maintenance --unregister: fix uninit'd data use & -Wdeclaration-after-statement MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Since (maintenance: add option to register in a specific config, 2022-11-09) we've been unable to build with "DEVELOPER=1" without "DEVOPTS=no-error", as the added code triggers a "-Wdeclaration-after-statement" warning. And worse than that, the data handed to git_configset_clear() is uninitialized, as can be spotted with e.g.: ./t7900-maintenance.sh -vixd --run=23 --valgrind [...] + git maintenance unregister --force Conditional jump or move depends on uninitialised value(s) at 0x6B5F1E: git_configset_clear (config.c:2367) by 0x4BA64E: maintenance_unregister (gc.c:1619) by 0x4BD278: cmd_maintenance (gc.c:2650) by 0x409905: run_builtin (git.c:466) by 0x40A21C: handle_builtin (git.c:721) by 0x40A58E: run_argv (git.c:788) by 0x40AF68: cmd_main (git.c:926) by 0x5D39FE: main (common-main.c:57) Uninitialised value was created by a stack allocation at 0x4BA22C: maintenance_unregister (gc.c:1557) Let's fix both of these issues, and also move the scope of the variable to the "if" statement it's used in, to make it obvious where it's used. Helped-by: Johannes Schindelin Signed-off-by: Ævar Arnfjörð Bjarmason Signed-off-by: Taylor Blau --- builtin/gc.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/builtin/gc.c b/builtin/gc.c index 56b107e7f0..d87cf84041 100644 --- a/builtin/gc.c +++ b/builtin/gc.c @@ -1550,11 +1550,13 @@ static int maintenance_unregister(int argc, const char **argv, const char *prefi usage_with_options(builtin_maintenance_unregister_usage, options); - struct config_set cs; if (config_file) { + struct config_set cs; + git_configset_init(&cs); git_configset_add_file(&cs, config_file); list = git_configset_get_value_multi(&cs, key); + git_configset_clear(&cs); } else { list = git_config_get_value_multi(key); } @@ -1590,7 +1592,6 @@ static int maintenance_unregister(int argc, const char **argv, const char *prefi die(_("repository '%s' is not registered"), maintpath); } - git_configset_clear(&cs); free(maintpath); return 0; } From 03744bbdc4284fbb358abd5347c8bb157f301243 Mon Sep 17 00:00:00 2001 From: Taylor Blau Date: Tue, 15 Nov 2022 13:53:17 -0500 Subject: [PATCH 4/4] builtin/gc.c: fix use-after-free in maintenance_unregister() While trying to fix a move based on an uninitialized value (along with a declaration after the first statement), be0fd57228 (maintenance --unregister: fix uninit'd data use & -Wdeclaration-after-statement, 2022-11-15) unintentionally introduced a use-after-free. The problem arises when `maintenance_unregister()` sees a non-NULL `config_file` string and thus tries to call git_configset_get_value_multi() to lookup the corresponding values. We store the result off, and then call git_configset_clear(), which frees the pointer that we just stored. We then try to read that now-freed pointer a few lines below, and there we have our use-after-free: $ ./t7900-maintenance.sh -vxi --run=23 --valgrind [...] + git maintenance unregister --config-file ./other ==3048727== Invalid read of size 8 ==3048727== at 0x1869CA: maintenance_unregister (gc.c:1590) ==3048727== by 0x188F42: cmd_maintenance (gc.c:2651) ==3048727== by 0x128C62: run_builtin (git.c:466) ==3048727== by 0x12907E: handle_builtin (git.c:721) ==3048727== by 0x1292EC: run_argv (git.c:788) ==3048727== by 0x12988E: cmd_main (git.c:926) ==3048727== by 0x21ED39: main (common-main.c:57) ==3048727== Address 0x4b38bc8 is 24 bytes inside a block of size 64 free'd ==3048727== at 0x484617B: free (vg_replace_malloc.c:872) ==3048727== by 0x2D207E: free_individual_entries (hashmap.c:188) ==3048727== by 0x2D2153: hashmap_clear_ (hashmap.c:207) ==3048727== by 0x270B5C: git_configset_clear (config.c:2375) ==3048727== by 0x1869AC: maintenance_unregister (gc.c:1585) ==3048727== by 0x188F42: cmd_maintenance (gc.c:2651) ==3048727== by 0x128C62: run_builtin (git.c:466) ==3048727== by 0x12907E: handle_builtin (git.c:721) ==3048727== by 0x1292EC: run_argv (git.c:788) ==3048727== by 0x12988E: cmd_main (git.c:926) ==3048727== by 0x21ED39: main (common-main.c:57) [...] Resolve this via a partial-revert of be0fd57228. The config_set struct now gets a zero initialization, which makes free()-ing it a noop even without calling git_configset_init(). When we do initialize it to a non-zero value, it is only free()'d after our last read of `list`. Signed-off-by: Taylor Blau --- builtin/gc.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/builtin/gc.c b/builtin/gc.c index d87cf84041..38882a1e35 100644 --- a/builtin/gc.c +++ b/builtin/gc.c @@ -1543,6 +1543,7 @@ static int maintenance_unregister(int argc, const char **argv, const char *prefi int found = 0; struct string_list_item *item; const struct string_list *list; + struct config_set cs = { { 0 } }; argc = parse_options(argc, argv, prefix, options, builtin_maintenance_unregister_usage, 0); @@ -1551,12 +1552,9 @@ static int maintenance_unregister(int argc, const char **argv, const char *prefi options); if (config_file) { - struct config_set cs; - git_configset_init(&cs); git_configset_add_file(&cs, config_file); list = git_configset_get_value_multi(&cs, key); - git_configset_clear(&cs); } else { list = git_config_get_value_multi(key); } @@ -1592,6 +1590,7 @@ static int maintenance_unregister(int argc, const char **argv, const char *prefi die(_("repository '%s' is not registered"), maintpath); } + git_configset_clear(&cs); free(maintpath); return 0; }