From e4efcd70604f2a294e020ec2e1bc38f01892cd19 Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Fri, 26 Sep 2025 10:32:50 +0000 Subject: [PATCH 1/3] http: offer to cast `size_t` to `curl_off_t` safely This commit moves the `xcurl_off_t()` function, which validates that a given value fits within the `curl_off_t` data type and then casts it, to a more central place so that it can be used outside of `remote-curl.c`, too. At the same time, this function is renamed to conform better with the naming convention of the helper functions that safely cast from one data type to another which has been well established in `git-compat-util.h`. With this move, `gettext.h` must be `#include`d in `http.h` to allow the error message to remain translatable. Signed-off-by: Johannes Schindelin Signed-off-by: Junio C Hamano --- http.h | 10 ++++++++++ remote-curl.c | 14 +++----------- 2 files changed, 13 insertions(+), 11 deletions(-) diff --git a/http.h b/http.h index 36202139f4..0a36dbd294 100644 --- a/http.h +++ b/http.h @@ -8,6 +8,7 @@ struct packed_git; #include #include +#include "gettext.h" #include "strbuf.h" #include "remote.h" @@ -95,6 +96,15 @@ static inline int missing__target(int code, int result) #define missing_target(a) missing__target((a)->http_code, (a)->curl_result) +static inline curl_off_t cast_size_t_to_curl_off_t(size_t a) +{ + uintmax_t size = a; + if (size > maximum_signed_value_of_type(curl_off_t)) + die(_("number too large to represent as curl_off_t " + "on this platform: %"PRIuMAX), (uintmax_t)a); + return (curl_off_t)a; +} + /* * Normalize curl results to handle CURL_FAILONERROR (or lack thereof). Failing * http codes have their "result" converted to CURLE_HTTP_RETURNED_ERROR, and diff --git a/remote-curl.c b/remote-curl.c index b8bc3a80cf..1bede365b9 100644 --- a/remote-curl.c +++ b/remote-curl.c @@ -894,14 +894,6 @@ static int probe_rpc(struct rpc_state *rpc, struct slot_results *results) return err; } -static curl_off_t xcurl_off_t(size_t len) -{ - uintmax_t size = len; - if (size > maximum_signed_value_of_type(curl_off_t)) - die(_("cannot handle pushes this big")); - return (curl_off_t)size; -} - /* * If flush_received is true, do not attempt to read any more; just use what's * in rpc->buf. @@ -999,7 +991,7 @@ retry: * and we just need to send it. */ curl_easy_setopt(slot->curl, CURLOPT_POSTFIELDS, gzip_body); - curl_easy_setopt(slot->curl, CURLOPT_POSTFIELDSIZE_LARGE, xcurl_off_t(gzip_size)); + curl_easy_setopt(slot->curl, CURLOPT_POSTFIELDSIZE_LARGE, cast_size_t_to_curl_off_t(gzip_size)); } else if (use_gzip && 1024 < rpc->len) { /* The client backend isn't giving us compressed data so @@ -1030,7 +1022,7 @@ retry: headers = curl_slist_append(headers, "Content-Encoding: gzip"); curl_easy_setopt(slot->curl, CURLOPT_POSTFIELDS, gzip_body); - curl_easy_setopt(slot->curl, CURLOPT_POSTFIELDSIZE_LARGE, xcurl_off_t(gzip_size)); + curl_easy_setopt(slot->curl, CURLOPT_POSTFIELDSIZE_LARGE, cast_size_t_to_curl_off_t(gzip_size)); if (options.verbosity > 1) { fprintf(stderr, "POST %s (gzip %lu to %lu bytes)\n", @@ -1043,7 +1035,7 @@ retry: * more normal Content-Length approach. */ curl_easy_setopt(slot->curl, CURLOPT_POSTFIELDS, rpc->buf); - curl_easy_setopt(slot->curl, CURLOPT_POSTFIELDSIZE_LARGE, xcurl_off_t(rpc->len)); + curl_easy_setopt(slot->curl, CURLOPT_POSTFIELDSIZE_LARGE, cast_size_t_to_curl_off_t(rpc->len)); if (options.verbosity > 1) { fprintf(stderr, "POST %s (%lu bytes)\n", rpc->service_name, (unsigned long)rpc->len); From 580cf0f2f6d38221fc4c5f17155c311915301a5c Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Fri, 26 Sep 2025 10:32:51 +0000 Subject: [PATCH 2/3] imap-send: be more careful when casting to `curl_off_t` When casting a `size_t` to `curl_off_t`, there is a currently uncommon chance that the value can be cut off (`curl_off_t` is expected to be a signed 64-bit data type). Signed-off-by: Johannes Schindelin Signed-off-by: Junio C Hamano --- imap-send.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/imap-send.c b/imap-send.c index 2e812f5a6e..29dc86ff27 100644 --- a/imap-send.c +++ b/imap-send.c @@ -1475,7 +1475,7 @@ static int curl_append_msgs_to_imap(struct imap_server_conf *server, lf_to_crlf(&msgbuf.buf); curl_easy_setopt(curl, CURLOPT_INFILESIZE_LARGE, - (curl_off_t)(msgbuf.buf.len-prev_len)); + cast_size_t_to_curl_off_t(msgbuf.buf.len-prev_len)); res = curl_easy_perform(curl); From ecc5749578cea0d1c6072c806649bf1076c7b4c3 Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Fri, 26 Sep 2025 10:32:52 +0000 Subject: [PATCH 3/3] http-push: avoid new compile error With the recent update in Git for Windows/ARM64 as of https://github.com/git-for-windows/git-sdk-arm64/commit/21b288e16358 cURL was updated from v8.15.0 to v8.16.0, and the LLVM-based builds (but strangely not the GCC-based builds) continuously greet me thusly: http-push.c:211:2: error: call to '_curl_easy_setopt_err_long' declared with 'warning' attribute: curl_easy_setopt expects a long argument [-Werror,-Wattribute-warning] CC builtin/apply.o 211 | curl_easy_setopt(curl, CURLOPT_INFILESIZE, buffer->buf.len); | ^ C:/a/git-sdk-arm64/git-sdk-arm64/minimal-sdk/clangarm64/include/curl/typecheck-gcc.h:50:15: note: expanded from macro 'curl_easy_setopt' 50 | _curl_easy_setopt_err_long(); \ | ^ 1 error generated. make: *** [Makefile:2877: http-push.o] Error 1 The easiest way to shut up that compile error (which is legitimate, seeing as the `CURLOPT_INFILESIZE` options expects a `long` parameter, but `buffer->buf.len` refers to the `size_t` attribute of a `strbuf`) would be to simply cast the parameter to a `long`. However, there is a much better solution: To use the `CURLOPT_INFILESIZE_LARGE` option instead, which was added in cURL v7.11.0 (see https://curl.se/ch/7.11.0.html) and which Git _already_ uses in `curl_append_msgs_to_imap()`. This fix was the motivation for renaming `xcurl_off_t()` to `cast_size_t_to_curl_off_t()` and making it available more broadly, which is the reason why it is used here, too. Signed-off-by: Johannes Schindelin Signed-off-by: Junio C Hamano --- http-push.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/http-push.c b/http-push.c index f5a92529a8..c06b94d5db 100644 --- a/http-push.c +++ b/http-push.c @@ -208,7 +208,8 @@ static void curl_setup_http(CURL *curl, const char *url, curl_easy_setopt(curl, CURLOPT_UPLOAD, 1L); curl_easy_setopt(curl, CURLOPT_URL, url); curl_easy_setopt(curl, CURLOPT_INFILE, buffer); - curl_easy_setopt(curl, CURLOPT_INFILESIZE, buffer->buf.len); + curl_easy_setopt(curl, CURLOPT_INFILESIZE_LARGE, + cast_size_t_to_curl_off_t(buffer->buf.len)); curl_easy_setopt(curl, CURLOPT_READFUNCTION, fread_buffer); curl_easy_setopt(curl, CURLOPT_SEEKFUNCTION, seek_buffer); curl_easy_setopt(curl, CURLOPT_SEEKDATA, buffer);