From dc4179f9a76473176eb473f6f568b0006c823fba Mon Sep 17 00:00:00 2001 From: Deskin Miller Date: Mon, 22 Sep 2008 11:06:41 -0400 Subject: [PATCH 1/5] maint: check return of split_cmdline to avoid bad config strings As the testcase demonstrates, it's possible for split_cmdline to return -1 and deallocate any memory it's allocated, if the config string is missing an end quote. In both the cases below, which are the only calling sites, the return isn't checked, and using the pointer causes a pretty immediate segfault. Signed-off-by: Deskin Miller Acked-by: Miklos Vajna Signed-off-by: Shawn O. Pearce --- builtin-merge.c | 2 ++ git.c | 2 ++ t/t1300-repo-config.sh | 10 ++++++++++ 3 files changed, 14 insertions(+) diff --git a/builtin-merge.c b/builtin-merge.c index b280444e10..dcaf3681dc 100644 --- a/builtin-merge.c +++ b/builtin-merge.c @@ -442,6 +442,8 @@ static int git_merge_config(const char *k, const char *v, void *cb) buf = xstrdup(v); argc = split_cmdline(buf, &argv); + if (argc < 0) + die("Bad branch.%s.mergeoptions string", branch); argv = xrealloc(argv, sizeof(*argv) * (argc + 2)); memmove(argv + 1, argv, sizeof(*argv) * (argc + 1)); argc++; diff --git a/git.c b/git.c index fdb0f71019..5582c515ac 100644 --- a/git.c +++ b/git.c @@ -162,6 +162,8 @@ static int handle_alias(int *argcp, const char ***argv) alias_string + 1, alias_command); } count = split_cmdline(alias_string, &new_argv); + if (count < 0) + die("Bad alias.%s string", alias_command); option_count = handle_options(&new_argv, &count, &envchanged); if (envchanged) die("alias '%s' changes environment variables\n" diff --git a/t/t1300-repo-config.sh b/t/t1300-repo-config.sh index 64567fb94d..11b82f43dd 100755 --- a/t/t1300-repo-config.sh +++ b/t/t1300-repo-config.sh @@ -741,4 +741,14 @@ test_expect_success 'symlinked configuration' ' ' +test_expect_success 'check split_cmdline return' " + git config alias.split-cmdline-fix 'echo \"' && + test_must_fail git split-cmdline-fix && + echo foo > foo && + git add foo && + git commit -m 'initial commit' && + git config branch.master.mergeoptions 'echo \"' && + test_must_fail git merge master + " + test_done From da65e7c133cd316c9076fbb6b0aeee7bc42a6db8 Mon Sep 17 00:00:00 2001 From: Brandon Casey Date: Tue, 23 Sep 2008 18:57:09 -0500 Subject: [PATCH 2/5] git-stash.sh: don't default to refs/stash if invalid ref supplied apply_stash() and show_stash() each call rev-parse with '--default refs/stash' as an argument. This option causes rev-parse to operate on refs/stash if it is not able to successfully operate on any element of the command line. This includes failure to supply a "valid" revision. This has the effect of causing 'stash apply' and 'stash show' to operate as if stash@{0} had been supplied when an invalid revision is supplied. e.g. 'git stash apply stash@{1}' would fall back to 'git stash apply stash@{0}' This patch modifies these two functions so that they avoid using the --default option of rev-parse. Signed-off-by: Brandon Casey Signed-off-by: Shawn O. Pearce --- git-stash.sh | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/git-stash.sh b/git-stash.sh index d799c76378..6bd2572f77 100755 --- a/git-stash.sh +++ b/git-stash.sh @@ -144,7 +144,14 @@ show_stash () { then flags=--stat fi - s=$(git rev-parse --revs-only --no-flags --default $ref_stash "$@") + + if test $# = 0 + then + set x "$ref_stash@{0}" + shift + fi + + s=$(git rev-parse --revs-only --no-flags "$@") w_commit=$(git rev-parse --verify "$s") && b_commit=$(git rev-parse --verify "$s^") && @@ -163,13 +170,19 @@ apply_stash () { shift esac + if test $# = 0 + then + set x "$ref_stash@{0}" + shift + fi + # current index state c_tree=$(git write-tree) || die 'Cannot apply a stash in the middle of a merge' # stash records the work tree, and is a merge between the # base commit (first parent) and the index tree (second parent). - s=$(git rev-parse --revs-only --no-flags --default $ref_stash "$@") && + s=$(git rev-parse --revs-only --no-flags "$@") && w_tree=$(git rev-parse --verify "$s:") && b_tree=$(git rev-parse --verify "$s^1:") && i_tree=$(git rev-parse --verify "$s^2:") || From 85cf643f1b17ee5680ae816eb061f569b4e00478 Mon Sep 17 00:00:00 2001 From: Johan Herland Date: Thu, 25 Sep 2008 01:10:54 +0200 Subject: [PATCH 3/5] for-each-ref: Fix --format=%(subject) for log message without newlines 'git for-each-ref --format=%(subject)' currently returns an empty string if the log message does not contain a newline. This patch teaches 'git for-each-ref' to return the entire log message (instead of an empty string) if there is no newline in the log message. Signed-off-by: Johan Herland Signed-off-by: Shawn O. Pearce --- builtin-for-each-ref.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/builtin-for-each-ref.c b/builtin-for-each-ref.c index 21e92bbcb5..be9dc9e3f0 100644 --- a/builtin-for-each-ref.c +++ b/builtin-for-each-ref.c @@ -321,8 +321,8 @@ static const char *find_wholine(const char *who, int wholen, const char *buf, un static const char *copy_line(const char *buf) { const char *eol = strchr(buf, '\n'); - if (!eol) - return ""; + if (!eol) // simulate strchrnul() + eol = buf + strlen(buf); return xmemdupz(buf, eol - buf); } From 7fe4a728a16cf4e873702f8478fa3e28e8ae89ce Mon Sep 17 00:00:00 2001 From: Jonas Fonseca Date: Thu, 25 Sep 2008 10:35:38 +0200 Subject: [PATCH 4/5] checkout: Do not show local changes when in quiet mode Signed-off-by: Jonas Fonseca Signed-off-by: Shawn O. Pearce --- builtin-checkout.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/builtin-checkout.c b/builtin-checkout.c index 08c6d8614a..c4fc2b2c56 100644 --- a/builtin-checkout.c +++ b/builtin-checkout.c @@ -328,7 +328,7 @@ static int merge_working_tree(struct checkout_opts *opts, commit_locked_index(lock_file)) die("unable to write new index file"); - if (!opts->force) + if (!opts->force && !opts->quiet) show_local_changes(&new->commit->object); return 0; From 93feb4bb14dbd5c89701d6f2b0ab3d83dbc999c5 Mon Sep 17 00:00:00 2001 From: "Shawn O. Pearce" Date: Thu, 25 Sep 2008 08:27:41 -0700 Subject: [PATCH 5/5] Update release notes for 1.6.0.3 Signed-off-by: Shawn O. Pearce --- Documentation/RelNotes-1.6.0.3.txt | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/Documentation/RelNotes-1.6.0.3.txt b/Documentation/RelNotes-1.6.0.3.txt index ea1420d77a..46e13a450a 100644 --- a/Documentation/RelNotes-1.6.0.3.txt +++ b/Documentation/RelNotes-1.6.0.3.txt @@ -16,6 +16,22 @@ Fixes since v1.6.0.2 * Behaviour of "git diff --quiet" was inconsistent with "diff --exit-code" with the output redirected to /dev/null. +* "git stash apply sash@{1}" was fixed to error out. Prior versions + would have applied stash@{0} incorrectly. + +* "git for-each-ref --format=%(subject)" fixed for commits with no + no newline in the message body. + +* "git remote" fixed to protect printf from user input. + +* "git checkout -q" once again suppresses the locally modified file list. + +* Cross-directory renames are no longer used when creating packs. This + allows more graceful behavior on filesystems like sshfs. + +* Stale temporary files under $GIT_DIR/objects/pack are now cleaned up + automatically by "git prune". + * "Git.pm" tests relied on unnecessarily more recent version of Perl. * "gitweb" triggered undef warning on commits without log messages. @@ -24,6 +40,6 @@ Many other documentation updates. -- exec >/var/tmp/1 -O=v1.6.0.2-32-g8d11fde +O=v1.6.0.2-41-g7fe4a72 echo O=$(git describe maint) git shortlog --no-merges $O..maint