Merge branch 'jk/path-name-safety-2.4' into maint-2.4
Bugfix patches were backported from the 'master' front to plug heap
corruption holes, to catch integer overflow in the computation of
pathname lengths, and to get rid of the name_path API. Both of
these would have resulted in writing over an under-allocated buffer
when formulating pathnames while tree traversal.
* jk/path-name-safety-2.4:
list-objects: pass full pathname to callbacks
list-objects: drop name_path entirely
list-objects: convert name_path to a strbuf
show_object_with_name: simplify by using path_name()
http-push: stop using name_path
tree-diff: catch integer overflow in combine_diff_path allocation
add helpers for detecting size_t overflow
diff --git a/builtin/pack-objects.c b/builtin/pack-objects.c
index c067107..4af92f1 100644
--- a/builtin/pack-objects.c
+++ b/builtin/pack-objects.c
@@ -2284,21 +2284,11 @@
index_commit_for_bitmap(commit);
}
-static void show_object(struct object *obj,
- const struct name_path *path, const char *last,
- void *data)
+static void show_object(struct object *obj, const char *name, void *data)
{
- char *name = path_name(path, last);
-
add_preferred_base_object(name);
add_object_entry(obj->sha1, obj->type, name, 0);
obj->flags |= OBJECT_ADDED;
-
- /*
- * We will have generated the hash from the name,
- * but not saved a pointer to it - we can free it
- */
- free((char *)name);
}
static void show_edge(struct commit *commit)
@@ -2480,8 +2470,7 @@
}
static void record_recent_object(struct object *obj,
- const struct name_path *path,
- const char *last,
+ const char *name,
void *data)
{
sha1_array_append(&recent_objects, obj->sha1);
diff --git a/builtin/rev-list.c b/builtin/rev-list.c
index c0b4b53..7ae2558 100644
--- a/builtin/rev-list.c
+++ b/builtin/rev-list.c
@@ -177,9 +177,7 @@
free_commit_buffer(commit);
}
-static void finish_object(struct object *obj,
- const struct name_path *path, const char *name,
- void *cb_data)
+static void finish_object(struct object *obj, const char *name, void *cb_data)
{
struct rev_list_info *info = cb_data;
if (obj->type == OBJ_BLOB && !has_sha1_file(obj->sha1))
@@ -188,15 +186,13 @@
parse_object(obj->sha1);
}
-static void show_object(struct object *obj,
- const struct name_path *path, const char *component,
- void *cb_data)
+static void show_object(struct object *obj, const char *name, void *cb_data)
{
struct rev_list_info *info = cb_data;
- finish_object(obj, path, component, cb_data);
+ finish_object(obj, name, cb_data);
if (info->flags & REV_LIST_QUIET)
return;
- show_object_with_name(stdout, obj, path, component);
+ show_object_with_name(stdout, obj, name);
}
static void show_edge(struct commit *commit)
diff --git a/diff.h b/diff.h
index 1ac0582..561635b 100644
--- a/diff.h
+++ b/diff.h
@@ -215,8 +215,8 @@
} parent[FLEX_ARRAY];
};
#define combine_diff_path_size(n, l) \
- (sizeof(struct combine_diff_path) + \
- sizeof(struct combine_diff_parent) * (n) + (l) + 1)
+ st_add4(sizeof(struct combine_diff_path), (l), 1, \
+ st_mult(sizeof(struct combine_diff_parent), (n)))
extern void show_combined_diff(struct combine_diff_path *elem, int num_parent,
int dense, struct rev_info *);
diff --git a/git-compat-util.h b/git-compat-util.h
index af5af22..061e33c 100644
--- a/git-compat-util.h
+++ b/git-compat-util.h
@@ -96,6 +96,14 @@
#define unsigned_add_overflows(a, b) \
((b) > maximum_unsigned_value_of_type(a) - (a))
+/*
+ * Returns true if the multiplication of "a" and "b" will
+ * overflow. The types of "a" and "b" must match and must be unsigned.
+ * Note that this macro evaluates "a" twice!
+ */
+#define unsigned_mult_overflows(a, b) \
+ ((a) && (b) > maximum_unsigned_value_of_type(a) / (a))
+
#ifdef __GNUC__
#define TYPEOF(x) (__typeof__(x))
#else
@@ -698,6 +706,32 @@
typedef void (*try_to_free_t)(size_t);
extern try_to_free_t set_try_to_free_routine(try_to_free_t);
+static inline size_t st_add(size_t a, size_t b)
+{
+ if (unsigned_add_overflows(a, b))
+ die("size_t overflow: %"PRIuMAX" + %"PRIuMAX,
+ (uintmax_t)a, (uintmax_t)b);
+ return a + b;
+}
+#define st_add3(a,b,c) st_add((a),st_add((b),(c)))
+#define st_add4(a,b,c,d) st_add((a),st_add3((b),(c),(d)))
+
+static inline size_t st_mult(size_t a, size_t b)
+{
+ if (unsigned_mult_overflows(a, b))
+ die("size_t overflow: %"PRIuMAX" * %"PRIuMAX,
+ (uintmax_t)a, (uintmax_t)b);
+ return a * b;
+}
+
+static inline size_t st_sub(size_t a, size_t b)
+{
+ if (a < b)
+ die("size_t underflow: %"PRIuMAX" - %"PRIuMAX,
+ (uintmax_t)a, (uintmax_t)b);
+ return a - b;
+}
+
#ifdef HAVE_ALLOCA_H
# include <alloca.h>
# define xalloca(size) (alloca(size))
diff --git a/http-push.c b/http-push.c
index c98dad2..8341909 100644
--- a/http-push.c
+++ b/http-push.c
@@ -1276,9 +1276,7 @@
}
static struct object_list **process_blob(struct blob *blob,
- struct object_list **p,
- struct name_path *path,
- const char *name)
+ struct object_list **p)
{
struct object *obj = &blob->object;
@@ -1292,14 +1290,11 @@
}
static struct object_list **process_tree(struct tree *tree,
- struct object_list **p,
- struct name_path *path,
- const char *name)
+ struct object_list **p)
{
struct object *obj = &tree->object;
struct tree_desc desc;
struct name_entry entry;
- struct name_path me;
obj->flags |= LOCAL;
@@ -1309,21 +1304,17 @@
die("bad tree object %s", sha1_to_hex(obj->sha1));
obj->flags |= SEEN;
- name = xstrdup(name);
p = add_one_object(obj, p);
- me.up = path;
- me.elem = name;
- me.elem_len = strlen(name);
init_tree_desc(&desc, tree->buffer, tree->size);
while (tree_entry(&desc, &entry))
switch (object_type(entry.mode)) {
case OBJ_TREE:
- p = process_tree(lookup_tree(entry.sha1), p, &me, name);
+ p = process_tree(lookup_tree(entry.sha1), p);
break;
case OBJ_BLOB:
- p = process_blob(lookup_blob(entry.sha1), p, &me, name);
+ p = process_blob(lookup_blob(entry.sha1), p);
break;
default:
/* Subproject commit - not in this repository */
@@ -1342,7 +1333,7 @@
int count = 0;
while ((commit = get_revision(revs)) != NULL) {
- p = process_tree(commit->tree, p, NULL, "");
+ p = process_tree(commit->tree, p);
commit->object.flags |= LOCAL;
if (!(commit->object.flags & UNINTERESTING))
count += add_send_request(&commit->object, lock);
@@ -1361,11 +1352,11 @@
continue;
}
if (obj->type == OBJ_TREE) {
- p = process_tree((struct tree *)obj, p, NULL, name);
+ p = process_tree((struct tree *)obj, p);
continue;
}
if (obj->type == OBJ_BLOB) {
- p = process_blob((struct blob *)obj, p, NULL, name);
+ p = process_blob((struct blob *)obj, p);
continue;
}
die("unknown pending object %s (%s)", sha1_to_hex(obj->sha1), name);
diff --git a/list-objects.c b/list-objects.c
index 41736d2..37d0d10 100644
--- a/list-objects.c
+++ b/list-objects.c
@@ -11,11 +11,12 @@
static void process_blob(struct rev_info *revs,
struct blob *blob,
show_object_fn show,
- struct name_path *path,
+ struct strbuf *path,
const char *name,
void *cb_data)
{
struct object *obj = &blob->object;
+ size_t pathlen;
if (!revs->blob_objects)
return;
@@ -24,7 +25,11 @@
if (obj->flags & (UNINTERESTING | SEEN))
return;
obj->flags |= SEEN;
- show(obj, path, name, cb_data);
+
+ pathlen = path->len;
+ strbuf_addstr(path, name);
+ show(obj, path->buf, cb_data);
+ strbuf_setlen(path, pathlen);
}
/*
@@ -52,7 +57,7 @@
static void process_gitlink(struct rev_info *revs,
const unsigned char *sha1,
show_object_fn show,
- struct name_path *path,
+ struct strbuf *path,
const char *name,
void *cb_data)
{
@@ -62,7 +67,6 @@
static void process_tree(struct rev_info *revs,
struct tree *tree,
show_object_fn show,
- struct name_path *path,
struct strbuf *base,
const char *name,
void *cb_data)
@@ -70,7 +74,6 @@
struct object *obj = &tree->object;
struct tree_desc desc;
struct name_entry entry;
- struct name_path me;
enum interesting match = revs->diffopt.pathspec.nr == 0 ?
all_entries_interesting: entry_not_interesting;
int baselen = base->len;
@@ -86,17 +89,12 @@
return;
die("bad tree object %s", sha1_to_hex(obj->sha1));
}
- obj->flags |= SEEN;
- show(obj, path, name, cb_data);
- me.up = path;
- me.elem = name;
- me.elem_len = strlen(name);
- if (!match) {
- strbuf_addstr(base, name);
- if (base->len)
- strbuf_addch(base, '/');
- }
+ obj->flags |= SEEN;
+ strbuf_addstr(base, name);
+ show(obj, base->buf, cb_data);
+ if (base->len)
+ strbuf_addch(base, '/');
init_tree_desc(&desc, tree->buffer, tree->size);
@@ -113,16 +111,16 @@
if (S_ISDIR(entry.mode))
process_tree(revs,
lookup_tree(entry.sha1),
- show, &me, base, entry.path,
+ show, base, entry.path,
cb_data);
else if (S_ISGITLINK(entry.mode))
process_gitlink(revs, entry.sha1,
- show, &me, entry.path,
+ show, base, entry.path,
cb_data);
else
process_blob(revs,
lookup_blob(entry.sha1),
- show, &me, entry.path,
+ show, base, entry.path,
cb_data);
}
strbuf_setlen(base, baselen);
@@ -213,19 +211,19 @@
continue;
if (obj->type == OBJ_TAG) {
obj->flags |= SEEN;
- show_object(obj, NULL, name, data);
+ show_object(obj, name, data);
continue;
}
if (!path)
path = "";
if (obj->type == OBJ_TREE) {
process_tree(revs, (struct tree *)obj, show_object,
- NULL, &base, path, data);
+ &base, path, data);
continue;
}
if (obj->type == OBJ_BLOB) {
process_blob(revs, (struct blob *)obj, show_object,
- NULL, path, data);
+ &base, path, data);
continue;
}
die("unknown pending object %s (%s)",
diff --git a/list-objects.h b/list-objects.h
index 136a1da..0cebf85 100644
--- a/list-objects.h
+++ b/list-objects.h
@@ -2,7 +2,7 @@
#define LIST_OBJECTS_H
typedef void (*show_commit_fn)(struct commit *, void *);
-typedef void (*show_object_fn)(struct object *, const struct name_path *, const char *, void *);
+typedef void (*show_object_fn)(struct object *, const char *, void *);
void traverse_commit_list(struct rev_info *, show_commit_fn, show_object_fn, void *);
typedef void (*show_edge_fn)(struct commit *);
diff --git a/pack-bitmap-write.c b/pack-bitmap-write.c
index c05d138..b2f6cb5 100644
--- a/pack-bitmap-write.c
+++ b/pack-bitmap-write.c
@@ -148,8 +148,7 @@
return entry->in_pack_pos;
}
-static void show_object(struct object *object, const struct name_path *path,
- const char *last, void *data)
+static void show_object(struct object *object, const char *name, void *data)
{
struct bitmap *base = data;
bitmap_set(base, find_object_pos(object->sha1));
diff --git a/pack-bitmap.c b/pack-bitmap.c
index 637770a..aee7acf 100644
--- a/pack-bitmap.c
+++ b/pack-bitmap.c
@@ -422,19 +422,15 @@
return bitmap_pos + bitmap_git.pack->num_objects;
}
-static void show_object(struct object *object, const struct name_path *path,
- const char *last, void *data)
+static void show_object(struct object *object, const char *name, void *data)
{
struct bitmap *base = data;
int bitmap_pos;
bitmap_pos = bitmap_position(object->sha1);
- if (bitmap_pos < 0) {
- char *name = path_name(path, last);
+ if (bitmap_pos < 0)
bitmap_pos = ext_index_add_object(object, name);
- free(name);
- }
bitmap_set(base, bitmap_pos);
}
@@ -902,9 +898,8 @@
size_t seen;
};
-static void test_show_object(struct object *object,
- const struct name_path *path,
- const char *last, void *data)
+static void test_show_object(struct object *object, const char *name,
+ void *data)
{
struct bitmap_test_data *tdata = data;
int bitmap_pos;
diff --git a/reachable.c b/reachable.c
index 69fa685..9b02954 100644
--- a/reachable.c
+++ b/reachable.c
@@ -36,15 +36,14 @@
* The traversal will have already marked us as SEEN, so we
* only need to handle any progress reporting here.
*/
-static void mark_object(struct object *obj, const struct name_path *path,
- const char *name, void *data)
+static void mark_object(struct object *obj, const char *name, void *data)
{
update_progress(data);
}
static void mark_commit(struct commit *c, void *data)
{
- mark_object(&c->object, NULL, NULL, data);
+ mark_object(&c->object, NULL, data);
}
struct recent_data {
diff --git a/revision.c b/revision.c
index 0b322b4..871812d 100644
--- a/revision.c
+++ b/revision.c
@@ -21,69 +21,13 @@
volatile show_early_output_fn_t show_early_output;
-char *path_name(const struct name_path *path, const char *name)
+void show_object_with_name(FILE *out, struct object *obj, const char *name)
{
- const struct name_path *p;
- char *n, *m;
- int nlen = strlen(name);
- int len = nlen + 1;
-
- for (p = path; p; p = p->up) {
- if (p->elem_len)
- len += p->elem_len + 1;
- }
- n = xmalloc(len);
- m = n + len - (nlen + 1);
- strcpy(m, name);
- for (p = path; p; p = p->up) {
- if (p->elem_len) {
- m -= p->elem_len + 1;
- memcpy(m, p->elem, p->elem_len);
- m[p->elem_len] = '/';
- }
- }
- return n;
-}
-
-static int show_path_component_truncated(FILE *out, const char *name, int len)
-{
- int cnt;
- for (cnt = 0; cnt < len; cnt++) {
- int ch = name[cnt];
- if (!ch || ch == '\n')
- return -1;
- fputc(ch, out);
- }
- return len;
-}
-
-static int show_path_truncated(FILE *out, const struct name_path *path)
-{
- int emitted, ours;
-
- if (!path)
- return 0;
- emitted = show_path_truncated(out, path->up);
- if (emitted < 0)
- return emitted;
- if (emitted)
- fputc('/', out);
- ours = show_path_component_truncated(out, path->elem, path->elem_len);
- if (ours < 0)
- return ours;
- return ours || emitted;
-}
-
-void show_object_with_name(FILE *out, struct object *obj,
- const struct name_path *path, const char *component)
-{
- struct name_path leaf;
- leaf.up = (struct name_path *)path;
- leaf.elem = component;
- leaf.elem_len = strlen(component);
+ const char *p;
fprintf(out, "%s ", sha1_to_hex(obj->sha1));
- show_path_truncated(out, &leaf);
+ for (p = name; *p && *p != '\n'; p++)
+ fputc(*p, out);
fputc('\n', out);
}
diff --git a/revision.h b/revision.h
index 0ea8b4e..1b58aac 100644
--- a/revision.h
+++ b/revision.h
@@ -256,16 +256,9 @@
extern void mark_parents_uninteresting(struct commit *commit);
extern void mark_tree_uninteresting(struct tree *tree);
-struct name_path {
- struct name_path *up;
- int elem_len;
- const char *elem;
-};
+char *path_name(struct strbuf *path, const char *name);
-char *path_name(const struct name_path *path, const char *name);
-
-extern void show_object_with_name(FILE *, struct object *,
- const struct name_path *, const char *);
+extern void show_object_with_name(FILE *, struct object *, const char *);
extern void add_pending_object(struct rev_info *revs,
struct object *obj, const char *name);
diff --git a/tree-diff.c b/tree-diff.c
index e7b378c..4b32d40 100644
--- a/tree-diff.c
+++ b/tree-diff.c
@@ -124,8 +124,8 @@
unsigned mode, const unsigned char *sha1)
{
struct combine_diff_path *p;
- int len = base->len + pathlen;
- int alloclen = combine_diff_path_size(nparent, len);
+ size_t len = st_add(base->len, pathlen);
+ size_t alloclen = combine_diff_path_size(nparent, len);
/* if last->next is !NULL - it is a pre-allocated memory, we can reuse */
p = last->next;
