summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2022-09-13Merge a handful of topics from the 'master' frontmaintJunio C Hamano
As the 'master' front will soon tag a preview and then release candidates for 2.38, it is unknown if we are going to issue another maintenance release on the 2.37.x track, but as we have accumulated enough material there, let's prepare a draft for it. Even if we end up not tagging 2.37.4, it would help motivated distro packagers to maintain their slightly older and "more stable" versions. Signed-off-by: Junio C Hamano <gitster@pobox.com>
2022-09-13Merge branch 'en/merge-unstash-only-on-clean-merge' into maintJunio C Hamano
The auto-stashed local changes created by "git merge --autostash" was mixed into a conflicted state left in the working tree, which has been corrected. * en/merge-unstash-only-on-clean-merge: merge: only apply autostash when appropriate
2022-09-13Merge branch 'ds/github-actions-use-newer-ubuntu' into maintJunio C Hamano
Update the version of Ubuntu used for GitHub Actions CI from 18.04 to 22.04. * ds/github-actions-use-newer-ubuntu: ci: update 'static-analysis' to Ubuntu 22.04
2022-09-13Merge branch 'ad/preload-plug-memleak' into maintJunio C Hamano
The preload-index codepath made copies of pathspec to give to multiple threads, which were left leaked. * ad/preload-plug-memleak: preload-index: fix memleak
2022-09-13Merge branch 'sg/xcalloc-cocci-fix' into maintJunio C Hamano
xcalloc(), imitating calloc(), takes "number of elements of the array", and "size of a single element", in this order. A call that does not follow this ordering has been corrected. * sg/xcalloc-cocci-fix: promisor-remote: fix xcalloc() argument order
2022-09-13Merge branch 'jk/pipe-command-nonblock' into maintJunio C Hamano
Fix deadlocks between main Git process and subprocess spawned via the pipe_command() API, that can kill "git add -p" that was reimplemented in C recently. * jk/pipe-command-nonblock: pipe_command(): mark stdin descriptor as non-blocking pipe_command(): handle ENOSPC when writing to a pipe pipe_command(): avoid xwrite() for writing to pipe git-compat-util: make MAX_IO_SIZE define globally available nonblock: support Windows compat: add function to enable nonblocking pipes
2022-09-13Merge branch 'jk/is-promisor-object-keep-tree-in-use' into maintJunio C Hamano
An earlier optimization discarded a tree-object buffer that is still in use, which has been corrected. * jk/is-promisor-object-keep-tree-in-use: is_promisor_object(): fix use-after-free of tree buffer
2022-08-30Git 2.37.3v2.37.3Junio C Hamano
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2022-08-26A handful more topics from the 'master' front for 2.37.3Junio C Hamano
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2022-08-26Merge branch 'po/doc-add-renormalize' into maintJunio C Hamano
Documentation for "git add --renormalize" has been improved. source: <20220810144450.470-2-philipoakley@iee.email> * po/doc-add-renormalize: doc add: renormalize is not idempotent for CRCRLF
2022-08-26Merge branch 'vd/sparse-reset-checkout-fixes' into maintJunio C Hamano
Fixes to sparse index compatibility work for "reset" and "checkout" commands. source: <pull.1312.v3.git.1659985672.gitgitgadget@gmail.com> * vd/sparse-reset-checkout-fixes: unpack-trees: unpack new trees as sparse directories cache.h: create 'index_name_pos_sparse()' oneway_diff: handle removed sparse directories checkout: fix nested sparse directory diff in sparse index
2022-08-26Merge branch 'jk/fsck-tree-mode-bits-fix' into maintJunio C Hamano
"git fsck" reads mode from tree objects but canonicalizes the mode before passing it to the logic to check object sanity, which has hid broken tree objects from the checking logic. This has been corrected, but to help exiting projects with broken tree objects that they cannot fix retroactively, the severity of anomalies this code detects has been demoted to "info" for now. source: <YvQcNpizy9uOZiAz@coredump.intra.peff.net> * jk/fsck-tree-mode-bits-fix: fsck: downgrade tree badFilemode to "info" fsck: actually detect bad file modes in trees tree-walk: add a mechanism for getting non-canonicalized modes
2022-08-26Merge branch 'fc/vimdiff-layout-vimdiff3-fix' into maintJunio C Hamano
"vimdiff3" regression fix. source: <20220810154618.307275-1-felipe.contreras@gmail.com> * fc/vimdiff-layout-vimdiff3-fix: mergetools: vimdiff: simplify tabfirst mergetools: vimdiff: fix single window layouts mergetools: vimdiff: rework tab logic mergetools: vimdiff: fix for diffopt mergetools: vimdiff: silence annoying messages mergetools: vimdiff: make vimdiff3 actually work mergetools: vimdiff: fix comment
2022-08-26Merge branch 'js/safe-directory-plus' into maintJunio C Hamano
Platform-specific code that determines if a directory is OK to use as a repository has been taught to report more details, especially on Windows. source: <pull.1286.v2.git.1659965270.gitgitgadget@gmail.com> * js/safe-directory-plus: mingw: handle a file owned by the Administrators group correctly mingw: be more informative when ownership check fails on FAT32 mingw: provide details about unsafe directories' ownership setup: prepare for more detailed "dubious ownership" messages setup: fix some formatting
2022-08-26Merge branch 'pw/use-glibc-tunable-for-malloc-optim' into maintJunio C Hamano
Avoid repeatedly running getconf to ask libc version in the test suite, and instead just as it once per script. source: <pull.1311.git.1659620305757.gitgitgadget@gmail.com> * pw/use-glibc-tunable-for-malloc-optim: tests: cache glibc version check
2022-08-26Merge branch 'ab/hooks-regression-fix' into maintJunio C Hamano
A follow-up fix to a fix for a regression in 2.36. source: <patch-1.1-2450e3e65cf-20220805T141402Z-avarab@gmail.com> * ab/hooks-regression-fix: hook API: don't segfault on strbuf_addf() to NULL "out"
2022-08-26Merge branch 'gc/git-reflog-doc-markup' into maintJunio C Hamano
Doc mark-up fix. source: <pull.1304.git.git.1659387885711.gitgitgadget@gmail.com> * gc/git-reflog-doc-markup: Documentation/git-reflog: remove unneeded \ from \{
2022-08-26Merge branch 'js/ort-clean-up-after-failed-merge' into maintJunio C Hamano
Plug memory leaks in the failure code path in the "merge-ort" merge strategy backend. source: <pull.1307.v2.git.1659114727.gitgitgadget@gmail.com> * js/ort-clean-up-after-failed-merge: merge-ort: do leave trace2 region even if checkout fails merge-ort: clean up after failed merge
2022-08-26Merge branch 'jk/struct-zero-init-with-older-gcc' into maintJunio C Hamano
Older gcc with -Wall complains about the universal zero initializer "struct s = { 0 };" idiom, which makes developers' lives inconvenient (as -Werror is enabled by DEVELOPER=YesPlease). The build procedure has been tweaked to help these compilers. source: <YuQ60ZUPBHAVETD7@coredump.intra.peff.net> * jk/struct-zero-init-with-older-gcc: config.mak.dev: squelch -Wno-missing-braces for older gcc
2022-08-26Merge branch 'js/lstat-mingw-enotdir-fix' into maintJunio C Hamano
Fix to lstat() emulation on Windows. source: <pull.1291.v3.git.1659089152877.gitgitgadget@gmail.com> * js/lstat-mingw-enotdir-fix: lstat(mingw): correctly detect ENOTDIR scenarios
2022-08-26Merge branch 'js/mingw-with-python' into maintJunio C Hamano
Conditionally allow building Python interpreter on Windows source: <pull.1306.v2.git.1659109272.gitgitgadget@gmail.com> * js/mingw-with-python: mingw: remove unneeded `NO_CURL` directive mingw: remove unneeded `NO_GETTEXT` directive windows: include the Python bits when building Git for Windows
2022-08-26Merge branch 'ca/unignore-local-installation-on-windows' into maintJunio C Hamano
Fix build procedure for Windows that uses CMake so that it can pick up the shell interpreter from local installation location. source: <pull.1304.git.1658912756815.gitgitgadget@gmail.com> * ca/unignore-local-installation-on-windows: cmake: support local installations of git
2022-08-24ci: update 'static-analysis' to Ubuntu 22.04Derrick Stolee
GitHub Actions scheduled a brownout of Ubuntu 18.04, which canceled all runs of the 'static-analysis' job in our CI runs. Update to 22.04 to avoid this as the brownout later turns into a complete deprecation. The use of 18.04 was set in d051ed77ee6 (.github/workflows/main.yml: run static-analysis on bionic, 2021-02-08) due to the lack of Coccinelle being available on 20.04 (which continues today). Signed-off-by: Derrick Stolee <derrickstolee@github.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2022-08-24merge: only apply autostash when appropriateElijah Newren
If a merge failed and we are leaving conflicts in the working directory for the user to resolve, we should not attempt to apply any autostash. Further, if we fail to apply the autostash (because either the merge failed, or the user requested --no-commit), then we should instruct the user how to apply it later. Add a testcase verifying we have corrected this behavior. Signed-off-by: Elijah Newren <newren@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2022-08-24promisor-remote: fix xcalloc() argument orderSZEDER Gábor
Pass the number of elements first and their size second, as expected by xcalloc(). Patch generated with: make SPATCH_FLAGS=--recursive-includes contrib/coccinelle/xcalloc.cocci.patch Our default SPATCH_FLAGS ('--all-includes') doesn't catch this transformation by default, unless used in combination with a large-ish SPATCH_BATCH_SIZE which happens to put 'promisor-remote.c' with a file that includes 'repository.h' directly in the same batch. Signed-off-by: SZEDER Gábor <szeder.dev@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2022-08-22preload-index: fix memleakAnthony Delannoy
Fix a memory leak occuring in case of pathspec copy in preload_index. Direct leak of 8 byte(s) in 8 object(s) allocated from: #0 0x7f0a353ead47 in __interceptor_malloc (/usr/lib/gcc/x86_64-pc-linux-gnu/11.3.0/libasan.so.6+0xb5d47) #1 0x55750995e840 in do_xmalloc /home/anthony/src/c/git/wrapper.c:51 #2 0x55750995e840 in xmalloc /home/anthony/src/c/git/wrapper.c:72 #3 0x55750970f824 in copy_pathspec /home/anthony/src/c/git/pathspec.c:684 #4 0x557509717278 in preload_index /home/anthony/src/c/git/preload-index.c:135 #5 0x55750975f21e in refresh_index /home/anthony/src/c/git/read-cache.c:1633 #6 0x55750915b926 in cmd_status builtin/commit.c:1547 #7 0x5575090e1680 in run_builtin /home/anthony/src/c/git/git.c:466 #8 0x5575090e1680 in handle_builtin /home/anthony/src/c/git/git.c:720 #9 0x5575090e284a in run_argv /home/anthony/src/c/git/git.c:787 #10 0x5575090e284a in cmd_main /home/anthony/src/c/git/git.c:920 #11 0x5575090dbf82 in main /home/anthony/src/c/git/common-main.c:56 #12 0x7f0a348230ab (/lib64/libc.so.6+0x290ab) Signed-off-by: Anthony Delannoy <anthony.2lannoy@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2022-08-17pipe_command(): mark stdin descriptor as non-blockingJeff King
Our pipe_command() helper lets you both write to and read from a child process on its stdin/stdout. It's supposed to work without deadlocks because we use poll() to check when descriptors are ready for reading or writing. But there's a bug: if both the data to be written and the data to be read back exceed the pipe buffer, we'll deadlock. The issue is that the code assumes that if you have, say, a 2MB buffer to write and poll() tells you that the pipe descriptor is ready for writing, that calling: write(cmd->in, buf, 2*1024*1024); will do a partial write, filling the pipe buffer and then returning what it did write. And that is what it would do on a socket, but not for a pipe. When writing to a pipe, at least on Linux, it will block waiting for the child process to read() more. And now we have a potential deadlock, because the child may be writing back to us, waiting for us to read() ourselves. An easy way to trigger this is: git -c add.interactive.useBuiltin=true \ -c interactive.diffFilter=cat \ checkout -p HEAD~200 The diff against HEAD~200 will be big, and the filter wants to write all of it back to us (obviously this is a dummy filter, but in the real world something like diff-highlight would similarly stream back a big output). If you set add.interactive.useBuiltin to false, the problem goes away, because now we're not using pipe_command() anymore (instead, that part happens in perl). But this isn't a bug in the interactive code at all. It's the underlying pipe_command() code which is broken, and has been all along. We presumably didn't notice because most calls only do input _or_ output, not both. And the few that do both, like gpg calls, may have large inputs or outputs, but never both at the same time (e.g., consider signing, which has a large payload but a small signature comes back). The obvious fix is to put the descriptor into non-blocking mode, and indeed, that makes the problem go away. Callers shouldn't need to care, because they never see the descriptor (they hand us a buffer to feed into it). The included test fails reliably on Linux without this patch. Curiously, it doesn't fail in our Windows CI environment, but has been reported to do so for individual developers. It should pass in any environment after this patch (courtesy of the compat/ layers added in the last few commits). Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2022-08-17pipe_command(): handle ENOSPC when writing to a pipeJeff King
When write() to a non-blocking pipe fails because the buffer is full, POSIX says we should see EAGAIN. But our mingw_write() compat layer on Windows actually returns ENOSPC for this case. This is probably something we want to correct, but given that we don't plan to use non-blocking descriptors in a lot of places, we can work around it by just catching ENOSPC alongside EAGAIN. If we ever do fix mingw_write(), then this patch can be reverted. We don't actually use a non-blocking pipe yet, so this is still just preparation. Helped-by: René Scharfe <l.s.r@web.de> Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2022-08-17pipe_command(): avoid xwrite() for writing to pipeJeff King
If xwrite() sees an EAGAIN response, it will loop forever until the write succeeds (or encounters a real error). This is due to ef1cf0167a (xwrite: poll on non-blocking FDs, 2016-06-26), with the idea that we won't be surprised by a descriptor unexpectedly set as non-blocking. But that will make things awkward when we do want a non-blocking descriptor, and a future patch will switch pipe_command() to using one. In that case, looping on EAGAIN is bad, because the process on the other end of the pipe may be waiting on us before doing another read() on the pipe, which would mean we deadlock. In practice we're not supposed to ever see EAGAIN here, since poll() will have just told us the descriptor is ready for writing. But our Windows emulation of poll() will always return "ready" for writing to a pipe descriptor! This is due to 94f4d01932 (mingw: workaround for hangs when sending STDIN, 2020-02-17). Our best bet in that case is to keep handling other descriptors, as any read() we do may allow the child command to make forward progress (i.e., its write() finishes, and then it read()s from its stdin, freeing up space in the pipe buffer). This means we might busy-loop between poll() and write() on Windows if the child command is slow to read our input, but it's much better than the alternative of deadlocking. In practice, this busy-looping should be rare: - for small inputs, we'll just write the whole thing in a single write() anyway, non-blocking or not - for larger inputs where the child reads input and then processes it before writing (e.g., gpg verifying a signature), we may make a few extra write() calls that get EAGAIN during the initial write, but once it has taken in the whole input, we'll correctly block waiting to read back the data. - for larger inputs where the child process is streaming output back (like a diff filter), we'll likewise see some extra EAGAINs, but most of them will be followed immediately by a read(), which will let the child command make forward progress. Of course it won't happen at all for now, since we don't yet use a non-blocking pipe. This is just preparation for when we do. Helped-by: René Scharfe <l.s.r@web.de> Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2022-08-17git-compat-util: make MAX_IO_SIZE define globally availableJeff King
We define MAX_IO_SIZE within wrapper.c, but it's useful for any code that wants to do a raw write() for whatever reason (say, because they want different EAGAIN handling). Let's make it available everywhere. The alternative would be adding xwrite_foo() variants to give callers more options. But there's really no reason MAX_IO_SIZE needs to be abstracted away, so this give callers the most flexibility. Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2022-08-17nonblock: support WindowsRené Scharfe
Implement enable_pipe_nonblock() using the Windows API. This works only for pipes, but that is sufficient for this limited interface. Despite the API calls used, it handles both "named" and anonymous pipes from our pipe() emulation. Signed-off-by: René Scharfe <l.s.r@web.de> Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2022-08-17compat: add function to enable nonblocking pipesJeff King
We'd like to be able to make some of our pipes nonblocking so that poll() can be used effectively, but O_NONBLOCK isn't portable. Let's introduce a compat wrapper so this can be abstracted for each platform. The interface is as narrow as possible to let platforms do what's natural there (rather than having to implement fcntl() and a fake O_NONBLOCK for example, or having to handle other types of descriptors). The next commit will add Windows support, at which point we should be covering all platforms in practice. But if we do find some other platform without O_NONBLOCK, we'll return ENOSYS. Arguably we could just trigger a build-time #error in this case, which would catch the problem earlier. But since we're not planning to use this compat wrapper in many code paths, a seldom-seen runtime error may be friendlier for such a platform than blocking compilation completely. Our test suite would still notice it. Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2022-08-15is_promisor_object(): fix use-after-free of tree bufferJeff King
Since commit fcc07e980b (is_promisor_object(): free tree buffer after parsing, 2021-04-13), we'll always free the buffers attached to a "struct tree" after searching them for promisor links. But there's an important case where we don't want to do so: if somebody else is already using the tree! This can happen during a "rev-list --missing=allow-promisor" traversal in a partial clone that is missing one or more trees or blobs. The backtrace for the free looks like this: #1 free_tree_buffer tree.c:147 #2 add_promisor_object packfile.c:2250 #3 for_each_object_in_pack packfile.c:2190 #4 for_each_packed_object packfile.c:2215 #5 is_promisor_object packfile.c:2272 #6 finish_object__ma builtin/rev-list.c:245 #7 finish_object builtin/rev-list.c:261 #8 show_object builtin/rev-list.c:274 #9 process_blob list-objects.c:63 #10 process_tree_contents list-objects.c:145 #11 process_tree list-objects.c:201 #12 traverse_trees_and_blobs list-objects.c:344 [...] We're in the middle of walking through the entries of a tree object via process_tree_contents(). We see a blob (or it could even be another tree entry) that we don't have, so we call is_promisor_object() to check it. That function loops over all of the objects in the promisor packfile, including the tree we're currently walking. When we're done with it there, we free the tree buffer. But as we return to the walk in process_tree_contents(), it's still holding on to a pointer to that buffer, via its tree_desc iterator, and it accesses the freed memory. Even a trivial use of "--missing=allow-promisor" triggers this problem, as the included test demonstrates (it's just a vanilla --blob:none clone). We can detect this case by only freeing the tree buffer if it was allocated on our behalf. This is a little tricky since that happens inside parse_object(), and it doesn't tell us whether the object was already parsed, or whether it allocated the buffer itself. But by checking for an already-parsed tree beforehand, we can distinguish the two cases. That feels a little hacky, and does incur an extra lookup in the object-hash table. But that cost is fairly minimal compared to actually loading objects (and since we're iterating the whole pack here, we're likely to be loading most objects, rather than reusing cached results). It may also be a good direction for this function in general, as there are other possible optimizations that rely on doing some analysis before parsing: - we could detect blobs and avoid reading their contents; they can't link to other objects, but parse_object() doesn't know that we don't care about checking their hashes. - we could avoid allocating object structs entirely for most objects (since we really only need them in the oidset), which would save some memory. - promisor commits could use the commit-graph rather than loading the object from disk This commit doesn't do any of those optimizations, but I think it argues that this direction is reasonable, rather than relying on parse_object() and trying to teach it to give us more information about whether it parsed. The included test fails reliably under SANITIZE=address just when running "rev-list --missing=allow-promisor". Checking the output isn't strictly necessary to detect the bug, but it seems like a reasonable addition given the general lack of coverage for "allow-promisor" in the test suite. Reported-by: Andrew Olsen <andrew.olsen@koordinates.com> Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2022-08-11Git 2.37.2v2.37.2Junio C Hamano
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2022-08-11Merge branch 'jc/string-list-cleanup' into maintJunio C Hamano
Code clean-up. source: <xmqq7d471dns.fsf@gitster.g> * jc/string-list-cleanup: builtin/remote.c: use the right kind of STRING_LIST_INIT
2022-08-11Merge branch 'mt/pkt-line-comment-tweak' into maintJunio C Hamano
In-code comment clarification. source: <6a14443c101fa132498297af6d7a483520688d75.1658488203.git.matheus.bernardino@usp.br> * mt/pkt-line-comment-tweak: pkt-line.h: move comment closer to the associated code
2022-08-11Merge branch 'ma/t4200-update' into maintJunio C Hamano
Test fix. source: <20220718154322.2177166-1-martin.agren@gmail.com> * ma/t4200-update: t4200: drop irrelevant code
2022-08-11Merge branch 'tb/commit-graph-genv2-upgrade-fix' into maintJunio C Hamano
There was a bug in the codepath to upgrade generation information in commit-graph from v1 to v2 format, which has been corrected. source: <cover.1657667404.git.me@ttaylorr.com> * tb/commit-graph-genv2-upgrade-fix: commit-graph: fix corrupt upgrade from generation v1 to v2 commit-graph: introduce `repo_find_commit_pos_in_graph()` t5318: demonstrate commit-graph generation v2 corruption
2022-08-11Merge branch 'tk/untracked-cache-with-uall' into maintJunio C Hamano
Fix for a bug that makes write-tree to fail to write out a non-existent index as a tree, introduced in 2.37. source: <20220722212232.833188-1-martin.agren@gmail.com> * tk/untracked-cache-with-uall: read-cache: make `do_read_index()` always set up `istate->repo`
2022-08-11Merge branch 'mt/checkout-count-fix' into maintJunio C Hamano
"git checkout" miscounted the paths it updated, which has been corrected. source: <cover.1657799213.git.matheus.bernardino@usp.br> * mt/checkout-count-fix: checkout: fix two bugs on the final count of updated entries checkout: show bug about failed entries being included in final report checkout: document bug where delayed checkout counts entries twice
2022-08-11Merge branch 'cl/rerere-train-with-no-sign' into maintJunio C Hamano
"rerere-train" script (in contrib/) used to honor commit.gpgSign while recreating the throw-away merges. source: <PH7PR14MB5594A27B9295E95ACA4D6A69CE8F9@PH7PR14MB5594.namprd14.prod.outlook.com> * cl/rerere-train-with-no-sign: contrib/rerere-train: avoid useless gpg sign in training
2022-08-11Merge branch 'kk/p4-client-name-encoding-fix' into maintJunio C Hamano
"git p4" did not handle non-ASCII client name well, which has been corrected. source: <pull.1285.v3.git.git.1658394440.gitgitgadget@gmail.com> * kk/p4-client-name-encoding-fix: git-p4: refactoring of p4CmdList() git-p4: fix bug with encoding of p4 client name
2022-08-11Merge branch 'mb/p4-utf16-crlf' into maintJunio C Hamano
"git p4" working on UTF-16 files on Windows did not implement CRLF-to-LF conversion correctly, which has been corrected. source: <pull.1294.v2.git.git.1658341065221.gitgitgadget@gmail.com> * mb/p4-utf16-crlf: git-p4: fix CR LF handling for utf16 files
2022-08-11Merge branch 'hx/lookup-commit-in-graph-fix' into maintJunio C Hamano
A corner case bug where lazily fetching objects from a promisor remote resulted in infinite recursion has been corrected. source: <cover.1656593279.git.hanxin.hx@bytedance.com> * hx/lookup-commit-in-graph-fix: t5330: remove run_with_limited_processses() commit-graph.c: no lazy fetch in lookup_commit_in_graph()
2022-08-11Merge branch 'jc/resolve-undo' into maintJunio C Hamano
The resolve-undo information in the index was not protected against GC, which has been corrected. source: <xmqq35f7kzad.fsf@gitster.g> * jc/resolve-undo: fsck: do not dereference NULL while checking resolve-undo data revision: mark blobs needed for resolve-undo as reachable
2022-08-10fsck: downgrade tree badFilemode to "info"Jeff King
The previous commit un-broke the "badFileMode" check; before then it was literally testing nothing. And as far as I can tell, it has been so since the very initial version of fsck. The current severity of "badFileMode" is just "warning". But in the --strict mode used by transfer.fsckObjects, that is elevated to an error. This will potentially cause hassle for users, because historical objects with bad modes will suddenly start causing pushes to many server operators to be rejected. At the same time, these bogus modes aren't actually a big risk. Because we canonicalize them everywhere besides fsck, they can't cause too much mischief in the real world. The worst thing you can do is end up with two almost-identical trees that have different hashes but are interpreted the same. That will generally cause things to be inefficient rather than wrong, and is a bug somebody working on a Git implementation would want to fix, but probably not worth inconveniencing users by refusing to push or fetch. So let's downgrade this to "info" by default, which is our setting for "mention this when fscking, but don't ever reject, even under strict mode". If somebody really wants to be paranoid, they can still adjust the level using config. Suggested-by: Xavier Morel <xavier.morel@masklinn.net> Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2022-08-10fsck: actually detect bad file modes in treesJeff King
We use the normal tree_desc code to iterate over trees in fsck, meaning we only see the canonicalized modes it returns. And hence we'd never see anything unexpected, since it will coerce literally any garbage into one of our normal and accepted modes. We can use the new RAW_MODES flag to see the real modes, and then use the existing code to actually analyze them. The existing code is written as allow-known-good, so there's not much point in testing a variety of breakages. The one tested here should be S_IFREG but with nonsense permissions. Do note that the error-reporting here isn't great. We don't mention the specific bad mode, but just that the tree has one or more broken modes. But when you go to look at it with "git ls-tree", we'll report the canonicalized mode! This isn't ideal, but given that this should come up rarely, and that any number of other tree corruptions might force you into looking at the binary bytes via "cat-file", it's not the end of the world. And it's something we can improve on top later if we choose. Reported-by: Xavier Morel <xavier.morel@masklinn.net> Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2022-08-10tree-walk: add a mechanism for getting non-canonicalized modesJeff King
When using init_tree_desc() and tree_entry() to iterate over a tree, we always canonicalize the modes coming out of the tree. This is a good thing to prevent bugs or oddities in normal code paths, but it's counter-productive for tools like fsck that want to see the exact contents. We can address this by adding an option to avoid the extra canonicalization. A few notes on the implementation: - I've attached the new option to the tree_desc struct itself. The actual code change is in decode_tree_entry(), which is in turn called by the public update_tree_entry(), tree_entry(), and init_tree_desc() functions, plus their "gently" counterparts. By letting it ride along in the struct, we can avoid changing the signature of those functions, which are called many times. Plus it's conceptually simpler: you really want a particular iteration of a tree to be "raw" or not, rather than individual calls. - We still have to set the new option somewhere. The struct is initialized by init_tree_desc(). I added the new flags field only to the "gently" version. That avoids disturbing the much more numerous non-gentle callers, and it makes sense that anybody being careful about looking at raw modes would also be careful about bogus trees (i.e., the caller will be something like fsck in the first place). Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2022-08-10mergetools: vimdiff: simplify tabfirstFelipe Contreras
If we wrap the tabdo command there's no need for a separate command call. Signed-off-by: Felipe Contreras <felipe.contreras@gmail.com> Reviewed-by: Fernando Ramos <greenfoo@u92.eu> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2022-08-10mergetools: vimdiff: fix single window layoutsFelipe Contreras
Layouts with a single window other than "MERGED" do not work (e.g. "LOCAL" or "MERGED+LOCAL"). This is because as the documentation of bufdo says: The last buffer (or where an error occurred) becomes the current buffer. And we do always do bufdo the end. Additionally, we do it only once, when it should be per tab. Fix this by doing it once per tab right after it's created and before any buffer is switched. Cc: Fernando Ramos <greenfoo@u92.eu> Signed-off-by: Felipe Contreras <felipe.contreras@gmail.com> Reviewed-by: Fernando Ramos <greenfoo@u92.eu> Signed-off-by: Junio C Hamano <gitster@pobox.com>