path: root/abspath.c
AgeCommit message (Collapse)Author
2020-03-10real_path_if_valid(): remove unsafe APIAlexandr Miloslavskiy
This commit continues the work started with previous commit. Signed-off-by: Alexandr Miloslavskiy <> Signed-off-by: Junio C Hamano <>
2020-03-10real_path: remove unsafe APIAlexandr Miloslavskiy
Returning a shared buffer invites very subtle bugs due to reentrancy or multi-threading, as demonstrated by the previous patch. There was an unfinished effort to abolish this [1]. Let's finally rid of `real_path()`, using `strbuf_realpath()` instead. This patch uses a local `strbuf` for most places where `real_path()` was previously called. However, two places return the value of `real_path()` to the caller. For them, a `static` local `strbuf` was added, effectively pushing the problem one level higher: read_gitfile_gently() get_superproject_working_tree() [1] Signed-off-by: Alexandr Miloslavskiy <> Signed-off-by: Junio C Hamano <>
2017-09-27real_path: clarify return value ownershipHan-Wen Nienhuys
Signed-off-by: Han-Wen Nienhuys <> Signed-off-by: Junio C Hamano <>
2017-06-27Spelling fixesVille Skyttä
Signed-off-by: Ville Skyttä <> Signed-off-by: Junio C Hamano <>
2017-03-21prefix_filename: simplify windows #ifdefJeff King
The prefix_filename function used to do an early return when there was no prefix on non-Windows platforms, but always allocated on Windows so that it could call convert_slashes(). Now that the function always allocates, we can unify the logic and make convert_slashes() the only conditional part. Signed-off-by: Jeff King <> Signed-off-by: Junio C Hamano <>
2017-03-21prefix_filename: return newly allocated stringJeff King
The prefix_filename() function returns a pointer to static storage, which makes it easy to use dangerously. We already fixed one buggy caller in hash-object recently, and the calls in apply.c are suspicious (I didn't dig in enough to confirm that there is a bug, but we call the function once in apply_all_patches() and then again indirectly from parse_chunk()). Let's make it harder to get wrong by allocating the return value. For simplicity, we'll do this even when the prefix is empty (and we could just return the original file pointer). That will cause us to allocate sometimes when we wouldn't otherwise need to, but this function isn't called in performance critical code-paths (and it already _might_ allocate on any given call, so a caller that cares about performance is questionable anyway). The downside is that the callers need to remember to free() the result to avoid leaking. Most of them already used xstrdup() on the result, so we know they are OK. The remainder have been converted to use free() as appropriate. I considered retaining a prefix_filename_unsafe() for cases where we know the static lifetime is OK (and handling the cleanup is awkward). This is only a handful of cases, though, and it's not worth the mental energy in worrying about whether the "unsafe" variant is OK to use in any situation. Signed-off-by: Jeff King <> Signed-off-by: Junio C Hamano <>
2017-03-21prefix_filename: drop length parameterJeff King
This function takes the prefix as a ptr/len pair, but in every caller the length is exactly strlen(ptr). Let's simplify the interface and just take the string. This saves callers specifying it (and in some cases handling a NULL prefix). In a handful of cases we had the length already without calling strlen, so this is technically slower. But it's not likely to matter (after all, if the prefix is non-empty we'll allocate and copy it into a buffer anyway). Signed-off-by: Jeff King <> Signed-off-by: Junio C Hamano <>
2017-03-21prefix_filename: move docstring to header fileJeff King
This is a public function, so we should make its documentation available near the declaration. While we're at it, we can give a few details about how it works. Signed-off-by: Jeff King <> Signed-off-by: Junio C Hamano <>
2017-03-08real_pathdup(): fix callsites that wanted it to die on errorJohannes Schindelin
In 4ac9006f832 (real_path: have callers use real_pathdup and strbuf_realpath, 2016-12-12), we changed the xstrdup(real_path()) pattern to use real_pathdup() directly. The problem with this change is that real_path() calls strbuf_realpath() with die_on_error = 1 while real_pathdup() calls it with die_on_error = 0. Meaning that in cases where real_path() causes Git to die() with an error message, real_pathdup() is silent and returns NULL instead. The callers, however, are ill-prepared for that change, as they expect the return value to be non-NULL (and otherwise the function died with an appropriate error message). Fix this by extending real_pathdup()'s signature to accept the die_on_error flag and simply pass it through to strbuf_realpath(), and then adjust all callers after a careful audit whether they would handle NULLs well. Signed-off-by: Johannes Schindelin <> Signed-off-by: Junio C Hamano <>
2017-02-02Merge branch 'rs/absolute-pathdup'Junio C Hamano
Code cleanup. * rs/absolute-pathdup: use absolute_pathdup() abspath: add absolute_pathdup()
2017-01-26abspath: add absolute_pathdup()René Scharfe
Add a function that returns a buffer containing the absolute path of its argument and a semantic patch for its intended use. It avoids an extra string copy to a static buffer. Signed-off-by: Rene Scharfe <> Signed-off-by: Junio C Hamano <>
2017-01-09real_path: set errno when max number of symlinks is exceededBrandon Williams
Set errno to ELOOP when the maximum number of symlinks is exceeded, as would be done by other symlink-resolving functions. Signed-off-by: Brandon Williams <> Signed-off-by: Junio C Hamano <>
2017-01-09real_path: prevent redefinition of MAXSYMLINKSBrandon Williams
The macro 'MAXSYMLINKS' is already defined on macOS and Linux in <sys/param.h>. If 'MAXSYMLINKS' has already been defined, use the value defined by the OS otherwise default to a value of 32 which is more inline with what is allowed by many systems. Signed-off-by: Brandon Williams <> Signed-off-by: Junio C Hamano <>
2016-12-22real_path: canonicalize directory separators in root partsJohannes Sixt
When an absolute path is resolved, resolution begins at the first path component after the root part. The root part is just copied verbatim, because it must not be inspected for symbolic links. For POSIX paths, this is just the initial slash, but on Windows, the root part has the forms c:\ or \\server\share. We do want to canonicalize the back-slashes in the root part because these parts are compared to the result of getcwd(), which does return a fully canonicalized path. Factor out a helper that splits off the root part, and have it canonicalize the copied part. This change was prompted because caught a breakage in GIT_CEILING_DIRECTORIES handling on Windows. Signed-off-by: Johannes Sixt <> Acked-by: Brandon Williams <> Signed-off-by: Junio C Hamano <>
2016-12-12real_path: create real_pathdupBrandon Williams
Create real_pathdup which returns a caller owned string of the resolved realpath based on the provide path. Signed-off-by: Brandon Williams <> Signed-off-by: Junio C Hamano <>
2016-12-12real_path: convert real_path_internal to strbuf_realpathBrandon Williams
Change the name of real_path_internal to strbuf_realpath. In addition push the static strbuf up to its callers and instead take as a parameter a pointer to a strbuf to use for the final result. This change makes strbuf_realpath reentrant. Signed-off-by: Brandon Williams <> Signed-off-by: Junio C Hamano <>
2016-12-12real_path: resolve symlinks by handBrandon Williams
The current implementation of real_path uses chdir() in order to resolve symlinks. Unfortunately this isn't thread-safe as chdir() affects a process as a whole and not just an individual thread. Instead perform the symlink resolution by hand so that the calls to chdir() can be removed, making real_path one step closer to being reentrant. Signed-off-by: Brandon Williams <> Signed-off-by: Junio C Hamano <>
2016-04-05Windows: shorten code by re-using convert_slashes()Johannes Sixt
Make a few more spots more readable by using the recently introduced, Windows-specific helper. Signed-off-by: Johannes Sixt <> Acked-by: Johannes Schindelin <> Signed-off-by: Junio C Hamano <>
2014-08-26abspath: convert absolute_path() to strbufRené Scharfe
Move most of the code of absolute_path() into the new function strbuf_add_absolute_path() and in the process transform it to use struct strbuf and xgetcwd() instead of a PATH_MAX-sized buffer, which can be too small on some file systems. Signed-off-by: Rene Scharfe <> Signed-off-by: Junio C Hamano <>
2014-08-26abspath: convert real_path_internal() to strbufRené Scharfe
Use strbuf instead of fixed-sized buffers in real_path() in order to avoid the size limitations of the latter. Signed-off-by: Rene Scharfe <> Signed-off-by: Junio C Hamano <>
2014-08-26abspath: use strbuf_getcwd() to remember original working directoryRené Scharfe
Store the original working directory in a strbuf instead of in a fixed-sized buffer, in order to be able to handle longer paths. Signed-off-by: Rene Scharfe <> Signed-off-by: Junio C Hamano <>
2014-01-10Merge branch 'ap/path-max'Junio C Hamano
* ap/path-max: Prevent buffer overflows when path is too long
2013-12-16Prevent buffer overflows when path is too longAntoine Pelisse
Some buffers created with PATH_MAX length are not checked when being written, and can overflow if PATH_MAX is not big enough to hold the path. Replace those buffers by strbufs so that their size is automatically grown if necessary. They are created as static local variables to avoid reallocating memory on each call. Note that prefix_filename() returns this static buffer so each callers should copy or use the string immediately (this is currently true). Reported-by: Wataru Noguchi <> Signed-off-by: Antoine Pelisse <> Signed-off-by: Junio C Hamano <>
2013-12-09abspath: trivial style fixFelipe Contreras
Signed-off-by: Felipe Contreras <> Signed-off-by: Junio C Hamano <>
2013-10-16abspath.c: have SP around arithmetic operatorsJunio C Hamano
Signed-off-by: Junio C Hamano <>
2013-05-08mingw: rename WIN32 cpp macro to GIT_WINDOWS_NATIVEJonathan Nieder
Throughout git, it is assumed that the WIN32 preprocessor symbol is defined on native Windows setups (mingw and msvc) and not on Cygwin. On Cygwin, most of the time git can pretend this is just another Unix machine, and Windows-specific magic is generally counterproductive. Unfortunately Cygwin *does* define the WIN32 symbol in some headers. Best to rely on a new git-specific symbol GIT_WINDOWS_NATIVE instead, defined as follows: #if defined(WIN32) && !defined(__CYGWIN__) # define GIT_WINDOWS_NATIVE #endif After this change, it should be possible to drop the CYGWIN_V15_WIN32API setting without any negative effect. [rj: %s/WINDOWS_NATIVE/GIT_WINDOWS_NATIVE/g ] Signed-off-by: Jonathan Nieder <> Signed-off-by: Ramsay Jones <> Signed-off-by: Junio C Hamano <>
2012-10-29Introduce new function real_path_if_valid()Michael Haggerty
The function is like real_path(), except that it returns NULL on error instead of dying. Signed-off-by: Michael Haggerty <> Signed-off-by: Jeff King <>
2012-10-29real_path_internal(): add comment explaining use of cwdMichael Haggerty
Signed-off-by: Michael Haggerty <> Signed-off-by: Jeff King <>
2012-10-29Introduce new static function real_path_internal()Michael Haggerty
It accepts a new parameter, die_on_error. If die_on_error is false, it simply cleans up after itself and returns NULL rather than dying. Signed-off-by: Michael Haggerty <> Signed-off-by: Jeff King <>
2012-09-06real_path(): properly handle nonexistent top-level pathsMichael Haggerty
The change has two points: 1. Do not strip off a leading slash, because that erroneously turns an absolute path into a relative path. 2. Do not remove slashes from groups of multiple slashes; instead let chdir() handle them. It could be, for example, that it wants to leave leading double-slashes alone. Signed-off-by: Michael Haggerty <> Signed-off-by: Junio C Hamano <>
2012-09-06real_path(): reject the empty stringMichael Haggerty
Signed-off-by: Michael Haggerty <> Signed-off-by: Junio C Hamano <>
2012-09-06absolute_path(): reject the empty stringMichael Haggerty
Signed-off-by: Michael Haggerty <> Signed-off-by: Junio C Hamano <>
2011-08-11Reduce parse-options.o dependenciesDmitry Ivankov
Currently parse-options.o pulls quite a big bunch of dependencies. his complicates it's usage in contrib/ because it pulls external dependencies and it also increases executables size. Split off less generic and more internal to git part of parse-options.c to parse-options-cb.c. Move prefix_filename function from setup.c to abspath.c. abspath.o and wrapper.o pull each other, so it's unlikely to increase the dependencies. It was a dependency of parse-options.o that pulled many others. Now parse-options.o pulls just abspath.o, ctype.o, strbuf.o, usage.o, wrapper.o, libc directly and strlcpy.o indirectly. Signed-off-by: Dmitry Ivankov <> Signed-off-by: Junio C Hamano <>
2011-07-22Merge branch 'js/maint-add-path-stat-pwd'Junio C Hamano
* js/maint-add-path-stat-pwd: get_pwd_cwd(): Do not trust st_dev/st_ino blindly
2011-07-11get_pwd_cwd(): Do not trust st_dev/st_ino blindlyJohannes Schindelin
10c4c88 (Allow add_path() to add non-existent directories to the path, 2008-07-21) introduced get_pwd_cwd() function in order to favor $PWD when getenv("PWD") and getcwd() refer to the same directory but are different strings (e.g. the former gives a nicer looking name via a symbolic link to an uglier looking automounted path). The function tried to determine if two directories are the same by running stat(2) on both and comparing ino/dev fields. Unfortunately, stat() does not fill any ino or dev fields in msysgit. But there is a telltale: both ino and dev are 0 when they are not filled correctly, so let's be extra cautious. This happens to fix a bug in "get-receive-pack working_directory/" when the GIT_DIR would not be set correctly due to absolute_path(".") returning the wrong value. Signed-off-by: Johannes Schindelin <> Acked-by: Johannes Sixt <> Signed-off-by: Junio C Hamano <>
2011-06-30Merge branch 'ef/maint-win-verify-path'Junio C Hamano
* ef/maint-win-verify-path: verify_dotfile(): do not assume '/' is the path seperator verify_path(): simplify check at the directory boundary verify_path: consider dos drive prefix real_path: do not assume '/' is the path seperator A Windows path starting with a backslash is absolute
2011-05-27real_path: do not assume '/' is the path seperatorTheo Niessink
real_path currently assumes it's input had '/' as path seperator. This assumption does not hold true for the code-path from prefix_path (on Windows), where real_path can be called before normalize_path_copy. Fix real_path so it doesn't make this assumption. Create a helper function to reverse-search for the last path-seperator in a string. Signed-off-by: Theo Niessink <> Signed-off-by: Erik Faye-Lund <> Signed-off-by: Junio C Hamano <>
2011-03-17Name make_*_path functions more accuratelyCarlos Martín Nieto
Rename the make_*_path functions so it's clearer what they do, in particlar make clear what the differnce between make_absolute_path and make_nonrelative_path is by renaming them real_path and absolute_path respectively. make_relative_path has an understandable name and is renamed to relative_path to maintain the name convention. The function calls have been replaced 1-to-1 in their usage. Signed-off-by: Carlos Martín Nieto <> Signed-off-by: Junio C Hamano <>
2011-03-16make_absolute_path: return the input path if it points to our bufferCarlos Martín Nieto
Some codepaths call make_absolute_path with its own return value as input. In such a cases, return the path immediately. This fixes a valgrind-discovered error, whereby we tried to copy a string onto itself. Signed-off-by: Carlos Martín Nieto <> Signed-off-by: Junio C Hamano <>
2010-10-03Fix 'clone' failure at DOS root directory.Eric Sunshine
Cloning via relative path fails for a project residing immediately under the root directory of a DOS drive. For instance, for project c:/foo, issuing "cd c:/" followed by "git clone foo bar" fails with error "Unable to find remote helper for 'c'". The problem is caused by make_nonrelative_path() incorrectly returning c://foo rather than c:/foo for input "foo". The bogus path c://foo is misinterpreted by transport_get() as a URL with unrecognized protocol "c", hence the missing remote helper error. Fix make_nonrelative_path() to return c:/foo rather than c://foo (and /foo rather than //foo on Unix). Resolves msysgit issue #501 [1] [PT: squashed in changes requested by Junio [2][3]] [1] [2] [3] Acked-by: Johannes Sixt <> Signed-off-by: Eric Sunshine <> Signed-off-by: Pat Thoyts <> Signed-off-by: Johannes Schindelin <>
2010-02-14make_absolute_path(): Do not append redundant slashNguyễn Thái Ngọc Duy
When concatenating two paths, if the first one already have '/', do not put another '/' in between the two paths. Usually this is not the case as getcwd() won't return '/foo/bar/', except when you are standing at root, then it will return '/'. Signed-off-by: Nguyễn Thái Ngọc Duy <> Signed-off-by: Junio C Hamano <>
2009-08-27abspath.c: move declaration of 'len' into inner block and use appropriate typeBrandon Casey
The 'len' variable was declared at the beginning of the make_absolute_path function and also in an inner 'if' block which masked the outer declaration. It is only used in two 'if' blocks, so remove the outer declaration and make a new declaration inside the other 'if' block that uses 'len'. Signed-off-by: Brandon Casey <> Signed-off-by: Junio C Hamano <>
2009-06-27Use die_errno() instead of die() when checking syscallsThomas Rast
Lots of die() calls did not actually report the kind of error, which can leave the user confused as to the real problem. Use die_errno() where we check a system/library call that sets errno on failure, or one of the following that wrap such calls: Function Passes on error from -------- -------------------- odb_pack_keep open read_ancestry fopen read_in_full xread strbuf_read xread strbuf_read_file open or strbuf_read_file strbuf_readlink readlink write_in_full xwrite Signed-off-by: Thomas Rast <> Signed-off-by: Junio C Hamano <>
2008-12-17make_absolute_path(): check bounds when seeing an overlong symlinkJunio C Hamano
Signed-off-by: Junio C Hamano <> Acked-by: Linus Torvalds <>
2008-09-09is_directory(): a generic helper functionJunio C Hamano
A simple "grep -e stat --and -e S_ISDIR" revealed there are many open-coded implementations of this function. Signed-off-by: Junio C Hamano <>
2008-07-26Allow add_path() to add non-existent directories to the pathJohannes Sixt
This function had used make_absolute_path(); but this function dies if the directory that contains the entry whose relative path was supplied in the argument does not exist. This is a problem if the argument is, for example, "../libexec/git-core", and that "../libexec" does not exist. Since the resolution of symbolic links is not required for elements in PATH, we can fall back to using make_nonrelative_path(), which simply prepends $PWD to the path. We have to move make_nonrelative_path() alongside make_absolute_path() in abspath.c so that git-shell can be linked. See 5b8e6f85f. Signed-off-by: Johannes Sixt <> Signed-off-by: Junio C Hamano <>
2008-06-28shrink git-shell by avoiding redundant dependenciesDmitry Potapov
A lot of modules that have nothing to do with git-shell functionality were linked in, bloating git-shell more than 8 times. This patch cuts off redundant dependencies by: 1. providing stubs for three functions that make no sense for git-shell; 2. moving quote_path_fully from environment.c to quote.c to make the later self sufficient; 3. moving make_absolute_path into a new separate file. The following numbers have been received with the default optimization settings on master using GCC 4.1.2: Before: text data bss dec hex filename 143915 1348 93168 238431 3a35f git-shell After: text data bss dec hex filename 17670 788 8232 26690 6842 git-shell Signed-off-by: Junio C Hamano <>