path: root/builtin
AgeCommit message (Collapse)Author
2017-06-15config: don't include config.h by defaultBrandon Williams
Stop including config.h by default in cache.h. Instead only include config.h in those files which require use of the config system. Signed-off-by: Brandon Williams <> Signed-off-by: Junio C Hamano <>
2017-05-04Merge branch 'ja/i18n-cleanup'Junio C Hamano
* ja/i18n-cleanup: i18n: read-cache: typofix i18n: remove i18n from tag reflog message
2017-05-01Merge branch 'jk/submodule-init-segv-fix'Junio C Hamano
Fix a segv in 'submodule init' when url is not given for a submodule. * jk/submodule-init-segv-fix: submodule_init: die cleanly on submodules without url defined
2017-05-01i18n: remove i18n from tag reflog messageJean-Noel Avila
The building of the reflog message is using strbuf, which is not friendly with internationalization frameworks. No other reflog messages are translated right now and switching all the messages to i18n would require a major rework of the way the messages are built. Signed-off-by: Jean-Noel Avila <> Signed-off-by: Junio C Hamano <>
2017-04-26Merge branch 'nd/worktree-add-lock'Junio C Hamano
Allow to lock a worktree immediately after it's created. This helps prevent a race between "git worktree add; git worktree lock" and "git worktree prune". * nd/worktree-add-lock: worktree add: add --lock option
2017-04-26Merge branch 'jk/war-on-git-path'Junio C Hamano
While handy, "git_path()" is a dangerous function to use as a callsite that uses it safely one day can be broken by changes to other code that calls it. Reduction of its use continues. * jk/war-on-git-path: am: drop "dir" parameter from am_state_init replace strbuf_addstr(git_path()) with git_path_buf() replace xstrdup(git_path(...)) with git_pathdup(...) use git_path_* helper functions branch: add edit_description() helper bisect: add git_path_bisect_terms helper
2017-04-26Merge branch 'nd/conditional-config-in-early-config'Junio C Hamano
The recently introduced conditional inclusion of configuration did not work well when early-config mechanism was involved. * nd/conditional-config-in-early-config: config: correct file reading order in read_early_config() config: handle conditional include when $GIT_DIR is not set up config: prepare to pass more info in git_config_with_options()
2017-04-26Merge branch 'gb/rebase-signoff'Junio C Hamano
"git rebase" learns "--signoff" option. * gb/rebase-signoff: rebase: pass --[no-]signoff option to git am builtin/am: fold am_signoff() into am_append_signoff() builtin/am: honor --signoff also when --rebasing
2017-04-25submodule_init: die cleanly on submodules without url definedJeff King
When we init a submodule, we try to die when it has no URL defined: url = xstrdup(sub->url); if (!url) die(...); But that's clearly nonsense. xstrdup() will never return NULL, and if sub->url is NULL, we'll segfault. These two bits of code need to be flipped, so we check sub->url before looking at it. Signed-off-by: Jeff King <> Signed-off-by: Junio C Hamano <>
2017-04-24Merge branch 'dt/xgethostname-nul-termination'Junio C Hamano
gethostname(2) may not NUL terminate the buffer if hostname does not fit; unfortunately there is no easy way to see if our buffer was too small, but at least this will make sure we will not end up using garbage past the end of the buffer. * dt/xgethostname-nul-termination: xgethostname: handle long hostnames use HOST_NAME_MAX to size buffers for gethostname(2)
2017-04-24Merge branch 'jk/ls-files-recurse-submodules-fix'Junio C Hamano
"ls-files --recurse-submodules" did not quite work well in a project with nested submodules. * jk/ls-files-recurse-submodules-fix: ls-files: fix path used when recursing into submodules ls-files: fix recurse-submodules with nested submodules
2017-04-24Merge branch 'rs/misc-cppcheck-fixes'Junio C Hamano
Various small fixes. * rs/misc-cppcheck-fixes: server-info: avoid calling fclose(3) twice in update_info_file() files_for_each_reflog_ent_reverse(): close stream and free strbuf on error am: close stream on error, but not stdin
2017-04-24Merge branch 'jk/snprintf-cleanups'Junio C Hamano
Hotfix for a topic that is already in 'master'. * jk/snprintf-cleanups: replace: plug a memory leak
2017-04-24Merge branch 'jk/quarantine-received-objects'Junio C Hamano
Add finishing touches to a recent topic. * jk/quarantine-received-objects: refs: reject ref updates while GIT_QUARANTINE_PATH is set receive-pack: document user-visible quarantine effects receive-pack: drop tmp_objdir_env from run_update_hook
2017-04-24Merge branch 'jh/verify-index-checksum-only-in-fsck'Junio C Hamano
The index file has a trailing SHA-1 checksum to detect file corruption, and historically we checked it every time the index file is used. Omit the validation during normal use, and instead verify only in "git fsck". * jh/verify-index-checksum-only-in-fsck: read-cache: force_verify_index_checksum
2017-04-24Merge branch 'nd/conditional-config-include'Junio C Hamano
$GIT_DIR may in some cases be normalized with all symlinks resolved while "gitdir" path expansion in the pattern does not receive the same treatment, leading to incorrect mismatch. This has been fixed. * nd/conditional-config-include: config: resolve symlinks in conditional include's patterns path.c: and an option to call real_path() in expand_user_path()
2017-04-21am: drop "dir" parameter from am_state_initJeff King
The only caller of this function passes in a static buffer returned from git_path(). This looks dangerous at first glance, but turns out to be OK because the first thing we do is xstrdup() the result. Let's turn this into a git_pathdup(). That's slightly more efficient (no extra copy), and makes it easier to audit for dangerous git_path() invocations. Since there's only a single caller, let's just set this default path inside the init function. That makes the memory ownership clear. Signed-off-by: Jeff King <> Signed-off-by: Junio C Hamano <>
2017-04-21replace strbuf_addstr(git_path()) with git_path_buf()Jeff King
Writing directly into the strbuf avoids a useless copy of the data, and dropping calls to git_path() makes it easier to audit for dangerous calls. Note that git_path() does an implicit strbuf_reset(), but in each of these cases we were either already doing that reset, or writing into a fresh strbuf anyway. Signed-off-by: Jeff King <> Signed-off-by: Junio C Hamano <>
2017-04-21replace xstrdup(git_path(...)) with git_pathdup(...)Jeff King
It's more efficient to use git_pathdup(), as it skips an extra copy of the path. And by removing some calls to git_path(), it makes it easier to audit for dangerous uses. Signed-off-by: Jeff King <> Signed-off-by: Junio C Hamano <>
2017-04-21use git_path_* helper functionsJeff King
Long ago we added functions like git_path_merge_msg() to replace the more dangerous git_path("MERGE_MSG"). Over time some new calls to the latter have crept it. Let's convert them to use the safer form. Signed-off-by: Jeff King <> Signed-off-by: Junio C Hamano <>
2017-04-21branch: add edit_description() helperJeff King
Rather than have a variable with a short name that is fed to git_path(), let's add a helper function that returns the full path. This avoids the dangerous git_path() function. Signed-off-by: Jeff King <> Signed-off-by: Junio C Hamano <>
2017-04-21worktree add: add --lock optionNguyễn Thái Ngọc Duy
As explained in the document. This option has an advantage over the command sequence "git worktree add && git worktree lock": there will be no gap that somebody can accidentally "prune" the new worktree (or soon, explicitly "worktree remove" it). "worktree add" does keep a lock on while it's preparing the worktree. If --lock is specified, this lock remains after the worktree is created. Suggested-by: David Taylor <> Signed-off-by: Nguyễn Thái Ngọc Duy <> Helped-by: Jeff King <> Signed-off-by: Junio C Hamano <>
2017-04-20Merge branch 'ab/grep-plug-pathspec-leak'Junio C Hamano
Call clear_pathspec() to release resources immediately before the cmd_grep() function returns. * ab/grep-plug-pathspec-leak: grep: plug a trivial memory leak
2017-04-20Merge branch 'nd/files-backend-git-dir'Junio C Hamano
The "submodule" specific field in the ref_store structure is replaced with a more generic "gitdir" that can later be used also when dealing with ref_store that represents the set of refs visible from the other worktrees. * nd/files-backend-git-dir: (28 commits) refs.h: add a note about sorting order of for_each_ref_* t1406: new tests for submodule ref store t1405: some basic tests on main ref store t/helper: add test-ref-store to test ref-store functions refs: delete pack_refs() in favor of refs_pack_refs() files-backend: avoid ref api targeting main ref store refs: new transaction related ref-store api refs: add new ref-store api refs: rename get_ref_store() to get_submodule_ref_store() and make it public files-backend: replace submodule_allowed check in files_downcast() refs: move submodule code out of files-backend.c path.c: move some code out of strbuf_git_path_submodule() refs.c: make get_main_ref_store() public and use it refs.c: kill register_ref_store(), add register_submodule_ref_store() refs.c: flatten get_ref_store() a bit refs: rename lookup_ref_store() to lookup_submodule_ref_store() refs.c: introduce get_main_ref_store() files-backend: remove the use of git_path() files-backend: add and use files_ref_path() files-backend: add and use files_reflog_path() ...
2017-04-20Merge branch 'bw/submodule-is-active'Junio C Hamano
Error message fix. * bw/submodule-is-active: submodule--helper: fix typo in is_active error message
2017-04-20Merge branch 'bw/push-options-recursively-to-submodules'Junio C Hamano
"git push --recurse-submodules --push-option=<string>" learned to propagate the push option recursively down to pushes in submodules. * bw/push-options-recursively-to-submodules: push: propagate remote and refspec with --recurse-submodules submodule--helper: add push-check subcommand remote: expose parse_push_refspec function push: propagate push-options with --recurse-submodules push: unmark a local variable as static
2017-04-20Merge branch 'bc/object-id'Junio C Hamano
Conversion from unsigned char [40] to struct object_id continues. * bc/object-id: Documentation: update and rename api-sha1-array.txt Rename sha1_array to oid_array Convert sha1_array_for_each_unique and for_each_abbrev to object_id Convert sha1_array_lookup to take struct object_id Convert remaining callers of sha1_array_lookup to object_id Make sha1_array_append take a struct object_id * sha1-array: convert internal storage for struct sha1_array to object_id builtin/pull: convert to struct object_id submodule: convert check_for_new_submodule_commits to object_id sha1_name: convert disambiguate_hint_fn to take object_id sha1_name: convert struct disambiguate_state to object_id test-sha1-array: convert most code to struct object_id parse-options-cb: convert sha1_array_append caller to struct object_id fsck: convert init_skiplist to struct object_id builtin/receive-pack: convert portions to struct object_id builtin/pull: convert portions to struct object_id builtin/diff: convert to struct object_id Convert GIT_SHA1_RAWSZ used for allocation to GIT_MAX_RAWSZ Convert GIT_SHA1_HEXSZ used for allocation to GIT_MAX_HEXSZ Define new hash-size constants for allocating memory
2017-04-19xgethostname: handle long hostnamesDavid Turner
If the full hostname doesn't fit in the buffer supplied to gethostname, POSIX does not specify whether the buffer will be null-terminated, so to be safe, we should do it ourselves. Introduce new function, xgethostname, which ensures that there is always a \0 at the end of the buffer. Signed-off-by: David Turner <> Signed-off-by: Junio C Hamano <>
2017-04-19use HOST_NAME_MAX to size buffers for gethostname(2)René Scharfe
POSIX limits the length of host names to HOST_NAME_MAX. Export the fallback definition from daemon.c and use this constant to make all buffers used with gethostname(2) big enough for any possible result and a terminating NUL. Inspired-by: David Turner <> Signed-off-by: Rene Scharfe <> Signed-off-by: David Turner <> Reviewed-by: Jonathan Nieder <> Signed-off-by: Junio C Hamano <>
2017-04-19ls-files: fix path used when recursing into submodulesJacob Keller
Don't assume that the current working directory is the root of the repository. Correctly generate the path for the recursing child processes by building it from the work_tree() root instead. Otherwise if we run ls-files using --git-dir or --work-tree it will not work correctly as it attempts to change directory into a potentially invalid location. Best case, it doesn't exist and we produce an error. Worst case we cd into the wrong location and unknown behavior occurs. Add a new test which highlights this possibility. Signed-off-by: Jacob Keller <> Signed-off-by: Junio C Hamano <>
2017-04-18replace: plug a memory leakJunio C Hamano
Recent update to for_each_replace_name() to make it use a strbuf in place of a fixed buffer forgot to release the memory held by the strbuf before leaving the function. Signed-off-by: Junio C Hamano <>
2017-04-18config: prepare to pass more info in git_config_with_options()Nguyễn Thái Ngọc Duy
So far we can only pass one flag, respect_includes, to thie function. We need to pass some more (non-flag even), so let's make it accept a struct instead of an integer. Signed-off-by: Nguyễn Thái Ngọc Duy <> Signed-off-by: Junio C Hamano <>
2017-04-18ls-files: fix recurse-submodules with nested submodulesJacob Keller
Since commit e77aa336f116 ("ls-files: optionally recurse into submodules", 2016-10-07) ls-files has known how to recurse into submodules when displaying files. Unfortunately this fails for certain cases, including when nesting more than one submodule, called from within a submodule that itself has submodules, or when the GIT_DIR environemnt variable is set. Prior to commit b58a68c1c187 ("setup: allow for prefix to be passed to git commands", 2017-03-17) this resulted in an error indicating that --prefix and --super-prefix were incompatible. After this commit, instead, the process loops forever with a GIT_DIR set to the parent and continuously reads the parent submodule files and recursing forever. Fix this by preparing the environment properly for submodules when setting up the child process. This is similar to how other commands such as grep behave. This was not caught by the original tests because the scenario is avoided if the submodules are created separately and not stored as the standard method of putting the submodule git directory under .git/modules/<name>. We can update the test to show the failure by the addition of "git submodule absorbgitdirs" to the test case. However, note that this new test would run forever without the necessary fix in this patch. Signed-off-by: Jacob Keller <> Signed-off-by: Junio C Hamano <>
2017-04-17Merge branch 'js/difftool-builtin'Junio C Hamano
Code cleanup. * js/difftool-builtin: difftool: fix use-after-free difftool: avoid strcpy
2017-04-17Merge branch 'jk/loose-object-info-report-error'Junio C Hamano
Update error handling for codepath that deals with corrupt loose objects. * jk/loose-object-info-report-error: index-pack: detect local corruption in collision check sha1_loose_object_info: return error for corrupted objects
2017-04-17Merge branch 'jk/snprintf-cleanups'Junio C Hamano
Code clean-up. * jk/snprintf-cleanups: daemon: use an argv_array to exec children gc: replace local buffer with git_path transport-helper: replace checked snprintf with xsnprintf convert unchecked snprintf into xsnprintf combine-diff: replace malloc/snprintf with xstrfmt replace unchecked snprintf calls with heap buffers receive-pack: print --pack-header directly into argv array name-rev: replace static buffer with strbuf create_branch: use xstrfmt for reflog message create_branch: move msg setup closer to point of use avoid using mksnpath for refs avoid using fixed PATH_MAX buffers for refs fetch: use heap buffer to format reflog tag: use strbuf to format tag header diff: avoid fixed-size buffer for patch-ids odb_mkstemp: use git_path_buf odb_mkstemp: write filename into strbuf do not check odb_mkstemp return value for errors
2017-04-17am: close stream on error, but not stdinRené Scharfe
Avoid closing stdin, but do close an actual input file on error exit. Found with Cppcheck. Signed-off-by: Rene Scharfe <> Reviewed-by: Jeff King <> Signed-off-by: Junio C Hamano <>
2017-04-17builtin/am: fold am_signoff() into am_append_signoff()Giuseppe Bilotta
There are no more direct calls to am_signoff(), so we can fold its logic in am_append_signoff(). (This is done in a separate commit rather than in the previous one, to make it easier to revert this specific change if additional calls are ever introduced.) Signed-off-by: Giuseppe Bilotta <> Signed-off-by: Junio C Hamano <>
2017-04-17builtin/am: honor --signoff also when --rebasingGiuseppe Bilotta
Signoff is handled in parse_mail(), but not in parse_mail_rebasing(), since the latter is only used when git-rebase calls git-am with the --rebasing option, and --signoff is never passed in this case. In order to introduce (in the upcoming commits) support for `git-rebase --signoff`, we must make git-am pay attention to it also in the rebase case. This can be done by moving the conditional addition of the signoff from parse_mail() to the caller am_run(), after either of the parse_mail*() functions were called. Signed-off-by: Giuseppe Bilotta <> Signed-off-by: Junio C Hamano <>
2017-04-17receive-pack: drop tmp_objdir_env from run_update_hookJeff King
Since 722ff7f87 (receive-pack: quarantine objects until pre-receive accepts, 2016-10-03), we have to feed the pre-receive hook the tmp_objdir environment, so that git programs run from the hook know where to find the objects. That commit modified run_update_hook() to do the same, but there it is a noop. By the time we get to the update hooks, we have already migrated the objects from quarantine, and so tmp_objdir_env() will always return NULL. We can drop this useless call. Note that the ordering here and the lack of support for the update hook is intentional. The update hook calls are interspersed with actual ref updates, and we must migrate the objects before any refs are updated (since otherwise those refs would appear broken to outside processes). So the only other options are: - remain in quarantine for the _first_ ref, but not the others. This is sufficiently confusing that it can be rejected outright. - run all the individual update hooks first, then migrate, then update all the refs. But this changes the repository state that the update hooks see (i.e., whether or not refs from the same push are updated yet or not). So the functionality is fine and remains unchanged with this patch; we're just cleaning up a useless and confusing line of code. Signed-off-by: Jeff King <> Signed-off-by: Junio C Hamano <>
2017-04-17grep: plug a trivial memory leakÆvar Arnfjörð Bjarmason
Change the cleanup phase for the grep command to free the pathspec struct that's allocated earlier in the same block, and used just a few lines earlier. With "grep hi" valgrind reports a loss of 239 bytes now, down from 351. The relevant --num-callers=40 --leak-check=full --show-leak-kinds=all backtrace is: [...] 187 (112 direct, 75 indirect) bytes in 1 blocks are definitely lost in loss record 70 of 110 [...] at 0x4C2BBAF: malloc (in /usr/lib/valgrind/ [...] by 0x60B339: do_xmalloc (wrapper.c:59) [...] by 0x60B2F6: xmalloc (wrapper.c:86) [...] by 0x576B37: parse_pathspec (pathspec.c:652) [...] by 0x4519F0: cmd_grep (grep.c:1215) [...] by 0x4062EF: run_builtin (git.c:371) [...] by 0x40544D: handle_builtin (git.c:572) [...] by 0x4060A2: run_argv (git.c:624) [...] by 0x4051C6: cmd_main (git.c:701) [...] by 0x4C5901: main (common-main.c:43) Signed-off-by: Ævar Arnfjörð Bjarmason <> Acked-by: Brandon Williams <> Signed-off-by: Junio C Hamano <>
2017-04-15read-cache: force_verify_index_checksumJeff Hostetler
Teach git to skip verification of the SHA1-1 checksum at the end of the index file in verify_hdr() which is called from read_index() unless the "force_verify_index_checksum" global variable is set. Teach fsck to force this verification. The checksum verification is for detecting disk corruption, and for small projects, the time it takes to compute SHA-1 is not that significant, but for gigantic repositories this calculation adds significant time to every command. These effect can be seen using t/perf/ Test HEAD~1 HEAD -------------------------------------------------------------------------------------- 0002.1: read_cache/discard_cache 1000 times 0.66(0.44+0.20) 0.30(0.27+0.02) -54.5% Signed-off-by: Jeff Hostetler <> Signed-off-by: Junio C Hamano <>
2017-04-15path.c: and an option to call real_path() in expand_user_path()Nguyễn Thái Ngọc Duy
In the next patch we need the ability to expand '~' to real_path($HOME). But we can't do that from outside because '~' is part of a pattern, not a true path. Add an option to expand_user_path() to do so. Signed-off-by: Nguyễn Thái Ngọc Duy <> Signed-off-by: Junio C Hamano <>
2017-04-14refs: delete pack_refs() in favor of refs_pack_refs()Nguyễn Thái Ngọc Duy
It only has one caller, not worth keeping just for convenience. Signed-off-by: Nguyễn Thái Ngọc Duy <> Signed-off-by: Junio C Hamano <>
2017-04-14submodule--helper: fix typo in is_active error messageStefan Beller
Signed-off-by: Stefan Beller <> Signed-off-by: Junio C Hamano <>
2017-04-14difftool: fix use-after-freeJohannes Schindelin
The left and right base directories were pointed to the buf field of two strbufs, which were subject to change. A contrived test case shows the problem where a file with a long enough name to force the strbuf to grow is up-to-date (hence the code path is used where the work tree's version of the file is reused), and then a file that is not up-to-date needs to be written (hence the code path is used where checkout_entry() uses the previously recorded base_dir that is invalid by now). Let's just copy the base_dir strings for use with checkout_entry(), never touch them until the end, and release them then. This is an easily verifiable fix (as opposed to the next-obvious alternative: to re-set base_dir after every loop iteration). This fixes Signed-off-by: Johannes Schindelin <> Reviewed-by: Jonathan Nieder <> Signed-off-by: Junio C Hamano <>
2017-04-11submodule--helper: add push-check subcommandBrandon Williams
Add the 'push-check' subcommand to submodule--helper which is used to check if the provided remote and refspec can be used as part of a push operation in the submodule. Signed-off-by: Brandon Williams <> Signed-off-by: Junio C Hamano <>
2017-04-11Merge branch 'cc/untracked'Junio C Hamano
Code cleanup. * cc/untracked: update-index: fix xgetcwd() related memory leak
2017-04-11Merge branch 'ah/log-decorate-default-to-auto'Junio C Hamano
The default behaviour of "git log" in an interactive session has been changed to enable "--decorate". * ah/log-decorate-default-to-auto: log: if --decorate is not given, default to --decorate=auto
2017-04-11Merge branch 'ab/ref-filter-no-contains'Junio C Hamano
"git tag/branch/for-each-ref" family of commands long allowed to filter the refs by "--contains X" (show only the refs that are descendants of X), "--merged X" (show only the refs that are ancestors of X), "--no-merged X" (show only the refs that are not ancestors of X). One curious omission, "--no-contains X" (show only the refs that are not descendants of X) has been added to them. * ab/ref-filter-no-contains: tag: add tests for --with and --without ref-filter: reflow recently changed branch/tag/for-each-ref docs ref-filter: add --no-contains option to tag/branch/for-each-ref tag: change --point-at to default to HEAD tag: implicitly supply --list given another list-like option tag: change misleading --list <pattern> documentation parse-options: add OPT_NONEG to the "contains" option tag: add more incompatibles mode tests for-each-ref: partly change <object> to <commit> in help tag tests: fix a typo in a test description tag: remove a TODO item from the test suite ref-filter: add test for --contains on a non-commit ref-filter: make combining --merged & --no-merged an error tag doc: reword --[no-]merged to talk about commits, not tips tag doc: split up the --[no-]merged documentation tag doc: move the description of --[no-]merged earlier