diff --git a/Documentation/RelNotes/2.4.11.txt b/Documentation/RelNotes/2.4.11.txt new file mode 100644 index 0000000000..723360295c --- /dev/null +++ b/Documentation/RelNotes/2.4.11.txt @@ -0,0 +1,11 @@ +Git v2.4.11 Release Notes +========================= + +Fixes since v2.4.10 +------------------- + + * Bugfix patches were backported from the 'master' front to plug heap + corruption holes, to catch integer overflow in the computation of + pathname lengths, and to get rid of the name_path API. Both of + these would have resulted in writing over an under-allocated buffer + when formulating pathnames while tree traversal. diff --git a/Documentation/git.txt b/Documentation/git.txt index 1a262757dc..5449d7b35c 100644 --- a/Documentation/git.txt +++ b/Documentation/git.txt @@ -52,9 +52,10 @@ Documentation for older releases are available here: link:RelNotes/2.5.1.txt[2.5.1], link:RelNotes/2.5.0.txt[2.5]. -* link:v2.4.10/git.html[documentation for release 2.4.10] +* link:v2.4.11/git.html[documentation for release 2.4.11] * release notes for + link:RelNotes/2.4.11.txt[2.4.11], link:RelNotes/2.4.10.txt[2.4.10], link:RelNotes/2.4.9.txt[2.4.9], link:RelNotes/2.4.8.txt[2.4.8], diff --git a/builtin/pack-objects.c b/builtin/pack-objects.c index 80fe8c7dc1..53307d53b0 100644 --- a/builtin/pack-objects.c +++ b/builtin/pack-objects.c @@ -2284,21 +2284,11 @@ static void show_commit(struct commit *commit, void *data) index_commit_for_bitmap(commit); } -static void show_object(struct object *obj, - const struct name_path *path, const char *last, - void *data) +static void show_object(struct object *obj, const char *name, void *data) { - char *name = path_name(path, last); - add_preferred_base_object(name); add_object_entry(obj->sha1, obj->type, name, 0); obj->flags |= OBJECT_ADDED; - - /* - * We will have generated the hash from the name, - * but not saved a pointer to it - we can free it - */ - free((char *)name); } static void show_edge(struct commit *commit) @@ -2480,8 +2470,7 @@ static int get_object_list_from_bitmap(struct rev_info *revs) } static void record_recent_object(struct object *obj, - const struct name_path *path, - const char *last, + const char *name, void *data) { sha1_array_append(&recent_objects, obj->sha1); diff --git a/builtin/rev-list.c b/builtin/rev-list.c index d80d1ed359..4c46341749 100644 --- a/builtin/rev-list.c +++ b/builtin/rev-list.c @@ -177,9 +177,7 @@ static void finish_commit(struct commit *commit, void *data) free_commit_buffer(commit); } -static void finish_object(struct object *obj, - const struct name_path *path, const char *name, - void *cb_data) +static void finish_object(struct object *obj, const char *name, void *cb_data) { struct rev_list_info *info = cb_data; if (obj->type == OBJ_BLOB && !has_sha1_file(obj->sha1)) @@ -188,15 +186,13 @@ static void finish_object(struct object *obj, parse_object(obj->sha1); } -static void show_object(struct object *obj, - const struct name_path *path, const char *component, - void *cb_data) +static void show_object(struct object *obj, const char *name, void *cb_data) { struct rev_list_info *info = cb_data; - finish_object(obj, path, component, cb_data); + finish_object(obj, name, cb_data); if (info->flags & REV_LIST_QUIET) return; - show_object_with_name(stdout, obj, path, component); + show_object_with_name(stdout, obj, name); } static void show_edge(struct commit *commit) diff --git a/diff.h b/diff.h index c7ad42addf..37e43bc537 100644 --- a/diff.h +++ b/diff.h @@ -221,8 +221,8 @@ struct combine_diff_path { } parent[FLEX_ARRAY]; }; #define combine_diff_path_size(n, l) \ - (sizeof(struct combine_diff_path) + \ - sizeof(struct combine_diff_parent) * (n) + (l) + 1) + st_add4(sizeof(struct combine_diff_path), (l), 1, \ + st_mult(sizeof(struct combine_diff_parent), (n))) extern void show_combined_diff(struct combine_diff_path *elem, int num_parent, int dense, struct rev_info *); diff --git a/git-compat-util.h b/git-compat-util.h index 076461e8c8..d20fa89d5f 100644 --- a/git-compat-util.h +++ b/git-compat-util.h @@ -96,6 +96,14 @@ #define unsigned_add_overflows(a, b) \ ((b) > maximum_unsigned_value_of_type(a) - (a)) +/* + * Returns true if the multiplication of "a" and "b" will + * overflow. The types of "a" and "b" must match and must be unsigned. + * Note that this macro evaluates "a" twice! + */ +#define unsigned_mult_overflows(a, b) \ + ((a) && (b) > maximum_unsigned_value_of_type(a) / (a)) + #ifdef __GNUC__ #define TYPEOF(x) (__typeof__(x)) #else @@ -699,6 +707,32 @@ extern void release_pack_memory(size_t); typedef void (*try_to_free_t)(size_t); extern try_to_free_t set_try_to_free_routine(try_to_free_t); +static inline size_t st_add(size_t a, size_t b) +{ + if (unsigned_add_overflows(a, b)) + die("size_t overflow: %"PRIuMAX" + %"PRIuMAX, + (uintmax_t)a, (uintmax_t)b); + return a + b; +} +#define st_add3(a,b,c) st_add((a),st_add((b),(c))) +#define st_add4(a,b,c,d) st_add((a),st_add3((b),(c),(d))) + +static inline size_t st_mult(size_t a, size_t b) +{ + if (unsigned_mult_overflows(a, b)) + die("size_t overflow: %"PRIuMAX" * %"PRIuMAX, + (uintmax_t)a, (uintmax_t)b); + return a * b; +} + +static inline size_t st_sub(size_t a, size_t b) +{ + if (a < b) + die("size_t underflow: %"PRIuMAX" - %"PRIuMAX, + (uintmax_t)a, (uintmax_t)b); + return a - b; +} + #ifdef HAVE_ALLOCA_H # include # define xalloca(size) (alloca(size)) diff --git a/http-push.c b/http-push.c index c98dad23df..834190941e 100644 --- a/http-push.c +++ b/http-push.c @@ -1276,9 +1276,7 @@ static struct object_list **add_one_object(struct object *obj, struct object_lis } static struct object_list **process_blob(struct blob *blob, - struct object_list **p, - struct name_path *path, - const char *name) + struct object_list **p) { struct object *obj = &blob->object; @@ -1292,14 +1290,11 @@ static struct object_list **process_blob(struct blob *blob, } static struct object_list **process_tree(struct tree *tree, - struct object_list **p, - struct name_path *path, - const char *name) + struct object_list **p) { struct object *obj = &tree->object; struct tree_desc desc; struct name_entry entry; - struct name_path me; obj->flags |= LOCAL; @@ -1309,21 +1304,17 @@ static struct object_list **process_tree(struct tree *tree, die("bad tree object %s", sha1_to_hex(obj->sha1)); obj->flags |= SEEN; - name = xstrdup(name); p = add_one_object(obj, p); - me.up = path; - me.elem = name; - me.elem_len = strlen(name); init_tree_desc(&desc, tree->buffer, tree->size); while (tree_entry(&desc, &entry)) switch (object_type(entry.mode)) { case OBJ_TREE: - p = process_tree(lookup_tree(entry.sha1), p, &me, name); + p = process_tree(lookup_tree(entry.sha1), p); break; case OBJ_BLOB: - p = process_blob(lookup_blob(entry.sha1), p, &me, name); + p = process_blob(lookup_blob(entry.sha1), p); break; default: /* Subproject commit - not in this repository */ @@ -1342,7 +1333,7 @@ static int get_delta(struct rev_info *revs, struct remote_lock *lock) int count = 0; while ((commit = get_revision(revs)) != NULL) { - p = process_tree(commit->tree, p, NULL, ""); + p = process_tree(commit->tree, p); commit->object.flags |= LOCAL; if (!(commit->object.flags & UNINTERESTING)) count += add_send_request(&commit->object, lock); @@ -1361,11 +1352,11 @@ static int get_delta(struct rev_info *revs, struct remote_lock *lock) continue; } if (obj->type == OBJ_TREE) { - p = process_tree((struct tree *)obj, p, NULL, name); + p = process_tree((struct tree *)obj, p); continue; } if (obj->type == OBJ_BLOB) { - p = process_blob((struct blob *)obj, p, NULL, name); + p = process_blob((struct blob *)obj, p); continue; } die("unknown pending object %s (%s)", sha1_to_hex(obj->sha1), name); diff --git a/list-objects.c b/list-objects.c index 41736d2372..37d0d10ab2 100644 --- a/list-objects.c +++ b/list-objects.c @@ -11,11 +11,12 @@ static void process_blob(struct rev_info *revs, struct blob *blob, show_object_fn show, - struct name_path *path, + struct strbuf *path, const char *name, void *cb_data) { struct object *obj = &blob->object; + size_t pathlen; if (!revs->blob_objects) return; @@ -24,7 +25,11 @@ static void process_blob(struct rev_info *revs, if (obj->flags & (UNINTERESTING | SEEN)) return; obj->flags |= SEEN; - show(obj, path, name, cb_data); + + pathlen = path->len; + strbuf_addstr(path, name); + show(obj, path->buf, cb_data); + strbuf_setlen(path, pathlen); } /* @@ -52,7 +57,7 @@ static void process_blob(struct rev_info *revs, static void process_gitlink(struct rev_info *revs, const unsigned char *sha1, show_object_fn show, - struct name_path *path, + struct strbuf *path, const char *name, void *cb_data) { @@ -62,7 +67,6 @@ static void process_gitlink(struct rev_info *revs, static void process_tree(struct rev_info *revs, struct tree *tree, show_object_fn show, - struct name_path *path, struct strbuf *base, const char *name, void *cb_data) @@ -70,7 +74,6 @@ static void process_tree(struct rev_info *revs, struct object *obj = &tree->object; struct tree_desc desc; struct name_entry entry; - struct name_path me; enum interesting match = revs->diffopt.pathspec.nr == 0 ? all_entries_interesting: entry_not_interesting; int baselen = base->len; @@ -86,17 +89,12 @@ static void process_tree(struct rev_info *revs, return; die("bad tree object %s", sha1_to_hex(obj->sha1)); } - obj->flags |= SEEN; - show(obj, path, name, cb_data); - me.up = path; - me.elem = name; - me.elem_len = strlen(name); - if (!match) { - strbuf_addstr(base, name); - if (base->len) - strbuf_addch(base, '/'); - } + obj->flags |= SEEN; + strbuf_addstr(base, name); + show(obj, base->buf, cb_data); + if (base->len) + strbuf_addch(base, '/'); init_tree_desc(&desc, tree->buffer, tree->size); @@ -113,16 +111,16 @@ static void process_tree(struct rev_info *revs, if (S_ISDIR(entry.mode)) process_tree(revs, lookup_tree(entry.sha1), - show, &me, base, entry.path, + show, base, entry.path, cb_data); else if (S_ISGITLINK(entry.mode)) process_gitlink(revs, entry.sha1, - show, &me, entry.path, + show, base, entry.path, cb_data); else process_blob(revs, lookup_blob(entry.sha1), - show, &me, entry.path, + show, base, entry.path, cb_data); } strbuf_setlen(base, baselen); @@ -213,19 +211,19 @@ void traverse_commit_list(struct rev_info *revs, continue; if (obj->type == OBJ_TAG) { obj->flags |= SEEN; - show_object(obj, NULL, name, data); + show_object(obj, name, data); continue; } if (!path) path = ""; if (obj->type == OBJ_TREE) { process_tree(revs, (struct tree *)obj, show_object, - NULL, &base, path, data); + &base, path, data); continue; } if (obj->type == OBJ_BLOB) { process_blob(revs, (struct blob *)obj, show_object, - NULL, path, data); + &base, path, data); continue; } die("unknown pending object %s (%s)", diff --git a/list-objects.h b/list-objects.h index 136a1da5a6..0cebf8585c 100644 --- a/list-objects.h +++ b/list-objects.h @@ -2,7 +2,7 @@ #define LIST_OBJECTS_H typedef void (*show_commit_fn)(struct commit *, void *); -typedef void (*show_object_fn)(struct object *, const struct name_path *, const char *, void *); +typedef void (*show_object_fn)(struct object *, const char *, void *); void traverse_commit_list(struct rev_info *, show_commit_fn, show_object_fn, void *); typedef void (*show_edge_fn)(struct commit *); diff --git a/pack-bitmap-write.c b/pack-bitmap-write.c index c05d1386af..b2f6cb537c 100644 --- a/pack-bitmap-write.c +++ b/pack-bitmap-write.c @@ -148,8 +148,7 @@ static uint32_t find_object_pos(const unsigned char *sha1) return entry->in_pack_pos; } -static void show_object(struct object *object, const struct name_path *path, - const char *last, void *data) +static void show_object(struct object *object, const char *name, void *data) { struct bitmap *base = data; bitmap_set(base, find_object_pos(object->sha1)); diff --git a/pack-bitmap.c b/pack-bitmap.c index 637770af81..aee7acf392 100644 --- a/pack-bitmap.c +++ b/pack-bitmap.c @@ -422,19 +422,15 @@ static int ext_index_add_object(struct object *object, const char *name) return bitmap_pos + bitmap_git.pack->num_objects; } -static void show_object(struct object *object, const struct name_path *path, - const char *last, void *data) +static void show_object(struct object *object, const char *name, void *data) { struct bitmap *base = data; int bitmap_pos; bitmap_pos = bitmap_position(object->sha1); - if (bitmap_pos < 0) { - char *name = path_name(path, last); + if (bitmap_pos < 0) bitmap_pos = ext_index_add_object(object, name); - free(name); - } bitmap_set(base, bitmap_pos); } @@ -902,9 +898,8 @@ struct bitmap_test_data { size_t seen; }; -static void test_show_object(struct object *object, - const struct name_path *path, - const char *last, void *data) +static void test_show_object(struct object *object, const char *name, + void *data) { struct bitmap_test_data *tdata = data; int bitmap_pos; diff --git a/reachable.c b/reachable.c index 9cff25b490..59196253a6 100644 --- a/reachable.c +++ b/reachable.c @@ -37,15 +37,14 @@ static int add_one_ref(const char *path, const struct object_id *oid, * The traversal will have already marked us as SEEN, so we * only need to handle any progress reporting here. */ -static void mark_object(struct object *obj, const struct name_path *path, - const char *name, void *data) +static void mark_object(struct object *obj, const char *name, void *data) { update_progress(data); } static void mark_commit(struct commit *c, void *data) { - mark_object(&c->object, NULL, NULL, data); + mark_object(&c->object, NULL, data); } struct recent_data { diff --git a/revision.c b/revision.c index 9b9d77dc43..8f30ab1e46 100644 --- a/revision.c +++ b/revision.c @@ -21,69 +21,13 @@ volatile show_early_output_fn_t show_early_output; -char *path_name(const struct name_path *path, const char *name) +void show_object_with_name(FILE *out, struct object *obj, const char *name) { - const struct name_path *p; - char *n, *m; - int nlen = strlen(name); - int len = nlen + 1; - - for (p = path; p; p = p->up) { - if (p->elem_len) - len += p->elem_len + 1; - } - n = xmalloc(len); - m = n + len - (nlen + 1); - strcpy(m, name); - for (p = path; p; p = p->up) { - if (p->elem_len) { - m -= p->elem_len + 1; - memcpy(m, p->elem, p->elem_len); - m[p->elem_len] = '/'; - } - } - return n; -} - -static int show_path_component_truncated(FILE *out, const char *name, int len) -{ - int cnt; - for (cnt = 0; cnt < len; cnt++) { - int ch = name[cnt]; - if (!ch || ch == '\n') - return -1; - fputc(ch, out); - } - return len; -} - -static int show_path_truncated(FILE *out, const struct name_path *path) -{ - int emitted, ours; - - if (!path) - return 0; - emitted = show_path_truncated(out, path->up); - if (emitted < 0) - return emitted; - if (emitted) - fputc('/', out); - ours = show_path_component_truncated(out, path->elem, path->elem_len); - if (ours < 0) - return ours; - return ours || emitted; -} - -void show_object_with_name(FILE *out, struct object *obj, - const struct name_path *path, const char *component) -{ - struct name_path leaf; - leaf.up = (struct name_path *)path; - leaf.elem = component; - leaf.elem_len = strlen(component); + const char *p; fprintf(out, "%s ", sha1_to_hex(obj->sha1)); - show_path_truncated(out, &leaf); + for (p = name; *p && *p != '\n'; p++) + fputc(*p, out); fputc('\n', out); } diff --git a/revision.h b/revision.h index 0ea8b4e255..1b58aacc03 100644 --- a/revision.h +++ b/revision.h @@ -256,16 +256,9 @@ extern void put_revision_mark(const struct rev_info *revs, extern void mark_parents_uninteresting(struct commit *commit); extern void mark_tree_uninteresting(struct tree *tree); -struct name_path { - struct name_path *up; - int elem_len; - const char *elem; -}; +char *path_name(struct strbuf *path, const char *name); -char *path_name(const struct name_path *path, const char *name); - -extern void show_object_with_name(FILE *, struct object *, - const struct name_path *, const char *); +extern void show_object_with_name(FILE *, struct object *, const char *); extern void add_pending_object(struct rev_info *revs, struct object *obj, const char *name); diff --git a/tree-diff.c b/tree-diff.c index 290a1da4ce..4dda9a14ab 100644 --- a/tree-diff.c +++ b/tree-diff.c @@ -124,8 +124,8 @@ static struct combine_diff_path *path_appendnew(struct combine_diff_path *last, unsigned mode, const unsigned char *sha1) { struct combine_diff_path *p; - int len = base->len + pathlen; - int alloclen = combine_diff_path_size(nparent, len); + size_t len = st_add(base->len, pathlen); + size_t alloclen = combine_diff_path_size(nparent, len); /* if last->next is !NULL - it is a pre-allocated memory, we can reuse */ p = last->next;