gitweb.git
Merge branch 'mf/no-dashed-subcommands' into maintJunio C Hamano Sun, 10 Sep 2017 08:02:56 +0000 (17:02 +0900)

Merge branch 'mf/no-dashed-subcommands' into maint

Code clean-up.

* mf/no-dashed-subcommands:
scripts: use "git foo" not "git-foo"

Merge branch 'ab/ref-filter-no-contains' into maintJunio C Hamano Sun, 10 Sep 2017 08:02:56 +0000 (17:02 +0900)

Merge branch 'ab/ref-filter-no-contains' into maint

A test fix.

* ab/ref-filter-no-contains:
tests: don't give unportable ">" to "test" built-in, use -gt

Merge branch 'rs/archive-excluded-directory' into maintJunio C Hamano Sun, 10 Sep 2017 08:02:55 +0000 (17:02 +0900)

Merge branch 'rs/archive-excluded-directory' into maint

"git archive" did not work well with pathspecs and the
export-ignore attribute.

We may want to resurrect the "we don't archive an empty directory"
bonus patch, but I do not mind merging the above early to 'next'
and leave it as a separate follow-up enhancement.
cf. <20170820090629.tumvqwzkromcykjf@sigill.intra.peff.net>

* rs/archive-excluded-directory:
archive: don't queue excluded directories
archive: factor out helper functions for handling attributes
t5001: add tests for export-ignore attributes and exclude pathspecs

Merge branch 'mg/killed-merge' into maintJunio C Hamano Sun, 10 Sep 2017 08:02:55 +0000 (17:02 +0900)

Merge branch 'mg/killed-merge' into maint

Killing "git merge --edit" before the editor returns control left
the repository in a state with MERGE_MSG but without MERGE_HEAD,
which incorrectly tells the subsequent "git commit" that there was
a squash merge in progress. This has been fixed.

* mg/killed-merge:
merge: save merge state earlier
merge: split write_merge_state in two
merge: clarify call chain
Documentation/git-merge: explain --continue

Merge branch 'tb/apply-with-crlf' into maintJunio C Hamano Sun, 10 Sep 2017 08:02:55 +0000 (17:02 +0900)

Merge branch 'tb/apply-with-crlf' into maint

"git apply" that is used as a better "patch -p1" failed to apply a
taken from a file with CRLF line endings to a file with CRLF line
endings. The root cause was because it misused convert_to_git()
that tried to do "safe-crlf" processing by looking at the index
entry at the same path, which is a nonsense---in that mode, "apply"
is not working on the data in (or derived from) the index at all.
This has been fixed.

* tb/apply-with-crlf:
apply: file commited with CRLF should roundtrip diff and apply
convert: add SAFE_CRLF_KEEP_CRLF

Merge branch 'cc/subprocess-handshake-missing-capabilit... Junio C Hamano Sun, 10 Sep 2017 08:02:55 +0000 (17:02 +0900)

Merge branch 'cc/subprocess-handshake-missing-capabilities' into maint

When handshake with a subprocess filter notices that the process
asked for an unknown capability, Git did not report what program
the offending subprocess was running. This has been corrected.

We may want a follow-up fix to tighten the error checking, though.

* cc/subprocess-handshake-missing-capabilities:
sub-process: print the cmd when a capability is unsupported

Merge branch 'as/grep-quiet-no-match-exit-code-fix... Junio C Hamano Sun, 10 Sep 2017 08:02:55 +0000 (17:02 +0900)

Merge branch 'as/grep-quiet-no-match-exit-code-fix' into maint

"git grep -L" and "git grep --quiet -L" reported different exit
codes; this has been corrected.

* as/grep-quiet-no-match-exit-code-fix:
git-grep: correct exit code with --quiet and -L

Merge branch 'kd/stash-with-bash-4.4' into maintJunio C Hamano Sun, 10 Sep 2017 08:02:54 +0000 (17:02 +0900)

Merge branch 'kd/stash-with-bash-4.4' into maint

bash 4.4 or newer gave a warning on NUL byte in command
substitution done in "git stash"; this has been squelched.

* kd/stash-with-bash-4.4:
stash: prevent warning about null bytes in input

Merge branch 'rs/win32-syslog-leakfix' into maintJunio C Hamano Sun, 10 Sep 2017 08:02:54 +0000 (17:02 +0900)

Merge branch 'rs/win32-syslog-leakfix' into maint

Memory leak in an error codepath has been plugged.

* rs/win32-syslog-leakfix:
win32: plug memory leak on realloc() failure in syslog()

Merge branch 'rs/unpack-entry-leakfix' into maintJunio C Hamano Sun, 10 Sep 2017 08:02:53 +0000 (17:02 +0900)

Merge branch 'rs/unpack-entry-leakfix' into maint

Memory leak in an error codepath has been plugged.

* rs/unpack-entry-leakfix:
sha1_file: release delta_stack on error in unpack_entry()

Merge branch 'rs/fsck-obj-leakfix' into maintJunio C Hamano Sun, 10 Sep 2017 08:02:52 +0000 (17:02 +0900)

Merge branch 'rs/fsck-obj-leakfix' into maint

Memory leak in an error codepath has been plugged.

* rs/fsck-obj-leakfix:
fsck: free buffers on error in fsck_obj()

Merge branch 'ur/svn-local-zone' into maintJunio C Hamano Sun, 10 Sep 2017 08:02:52 +0000 (17:02 +0900)

Merge branch 'ur/svn-local-zone' into maint

"git svn" used with "--localtime" option did not compute the tz
offset for the timestamp in question and instead always used the
current time, which has been corrected.

* ur/svn-local-zone:
git svn fetch: Create correct commit timestamp when using --localtime

Merge branch 'pw/am-signoff' into maintJunio C Hamano Sun, 10 Sep 2017 08:02:51 +0000 (17:02 +0900)

Merge branch 'pw/am-signoff' into maint

"git am -s" has been taught that some input may end with a trailer
block that is not Signed-off-by: and it should refrain from adding
an extra blank line before adding a new sign-off in such a case.

* pw/am-signoff:
am: fix signoff when other trailers are present

Merge branch 'rs/in-obsd-basename-dirname-take-const... Junio C Hamano Sun, 10 Sep 2017 08:02:51 +0000 (17:02 +0900)

Merge branch 'rs/in-obsd-basename-dirname-take-const' into maint

Portability fix.

* rs/in-obsd-basename-dirname-take-const:
test-path-utils: handle const parameter of basename and dirname

Merge branch 'rs/t4062-obsd' into maintJunio C Hamano Sun, 10 Sep 2017 08:02:51 +0000 (17:02 +0900)

Merge branch 'rs/t4062-obsd' into maint

Test portability fix.

* rs/t4062-obsd:
t4062: use less than 256 repetitions in regex

Merge branch 'rs/obsd-getcwd-workaround' into maintJunio C Hamano Sun, 10 Sep 2017 08:02:50 +0000 (17:02 +0900)

Merge branch 'rs/obsd-getcwd-workaround' into maint

Test portability fix for BSDs.

* rs/obsd-getcwd-workaround:
t0001: skip test with restrictive permissions if getpwd(3) respects them

Merge branch 'bw/clone-recursive-quiet' into maintJunio C Hamano Sun, 10 Sep 2017 08:02:49 +0000 (17:02 +0900)

Merge branch 'bw/clone-recursive-quiet' into maint

"git clone --recurse-submodules --quiet" did not pass the quiet
option down to submodules.

* bw/clone-recursive-quiet:
clone: teach recursive clones to respect -q

Merge branch 'pw/sequence-rerere-autoupdate' into maintJunio C Hamano Sun, 10 Sep 2017 08:02:49 +0000 (17:02 +0900)

Merge branch 'pw/sequence-rerere-autoupdate' into maint

Commands like "git rebase" accepted the --rerere-autoupdate option
from the command line, but did not always use it. This has been
fixed.

* pw/sequence-rerere-autoupdate:
cherry-pick/revert: reject --rerere-autoupdate when continuing
cherry-pick/revert: remember --rerere-autoupdate
t3504: use test_commit
rebase -i: honor --rerere-autoupdate
rebase: honor --rerere-autoupdate
am: remember --rerere-autoupdate setting

Merge branch 'bw/push-options-recursively-to-submodules... Junio C Hamano Sun, 10 Sep 2017 08:02:49 +0000 (17:02 +0900)

Merge branch 'bw/push-options-recursively-to-submodules' into maint

"git push --recurse-submodules $there HEAD:$target" was not
propagated down to the submodules, but now it is.

* bw/push-options-recursively-to-submodules:
submodule--helper: teach push-check to handle HEAD

Merge branch 'ma/pager-per-subcommand-action' into... Junio C Hamano Sun, 10 Sep 2017 08:02:48 +0000 (17:02 +0900)

Merge branch 'ma/pager-per-subcommand-action' into maint

The "tag.pager" configuration variable was useless for those who
actually create tag objects, as it interfered with the use of an
editor. A new mechanism has been introduced for commands to enable
pager depending on what operation is being carried out to fix this,
and then "git tag -l" is made to run pager by default.

If this works out OK, I think there are low-hanging fruits in
other commands like "git branch" that outputs long list in one mode
while taking input in another.

* ma/pager-per-subcommand-action:
git.c: ignore pager.* when launching builtin as dashed external
tag: change default of `pager.tag` to "on"
tag: respect `pager.tag` in list-mode only
t7006: add tests for how git tag paginates
git.c: provide setup_auto_pager()
git.c: let builtins opt for handling `pager.foo` themselves
builtin.h: take over documentation from api-builtin.txt

Merge branch 'jk/rev-list-empty-input' into maintJunio C Hamano Sun, 10 Sep 2017 08:02:48 +0000 (17:02 +0900)

Merge branch 'jk/rev-list-empty-input' into maint

"git log --tag=no-such-tag" showed log starting from HEAD, which
has been fixed---it now shows nothing.

* jk/rev-list-empty-input:
revision: do not fallback to default when rev_input_given is set
rev-list: don't show usage when we see empty ref patterns
revision: add rev_input_given flag
t6018: flesh out empty input/output rev-list tests

Merge branch 'st/lib-gpg-kill-stray-agent' into maintJunio C Hamano Sun, 10 Sep 2017 08:02:48 +0000 (17:02 +0900)

Merge branch 'st/lib-gpg-kill-stray-agent' into maint

Some versions of GnuPG fails to kill gpg-agent it auto-spawned
and such a left-over agent can interfere with a test. Work it
around by attempting to kill one before starting a new test.

* st/lib-gpg-kill-stray-agent:
t: lib-gpg: flush gpg agent on startup

wt-status: release strbuf after use in wt_longstatus_pr... Rene Scharfe Wed, 30 Aug 2017 18:20:18 +0000 (20:20 +0200)

wt-status: release strbuf after use in wt_longstatus_print_tracking()

If format_tracking_info() returns 0, then it didn't touch its strbuf
parameter, so it's OK to exit early in that case. Clean up sb in the
other case.

Signed-off-by: Rene Scharfe <l.s.r@web.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

refs/files-backend: add `refname`, not "HEAD", to listMartin Ågren Sat, 9 Sep 2017 06:57:18 +0000 (08:57 +0200)

refs/files-backend: add `refname`, not "HEAD", to list

An earlier patch rewrote `split_symref_update()` to add a copy of a
string to a string list instead of adding the original string. That was
so that the original string could be freed in a later patch, but it is
also conceptually cleaner, since now all calls to `string_list_insert()`
and `string_list_append()` add `update->refname`. --- Except a literal
"HEAD" is added in `split_head_update()`.

Restructure `split_head_update()` in the same way as the earlier patch
did for `split_symref_update()`. This does not correct any practical
problem, but makes things conceptually cleaner. The downside is a call
to `string_list_has_string()`, which should be relatively cheap.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Martin Ågren <martin.agren@gmail.com>
Reviewed-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

refs/files-backend: correct return value in lock_ref_fo... Martin Ågren Sat, 9 Sep 2017 06:57:17 +0000 (08:57 +0200)

refs/files-backend: correct return value in lock_ref_for_update

In one code path we return a literal -1 and not a symbolic constant. The
value -1 would be interpreted as TRANSACTION_NAME_CONFLICT, which is
wrong. Use TRANSACTION_GENERIC_ERROR instead (that is the only other
return value we have to choose from).

Noticed-by: Michael Haggerty <mhagger@alum.mit.edu>
Reviewed-by: Michael Haggerty <mhagger@alum.mit.edu>
Signed-off-by: Martin Ågren <martin.agren@gmail.com>
Reviewed-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

refs/files-backend: fix memory leak in lock_ref_for_updateMartin Ågren Sat, 9 Sep 2017 06:57:16 +0000 (08:57 +0200)

refs/files-backend: fix memory leak in lock_ref_for_update

After the previous patch, none of the functions we call hold on to
`referent.buf`, so we can safely release the string buffer before
returning.

Reviewed-by: Michael Haggerty <mhagger@alum.mit.edu>
Signed-off-by: Martin Ågren <martin.agren@gmail.com>
Reviewed-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

refs/files-backend: add longer-scoped copy of string... Martin Ågren Sat, 9 Sep 2017 06:57:15 +0000 (08:57 +0200)

refs/files-backend: add longer-scoped copy of string to list

split_symref_update() receives a string-pointer `referent` and adds it
to the list of `affected_refnames`. The list simply holds on to the
pointers it is given, it does not copy the strings and it does not ever
free them. The `referent` string in split_symref_update() belongs to a
string buffer in the caller. After we return, the string will be leaked.

In the next patch, we want to properly release the string buffer in the
caller, but we can't safely do so until we've made sure that
`affected_refnames` will not be holding on to a pointer to the string.
We could configure the list to handle its own resources, but it would
mean some alloc/free-churning. The list is already handling other
strings (through other code paths) which we do not need to worry about,
and we'd be memory-churning those strings too, completely unnecessary.

Observe that split_symref_update() creates a `new_update`-object through
ref_transaction_add_update(), after which `new_update->refname` is a
copy of `referent`. The difference is, this copy will be freed, and it
will be freed *after* `affected_refnames` has been cleared.

Rearrange the handling of `referent`, so that we don't add it directly
to `affected_refnames`. Instead, first just check whether `referent`
exists in the string list, and later add `new_update->refname`.

Helped-by: Michael Haggerty <mhagger@alum.mit.edu>
Reviewed-by: Michael Haggerty <mhagger@alum.mit.edu>
Signed-off-by: Martin Ågren <martin.agren@gmail.com>
Reviewed-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

commit-tree: do not complete line in -F inputRoss Kabus Thu, 7 Sep 2017 14:41:11 +0000 (10:41 -0400)

commit-tree: do not complete line in -F input

"git commit-tree -F <file>", unlike "cat <file> | git
commit-tree" (i.e. feeding the same contents from the standard
input), added a missing final newline when the input ended in an
incomplete line.

Correct this inconsistency by leaving the incomplete line as-is,
as erring on the side of not touching the input is preferrable
and expected for a plumbing command like "commit-tree".

Signed-off-by: Ross Kabus <rkabus@aerotech.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

files_transaction_finish(): delete reflogs before refer... Michael Haggerty Fri, 8 Sep 2017 13:51:53 +0000 (15:51 +0200)

files_transaction_finish(): delete reflogs before references

If the deletion steps unexpectedly fail, it is less bad to leave a
reference without its reflog than it is to leave a reflog without its
reference, since the latter is an invalid repository state.

Signed-off-by: Michael Haggerty <mhagger@alum.mit.edu>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

packed-backend: rip out some now-unused codeMichael Haggerty Fri, 8 Sep 2017 13:51:52 +0000 (15:51 +0200)

packed-backend: rip out some now-unused code

Now the outside world interacts with the packed ref store only via the
generic refs API plus a few lock-related functions. This allows us to
delete some functions that are no longer used, thereby completing the
encapsulation of the packed ref store.

Signed-off-by: Michael Haggerty <mhagger@alum.mit.edu>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

files_ref_store: use a transaction to update packed... Michael Haggerty Fri, 8 Sep 2017 13:51:51 +0000 (15:51 +0200)

files_ref_store: use a transaction to update packed refs

When processing a `files_ref_store` transaction, it is sometimes
necessary to delete some references from the "packed-refs" file. Do
that using a reference transaction conducted against the
`packed_ref_store`.

This change further decouples `files_ref_store` from
`packed_ref_store`. It also fixes multiple problems, including the two
revealed by test cases added in the previous commit.

First, the old code didn't obtain the `packed-refs` lock until
`files_transaction_finish()`. This means that a failure to acquire the
`packed-refs` lock (e.g., due to contention with another process)
wasn't detected until it was too late (problems like this are supposed
to be detected in the "prepare" phase). The new code acquires the
`packed-refs` lock in `files_transaction_prepare()`, the same stage of
the processing when the loose reference locks are being acquired,
removing another reason why the "prepare" phase might succeed and the
"finish" phase might nevertheless fail.

Second, the old code deleted the loose version of a reference before
deleting any packed version of the same reference. This left a moment
when another process might think that the packed version of the
reference is current, which is incorrect. (Even worse, the packed
version of the reference can be arbitrarily old, and might even point
at an object that has since been garbage-collected.)

Third, if a reference deletion fails to acquire the `packed-refs` lock
altogether, then the old code might leave the repository in the
incorrect state (possibly corrupt) described in the previous
paragraph.

Now we activate the new "packed-refs" file (sans any references that
are being deleted) *before* deleting the corresponding loose
references. But we hold the "packed-refs" lock until after the loose
references have been finalized, thus preventing a simultaneous
"pack-refs" process from packing the loose version of the reference in
the time gap, which would otherwise defeat our attempt to delete it.

Signed-off-by: Michael Haggerty <mhagger@alum.mit.edu>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

t1404: demonstrate two problems with reference transactionsMichael Haggerty Fri, 8 Sep 2017 13:51:50 +0000 (15:51 +0200)

t1404: demonstrate two problems with reference transactions

Currently, a loose reference is deleted even before locking the
`packed-refs` file, let alone deleting any packed version of the
reference. This leads to two problems, demonstrated by two new tests:

* While a reference is being deleted, other processes might see the
old, packed value of the reference for a moment before the packed
version is deleted. Normally this would be hard to observe, but we
can prolong the window by locking the `packed-refs` file externally
before running `update-ref`, then unlocking it before `update-ref`'s
attempt to acquire the lock times out.

* If the `packed-refs` file is locked so long that `update-ref` fails
to lock it, then the reference can be left permanently in the
incorrect state described in the previous point.

In a moment, both problems will be fixed.

Signed-off-by: Michael Haggerty <mhagger@alum.mit.edu>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

files_initial_transaction_commit(): use a transaction... Michael Haggerty Fri, 8 Sep 2017 13:51:49 +0000 (15:51 +0200)

files_initial_transaction_commit(): use a transaction for packed refs

Use a `packed_ref_store` transaction in the implementation of
`files_initial_transaction_commit()` rather than using internal
features of the packed ref store. This further decouples
`files_ref_store` from `packed_ref_store`.

Signed-off-by: Michael Haggerty <mhagger@alum.mit.edu>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

prune_refs(): also free the linked listMichael Haggerty Fri, 8 Sep 2017 13:51:48 +0000 (15:51 +0200)

prune_refs(): also free the linked list

At least since v1.7, the elements of the `refs_to_prune` linked list
have been leaked. Fix the leak by teaching `prune_refs()` to free the
list elements as it processes them.

Signed-off-by: Michael Haggerty <mhagger@alum.mit.edu>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

files_pack_refs(): use a reference transaction to write... Michael Haggerty Fri, 8 Sep 2017 13:51:47 +0000 (15:51 +0200)

files_pack_refs(): use a reference transaction to write packed refs

Now that the packed reference store supports transactions, we can use
a transaction to write the packed versions of references that we want
to pack. This decreases the coupling between `files_ref_store` and
`packed_ref_store`.

Signed-off-by: Michael Haggerty <mhagger@alum.mit.edu>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

packed_delete_refs(): implement methodMichael Haggerty Fri, 8 Sep 2017 13:51:46 +0000 (15:51 +0200)

packed_delete_refs(): implement method

Implement `packed_delete_refs()` using a reference transaction. This
means that `files_delete_refs()` can use `refs_delete_refs()` instead
of `repack_without_refs()` to delete any packed references, decreasing
the coupling between the classes.

Signed-off-by: Michael Haggerty <mhagger@alum.mit.edu>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

packed_ref_store: implement reference transactionsMichael Haggerty Fri, 8 Sep 2017 13:51:45 +0000 (15:51 +0200)

packed_ref_store: implement reference transactions

Implement the methods needed to support reference transactions for
the packed-refs backend. The new methods are not yet used.

Signed-off-by: Michael Haggerty <mhagger@alum.mit.edu>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

struct ref_transaction: add a place for backends to... Michael Haggerty Fri, 8 Sep 2017 13:51:44 +0000 (15:51 +0200)

struct ref_transaction: add a place for backends to store data

`packed_ref_store` is going to want to store some transaction-wide
data, so make a place for it.

Signed-off-by: Michael Haggerty <mhagger@alum.mit.edu>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

packed-backend: don't adjust the reference count on... Michael Haggerty Fri, 8 Sep 2017 13:51:43 +0000 (15:51 +0200)

packed-backend: don't adjust the reference count on lock/unlock

The old code incremented the packed ref cache reference count when
acquiring the packed-refs lock, and decremented the count when
releasing the lock. This is unnecessary because:

* Another process cannot change the packed-refs file because it is
locked.

* When we ourselves change the packed-refs file, we do so by first
modifying the packed ref-cache, and then writing the data from the
ref-cache to disk. So the packed ref-cache remains fresh because any
changes that we plan to make to the file are made in the cache first
anyway.

So there is no reason for the cache to become stale.

Moreover, the extra reference count causes a problem if we
intentionally clear the packed refs cache, as we sometimes need to do
if we change the cache in anticipation of writing a change to disk,
but then the write to disk fails. In that case, `packed_refs_unlock()`
would have no easy way to find the cache whose reference count it
needs to decrement.

This whole issue will soon become moot due to upcoming changes that
avoid changing the in-memory cache as part of updating the packed-refs
on disk, but this change makes that transition easier.

Signed-off-by: Michael Haggerty <mhagger@alum.mit.edu>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

load_subtree(): check that `prefix_len` is in the expec... Michael Haggerty Fri, 8 Sep 2017 16:10:10 +0000 (18:10 +0200)

load_subtree(): check that `prefix_len` is in the expected range

This value, which is stashed in the last byte of an object_id hash,
gets handed around a lot. So add a sanity check before using it in
`load_subtree()`.

Signed-off-by: Michael Haggerty <mhagger@alum.mit.edu>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

shortlog: skip format/parse roundtrip for internal... Jeff King Fri, 8 Sep 2017 09:21:27 +0000 (05:21 -0400)

shortlog: skip format/parse roundtrip for internal traversal

The original git-shortlog command parsed the output of
git-log, and the logic went something like this:

1. Read stdin looking for "author" lines.

2. Parse the identity into its name/email bits.

3. Apply mailmap to the name/email.

4. Reformat the identity into a single buffer that is our
"key" for grouping entries (either a name by default,
or "name <email>" if --email was given).

The first part happens in read_from_stdin(), and the other
three steps are part of insert_one_record().

When we do an internal traversal, we just swap out the stdin
read in step 1 for reading the commit objects ourselves.
Prior to 2db6b83d18 (shortlog: replace hand-parsing of
author with pretty-printer, 2016-01-18), that made sense; we
still had to parse the ident in the commit message.

But after that commit, we use pretty.c's "%an <%ae>" to get
the author ident (for simplicity). Which means that the
pretty printer is doing a parse/format under the hood, and
then we parse the result, apply the mailmap, and format the
result again.

Instead, we can just ask pretty.c to do all of those steps
for us (including the mailmap via "%aN <%aE>", and not
formatting the address when --email is missing).

And then we can push steps 2-4 into read_from_stdin(). This
speeds up "git shortlog -ns" on linux.git by about 3%, and
eliminates a leak in insert_one_record() of the namemailbuf
strbuf.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

add UNLEAK annotation for reducing leak false positivesJeff King Fri, 8 Sep 2017 06:38:41 +0000 (02:38 -0400)

add UNLEAK annotation for reducing leak false positives

It's a common pattern in git commands to allocate some
memory that should last for the lifetime of the program and
then not bother to free it, relying on the OS to throw it
away.

This keeps the code simple, and it's fast (we don't waste
time traversing structures or calling free at the end of the
program). But it also triggers warnings from memory-leak
checkers like valgrind or LSAN. They know that the memory
was still allocated at program exit, but they don't know
_when_ the leaked memory stopped being useful. If it was
early in the program, then it's probably a real and
important leak. But if it was used right up until program
exit, it's not an interesting leak and we'd like to suppress
it so that we can see the real leaks.

This patch introduces an UNLEAK() macro that lets us do so.
To understand its design, let's first look at some of the
alternatives.

Unfortunately the suppression systems offered by
leak-checking tools don't quite do what we want. A
leak-checker basically knows two things:

1. Which blocks were allocated via malloc, and the
callstack during the allocation.

2. Which blocks were left un-freed at the end of the
program (and which are unreachable, but more on that
later).

Their suppressions work by mentioning the function or
callstack of a particular allocation, and marking it as OK
to leak. So imagine you have code like this:

int cmd_foo(...)
{
/* this allocates some memory */
char *p = some_function();
printf("%s", p);
return 0;
}

You can say "ignore allocations from some_function(),
they're not leaks". But that's not right. That function may
be called elsewhere, too, and we would potentially want to
know about those leaks.

So you can say "ignore the callstack when main calls
some_function". That works, but your annotations are
brittle. In this case it's only two functions, but you can
imagine that the actual allocation is much deeper. If any of
the intermediate code changes, you have to update the
suppression.

What we _really_ want to say is that "the value assigned to
p at the end of the function is not a real leak". But
leak-checkers can't understand that; they don't know about
"p" in the first place.

However, we can do something a little bit tricky if we make
some assumptions about how leak-checkers work. They
generally don't just report all un-freed blocks. That would
report even globals which are still accessible when the
leak-check is run. Instead they take some set of memory
(like BSS) as a root and mark it as "reachable". Then they
scan the reachable blocks for anything that looks like a
pointer to a malloc'd block, and consider that block
reachable. And then they scan those blocks, and so on,
transitively marking anything reachable from a global as
"not leaked" (or at least leaked in a different category).

So we can mark the value of "p" as reachable by putting it
into a variable with program lifetime. One way to do that is
to just mark "p" as static. But that actually affects the
run-time behavior if the function is called twice (you
aren't likely to call main() twice, but some of our cmd_*()
functions are called from other commands).

Instead, we can trick the leak-checker by putting the value
into _any_ reachable bytes. This patch keeps a global
linked-list of bytes copied from "unleaked" variables. That
list is reachable even at program exit, which confers
recursive reachability on whatever values we unleak.

In other words, you can do:

int cmd_foo(...)
{
char *p = some_function();
printf("%s", p);
UNLEAK(p);
return 0;
}

to annotate "p" and suppress the leak report.

But wait, couldn't we just say "free(p)"? In this toy
example, yes. But UNLEAK()'s byte-copying strategy has
several advantages over actually freeing the memory:

1. It's recursive across structures. In many cases our "p"
is not just a pointer, but a complex struct whose
fields may have been allocated by a sub-function. And
in some cases (e.g., dir_struct) we don't even have a
function which knows how to free all of the struct
members.

By marking the struct itself as reachable, that confers
reachability on any pointers it contains (including those
found in embedded structs, or reachable by walking
heap blocks recursively.

2. It works on cases where we're not sure if the value is
allocated or not. For example:

char *p = argc > 1 ? argv[1] : some_function();

It's safe to use UNLEAK(p) here, because it's not
freeing any memory. In the case that we're pointing to
argv here, the reachability checker will just ignore
our bytes.

3. Likewise, it works even if the variable has _already_
been freed. We're just copying the pointer bytes. If
the block has been freed, the leak-checker will skip
over those bytes as uninteresting.

4. Because it's not actually freeing memory, you can
UNLEAK() before we are finished accessing the variable.
This is helpful in cases like this:

char *p = some_function();
return another_function(p);

Writing this with free() requires:

int ret;
char *p = some_function();
ret = another_function(p);
free(p);
return ret;

But with unleak we can just write:

char *p = some_function();
UNLEAK(p);
return another_function(p);

This patch adds the UNLEAK() macro and enables it
automatically when Git is compiled with SANITIZE=leak. In
normal builds it's a noop, so we pay no runtime cost.

It also adds some UNLEAK() annotations to show off how the
feature works. On top of other recent leak fixes, these are
enough to get t0000 and t0001 to pass when compiled with
LSAN.

Note the case in commit.c which actually converts a
strbuf_release() into an UNLEAK. This code was already
non-leaky, but the free didn't do anything useful, since
we're exiting. Converting it to an annotation means that
non-leak-checking builds pay no runtime cost. The cost is
minimal enough that it's probably not worth going on a
crusade to convert these kinds of frees to UNLEAKS. I did it
here for consistency with the "sb" leak (though it would
have been equally correct to go the other way, and turn them
both into strbuf_release() calls).

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

t6120: test describe and name-rev with deep reposMichael J Gruber Thu, 7 Sep 2017 14:02:23 +0000 (16:02 +0200)

t6120: test describe and name-rev with deep repos

Depending on the implementation of walks, limitted stack size may lead
to problems (for recursion).

Test name-rev and describe with deep repos and limitted stack size and
mark the former with known failure.

We add these tests (which add gazillions of commits) last so as to keep
the runtime of other subtests the same.

Signed-off-by: Michael J Gruber <git@grubix.eu>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

t6120: clean up state after breaking repoMichael J Gruber Thu, 7 Sep 2017 14:02:22 +0000 (16:02 +0200)

t6120: clean up state after breaking repo

t6120 breaks the repo state intentionally in the last tests.

Clean up the breakage afterwards (and before adding more tests).

Signed-off-by: Michael J Gruber <git@grubix.eu>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

t6120: test name-rev --all and --stdinMichael J Gruber Thu, 7 Sep 2017 14:02:21 +0000 (16:02 +0200)

t6120: test name-rev --all and --stdin

name-rev is used in a few tests, but tested only in t6120 along with
describe so far.

Add tests for name-rev with --all and --stdin.

Signed-off-by: Michael J Gruber <git@grubix.eu>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

t7004: move limited stack prereq to test-libMichael J Gruber Thu, 7 Sep 2017 14:02:20 +0000 (16:02 +0200)

t7004: move limited stack prereq to test-lib

The lazy prerequisite ULIMIT_STACK_SIZE is used only in t7004 so far.

Move it to test-lib.sh so that it can be used in other tests (which it will
be in a follow-up commit).

Signed-off-by: Michael J Gruber <git@grubix.eu>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

merge-recursive: change current file dir string_lists... Kevin Willford Thu, 7 Sep 2017 16:25:56 +0000 (10:25 -0600)

merge-recursive: change current file dir string_lists to hashmap

The code was using two string_lists, one for the directories and
one for the files. The code never checks the lists independently
so we should be able to only use one list. The string_list also
is a O(log n) for lookup and insertion. Switching this to use a
hashmap will give O(1) which will save some time when there are
millions of paths that will be checked.

Signed-off-by: Kevin Willford <kewillf@microsoft.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

builtin/merge: honor commit-msg hook for mergesStefan Beller Thu, 7 Sep 2017 22:04:29 +0000 (15:04 -0700)

builtin/merge: honor commit-msg hook for merges

Similar to 65969d43d1 (merge: honor prepare-commit-msg hook, 2011-02-14)
merge should also honor the commit-msg hook: When a merge is stopped due
to conflicts or --no-commit, the subsequent commit calls the commit-msg
hook. However, it is not called after a clean merge. Fix this
inconsistency by invoking the hook after clean merges as well.

This change is motivated by Gerrit's commit-msg hook to install a ChangeId
trailer into the commit message. Without such a ChangeId, Gerrit refuses
to accept any commit by default, such that the inconsistency of (not)
running the commit-msg hook between commit and merge leads to confusion
and might block people from getting their work done.

As the githooks man page is very vocal about the possibility of skipping
the commit-msg hook via the --no-verify option, implement the option
in merge, too.

'git merge --continue' is currently implemented as calling cmd_commit
with no further arguments. This works for most other merge related options,
such as demonstrated via the --allow-unrelated-histories flag in the
test. The --no-verify option however is not remembered across invocations
of git-merge. Originally the author assumed an alternative in which the
'git merge --continue' command accepts the --no-verify flag, but that
opens up the discussion which flags are allows to the continued merge
command and which must be given in the first invocation.

Signed-off-by: Stefan Beller <sbeller@google.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

read-cache: fix index corruption with index v4Thomas Gummerer Thu, 7 Sep 2017 19:24:12 +0000 (20:24 +0100)

read-cache: fix index corruption with index v4

ce012deb98 ("read-cache: avoid allocating every ondisk entry when
writing", 2017-08-21) changed the way cache entries are written to the
index file. While previously it wrote the name to an struct that was
allocated using xcalloc(), it now uses ce_write() directly. Previously
ce_namelen - common bytes were written to the cache entry, which would
automatically make it nul terminated, as it was allocated using calloc.

Now we are writing ce_namelen - common + 1 bytes directly from the
ce->name to the index. If CE_STRIP_NAME however gets set in the split
index case ce->ce_namelen is set to 0 without changing the actual
ce->name buffer. When index-v4, this results in the first character of
ce->name being written out instead of just a terminating nul charcter.

As index-v4 requires the terminating nul character as terminator of
the name when reading it back, this results in a corrupted index.

Fix that by only writing ce_namelen - common bytes directly from
ce->name to the index, and adding the nul terminator in an extra call to
ce_write.

This bug was turned up by setting TEST_GIT_INDEX_VERSION = 4 in
config.mak and running the test suite (t1700 specifically broke).

Signed-off-by: Thomas Gummerer <t.gummerer@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

pull: honor submodule.recurse config optionNicolas Morey-Chaisemartin Wed, 6 Sep 2017 06:48:09 +0000 (08:48 +0200)

pull: honor submodule.recurse config option

"git pull" supports a --recurse-submodules option but does not parse the
submodule.recurse configuration item to set the default for that option.
Meanwhile "git fetch" does support submodule.recurse, producing
confusing behavior: when submodule.recurse is enabled, "git pull"
recursively fetches submodules but does not update them after fetch.

Handle submodule.recurse in "git pull" to fix this.

Reported-by: Magnus Homann <magnus@homann.se>
Signed-off-by: Nicolas Morey-Chaisemartin <nicolas@morey-chaisemartin.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

pull: fix cli and config option parsing orderNicolas Morey-Chaisemartin Wed, 6 Sep 2017 06:48:06 +0000 (08:48 +0200)

pull: fix cli and config option parsing order

pull parses first the cli options and then the config option.
The expected behavior is the other way around, so that config
options can not override the cli ones.

This patch changes the parsing order so config options are
parsed first.

Signed-off-by: Nicolas Morey-Chaisemartin <nicolas@morey-chaisemartin.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

config: remove git_config_maybe_boolMartin Ågren Tue, 5 Sep 2017 18:39:59 +0000 (20:39 +0200)

config: remove git_config_maybe_bool

The function was deprecated in commit 89576613 ("treewide: deprecate
git_config_maybe_bool, use git_parse_maybe_bool", 2017-08-07) and has no
users.

Signed-off-by: Martin Ågren <martin.agren@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

hashmap: add API to disable item counting when threadedJeff Hostetler Wed, 6 Sep 2017 15:43:48 +0000 (15:43 +0000)

hashmap: add API to disable item counting when threaded

This is to address concerns raised by ThreadSanitizer on the mailing list
about threaded unprotected R/W access to map.size with my previous "disallow
rehash" change (0607e10009ee4e37cb49b4cec8d28a9dda1656a4).

See:
https://public-inbox.org/git/adb37b70139fd1e2bac18bfd22c8b96683ae18eb.1502780344.git.martin.agren@gmail.com/

Add API to hashmap to disable item counting and thus automatic rehashing.
Also include API to later re-enable them.

When item counting is disabled, the map.size field is invalid. So to
prevent accidents, the field has been renamed and an accessor function
hashmap_get_size() has been added. All direct references to this
field have been been updated. And the name of the field changed
to map.private_size to communicate this.

Here is the relevant output from ThreadSanitizer showing the problem:

WARNING: ThreadSanitizer: data race (pid=10554)
Read of size 4 at 0x00000082d488 by thread T2 (mutexes: write M16):
#0 hashmap_add hashmap.c:209
#1 hash_dir_entry_with_parent_and_prefix name-hash.c:302
#2 handle_range_dir name-hash.c:347
#3 handle_range_1 name-hash.c:415
#4 lazy_dir_thread_proc name-hash.c:471
#5 <null> <null>

Previous write of size 4 at 0x00000082d488 by thread T1 (mutexes: write M31):
#0 hashmap_add hashmap.c:209
#1 hash_dir_entry_with_parent_and_prefix name-hash.c:302
#2 handle_range_dir name-hash.c:347
#3 handle_range_1 name-hash.c:415
#4 handle_range_dir name-hash.c:380
#5 handle_range_1 name-hash.c:415
#6 lazy_dir_thread_proc name-hash.c:471
#7 <null> <null>

Martin gives instructions for running TSan on test t3008 in this post:
https://public-inbox.org/git/CAN0heSoJDL9pWELD6ciLTmWf-a=oyxe4EXXOmCKvsG5MSuzxsA@mail.gmail.com/

Signed-off-by: Jeff Hostetler <jeffhost@microsoft.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

git_extract_argv0_path: do nothing without RUNTIME_PREFIXJeff King Wed, 6 Sep 2017 12:32:10 +0000 (08:32 -0400)

git_extract_argv0_path: do nothing without RUNTIME_PREFIX

When the RUNTIME_PREFIX compile-time knob isn't set, we
never look at the argv0_path we extract. We can push its
declaration inside the #ifdef to make it more clear that the
extract code is effectively a noop.

This also un-confuses leak-checking of the argv0_path
variable when RUNTIME_PREFIX isn't set. The compiler is free
to drop this static variable that we set but never look at
(and "gcc -O2" does so). But the compiler still must call
strbuf_detach(), since it doesn't know whether that function
has side effects; it just throws away the result rather than
putting it into the global.

Leak-checkers which work by scanning the data segment for
pointers to heap blocks would normally consider the block
as reachable at program end. But if the compiler removes the
variable entirely, there's nothing to find.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

system_path: move RUNTIME_PREFIX to a sub-functionJeff King Wed, 6 Sep 2017 12:30:28 +0000 (08:30 -0400)

system_path: move RUNTIME_PREFIX to a sub-function

The system_path() function has an #ifdef in the middle of
it. Let's move the conditional logic into a sub-function.
This isolates it more, which will make it easier to change
and add to.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

Add t/helper/test-write-cache to .gitignoreJonathan Tan Mon, 28 Aug 2017 20:06:18 +0000 (13:06 -0700)

Add t/helper/test-write-cache to .gitignore

This new binary was introduced in commit 3921a0b ("perf: add test for
writing the index", 2017-08-21), but a .gitignore entry was not added
for it. Add that entry.

Signed-off-by: Jonathan Tan <jonathantanmy@google.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

Documentation: mention that `eol` can change the dirty... Ben Boeckel Thu, 31 Aug 2017 13:19:36 +0000 (09:19 -0400)

Documentation: mention that `eol` can change the dirty status of paths

When setting the `eol` attribute, paths can change their dirty status
without any change in the working directory. This can cause confusion
and should at least be mentioned with a remedy.

Signed-off-by: Ben Boeckel <mathstuf@gmail.com>
Reviewed-by: Torsten Bögershausen <tboegi@web.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

wt-status: release strbuf after use in read_rebase_todo... Rene Scharfe Wed, 30 Aug 2017 18:20:17 +0000 (20:20 +0200)

wt-status: release strbuf after use in read_rebase_todolist()

Signed-off-by: Rene Scharfe <l.s.r@web.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

vcs-svn: release strbuf after use in end_revision()Rene Scharfe Wed, 30 Aug 2017 18:20:17 +0000 (20:20 +0200)

vcs-svn: release strbuf after use in end_revision()

Signed-off-by: Rene Scharfe <l.s.r@web.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

utf8: release strbuf on error return in strbuf_utf8_rep... Rene Scharfe Wed, 30 Aug 2017 18:20:16 +0000 (20:20 +0200)

utf8: release strbuf on error return in strbuf_utf8_replace()

Signed-off-by: Rene Scharfe <l.s.r@web.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

userdiff: release strbuf after use in userdiff_get_text... Rene Scharfe Wed, 30 Aug 2017 18:20:15 +0000 (20:20 +0200)

userdiff: release strbuf after use in userdiff_get_textconv()

Signed-off-by: Rene Scharfe <l.s.r@web.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

transport-helper: release strbuf after use in process_c... Rene Scharfe Wed, 30 Aug 2017 18:20:15 +0000 (20:20 +0200)

transport-helper: release strbuf after use in process_connect_service()

Signed-off-by: Rene Scharfe <l.s.r@web.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

sequencer: release strbuf after use in save_head()Rene Scharfe Wed, 30 Aug 2017 18:20:14 +0000 (20:20 +0200)

sequencer: release strbuf after use in save_head()

Signed-off-by: Rene Scharfe <l.s.r@web.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

shortlog: release strbuf after use in insert_one_record()Rene Scharfe Wed, 30 Aug 2017 18:00:30 +0000 (20:00 +0200)

shortlog: release strbuf after use in insert_one_record()

Signed-off-by: Rene Scharfe <l.s.r@web.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

sha1_file: release strbuf on error return in index_path()Rene Scharfe Wed, 30 Aug 2017 18:00:29 +0000 (20:00 +0200)

sha1_file: release strbuf on error return in index_path()

strbuf_readlink() already frees the buffer for us on error. Clean up
if write_sha1_file() fails as well instead of returning early.

Signed-off-by: Rene Scharfe <l.s.r@web.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

send-pack: release strbuf on error return in send_pack()Rene Scharfe Wed, 30 Aug 2017 18:00:28 +0000 (20:00 +0200)

send-pack: release strbuf on error return in send_pack()

Signed-off-by: Rene Scharfe <l.s.r@web.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

remote: release strbuf after use in set_url()Rene Scharfe Wed, 30 Aug 2017 18:00:27 +0000 (20:00 +0200)

remote: release strbuf after use in set_url()

Signed-off-by: Rene Scharfe <l.s.r@web.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

remote: release strbuf after use in migrate_file()Rene Scharfe Wed, 30 Aug 2017 18:00:26 +0000 (20:00 +0200)

remote: release strbuf after use in migrate_file()

Signed-off-by: Rene Scharfe <l.s.r@web.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

remote: release strbuf after use in read_remote_branches()Rene Scharfe Wed, 30 Aug 2017 18:00:25 +0000 (20:00 +0200)

remote: release strbuf after use in read_remote_branches()

Signed-off-by: Rene Scharfe <l.s.r@web.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

refs: release strbuf on error return in write_pseudoref()Rene Scharfe Wed, 30 Aug 2017 17:58:12 +0000 (19:58 +0200)

refs: release strbuf on error return in write_pseudoref()

Signed-off-by: Rene Scharfe <l.s.r@web.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

notes: release strbuf after use in notes_copy_from_stdin()Rene Scharfe Wed, 30 Aug 2017 17:57:30 +0000 (19:57 +0200)

notes: release strbuf after use in notes_copy_from_stdin()

Signed-off-by: Rene Scharfe <l.s.r@web.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

merge: release strbuf after use in write_merge_heads()Rene Scharfe Wed, 30 Aug 2017 17:49:50 +0000 (19:49 +0200)

merge: release strbuf after use in write_merge_heads()

Signed-off-by: Rene Scharfe <l.s.r@web.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

merge: release strbuf after use in save_state()Rene Scharfe Wed, 30 Aug 2017 17:49:49 +0000 (19:49 +0200)

merge: release strbuf after use in save_state()

Signed-off-by: Rene Scharfe <l.s.r@web.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

mailinfo: release strbuf on error return in handle_boun... Rene Scharfe Wed, 30 Aug 2017 17:49:48 +0000 (19:49 +0200)

mailinfo: release strbuf on error return in handle_boundary()

Signed-off-by: Rene Scharfe <l.s.r@web.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

mailinfo: release strbuf after use in handle_from()Rene Scharfe Wed, 30 Aug 2017 17:49:47 +0000 (19:49 +0200)

mailinfo: release strbuf after use in handle_from()

Clean up at the end and jump there instead of returning early.

Signed-off-by: Rene Scharfe <l.s.r@web.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

help: release strbuf on error return in exec_woman_emacs()Rene Scharfe Wed, 30 Aug 2017 17:49:46 +0000 (19:49 +0200)

help: release strbuf on error return in exec_woman_emacs()

Signed-off-by: Rene Scharfe <l.s.r@web.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

help: release strbuf on error return in exec_man_man()Rene Scharfe Wed, 30 Aug 2017 17:49:45 +0000 (19:49 +0200)

help: release strbuf on error return in exec_man_man()

Signed-off-by: Rene Scharfe <l.s.r@web.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

help: release strbuf on error return in exec_man_konque... Rene Scharfe Wed, 30 Aug 2017 17:49:44 +0000 (19:49 +0200)

help: release strbuf on error return in exec_man_konqueror()

Signed-off-by: Rene Scharfe <l.s.r@web.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

diff: release strbuf after use in show_stats()Rene Scharfe Wed, 30 Aug 2017 17:49:43 +0000 (19:49 +0200)

diff: release strbuf after use in show_stats()

Signed-off-by: Rene Scharfe <l.s.r@web.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

diff: release strbuf after use in show_rename_copy()Rene Scharfe Wed, 30 Aug 2017 17:49:42 +0000 (19:49 +0200)

diff: release strbuf after use in show_rename_copy()

Signed-off-by: Rene Scharfe <l.s.r@web.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

diff: release strbuf after use in diff_summary()Rene Scharfe Wed, 30 Aug 2017 17:49:41 +0000 (19:49 +0200)

diff: release strbuf after use in diff_summary()

Signed-off-by: Rene Scharfe <l.s.r@web.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

convert: release strbuf on error return in filter_buffe... Rene Scharfe Wed, 30 Aug 2017 17:49:40 +0000 (19:49 +0200)

convert: release strbuf on error return in filter_buffer_or_fd()

Signed-off-by: Rene Scharfe <l.s.r@web.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

connect: release strbuf on error return in git_connect()Rene Scharfe Wed, 30 Aug 2017 17:49:39 +0000 (19:49 +0200)

connect: release strbuf on error return in git_connect()

Reduce the scope of the variable cmd and release it before returning
early.

Signed-off-by: Rene Scharfe <l.s.r@web.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

commit: release strbuf on error return in commit_tree_e... Rene Scharfe Wed, 30 Aug 2017 17:49:38 +0000 (19:49 +0200)

commit: release strbuf on error return in commit_tree_extended()

Signed-off-by: Rene Scharfe <l.s.r@web.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

clone: release strbuf after use in remove_junk()Rene Scharfe Wed, 30 Aug 2017 17:49:37 +0000 (19:49 +0200)

clone: release strbuf after use in remove_junk()

Signed-off-by: Rene Scharfe <l.s.r@web.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

clean: release strbuf after use in remove_dirs()Rene Scharfe Wed, 30 Aug 2017 17:49:36 +0000 (19:49 +0200)

clean: release strbuf after use in remove_dirs()

Signed-off-by: Rene Scharfe <l.s.r@web.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

check-ref-format: release strbuf after use in check_ref... Rene Scharfe Wed, 30 Aug 2017 17:49:35 +0000 (19:49 +0200)

check-ref-format: release strbuf after use in check_ref_format_branch()

Signed-off-by: Rene Scharfe <l.s.r@web.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

am: release strbuf after use in safe_to_abort()Rene Scharfe Wed, 30 Aug 2017 17:49:34 +0000 (19:49 +0200)

am: release strbuf after use in safe_to_abort()

Signed-off-by: Rene Scharfe <l.s.r@web.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

am: release strbuf on error return in hg_patch_to_mail()Rene Scharfe Wed, 30 Aug 2017 17:49:33 +0000 (19:49 +0200)

am: release strbuf on error return in hg_patch_to_mail()

Signed-off-by: Rene Scharfe <l.s.r@web.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

am: release strbufs after use in detect_patch_format()Rene Scharfe Wed, 30 Aug 2017 17:49:32 +0000 (19:49 +0200)

am: release strbufs after use in detect_patch_format()

Don't reset the strbufs l2 and l3 before use as if they were static, but
release them at the end instead.

Signed-off-by: Rene Scharfe <l.s.r@web.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

rev-parse: don't trim bisect refnamesJeff King Wed, 6 Sep 2017 11:53:10 +0000 (07:53 -0400)

rev-parse: don't trim bisect refnames

Using for_each_ref_in() with a full refname has always been
a questionable practice, but it became an error with
b9c8e7f2fb (prefix_ref_iterator: don't trim too much,
2017-05-22), making "git rev-parse --bisect" pretty reliably
show a BUG.

Commit 03df567fbf (for_each_bisect_ref(): don't trim
refnames, 2017-06-18) fixed this case for revision.c, but
rev-parse handles this option on its own. We can use the
same solution here (and piggy-back on its test).

Signed-off-by: Jeff King <peff@peff.net>
Acked-by: Michael Haggerty <mhagger@alum.mit.edu>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

set_git_dir: handle feeding gitdir to itselfJeff King Tue, 5 Sep 2017 13:05:01 +0000 (09:05 -0400)

set_git_dir: handle feeding gitdir to itself

Ideally we'd free the existing gitdir field before assigning
the new one, to avoid a memory leak. But we can't do so
safely because some callers do the equivalent of:

set_git_dir(get_git_dir());

We can detect that case as a noop, but there are even more
complicated cases like:

set_git_dir(remove_leading_path(worktree, get_git_dir());

where we really do need to do some work, but the original
string must remain valid.

Rather than put the burden on callers to make a copy of the
string (only to free it later, since we'll make a copy of it
ourselves), let's solve the problem inside set_git_dir(). We
can make a copy of the pointer for the old gitdir, and then
avoid freeing it until after we've made our new copy.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

repository: free fields before overwriting themJeff King Tue, 5 Sep 2017 13:04:57 +0000 (09:04 -0400)

repository: free fields before overwriting them

It's possible that the repository data may be initialized
twice (e.g., after doing a chdir() to the top of the
worktree we may have to adjust a relative git_dir path). We
should free() any existing fields before assigning to them
to avoid leaks.

This should be safe, as the fields are set based on the
environment or on other strings like the gitdir or
commondir. That makes it impossible that we are feeding an
alias to the just-freed string.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

reset: free allocated tree buffersJeff King Tue, 5 Sep 2017 13:04:51 +0000 (09:04 -0400)

reset: free allocated tree buffers

We read the tree objects with fill_tree_descriptor(), but
never actually free the resulting buffers, causing a memory
leak. This isn't a huge deal because we call this code at
most twice per program invocation. But it does potentially
double our heap usage if you have large root trees. Let's
free the trees before returning.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

reset: make tree counting less confusingJeff King Tue, 5 Sep 2017 13:04:28 +0000 (09:04 -0400)

reset: make tree counting less confusing

Depending on whether we're in --keep mode, git-reset may
feed one or two trees to unpack_trees(). We start a counter
at "1" and then increment it to "2" only for the two-tree
case. But that means we must always subtract one to find the
correct array slot to fill with each descriptor.

Instead, let's start at "0" and just increment our counter
after adding each tree. This skips the extra subtraction,
and will make things much easier when we start to actually
free our tree buffers.

While we're at it, let's make the first allocation use the
slot at "desc + nr", too, even though we know "nr" is 0 at
that point. It makes the two fill_tree_descriptor() calls
consistent (always "desc + nr", followed by always
incrementing "nr").

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

config: plug user_config leakJeff King Tue, 5 Sep 2017 13:04:20 +0000 (09:04 -0400)

config: plug user_config leak

We generate filenames for the user_config ("~/.gitconfig")
and the xdg config ("$XDG_CONFIG_HOME/git/config") and then
decide which to use by looking at the filesystem. But after
selecting one, the unused string is just leaked.

This is a tiny leak, but it creates noise in leak-checker
output.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

update-index: fix cache entry leak in add_one_file()Jeff King Tue, 5 Sep 2017 13:04:14 +0000 (09:04 -0400)

update-index: fix cache entry leak in add_one_file()

When we fail to add the cache entry to the index, we end up
just leaking the struct. We should follow the pattern of the
early-return above and free it.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

add: free leaked pathspec after add_files_to_cache()Jeff King Tue, 5 Sep 2017 13:04:10 +0000 (09:04 -0400)

add: free leaked pathspec after add_files_to_cache()

After run_diff_files, we throw away the rev_info struct,
including the pathspec that we copied into it, leaking the
memory. this is probably not a big deal in practice. We
usually only run this once per process, and the leak is
proportional to the pathspec list we're already holding in
memory.

But it's still a leak, and it pollutes leak-checker output,
making it harder to find important leaks.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

test-lib: set LSAN_OPTIONS to abort by defaultJeff King Tue, 5 Sep 2017 13:04:04 +0000 (09:04 -0400)

test-lib: set LSAN_OPTIONS to abort by default

We already set ASAN_OPTIONS to abort if it finds any errors.
As we start to experiment with LSAN, the leak sanitizer,
it's convenient if we give it the same treatment.

Note that ASAN is actually a superset of LSAN and can do the
leak detection itself. So this only has an effect if you
specifically build with "make SANITIZE=leak" (leak detection
but not the rest of ASAN). Building with just LSAN results
in a build that runs much faster. That makes the
build-test-fix cycle more pleasant.

In the long run, once we've fixed or suppressed all the
leaks, it will probably be worth turning leak-detection on
for ASAN and just using that (to check both leaks _and_
memory errors in a single test run). But there's still a lot
of work before we get there.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

test-lib: --valgrind should not override --verbose-logJeff King Tue, 5 Sep 2017 13:03:54 +0000 (09:03 -0400)

test-lib: --valgrind should not override --verbose-log

The --verbose test option cannot be used with test harnesses
like "prove". Instead, you must use --verbose-log.

Since the --valgrind option implies --verbose, that means
that it cannot be used with prove. I.e., this does not work:

prove t0000-basic.sh :: --valgrind

You'd think it could be fixed by doing:

prove t0000-basic.sh :: --valgrind --verbose-log

but that doesn't work either, because the implied --verbose
takes precedence over --verbose-log. If the user has given
us a specific option, we should prefer that.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>