git/commit.c, branch v2.7.4

use st_add and st_mult for allocation size computation

2016-02-22T22:51:09Z

If our size computation overflows size_t, we may allocate a much smaller buffer than we expected and overflow it. It's probably impossible to trigger an overflow in most of these sites in practice, but it is easy enough convert their additions and multiplications into overflow-checking variants. This may be fixing real bugs, and it makes auditing the code easier. Signed-off-by: Jeff King Signed-off-by: Junio C Hamano

convert trivial cases to ALLOC_ARRAY

2016-02-22T22:51:09Z

Each of these cases can be converted to use ALLOC_ARRAY or REALLOC_ARRAY, which has two advantages: 1. It automatically checks the array-size multiplication for overflow. 2. It always uses sizeof(*array) for the element-size, so that it can never go out of sync with the declared type of the array. Signed-off-by: Jeff King Signed-off-by: Junio C Hamano

Remove get_object_hash.

2015-11-20T13:02:05Z

Convert all instances of get_object_hash to use an appropriate reference to the hash member of the oid member of struct object. This provides no functional change, as it is essentially a macro substitution. Signed-off-by: brian m. carlson Signed-off-by: Jeff King

Convert struct object to object_id

2015-11-20T13:02:05Z

struct object is one of the major data structures dealing with object IDs. Convert it to use struct object_id instead of an unsigned char array. Convert get_object_hash to refer to the new member as well. Signed-off-by: brian m. carlson Signed-off-by: Jeff King

Add several uses of get_object_hash.

2015-11-20T13:02:05Z

Convert most instances where the sha1 member of struct object is dereferenced to use get_object_hash. Most instances that are passed to functions that have versions taking struct object_id, such as get_sha1_hex/get_oid_hex, or instances that can be trivially converted to use struct object_id instead, are not converted. Signed-off-by: brian m. carlson Signed-off-by: Jeff King

Merge branch 'rs/pop-commit'

2015-10-30T20:07:03Z

Code simplification. * rs/pop-commit: use pop_commit() for consuming the first entry of a struct commit_list

use pop_commit() for consuming the first entry of a struct commit_list

2015-10-26T21:06:46Z

Instead of open-coding the function pop_commit() just call it. This makes the intent clearer and reduces code size. Signed-off-by: Rene Scharfe Signed-off-by: Junio C Hamano

Merge branch 'jc/commit-slab'

2015-08-03T18:01:21Z

Memory use reduction when commit-slab facility is used to annotate sparsely (which is not recommended in the first place). * jc/commit-slab: commit-slab: introduce slabname##_peek() function

Merge branch 'bc/gpg-verify-raw'

2015-08-03T18:01:12Z

"git verify-tag" and "git verify-commit" have been taught to share more code, and then learned to optionally show the verification message from the underlying GPG implementation. * bc/gpg-verify-raw: verify-tag: add option to print raw gpg status information verify-commit: add option to print raw gpg status information gpg: centralize printing signature buffers gpg: centralize signature check verify-commit: add test for exit status on untrusted signature verify-tag: share code with verify-commit verify-tag: add tests

gpg: centralize signature check

2015-06-22T21:20:46Z

verify-commit and verify-tag both share a central codepath for verifying commits: check_signature. However, verify-tag exited successfully for untrusted signature, while verify-commit exited unsuccessfully. Centralize this signature check and make verify-commit adopt the older verify-tag behavior. This behavior is more logical anyway, as the signature is in fact valid, whether or not there's a path of trust to the author. Signed-off-by: brian m. carlson Signed-off-by: Junio C Hamano