From 0d5466d24436ac87ab69214251b004ecc809c8c1 Mon Sep 17 00:00:00 2001 From: Nguyễn Thái Ngọc Duy Date: Thu, 3 Dec 2015 19:17:55 +0100 Subject: git.c: make it clear save_env() is for alias handling only MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Nguyễn Thái Ngọc Duy Signed-off-by: Junio C Hamano --- git.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'git.c') diff --git a/git.c b/git.c index fe94066aee..99c4327c88 100644 --- a/git.c +++ b/git.c @@ -25,14 +25,14 @@ static const char *env_names[] = { GIT_PREFIX_ENVIRONMENT }; static char *orig_env[4]; -static int saved_environment; +static int saved_env_before_alias; -static void save_env(void) +static void save_env_before_alias(void) { int i; - if (saved_environment) + if (saved_env_before_alias) return; - saved_environment = 1; + saved_env_before_alias = 1; orig_cwd = xgetcwd(); for (i = 0; i < ARRAY_SIZE(env_names); i++) { orig_env[i] = getenv(env_names[i]); @@ -233,6 +233,7 @@ static int handle_alias(int *argcp, const char ***argv) char *alias_string; int unused_nongit; + save_env_before_alias(); subdir = setup_git_directory_gently(&unused_nongit); alias_command = (*argv)[0]; @@ -527,7 +528,7 @@ static void handle_builtin(int argc, const char **argv) builtin = get_builtin(cmd); if (builtin) { - if (saved_environment && (builtin->option & NO_SETUP)) + if (saved_env_before_alias && (builtin->option & NO_SETUP)) restore_env(); else exit(run_builtin(builtin, argc, argv)); @@ -587,7 +588,6 @@ static int run_argv(int *argcp, const char ***argv) */ if (done_alias) break; - save_env(); if (!handle_alias(argcp, argv)) break; done_alias = 1; -- cgit v1.3-5-g9baa From 86d26f240fcb4f287258ad459efc2b5e30e60cfd Mon Sep 17 00:00:00 2001 From: Nguyễn Thái Ngọc Duy Date: Sun, 20 Dec 2015 14:50:18 +0700 Subject: setup.c: re-fix d95138e (setup: set env $GIT_WORK_TREE when .. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Commit d95138e [1] attempted to fix a .git file problem by setting GIT_WORK_TREE whenever GIT_DIR is set. It sounded harmless because we handle GIT_DIR and GIT_WORK_TREE side by side for most commands, with two exceptions: git-init and git-clone. "git clone" is not happy with d95138e. This command ignores GIT_DIR but respects GIT_WORK_TREE [2] [3] which means it used to run fine from a hook, where GIT_DIR was set but GIT_WORK_TREE was not (*). With d95138e, GIT_WORK_TREE is set all the time and git-clone interprets that as "I give you order to put the worktree here", usually against the user's intention. The solution in d95138e is reverted earlier, and instead we reuse the solution from c056261 [4]. It fixed another setup-messed- up-by-alias by saving and restoring env and spawning a new process, but for git-clone and git-init only. Now we conclude that setup-messed-up-by-alias is always evil. So the env restoration is done for _all_ commands, including external ones, whenever aliases are involved. It fixes what d95138e tried to fix, without upsetting git-clone-inside-hooks. The test from d95138e remains to verify it's not broken by this. A new test is added to make sure git-clone-inside-hooks remains happy. (*) GIT_WORK_TREE was not set _most of the time_. In some cases GIT_WORK_TREE is set and git-clone will behave differently. The use of GIT_WORK_TREE to direct git-clone to put work tree elsewhere looks like a mistake because it causes surprises this way. But that's a separate story. [1] d95138e (setup: set env $GIT_WORK_TREE when work tree is set, like $GIT_DIR - 2015-06-26) [2] 2beebd2 (clone: create intermediate directories of destination repo - 2008-06-25) [3] 20ccef4 (make git-clone GIT_WORK_TREE aware - 2007-07-06) [4] c056261 (git potty: restore environments after alias expansion - 2014-06-08) Reported-by: Anthony Sottile Signed-off-by: Nguyễn Thái Ngọc Duy Signed-off-by: Junio C Hamano --- git.c | 23 ++++++++++++----------- t/t0002-gitfile.sh | 2 +- t/t5601-clone.sh | 23 +++++++++++++++++++++++ 3 files changed, 36 insertions(+), 12 deletions(-) (limited to 'git.c') diff --git a/git.c b/git.c index 99c4327c88..77ef23ece0 100644 --- a/git.c +++ b/git.c @@ -226,7 +226,6 @@ static int handle_options(const char ***argv, int *argc, int *envchanged) static int handle_alias(int *argcp, const char ***argv) { int envchanged = 0, ret = 0, saved_errno = errno; - const char *subdir; int count, option_count; const char **new_argv; const char *alias_command; @@ -234,7 +233,7 @@ static int handle_alias(int *argcp, const char ***argv) int unused_nongit; save_env_before_alias(); - subdir = setup_git_directory_gently(&unused_nongit); + setup_git_directory_gently(&unused_nongit); alias_command = (*argv)[0]; alias_string = alias_lookup(alias_command); @@ -292,8 +291,7 @@ static int handle_alias(int *argcp, const char ***argv) ret = 1; } - if (subdir && chdir(subdir)) - die_errno("Cannot change to '%s'", subdir); + restore_env(); errno = saved_errno; @@ -308,7 +306,6 @@ static int handle_alias(int *argcp, const char ***argv) * RUN_SETUP for reading from the configuration file. */ #define NEED_WORK_TREE (1<<3) -#define NO_SETUP (1<<4) struct cmd_struct { const char *cmd; @@ -389,7 +386,7 @@ static struct cmd_struct commands[] = { { "cherry", cmd_cherry, RUN_SETUP }, { "cherry-pick", cmd_cherry_pick, RUN_SETUP | NEED_WORK_TREE }, { "clean", cmd_clean, RUN_SETUP | NEED_WORK_TREE }, - { "clone", cmd_clone, NO_SETUP }, + { "clone", cmd_clone }, { "column", cmd_column, RUN_SETUP_GENTLY }, { "commit", cmd_commit, RUN_SETUP | NEED_WORK_TREE }, { "commit-tree", cmd_commit_tree, RUN_SETUP }, @@ -415,8 +412,8 @@ static struct cmd_struct commands[] = { { "hash-object", cmd_hash_object }, { "help", cmd_help }, { "index-pack", cmd_index_pack, RUN_SETUP_GENTLY }, - { "init", cmd_init_db, NO_SETUP }, - { "init-db", cmd_init_db, NO_SETUP }, + { "init", cmd_init_db }, + { "init-db", cmd_init_db }, { "interpret-trailers", cmd_interpret_trailers, RUN_SETUP }, { "log", cmd_log, RUN_SETUP }, { "ls-files", cmd_ls_files, RUN_SETUP }, @@ -528,9 +525,13 @@ static void handle_builtin(int argc, const char **argv) builtin = get_builtin(cmd); if (builtin) { - if (saved_env_before_alias && (builtin->option & NO_SETUP)) - restore_env(); - else + /* + * XXX: if we can figure out cases where it is _safe_ + * to do, we can avoid spawning a new process when + * saved_env_before_alias is true + * (i.e. setup_git_dir* has been run once) + */ + if (!saved_env_before_alias) exit(run_builtin(builtin, argc, argv)); } } diff --git a/t/t0002-gitfile.sh b/t/t0002-gitfile.sh index 3eb1127d4b..9393322c3e 100755 --- a/t/t0002-gitfile.sh +++ b/t/t0002-gitfile.sh @@ -99,7 +99,7 @@ test_expect_success 'check rev-list' ' test "$SHA" = "$(git rev-list HEAD)" ' -test_expect_failure 'setup_git_dir twice in subdir' ' +test_expect_success 'setup_git_dir twice in subdir' ' git init sgd && ( cd sgd && diff --git a/t/t5601-clone.sh b/t/t5601-clone.sh index bfdaf75966..fce3471d1e 100755 --- a/t/t5601-clone.sh +++ b/t/t5601-clone.sh @@ -65,6 +65,29 @@ test_expect_success 'clone respects GIT_WORK_TREE' ' ' +test_expect_success 'clone from hooks' ' + + test_create_repo r0 && + cd r0 && + test_commit initial && + cd .. && + git init r1 && + cd r1 && + cat >.git/hooks/pre-commit <<-\EOF && + #!/bin/sh + git clone ../r0 ../r2 + exit 1 + EOF + chmod u+x .git/hooks/pre-commit && + : >file && + git add file && + test_must_fail git commit -m invoke-hook && + cd .. && + test_cmp r0/.git/HEAD r2/.git/HEAD && + test_cmp r0/initial.t r2/initial.t + +' + test_expect_success 'clone creates intermediate directories' ' git clone src long/path/to/dst && -- cgit v1.3-5-g9baa From 57ea7123c86771f47f34e7d92d1822d8b429897a Mon Sep 17 00:00:00 2001 From: Nguyễn Thái Ngọc Duy Date: Sun, 20 Dec 2015 14:50:19 +0700 Subject: git.c: make sure we do not leak GIT_* to alias scripts MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The unfortunate commit d95138e (setup: set env $GIT_WORK_TREE when work tree is set, like $GIT_DIR - 2015-06-26) exposes another problem, besides git-clone that's described in the previous commit. If GIT_WORK_TREE (or even GIT_DIR) is exported to an alias script, it may mislead git commands in the script where the repo is. Granted, most scripts work on the repo where the alias is summoned from. But nowhere do we forbid the script to visit another repository. The revert of d95138e in the previous commit is sufficient as a fix. However, to protect us from accidentally leaking GIT_* environment variables again, we restore certain sensitive env before calling the external script. GIT_PREFIX is let through because there's another setup side effect that we simply accepted so far: current working directory is moved. Maybe in future we can introduce a new alias format that guarantees no cwd move, then we can unexport GIT_PREFIX. Reported-by: Gabriel Ganne Signed-off-by: Nguyễn Thái Ngọc Duy Signed-off-by: Junio C Hamano --- git.c | 10 +++++++--- t/t0001-init.sh | 17 +++++++++++++++++ 2 files changed, 24 insertions(+), 3 deletions(-) (limited to 'git.c') diff --git a/git.c b/git.c index 77ef23ece0..98d441220a 100644 --- a/git.c +++ b/git.c @@ -41,13 +41,16 @@ static void save_env_before_alias(void) } } -static void restore_env(void) +static void restore_env(int external_alias) { int i; - if (orig_cwd && chdir(orig_cwd)) + if (!external_alias && orig_cwd && chdir(orig_cwd)) die_errno("could not move to %s", orig_cwd); free(orig_cwd); for (i = 0; i < ARRAY_SIZE(env_names); i++) { + if (external_alias && + !strcmp(env_names[i], GIT_PREFIX_ENVIRONMENT)) + continue; if (orig_env[i]) setenv(env_names[i], orig_env[i], 1); else @@ -243,6 +246,7 @@ static int handle_alias(int *argcp, const char ***argv) int argc = *argcp, i; commit_pager_choice(); + restore_env(1); /* build alias_argv */ alias_argv = xmalloc(sizeof(*alias_argv) * (argc + 1)); @@ -291,7 +295,7 @@ static int handle_alias(int *argcp, const char ***argv) ret = 1; } - restore_env(); + restore_env(0); errno = saved_errno; diff --git a/t/t0001-init.sh b/t/t0001-init.sh index 7de8d85ee8..f7c00f6b12 100755 --- a/t/t0001-init.sh +++ b/t/t0001-init.sh @@ -87,6 +87,23 @@ test_expect_success 'plain nested in bare through aliased command' ' check_config bare-ancestor-aliased.git/plain-nested/.git false unset ' +test_expect_success 'No extra GIT_* on alias scripts' ' + ( + env | sed -ne "/^GIT_/s/=.*//p" && + echo GIT_PREFIX && # setup.c + echo GIT_TEXTDOMAINDIR # wrapper-for-bin.sh + ) | sort | uniq >expected && + cat <<-\EOF >script && + #!/bin/sh + env | sed -ne "/^GIT_/s/=.*//p" | sort >actual + exit 0 + EOF + chmod 755 script && + git config alias.script \!./script && + ( mkdir sub && cd sub && git script ) && + test_cmp expected actual +' + test_expect_success 'plain with GIT_WORK_TREE' ' mkdir plain-wt && test_must_fail env GIT_WORK_TREE="$(pwd)/plain-wt" git init plain-wt -- cgit v1.3-5-g9baa From 9d1d2b7fad9bec6320a2058c625787c835864960 Mon Sep 17 00:00:00 2001 From: Junio C Hamano Date: Tue, 26 Jan 2016 11:46:53 -0800 Subject: git: remove an early return from save_env_before_alias() When help.autocorrect is in effect, an attempt to auto-execute an uniquely corrected result of a misspelt alias will result in an irrelevant error message. The codepath that causes this calls save_env_before_alias() and restore_env() in handle_alias(), and that happens twice. A global variable orig_cwd is allocated to hold the return value of getcwd() in save_env_before_alias(), which is then used in restore_env() to go back to that directory and finally free(3)'d there. However, save_env_before_alias() is not prepared to be called twice. It returns early when it knows it has already been called, leaving orig_cwd undefined, which is then checked in the second call to restore_env(), and by that time, the memory that used to hold the contents of orig_cwd is either freed or reused to hold something else, and this is fed to chdir(2), causing it to fail. Even if it did not fail (i.e. reading of the already free'd piece of memory yielded a directory path that we can chdir(2) to), it then gets free(3)'d. Fix this by making sure save_env() does do the saving when called. While at it, add a minimal test for help.autocorrect facility. Signed-off-by: Junio C Hamano --- git.c | 2 -- t/t9003-help-autocorrect.sh | 52 +++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 52 insertions(+), 2 deletions(-) create mode 100755 t/t9003-help-autocorrect.sh (limited to 'git.c') diff --git a/git.c b/git.c index 98d441220a..a57a4cb469 100644 --- a/git.c +++ b/git.c @@ -30,8 +30,6 @@ static int saved_env_before_alias; static void save_env_before_alias(void) { int i; - if (saved_env_before_alias) - return; saved_env_before_alias = 1; orig_cwd = xgetcwd(); for (i = 0; i < ARRAY_SIZE(env_names); i++) { diff --git a/t/t9003-help-autocorrect.sh b/t/t9003-help-autocorrect.sh new file mode 100755 index 0000000000..dfe95c923b --- /dev/null +++ b/t/t9003-help-autocorrect.sh @@ -0,0 +1,52 @@ +#!/bin/sh + +test_description='help.autocorrect finding a match' +. ./test-lib.sh + +test_expect_success 'setup' ' + # An alias + git config alias.lgf "log --format=%s --first-parent" && + + # A random user-defined command + write_script git-distimdistim <<-EOF && + echo distimdistim was called + EOF + + PATH="$PATH:." && + export PATH && + + git commit --allow-empty -m "a single log entry" && + + # Sanity check + git lgf >actual && + echo "a single log entry" >expect && + test_cmp expect actual && + + git distimdistim >actual && + echo "distimdistim was called" >expect && + test_cmp expect actual +' + +test_expect_success 'autocorrect showing candidates' ' + git config help.autocorrect 0 && + + test_must_fail git lfg 2>actual && + sed -e "1,/^Did you mean this/d" actual | grep lgf && + + test_must_fail git distimdist 2>actual && + sed -e "1,/^Did you mean this/d" actual | grep distimdistim +' + +test_expect_success 'autocorrect running commands' ' + git config help.autocorrect -1 && + + git lfg >actual && + echo "a single log entry" >expect && + test_cmp expect actual && + + git distimdist >actual && + echo "distimdistim was called" >expect && + test_cmp expect actual +' + +test_done -- cgit v1.3-5-g9baa From 2e1175d43d05e83fe836e1c8c8e7c25b7ee659ae Mon Sep 17 00:00:00 2001 From: Junio C Hamano Date: Tue, 26 Jan 2016 22:50:27 -0800 Subject: git: protect against unbalanced calls to {save,restore}_env() We made sure that save_env_before_alias() does not skip saving the environment when asked to (which led to use-after-free of orig_cwd in restore_env() in the buggy version) with the previous step. Protect against future breakage where somebody adds new callers of these functions in an unbalanced fashion. Signed-off-by: Junio C Hamano --- git.c | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'git.c') diff --git a/git.c b/git.c index a57a4cb469..e39b972353 100644 --- a/git.c +++ b/git.c @@ -26,11 +26,15 @@ static const char *env_names[] = { }; static char *orig_env[4]; static int saved_env_before_alias; +static int save_restore_env_balance; static void save_env_before_alias(void) { int i; saved_env_before_alias = 1; + + assert(save_restore_env_balance == 0); + save_restore_env_balance = 1; orig_cwd = xgetcwd(); for (i = 0; i < ARRAY_SIZE(env_names); i++) { orig_env[i] = getenv(env_names[i]); @@ -42,6 +46,9 @@ static void save_env_before_alias(void) static void restore_env(int external_alias) { int i; + + assert(save_restore_env_balance == 1); + save_restore_env_balance = 0; if (!external_alias && orig_cwd && chdir(orig_cwd)) die_errno("could not move to %s", orig_cwd); free(orig_cwd); -- cgit v1.3-5-g9baa From 441981bc85ea2b648d7ffb2515b371071208e657 Mon Sep 17 00:00:00 2001 From: Junio C Hamano Date: Tue, 26 Jan 2016 22:52:02 -0800 Subject: git: simplify environment save/restore logic The only code that cares about the value of the global variable saved_env_before_alias after the previous fix is handle_builtin() that turns into a glorified no-op when the variable is true, so the logic could safely be lifted to its caller, i.e. the caller can refrain from calling it when the variable is set. This variable tells us if save_env_before_alias() was called (with or without matching restore_env()), but the sole caller of the function, handle_alias(), always calls it as the first thing, so we can consider that the variable essentially keeps track of the fact that handle_alias() has ever been called. It turns out that handle_builtin() and handle_alias() are called only from one function in a way that the value of the variable matters, which is run_argv(), and it already keeps track of the fact that it already called handle_alias(). So we can simplify the whole thing by: - Change handle_builtin() to always make a direct call to the builtin implementation it finds, and make sure the caller refrains from calling it if handle_alias() has ever been called; - Remove saved_env_before_alias variable, and instead use the local "done_alias" variable maintained inside run_argv() to make the same decision. Signed-off-by: Junio C Hamano --- git.c | 27 +++++++++++++-------------- 1 file changed, 13 insertions(+), 14 deletions(-) (limited to 'git.c') diff --git a/git.c b/git.c index e39b972353..1cbe2676f5 100644 --- a/git.c +++ b/git.c @@ -25,13 +25,11 @@ static const char *env_names[] = { GIT_PREFIX_ENVIRONMENT }; static char *orig_env[4]; -static int saved_env_before_alias; static int save_restore_env_balance; static void save_env_before_alias(void) { int i; - saved_env_before_alias = 1; assert(save_restore_env_balance == 0); save_restore_env_balance = 1; @@ -533,16 +531,8 @@ static void handle_builtin(int argc, const char **argv) } builtin = get_builtin(cmd); - if (builtin) { - /* - * XXX: if we can figure out cases where it is _safe_ - * to do, we can avoid spawning a new process when - * saved_env_before_alias is true - * (i.e. setup_git_dir* has been run once) - */ - if (!saved_env_before_alias) - exit(run_builtin(builtin, argc, argv)); - } + if (builtin) + exit(run_builtin(builtin, argc, argv)); } static void execv_dashed_external(const char **argv) @@ -586,8 +576,17 @@ static int run_argv(int *argcp, const char ***argv) int done_alias = 0; while (1) { - /* See if it's a builtin */ - handle_builtin(*argcp, *argv); + /* + * If we tried alias and futzed with our environment, + * it no longer is safe to invoke builtins directly in + * general. We have to spawn them as dashed externals. + * + * NEEDSWORK: if we can figure out cases + * where it is safe to do, we can avoid spawning a new + * process. + */ + if (!done_alias) + handle_builtin(*argcp, *argv); /* .. then try the external ones */ execv_dashed_external(*argv); -- cgit v1.3-5-g9baa From 8384c139cb9409fb3cf5ef70afff263917581258 Mon Sep 17 00:00:00 2001 From: Junio C Hamano Date: Tue, 2 Feb 2016 15:42:59 -0800 Subject: restore_env(): free the saved environment variable once we are done Just like we free orig_cwd, which is the value of the original working directory saved in save_env_before_alias(), once we are done with it, the contents of orig_env[] array, saved in the save_env_before_alias() function should be freed; otherwise, the second and subsequent calls to save/restore pair will leak the memory allocated in save_env_before_alias(). Signed-off-by: Junio C Hamano --- git.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'git.c') diff --git a/git.c b/git.c index 1cbe2676f5..93f569d064 100644 --- a/git.c +++ b/git.c @@ -54,10 +54,12 @@ static void restore_env(int external_alias) if (external_alias && !strcmp(env_names[i], GIT_PREFIX_ENVIRONMENT)) continue; - if (orig_env[i]) + if (orig_env[i]) { setenv(env_names[i], orig_env[i], 1); - else + free(orig_env[i]); + } else { unsetenv(env_names[i]); + } } } -- cgit v1.3-5-g9baa From 63ca1c099c36e61b0e9cd7fa0b912c0b9d89b628 Mon Sep 17 00:00:00 2001 From: Alexander Kuleshov Date: Mon, 22 Feb 2016 13:18:29 +0600 Subject: git.c: simplify stripping extension of a file in handle_builtin() The handle_builtin() starts from stripping of command extension if STRIP_EXTENSION is enabled. Actually STRIP_EXTENSION does not used anywhere else. This patch introduces strip_extension() helper to strip STRIP_EXTENSION extension from argv[0] with the strip_suffix() instead of manually stripping. Signed-off-by: Alexander Kuleshov Helped-by: Jeff King Signed-off-by: Junio C Hamano --- git-compat-util.h | 4 ---- git.c | 26 +++++++++++++++----------- 2 files changed, 15 insertions(+), 15 deletions(-) (limited to 'git.c') diff --git a/git-compat-util.h b/git-compat-util.h index f649e81f11..b7fcbd4b86 100644 --- a/git-compat-util.h +++ b/git-compat-util.h @@ -319,10 +319,6 @@ extern char *gitbasename(char *); #define _PATH_DEFPATH "/usr/local/bin:/usr/bin:/bin" #endif -#ifndef STRIP_EXTENSION -#define STRIP_EXTENSION "" -#endif - #ifndef has_dos_drive_prefix static inline int git_has_dos_drive_prefix(const char *path) { diff --git a/git.c b/git.c index 5feba410ca..a9dc2e8b49 100644 --- a/git.c +++ b/git.c @@ -505,21 +505,25 @@ int is_builtin(const char *s) return !!get_builtin(s); } +#ifdef STRIP_EXTENSION +static void strip_extension(const char **argv) +{ + size_t len; + + if (strip_suffix(argv[0], STRIP_EXTENSION, &len)) + argv[0] = xmemdupz(argv[0], len); +} +#else +#define strip_extension(cmd) +#endif + static void handle_builtin(int argc, const char **argv) { - const char *cmd = argv[0]; - int i; - static const char ext[] = STRIP_EXTENSION; + const char *cmd; struct cmd_struct *builtin; - if (sizeof(ext) > 1) { - i = strlen(argv[0]) - strlen(ext); - if (i > 0 && !strcmp(argv[0] + i, ext)) { - char *argv0 = xstrdup(argv[0]); - argv[0] = cmd = argv0; - argv0[i] = '\0'; - } - } + strip_extension(argv); + cmd = argv[0]; /* Turn "git cmd --help" into "git help cmd" */ if (argc > 1 && !strcmp(argv[1], "--help")) { -- cgit v1.3-5-g9baa From 850d2fec53ee188bab9e458f77906041ac7f1904 Mon Sep 17 00:00:00 2001 From: Jeff King Date: Mon, 22 Feb 2016 17:44:21 -0500 Subject: convert manual allocations to argv_array There are many manual argv allocations that predate the argv_array API. Switching to that API brings a few advantages: 1. We no longer have to manually compute the correct final array size (so it's one less thing we can screw up). 2. In many cases we had to make a separate pass to count, then allocate, then fill in the array. Now we can do it in one pass, making the code shorter and easier to follow. 3. argv_array handles memory ownership for us, making it more obvious when things should be free()d and and when not. Most of these cases are pretty straightforward. In some, we switch from "run_command_v" to "run_command" which lets us directly use the argv_array embedded in "struct child_process". Signed-off-by: Jeff King Signed-off-by: Junio C Hamano --- builtin/grep.c | 10 +++++----- builtin/receive-pack.c | 12 +++--------- builtin/remote-ext.c | 26 +++++--------------------- daemon.c | 12 +++++------- git.c | 14 +++++--------- line-log.c | 22 +++++++++------------- remote-curl.c | 23 +++++++++++------------ 7 files changed, 43 insertions(+), 76 deletions(-) (limited to 'git.c') diff --git a/builtin/grep.c b/builtin/grep.c index 4229cae390..95ddf96d1e 100644 --- a/builtin/grep.c +++ b/builtin/grep.c @@ -354,17 +354,17 @@ static void append_path(struct grep_opt *opt, const void *data, size_t len) static void run_pager(struct grep_opt *opt, const char *prefix) { struct string_list *path_list = opt->output_priv; - const char **argv = xmalloc(sizeof(const char *) * (path_list->nr + 1)); + struct child_process child = CHILD_PROCESS_INIT; int i, status; for (i = 0; i < path_list->nr; i++) - argv[i] = path_list->items[i].string; - argv[path_list->nr] = NULL; + argv_array_push(&child.args, path_list->items[i].string); + child.dir = prefix; + child.use_shell = 1; - status = run_command_v_opt_cd_env(argv, RUN_USING_SHELL, prefix, NULL); + status = run_command(&child); if (status) exit(status); - free(argv); } static int grep_cache(struct grep_opt *opt, const struct pathspec *pathspec, int cached) diff --git a/builtin/receive-pack.c b/builtin/receive-pack.c index f2d6761af6..932afab931 100644 --- a/builtin/receive-pack.c +++ b/builtin/receive-pack.c @@ -1031,7 +1031,6 @@ static void run_update_post_hook(struct command *commands) { struct command *cmd; int argc; - const char **argv; struct child_process proc = CHILD_PROCESS_INIT; const char *hook; @@ -1044,21 +1043,16 @@ static void run_update_post_hook(struct command *commands) if (!argc || !hook) return; - argv = xmalloc(sizeof(*argv) * (2 + argc)); - argv[0] = hook; - - for (argc = 1, cmd = commands; cmd; cmd = cmd->next) { + argv_array_push(&proc.args, hook); + for (cmd = commands; cmd; cmd = cmd->next) { if (cmd->error_string || cmd->did_not_exist) continue; - argv[argc] = xstrdup(cmd->ref_name); - argc++; + argv_array_push(&proc.args, cmd->ref_name); } - argv[argc] = NULL; proc.no_stdin = 1; proc.stdout_to_stderr = 1; proc.err = use_sideband ? -1 : 0; - proc.argv = argv; if (!start_command(&proc)) { if (use_sideband) diff --git a/builtin/remote-ext.c b/builtin/remote-ext.c index e3cd25d580..7457c743e8 100644 --- a/builtin/remote-ext.c +++ b/builtin/remote-ext.c @@ -114,30 +114,14 @@ static char *strip_escapes(const char *str, const char *service, } } -/* Should be enough... */ -#define MAXARGUMENTS 256 - -static const char **parse_argv(const char *arg, const char *service) +static void parse_argv(struct argv_array *out, const char *arg, const char *service) { - int arguments = 0; - int i; - const char **ret; - char *temparray[MAXARGUMENTS + 1]; - while (*arg) { - char *expanded; - if (arguments == MAXARGUMENTS) - die("remote-ext command has too many arguments"); - expanded = strip_escapes(arg, service, &arg); + char *expanded = strip_escapes(arg, service, &arg); if (expanded) - temparray[arguments++] = expanded; + argv_array_push(out, expanded); + free(expanded); } - - ret = xmalloc((arguments + 1) * sizeof(char *)); - for (i = 0; i < arguments; i++) - ret[i] = temparray[i]; - ret[arguments] = NULL; - return ret; } static void send_git_request(int stdin_fd, const char *serv, const char *repo, @@ -158,7 +142,7 @@ static int run_child(const char *arg, const char *service) child.in = -1; child.out = -1; child.err = 0; - child.argv = parse_argv(arg, service); + parse_argv(&child.args, arg, service); if (start_command(&child) < 0) die("Can't run specified command"); diff --git a/daemon.c b/daemon.c index be70cd4da0..1e258ac8f9 100644 --- a/daemon.c +++ b/daemon.c @@ -808,7 +808,7 @@ static void check_dead_children(void) cradle = &blanket->next; } -static char **cld_argv; +static struct argv_array cld_argv = ARGV_ARRAY_INIT; static void handle(int incoming, struct sockaddr *addr, socklen_t addrlen) { struct child_process cld = CHILD_PROCESS_INIT; @@ -842,7 +842,7 @@ static void handle(int incoming, struct sockaddr *addr, socklen_t addrlen) #endif } - cld.argv = (const char **)cld_argv; + cld.argv = cld_argv.argv; cld.in = incoming; cld.out = dup(incoming); @@ -1374,12 +1374,10 @@ int main(int argc, char **argv) write_file(pid_file, "%"PRIuMAX, (uintmax_t) getpid()); /* prepare argv for serving-processes */ - cld_argv = xmalloc(sizeof (char *) * (argc + 2)); - cld_argv[0] = argv[0]; /* git-daemon */ - cld_argv[1] = "--serve"; + argv_array_push(&cld_argv, argv[0]); /* git-daemon */ + argv_array_push(&cld_argv, "--serve"); for (i = 1; i < argc; ++i) - cld_argv[i+1] = argv[i]; - cld_argv[argc+1] = NULL; + argv_array_push(&cld_argv, argv[i]); return serve(&listen_addr, listen_port, cred); } diff --git a/git.c b/git.c index 6ed824cacf..e61a59c014 100644 --- a/git.c +++ b/git.c @@ -239,19 +239,15 @@ static int handle_alias(int *argcp, const char ***argv) alias_string = alias_lookup(alias_command); if (alias_string) { if (alias_string[0] == '!') { - const char **alias_argv; - int argc = *argcp, i; + struct child_process child = CHILD_PROCESS_INIT; commit_pager_choice(); - /* build alias_argv */ - alias_argv = xmalloc(sizeof(*alias_argv) * (argc + 1)); - alias_argv[0] = alias_string + 1; - for (i = 1; i < argc; ++i) - alias_argv[i] = (*argv)[i]; - alias_argv[argc] = NULL; + child.use_shell = 1; + argv_array_push(&child.args, alias_string + 1); + argv_array_pushv(&child.args, (*argv) + 1); - ret = run_command_v_opt(alias_argv, RUN_USING_SHELL); + ret = run_command(&child); if (ret >= 0) /* normal exit */ exit(ret); diff --git a/line-log.c b/line-log.c index af6e2f799e..5877986c5a 100644 --- a/line-log.c +++ b/line-log.c @@ -14,6 +14,7 @@ #include "graph.h" #include "userdiff.h" #include "line-log.h" +#include "argv-array.h" static void range_set_grow(struct range_set *rs, size_t extra) { @@ -746,22 +747,17 @@ void line_log_init(struct rev_info *rev, const char *prefix, struct string_list add_line_range(rev, commit, range); if (!rev->diffopt.detect_rename) { - int i, count = 0; - struct line_log_data *r = range; + struct line_log_data *r; + struct argv_array array = ARGV_ARRAY_INIT; const char **paths; - while (r) { - count++; - r = r->next; - } - paths = xmalloc((count+1)*sizeof(char *)); - r = range; - for (i = 0; i < count; i++) { - paths[i] = xstrdup(r->path); - r = r->next; - } - paths[count] = NULL; + + for (r = range; r; r = r->next) + argv_array_push(&array, r->path); + paths = argv_array_detach(&array); + parse_pathspec(&rev->diffopt.pathspec, 0, PATHSPEC_PREFER_FULL, "", paths); + /* strings are now owned by pathspec */ free(paths); } } diff --git a/remote-curl.c b/remote-curl.c index f404faf0f4..e81b9d560b 100644 --- a/remote-curl.c +++ b/remote-curl.c @@ -845,23 +845,22 @@ static void parse_fetch(struct strbuf *buf) static int push_dav(int nr_spec, char **specs) { - const char **argv = xmalloc((10 + nr_spec) * sizeof(char*)); - int argc = 0, i; + struct child_process child = CHILD_PROCESS_INIT; + size_t i; - argv[argc++] = "http-push"; - argv[argc++] = "--helper-status"; + child.git_cmd = 1; + argv_array_push(&child.args, "http-push"); + argv_array_push(&child.args, "--helper-status"); if (options.dry_run) - argv[argc++] = "--dry-run"; + argv_array_push(&child.args, "--dry-run"); if (options.verbosity > 1) - argv[argc++] = "--verbose"; - argv[argc++] = url.buf; + argv_array_push(&child.args, "--verbose"); + argv_array_push(&child.args, url.buf); for (i = 0; i < nr_spec; i++) - argv[argc++] = specs[i]; - argv[argc++] = NULL; + argv_array_push(&child.args, specs[i]); - if (run_command_v_opt(argv, RUN_GIT_CMD)) - die("git-%s failed", argv[0]); - free(argv); + if (run_command(&child)) + die("git-http-push failed"); return 0; } -- cgit v1.3-5-g9baa