Only check if input files are read-only when overwriting them; skip
that check when the output goes to a different file.
* src/patch.c (main): Set read_only_behavior to RO_IGNORE when an output
file has been specified.
* tests/read-only-files: Add test case.
* src/safe.c (safe_xstat): Reject empty pathnames.
* tests/bad-filenames: Add a new test.
* src/patch.c (main): Don't check if the input file is writable when
we're not going to modify it.
I have disovered a regression in commit abe92e8010ab ("Prefer idx_t,
ptrdiff_t to lin") while I was running MariaDB tests. The regression is
related to a diff file [1], where the patch fails to apply it with
following error:
patch: **** '---' expected at line 2 of patch
To illustrate the issue, I have attached a git patch containing a
testcase with simplified reproducer.
[1] https://github.com/MariaDB/server/blob/mariadb-10.6.21/mysql-test/suite/innodb/r/innodb-wl5522%2Cstrict_crc32.rdiff file
Michał Górny <mgorny@gentoo.org> reported that patch was running out of
FDs and that the `deep-directories` test was failing. This turns out
to be because `hash_insert` isn't called at all with `-DNDEBUG` because
`insert_cached_dirfd` only calls it in one case inside of an `assert`.
See https://github.com/conda-forge/patch-feedstock/issues/11.
This regressed in 025a54b789bd88ed15430f8633514e296826983e.
* src/safe.c (insert_cached_dirfd): Don't use 'assert' for 'hash_insert'
call with side-effects.
On Haiku, all error numbers are negative, see
<https://www.gnu.org/software/gnulib/manual/html_node/errno_002eh.html>.
Bisected by Eli Schwartz <eschwartz@gentoo.org>.
This partially reverts commit 043355371a76de8ea7d06f79a69fde905af7cc45.
* src/inp.c (get_input_file):
* src/patch.c (main):
* src/safe.c (read_symlink):
* src/util.c (move_file):
Don't assume that all system-defined errno values are positive.
Also, check only the last file name component.
In other words, mimic operating systems that follow POSIX.1-2024’s
encouragement to fail with EILSEQ when openat etc. create a file name.
This is more conservative than the previous patch to prohibit
newlines in file names.
* src/patch.c (main, backup_file_name_option, get_some_switches):
* src/util.c (parse_c_string, make_tempfile):
Don’t check for newlines in a file name unless we are definitely
creating a file, as it’s harmless to read and stat file with
newlines in their names if the OS allows that.
* src/safe.c (traverse_another_path, traverse_path): New arg
REJECT_NL. If set, reject any file name whose last component
contains a newline. Also, do not do traversal if unsafe. All
callers changed to pass true if they are creating the file name,
false otherwise, and to not bother checking whether we are unsafe.
(safe_open): Special case for when O_CREAT is set but O_EXCL is not.
* src/util.c (pfatal): Report "Invalid byte sequence" for EILSEQ.
This POSIX wording is less confusing than glibc's "Invalid or
incomplete multibyte or wide character". Also, this lets
the test cases check for this wording.
* tests/bad-filenames: Adjust to new diagnostic wording.
When in POSIX mode, the --no-backup-if-mismatch option should be
enabled. However, this is only true when the POSIXLY_CORRECT
environmant variable is set but not when the --posix command line
option is given. Fix that by setting backup_if_mismatch after
evaluating the command line arguments.
Check for chmod, hardlink, symlink, and special character support to
prevent test suite failures in feature constrained environments.
Thanks to Bruno Haible and Nelson H. F. Beebe for their testing and
analysis.
* tests/test-lib.sh: Add new feature tests.
* tests/hardlinks: Split this hardlinks related test off from
tests/remember-backup-files.
* tests/Makefile.am (TESTS): Add new hardlinks test here.
* tests/file-create-modes, tests/file-modes, tests/read-only-files,
tests/preserve-mode-and-timestamp, tests/no-mode-change-git-diff: These
tests require chmod support.
* tests/hardlinks, tests/unmodified-files: These tests require hardlink
support.
* tests/symlinks: This test requires symlink support.
* tests/quoted-filenames: This test requires special character support
in filenames.
news-check-regexp to scan for unreleased changes, has to be set
conditional on the release type. It has to be defined in cfg.mk, not
Makefile.am, so key off of the RELEASE_TYPE as automake conditionals are
not available.
Signed-off-by: Eli Schwartz <eschwartz@gentoo.org>
Some of this merely pacifies -fsanitize=address by pointing
to storage rather than freeing it when we are about to exit anyway.
Other parts of it keep track of storage more carefully so that it
can be freed rather than leak.
* src/common.h (struct outfile): New member ‘alloc’.
* src/patch.c (files_to_output_root) [SANITIZE_ADDRESS]:
New externally visible variable, to pacify -fsanitize=address.
(main): Use new functions described below to remove
files and free memory.
(delete_files): Do not free the list as we go, as we are about
to exit and -fsanitize=address doesn’t care about this storage.
(output_file_later): Set and use new member ‘alloc’ to avoid
memory leaks.
(output_files): WIth -fsanitize=address, record the list head
in files_to_output_root that the address sanitizer can see,
so that it won’t complain when we don’t free storage just before exit.
Free only when not exiting, and free using ‘alloc’ rather than ‘name’.
(perfile_cleanup_remove): New function.
(cleanup_remove): Rename from ‘cleanup’. All uses changed.
Reimplement in terms of perfile_cleanup_remove.
(free_outfile_name, perfile_cleanup_free): New functions.
* src/util.c (make_tempfile): Set new member ‘alloc’.
* src/patch.c (FREE_BEFORE_EXIT): Port to clang, which
uses __has_feature (address_sanitizer) instead of
defined __SANITIZE_ADDRESS__. Also, rename this to
SANITIZE_ADDRESS since it is really about -fsanitize=address
rather than freeing before exit and as subsequent patches
will show there are simpler ways to pacify -fsanitize=address.
All uses changed.
* src/patch.c (Argc, Argv): Remove these confusing static variables.
They date back to before the code used getopt_long,
and are no longer needed. All uses changed.
(get_some_switches): New args argc+argv, which are now used
instead of the static vars. All uses changed.
* src/pch.c (get_line, pget_line): New arg ALLOW_NUL.
It is true when getting data lines, which can contain NUL,
but false when getting ‘diff’ directives, which cannot.
All uses changed.
* tests/bad-filenames: Check that ‘patch’ rejects
directives containing NUL.
Problem reported by Jim Meyering: ‘diff’ acted like GNU diff,
and generated correct output, but the output differed slightly
from what the test wanted. As the output of ‘diff’ is not
completely determined from its input, it’s better to put
the desired ‘diff’ output directly in the test when the test
depends on the exact output.
* tests/preserve-c-function-names, tests/reject-format:
Do not require GNU diff or use ‘diff’.
Instead, cat the desired ‘diff’ output.
This pacifies ‘make sc_cast_of_argument_to_free’, which otherwise
complains about the ‘free ((void *) elt)’ in dispose_file_to_delete.
Rather than worry about pacifying that ‘make’ rule,
simplify memory allocation by doing the linked list by hand,
with a ‘next’ member the way our grandfathers did it.
This reduces the number of source code lines by 23,
removes the need for Gnulib’s linked-list and xlist modules,
and makes the code type-safer (as opposed to going through void *).
* bootstrap.conf (gnulib_modules): Remove linked-list, xlist.
* src/patch.c: Do not include gl_linked_list.h, gl_xlist.h.
(struct file_to_delete): New member ‘next’.
(files_to_delete): Now struct file_to_delete *, not gl_list_t.
(dispose_file_to_delete, init_files_to_delete):
Remove; no longer needed.
(files_to_delete_tail): New static var.
(delete_file_later): Append the new file by hand.
(delete_files): Iterate and free by hand.
* src/pch.c (open_patch_file): Cache patch file descriptor.
When reading a patch, report read errors right away rather
than possibly waiting until end of input.
* src/inp.c (scan_input): Accept file descriptor, not stream.
All callers changed.
* src/patch.c (main): Do not obtain a stream for the patch
file descriptor, as scan_input merely needs a file descriptor.
This removes the need to call Fclose, which calls fflush,
which fails on OpenBSD 7.5 which (contra POSIX) does not
let you fflush an input stream.
