execv_git_cmd: Fix stack buffer overflow.
[git/dscho.git] / read-cache.c
blobc499c5185678b6b4ac35d57d1ab0b36cc2ff056b
1 /*
2 * GIT - The information manager from hell
4 * Copyright (C) Linus Torvalds, 2005
5 */
6 #include "cache.h"
7 #include "cache-tree.h"
9 /* Index extensions.
11 * The first letter should be 'A'..'Z' for extensions that are not
12 * necessary for a correct operation (i.e. optimization data).
13 * When new extensions are added that _needs_ to be understood in
14 * order to correctly interpret the index file, pick character that
15 * is outside the range, to cause the reader to abort.
18 #define CACHE_EXT(s) ( (s[0]<<24)|(s[1]<<16)|(s[2]<<8)|(s[3]) )
19 #define CACHE_EXT_TREE 0x54524545 /* "TREE" */
21 struct cache_entry **active_cache = NULL;
22 static time_t index_file_timestamp;
23 unsigned int active_nr = 0, active_alloc = 0, active_cache_changed = 0;
25 struct cache_tree *active_cache_tree = NULL;
28 * This only updates the "non-critical" parts of the directory
29 * cache, ie the parts that aren't tracked by GIT, and only used
30 * to validate the cache.
32 void fill_stat_cache_info(struct cache_entry *ce, struct stat *st)
34 ce->ce_ctime.sec = htonl(st->st_ctime);
35 ce->ce_mtime.sec = htonl(st->st_mtime);
36 #ifdef USE_NSEC
37 ce->ce_ctime.nsec = htonl(st->st_ctim.tv_nsec);
38 ce->ce_mtime.nsec = htonl(st->st_mtim.tv_nsec);
39 #endif
40 ce->ce_dev = htonl(st->st_dev);
41 ce->ce_ino = htonl(st->st_ino);
42 ce->ce_uid = htonl(st->st_uid);
43 ce->ce_gid = htonl(st->st_gid);
44 ce->ce_size = htonl(st->st_size);
46 if (assume_unchanged)
47 ce->ce_flags |= htons(CE_VALID);
50 static int ce_compare_data(struct cache_entry *ce, struct stat *st)
52 int match = -1;
53 int fd = open(ce->name, O_RDONLY);
55 if (fd >= 0) {
56 unsigned char sha1[20];
57 if (!index_fd(sha1, fd, st, 0, NULL))
58 match = memcmp(sha1, ce->sha1, 20);
59 close(fd);
61 return match;
64 static int ce_compare_link(struct cache_entry *ce, unsigned long expected_size)
66 int match = -1;
67 char *target;
68 void *buffer;
69 unsigned long size;
70 char type[10];
71 int len;
73 target = xmalloc(expected_size);
74 len = readlink(ce->name, target, expected_size);
75 if (len != expected_size) {
76 free(target);
77 return -1;
79 buffer = read_sha1_file(ce->sha1, type, &size);
80 if (!buffer) {
81 free(target);
82 return -1;
84 if (size == expected_size)
85 match = memcmp(buffer, target, size);
86 free(buffer);
87 free(target);
88 return match;
91 static int ce_modified_check_fs(struct cache_entry *ce, struct stat *st)
93 switch (st->st_mode & S_IFMT) {
94 case S_IFREG:
95 if (ce_compare_data(ce, st))
96 return DATA_CHANGED;
97 break;
98 case S_IFLNK:
99 if (ce_compare_link(ce, st->st_size))
100 return DATA_CHANGED;
101 break;
102 default:
103 return TYPE_CHANGED;
105 return 0;
108 static int ce_match_stat_basic(struct cache_entry *ce, struct stat *st)
110 unsigned int changed = 0;
112 switch (ntohl(ce->ce_mode) & S_IFMT) {
113 case S_IFREG:
114 changed |= !S_ISREG(st->st_mode) ? TYPE_CHANGED : 0;
115 /* We consider only the owner x bit to be relevant for
116 * "mode changes"
118 if (trust_executable_bit &&
119 (0100 & (ntohl(ce->ce_mode) ^ st->st_mode)))
120 changed |= MODE_CHANGED;
121 break;
122 case S_IFLNK:
123 changed |= !S_ISLNK(st->st_mode) ? TYPE_CHANGED : 0;
124 break;
125 default:
126 die("internal error: ce_mode is %o", ntohl(ce->ce_mode));
128 if (ce->ce_mtime.sec != htonl(st->st_mtime))
129 changed |= MTIME_CHANGED;
130 if (ce->ce_ctime.sec != htonl(st->st_ctime))
131 changed |= CTIME_CHANGED;
133 #ifdef USE_NSEC
135 * nsec seems unreliable - not all filesystems support it, so
136 * as long as it is in the inode cache you get right nsec
137 * but after it gets flushed, you get zero nsec.
139 if (ce->ce_mtime.nsec != htonl(st->st_mtim.tv_nsec))
140 changed |= MTIME_CHANGED;
141 if (ce->ce_ctime.nsec != htonl(st->st_ctim.tv_nsec))
142 changed |= CTIME_CHANGED;
143 #endif
145 if (ce->ce_uid != htonl(st->st_uid) ||
146 ce->ce_gid != htonl(st->st_gid))
147 changed |= OWNER_CHANGED;
148 if (ce->ce_ino != htonl(st->st_ino))
149 changed |= INODE_CHANGED;
151 #ifdef USE_STDEV
153 * st_dev breaks on network filesystems where different
154 * clients will have different views of what "device"
155 * the filesystem is on
157 if (ce->ce_dev != htonl(st->st_dev))
158 changed |= INODE_CHANGED;
159 #endif
161 if (ce->ce_size != htonl(st->st_size))
162 changed |= DATA_CHANGED;
164 return changed;
167 int ce_match_stat(struct cache_entry *ce, struct stat *st, int ignore_valid)
169 unsigned int changed;
172 * If it's marked as always valid in the index, it's
173 * valid whatever the checked-out copy says.
175 if (!ignore_valid && (ce->ce_flags & htons(CE_VALID)))
176 return 0;
178 changed = ce_match_stat_basic(ce, st);
181 * Within 1 second of this sequence:
182 * echo xyzzy >file && git-update-index --add file
183 * running this command:
184 * echo frotz >file
185 * would give a falsely clean cache entry. The mtime and
186 * length match the cache, and other stat fields do not change.
188 * We could detect this at update-index time (the cache entry
189 * being registered/updated records the same time as "now")
190 * and delay the return from git-update-index, but that would
191 * effectively mean we can make at most one commit per second,
192 * which is not acceptable. Instead, we check cache entries
193 * whose mtime are the same as the index file timestamp more
194 * carefully than others.
196 if (!changed &&
197 index_file_timestamp &&
198 index_file_timestamp <= ntohl(ce->ce_mtime.sec))
199 changed |= ce_modified_check_fs(ce, st);
201 return changed;
204 int ce_modified(struct cache_entry *ce, struct stat *st, int really)
206 int changed, changed_fs;
207 changed = ce_match_stat(ce, st, really);
208 if (!changed)
209 return 0;
211 * If the mode or type has changed, there's no point in trying
212 * to refresh the entry - it's not going to match
214 if (changed & (MODE_CHANGED | TYPE_CHANGED))
215 return changed;
217 /* Immediately after read-tree or update-index --cacheinfo,
218 * the length field is zero. For other cases the ce_size
219 * should match the SHA1 recorded in the index entry.
221 if ((changed & DATA_CHANGED) && ce->ce_size != htonl(0))
222 return changed;
224 changed_fs = ce_modified_check_fs(ce, st);
225 if (changed_fs)
226 return changed | changed_fs;
227 return 0;
230 int base_name_compare(const char *name1, int len1, int mode1,
231 const char *name2, int len2, int mode2)
233 unsigned char c1, c2;
234 int len = len1 < len2 ? len1 : len2;
235 int cmp;
237 cmp = memcmp(name1, name2, len);
238 if (cmp)
239 return cmp;
240 c1 = name1[len];
241 c2 = name2[len];
242 if (!c1 && S_ISDIR(mode1))
243 c1 = '/';
244 if (!c2 && S_ISDIR(mode2))
245 c2 = '/';
246 return (c1 < c2) ? -1 : (c1 > c2) ? 1 : 0;
249 int cache_name_compare(const char *name1, int flags1, const char *name2, int flags2)
251 int len1 = flags1 & CE_NAMEMASK;
252 int len2 = flags2 & CE_NAMEMASK;
253 int len = len1 < len2 ? len1 : len2;
254 int cmp;
256 cmp = memcmp(name1, name2, len);
257 if (cmp)
258 return cmp;
259 if (len1 < len2)
260 return -1;
261 if (len1 > len2)
262 return 1;
264 /* Compare stages */
265 flags1 &= CE_STAGEMASK;
266 flags2 &= CE_STAGEMASK;
268 if (flags1 < flags2)
269 return -1;
270 if (flags1 > flags2)
271 return 1;
272 return 0;
275 int cache_name_pos(const char *name, int namelen)
277 int first, last;
279 first = 0;
280 last = active_nr;
281 while (last > first) {
282 int next = (last + first) >> 1;
283 struct cache_entry *ce = active_cache[next];
284 int cmp = cache_name_compare(name, namelen, ce->name, ntohs(ce->ce_flags));
285 if (!cmp)
286 return next;
287 if (cmp < 0) {
288 last = next;
289 continue;
291 first = next+1;
293 return -first-1;
296 /* Remove entry, return true if there are more entries to go.. */
297 int remove_cache_entry_at(int pos)
299 active_cache_changed = 1;
300 active_nr--;
301 if (pos >= active_nr)
302 return 0;
303 memmove(active_cache + pos, active_cache + pos + 1, (active_nr - pos) * sizeof(struct cache_entry *));
304 return 1;
307 int remove_file_from_cache(const char *path)
309 int pos = cache_name_pos(path, strlen(path));
310 if (pos < 0)
311 pos = -pos-1;
312 while (pos < active_nr && !strcmp(active_cache[pos]->name, path))
313 remove_cache_entry_at(pos);
314 return 0;
317 int ce_same_name(struct cache_entry *a, struct cache_entry *b)
319 int len = ce_namelen(a);
320 return ce_namelen(b) == len && !memcmp(a->name, b->name, len);
323 int ce_path_match(const struct cache_entry *ce, const char **pathspec)
325 const char *match, *name;
326 int len;
328 if (!pathspec)
329 return 1;
331 len = ce_namelen(ce);
332 name = ce->name;
333 while ((match = *pathspec++) != NULL) {
334 int matchlen = strlen(match);
335 if (matchlen > len)
336 continue;
337 if (memcmp(name, match, matchlen))
338 continue;
339 if (matchlen && name[matchlen-1] == '/')
340 return 1;
341 if (name[matchlen] == '/' || !name[matchlen])
342 return 1;
343 if (!matchlen)
344 return 1;
346 return 0;
350 * We fundamentally don't like some paths: we don't want
351 * dot or dot-dot anywhere, and for obvious reasons don't
352 * want to recurse into ".git" either.
354 * Also, we don't want double slashes or slashes at the
355 * end that can make pathnames ambiguous.
357 static int verify_dotfile(const char *rest)
360 * The first character was '.', but that
361 * has already been discarded, we now test
362 * the rest.
364 switch (*rest) {
365 /* "." is not allowed */
366 case '\0': case '/':
367 return 0;
370 * ".git" followed by NUL or slash is bad. This
371 * shares the path end test with the ".." case.
373 case 'g':
374 if (rest[1] != 'i')
375 break;
376 if (rest[2] != 't')
377 break;
378 rest += 2;
379 /* fallthrough */
380 case '.':
381 if (rest[1] == '\0' || rest[1] == '/')
382 return 0;
384 return 1;
387 int verify_path(const char *path)
389 char c;
391 goto inside;
392 for (;;) {
393 if (!c)
394 return 1;
395 if (c == '/') {
396 inside:
397 c = *path++;
398 switch (c) {
399 default:
400 continue;
401 case '/': case '\0':
402 break;
403 case '.':
404 if (verify_dotfile(path))
405 continue;
407 return 0;
409 c = *path++;
414 * Do we have another file that has the beginning components being a
415 * proper superset of the name we're trying to add?
417 static int has_file_name(const struct cache_entry *ce, int pos, int ok_to_replace)
419 int retval = 0;
420 int len = ce_namelen(ce);
421 int stage = ce_stage(ce);
422 const char *name = ce->name;
424 while (pos < active_nr) {
425 struct cache_entry *p = active_cache[pos++];
427 if (len >= ce_namelen(p))
428 break;
429 if (memcmp(name, p->name, len))
430 break;
431 if (ce_stage(p) != stage)
432 continue;
433 if (p->name[len] != '/')
434 continue;
435 retval = -1;
436 if (!ok_to_replace)
437 break;
438 remove_cache_entry_at(--pos);
440 return retval;
444 * Do we have another file with a pathname that is a proper
445 * subset of the name we're trying to add?
447 static int has_dir_name(const struct cache_entry *ce, int pos, int ok_to_replace)
449 int retval = 0;
450 int stage = ce_stage(ce);
451 const char *name = ce->name;
452 const char *slash = name + ce_namelen(ce);
454 for (;;) {
455 int len;
457 for (;;) {
458 if (*--slash == '/')
459 break;
460 if (slash <= ce->name)
461 return retval;
463 len = slash - name;
465 pos = cache_name_pos(name, ntohs(create_ce_flags(len, stage)));
466 if (pos >= 0) {
467 retval = -1;
468 if (ok_to_replace)
469 break;
470 remove_cache_entry_at(pos);
471 continue;
475 * Trivial optimization: if we find an entry that
476 * already matches the sub-directory, then we know
477 * we're ok, and we can exit.
479 pos = -pos-1;
480 while (pos < active_nr) {
481 struct cache_entry *p = active_cache[pos];
482 if ((ce_namelen(p) <= len) ||
483 (p->name[len] != '/') ||
484 memcmp(p->name, name, len))
485 break; /* not our subdirectory */
486 if (ce_stage(p) == stage)
487 /* p is at the same stage as our entry, and
488 * is a subdirectory of what we are looking
489 * at, so we cannot have conflicts at our
490 * level or anything shorter.
492 return retval;
493 pos++;
496 return retval;
499 /* We may be in a situation where we already have path/file and path
500 * is being added, or we already have path and path/file is being
501 * added. Either one would result in a nonsense tree that has path
502 * twice when git-write-tree tries to write it out. Prevent it.
504 * If ok-to-replace is specified, we remove the conflicting entries
505 * from the cache so the caller should recompute the insert position.
506 * When this happens, we return non-zero.
508 static int check_file_directory_conflict(const struct cache_entry *ce, int pos, int ok_to_replace)
511 * We check if the path is a sub-path of a subsequent pathname
512 * first, since removing those will not change the position
513 * in the array
515 int retval = has_file_name(ce, pos, ok_to_replace);
517 * Then check if the path might have a clashing sub-directory
518 * before it.
520 return retval + has_dir_name(ce, pos, ok_to_replace);
523 int add_cache_entry(struct cache_entry *ce, int option)
525 int pos;
526 int ok_to_add = option & ADD_CACHE_OK_TO_ADD;
527 int ok_to_replace = option & ADD_CACHE_OK_TO_REPLACE;
528 int skip_df_check = option & ADD_CACHE_SKIP_DFCHECK;
530 pos = cache_name_pos(ce->name, ntohs(ce->ce_flags));
532 /* existing match? Just replace it. */
533 if (pos >= 0) {
534 active_cache_changed = 1;
535 active_cache[pos] = ce;
536 return 0;
538 pos = -pos-1;
541 * Inserting a merged entry ("stage 0") into the index
542 * will always replace all non-merged entries..
544 if (pos < active_nr && ce_stage(ce) == 0) {
545 while (ce_same_name(active_cache[pos], ce)) {
546 ok_to_add = 1;
547 if (!remove_cache_entry_at(pos))
548 break;
552 if (!ok_to_add)
553 return -1;
554 if (!verify_path(ce->name))
555 return -1;
557 if (!skip_df_check &&
558 check_file_directory_conflict(ce, pos, ok_to_replace)) {
559 if (!ok_to_replace)
560 return -1;
561 pos = cache_name_pos(ce->name, ntohs(ce->ce_flags));
562 pos = -pos-1;
565 /* Make sure the array is big enough .. */
566 if (active_nr == active_alloc) {
567 active_alloc = alloc_nr(active_alloc);
568 active_cache = xrealloc(active_cache, active_alloc * sizeof(struct cache_entry *));
571 /* Add it in.. */
572 active_nr++;
573 if (active_nr > pos)
574 memmove(active_cache + pos + 1, active_cache + pos, (active_nr - pos - 1) * sizeof(ce));
575 active_cache[pos] = ce;
576 active_cache_changed = 1;
577 return 0;
580 /* Three functions to allow overloaded pointer return; see linux/err.h */
581 static inline void *ERR_PTR(long error)
583 return (void *) error;
586 static inline long PTR_ERR(const void *ptr)
588 return (long) ptr;
591 static inline long IS_ERR(const void *ptr)
593 return (unsigned long)ptr > (unsigned long)-1000L;
597 * "refresh" does not calculate a new sha1 file or bring the
598 * cache up-to-date for mode/content changes. But what it
599 * _does_ do is to "re-match" the stat information of a file
600 * with the cache, so that you can refresh the cache for a
601 * file that hasn't been changed but where the stat entry is
602 * out of date.
604 * For example, you'd want to do this after doing a "git-read-tree",
605 * to link up the stat cache details with the proper files.
607 static struct cache_entry *refresh_entry(struct cache_entry *ce, int really)
609 struct stat st;
610 struct cache_entry *updated;
611 int changed, size;
613 if (lstat(ce->name, &st) < 0)
614 return ERR_PTR(-errno);
616 changed = ce_match_stat(ce, &st, really);
617 if (!changed) {
618 if (really && assume_unchanged &&
619 !(ce->ce_flags & htons(CE_VALID)))
620 ; /* mark this one VALID again */
621 else
622 return NULL;
625 if (ce_modified(ce, &st, really))
626 return ERR_PTR(-EINVAL);
628 size = ce_size(ce);
629 updated = xmalloc(size);
630 memcpy(updated, ce, size);
631 fill_stat_cache_info(updated, &st);
633 /* In this case, if really is not set, we should leave
634 * CE_VALID bit alone. Otherwise, paths marked with
635 * --no-assume-unchanged (i.e. things to be edited) will
636 * reacquire CE_VALID bit automatically, which is not
637 * really what we want.
639 if (!really && assume_unchanged && !(ce->ce_flags & htons(CE_VALID)))
640 updated->ce_flags &= ~htons(CE_VALID);
642 return updated;
645 int refresh_cache(unsigned int flags)
647 int i;
648 int has_errors = 0;
649 int really = (flags & REFRESH_REALLY) != 0;
650 int allow_unmerged = (flags & REFRESH_UNMERGED) != 0;
651 int quiet = (flags & REFRESH_QUIET) != 0;
652 int not_new = (flags & REFRESH_IGNORE_MISSING) != 0;
654 for (i = 0; i < active_nr; i++) {
655 struct cache_entry *ce, *new;
656 ce = active_cache[i];
657 if (ce_stage(ce)) {
658 while ((i < active_nr) &&
659 ! strcmp(active_cache[i]->name, ce->name))
660 i++;
661 i--;
662 if (allow_unmerged)
663 continue;
664 printf("%s: needs merge\n", ce->name);
665 has_errors = 1;
666 continue;
669 new = refresh_entry(ce, really);
670 if (!new)
671 continue;
672 if (IS_ERR(new)) {
673 if (not_new && PTR_ERR(new) == -ENOENT)
674 continue;
675 if (really && PTR_ERR(new) == -EINVAL) {
676 /* If we are doing --really-refresh that
677 * means the index is not valid anymore.
679 ce->ce_flags &= ~htons(CE_VALID);
680 active_cache_changed = 1;
682 if (quiet)
683 continue;
684 printf("%s: needs update\n", ce->name);
685 has_errors = 1;
686 continue;
688 active_cache_changed = 1;
689 /* You can NOT just free active_cache[i] here, since it
690 * might not be necessarily malloc()ed but can also come
691 * from mmap(). */
692 active_cache[i] = new;
694 return has_errors;
697 static int verify_hdr(struct cache_header *hdr, unsigned long size)
699 SHA_CTX c;
700 unsigned char sha1[20];
702 if (hdr->hdr_signature != htonl(CACHE_SIGNATURE))
703 return error("bad signature");
704 if (hdr->hdr_version != htonl(2))
705 return error("bad index version");
706 SHA1_Init(&c);
707 SHA1_Update(&c, hdr, size - 20);
708 SHA1_Final(sha1, &c);
709 if (memcmp(sha1, (void *)hdr + size - 20, 20))
710 return error("bad index file sha1 signature");
711 return 0;
714 static int read_index_extension(const char *ext, void *data, unsigned long sz)
716 switch (CACHE_EXT(ext)) {
717 case CACHE_EXT_TREE:
718 active_cache_tree = cache_tree_read(data, sz);
719 break;
720 default:
721 if (*ext < 'A' || 'Z' < *ext)
722 return error("index uses %.4s extension, which we do not understand",
723 ext);
724 fprintf(stderr, "ignoring %.4s extension\n", ext);
725 break;
727 return 0;
730 int read_cache(void)
732 int fd, i;
733 struct stat st;
734 unsigned long size, offset;
735 void *map;
736 struct cache_header *hdr;
738 errno = EBUSY;
739 if (active_cache)
740 return active_nr;
742 errno = ENOENT;
743 index_file_timestamp = 0;
744 fd = open(get_index_file(), O_RDONLY);
745 if (fd < 0) {
746 if (errno == ENOENT)
747 return 0;
748 die("index file open failed (%s)", strerror(errno));
751 size = 0; // avoid gcc warning
752 map = MAP_FAILED;
753 if (!fstat(fd, &st)) {
754 size = st.st_size;
755 errno = EINVAL;
756 if (size >= sizeof(struct cache_header) + 20)
757 map = mmap(NULL, size, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
759 close(fd);
760 if (map == MAP_FAILED)
761 die("index file mmap failed (%s)", strerror(errno));
763 hdr = map;
764 if (verify_hdr(hdr, size) < 0)
765 goto unmap;
767 active_nr = ntohl(hdr->hdr_entries);
768 active_alloc = alloc_nr(active_nr);
769 active_cache = xcalloc(active_alloc, sizeof(struct cache_entry *));
771 offset = sizeof(*hdr);
772 for (i = 0; i < active_nr; i++) {
773 struct cache_entry *ce = map + offset;
774 offset = offset + ce_size(ce);
775 active_cache[i] = ce;
777 index_file_timestamp = st.st_mtime;
778 while (offset <= size - 20 - 8) {
779 /* After an array of active_nr index entries,
780 * there can be arbitrary number of extended
781 * sections, each of which is prefixed with
782 * extension name (4-byte) and section length
783 * in 4-byte network byte order.
785 unsigned long extsize;
786 memcpy(&extsize, map + offset + 4, 4);
787 extsize = ntohl(extsize);
788 if (read_index_extension(map + offset,
789 map + offset + 8, extsize) < 0)
790 goto unmap;
791 offset += 8;
792 offset += extsize;
794 return active_nr;
796 unmap:
797 munmap(map, size);
798 errno = EINVAL;
799 die("index file corrupt");
802 #define WRITE_BUFFER_SIZE 8192
803 static unsigned char write_buffer[WRITE_BUFFER_SIZE];
804 static unsigned long write_buffer_len;
806 static int ce_write(SHA_CTX *context, int fd, void *data, unsigned int len)
808 while (len) {
809 unsigned int buffered = write_buffer_len;
810 unsigned int partial = WRITE_BUFFER_SIZE - buffered;
811 if (partial > len)
812 partial = len;
813 memcpy(write_buffer + buffered, data, partial);
814 buffered += partial;
815 if (buffered == WRITE_BUFFER_SIZE) {
816 SHA1_Update(context, write_buffer, WRITE_BUFFER_SIZE);
817 if (write(fd, write_buffer, WRITE_BUFFER_SIZE) != WRITE_BUFFER_SIZE)
818 return -1;
819 buffered = 0;
821 write_buffer_len = buffered;
822 len -= partial;
823 data += partial;
825 return 0;
828 static int write_index_ext_header(SHA_CTX *context, int fd,
829 unsigned int ext, unsigned int sz)
831 ext = htonl(ext);
832 sz = htonl(sz);
833 if ((ce_write(context, fd, &ext, 4) < 0) ||
834 (ce_write(context, fd, &sz, 4) < 0))
835 return -1;
836 return 0;
839 static int ce_flush(SHA_CTX *context, int fd)
841 unsigned int left = write_buffer_len;
843 if (left) {
844 write_buffer_len = 0;
845 SHA1_Update(context, write_buffer, left);
848 /* Flush first if not enough space for SHA1 signature */
849 if (left + 20 > WRITE_BUFFER_SIZE) {
850 if (write(fd, write_buffer, left) != left)
851 return -1;
852 left = 0;
855 /* Append the SHA1 signature at the end */
856 SHA1_Final(write_buffer + left, context);
857 left += 20;
858 if (write(fd, write_buffer, left) != left)
859 return -1;
860 return 0;
863 static void ce_smudge_racily_clean_entry(struct cache_entry *ce)
866 * The only thing we care about in this function is to smudge the
867 * falsely clean entry due to touch-update-touch race, so we leave
868 * everything else as they are. We are called for entries whose
869 * ce_mtime match the index file mtime.
871 struct stat st;
873 if (lstat(ce->name, &st) < 0)
874 return;
875 if (ce_match_stat_basic(ce, &st))
876 return;
877 if (ce_modified_check_fs(ce, &st)) {
878 /* This is "racily clean"; smudge it. Note that this
879 * is a tricky code. At first glance, it may appear
880 * that it can break with this sequence:
882 * $ echo xyzzy >frotz
883 * $ git-update-index --add frotz
884 * $ : >frotz
885 * $ sleep 3
886 * $ echo filfre >nitfol
887 * $ git-update-index --add nitfol
889 * but it does not. Whe the second update-index runs,
890 * it notices that the entry "frotz" has the same timestamp
891 * as index, and if we were to smudge it by resetting its
892 * size to zero here, then the object name recorded
893 * in index is the 6-byte file but the cached stat information
894 * becomes zero --- which would then match what we would
895 * obtain from the filesystem next time we stat("frotz").
897 * However, the second update-index, before calling
898 * this function, notices that the cached size is 6
899 * bytes and what is on the filesystem is an empty
900 * file, and never calls us, so the cached size information
901 * for "frotz" stays 6 which does not match the filesystem.
903 ce->ce_size = htonl(0);
907 int write_cache(int newfd, struct cache_entry **cache, int entries)
909 SHA_CTX c;
910 struct cache_header hdr;
911 int i, removed;
913 for (i = removed = 0; i < entries; i++)
914 if (!cache[i]->ce_mode)
915 removed++;
917 hdr.hdr_signature = htonl(CACHE_SIGNATURE);
918 hdr.hdr_version = htonl(2);
919 hdr.hdr_entries = htonl(entries - removed);
921 SHA1_Init(&c);
922 if (ce_write(&c, newfd, &hdr, sizeof(hdr)) < 0)
923 return -1;
925 for (i = 0; i < entries; i++) {
926 struct cache_entry *ce = cache[i];
927 if (!ce->ce_mode)
928 continue;
929 if (index_file_timestamp &&
930 index_file_timestamp <= ntohl(ce->ce_mtime.sec))
931 ce_smudge_racily_clean_entry(ce);
932 if (ce_write(&c, newfd, ce, ce_size(ce)) < 0)
933 return -1;
936 /* Write extension data here */
937 if (active_cache_tree) {
938 unsigned long sz;
939 void *data = cache_tree_write(active_cache_tree, &sz);
940 if (data &&
941 !write_index_ext_header(&c, newfd, CACHE_EXT_TREE, sz) &&
942 !ce_write(&c, newfd, data, sz))
944 else {
945 free(data);
946 return -1;
949 return ce_flush(&c, newfd);