entry.c: fix possible buffer overflow in remove_subtree()
[git/mjg.git] / builtin / rm.c
blob0df0b4d942c09769ff42539f6aaf83dcc31e20fb
1 /*
2 * "git rm" builtin command
4 * Copyright (C) Linus Torvalds 2006
5 */
6 #include "cache.h"
7 #include "builtin.h"
8 #include "dir.h"
9 #include "cache-tree.h"
10 #include "tree-walk.h"
11 #include "parse-options.h"
12 #include "string-list.h"
13 #include "submodule.h"
15 static const char * const builtin_rm_usage[] = {
16 N_("git rm [options] [--] <file>..."),
17 NULL
20 static struct {
21 int nr, alloc;
22 struct {
23 const char *name;
24 char is_submodule;
25 } *entry;
26 } list;
28 static int get_ours_cache_pos(const char *path, int pos)
30 int i = -pos - 1;
32 while ((i < active_nr) && !strcmp(active_cache[i]->name, path)) {
33 if (ce_stage(active_cache[i]) == 2)
34 return i;
35 i++;
37 return -1;
40 static void print_error_files(struct string_list *files_list,
41 const char *main_msg,
42 const char *hints_msg,
43 int *errs)
45 if (files_list->nr) {
46 int i;
47 struct strbuf err_msg = STRBUF_INIT;
49 strbuf_addstr(&err_msg, main_msg);
50 for (i = 0; i < files_list->nr; i++)
51 strbuf_addf(&err_msg,
52 "\n %s",
53 files_list->items[i].string);
54 if (advice_rm_hints)
55 strbuf_addstr(&err_msg, hints_msg);
56 *errs = error("%s", err_msg.buf);
57 strbuf_release(&err_msg);
61 static void error_removing_concrete_submodules(struct string_list *files, int *errs)
63 print_error_files(files,
64 Q_("the following submodule (or one of its nested "
65 "submodules)\n"
66 "uses a .git directory:",
67 "the following submodules (or one of its nested "
68 "submodules)\n"
69 "use a .git directory:", files->nr),
70 _("\n(use 'rm -rf' if you really want to remove "
71 "it including all of its history)"),
72 errs);
73 string_list_clear(files, 0);
76 static int check_submodules_use_gitfiles(void)
78 int i;
79 int errs = 0;
80 struct string_list files = STRING_LIST_INIT_NODUP;
82 for (i = 0; i < list.nr; i++) {
83 const char *name = list.entry[i].name;
84 int pos;
85 const struct cache_entry *ce;
86 struct stat st;
88 pos = cache_name_pos(name, strlen(name));
89 if (pos < 0) {
90 pos = get_ours_cache_pos(name, pos);
91 if (pos < 0)
92 continue;
94 ce = active_cache[pos];
96 if (!S_ISGITLINK(ce->ce_mode) ||
97 (lstat(ce->name, &st) < 0) ||
98 is_empty_dir(name))
99 continue;
101 if (!submodule_uses_gitfile(name))
102 string_list_append(&files, name);
105 error_removing_concrete_submodules(&files, &errs);
107 return errs;
110 static int check_local_mod(unsigned char *head, int index_only)
113 * Items in list are already sorted in the cache order,
114 * so we could do this a lot more efficiently by using
115 * tree_desc based traversal if we wanted to, but I am
116 * lazy, and who cares if removal of files is a tad
117 * slower than the theoretical maximum speed?
119 int i, no_head;
120 int errs = 0;
121 struct string_list files_staged = STRING_LIST_INIT_NODUP;
122 struct string_list files_cached = STRING_LIST_INIT_NODUP;
123 struct string_list files_submodule = STRING_LIST_INIT_NODUP;
124 struct string_list files_local = STRING_LIST_INIT_NODUP;
126 no_head = is_null_sha1(head);
127 for (i = 0; i < list.nr; i++) {
128 struct stat st;
129 int pos;
130 const struct cache_entry *ce;
131 const char *name = list.entry[i].name;
132 unsigned char sha1[20];
133 unsigned mode;
134 int local_changes = 0;
135 int staged_changes = 0;
137 pos = cache_name_pos(name, strlen(name));
138 if (pos < 0) {
140 * Skip unmerged entries except for populated submodules
141 * that could lose history when removed.
143 pos = get_ours_cache_pos(name, pos);
144 if (pos < 0)
145 continue;
147 if (!S_ISGITLINK(active_cache[pos]->ce_mode) ||
148 is_empty_dir(name))
149 continue;
151 ce = active_cache[pos];
153 if (lstat(ce->name, &st) < 0) {
154 if (errno != ENOENT && errno != ENOTDIR)
155 warning("'%s': %s", ce->name, strerror(errno));
156 /* It already vanished from the working tree */
157 continue;
159 else if (S_ISDIR(st.st_mode)) {
160 /* if a file was removed and it is now a
161 * directory, that is the same as ENOENT as
162 * far as git is concerned; we do not track
163 * directories unless they are submodules.
165 if (!S_ISGITLINK(ce->ce_mode))
166 continue;
170 * "rm" of a path that has changes need to be treated
171 * carefully not to allow losing local changes
172 * accidentally. A local change could be (1) file in
173 * work tree is different since the index; and/or (2)
174 * the user staged a content that is different from
175 * the current commit in the index.
177 * In such a case, you would need to --force the
178 * removal. However, "rm --cached" (remove only from
179 * the index) is safe if the index matches the file in
180 * the work tree or the HEAD commit, as it means that
181 * the content being removed is available elsewhere.
185 * Is the index different from the file in the work tree?
186 * If it's a submodule, is its work tree modified?
188 if (ce_match_stat(ce, &st, 0) ||
189 (S_ISGITLINK(ce->ce_mode) &&
190 !ok_to_remove_submodule(ce->name)))
191 local_changes = 1;
194 * Is the index different from the HEAD commit? By
195 * definition, before the very initial commit,
196 * anything staged in the index is treated by the same
197 * way as changed from the HEAD.
199 if (no_head
200 || get_tree_entry(head, name, sha1, &mode)
201 || ce->ce_mode != create_ce_mode(mode)
202 || hashcmp(ce->sha1, sha1))
203 staged_changes = 1;
206 * If the index does not match the file in the work
207 * tree and if it does not match the HEAD commit
208 * either, (1) "git rm" without --cached definitely
209 * will lose information; (2) "git rm --cached" will
210 * lose information unless it is about removing an
211 * "intent to add" entry.
213 if (local_changes && staged_changes) {
214 if (!index_only || !(ce->ce_flags & CE_INTENT_TO_ADD))
215 string_list_append(&files_staged, name);
217 else if (!index_only) {
218 if (staged_changes)
219 string_list_append(&files_cached, name);
220 if (local_changes) {
221 if (S_ISGITLINK(ce->ce_mode) &&
222 !submodule_uses_gitfile(name))
223 string_list_append(&files_submodule, name);
224 else
225 string_list_append(&files_local, name);
229 print_error_files(&files_staged,
230 Q_("the following file has staged content different "
231 "from both the\nfile and the HEAD:",
232 "the following files have staged content different"
233 " from both the\nfile and the HEAD:",
234 files_staged.nr),
235 _("\n(use -f to force removal)"),
236 &errs);
237 string_list_clear(&files_staged, 0);
238 print_error_files(&files_cached,
239 Q_("the following file has changes "
240 "staged in the index:",
241 "the following files have changes "
242 "staged in the index:", files_cached.nr),
243 _("\n(use --cached to keep the file,"
244 " or -f to force removal)"),
245 &errs);
246 string_list_clear(&files_cached, 0);
248 error_removing_concrete_submodules(&files_submodule, &errs);
250 print_error_files(&files_local,
251 Q_("the following file has local modifications:",
252 "the following files have local modifications:",
253 files_local.nr),
254 _("\n(use --cached to keep the file,"
255 " or -f to force removal)"),
256 &errs);
257 string_list_clear(&files_local, 0);
259 return errs;
262 static struct lock_file lock_file;
264 static int show_only = 0, force = 0, index_only = 0, recursive = 0, quiet = 0;
265 static int ignore_unmatch = 0;
267 static struct option builtin_rm_options[] = {
268 OPT__DRY_RUN(&show_only, N_("dry run")),
269 OPT__QUIET(&quiet, N_("do not list removed files")),
270 OPT_BOOLEAN( 0 , "cached", &index_only, N_("only remove from the index")),
271 OPT__FORCE(&force, N_("override the up-to-date check")),
272 OPT_BOOLEAN('r', NULL, &recursive, N_("allow recursive removal")),
273 OPT_BOOLEAN( 0 , "ignore-unmatch", &ignore_unmatch,
274 N_("exit with a zero status even if nothing matched")),
275 OPT_END(),
278 int cmd_rm(int argc, const char **argv, const char *prefix)
280 int i, newfd;
281 const char **pathspec;
282 char *seen;
284 git_config(git_default_config, NULL);
286 argc = parse_options(argc, argv, prefix, builtin_rm_options,
287 builtin_rm_usage, 0);
288 if (!argc)
289 usage_with_options(builtin_rm_usage, builtin_rm_options);
291 if (!index_only)
292 setup_work_tree();
294 newfd = hold_locked_index(&lock_file, 1);
296 if (read_cache() < 0)
297 die(_("index file corrupt"));
300 * Drop trailing directory separators from directories so we'll find
301 * submodules in the index.
303 for (i = 0; i < argc; i++) {
304 size_t pathlen = strlen(argv[i]);
305 if (pathlen && is_dir_sep(argv[i][pathlen - 1]) &&
306 is_directory(argv[i])) {
307 do {
308 pathlen--;
309 } while (pathlen && is_dir_sep(argv[i][pathlen - 1]));
310 argv[i] = xmemdupz(argv[i], pathlen);
314 pathspec = get_pathspec(prefix, argv);
315 refresh_index(&the_index, REFRESH_QUIET, pathspec, NULL, NULL);
317 seen = NULL;
318 for (i = 0; pathspec[i] ; i++)
319 /* nothing */;
320 seen = xcalloc(i, 1);
322 for (i = 0; i < active_nr; i++) {
323 const struct cache_entry *ce = active_cache[i];
324 if (!match_pathspec(pathspec, ce->name, ce_namelen(ce), 0, seen))
325 continue;
326 ALLOC_GROW(list.entry, list.nr + 1, list.alloc);
327 list.entry[list.nr].name = ce->name;
328 list.entry[list.nr++].is_submodule = S_ISGITLINK(ce->ce_mode);
331 if (pathspec) {
332 const char *match;
333 int seen_any = 0;
334 for (i = 0; (match = pathspec[i]) != NULL ; i++) {
335 if (!seen[i]) {
336 if (!ignore_unmatch) {
337 die(_("pathspec '%s' did not match any files"),
338 match);
341 else {
342 seen_any = 1;
344 if (!recursive && seen[i] == MATCHED_RECURSIVELY)
345 die(_("not removing '%s' recursively without -r"),
346 *match ? match : ".");
349 if (! seen_any)
350 exit(0);
354 * If not forced, the file, the index and the HEAD (if exists)
355 * must match; but the file can already been removed, since
356 * this sequence is a natural "novice" way:
358 * rm F; git rm F
360 * Further, if HEAD commit exists, "diff-index --cached" must
361 * report no changes unless forced.
363 if (!force) {
364 unsigned char sha1[20];
365 if (get_sha1("HEAD", sha1))
366 hashclr(sha1);
367 if (check_local_mod(sha1, index_only))
368 exit(1);
369 } else if (!index_only) {
370 if (check_submodules_use_gitfiles())
371 exit(1);
375 * First remove the names from the index: we won't commit
376 * the index unless all of them succeed.
378 for (i = 0; i < list.nr; i++) {
379 const char *path = list.entry[i].name;
380 if (!quiet)
381 printf("rm '%s'\n", path);
383 if (remove_file_from_cache(path))
384 die(_("git rm: unable to remove %s"), path);
387 if (show_only)
388 return 0;
391 * Then, unless we used "--cached", remove the filenames from
392 * the workspace. If we fail to remove the first one, we
393 * abort the "git rm" (but once we've successfully removed
394 * any file at all, we'll go ahead and commit to it all:
395 * by then we've already committed ourselves and can't fail
396 * in the middle)
398 if (!index_only) {
399 int removed = 0;
400 for (i = 0; i < list.nr; i++) {
401 const char *path = list.entry[i].name;
402 if (list.entry[i].is_submodule) {
403 if (is_empty_dir(path)) {
404 if (!rmdir(path)) {
405 removed = 1;
406 continue;
408 } else {
409 struct strbuf buf = STRBUF_INIT;
410 strbuf_addstr(&buf, path);
411 if (!remove_dir_recursively(&buf, 0)) {
412 removed = 1;
413 strbuf_release(&buf);
414 continue;
416 strbuf_release(&buf);
417 /* Fallthrough and let remove_path() fail. */
420 if (!remove_path(path)) {
421 removed = 1;
422 continue;
424 if (!removed)
425 die_errno("git rm: '%s'", path);
429 if (active_cache_changed) {
430 if (write_cache(newfd, active_cache, active_nr) ||
431 commit_locked_index(&lock_file))
432 die(_("Unable to write new index file"));
435 return 0;