From 4ec197f3049d203739066e0c2d2c5c39f78fd808 Mon Sep 17 00:00:00 2001
From: Ben Straub <bs@github.com>
Date: Fri, 30 Nov 2012 12:52:42 -0800
Subject: [PATCH] Deploy GIT_SIGNATURE_INIT

---
 src/commit.c    |  3 +++
 src/notes.c     |  9 +++++++++
 src/reflog.c    |  4 ++++
 src/signature.c |  4 +++-
 src/signature.h | 12 ++++++++++++
 src/stash.c     |  4 ++++
 src/tag.c       |  3 +++
 7 files changed, 38 insertions(+), 1 deletion(-)

diff --git a/src/commit.c b/src/commit.c
index 4072518ff..5197fdb6d 100644
--- a/src/commit.c
+++ b/src/commit.c
@@ -93,6 +93,9 @@ int git_commit_create(
 	git_odb *odb;
 
 	assert(git_object_owner((const git_object *)tree) == repo);
+	if (!git_signature__has_valid_version(author) ||
+		 !git_signature__has_valid_version(committer))
+		return -1;
 
 	git_oid__writebuf(&commit, "tree ", git_object_id((const git_object *)tree));
 
diff --git a/src/notes.c b/src/notes.c
index dd36cc2fe..87ee1e742 100644
--- a/src/notes.c
+++ b/src/notes.c
@@ -11,6 +11,7 @@
 #include "refs.h"
 #include "config.h"
 #include "iterator.h"
+#include "signature.h"
 
 static int find_subtree_in_current_level(
 	git_tree **out,
@@ -455,6 +456,10 @@ int git_note_create(
 	git_commit *commit = NULL;
 	git_tree *tree = NULL;
 
+	if (!git_signature__has_valid_version(author) ||
+		 !git_signature__has_valid_version(committer))
+		return -1;
+
 	target = git_oid_allocfmt(oid);
 	GITERR_CHECK_ALLOC(target);
 
@@ -482,6 +487,10 @@ int git_note_remove(git_repository *repo, const char *notes_ref,
 	git_commit *commit = NULL;
 	git_tree *tree = NULL;
 
+	if (!git_signature__has_valid_version(author) ||
+		 !git_signature__has_valid_version(committer))
+		return -1;
+
 	target = git_oid_allocfmt(oid);
 	GITERR_CHECK_ALLOC(target);
 
diff --git a/src/reflog.c b/src/reflog.c
index ac481fb81..4d119bae7 100644
--- a/src/reflog.c
+++ b/src/reflog.c
@@ -112,6 +112,7 @@ static int reflog_parse(git_reflog *log, const char *buf, size_t buf_size)
 
 		entry->committer = git__malloc(sizeof(git_signature));
 		GITERR_CHECK_ALLOC(entry->committer);
+		entry->committer->version = GIT_SIGNATURE_VERSION;
 
 		if (git_oid_fromstrn(&entry->oid_old, buf, GIT_OID_HEXSZ) < 0)
 			goto fail;
@@ -297,6 +298,9 @@ int git_reflog_append(git_reflog *reflog, const git_oid *new_oid,
 
 	assert(reflog && new_oid && committer);
 
+	if (!git_signature__has_valid_version(committer))
+		return -1;
+
 	if (reflog_entry_new(&entry) < 0)
 		return -1;
 
diff --git a/src/signature.c b/src/signature.c
index 0159488a4..008b13120 100644
--- a/src/signature.c
+++ b/src/signature.c
@@ -90,6 +90,7 @@ int git_signature_new(git_signature **sig_out, const char *name, const char *ema
 
 	p = git__calloc(1, sizeof(git_signature));
 	GITERR_CHECK_ALLOC(p);
+	p->version = GIT_SIGNATURE_VERSION;
 
 	if (process_trimming(name, &p->name, name + strlen(name), 1) < 0 ||
 		process_trimming(email, &p->email, email + strlen(email), 1) < 0)
@@ -263,8 +264,9 @@ int git_signature__parse(git_signature *sig, const char **buffer_out,
 	const char *buffer = *buffer_out;
 	const char *line_end, *name_end, *email_end, *tz_start, *time_start;
 	int error = 0;
+	git_signature initsig = GIT_SIGNATURE_INIT;
 
-	memset(sig, 0x0, sizeof(git_signature));
+	memmove(sig, &initsig, sizeof(git_signature));
 
 	if ((line_end = memchr(buffer, ender, buffer_end - buffer)) == NULL)
 		return signature_error("no newline given");
diff --git a/src/signature.h b/src/signature.h
index 97b3a055e..599e19901 100644
--- a/src/signature.h
+++ b/src/signature.h
@@ -15,4 +15,16 @@
 int git_signature__parse(git_signature *sig, const char **buffer_out, const char *buffer_end, const char *header, char ender);
 void git_signature__writebuf(git_buf *buf, const char *header, const git_signature *sig);
 
+GIT_INLINE(bool) git_signature__has_valid_version(const git_signature *sig)
+{
+	if (!sig)
+		return true;
+
+	if (sig->version > 0 && sig->version <= GIT_SIGNATURE_VERSION)
+		return true;
+
+	giterr_set(GITERR_INVALID, "Invalid version %d on git_signature", sig->version);
+	return false;
+}
+
 #endif
diff --git a/src/stash.c b/src/stash.c
index 98c7a7c93..67fa49838 100644
--- a/src/stash.c
+++ b/src/stash.c
@@ -14,6 +14,7 @@
 #include "git2/stash.h"
 #include "git2/status.h"
 #include "git2/checkout.h"
+#include "signature.h"
 
 static int create_error(int error, const char *msg)
 {
@@ -522,6 +523,9 @@ int git_stash_save(
 
 	assert(out && repo && stasher);
 
+	if (!git_signature__has_valid_version(stasher))
+		return -1;
+
 	if ((error = ensure_non_bare_repository(repo)) < 0)
 		return error;
 
diff --git a/src/tag.c b/src/tag.c
index 606afd657..fb70837a2 100644
--- a/src/tag.c
+++ b/src/tag.c
@@ -244,6 +244,9 @@ static int git_tag_create__internal(
 	assert(repo && tag_name && target);
 	assert(!create_tag_annotation || (tagger && message));
 
+	if (!git_signature__has_valid_version(tagger))
+		return -1;
+
 	if (git_object_owner(target) != repo) {
 		giterr_set(GITERR_INVALID, "The given target does not belong to this repository");
 		return -1;