Re: New NULL dereference in sequence.c

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "René Scharfe" <rene.scharfe@lsrfire.ath.cx>
To: Michael Mueller <mmueller@vigilantsw.com>
Cc: git@vger.kernel.org, Neil Horman <nhorman@tuxdriver.com>
Subject: Re: New NULL dereference in sequence.c
Date: Wed, 02 May 2012 14:53:22 +0200	[thread overview]
Message-ID: <4FA12E42.201@lsrfire.ath.cx> (raw)
In-Reply-To: <CANV9Rr9PFR7SA_3jB-6PRF_V+4yB-FsYEuX5gs-LMpoTAxGDCQ@mail.gmail.com>

[cc:ing the author of this commit]

Am 02.05.2012 10:45, schrieb Michael Mueller:
> Hi all,
>
> The last defect Sentry picked up has been removed, yay!  At the same
> time, a new NULL dereference bug appeared, in sequencer.c:
>
>      static int is_index_unchanged(void)
>      {
>          unsigned char head_sha1[20];
>          struct commit *head_commit;
>
>          if (!resolve_ref_unsafe("HEAD", head_sha1, 1, NULL))
>              return error(_("Could not resolve HEAD commit\n"));
>
>          head_commit = lookup_commit(head_sha1);
>          if (!head_commit || parse_commit(head_commit))
>              return error(_("could not parse commit %s\n"),
>                       sha1_to_hex(head_commit->object.sha1));
>
> In the last line quoted above, head_commit may be NULL, and it is
> dereferenced in the call to sha1_to_hex.  Assuming lookup_commit(head_sha1)
> can return NULL, this function will segfault.
>
> Introduced here:
> https://github.com/gitster/git/commit/b27cfb0#sequencer.c

Similar code in builtin/commit.c just reports "could not parse HEAD 
commit" without any hash and thus no pointer dereference.

René

next prev parent reply	other threads:[~2012-05-02 12:53 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-05-02  8:45 New NULL dereference in sequence.c Michael Mueller
2012-05-02 12:53 ` René Scharfe [this message]
2012-05-02 17:34   ` Neil Horman
2012-05-02 17:39     ` Matthieu Moy
2012-05-02 19:38       ` Neil Horman

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4FA12E42.201@lsrfire.ath.cx \
    --to=rene.scharfe@lsrfire.ath.cx \
    --cc=git@vger.kernel.org \
    --cc=mmueller@vigilantsw.com \
    --cc=nhorman@tuxdriver.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.