From: Phillip Wood <phillip.wood123@gmail.com>
To: Cheng <prophecheng@stu.pku.edu.cn>, git@vger.kernel.org
Subject: Re: Potential Null Pointer Dereference detected by static analysis tool
Date: Wed, 13 Aug 2025 14:19:14 +0100 [thread overview]
Message-ID: <5303c45e-d95b-4bc8-9cd1-bf4efe6bfbae@gmail.com> (raw)
In-Reply-To: <AAkArwD3JXZP4EIjvKF0Waow.1.1755044612233.Hmail.2201111603@stu.pku.edu.cn>
Hi Cheng
On 13/08/2025 01:23, Cheng wrote:
>
>
> line 326 in builtin/describe.cdescribe.c, which is located in the function describe_commit. In the following code, cmit could be NULL passed to the call, which then causes a NULL dereference. Seems should be replaced lookup_commit_reference with lookup_commit_or_die.
>
>
> ```cpp
> cmit = lookup_commit_reference(the_repository, oid);
> n = find_commit_name(&cmit->object.oid);
> ```
>
>
>
> The NULL value seems to come from function lookup_commit_reference_gently where:
>
> - 1. call to deref_tag may return NULL.
>
> - 2. call to object_as_type may return NULL.
>
>
> In this repository, other calls lookup_commit_reference are followed by a null check. So this seems to lead to NULL dereference. Can I confirm with you whether this is a true positive bug report?
I had a quick look at the callers of describe_commit() and they all seem
to use an oid that they get from looking up a commit so I'm not sure
under what circumstances this call to lookup_commit_reference() can fail.
Thanks
Phillip
next prev parent reply other threads:[~2025-08-13 13:19 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-08-13 0:23 Potential Null Pointer Dereference detected by static analysis tool Cheng
2025-08-13 13:19 ` Phillip Wood [this message]
2025-08-14 23:26 ` Jeff King
2025-08-15 15:49 ` Phillip Wood
2025-08-17 9:27 ` René Scharfe
2025-08-18 4:48 ` Jeff King
2025-08-18 5:05 ` Jeff King
2025-08-18 19:56 ` René Scharfe
2025-08-18 20:21 ` Jeff King
2025-08-18 20:56 ` Jeff King
2025-08-18 20:58 ` [PATCH 0/5] fix segfault and other oddities describing blobs Jeff King
2025-08-18 20:59 ` [PATCH 1/5] describe: pass oid struct by const pointer Jeff King
2025-08-18 21:05 ` Junio C Hamano
2025-08-18 21:01 ` [PATCH 2/5] describe: error if blob not found Jeff King
2025-08-18 21:12 ` Junio C Hamano
2025-08-19 8:05 ` Patrick Steinhardt
2025-08-19 18:32 ` René Scharfe
2025-08-18 21:01 ` [PATCH 3/5] describe: catch unborn branch in describe_blob() Jeff King
2025-08-18 21:19 ` Junio C Hamano
2025-08-18 23:07 ` Jeff King
2025-08-18 21:03 ` [PATCH 4/5] describe: handle blob traversal with no commits Jeff King
2025-08-19 8:05 ` Patrick Steinhardt
2025-08-19 16:59 ` Jeff King
2025-08-20 4:34 ` Patrick Steinhardt
2025-08-20 6:30 ` [replacement PATCH " Jeff King
2025-08-18 21:04 ` [PATCH 5/5] describe: pass commit to describe_commit() Jeff King
2025-08-19 8:05 ` Patrick Steinhardt
2025-08-19 17:02 ` Jeff King
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5303c45e-d95b-4bc8-9cd1-bf4efe6bfbae@gmail.com \
--to=phillip.wood123@gmail.com \
--cc=git@vger.kernel.org \
--cc=phillip.wood@dunelm.org.uk \
--cc=prophecheng@stu.pku.edu.cn \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.