From: Jim Meyering <jim@meyering.net>
To: git list <git@vger.kernel.org>
Subject: [PATCH next] don't let mailmap provoke use of freed memory
Date: Mon, 11 Oct 2010 17:41:16 +0200 [thread overview]
Message-ID: <87tyksd9er.fsf@meyering.net> (raw)
On an x86_64 system (F13-based), I ran these commands in an empty directory:
git init
printf '%s\n' \
'<jdoe@example.com> <jdoe@example.COM>' \
'John <jdoe@example.com>' > .mailmap
git shortlog < /dev/null
Here's the result:
(reading log message from standard input)
*** glibc detected *** git: free(): invalid pointer: 0x0000000000f53730 ***
======= Backtrace: =========
/lib64/libc.so.6[0x31ba875676]
git[0x48c2a5]
git[0x4b9858]
...
zsh: abort (core dumped) git shortlog
What happened?
Some .mailmap entry is of the <email1> <email2> form,
while a subsequent one looks like "User Name <Email2>,
and the two email addresses on the right are not identical
but are "equal" when using a case-insensitive comparator.
Then, when add_mapping is processing the latter line, new_email is NULL
and we free me->email, yet do not replace it with a new strdup'd string.
Thus, when later we attempt to use the buffer behind that ->email pointer,
we reference freed memory.
The solution is to free ->email and ->name only if we're about to replace them.
Signed-off-by: Jim Meyering <meyering@redhat.com>
---
mailmap.c | 10 ++++++----
1 files changed, 6 insertions(+), 4 deletions(-)
diff --git a/mailmap.c b/mailmap.c
index f80b701..02fcfde 100644
--- a/mailmap.c
+++ b/mailmap.c
@@ -79,12 +79,14 @@ static void add_mapping(struct string_list *map,
if (old_name == NULL) {
debug_mm("mailmap: adding (simple) entry for %s at index %d\n", old_email, index);
/* Replace current name and new email for simple entry */
- free(me->name);
- free(me->email);
- if (new_name)
+ if (new_name) {
+ free(me->name);
me->name = xstrdup(new_name);
- if (new_email)
+ }
+ if (new_email) {
+ free(me->email);
me->email = xstrdup(new_email);
+ }
} else {
struct mailmap_info *mi = xmalloc(sizeof(struct mailmap_info));
debug_mm("mailmap: adding (complex) entry for %s at index %d\n", old_email, index);
--
1.7.3.1.104.gc752e
next reply other threads:[~2010-10-11 15:41 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-10-11 15:41 Jim Meyering [this message]
2010-10-11 16:21 ` [PATCH next] don't let mailmap provoke use of freed memory Jonathan Nieder
2010-10-15 5:22 ` Ævar Arnfjörð Bjarmason
2010-10-15 6:18 ` Jonathan Nieder
2010-10-15 7:59 ` Jonathan Nieder
2010-10-15 17:12 ` [PATCH] t4203 (mailmap): stop hardcoding commit ids and dates Jonathan Nieder
2010-10-17 4:43 ` Junio C Hamano
2010-10-20 6:29 ` Junio C Hamano
2010-10-20 6:31 ` Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87tyksd9er.fsf@meyering.net \
--to=jim@meyering.net \
--cc=git@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.