Re: [PATCH] merge-ort: fix calling merge_finalize() with no intermediate merge

[Junio C Hamano <gitster@pobox.com>]

"Elijah Newren via GitGitGadget" <gitgitgadget@gmail.com> writes:

> From: Elijah Newren <newren@gmail.com>
>
> If some code sets up the data structures for a merge, but then never
> actually performs one before calling merge_finalize(), then
> merge_finalize() wouldn't notice that result->priv was NULL and
> return early, resulting in following that NULL pointer and getting
> a segfault.  There is currently no code in the git codebase that does
> this, but this issue was found during testing of some proposed patches
> that had the following structure:
>
>     struct merge_options merge_opt;
>     struct merge_result result;
>
>     init_merge_options(&merge_opt, the_repository);
>     memset(&result, 0, sizeof(result));
>
>     <do N merges, for some value of N>
>
>     merge_finalize(&merge_opt, &result);
>
> where some flags could cause the code to have N=0, i.e. doing no merges.
> Add a check for result->priv being NULL and return early to avoid a
> segfault in these kinds of cases.
>
> While at it, ensure the FREE_AND_NULL() in the function does something
> useful with the nulling aspect, namely sets result->priv to NULL rather
> than a mere temporary.

Clearly written.  The FREE_AND_NULL() bit is a bit embarrassing
slip-up for everybody who reviewed and applied the initial patch
X-<.

And we need to undo the attribute direction change in merge_start()
even if we didn't perform any, so the early return cannot be done
before that.  So everything makes sense as a fix to the reported
problem.

> Reported-by: Derrick Stolee <derrickstolee@github.com>
> Signed-off-by: Elijah Newren <newren@gmail.com>
> ---
>     merge-ort: fix calling merge_finalize() with no intermediate merge
>     
>     See
>     https://lore.kernel.org/git/CABPp-BHCdjOutYqdMO1NbYKNA0BgkXRgwUEKK=MX0kXM-5G_DQ@mail.gmail.com/
>
> Published-As: https://github.com/gitgitgadget/git/releases/tag/pr-1518%2Fnewren%2Ffix-merge-finalize-with-no-merge-v1
> Fetch-It-Via: git fetch https://github.com/gitgitgadget/git pr-1518/newren/fix-merge-finalize-with-no-merge-v1
> Pull-Request: https://github.com/gitgitgadget/git/pull/1518
>
>  merge-ort.c | 8 ++++----
>  1 file changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/merge-ort.c b/merge-ort.c
> index 5bf64354d16..cba3662e497 100644
> --- a/merge-ort.c
> +++ b/merge-ort.c
> @@ -4718,14 +4718,14 @@ void merge_switch_to_result(struct merge_options *opt,
>  void merge_finalize(struct merge_options *opt,
>  		    struct merge_result *result)
>  {
> -	struct merge_options_internal *opti = result->priv;
> -
>  	if (opt->renormalize)
>  		git_attr_set_direction(GIT_ATTR_CHECKIN);
>  	assert(opt->priv == NULL);
>  
> -	clear_or_reinit_internal_opts(opti, 0);
> -	FREE_AND_NULL(opti);
> +	if (!result->priv)
> +		return;
> +	clear_or_reinit_internal_opts(result->priv, 0);
> +	FREE_AND_NULL(result->priv);
>  }
>  
>  /*** Function Grouping: helper functions for merge_incore_*() ***/
>
> base-commit: 667fcf4e15379790f0b609d6a83d578e69f20301