From: Junio C Hamano <gitster@pobox.com>
To: Emily M Klassen <forivall@gmail.com>
Cc: git@vger.kernel.org
Subject: Re: [PATCH] revision: fix missing null for freed memory
Date: Sat, 08 Feb 2025 13:53:05 -0800 [thread overview]
Message-ID: <xmqqldugdry6.fsf@gitster.g> (raw)
In-Reply-To: <20250208061702.88469-1-forivall@gmail.com> (Emily M. Klassen's message of "Fri, 7 Feb 2025 22:17:02 -0800")
Emily M Klassen <forivall@gmail.com> writes:
> "git log --graph --no-graph" missed cleaning up the output_prefix and
> output_prefix_data pointers. This resulted in a segfault when using "--patch",
> "--name-status" or "--name-only", as the output_prefix_data continued to be in
> use after free()
>
> Signed-off-by: Emily M Klassen <forivall@gmail.com>
> ---
> I previously reported this a few hours ago, and ended up digging in and figuring
> it out. I'll make sure to bottom reply in the follow ups to this patch.
>
> revision.c | 2 ++
> 1 file changed, 2 insertions(+)
Reading the symptom in the proposed log message (which is very
clearly written, by the way), it seems that this is reproducible?
Can we have a test to make sure that the fix would not be broken
later?
> diff --git a/revision.c b/revision.c
> index 474fa1e767..84cb028e11 100644
> --- a/revision.c
> +++ b/revision.c
> @@ -2615,6 +2615,8 @@ static int handle_revision_opt(struct rev_info *revs, int argc, const char **arg
> graph_clear(revs->graph);
> revs->graph = graph_init(revs);
> } else if (!strcmp(arg, "--no-graph")) {
> + revs->diffopt.output_prefix = NULL;
> + revs->diffopt.output_prefix_data = NULL;
> graph_clear(revs->graph);
> revs->graph = NULL;
> } else if (!strcmp(arg, "--encode-email-headers")) {
Interesting.
In response to "--graph" (the code we can see in the context before
this part), we clear the revs->graph and then call graph_init(revs)
for ourselves, and we do not have to futz with diffopt at all, and
it works OK because output_prefix_data and output_prefix would be
overwritten by the graph_init() to the value we want to use anyway.
But of course, after "--no-graph", nobody clears these two members
for us, so we'd need to clear them here.
It might make the API less error-prone if the "clear" function
cleared the .graph and diffopt->output_prefix{,_data} together
but among three existing callers of graph_clear(), only this caller
needs to clear these two members, so it probably would not matter.
So in short, this seems to be a good fix for the immediate issue,
and it is unlikely that we'd need any follow-up work.
next prev parent reply other threads:[~2025-02-08 21:53 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-02-08 6:17 [PATCH] revision: fix missing null for freed memory Emily M Klassen
2025-02-08 21:53 ` Junio C Hamano [this message]
2025-02-10 16:02 ` Junio C Hamano
2025-02-10 20:56 ` Emily Klassen
2025-02-13 0:42 ` Junio C Hamano
2025-02-11 7:55 ` Patrick Steinhardt
2025-02-11 19:31 ` D. Ben Knoble
2025-02-11 20:22 ` D. Ben Knoble
2025-02-11 21:29 ` Jeff King
2025-02-11 23:09 ` Junio C Hamano
2025-02-12 5:30 ` Patrick Steinhardt
2025-02-13 21:07 ` Ben Knoble
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=xmqqldugdry6.fsf@gitster.g \
--to=gitster@pobox.com \
--cc=forivall@gmail.com \
--cc=git@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.