[PATCH] Fix segfault in fast-export

Git development
 help / color / mirror / Atom feed

* [PATCH] Fix segfault in fast-export
@ 2010-01-07  3:58 Mike Mueller
  2010-01-18 17:44 ` Heiko Voigt
  0 siblings, 1 reply; 2+ messages in thread
From: Mike Mueller @ 2010-01-07  3:58 UTC (permalink / raw)
  To: git

[-- Attachment #1: Type: text/plain, Size: 1283 bytes --]

Hi all,

I'm working on a C++ static analyzer (Vigilant Sentry), and git
is one of my test subjects.  In git-1.6.6, I found a crash in the
fast-export command:

The problem is in builtin-fast-export.c, function export_marks:

    f = fopen(file, "w");
    if (!f)
        error("Unable to open marks file %s for writing.", file);
   
    for (i = 0; i < idnums.size; i++) {
        if (deco->base && deco->base->type == 1) {
            mark = ptr_to_mark(deco->decoration);
            if (fprintf(f, ":%"PRIu32" %s\n", mark,
                sha1_to_hex(deco->base->sha1)) < 0) {
                e = 1;
                break;
            }
        }
        deco++;
    }
   
    e |= ferror(f);
    e |= fclose(f);

If fopen() fails, the error message is printed, but the function
doesn't exit.  The subsequent calls to fprintf and/or ferror will
fail because f is NULL.  A simple way to reproduce is to export
to a path you don't have write access to:
   
    $ git fast-export --export-marks=/foo
    error: Unable to open marks file /foo for writing.
    Segmentation fault (core dumped)

I've attached a trivial patch that calls die_errno instead of
error, so the program exits if f is NULL.

Regards,
Mike

-- 
Mike Mueller
mmueller@vigilantsw.com

http://www.vigilantsw.com/

[-- Attachment #2: git-fast-export.patch --]
[-- Type: text/x-diff, Size: 449 bytes --]

diff --git a/builtin-fast-export.c b/builtin-fast-export.c
index b0a4029..963e89b 100644
--- a/builtin-fast-export.c
+++ b/builtin-fast-export.c
@@ -503,7 +503,7 @@ static void export_marks(char *file)
 
 	f = fopen(file, "w");
 	if (!f)
-		error("Unable to open marks file %s for writing.", file);
+		die_errno("Unable to open marks file %s for writing", file);
 
 	for (i = 0; i < idnums.size; i++) {
 		if (deco->base && deco->base->type == 1) {

^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [PATCH] Fix segfault in fast-export
  2010-01-07  3:58 [PATCH] Fix segfault in fast-export Mike Mueller
@ 2010-01-18 17:44 ` Heiko Voigt
  0 siblings, 0 replies; 2+ messages in thread
From: Heiko Voigt @ 2010-01-18 17:44 UTC (permalink / raw)
  To: Mike Mueller; +Cc: git

Hi,

if want your change included in git you probably want to CC: Junio and
inline your patch so its easier to comment. Please see the file
Documentation/SubmittingPatches for tips on how to do it with your
mailer.

cheers Heiko

P.S.: and include a commit message in your patch

On Wed, Jan 06, 2010 at 10:58:39PM -0500, Mike Mueller wrote:
> Hi all,
> 
> I'm working on a C++ static analyzer (Vigilant Sentry), and git
> is one of my test subjects.  In git-1.6.6, I found a crash in the
> fast-export command:
> 
> The problem is in builtin-fast-export.c, function export_marks:
> 
>     f = fopen(file, "w");
>     if (!f)
>         error("Unable to open marks file %s for writing.", file);
>    
>     for (i = 0; i < idnums.size; i++) {
>         if (deco->base && deco->base->type == 1) {
>             mark = ptr_to_mark(deco->decoration);
>             if (fprintf(f, ":%"PRIu32" %s\n", mark,
>                 sha1_to_hex(deco->base->sha1)) < 0) {
>                 e = 1;
>                 break;
>             }
>         }
>         deco++;
>     }
>    
>     e |= ferror(f);
>     e |= fclose(f);
> 
> If fopen() fails, the error message is printed, but the function
> doesn't exit.  The subsequent calls to fprintf and/or ferror will
> fail because f is NULL.  A simple way to reproduce is to export
> to a path you don't have write access to:
>    
>     $ git fast-export --export-marks=/foo
>     error: Unable to open marks file /foo for writing.
>     Segmentation fault (core dumped)
> 
> I've attached a trivial patch that calls die_errno instead of
> error, so the program exits if f is NULL.
> 
> Regards,
> Mike
> 
> -- 
> Mike Mueller
> mmueller@vigilantsw.com
> 
> http://www.vigilantsw.com/

> diff --git a/builtin-fast-export.c b/builtin-fast-export.c
> index b0a4029..963e89b 100644
> --- a/builtin-fast-export.c
> +++ b/builtin-fast-export.c
> @@ -503,7 +503,7 @@ static void export_marks(char *file)
>  
>  	f = fopen(file, "w");
>  	if (!f)
> -		error("Unable to open marks file %s for writing.", file);
> +		die_errno("Unable to open marks file %s for writing", file);
>  
>  	for (i = 0; i < idnums.size; i++) {
>  		if (deco->base && deco->base->type == 1) {

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2010-01-18 17:44 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-01-07  3:58 [PATCH] Fix segfault in fast-export Mike Mueller
2010-01-18 17:44 ` Heiko Voigt

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox