From: Simon Marchi <simon.marchi@efficios.com>
To: git@vger.kernel.org
Cc: "Simon Marchi" <simon.marchi@efficios.com>,
"Junio C Hamano" <gitster@pobox.com>,
"René Scharfe" <l.s.r@web.de>, "Taylor Blau" <me@ttaylorr.com>,
"Patrick Steinhardt" <ps@pks.im>
Subject: [PATCH] builtin/difftool: intialize some hashmap variables
Date: Mon, 11 Nov 2024 11:21:44 -0500 [thread overview]
Message-ID: <20241111162148.337375-1-simon.marchi@efficios.com> (raw)
When running a dir-diff command that produces no diff, variables
`wt_modified` and `tmp_modified` are used while uninitialized, causing:
$ /home/smarchi/src/git/git-difftool --dir-diff master
free(): invalid pointer
[1] 334004 IOT instruction (core dumped) /home/smarchi/src/git/git-difftool --dir-diff master
$ valgrind --track-origins=yes /home/smarchi/src/git/git-difftool --dir-diff master
...
Invalid free() / delete / delete[] / realloc()
at 0x48478EF: free (vg_replace_malloc.c:989)
by 0x422CAC: hashmap_clear_ (hashmap.c:208)
by 0x283830: run_dir_diff (difftool.c:667)
by 0x284103: cmd_difftool (difftool.c:801)
by 0x238E0F: run_builtin (git.c:484)
by 0x2392B9: handle_builtin (git.c:750)
by 0x2399BC: cmd_main (git.c:921)
by 0x356FEF: main (common-main.c:64)
Address 0x1ffefff180 is on thread 1's stack
in frame #2, created by run_dir_diff (difftool.c:358)
...
If taking any `goto finish` path before these variables are initialized,
`hashmap_clear_and_free()` operates on uninitialized data, sometimes
causing a crash.
Fix it by zero-initializing these variables, making
`hashmap_clear_and_free()` a no-op in that case.
Signed-off-by: Simon Marchi <simon.marchi@efficios.com>
Cc: Junio C Hamano <gitster@pobox.com>
Cc: René Scharfe <l.s.r@web.de>
Cc: Taylor Blau <me@ttaylorr.com>
Cc: Patrick Steinhardt <ps@pks.im>
---
builtin/difftool.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/builtin/difftool.c b/builtin/difftool.c
index ca1b0890659b..b902f5d2ae17 100644
--- a/builtin/difftool.c
+++ b/builtin/difftool.c
@@ -376,7 +376,8 @@ static int run_dir_diff(const char *extcmd, int symlinks, const char *prefix,
struct checkout lstate, rstate;
int err = 0;
struct child_process cmd = CHILD_PROCESS_INIT;
- struct hashmap wt_modified, tmp_modified;
+ struct hashmap wt_modified = {0};
+ struct hashmap tmp_modified = {0};
int indices_loaded = 0;
workdir = repo_get_work_tree(the_repository);
base-commit: b31fb630c0fc6869a33ed717163e8a1210460d94
--
2.47.0
next reply other threads:[~2024-11-11 16:31 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-11-11 16:21 Simon Marchi [this message]
2024-11-11 20:54 ` [PATCH] builtin/difftool: intialize some hashmap variables Jeff King
2024-11-11 21:22 ` Simon Marchi
2024-11-11 22:09 ` Jeff King
2024-11-11 23:51 ` Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241111162148.337375-1-simon.marchi@efficios.com \
--to=simon.marchi@efficios.com \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=l.s.r@web.de \
--cc=me@ttaylorr.com \
--cc=ps@pks.im \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).