From: Adrian Friedli <adrian.friedli@mt.com>
To: git@vger.kernel.org
Cc: Adrian Friedli <adrian.friedli@mt.com>
Subject: [PATCH] builtin/clone: fix segfault when using --revision on some servers
Date: Fri, 6 Mar 2026 12:10:01 +0100 [thread overview]
Message-ID: <20260306111001.261916-1-adrian.friedli@mt.com> (raw)
Fix a segfault when a server advertises more refs than requested when
using the --revision argument.
In the good case the server respects
`transport_ls_refs_options.ref_prefixes` and in `cmd_clone()` the linked
list `refs` returned by `transport_get_remote_refs()` only contains a
single item, which is the ref requested with the --revision argument.
Both `remote_head` returned by `find_ref_by_name()` and
`remote_head_points_at` returned by `guess_remote_head()` are NULL. The
guard in `update_remote_refs()` skips a the affected code because
`remote_head_points_at` is NULL.
In the bad case the server ignores
`transport_ls_refs_options.ref_prefixes` and in `cmd_clone()` the linked
list `refs` returned by `transport_get_remote_refs()` contains many
items, amongst others "HEAD". `remote_head` returned by
`find_ref_by_name()` is not NULL and `remote_head_points_at` returned by
`guess_remote_head()` is not NULL but its field `peer_ref` is NULL.
Because `remote_head_points_at` is not NULL the guard in
`update_remote_refs()` does not skip the affected code and
`remote_head_points_at->peer_ref->name` is accessed, which causes a
segfault later on.
Extend the guard in `update_remote_refs()` to also skip the block of
code if `remote_head_points_at->peer_ref` is NULL.
Signed-off-by: Adrian Friedli <adrian.friedli@mt.com>
---
The segfault can be reproduced by e.g.
git clone --revision=refs/heads/main \
https://dev.azure.com/public-git/sample/_git/sample
builtin/clone.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/builtin/clone.c b/builtin/clone.c
index fba3c9c508..09219791da 100644
--- a/builtin/clone.c
+++ b/builtin/clone.c
@@ -557,7 +557,7 @@ static void update_remote_refs(const struct ref *refs,
write_followtags(refs, msg);
}
- if (remote_head_points_at && !option_bare) {
+ if (remote_head_points_at && remote_head_points_at->peer_ref && !option_bare) {
struct strbuf head_ref = STRBUF_INIT;
strbuf_addstr(&head_ref, branch_top);
strbuf_addstr(&head_ref, "HEAD");
--
2.53.0.394.g500c12b044
next reply other threads:[~2026-03-06 11:10 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-06 11:10 Adrian Friedli [this message]
2026-03-06 19:51 ` [PATCH] builtin/clone: fix segfault when using --revision on some servers Junio C Hamano
2026-03-12 12:34 ` Friedli Adrian LCPF-CH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260306111001.261916-1-adrian.friedli@mt.com \
--to=adrian.friedli@mt.com \
--cc=git@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox