Re: New NULL dereference in sequence.c

git.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: "René Scharfe" <rene.scharfe@lsrfire.ath.cx>
To: Michael Mueller <mmueller@vigilantsw.com>
Cc: git@vger.kernel.org, Neil Horman <nhorman@tuxdriver.com>
Subject: Re: New NULL dereference in sequence.c
Date: Wed, 02 May 2012 14:53:22 +0200	[thread overview]
Message-ID: <4FA12E42.201@lsrfire.ath.cx> (raw)
In-Reply-To: <CANV9Rr9PFR7SA_3jB-6PRF_V+4yB-FsYEuX5gs-LMpoTAxGDCQ@mail.gmail.com>

[cc:ing the author of this commit]

Am 02.05.2012 10:45, schrieb Michael Mueller:
> Hi all,
>
> The last defect Sentry picked up has been removed, yay!  At the same
> time, a new NULL dereference bug appeared, in sequencer.c:
>
>      static int is_index_unchanged(void)
>      {
>          unsigned char head_sha1[20];
>          struct commit *head_commit;
>
>          if (!resolve_ref_unsafe("HEAD", head_sha1, 1, NULL))
>              return error(_("Could not resolve HEAD commit\n"));
>
>          head_commit = lookup_commit(head_sha1);
>          if (!head_commit || parse_commit(head_commit))
>              return error(_("could not parse commit %s\n"),
>                       sha1_to_hex(head_commit->object.sha1));
>
> In the last line quoted above, head_commit may be NULL, and it is
> dereferenced in the call to sha1_to_hex.  Assuming lookup_commit(head_sha1)
> can return NULL, this function will segfault.
>
> Introduced here:
> https://github.com/gitster/git/commit/b27cfb0#sequencer.c

Similar code in builtin/commit.c just reports "could not parse HEAD 
commit" without any hash and thus no pointer dereference.

René

next prev parent reply	other threads:[~2012-05-02 12:53 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-05-02  8:45 New NULL dereference in sequence.c Michael Mueller
2012-05-02 12:53 ` René Scharfe [this message]
2012-05-02 17:34   ` Neil Horman
2012-05-02 17:39     ` Matthieu Moy
2012-05-02 19:38       ` Neil Horman

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4FA12E42.201@lsrfire.ath.cx \
    --to=rene.scharfe@lsrfire.ath.cx \
    --cc=git@vger.kernel.org \
    --cc=mmueller@vigilantsw.com \
    --cc=nhorman@tuxdriver.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).