diff options
author | Jeff King <peff@peff.net> | 2019-05-14 08:04:31 -0400 |
---|---|---|
committer | Junio C Hamano <gitster@pobox.com> | 2019-05-15 10:58:00 +0900 |
commit | 8ed51b066681adc88723dbe07b878904c348fdf6 (patch) | |
tree | 91c8dee440a584b00827ae2a2bdd0d72635e2e45 /sequencer.c | |
parent | mingw: allow building with an MSYS2 runtime v3.x (diff) | |
download | tgif-8ed51b066681adc88723dbe07b878904c348fdf6.tar.xz |
help_unknown_ref(): duplicate collected refnames
When "git merge" sees an unknown refname, we iterate through the refs to
try to suggest some possible alternates. We do so with for_each_ref(),
and in the callback we add some of the refnames we get to a
string_list that is declared with NODUP, directly adding a pointer into
the refname string our callback received.
But the for_each_ref() machinery does not promise that the refname
string will remain valid, and as a result we may print garbage memory.
The code in question dates back to its inception in e56181060e (help:
add help_unknown_ref(), 2013-05-04). But back then, the refname strings
generally did remain stable, at least immediately after the
for_each_ref() call. Later, in d1cf15516f (packed_ref_iterator_begin():
iterate using `mmapped_ref_iterator`, 2017-09-25), we started
consistently re-using a separate buffer for packed refs.
The fix is simple: duplicate the strings we intend to collect. We
already call string_list_clear(), so the memory is correctly freed.
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'sequencer.c')
0 files changed, 0 insertions, 0 deletions