diff options
author | Phillip Wood <phillip.wood@dunelm.org.uk> | 2018-10-04 11:07:41 +0100 |
---|---|---|
committer | Junio C Hamano <gitster@pobox.com> | 2018-10-04 22:47:26 -0700 |
commit | 74d156f4a1b1d563b422127ee347eaa348973a0c (patch) | |
tree | 64941cf83b6582e066c14ae27d01297d194153c1 /t/t5100/msg0005 | |
parent | Second batch post 2.19 (diff) | |
download | tgif-74d156f4a1b1d563b422127ee347eaa348973a0c.tar.xz |
diff --color-moved-ws: fix double free crash
Running
git diff --color-moved-ws=allow-indentation-change v2.18.0 v2.19.0
results in a crash due to a double free. This happens when two
potential moved blocks start with consecutive lines. As
pmb_advance_or_null_multi_match() advances it copies the ws_delta from
the last matching line to the next. When the first of our consecutive
lines is advanced its ws_delta well be copied to the second,
overwriting the ws_delta of the block containing the second line. Then
when the second line is advanced it will copy the new ws_delta to the
line below it and so on. Eventually one of these blocks will stop
matching and the ws_delta will be freed. From then on the other block
is in a use-after-free state and when it stops matching it will try to
free the ws_delta that has already been freed by the other block.
The solution is to store the ws_delta in the array of potential moved
blocks rather than with the lines. This means that it no longer needs
to be copied around and one block cannot overwrite the ws_delta of
another. Additionally it saves some malloc/free calls as we don't keep
allocating and freeing ws_deltas.
Signed-off-by: Phillip Wood <phillip.wood@dunelm.org.uk>
Reviewed-by: Stefan Beller <sbeller@google.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 't/t5100/msg0005')
0 files changed, 0 insertions, 0 deletions