diff options
| author |  Alex Riesen <raa.lkml@gmail.com> | 2008-04-28 22:23:35 +0200 |
|---|---|---|
| committer |  Junio C Hamano <gitster@pobox.com> | 2008-04-28 23:57:47 -0700 |
| commit | 7b7f39eae6ab0bbcc68d3c42a5b23595880e528f (patch) | |
| tree | b7ce174e5105d17193cef8208876b6ccaade51c3 /unpack-file.c | |
| parent | fetch-pack: do not stop traversing an already parsed commit (diff) | |
| download | tgif-7b7f39eae6ab0bbcc68d3c42a5b23595880e528f.tar.xz | |
Fix use after free() in builtin-fetch
As reported by Dave Jones:
Since master.kernel.org updated to latest, I noticed that I could crash
git-fetch by doing this..
export KERNEL=/pub/scm/linux/kernel/git/
git fetch $KERNEL/torvalds/linux-2.6 master:linus
(gdb) bt
0 0x000000349fd6d44b in free () from /lib64/libc.so.6
1 0x000000000048f4eb in transport_unlock_pack (transport=0x7ce530) at transport.c:811
2 0x000000349fd31b25 in exit () from /lib64/libc.so.6
3 0x00000000004043d8 in handle_internal_command (argc=3, argv=0x7fffea4449f0) at git.c:379
4 0x0000000000404547 in main (argc=3, argv=0x7fffea4449f0) at git.c:443
5 0x000000349fd1c784 in __libc_start_main () from /lib64/libc.so.6
6 0x0000000000403ef9 in ?? ()
7 0x00007fffea4449d8 in ?? ()
8 0x0000000000000000 in ?? ()
I then remembered, my .bashrc has this..
export MALLOC_PERTURB_=$(($RANDOM % 255 + 1))
which is handy for showing up such bugs.
More info on this glibc feature is at http://udrepper.livejournal.com/11429.html
Signed-off-by: Alex Riesen <raa.lkml@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'unpack-file.c')
0 files changed, 0 insertions, 0 deletions