From fe7fe62d8da0949d9b2bca34467b349bd294e91b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ren=C3=A9=20Scharfe?= Date: Wed, 30 Jun 2021 18:12:43 +0200 Subject: grep: report missing left operand of --and MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Git grep allows combining two patterns with --and. It checks and reports if the second pattern is missing when compiling the expression. A missing first pattern, however, is only reported later at match time. Thus no error is returned if no matching is done, e.g. because no file matches the also given pathspec. When that happens we get an expression tree with an GREP_NODE_AND node and a NULL pointer to the missing left child. free_pattern_expr() tries to dereference it during the cleanup at the end, which results in a segmentation fault. Fix this by verifying the presence of the left operand at expression compilation time. Reported-by: Matthew Hughes Helped-by: Ævar Arnfjörð Bjarmason Signed-off-by: René Scharfe Signed-off-by: Junio C Hamano --- grep.c | 2 ++ t/t7810-grep.sh | 9 +++++++++ 2 files changed, 11 insertions(+) diff --git a/grep.c b/grep.c index 4db1510d16..71e44402dc 100644 --- a/grep.c +++ b/grep.c @@ -774,6 +774,8 @@ static struct grep_expr *compile_pattern_and(struct grep_pat **list) x = compile_pattern_not(list); p = *list; if (p && p->token == GREP_AND) { + if (!x) + die("--and not preceded by pattern expression"); if (!p->next) die("--and not followed by pattern expression"); *list = p->next; diff --git a/t/t7810-grep.sh b/t/t7810-grep.sh index 43aa4161cf..47434e6687 100755 --- a/t/t7810-grep.sh +++ b/t/t7810-grep.sh @@ -8,6 +8,13 @@ test_description='git grep various. . ./test-lib.sh +test_invalid_grep_expression() { + params="$@" && + test_expect_success "invalid expression: grep $params" ' + test_must_fail git grep $params -- nonexisting + ' +} + cat >hello.c < #include @@ -81,6 +88,8 @@ test_expect_success 'grep should not segfault with a bad input' ' test_must_fail git grep "(" ' +test_invalid_grep_expression --and -e A + for H in HEAD '' do case "$H" in -- cgit v1.2.3