From b84e65d40929ec1146f54dcf4c9dbf8dc58467d0 Mon Sep 17 00:00:00 2001 From: Junio C Hamano Date: Mon, 21 Mar 2016 12:01:43 -0700 Subject: merge: fix NULL pointer dereference when merging nothing into void When we are on an unborn branch and merging only one foreign parent, we allow "git merge" to fast-forward to that foreign parent commit. This codepath incorrectly attempted to dereference the list of parents that the merge is going to record even when the list is empty. It must refuse to operate instead when there is no parent. All other codepaths make sure the list is not empty before they dereference it, and are safe. Reported-by: Jose Ivan B. Vilarouca Filho Signed-off-by: Junio C Hamano --- builtin/merge.c | 10 +++++----- t/t7600-merge.sh | 10 ++++++++++ 2 files changed, 15 insertions(+), 5 deletions(-) diff --git a/builtin/merge.c b/builtin/merge.c index 101ffeff4c..bf2f2614fb 100644 --- a/builtin/merge.c +++ b/builtin/merge.c @@ -1257,12 +1257,12 @@ int cmd_merge(int argc, const char **argv, const char *prefix) builtin_merge_options); if (!head_commit) { - struct commit *remote_head; /* * If the merged head is a valid one there is no reason * to forbid "git merge" into a branch yet to be born. * We do the same for "git pull". */ + unsigned char *remote_head_sha1; if (squash) die(_("Squash commit into empty head not supported yet")); if (fast_forward == FF_NO) @@ -1270,13 +1270,13 @@ int cmd_merge(int argc, const char **argv, const char *prefix) "an empty head")); remoteheads = collect_parents(head_commit, &head_subsumed, argc, argv, NULL); - remote_head = remoteheads->item; - if (!remote_head) + if (!remoteheads) die(_("%s - not something we can merge"), argv[0]); if (remoteheads->next) die(_("Can merge only exactly one commit into empty head")); - read_empty(remote_head->object.oid.hash, 0); - update_ref("initial pull", "HEAD", remote_head->object.oid.hash, + remote_head_sha1 = remoteheads->item->object.oid.hash; + read_empty(remote_head_sha1, 0); + update_ref("initial pull", "HEAD", remote_head_sha1, NULL, 0, UPDATE_REFS_DIE_ON_ERR); goto done; } diff --git a/t/t7600-merge.sh b/t/t7600-merge.sh index 302e238263..9d7952f42c 100755 --- a/t/t7600-merge.sh +++ b/t/t7600-merge.sh @@ -725,4 +725,14 @@ test_expect_success 'merge detects mod-256 conflicts (resolve)' ' test_must_fail git merge -s resolve master ' +test_expect_success 'merge nothing into void' ' + git init void && + ( + cd void && + git remote add up .. && + git fetch up && + test_must_fail git merge FETCH_HEAD + ) +' + test_done -- cgit v1.2.3