From edc30691e5729435177e4fdccb8c13c3948e3c5a Mon Sep 17 00:00:00 2001 From: Patrick Steinhardt Date: Mon, 30 Mar 2020 15:46:13 +0200 Subject: refs: fix segfault when aborting empty transaction When cleaning up a transaction that has no updates queued, then the transaction's backend data will not have been allocated. We correctly handle this for the packed backend, where the cleanup function checks whether the backend data has been allocated at all -- if not, then there is nothing to clean up. For the files backend we do not check this and as a result will hit a segfault due to dereferencing a `NULL` pointer when cleaning up such a transaction. Fix the issue by checking whether `backend_data` is set in the files backend, too. Signed-off-by: Patrick Steinhardt Signed-off-by: Junio C Hamano --- refs/files-backend.c | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) (limited to 'refs') diff --git a/refs/files-backend.c b/refs/files-backend.c index 561c33ac8a..6516c7bc8c 100644 --- a/refs/files-backend.c +++ b/refs/files-backend.c @@ -2565,16 +2565,18 @@ static void files_transaction_cleanup(struct files_ref_store *refs, } } - if (backend_data->packed_transaction && - ref_transaction_abort(backend_data->packed_transaction, &err)) { - error("error aborting transaction: %s", err.buf); - strbuf_release(&err); - } + if (backend_data) { + if (backend_data->packed_transaction && + ref_transaction_abort(backend_data->packed_transaction, &err)) { + error("error aborting transaction: %s", err.buf); + strbuf_release(&err); + } - if (backend_data->packed_refs_locked) - packed_refs_unlock(refs->packed_ref_store); + if (backend_data->packed_refs_locked) + packed_refs_unlock(refs->packed_ref_store); - free(backend_data); + free(backend_data); + } transaction->state = REF_TRANSACTION_CLOSED; } -- cgit v1.2.3