remote: fix use-after-free error detected by glibc in ref_remove_duplicates

In ref_remove_duplicates, when we encounter a duplicate and remove it
from the list we need to make sure that the prev pointer stays
pointing at the last entry and also skip over adding the just freed
entry to the string_list.

Previously fetch could crash with:
*** glibc detected *** git: corrupted double-linked list: ...

Also add a test to try and catch problems with duplicate removal in
the future.

Acked-by: Nicolas Pitre <nico@fluxnic.net>
Signed-off-by: Julian Phillips <julian@quantumfyre.co.uk>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
This commit is contained in:
Julian Phillips 2009-11-13 21:25:56 +00:00 committed by Junio C Hamano
parent b1a01e1c07
commit 95c96d48e6
2 changed files with 13 additions and 0 deletions

View File

@ -754,6 +754,8 @@ void ref_remove_duplicates(struct ref *ref_map)
prev->next = ref_map->next;
free(ref_map->peer_ref);
free(ref_map);
ref_map = prev; /* skip this; we freed it */
continue;
}
item = string_list_insert(ref_map->peer_ref->name, &refs);

View File

@ -341,4 +341,15 @@ test_expect_success 'fetch into the current branch with --update-head-ok' '
'
test_expect_success "should be able to fetch with duplicate refspecs" '
mkdir dups &&
cd dups &&
git init &&
git config branch.master.remote three &&
git config remote.three.url ../three/.git &&
git config remote.three.fetch +refs/heads/*:refs/remotes/origin/* &&
git config --add remote.three.fetch +refs/heads/*:refs/remotes/origin/* &&
git fetch three
'
test_done