undef/git-commit-vandalism
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
d5a35c114a
git-commit-vandalism/builtin
History
Nguyễn Thái Ngọc Duy d5a35c114a Copy resolve_ref() return value for longer use 
resolve_ref() may return a pointer to a static buffer. Callers that
use this value longer than a couple of statements should copy the
value to avoid some hidden resolve_ref() call that may change the
static buffer's value.

The bug found by Tony Wang <wwwjfy@gmail.com> in builtin/merge.c
demonstrates this. The first call is in cmd_merge()

branch = resolve_ref("HEAD", head_sha1, 0, &flag);

Then deep in lookup_commit_or_die() a few lines after, resolve_ref()
may be called again and destroy "branch".

lookup_commit_or_die
 lookup_commit_reference
  lookup_commit_reference_gently
   parse_object
    lookup_replace_object
     do_lookup_replace_object
      prepare_replace_object
       for_each_replace_ref
        do_for_each_ref
         get_loose_refs
          get_ref_dir
           get_ref_dir
            resolve_ref

All call sites are checked and made sure that xstrdup() is called if
the value should be saved.

Signed-off-by: Nguyễn Thái Ngọc Duy <pclouds@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2011-12-05 16:21:06 -08:00
..
add.c
annotate.c
apply.c Merge branch 'jc/apply-blank-at-eof-fix' into maint 2011-10-21 10:49:26 -07:00
archive.c upload-archive: use start_command instead of fork 2011-10-30 18:45:21 -07:00
bisect--helper.c bisect: introduce support for --no-checkout option. 2011-08-04 15:34:32 -07:00
blame.c Merge branch 'ss/blame-textconv-fake-working-tree' 2011-11-07 16:43:19 -08:00
branch.c Copy resolve_ref() return value for longer use 2011-12-05 16:21:06 -08:00
bundle.c Teach progress eye-candy to fetch_refs_from_bundle() 2011-09-19 11:07:21 -07:00
cat-file.c
check-attr.c Merge branch 'bc/attr-ignore-case' 2011-10-17 21:37:14 -07:00
check-ref-format.c
checkout-index.c
checkout.c Copy resolve_ref() return value for longer use 2011-12-05 16:21:06 -08:00
clean.c
clone.c clone: Quote user supplied path in a single quote pair 2011-10-27 12:02:02 -07:00
commit-tree.c
commit.c Copy resolve_ref() return value for longer use 2011-12-05 16:21:06 -08:00
config.c Merge branch 'mm/maint-config-explicit-bool-display' into maint 2011-10-21 10:49:24 -07:00
count-objects.c
describe.c
diff-files.c
diff-index.c
diff-tree.c
diff.c
fast-export.c
fetch-pack.c Merge branch 'mh/check-ref-format-3' 2011-10-10 15:56:18 -07:00
fetch.c Merge branch 'cn/fetch-prune' 2011-10-26 16:16:29 -07:00
fmt-merge-msg.c Copy resolve_ref() return value for longer use 2011-12-05 16:21:06 -08:00
for-each-ref.c
fsck.c
gc.c
grep.c builtin/grep: simplify lock_and_read_sha1_file() 2011-10-26 13:09:23 -07:00
hash-object.c
help.c
index-pack.c
init-db.c
log.c
ls-files.c
ls-remote.c
ls-tree.c Ensure git ls-tree exits with a non-zero exit code if read_tree_recursive fails. 2011-07-25 10:50:11 -07:00
mailinfo.c
mailsplit.c
merge-base.c
merge-file.c Merge branch 'rs/opt-help-text' 2010-11-24 15:55:19 -08:00
merge-index.c Fix sparse warnings 2011-03-22 10:16:54 -07:00
merge-ours.c
merge-recursive.c Fix sparse warnings 2011-03-22 10:16:54 -07:00
merge-tree.c
merge.c Copy resolve_ref() return value for longer use 2011-12-05 16:21:06 -08:00
mktag.c
mktree.c Merge "Move 'builtin-*' into a 'builtin/' subdirectory" 2011-11-10 09:10:51 -08:00
mv.c
name-rev.c
notes.c Copy resolve_ref() return value for longer use 2011-12-05 16:21:06 -08:00
pack-objects.c Merge branch 'dm/pack-objects-update' 2011-11-01 15:20:07 -07:00
pack-redundant.c
pack-refs.c
patch-id.c
prune-packed.c
prune.c
push.c
read-tree.c
receive-pack.c Copy resolve_ref() return value for longer use 2011-12-05 16:21:06 -08:00
reflog.c
remote-ext.c Remove unused variables 2011-03-22 11:43:27 -07:00
remote-fd.c
remote.c Convert many resolve_ref() calls to read_ref*() and ref_exists() 2011-11-13 12:21:06 -08:00
replace.c Convert many resolve_ref() calls to read_ref*() and ref_exists() 2011-11-13 12:21:06 -08:00
rerere.c rerere: libify rerere_clear() and rerere_gc() 2011-05-08 12:55:34 -07:00
reset.c Merge branch 'jk/reset-reflog-message-fix' 2011-08-08 12:33:33 -07:00
rev-list.c rev-list --verify-object 2011-09-01 15:46:13 -07:00
rev-parse.c
revert.c Merge branch 'js/no-cherry-pick-head-after-punted' 2011-10-19 10:49:05 -07:00
rm.c i18n: git-rm basic messages 2011-03-09 23:52:56 -08:00
send-pack.c
shortlog.c
show-branch.c
show-ref.c Convert many resolve_ref() calls to read_ref*() and ref_exists() 2011-11-13 12:21:06 -08:00
stripspace.c
symbolic-ref.c
tag.c Convert many resolve_ref() calls to read_ref*() and ref_exists() 2011-11-13 12:21:06 -08:00
tar-tree.c
unpack-file.c
unpack-objects.c
update-index.c
update-ref.c
update-server-info.c
upload-archive.c upload-archive: use start_command instead of fork 2011-10-30 18:45:21 -07:00
var.c
verify-pack.c
verify-tag.c
write-tree.c Move 'builtin-*' into a 'builtin/' subdirectory 2010-02-22 14:29:41 -08:00