Code

for-each-ref: fix segfault in copy_email
authorJeff King <peff@peff.net>
Mon, 18 May 2009 17:58:11 +0000 (13:58 -0400)
committerJunio C Hamano <gitster@pobox.com>
Wed, 20 May 2009 07:06:19 +0000 (00:06 -0700)
You can trigger a segfault in git.git by doing:

  git for-each-ref --format='%(taggeremail)' refs/tags/v0.99

The v0.99 tag is special in that it contains no "tagger"
header.

The bug is obvious in copy_email, which carefully checks to
make sure the result of a strchr is non-NULL, but only after
already having used it to perform other work. The fix is to
move the check up.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
builtin-for-each-ref.c

index 91e8f95fd20215cae72e206a691370c71dbc575e..d091e04af9549b70a1e15a4b845383056e71932e 100644 (file)
@@ -339,8 +339,11 @@ static const char *copy_name(const char *buf)
 static const char *copy_email(const char *buf)
 {
        const char *email = strchr(buf, '<');
-       const char *eoemail = strchr(email, '>');
-       if (!email || !eoemail)
+       const char *eoemail;
+       if (!email)
+               return "";
+       eoemail = strchr(email, '>');
+       if (!eoemail)
                return "";
        return xmemdupz(email, eoemail + 1 - email);
 }