summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 5acb3e5)
raw | patch | inline | side by side (parent: 5acb3e5)
author | Jeff King <peff@peff.net> | |
Mon, 18 May 2009 17:58:11 +0000 (13:58 -0400) | ||
committer | Junio C Hamano <gitster@pobox.com> | |
Wed, 20 May 2009 07:06:19 +0000 (00:06 -0700) |
You can trigger a segfault in git.git by doing:
git for-each-ref --format='%(taggeremail)' refs/tags/v0.99
The v0.99 tag is special in that it contains no "tagger"
header.
The bug is obvious in copy_email, which carefully checks to
make sure the result of a strchr is non-NULL, but only after
already having used it to perform other work. The fix is to
move the check up.
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
git for-each-ref --format='%(taggeremail)' refs/tags/v0.99
The v0.99 tag is special in that it contains no "tagger"
header.
The bug is obvious in copy_email, which carefully checks to
make sure the result of a strchr is non-NULL, but only after
already having used it to perform other work. The fix is to
move the check up.
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
builtin-for-each-ref.c | patch | blob | history |
diff --git a/builtin-for-each-ref.c b/builtin-for-each-ref.c
index 91e8f95fd20215cae72e206a691370c71dbc575e..d091e04af9549b70a1e15a4b845383056e71932e 100644 (file)
--- a/builtin-for-each-ref.c
+++ b/builtin-for-each-ref.c
static const char *copy_email(const char *buf)
{
const char *email = strchr(buf, '<');
- const char *eoemail = strchr(email, '>');
- if (!email || !eoemail)
+ const char *eoemail;
+ if (!email)
+ return "";
+ eoemail = strchr(email, '>');
+ if (!eoemail)
return "";
return xmemdupz(email, eoemail + 1 - email);
}