From: Julian Phillips Date: Fri, 13 Nov 2009 21:25:56 +0000 (+0000) Subject: remote: fix use-after-free error detected by glibc in ref_remove_duplicates X-Git-Tag: v1.6.6-rc0~35^2 X-Git-Url: https://git.tokkee.org/?a=commitdiff_plain;h=95c96d48e65a597cfd2bf7228ddc8c7ca30b55b7;p=git.git remote: fix use-after-free error detected by glibc in ref_remove_duplicates In ref_remove_duplicates, when we encounter a duplicate and remove it from the list we need to make sure that the prev pointer stays pointing at the last entry and also skip over adding the just freed entry to the string_list. Previously fetch could crash with: *** glibc detected *** git: corrupted double-linked list: ... Also add a test to try and catch problems with duplicate removal in the future. Acked-by: Nicolas Pitre Signed-off-by: Julian Phillips Signed-off-by: Junio C Hamano --- diff --git a/remote.c b/remote.c index 4f9f0ccc7..e0d17bb83 100644 --- a/remote.c +++ b/remote.c @@ -754,6 +754,8 @@ void ref_remove_duplicates(struct ref *ref_map) prev->next = ref_map->next; free(ref_map->peer_ref); free(ref_map); + ref_map = prev; /* skip this; we freed it */ + continue; } item = string_list_insert(ref_map->peer_ref->name, &refs); diff --git a/t/t5510-fetch.sh b/t/t5510-fetch.sh index d13c80662..169af1edd 100755 --- a/t/t5510-fetch.sh +++ b/t/t5510-fetch.sh @@ -341,4 +341,15 @@ test_expect_success 'fetch into the current branch with --update-head-ok' ' ' +test_expect_success "should be able to fetch with duplicate refspecs" ' + mkdir dups && + cd dups && + git init && + git config branch.master.remote three && + git config remote.three.url ../three/.git && + git config remote.three.fetch +refs/heads/*:refs/remotes/origin/* && + git config --add remote.three.fetch +refs/heads/*:refs/remotes/origin/* && + git fetch three +' + test_done