From: Jeff King Date: Mon, 18 May 2009 17:58:11 +0000 (-0400) Subject: for-each-ref: fix segfault in copy_email X-Git-Tag: v1.6.3.2~29 X-Git-Url: https://git.tokkee.org/?a=commitdiff_plain;h=e64c1b0053f2dc4fc5b434a9806b90318bac9592;p=git.git for-each-ref: fix segfault in copy_email You can trigger a segfault in git.git by doing: git for-each-ref --format='%(taggeremail)' refs/tags/v0.99 The v0.99 tag is special in that it contains no "tagger" header. The bug is obvious in copy_email, which carefully checks to make sure the result of a strchr is non-NULL, but only after already having used it to perform other work. The fix is to move the check up. Signed-off-by: Jeff King Signed-off-by: Junio C Hamano --- diff --git a/builtin-for-each-ref.c b/builtin-for-each-ref.c index 91e8f95fd..d091e04af 100644 --- a/builtin-for-each-ref.c +++ b/builtin-for-each-ref.c @@ -339,8 +339,11 @@ static const char *copy_name(const char *buf) static const char *copy_email(const char *buf) { const char *email = strchr(buf, '<'); - const char *eoemail = strchr(email, '>'); - if (!email || !eoemail) + const char *eoemail; + if (!email) + return ""; + eoemail = strchr(email, '>'); + if (!eoemail) return ""; return xmemdupz(email, eoemail + 1 - email); }