[PATCH] builtin/blame: destroy initialized commit_info only

Eric Sunshine Mon, 09 Feb 2015 13:29:24 -0800

Since ea02ffa3 (mailmap: simplify map_user() interface, 2013-01-05),
find_alignment() has been invoking commit_info_destroy() on an
uninitialized auto 'struct commit_info' (when METAINFO_SHOWN is not
set). commit_info_destroy() calls strbuf_release() for each of
'commit_info' strbuf member, which randomly invokes free() on whatever
random stack value happens to be reside in strbuf.buf, thus leading to
periodic crashes.


Reported-by: Dilyan Palauzov <dilyan.palau...@aegee.org>
Signed-off-by: Eric Sunshine <sunsh...@sunshineco.com>
---

No test accompanying this fix since I don't know how to formulate one.

Discussion: http://thread.gmane.org/gmane.comp.version-control.git/263534

 builtin/blame.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/builtin/blame.c b/builtin/blame.c
index 303e217..a3cc972 100644
--- a/builtin/blame.c
+++ b/builtin/blame.c
@@ -2085,7 +2085,6 @@ static void find_alignment(struct scoreboard *sb, int 
*option)
 
        for (e = sb->ent; e; e = e->next) {
                struct origin *suspect = e->suspect;
-               struct commit_info ci;
                int num;
 
                if (compute_auto_abbrev)
@@ -2096,6 +2095,7 @@ static void find_alignment(struct scoreboard *sb, int 
*option)
                if (longest_file < num)
                        longest_file = num;
                if (!(suspect->commit->object.flags & METAINFO_SHOWN)) {
+                       struct commit_info ci;
                        suspect->commit->object.flags |= METAINFO_SHOWN;
                        get_commit_info(suspect->commit, &ci, 1);
                        if (*option & OUTPUT_SHOW_EMAIL)
@@ -2104,6 +2104,7 @@ static void find_alignment(struct scoreboard *sb, int 
*option)
                                num = utf8_strwidth(ci.author.buf);
                        if (longest_author < num)
                                longest_author = num;
+                       commit_info_destroy(&ci);
                }
                num = e->s_lno + e->num_lines;
                if (longest_src_lines < num)
@@ -2113,8 +2114,6 @@ static void find_alignment(struct scoreboard *sb, int 
*option)
                        longest_dst_lines = num;
                if (largest_score < ent_score(sb, e))
                        largest_score = ent_score(sb, e);
-
-               commit_info_destroy(&ci);
        }
        max_orig_digits = decimal_width(longest_src_lines);
        max_digits = decimal_width(longest_dst_lines);
-- 
2.3.0.rc2.191.g303d43c

--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH] builtin/blame: destroy initialized commit_info only

Reply via email to