diff options
| author | Eric Wong <e@80x24.org> | 2023-02-11 14:15:26 +0300 |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2023-02-11 22:36:24 +0300 |
| commit | c5773dc078f05a98c9359938dbce3b3dc70aa3bd (patch) | |
| tree | 6e016ecf74b3ef7bb22ce24fc08f20abecb42637 /commit-reach.c | |
| parent | 4067a64672f9db8ca38d5a2682a7cdba7938c18b (diff) | |
commit-reach: avoid NULL dereference
The loop at the top of can_all_from_reach_with_flag() already
accounts for `from->objects[i].item' being NULL, so it follows
the cleanup loop should also account for a NULL `from_one'.
I managed to segfault here on one of my giant, many-remote repos
using `git fetch --negotiation-tip=... --negotiation-only'
where the --negotiation-tip= argument was a glob which (inadvertently)
captured more refs than I wanted. I have not reproduced this
in a standalone test case.
Signed-off-by: Eric Wong <e@80x24.org>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'commit-reach.c')
| -rw-r--r-- | commit-reach.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/commit-reach.c b/commit-reach.c index 5a845440a9..7e422b0cd3 100644 --- a/commit-reach.c +++ b/commit-reach.c @@ -628,8 +628,12 @@ cleanup: } free(list); - for (i = 0; i < from->nr; i++) - from->objects[i].item->flags &= ~assign_flag; + for (i = 0; i < from->nr; i++) { + struct object *from_one = from->objects[i].item; + + if (from_one) + from_one->flags &= ~assign_flag; + } return result; } |