diff options
| author | Ævar Arnfjörð Bjarmason <avarab@gmail.com> | 2021-11-11 08:18:55 +0300 |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2021-11-11 21:41:54 +0300 |
| commit | 168a937bbcf74370267fe04f5368035948745baa (patch) | |
| tree | 6c558744b02d9a6d0ab1e10aaee842ba0feea45a /object-file.c | |
| parent | 96e41f58fe1a5aeadf2bf1c1850c53a1c1144bbc (diff) | |
object-file: fix SEGV on free() regression in v2.34.0-rc2
Fix a regression introduced in my 96e41f58fe1 (fsck: report invalid
object type-path combinations, 2021-10-01). When fsck-ing blobs larger
than core.bigFileThreshold, we'd free() a pointer to uninitialized
memory.
This issue would have been caught by SANITIZE=address, but since it
involves core.bigFileThreshold, none of the existing tests in our test
suite covered it.
Running them with the "big_file_threshold" in "environment.c" changed
to say "6" would have shown this failure, but let's add a dedicated
test for this scenario based on Han Xin's report[1].
The bug was introduced between v9 and v10[2] of the fsck series merged
in 061a21d36d8 (Merge branch 'ab/fsck-unexpected-type', 2021-10-25).
1. https://lore.kernel.org/git/20211111030302.75694-1-hanxin.hx@alibaba-inc.com/
2. https://lore.kernel.org/git/cover-v10-00.17-00000000000-20211001T091051Z-avarab@gmail.com/
Reported-by: Han Xin <chiyutianyi@gmail.com>
Signed-off-by: Ævar Arnfjörð Bjarmason <avarab@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'object-file.c')
| -rw-r--r-- | object-file.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/object-file.c b/object-file.c index 4c258703a0..9213a51721 100644 --- a/object-file.c +++ b/object-file.c @@ -2533,6 +2533,8 @@ int read_loose_object(const char *path, char hdr[MAX_HEADER_LEN]; unsigned long *size = oi->sizep; + *contents = NULL; + map = map_loose_object_1(the_repository, path, NULL, &mapsize); if (!map) { error_errno(_("unable to mmap %s"), path); |