From f917f57f40a22b64ab5354e99dbf32bb48d9fc0a Mon Sep 17 00:00:00 2001 From: Enzo Matsumiya Date: Wed, 24 Nov 2021 21:02:39 -0300 Subject: pager: fix crash when pager program doesn't exist When prepare_cmd() fails for, e.g., pager process setup, child_process_clear() frees the memory in pager_process.args, but .argv was pointed to pager_process.args.v earlier in start_command(), so it's now a dangling pointer. setup_pager() is then called a second time, from cmd_log_init_finish() in this case, and any further operations using its .argv, e.g. strvec_*, will use the dangling pointer and eventually crash. According to trivial tests, setup_pager() is not called twice if the first call is successful. This patch makes sure that pager_process is properly initialized on setup_pager(). Drop CHILD_PROCESS_INIT from its declaration since it's no longer really necessary. Add a test to catch possible regressions. Reproducer: $ git config pager.show INVALID_PAGER $ git show $VALID_COMMIT error: cannot run INVALID_PAGER: No such file or directory [1] 3619 segmentation fault (core dumped) git show $VALID_COMMIT Signed-off-by: Enzo Matsumiya Signed-off-by: Junio C Hamano --- pager.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'pager.c') diff --git a/pager.c b/pager.c index 52f27a6765..27877f8ebb 100644 --- a/pager.c +++ b/pager.c @@ -8,7 +8,7 @@ #define DEFAULT_PAGER "less" #endif -static struct child_process pager_process = CHILD_PROCESS_INIT; +static struct child_process pager_process; static const char *pager_program; /* Is the value coming back from term_columns() just a guess? */ @@ -124,6 +124,8 @@ void setup_pager(void) setenv("GIT_PAGER_IN_USE", "true", 1); + child_process_init(&pager_process); + /* spawn the pager */ prepare_pager_args(&pager_process, pager); pager_process.in = -1; -- cgit v1.2.3