From fdcd7dc8186e8d928876ae858b7d2d3a87d29453 Mon Sep 17 00:00:00 2001 From: John Keeping Date: Sun, 19 Feb 2017 12:27:48 +0000 Subject: ui-shared: don't print path crumbs without a repo cgit_print_path_crumbs() can call repolink() which assumes that ctx.repo is non-null. Currently we don't have any commands that set want_vpath without also setting want_repo so it shouldn't be possible to fail this test, but the check in cgit.c is in the wrong order so it is possible to specify a query string like "?p=log&path=foo/bar" to end up here without a valid repository. This was found by American fuzzy lop [0]. [0] http://lcamtuf.coredump.cx/afl/ Signed-off-by: John Keeping --- ui-shared.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ui-shared.c b/ui-shared.c index 2e4fcd9..e5c9a02 100644 --- a/ui-shared.c +++ b/ui-shared.c @@ -1039,7 +1039,7 @@ void cgit_print_pageheader(void) free(currenturl); } html("\n"); - if (ctx.env.authenticated && ctx.qry.vpath) { + if (ctx.env.authenticated && ctx.repo && ctx.qry.vpath) { html("
"); html("path: "); cgit_print_path_crumbs(ctx.qry.vpath); -- cgit v1.2.3