You can trigger a segfault in git.git by doing:
git for-each-ref --format='%(taggeremail)' refs/tags/v0.99
The v0.99 tag is special in that it contains no "tagger"
header.
The bug is obvious in copy_email, which carefully checks to
make sure the result of a strchr is non-NULL, but only after
already having used it to perform other work. The fix is to
move the check up.
Signed-off-by: Jeff King <peff@xxxxxxxx>
---
builtin-for-each-ref.c | 7 +++++--
1 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/builtin-for-each-ref.c b/builtin-for-each-ref.c
index 91e8f95..d091e04 100644
--- a/builtin-for-each-ref.c
+++ b/builtin-for-each-ref.c
@@ -339,8 +339,11 @@ static const char *copy_name(const char *buf)
static const char *copy_email(const char *buf)
{
const char *email = strchr(buf, '<');
- const char *eoemail = strchr(email, '>');
- if (!email || !eoemail)
+ const char *eoemail;
+ if (!email)
+ return "";
+ eoemail = strchr(email, '>');
+ if (!eoemail)
return "";
return xmemdupz(email, eoemail + 1 - email);
}
--
1.6.3.1.137.g9019.dirty
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html