Michael Wookey schrieb:
> Using the above repository, I see the same crash with msysGit at git
> revision 1.6.5. Using windbg as the post-mortem debugger, the
> following information is captured:
>
> (a14.e8c): Access violation - code c0000005 (!!! second chance !!!)
> eax=00000000 ebx=00000000 ecx=ffffffff edx=0046cc00 esi=0046f98f edi=00000000
> eip=00420354 esp=0022fd80 ebp=0022fda8 iopl=0 nv up ei pl zr na pe nc
> cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010246
>
> ...and the faulting instruction is:
>
> git_remote_curl+0x20354:
> 00420354 f2ae repne scas byte ptr es:[edi]
>
> so, a NULL dereference. The initial disassembly of the function is this:
>
> 0:000> u 0042033C
> git_remote_curl+0x2033c:
> 0042033c 55 push ebp
> 0042033d 89e5 mov ebp,esp
> 0042033f 57 push edi
> 00420340 56 push esi
> 00420341 53 push ebx
> 00420342 83ec1c sub esp,1Ch
> 00420345 8b5d08 mov ebx,dword ptr [ebp+8]
> 00420348 8b750c mov esi,dword ptr [ebp+0Ch]
> 0042034b 31c0 xor eax,eax
> 0042034d b9ffffffff mov ecx,0FFFFFFFFh
> 00420352 89df mov edi,ebx
> 00420354 f2ae repne scas byte ptr es:[edi]
> 00420356 f7d1 not ecx
> 00420358 8d51ff lea edx,[ecx-1]
> 0042035b b9ffffffff mov ecx,0FFFFFFFFh
> 00420360 89f7 mov edi,esi
> 00420362 f2ae repne scas byte ptr es:[edi]
> 00420364 f7d1 not ecx
> 00420366 49 dec ecx
> 00420367 7466 je git_remote_curl+0x203cf (004203cf)
> 00420369 85d2 test edx,edx
> 0042036b 0f84b1000000 je git_remote_curl+0x20422 (00420422)
> 00420371 89f7 mov edi,esi
> 00420373 89de mov esi,ebx
> ...
>
> So its the first parameter that is NULL. The second parameter is:
>
> 0:000> da poi(ebp+c)
> 0046f98f "libexec/git-core"
>
> I don't know how to build msysGit so that symbols are generated so
> I've attempted to reconstruct the source code; which ends up looking
> something like the following:
>
> int some_unknown_func(char *arg1, char *arg2)
> {
> len1 = strlen(arg1) - 1; // <- crash here
> len2 = strlen(arg2);
> len3 = len2 - 1;
>
> if (len2 != 1) {
> if (!len1)
> return 0;
> for (;;) {
> x = arg1[len1 - 1];
>
> if (x != '/' && x != '\\') {
> --len1;
> --len3;
> if (arg1[len1] != arg2[len3])
> return 0;
> } else {
> ...
> }
> }
> }
> }
>
> Perhaps those more familiar with git's sources might recognise code
> that looks similar to the above sequence.
Wow, this is great work, thank you very much! The function is
strip_path_suffix(). And here is a patch that fixes the crash.
--- >8 ---
From: Johannes Sixt <j6t@xxxxxxxx>
Subject: [PATCH] remote-curl: add missing initialization of argv0_path
All programs, in particular also the stand-alone programs (non-builtins)
must call git_extract_argv0_path(argv[0]) in order to help builds that
derive the installation prefix at runtime, such as the MinGW build.
Without this call, the program segfaults (or raises an assertion
failure).
Signed-off-by: Johannes Sixt <j6t@xxxxxxxx>
---
remote-curl.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/remote-curl.c b/remote-curl.c
index ad6a163..d8d276a 100644
--- a/remote-curl.c
+++ b/remote-curl.c
@@ -82,6 +82,7 @@ int main(int argc, const char **argv)
const char *url;
struct walker *walker = NULL;
+ git_extract_argv0_path(argv[0]);
setup_git_directory();
if (argc < 2) {
fprintf(stderr, "Remote needed\n");
--
1.6.5.1024.g31034.dirty
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html