The prev pointer was not being updated when the peer_ref member
pointer was NULL, which means that that any items in the list with a
NULL peer_ref immediately preceeding a duplicate would be dropped
without being freed.
Signed-off-by: Julian Phillips <julian@xxxxxxxxxxxxxxxxx>
---
Having fixed the access after free bug, I realised that there was
still a problem. This one didn't show up in the tests - due to the
rather specific circumstances required, but may occur in real use.
remote.c | 3 +--
1 files changed, 1 insertions(+), 2 deletions(-)
diff --git a/remote.c b/remote.c
index 1380b20..4f9f0cc 100644
--- a/remote.c
+++ b/remote.c
@@ -738,7 +738,7 @@ void ref_remove_duplicates(struct ref *ref_map)
struct string_list refs = { NULL, 0, 0, 0 };
struct string_list_item *item = NULL;
struct ref *prev = NULL, *next = NULL;
- for (; ref_map; ref_map = next) {
+ for (; ref_map; prev = ref_map, ref_map = next) {
next = ref_map->next;
if (!ref_map->peer_ref)
continue;
@@ -758,7 +758,6 @@ void ref_remove_duplicates(struct ref *ref_map)
item = string_list_insert(ref_map->peer_ref->name, &refs);
item->util = ref_map;
- prev = ref_map;
}
string_list_clear(&refs, 0);
}
--
1.6.5.rc2
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html