From: Michael Haggerty <mhagger@xxxxxxxxxxxx>
Prevent the string from being overwritten by other callers of
git_path() and friends before we are done using it.
Signed-off-by: Michael Haggerty <mhagger@xxxxxxxxxxxx>
---
Otherwise, this bug will be triggered by later patches in the series.
I didn't do a careful code audit of this problem, but it seems very
plausible that that check_ancestors() and/or check_merge_bases() are
guilty. They certainly do a lot more than should be done while
holding on to a pointer to a statically-allocated buffer.
I cursorily checked other code in the neighborhood for similar abuses,
but it would be good for an expert to look it over.
bisect.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/bisect.c b/bisect.c
index 6e186e2..48acf73 100644
--- a/bisect.c
+++ b/bisect.c
@@ -833,7 +833,7 @@ static int check_ancestors(const char *prefix)
*/
static void check_good_are_ancestors_of_bad(const char *prefix, int no_checkout)
{
- const char *filename = git_path("BISECT_ANCESTORS_OK");
+ char *filename = xstrdup(git_path("BISECT_ANCESTORS_OK"));
struct stat st;
int fd;
@@ -842,11 +842,11 @@ static void check_good_are_ancestors_of_bad(const char *prefix, int no_checkout)
/* Check if file BISECT_ANCESTORS_OK exists. */
if (!stat(filename, &st) && S_ISREG(st.st_mode))
- return;
+ goto done;
/* Bisecting with no good rev is ok. */
if (good_revs.nr == 0)
- return;
+ goto done;
/* Check if all good revs are ancestor of the bad rev. */
if (check_ancestors(prefix))
@@ -859,6 +859,8 @@ static void check_good_are_ancestors_of_bad(const char *prefix, int no_checkout)
filename, strerror(errno));
else
close(fd);
+ done:
+ free(filename);
}
/*
--
1.7.10
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html