From: Michael Haggerty <mhagger@xxxxxxxxxxxx>
The old code cast away the constness of the strings passed to the
function in argument argv[], which could result in their being
modified by filter_refs(). Moreover, if refs were passed via stdin,
then the memory allocated for them was never freed (though, of course,
this function is only called once so it is not a real problem).
Fix both errors by copying *all* reference names into our own array
and always freeing the array at the end of the function.
Signed-off-by: Michael Haggerty <mhagger@xxxxxxxxxxxx>
Signed-off-by: Nguyễn Thái Ngọc Duy <pclouds@xxxxxxxxx>
---
builtin/fetch-pack.c | 31 +++++++++++++++++--------------
1 files changed, 17 insertions(+), 14 deletions(-)
diff --git a/builtin/fetch-pack.c b/builtin/fetch-pack.c
index 65ac111..beabdc2 100644
--- a/builtin/fetch-pack.c
+++ b/builtin/fetch-pack.c
@@ -902,10 +902,11 @@ static void fetch_pack_setup(void)
int cmd_fetch_pack(int argc, const char **argv, const char *prefix)
{
- int i, ret, nr_heads;
+ int i, ret;
struct ref *ref = NULL;
const char *dest = NULL;
- char **heads;
+ int alloc_heads = 0, nr_heads = 0;
+ char **heads = NULL;
int fd[2];
char *pack_lockfile = NULL;
char **pack_lockfile_ptr = NULL;
@@ -934,8 +935,6 @@ int cmd_fetch_pack(int argc, const char **argv, const char *prefix)
packet_trace_identity("fetch-pack");
- nr_heads = 0;
- heads = NULL;
argc = parse_options(argc, argv, prefix, opts, fetch_pack_usage, 0);
args.no_progress = !progress;
if (args.keep_pack > 1)
@@ -945,19 +944,19 @@ int cmd_fetch_pack(int argc, const char **argv, const char *prefix)
dest = argv[0];
if (!argc || !dest)
usage_with_options(fetch_pack_usage, opts);
- heads = (char **)(argv + 1);
- nr_heads = argc - 1;
+
+ /*
+ * Copy refs from cmdline to new growable list, then append
+ * any refs from the standard input.
+ */
+ ALLOC_GROW(heads, argc - 1, alloc_heads);
+ for (i = 1; i < argc; i++)
+ heads[nr_heads++] = xstrdup(argv[i]);
if (args.stdin_refs) {
- /*
- * Copy refs from cmdline to new growable list, then
- * append the refs from the standard input.
- */
- int alloc_heads = nr_heads;
- int size = nr_heads * sizeof(*heads);
- heads = memcpy(xmalloc(size), heads, size);
if (args.stateless_rpc) {
- /* in stateless RPC mode we use pkt-line to read
+ /*
+ * in stateless RPC mode we use pkt-line to read
* from stdin, until we get a flush packet
*/
static char line[1000];
@@ -1023,6 +1022,10 @@ int cmd_fetch_pack(int argc, const char **argv, const char *prefix)
ref = ref->next;
}
+ for (i = 0; i < nr_heads; ++i)
+ free(heads[i]);
+ free(heads);
+
return ret;
}
--
1.7.8.36.g69ee2
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html