Re: [PATCH] do_one_ref(): save and restore value of current_ref

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Michael Haggerty <mhagger@xxxxxxxxxxxx> writes:

> If do_one_ref() is called recursively, then the inner call should not
> permanently overwrite the value stored in current_ref by the outer
> call.  Aside from the tiny optimization loss, peel_ref() expects the
> value of current_ref not to change across a call to peel_entry().  But
> in the presence of replace references that assumption could be
> violated by a recursive call to do_one_ref:
>
> do_for_each_entry()
>   do_one_ref()
>     builtin/describe.c:get_name()
>       peel_ref()
>         peel_entry()
>           peel_object ()
>             deref_tag_noverify()
>               parse_object()
>                 lookup_replace_object()
>                   do_lookup_replace_object()
>                     prepare_replace_object()
>                       do_for_each_ref()
>                         do_for_each_entry()
>                           do_for_each_entry_in_dir()
>                             do_one_ref()
>
> The inner call to do_one_ref() was unconditionally setting current_ref
> to NULL when it was done, causing peel_ref() to perform an invalid
> memory access.
>
> So change do_one_ref() to save the old value of current_ref before
> overwriting it, and restore the old value afterward rather than
> setting it to NULL.
>
> Reported by: Mantas Mikulėnas <grawity@xxxxxxxxx>
>
> Signed-off-by: Michael Haggerty <mhagger@xxxxxxxxxxxx>
> ---

Thanks.

s/Reported by:/Reported-by:/ and lose the extra blank line after it?

I wonder if we can have an easy reproduction recipe in our tests.
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]