In 'clear_pathspec()' the incorrect index parameter is used to bound an inner-loop which is used to free a 'struct attr_match' value field. Using the incorrect index parameter (in addition to being incorrect) occasionally causes segmentation faults when attempting to free an invalid pointer. Fix this by using the correct index parameter 'i'. Signed-off-by: Brandon Williams <bmwill@xxxxxxxxxx> --- pathspec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pathspec.c b/pathspec.c index 303efda83..69ef86b85 100644 --- a/pathspec.c +++ b/pathspec.c @@ -724,7 +724,7 @@ void clear_pathspec(struct pathspec *pathspec) free(pathspec->items[i].match); free(pathspec->items[i].original); - for (j = 0; j < pathspec->items[j].attr_match_nr; j++) + for (j = 0; j < pathspec->items[i].attr_match_nr; j++) free(pathspec->items[i].attr_match[j].value); free(pathspec->items[i].attr_match); -- 2.12.2.715.g7642488e1d-goog