On Sat, Apr 8, 2017 at 2:29 AM, Brandon Williams <bmwill@xxxxxxxxxx> wrote: > In 'clear_pathspec()' the incorrect index parameter is used to bound an > inner-loop which is used to free a 'struct attr_match' value field. > Using the incorrect index parameter (in addition to being incorrect) > occasionally causes segmentation faults when attempting to free an > invalid pointer. Fix this by using the correct index parameter 'i'. > > Signed-off-by: Brandon Williams <bmwill@xxxxxxxxxx> > --- > pathspec.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/pathspec.c b/pathspec.c > index 303efda83..69ef86b85 100644 > --- a/pathspec.c > +++ b/pathspec.c > @@ -724,7 +724,7 @@ void clear_pathspec(struct pathspec *pathspec) > free(pathspec->items[i].match); > free(pathspec->items[i].original); > > - for (j = 0; j < pathspec->items[j].attr_match_nr; j++) > + for (j = 0; j < pathspec->items[i].attr_match_nr; j++) Ouch. Perhaps this is a good time to rename 'j' to something better? attr_idx or attr_index, maybe. > free(pathspec->items[i].attr_match[j].value); > free(pathspec->items[i].attr_match); > > -- > 2.12.2.715.g7642488e1d-goog > -- Duy