> static int get_object(struct ref_array_item *ref, const struct object_id *oid,
> - int deref, struct object **obj, struct strbuf *err)
> + int deref, struct object **obj, struct strbuf *err)
> {
> int eaten;
Here the variable 'eaten' is declared, but left uninitialized. This
was fine until now, because ...
> int ret = 0;
> unsigned long size;
> - void *buf = get_obj(oid, obj, &size, &eaten);
... this line used to set it anyway.
> + enum object_type type;
> + void *buf = read_object_file(oid, &type, &size);
> if (!buf)
> ret = strbuf_addf_ret(err, -1, _("missing object %s for %s"),
> oid_to_hex(oid), ref->refname);
> - else if (!*obj)
> - ret = strbuf_addf_ret(err, -1, _("parse_object_buffer failed on %s for %s"),
> - oid_to_hex(oid), ref->refname);
> - else
> - grab_values(ref->value, deref, *obj, buf, size);
> + else {
> + *obj = parse_object_buffer(oid, type, size, buf, &eaten);
However, with this change 'eaten' is only set here conditionally: if
read_object_file() doesn't return a valid object buffer, then 'eaten'
remains uninitialized.
> + if (!*obj)
> + ret = strbuf_addf_ret(err, -1, _("parse_object_buffer failed on %s for %s"),
> + oid_to_hex(oid), ref->refname);
> + else
> + grab_values(ref->value, deref, *obj, buf, size);
> + }
> if (!eaten)
And ultimately this condition could depend on an uninitialized value.
> free(buf);
> return ret;
>
> --
> https://github.com/git/git/pull/520
>
