[PATCH] negative-refspec: fix segfault on : refspec

"Nipunn Koorapati via GitGitGadget" <gitgitgadget@xxxxxxxxx> · Sat, 19 Dec 2020 17:23:18 +0000

From: Nipunn Koorapati <nipunn@xxxxxxxxxxx>

Previously, if remote.origin.push was set to ":",
git would segfault during a push operation, due to bad
parsing logic in query_matches_negative_refspec. Per
bisect, the bug was introduced in:
c0192df630 (refspec: add support for negative refspecs, 2020-09-30)

Added testing for this case in fetch-negative-refspec

Signed-off-by: Nipunn Koorapati <nipunn@xxxxxxxxxxx>
---
    negative-refspec: fix segfault on : refspec
    
    Previously, if remote.origin.push was set to ":", git would segfault
    during a push operation, due to bad parsing logic in
    query_matches_negative_refspec. Per bisect, the bug was introduced in:
    c0192df630 (refspec: add support for negative refspecs, 2020-09-30)
    
    We found this issue when rolling out git 2.29 at Dropbox - as several
    folks had "push = :" in their configuration. I based my diff off the
    master branch, but also confirmed that it patches cleanly onto maint -
    if the maintainers would like to also fix the segfault on 2.29

Published-As: https://github.com/gitgitgadget/git/releases/tag/pr-820%2Fnipunn1313%2Fnk%2Fpush-refspec-segfault-v1
Fetch-It-Via: git fetch https://github.com/gitgitgadget/git pr-820/nipunn1313/nk/push-refspec-segfault-v1
Pull-Request: https://github.com/gitgitgadget/git/pull/820

 remote.c                          |  5 ++---
 t/t5582-fetch-negative-refspec.sh | 10 ++++++++++
 2 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/remote.c b/remote.c
index 9f2450cb51b..8ab8d25294c 100644
--- a/remote.c
+++ b/remote.c
@@ -751,9 +751,8 @@ static int query_matches_negative_refspec(struct refspec *rs, struct refspec_ite
 
 			if (match_name_with_pattern(key, needle, value, &expn_name))
 				string_list_append_nodup(&reversed, expn_name);
-		} else {
-			if (!strcmp(needle, refspec->src))
-				string_list_append(&reversed, refspec->src);
+		} else if (refspec->src != NULL && !strcmp(needle, refspec->src)) {
+			string_list_append(&reversed, refspec->src);
 		}
 	}
 
diff --git a/t/t5582-fetch-negative-refspec.sh b/t/t5582-fetch-negative-refspec.sh
index 8c61e28fec8..4960378e0b7 100755
--- a/t/t5582-fetch-negative-refspec.sh
+++ b/t/t5582-fetch-negative-refspec.sh
@@ -186,4 +186,14 @@ test_expect_success "fetch --prune with negative refspec" '
 	)
 '
 
+test_expect_success "push with empty refspec" '
+	(
+		cd two &&
+		git config remote.one.push : &&
+		# Fails w/ tip behind counterpart - but should not segfault
+		test_must_fail git push one master &&
+		git config --unset remote.one.push
+	)
+'
+
 test_done

base-commit: 6d3ef5b467eccd2769f1aa1c555d317d3c8dc707
-- 
gitgitgadget






