On Sun, Mar 21 2021, Kleber Tarcísio via GitGitGadget wrote: > From: =?UTF-8?q?Kleber=20Tarc=C3=ADsio?= <klebertarcisio@xxxxxxxxxxxx> > > The malloc function can return null when the memory allocation fails. This commit adds a condition to handle these cases properly. https://cwe.mitre.org/data/definitions/476.html > > Signed-off-by: Kleber Tarcísio <klebertarcisio@xxxxxxxxxxxx> > --- > Avoiding null pointer dereference > > This pull request aims to fix null pointer dereference. > > Null pointer dereference > [https://cwe.mitre.org/data/definitions/476.html] > > Published-As: https://github.com/gitgitgadget/git/releases/tag/pr-git-983%2Fklebertarcisio%2Fpatch-1-v1 > Fetch-It-Via: git fetch https://github.com/gitgitgadget/git pr-git-983/klebertarcisio/patch-1-v1 > Pull-Request: https://github.com/git/git/pull/983 > > builtin/submodule--helper.c | 2 ++ > 1 file changed, 2 insertions(+) Thanks, from my brief grepping of the remaining code in git.git there is no other malloc() that doesn't have its return value checked appropriately. > diff --git a/builtin/submodule--helper.c b/builtin/submodule--helper.c > index 9d505a6329c8..92349d715a78 100644 > --- a/builtin/submodule--helper.c > +++ b/builtin/submodule--helper.c > @@ -1215,6 +1215,8 @@ static void submodule_summary_callback(struct diff_queue_struct *q, > if (!S_ISGITLINK(p->one->mode) && !S_ISGITLINK(p->two->mode)) > continue; > temp = (struct module_cb*)malloc(sizeof(struct module_cb)); > + if (!temp) > + die(_("out of memory")); > temp->mod_src = p->one->mode; > temp->mod_dst = p->two->mode; > temp->oid_src = p->one->oid; When we just want to die if we can't allocate memory we should use the xmalloc() wrapper instead.
