"Kleber Tarcísio via GitGitGadget" <gitgitgadget@xxxxxxxxx> writes: > From: =?UTF-8?q?Kleber=20Tarc=C3=ADsio?= <klebertarcisio@xxxxxxxxxxxx> > Subject: Re: [PATCH] fix null pointer dereference Thanks, but see Documentation/SubmittingPatches for general guidelines. Our commit title begins with "<area>:" so that when this change is buried among hundreds of other commits in "git shortlog --no-merges", the readers can tell what it is about. Subject: [PATCH] submodule-helper: avoid unchecked malloc() perhaps. > The malloc function can return null when the memory allocation fails. This commit adds a condition to handle these cases properly. https://cwe.mitre.org/data/definitions/476.html Overlong line. Also when you can say something without forcing readers to refer to external material, do so (and if you do not think you can, try harder ;-). In this case, I think you do not need to say anything more than submodule-helper.c::submodule_summary_callback() calls malloc() and uses the returned value without checking for NULLness. Use xmalloc() instaed. > diff --git a/builtin/submodule--helper.c b/builtin/submodule--helper.c > index 9d505a6329c8..92349d715a78 100644 > --- a/builtin/submodule--helper.c > +++ b/builtin/submodule--helper.c > @@ -1215,6 +1215,8 @@ static void submodule_summary_callback(struct diff_queue_struct *q, > if (!S_ISGITLINK(p->one->mode) && !S_ISGITLINK(p->two->mode)) > continue; > temp = (struct module_cb*)malloc(sizeof(struct module_cb)); > + if (!temp) > + die(_("out of memory")); And this should be just - temp = (struct module_cb*)malloc(sizeof(struct module_cb)); + temp = (struct module_cb*)xmalloc(sizeof(struct module_cb)); without any "check and die" on its own. Note that if this were a new code that adds a call to xmalloc(), competent reviewers would say it should be spelled more like so: temp = xmalloc(sizeof(*temp)); to lose unnecessary cast and to prepare for future evolution of the code (e.g. the type of 'temp' may change from 'struct module_cb' to somethng else). But for this "malloc is wrong, use xmalloc instead" fix, we do not mix such a code improvement in the same patch. Thanks.
