On 10/7/2021 5:50 AM, Phillip Wood via GitGitGadget wrote: > From: Phillip Wood <phillip.wood@xxxxxxxxxxxxx> > > In a sparse index it is possible for the tree that is being verified > to be freed while it is being verified. This happens when the index is > sparse but the cache tree is not and index_name_pos() looks up a path > from the cache tree that is a descendant of a sparse index entry. That > triggers a call to ensure_full_index() which frees the cache tree that > is being verified. Carrying on trying to verify the tree after this > results in a use-after-free bug. Instead restart the verification if a > sparse index is converted to a full index. This bug is triggered by a > call to reset_head() in "git rebase --apply". Thanks to René Scharfe > and Derick Stolee for their help analyzing the problem. nit: s/Derick/Derrick/ Otherwise, this version looks good to me. Thanks for putting the last bit of polish on it. I'm taking this patch into our microsoft/git fork as we speak [1]. [1] https://github.com/microsoft/git/pull/439 Thanks, -Stolee
