The loop at the top of can_all_from_reach_with_flag() already
accounts for `from->objects[i].item' being NULL, so it follows
the cleanup loop should also account for a NULL `from_one'.
I managed to segfault here on one of my giant, many-remote repos
using `git fetch --negotiation-tip=... --negotiation-only'
where the --negotiation-tip= argument was a glob which (inadvertently)
captured more refs than I wanted. I have not reproduced this
in a standalone test case.
Signed-off-by: Eric Wong <e@xxxxxxxxx>
---
Not sure if somebody who understands the code better can come
up with a good standalone test case. I figure using the top
loop as reference is sufficient evidence that this fix is needed.
commit-reach.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/commit-reach.c b/commit-reach.c
index 2e33c599a82..1d7056338b7 100644
--- a/commit-reach.c
+++ b/commit-reach.c
@@ -807,8 +807,12 @@ int can_all_from_reach_with_flag(struct object_array *from,
clear_commit_marks_many(nr_commits, list, RESULT | assign_flag);
free(list);
- for (i = 0; i < from->nr; i++)
- from->objects[i].item->flags &= ~assign_flag;
+ for (i = 0; i < from->nr; i++) {
+ struct object *from_one = from->objects[i].item;
+
+ if (from_one)
+ from_one->flags &= ~assign_flag;
+ }
return result;
}
