On Thu, Jun 20, 2024 at 04:53:11AM +0900, Mike Hommey wrote: > When you call `remote_get(name)`, you may end up giving ownership of > `name` to the remote, such that if you `free(name)`, using the remote > after that may lead to use-after-free. Of course, this is a > use-libgit-as-a-library situation; I don't think it happens in actual > git code. Try this recent series: https://lore.kernel.org/git/20240614102439.GA222287@xxxxxxxxxxxxxxxxxxxxxxx/ especially patches 2 and 3. Junio has it queued as jk/remote-wo-url. Also, you might want to check the later patches to make sure the cleanups don't cause any problems for your use case. -Peff