Hi, I am a static analysis tool developer, and I have found a potential null pointer dereference bug in commit.c and would like to report it to the maintainers. This vulnerability has the potential to cause unexpected application behavior, crashes. Can you please help me check it? Thank you for your effort and patience! Below is the execution sequence of the program that may produce the null pointer dereference bug. First, in the file commit.c, the function pop_commit may assign item to NULL at line 806 if the conditional judgement is false. Second, in file commit.c, function pop_most_recent_commit calls function pop_commit at line 748, which may cause variable ret to be assigned NULL. Finally, ret is dereferenced on line 749, leading to a null pointer dereference vulnerability. However, in the file merge-ort.c, the function merge_ort_internal calls the function pop_commit on line 5176, and then makes a judgement on whether the return value of pop_commit is NULL or not on line 5177, which suggests that it is indeed possible for pop_commit to return NULL. Thank you for reviewing this report. I look forward to your response.
Attachment:
image.png
Description: PNG image
Attachment:
image.png
Description: PNG image
