diff options
| author | Michael Haggerty <mhagger@alum.mit.edu> | 2013-07-15 17:24:17 +0200 |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2013-07-17 18:19:16 -0700 |
| commit | d0cf51e9401b6486aaecfea5dc3b01c3bb00f271 (patch) | |
| tree | 02e8d69901e235a0a087aff1c0e6eada091c9895 /refs.c | |
| parent | 2f1ef15070a8664d3194d164f20283d78571e51c (diff) | |
| download | git-d0cf51e9401b6486aaecfea5dc3b01c3bb00f271.tar.gz | |
do_one_ref(): save and restore value of current_refmh/packed-refs-do-one-ref-recursion
If do_one_ref() is called recursively, then the inner call should not
permanently overwrite the value stored in current_ref by the outer
call. Aside from the tiny optimization loss, peel_ref() expects the
value of current_ref not to change across a call to peel_entry(). But
in the presence of replace references that assumption could be
violated by a recursive call to do_one_ref:
do_for_each_entry()
do_one_ref()
builtin/describe.c:get_name()
peel_ref()
peel_entry()
peel_object ()
deref_tag_noverify()
parse_object()
lookup_replace_object()
do_lookup_replace_object()
prepare_replace_object()
do_for_each_ref()
do_for_each_entry()
do_for_each_entry_in_dir()
do_one_ref()
The inner call to do_one_ref() was unconditionally setting current_ref
to NULL when it was done, causing peel_ref() to perform an invalid
memory access.
So change do_one_ref() to save the old value of current_ref before
overwriting it, and restore the old value afterward rather than
setting it to NULL.
Reported-by: Mantas Mikulėnas <grawity@gmail.com>
Signed-off-by: Michael Haggerty <mhagger@alum.mit.edu>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'refs.c')
| -rw-r--r-- | refs.c | 6 |
1 files changed, 5 insertions, 1 deletions
@@ -630,7 +630,9 @@ struct ref_entry_cb { static int do_one_ref(struct ref_entry *entry, void *cb_data) { struct ref_entry_cb *data = cb_data; + struct ref_entry *old_current_ref; int retval; + if (prefixcmp(entry->name, data->base)) return 0; @@ -638,10 +640,12 @@ static int do_one_ref(struct ref_entry *entry, void *cb_data) !ref_resolves_to_object(entry)) return 0; + /* Store the old value, in case this is a recursive call: */ + old_current_ref = current_ref; current_ref = entry; retval = data->fn(entry->name + data->trim, entry->u.value.sha1, entry->flag, data->cb_data); - current_ref = NULL; + current_ref = old_current_ref; return retval; } |