From: Jim Meyering <jim@meyering•net>
To: git list <git@vger•kernel.org>
Subject: [PATCH next] don't let mailmap provoke use of freed memory
Date: Mon, 11 Oct 2010 17:41:16 +0200 [thread overview]
Message-ID: <87tyksd9er.fsf@meyering.net> (raw)
On an x86_64 system (F13-based), I ran these commands in an empty directory:
git init
printf '%s\n' \
'<jdoe@example•com> <jdoe@example•COM>' \
'John <jdoe@example•com>' > .mailmap
git shortlog < /dev/null
Here's the result:
(reading log message from standard input)
*** glibc detected *** git: free(): invalid pointer: 0x0000000000f53730 ***
======= Backtrace: =========
/lib64/libc.so.6[0x31ba875676]
git[0x48c2a5]
git[0x4b9858]
...
zsh: abort (core dumped) git shortlog
What happened?
Some .mailmap entry is of the <email1> <email2> form,
while a subsequent one looks like "User Name <Email2>,
and the two email addresses on the right are not identical
but are "equal" when using a case-insensitive comparator.
Then, when add_mapping is processing the latter line, new_email is NULL
and we free me->email, yet do not replace it with a new strdup'd string.
Thus, when later we attempt to use the buffer behind that ->email pointer,
we reference freed memory.
The solution is to free ->email and ->name only if we're about to replace them.
Signed-off-by: Jim Meyering <meyering@redhat•com>
---
mailmap.c | 10 ++++++----
1 files changed, 6 insertions(+), 4 deletions(-)
diff --git a/mailmap.c b/mailmap.c
index f80b701..02fcfde 100644
--- a/mailmap.c
+++ b/mailmap.c
@@ -79,12 +79,14 @@ static void add_mapping(struct string_list *map,
if (old_name == NULL) {
debug_mm("mailmap: adding (simple) entry for %s at index %d\n", old_email, index);
/* Replace current name and new email for simple entry */
- free(me->name);
- free(me->email);
- if (new_name)
+ if (new_name) {
+ free(me->name);
me->name = xstrdup(new_name);
- if (new_email)
+ }
+ if (new_email) {
+ free(me->email);
me->email = xstrdup(new_email);
+ }
} else {
struct mailmap_info *mi = xmalloc(sizeof(struct mailmap_info));
debug_mm("mailmap: adding (complex) entry for %s at index %d\n", old_email, index);
--
1.7.3.1.104.gc752e
next reply other threads:[~2010-10-11 15:41 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-10-11 15:41 Jim Meyering [this message]
2010-10-11 16:21 ` [PATCH next] don't let mailmap provoke use of freed memory Jonathan Nieder
2010-10-15 5:22 ` Ævar Arnfjörð Bjarmason
2010-10-15 6:18 ` Jonathan Nieder
2010-10-15 7:59 ` Jonathan Nieder
2010-10-15 17:12 ` [PATCH] t4203 (mailmap): stop hardcoding commit ids and dates Jonathan Nieder
2010-10-17 4:43 ` Junio C Hamano
2010-10-20 6:29 ` Junio C Hamano
2010-10-20 6:31 ` Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87tyksd9er.fsf@meyering.net \
--to=jim@meyering$(echo .)net \
--cc=git@vger$(echo .)kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox