about summary refs log tree commit diff
diff options
context:
space:
mode:
authorJune McEnroe <june@causal.agency>2022-05-17T21·50+0000
committerclbot <clbot@tvl.fyi>2022-05-18T15·27+0000
commite579aa66030bde44f2b0f7d3031c08af0f7d3a3c (patch)
tree83e8de8c5d52cf36fa7e01d6b8a104506ab897b7
parent045cf244b51a90bfd7d67ba9d3e60ac950ba5c65 (diff)
fix(3p/cgit): Fix bad free in cgit_diff_tree r/4093
Since git commit 244c27242f44e6b88e3a381c90bde08d134c274b,

> diff.[ch]: have diff_free() call clear_pathspec(opts.pathspec)

calling diff_flush calls free(3) on opts.pathspec.items, so it can't
be a pointer to a stack variable.

(cherry-picked from commit
https://git.causal.agency/cgit-pink/commit/?id=cc167887f1ee6907103533187ff9679f01006a1f)

Change-Id: I3054b0839f46465e8a5ce0da52a87357c7d77128
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5631
Autosubmit: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
-rw-r--r--third_party/cgit/shared.c12
1 files changed, 5 insertions, 7 deletions
diff --git a/third_party/cgit/shared.c b/third_party/cgit/shared.c
index 8115469a7cec..0bceb9891228 100644
--- a/third_party/cgit/shared.c
+++ b/third_party/cgit/shared.c
@@ -341,9 +341,8 @@ void cgit_diff_tree(const struct object_id *old_oid,
 		    filepair_fn fn, const char *prefix, int ignorews)
 {
 	struct diff_options opt;
-	struct pathspec_item item;
+	struct pathspec_item *item;
 
-	memset(&item, 0, sizeof(item));
 	diff_setup(&opt);
 	opt.output_format = DIFF_FORMAT_CALLBACK;
 	opt.detect_rename = 1;
@@ -354,10 +353,11 @@ void cgit_diff_tree(const struct object_id *old_oid,
 	opt.format_callback = cgit_diff_tree_cb;
 	opt.format_callback_data = fn;
 	if (prefix) {
-		item.match = xstrdup(prefix);
-		item.len = strlen(prefix);
+		item = xcalloc(1, sizeof(*item));
+		item->match = xstrdup(prefix);
+		item->len = strlen(prefix);
 		opt.pathspec.nr = 1;
-		opt.pathspec.items = &item;
+		opt.pathspec.items = item;
 	}
 	diff_setup_done(&opt);
 
@@ -367,8 +367,6 @@ void cgit_diff_tree(const struct object_id *old_oid,
 		diff_root_tree_oid(new_oid, "", &opt);
 	diffcore_std(&opt);
 	diff_flush(&opt);
-
-	free(item.match);
 }
 
 void cgit_diff_commit(struct commit *commit, filepair_fn fn, const char *prefix)