From e579aa66030bde44f2b0f7d3031c08af0f7d3a3c Mon Sep 17 00:00:00 2001 From: June McEnroe Date: Tue, 17 May 2022 21:50:53 +0000 Subject: fix(3p/cgit): Fix bad free in cgit_diff_tree Since git commit 244c27242f44e6b88e3a381c90bde08d134c274b, > diff.[ch]: have diff_free() call clear_pathspec(opts.pathspec) calling diff_flush calls free(3) on opts.pathspec.items, so it can't be a pointer to a stack variable. (cherry-picked from commit https://git.causal.agency/cgit-pink/commit/?id=cc167887f1ee6907103533187ff9679f01006a1f) Change-Id: I3054b0839f46465e8a5ce0da52a87357c7d77128 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5631 Autosubmit: sterni Tested-by: BuildkiteCI Reviewed-by: tazjin --- third_party/cgit/shared.c | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) (limited to 'third_party') diff --git a/third_party/cgit/shared.c b/third_party/cgit/shared.c index 8115469a7c..0bceb98912 100644 --- a/third_party/cgit/shared.c +++ b/third_party/cgit/shared.c @@ -341,9 +341,8 @@ void cgit_diff_tree(const struct object_id *old_oid, filepair_fn fn, const char *prefix, int ignorews) { struct diff_options opt; - struct pathspec_item item; + struct pathspec_item *item; - memset(&item, 0, sizeof(item)); diff_setup(&opt); opt.output_format = DIFF_FORMAT_CALLBACK; opt.detect_rename = 1; @@ -354,10 +353,11 @@ void cgit_diff_tree(const struct object_id *old_oid, opt.format_callback = cgit_diff_tree_cb; opt.format_callback_data = fn; if (prefix) { - item.match = xstrdup(prefix); - item.len = strlen(prefix); + item = xcalloc(1, sizeof(*item)); + item->match = xstrdup(prefix); + item->len = strlen(prefix); opt.pathspec.nr = 1; - opt.pathspec.items = &item; + opt.pathspec.items = item; } diff_setup_done(&opt); @@ -367,8 +367,6 @@ void cgit_diff_tree(const struct object_id *old_oid, diff_root_tree_oid(new_oid, "", &opt); diffcore_std(&opt); diff_flush(&opt); - - free(item.match); } void cgit_diff_commit(struct commit *commit, filepair_fn fn, const char *prefix) -- cgit 1.4.1