summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeff King <peff@peff.net>2009-05-18 13:58:11 -0400
committerJunio C Hamano <gitster@pobox.com>2009-05-20 00:06:19 -0700
commite64c1b0053f2dc4fc5b434a9806b90318bac9592 (patch)
treea531a2cb6275af5df03dc003091eeceaf5d8891d
parent5acb3e5012966cc11e54f50e0592b3639bade02c (diff)
downloadgit-e64c1b0053f2dc4fc5b434a9806b90318bac9592.tar.gz
for-each-ref: fix segfault in copy_email
You can trigger a segfault in git.git by doing: git for-each-ref --format='%(taggeremail)' refs/tags/v0.99 The v0.99 tag is special in that it contains no "tagger" header. The bug is obvious in copy_email, which carefully checks to make sure the result of a strchr is non-NULL, but only after already having used it to perform other work. The fix is to move the check up. Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
-rw-r--r--builtin-for-each-ref.c7
1 files changed, 5 insertions, 2 deletions
diff --git a/builtin-for-each-ref.c b/builtin-for-each-ref.c
index 91e8f95fd2..d091e04af9 100644
--- a/builtin-for-each-ref.c
+++ b/builtin-for-each-ref.c
@@ -339,8 +339,11 @@ static const char *copy_name(const char *buf)
static const char *copy_email(const char *buf)
{
const char *email = strchr(buf, '<');
- const char *eoemail = strchr(email, '>');
- if (!email || !eoemail)
+ const char *eoemail;
+ if (!email)
+ return "";
+ eoemail = strchr(email, '>');
+ if (!eoemail)
return "";
return xmemdupz(email, eoemail + 1 - email);
}