diff options
author | Julian Phillips <julian@quantumfyre.co.uk> | 2009-11-13 21:25:56 +0000 |
---|---|---|
committer | Junio C Hamano <gitster@pobox.com> | 2009-11-14 16:03:06 -0800 |
commit | 95c96d48e65a597cfd2bf7228ddc8c7ca30b55b7 (patch) | |
tree | 22eda8e78a72863e9458d8c798e0b373f02d0daa /remote.c | |
parent | b1a01e1c0762d117da7dac009b773f310479be12 (diff) | |
download | git-95c96d48e65a597cfd2bf7228ddc8c7ca30b55b7.tar.gz |
remote: fix use-after-free error detected by glibc in ref_remove_duplicates
In ref_remove_duplicates, when we encounter a duplicate and remove it
from the list we need to make sure that the prev pointer stays
pointing at the last entry and also skip over adding the just freed
entry to the string_list.
Previously fetch could crash with:
*** glibc detected *** git: corrupted double-linked list: ...
Also add a test to try and catch problems with duplicate removal in
the future.
Acked-by: Nicolas Pitre <nico@fluxnic.net>
Signed-off-by: Julian Phillips <julian@quantumfyre.co.uk>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'remote.c')
-rw-r--r-- | remote.c | 2 |
1 files changed, 2 insertions, 0 deletions
@@ -754,6 +754,8 @@ void ref_remove_duplicates(struct ref *ref_map) prev->next = ref_map->next; free(ref_map->peer_ref); free(ref_map); + ref_map = prev; /* skip this; we freed it */ + continue; } item = string_list_insert(ref_map->peer_ref->name, &refs); |