diff options
| author |   June McEnroe <june@causal.agency> | 2022-05-17 21:50:53 +0000 |
|---|---|---|
| committer |   Jason A. Donenfeld <Jason@zx2c4.com> | 2022-12-19 15:09:34 +0100 |
| commit | b9ff119549f6018adc54c8447ad87943c6bcb55e (patch) | |
| tree | b64a6420cba0cafeb4597530f986686c8707eb12 | |
| parent | git: update to v2.36.0 (diff) | |
| download | cgit-b9ff119549f6018adc54c8447ad87943c6bcb55e.tar.xz cgit-b9ff119549f6018adc54c8447ad87943c6bcb55e.zip | |
shared: fix bad free in cgit_diff_tree
Since git commit 244c27242f44e6b88e3a381c90bde08d134c274b,
> diff.[ch]: have diff_free() call clear_pathspec(opts.pathspec)
calling diff_flush calls free(3) on opts.pathspec.items, so it can't
be a pointer to a stack variable.
Signed-off-by: Christian Hesse <mail@eworm.de>
| -rw-r--r-- | shared.c | 12 |
1 files changed, 5 insertions, 7 deletions
@@ -341,9 +341,8 @@ void cgit_diff_tree(const struct object_id *old_oid, filepair_fn fn, const char *prefix, int ignorews) { struct diff_options opt; - struct pathspec_item item; + struct pathspec_item *item; - memset(&item, 0, sizeof(item)); diff_setup(&opt); opt.output_format = DIFF_FORMAT_CALLBACK; opt.detect_rename = 1; @@ -354,10 +353,11 @@ void cgit_diff_tree(const struct object_id *old_oid, opt.format_callback = cgit_diff_tree_cb; opt.format_callback_data = fn; if (prefix) { - item.match = xstrdup(prefix); - item.len = strlen(prefix); + item = xcalloc(1, sizeof(*item)); + item->match = xstrdup(prefix); + item->len = strlen(prefix); opt.pathspec.nr = 1; - opt.pathspec.items = &item; + opt.pathspec.items = item; } diff_setup_done(&opt); @@ -367,8 +367,6 @@ void cgit_diff_tree(const struct object_id *old_oid, diff_root_tree_oid(new_oid, "", &opt); diffcore_std(&opt); diff_flush(&opt); - - free(item.match); } void cgit_diff_commit(struct commit *commit, filepair_fn fn, const char *prefix) |