Thanks to visit codestin.com
Credit goes to github.com

Skip to content

filesystem_iterator: fixed double free on error #3904

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Aug 24, 2016
Merged

filesystem_iterator: fixed double free on error #3904

merged 1 commit into from
Aug 24, 2016

Conversation

hackhaslam
Copy link
Contributor

git_iterator_free tries to free iter->root (and iter->current_path) via the filesystem_iterator_free callback after it has already been freed. I couldn't figure out what caused the on_error case to begin with or else I would have tried to make a test case.

@pks-t
Copy link
Member

pks-t commented Aug 22, 2016

The fix as-is does not suffice, unfortunately. Problem is that we may jump to the on_error label previous to initializing iterator->base.cb, where we call git_iterator_free(&iterator->base). But git_iterator_free will dereference iterator->base.cb->free then, leading to undefined behavior.

So in addition to your improvement, we should also move up initialization of the callbacks.

@hackhaslam hackhaslam force-pushed the filesystem-iterator-double-free branch from df2552d to 7a3f1de Compare August 22, 2016 15:28
@hackhaslam
Copy link
Contributor Author

Ugh, sorry. You're right. I didn't pay close enough attention to where the callbacks are set. I moved the initialization of the base members above the initialization of the filesystem members.

@pks-t
Copy link
Member

pks-t commented Aug 23, 2016

No worries, the error existed already before you touching the code. Thanks for the fix. I'll wait another day for comments and then merge tomorrow if none are incoming.

@pks-t pks-t merged commit c60210d into libgit2:master Aug 24, 2016
@ethomson
Copy link
Member

Thanks @hackhaslam ! ❤️

@hackhaslam hackhaslam deleted the filesystem-iterator-double-free branch August 24, 2016 15:15
@johnhaley81 johnhaley81 mentioned this pull request Feb 6, 2017
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@hackhaslam @pks-t @ethomson