diff options
authorbrian m. carlson <>2020-01-07 01:36:40 (GMT)
committerJunio C Hamano <>2020-01-07 19:59:07 (GMT)
commit63ab08fb9999bf9547c5279a8c2f0cdd8bb679ca (patch)
parent53a06cf39b756eddfe4a2a34da93e3d04eb7b728 (diff)
run-command: avoid undefined behavior in exists_in_PATH
In this function, we free the pointer we get from locate_in_PATH and then check whether it's NULL. However, this is undefined behavior if the pointer is non-NULL, since the C standard no longer permits us to use a valid pointer after freeing it. The only case in which the C standard would permit this to be defined behavior is if r were NULL, since it states that in such a case "no action occurs" as a result of calling free. It's easy to suggest that this is not likely to be a problem, but we know that GCC does aggressively exploit the fact that undefined behavior can never occur to optimize and rewrite code, even when that's contrary to the expectations of the programmer. It is, in fact, very common for it to omit NULL pointer checks, just as we have here. Since it's easy to fix, let's do so, and avoid a potential headache in the future. Noticed-by: Miriam R. <> Signed-off-by: brian m. carlson <> Signed-off-by: Junio C Hamano <>
1 files changed, 2 insertions, 1 deletions
diff --git a/run-command.c b/run-command.c
index 3449db3..946a2cf 100644
--- a/run-command.c
+++ b/run-command.c
@@ -213,8 +213,9 @@ static char *locate_in_PATH(const char *file)
static int exists_in_PATH(const char *file)
char *r = locate_in_PATH(file);
+ int found = r != NULL;
- return r != NULL;
+ return found;
int sane_execvp(const char *file, char * const argv[])