summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorbrian m. carlson <sandals@crustytoothpaste.net>2020-01-07 01:36:40 (GMT)
committerJunio C Hamano <gitster@pobox.com>2020-01-07 19:59:07 (GMT)
commit63ab08fb9999bf9547c5279a8c2f0cdd8bb679ca (patch)
tree7233908045e85ad7ec9e160a52d47b70f0d3ea66
parent53a06cf39b756eddfe4a2a34da93e3d04eb7b728 (diff)
downloadgit-63ab08fb9999bf9547c5279a8c2f0cdd8bb679ca.zip
git-63ab08fb9999bf9547c5279a8c2f0cdd8bb679ca.tar.gz
git-63ab08fb9999bf9547c5279a8c2f0cdd8bb679ca.tar.bz2
run-command: avoid undefined behavior in exists_in_PATH
In this function, we free the pointer we get from locate_in_PATH and then check whether it's NULL. However, this is undefined behavior if the pointer is non-NULL, since the C standard no longer permits us to use a valid pointer after freeing it. The only case in which the C standard would permit this to be defined behavior is if r were NULL, since it states that in such a case "no action occurs" as a result of calling free. It's easy to suggest that this is not likely to be a problem, but we know that GCC does aggressively exploit the fact that undefined behavior can never occur to optimize and rewrite code, even when that's contrary to the expectations of the programmer. It is, in fact, very common for it to omit NULL pointer checks, just as we have here. Since it's easy to fix, let's do so, and avoid a potential headache in the future. Noticed-by: Miriam R. <mirucam@gmail.com> Signed-off-by: brian m. carlson <sandals@crustytoothpaste.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
-rw-r--r--run-command.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/run-command.c b/run-command.c
index 3449db3..946a2cf 100644
--- a/run-command.c
+++ b/run-command.c
@@ -213,8 +213,9 @@ static char *locate_in_PATH(const char *file)
static int exists_in_PATH(const char *file)
{
char *r = locate_in_PATH(file);
+ int found = r != NULL;
free(r);
- return r != NULL;
+ return found;
}
int sane_execvp(const char *file, char * const argv[])