Copy resolve_ref() return value for longer use

resolve_ref() may return a pointer to a static buffer. Callers that use this value longer than a couple of statements should copy the value to avoid some hidden resolve_ref() call that may change the static buffer's value. The bug found by Tony Wang <wwwjfy@gmail.com> in builtin/merge.c demonstrates this. The first call is in cmd_merge() branch = resolve_ref("HEAD", head_sha1, 0, &flag); Then deep in lookup_commit_or_die() a few lines after, resolve_ref() may be called again and destroy "branch". lookup_commit_or_die lookup_commit_reference lookup_commit_reference_gently parse_object lookup_replace_object do_lookup_replace_object prepare_replace_object for_each_replace_ref do_for_each_ref get_loose_refs get_ref_dir get_ref_dir resolve_ref All call sites are checked and made sure that xstrdup() is called if the value should be saved. Signed-off-by: Nguyễn Thái Ngọc Duy <pclouds@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
author: Nguyễn Thái Ngọc Duy <pclouds@gmail.com> 2011-11-13 10:22:15 (GMT)
committer: Junio C Hamano <gitster@pobox.com> 2011-12-06 00:21:06 (GMT)
commit: d5a35c114ab6b4337a1c7598bf75c331d94ee092 (patch)
tree: 675d14129b5e8e7b06210e37e1b8dbd147ab9e09 /builtin/notes.c
parent: c6893323917cbf4cb66c29ba2ac03014a44f0f0c (diff)
download: git-d5a35c114ab6b4337a1c7598bf75c331d94ee092.zip
git-d5a35c114ab6b4337a1c7598bf75c331d94ee092.tar.gz
git-d5a35c114ab6b4337a1c7598bf75c331d94ee092.tar.bz2
1 files changed, 5 insertions, 1 deletions
diff --git a/builtin/notes.c b/builtin/notes.c
index f8e437d..10b8bc7 100644
--- a/builtin/notes.c
+++ b/builtin/notes.c
@@ -804,6 +804,7 @@ static int merge_commit(struct notes_merge_options *o)
 	struct notes_tree *t;
 	struct commit *partial;
 	struct pretty_print_context pretty_ctx;
+	int ret;
 
 	/*
 	 * Read partial merge result from .git/NOTES_MERGE_PARTIAL,
@@ -828,6 +829,7 @@ static int merge_commit(struct notes_merge_options *o)
 	o->local_ref = resolve_ref("NOTES_MERGE_REF", sha1, 0, NULL);
 	if (!o->local_ref)
 		die("Failed to resolve NOTES_MERGE_REF");
+	o->local_ref = xstrdup(o->local_ref);
 
 	if (notes_merge_commit(o, t, partial, sha1))
 		die("Failed to finalize notes merge");
@@ -843,7 +845,9 @@ static int merge_commit(struct notes_merge_options *o)
 
 	free_notes(t);
 	strbuf_release(&msg);
-	return merge_abort(o);
+	ret = merge_abort(o);
+	free((char *)o->local_ref);
+	return ret;
 }
 
 static int merge(int argc, const char **argv, const char *prefix)
author	Nguyễn Thái Ngọc Duy <pclouds@gmail.com>	2011-11-13 10:22:15 (GMT)
committer	Junio C Hamano <gitster@pobox.com>	2011-12-06 00:21:06 (GMT)
commit	d5a35c114ab6b4337a1c7598bf75c331d94ee092 (patch)
tree	675d14129b5e8e7b06210e37e1b8dbd147ab9e09 /builtin/notes.c
parent	c6893323917cbf4cb66c29ba2ac03014a44f0f0c (diff)
download	git-d5a35c114ab6b4337a1c7598bf75c331d94ee092.zip git-d5a35c114ab6b4337a1c7598bf75c331d94ee092.tar.gz git-d5a35c114ab6b4337a1c7598bf75c331d94ee092.tar.bz2