From 79e913c24aa37d0ede9ed9e8962a19634ae5129a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ren=C3=A9=20Scharfe?= Date: Sat, 6 May 2017 19:13:52 +0200 Subject: checkout: check return value of resolve_refdup before using hash If resolve_refdup() fails it returns NULL and possibly leaves its hash output parameter untouched. Make sure to use it only if the function succeeded, in order to avoid accessing uninitialized memory. Found with t/t2011-checkout-invalid-head.sh --valgrind. Signed-off-by: Rene Scharfe Signed-off-by: Junio C Hamano diff --git a/builtin/checkout.c b/builtin/checkout.c index 81f07c3..5744499 100644 --- a/builtin/checkout.c +++ b/builtin/checkout.c @@ -814,7 +814,8 @@ static int switch_branches(const struct checkout_opts *opts, int flag, writeout_error = 0; memset(&old, 0, sizeof(old)); old.path = path_to_free = resolve_refdup("HEAD", 0, rev.hash, &flag); - old.commit = lookup_commit_reference_gently(rev.hash, 1); + if (old.path) + old.commit = lookup_commit_reference_gently(rev.hash, 1); if (!(flag & REF_ISSYMREF)) old.path = NULL; -- cgit v0.10.2-6-g49f6 From 57e0ef0e0e90c4cb72c35db874fc3d035b88ce4d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ren=C3=A9=20Scharfe?= Date: Sat, 6 May 2017 19:13:56 +0200 Subject: am: check return value of resolve_refdup before using hash If resolve_refdup() fails it returns NULL and possibly leaves its hash output parameter untouched. Make sure to use it only if the function succeeded, in order to avoid accessing uninitialized memory. Signed-off-by: Rene Scharfe Signed-off-by: Junio C Hamano diff --git a/builtin/am.c b/builtin/am.c index 31fb605..6959686 100644 --- a/builtin/am.c +++ b/builtin/am.c @@ -2157,7 +2157,7 @@ static void am_abort(struct am_state *state) am_rerere_clear(); curr_branch = resolve_refdup("HEAD", 0, curr_head.hash, NULL); - has_curr_head = !is_null_oid(&curr_head); + has_curr_head = curr_branch && !is_null_oid(&curr_head); if (!has_curr_head) hashcpy(curr_head.hash, EMPTY_TREE_SHA1_BIN); -- cgit v0.10.2-6-g49f6