From 8e92e8f2422a5805916e5e14c6bebfd82467e044 Mon Sep 17 00:00:00 2001 From: Stefan Beller Date: Thu, 18 Jul 2013 00:09:42 +0200 Subject: [PATCH] parse_object_buffer: correct freeing the buffer If we exit early in the function parse_object_buffer, we did not write to *eaten_p. Then the calling function parse_object, which looks like the following with respect to the eaten variable, cannot rely on a proper value set in eaten, hence the freeing of the buffer depends on random values in memory. struct object *parse_object(const unsigned char *sha1) { int eaten; ... obj = parse_object_buffer(sha1, type, size, buffer, &eaten); if (!eaten) free(buffer); } This change makes sure, the buffer freeing condition is deterministic. Signed-off-by: Stefan Beller Signed-off-by: Junio C Hamano --- object.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/object.c b/object.c index 4af3451bf8..5da4e1c4b6 100644 --- a/object.c +++ b/object.c @@ -135,7 +135,7 @@ struct object *lookup_unknown_object(const unsigned char *sha1) struct object *parse_object_buffer(const unsigned char *sha1, enum object_type type, unsigned long size, void *buffer, int *eaten_p) { struct object *obj; - int eaten = 0; + *eaten_p = 0; obj = NULL; if (type == OBJ_BLOB) { @@ -154,7 +154,7 @@ struct object *parse_object_buffer(const unsigned char *sha1, enum object_type t if (!tree->object.parsed) { if (parse_tree_buffer(tree, buffer, size)) return NULL; - eaten = 1; + *eaten_p = 1; } } } else if (type == OBJ_COMMIT) { @@ -164,7 +164,7 @@ struct object *parse_object_buffer(const unsigned char *sha1, enum object_type t return NULL; if (!commit->buffer) { commit->buffer = buffer; - eaten = 1; + *eaten_p = 1; } obj = &commit->object; } @@ -181,7 +181,6 @@ struct object *parse_object_buffer(const unsigned char *sha1, enum object_type t } if (obj && obj->type == OBJ_NONE) obj->type = type; - *eaten_p = eaten; return obj; } -- 2.11.4.GIT