| Message ID | 20191209103923.21659-1-mirucam@gmail.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | [Outreachy,v2] bisect--helper: avoid free-after-use | expand |
Miriam Rubio <mirucam@gmail.com> writes: > From: Tanushree Tumane <tanushreetumane@gmail.com> > > In 5e82c3dd22a (bisect--helper: `bisect_reset` shell function in C, > 2019-01-02), the `git bisect reset` subcommand was ported to C. When the > call to `git checkout` failed, an error message was reported to the > user. > > However, this error message used the `strbuf` that had just been > released already. Let's switch that around: first use it, then release > it. > > Mentored-by: Johannes Schindelin <Johannes.Schindelin@gmx.de> > Mentored-by: Christian Couder <chriscool@tuxfamily.org> > Signed-off-by: Tanushree Tumane <tanushreetumane@gmail.com> > Signed-off-by: Miriam Rubio <mirucam@gmail.com> > --- > This patch is a new version of > https://public-inbox.org/git/20191208172813.16518-1-mirucam@gmail.com/ > which itself has been sent previously by Tanushree > (https://public-inbox.org/git/64117cde718f0d56ebfa4c30f4d8fe2155f5cf65.1551003074.git.gitgitgadget@gmail.com/). > > builtin/bisect--helper.c | 7 ++++--- > 1 file changed, 4 insertions(+), 3 deletions(-) > > diff --git a/builtin/bisect--helper.c b/builtin/bisect--helper.c > index 1fbe156e67..3055b2bb50 100644 > --- a/builtin/bisect--helper.c > +++ b/builtin/bisect--helper.c > @@ -169,11 +169,12 @@ static int bisect_reset(const char *commit) > > argv_array_pushl(&argv, "checkout", branch.buf, "--", NULL); > if (run_command_v_opt(argv.argv, RUN_GIT_CMD)) { > + error(_("could not check out original" > + " HEAD '%s'. Try 'git bisect" > + " reset <commit>'."), branch.buf); > strbuf_release(&branch); > argv_array_clear(&argv); > - return error(_("could not check out original" > - " HEAD '%s'. Try 'git bisect" > - " reset <commit>'."), branch.buf); The original obviously was bad X-<. Will queue. Thanks. > + return -1; > } > argv_array_clear(&argv); > }
Junio C Hamano <gitster@pobox.com> writes: > Subject: Re: [Outreachy] [PATCH v2] bisect--helper: avoid free-after-use It is surprising with multiple mentors, nobody noticed free-after-use is perfectly fine---it is use-after-free we would want to avoid. > Miriam Rubio <mirucam@gmail.com> writes: > >> From: Tanushree Tumane <tanushreetumane@gmail.com> >> >> In 5e82c3dd22a (bisect--helper: `bisect_reset` shell function in C, >> 2019-01-02), the `git bisect reset` subcommand was ported to C. When the >> call to `git checkout` failed, an error message was reported to the >> user. >> >> However, this error message used the `strbuf` that had just been >> released already. Let's switch that around: first use it, then release >> it. >> >> Mentored-by: Johannes Schindelin <Johannes.Schindelin@gmx.de> >> Mentored-by: Christian Couder <chriscool@tuxfamily.org> >> Signed-off-by: Tanushree Tumane <tanushreetumane@gmail.com> >> Signed-off-by: Miriam Rubio <mirucam@gmail.com> >> --- >> This patch is a new version of >> https://public-inbox.org/git/20191208172813.16518-1-mirucam@gmail.com/ >> which itself has been sent previously by Tanushree >> (https://public-inbox.org/git/64117cde718f0d56ebfa4c30f4d8fe2155f5cf65.1551003074.git.gitgitgadget@gmail.com/). >> >> builtin/bisect--helper.c | 7 ++++--- >> 1 file changed, 4 insertions(+), 3 deletions(-) >> >> diff --git a/builtin/bisect--helper.c b/builtin/bisect--helper.c >> index 1fbe156e67..3055b2bb50 100644 >> --- a/builtin/bisect--helper.c >> +++ b/builtin/bisect--helper.c >> @@ -169,11 +169,12 @@ static int bisect_reset(const char *commit) >> >> argv_array_pushl(&argv, "checkout", branch.buf, "--", NULL); >> if (run_command_v_opt(argv.argv, RUN_GIT_CMD)) { >> + error(_("could not check out original" >> + " HEAD '%s'. Try 'git bisect" >> + " reset <commit>'."), branch.buf); >> strbuf_release(&branch); >> argv_array_clear(&argv); >> - return error(_("could not check out original" >> - " HEAD '%s'. Try 'git bisect" >> - " reset <commit>'."), branch.buf); > > The original obviously was bad X-<. Will queue. Thanks. > >> + return -1; >> } >> argv_array_clear(&argv); >> }
El mié., 11 dic. 2019 a las 18:24, Junio C Hamano (<gitster@pobox.com>) escribió: > > Junio C Hamano <gitster@pobox.com> writes: > > > Subject: Re: [Outreachy] [PATCH v2] bisect--helper: avoid free-after-use > > It is surprising with multiple mentors, nobody noticed free-after-use > is perfectly fine---it is use-after-free we would want to avoid. > Yes, you are right. I will send another version with the correct title. Thank you, Miriam > > Miriam Rubio <mirucam@gmail.com> writes: > > > >> From: Tanushree Tumane <tanushreetumane@gmail.com> > >> > >> In 5e82c3dd22a (bisect--helper: `bisect_reset` shell function in C, > >> 2019-01-02), the `git bisect reset` subcommand was ported to C. When the > >> call to `git checkout` failed, an error message was reported to the > >> user. > >> > >> However, this error message used the `strbuf` that had just been > >> released already. Let's switch that around: first use it, then release > >> it. > >> > >> Mentored-by: Johannes Schindelin <Johannes.Schindelin@gmx.de> > >> Mentored-by: Christian Couder <chriscool@tuxfamily.org> > >> Signed-off-by: Tanushree Tumane <tanushreetumane@gmail.com> > >> Signed-off-by: Miriam Rubio <mirucam@gmail.com> > >> --- > >> This patch is a new version of > >> https://public-inbox.org/git/20191208172813.16518-1-mirucam@gmail.com/ > >> which itself has been sent previously by Tanushree > >> (https://public-inbox.org/git/64117cde718f0d56ebfa4c30f4d8fe2155f5cf65.1551003074.git.gitgitgadget@gmail.com/). > >> > >> builtin/bisect--helper.c | 7 ++++--- > >> 1 file changed, 4 insertions(+), 3 deletions(-) > >> > >> diff --git a/builtin/bisect--helper.c b/builtin/bisect--helper.c > >> index 1fbe156e67..3055b2bb50 100644 > >> --- a/builtin/bisect--helper.c > >> +++ b/builtin/bisect--helper.c > >> @@ -169,11 +169,12 @@ static int bisect_reset(const char *commit) > >> > >> argv_array_pushl(&argv, "checkout", branch.buf, "--", NULL); > >> if (run_command_v_opt(argv.argv, RUN_GIT_CMD)) { > >> + error(_("could not check out original" > >> + " HEAD '%s'. Try 'git bisect" > >> + " reset <commit>'."), branch.buf); > >> strbuf_release(&branch); > >> argv_array_clear(&argv); > >> - return error(_("could not check out original" > >> - " HEAD '%s'. Try 'git bisect" > >> - " reset <commit>'."), branch.buf); > > > > The original obviously was bad X-<. Will queue. Thanks. > > > >> + return -1; > >> } > >> argv_array_clear(&argv); > >> }
Hi Junio, On Wed, 11 Dec 2019, Junio C Hamano wrote: > Junio C Hamano <gitster@pobox.com> writes: > > > Subject: Re: [Outreachy] [PATCH v2] bisect--helper: avoid free-after-use > > It is surprising with multiple mentors, nobody noticed free-after-use > is perfectly fine---it is use-after-free we would want to avoid. Wow. It is totally my fault, and the only thing I can blame is the mind-numbing work I did on those security fixes. So glad that's over. Sorry for the mistake, Dscho
diff --git a/builtin/bisect--helper.c b/builtin/bisect--helper.c index 1fbe156e67..3055b2bb50 100644 --- a/builtin/bisect--helper.c +++ b/builtin/bisect--helper.c @@ -169,11 +169,12 @@ static int bisect_reset(const char *commit) argv_array_pushl(&argv, "checkout", branch.buf, "--", NULL); if (run_command_v_opt(argv.argv, RUN_GIT_CMD)) { + error(_("could not check out original" + " HEAD '%s'. Try 'git bisect" + " reset <commit>'."), branch.buf); strbuf_release(&branch); argv_array_clear(&argv); - return error(_("could not check out original" - " HEAD '%s'. Try 'git bisect" - " reset <commit>'."), branch.buf); + return -1; } argv_array_clear(&argv); }