From: "Sohom Datta via GitGitGadget" <gitgitgadget@gmail.com>
To: git@vger.kernel.org
Cc: Sohom Datta <sohom.datta@learner.manipal.edu>,
Sohom Datta <sohom.datta@learner.manipal.edu>
Subject: [PATCH] Fix potential segfault on cloning invalid tag
Date: Fri, 30 Oct 2020 11:46:41 +0000 [thread overview]
Message-ID: <pull.906.git.git.1604058401991.gitgitgadget@gmail.com> (raw)
From: Sohom Datta <sohom.datta@learner.manipal.edu>
Git allows users to create tags pointing to object hashes
that may or may not be commits. When a tag that doesn't
point to a commit is used with the -b (--branch) parameter
of git clone, git segfaults as it assumes that the tag will
always reference a commit.
Add a check to make sure that lookup_commit_reference returns a commit
before detaching HEAD.
Signed-off-by: Sohom Datta <sohom.datta@learner.manipal.edu>
---
Fix potential segfault on cloning invalid tag
The bug can be reproduced by running git tag 1.4.0 $(git rev-parse
:filename) on the parent repository and then cloning the repo using git
clone --branch 1.4.0 file://path/to/repo. The output should be something
along the lines of:
Cloning into '<path/to/repo>'...
remote: Enumerating objects: 8, done.
remote: Counting objects: 100% (8/8), done.
remote: Compressing objects: 100% (5/5), done.
remote: Total 8 (delta 1), reused 0 (delta 0), pack-reused 0
Receiving objects: 100% (8/8), done.
Resolving deltas: 100% (1/1), done.
error: object d670460b4b4aece5915caf5c68d12f560a9fe3e4 is a blob, not a commit
zsh: segmentation fault (core dumped)
Published-As: https://github.com/gitgitgadget/git/releases/tag/pr-git-906%2Fsohomdatta1%2Fsegfault-while-cloning-invalid-tag-v1
Fetch-It-Via: git fetch https://github.com/gitgitgadget/git pr-git-906/sohomdatta1/segfault-while-cloning-invalid-tag-v1
Pull-Request: https://github.com/git/git/pull/906
builtin/clone.c | 2 ++
t/t5610-clone-detached.sh | 5 +++++
2 files changed, 7 insertions(+)
diff --git a/builtin/clone.c b/builtin/clone.c
index a0841923cf..b4760ac887 100644
--- a/builtin/clone.c
+++ b/builtin/clone.c
@@ -727,6 +727,8 @@ static void update_head(const struct ref *our, const struct ref *remote,
} else if (our) {
struct commit *c = lookup_commit_reference(the_repository,
&our->old_oid);
+ if ( !c )
+ die(_("%s does not point to a commit."), our->name);
/* --branch specifies a non-branch (i.e. tags), detach HEAD */
update_ref(msg, "HEAD", &c->object.oid, NULL, REF_NO_DEREF,
UPDATE_REFS_DIE_ON_ERR);
diff --git a/t/t5610-clone-detached.sh b/t/t5610-clone-detached.sh
index 8b0d607df1..c7fd2c5f5c 100755
--- a/t/t5610-clone-detached.sh
+++ b/t/t5610-clone-detached.sh
@@ -15,6 +15,7 @@ test_expect_success 'setup' '
echo two >file &&
git commit -a -m two &&
git tag two &&
+ git tag four $(git rev-parse :file) &&
echo three >file &&
git commit -a -m three
'
@@ -72,5 +73,9 @@ test_expect_success 'cloned HEAD matches' '
test_expect_success 'cloned HEAD is detached' '
head_is_detached detached-orphan
'
+test_expect_success 'cloning invalid tag' '
+ test_must_fail git clone "file://$PWD" -b four 2>err &&
+ test_i18ngrep "does not point to a commit." err
+'
test_done
base-commit: ad27df6a5cff694add500ab8c7f97234feb4a91f
--
gitgitgadget
next reply other threads:[~2020-10-30 11:46 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-10-30 11:46 Sohom Datta via GitGitGadget [this message]
2020-10-30 15:09 ` [PATCH] Fix potential segfault on cloning invalid tag Jeff King
2020-11-04 17:21 ` [PATCH v2] Avoid segfault and provide fallback when cloning invalid branch/tag Sohom Datta via GitGitGadget
2020-11-04 19:31 ` Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=pull.906.git.git.1604058401991.gitgitgadget@gmail.com \
--to=gitgitgadget@gmail.com \
--cc=git@vger.kernel.org \
--cc=sohom.datta@learner.manipal.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).