git@vger.kernel.org list mirror (unofficial, one of many)
 help / color / mirror / code / Atom feed
* [PATCH] Fix potential segfault on cloning invalid tag
@ 2020-10-30 11:46 Sohom Datta via GitGitGadget
  2020-10-30 15:09 ` Jeff King
  2020-11-04 17:21 ` [PATCH v2] Avoid segfault and provide fallback when cloning invalid branch/tag Sohom Datta via GitGitGadget
  0 siblings, 2 replies; 4+ messages in thread
From: Sohom Datta via GitGitGadget @ 2020-10-30 11:46 UTC (permalink / raw)
  To: git; +Cc: Sohom Datta, Sohom Datta

From: Sohom Datta <sohom.datta@learner.manipal.edu>

Git allows users to create tags pointing to object hashes
that may or may not be commits. When a tag that doesn't
point to a commit is used with the -b (--branch) parameter
of git clone, git segfaults as it assumes that the tag will
always reference a commit.

Add a check to make sure that lookup_commit_reference returns a commit
before detaching HEAD.

Signed-off-by: Sohom Datta <sohom.datta@learner.manipal.edu>
---
    Fix potential segfault on cloning invalid tag
    
    The bug can be reproduced by running git tag 1.4.0 $(git rev-parse
    :filename) on the parent repository and then cloning the repo using git
    clone --branch 1.4.0 file://path/to/repo. The output should be something
    along the lines of:
    
    Cloning into '<path/to/repo>'...
    remote: Enumerating objects: 8, done.
    remote: Counting objects: 100% (8/8), done.
    remote: Compressing objects: 100% (5/5), done.
    remote: Total 8 (delta 1), reused 0 (delta 0), pack-reused 0
    Receiving objects: 100% (8/8), done.
    Resolving deltas: 100% (1/1), done.
    error: object d670460b4b4aece5915caf5c68d12f560a9fe3e4 is a blob, not a commit
    zsh: segmentation fault (core dumped)

Published-As: https://github.com/gitgitgadget/git/releases/tag/pr-git-906%2Fsohomdatta1%2Fsegfault-while-cloning-invalid-tag-v1
Fetch-It-Via: git fetch https://github.com/gitgitgadget/git pr-git-906/sohomdatta1/segfault-while-cloning-invalid-tag-v1
Pull-Request: https://github.com/git/git/pull/906

 builtin/clone.c           | 2 ++
 t/t5610-clone-detached.sh | 5 +++++
 2 files changed, 7 insertions(+)

diff --git a/builtin/clone.c b/builtin/clone.c
index a0841923cf..b4760ac887 100644
--- a/builtin/clone.c
+++ b/builtin/clone.c
@@ -727,6 +727,8 @@ static void update_head(const struct ref *our, const struct ref *remote,
 	} else if (our) {
 		struct commit *c = lookup_commit_reference(the_repository,
 							   &our->old_oid);
+		if ( !c )
+			die(_("%s does not point to a commit."), our->name);
 		/* --branch specifies a non-branch (i.e. tags), detach HEAD */
 		update_ref(msg, "HEAD", &c->object.oid, NULL, REF_NO_DEREF,
 			   UPDATE_REFS_DIE_ON_ERR);
diff --git a/t/t5610-clone-detached.sh b/t/t5610-clone-detached.sh
index 8b0d607df1..c7fd2c5f5c 100755
--- a/t/t5610-clone-detached.sh
+++ b/t/t5610-clone-detached.sh
@@ -15,6 +15,7 @@ test_expect_success 'setup' '
 	echo two >file &&
 	git commit -a -m two &&
 	git tag two &&
+	git tag four $(git rev-parse :file) &&
 	echo three >file &&
 	git commit -a -m three
 '
@@ -72,5 +73,9 @@ test_expect_success 'cloned HEAD matches' '
 test_expect_success 'cloned HEAD is detached' '
 	head_is_detached detached-orphan
 '
+test_expect_success 'cloning invalid tag' '
+	test_must_fail git clone "file://$PWD" -b four 2>err &&
+	test_i18ngrep "does not point to a commit." err
+'
 
 test_done

base-commit: ad27df6a5cff694add500ab8c7f97234feb4a91f
-- 
gitgitgadget

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2020-11-04 19:31 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-10-30 11:46 [PATCH] Fix potential segfault on cloning invalid tag Sohom Datta via GitGitGadget
2020-10-30 15:09 ` Jeff King
2020-11-04 17:21 ` [PATCH v2] Avoid segfault and provide fallback when cloning invalid branch/tag Sohom Datta via GitGitGadget
2020-11-04 19:31   ` Junio C Hamano

Code repositories for project(s) associated with this inbox:

	https://80x24.org/mirrors/git.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).