On Thu, May 08, 2025 at 11:44:56PM +0000, brian m. carlson wrote:
> +static int write_commit_with_parents(struct repository *r,
> + struct object_id *out,
> + const struct object_id *oid,
> + struct commit_list *parents)
> +{
> + size_t author_len, committer_len;
> + struct commit *this;
> + const char *orig_author, *orig_committer;
> + char *author = NULL, *committer = NULL;
> + const char *buffer;
> + unsigned long bufsize;
> + const char *p;
> + struct strbuf msg = STRBUF_INIT;
> + int ret = 0;
> + struct ident_split id;
> +
> + this = lookup_commit_reference(r, oid);
> + buffer = repo_get_commit_buffer(r, this, &bufsize);
> + orig_author = find_commit_header(buffer, "author", &author_len);
> + orig_committer = find_commit_header(buffer, "committer", &committer_len);
> + if (split_ident_line(&id, orig_author, author_len) < 0 ||
> + split_ident_line(&id, orig_committer, committer_len) < 0) {
> + ret = error(_("invalid author or committer for %s"), oid_to_hex(oid));
> + goto out;
> + }
> + p = strstr(buffer, "\n\n");
> +
> + if (!orig_author || !orig_committer || !p) {
> + ret = error(_("cannot parse commit %s"), oid_to_hex(oid));
> + goto out;
> + }
Coverity flagged this as a potential NULL deref. We check that
orig_author and orig_committer aren't NULL here, but we'll already have
looked at them via split_ident_line() above. Probably the error checks
should be reordered?
-Peff
