From: Jacob Keller <jacob.keller@xxxxxxxxx>
The branch_release function doesn't check the merge field before
accessing it, based on an assumption that merge will be set if
branch->merge_nr is non-zero.
This is not always the case. It turns out that branch->merge is not
initialized until set_merge() is called, but branch->merge_nr can be
non-zero from handle_config() calling add_merge().
set_merge() is not called until branch_get(). This function does set
merge_nr to zero if merge is not initialized. However, branch_release is
called on every branch when tearing down a repository.
An upcoming change to submodule--helper will initialize the remote state
by calling read_config(). In some cases, this results in branches in the
remote_state which have a non-zero merge_nr but no merge array. This
results in a crash when tearing the repository down.
To fix this, lets simply check if merge is valid before attempting to
release its contents.
This makes it safe to initialize the remote_state for a submodule
repository without crashing on teardown.
Signed-off-by: Jacob Keller <jacob.keller@xxxxxxxxx>
---
remote.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/remote.c b/remote.c
index 7092b12209d93e20ce1ed3b7d9e4cbac058c57ff..1035f0cd32d034cce05bd2a3d829ec90795ff4e2 100644
--- a/remote.c
+++ b/remote.c
@@ -253,9 +253,11 @@ static void branch_release(struct branch *branch)
free((char *)branch->refname);
free(branch->remote_name);
free(branch->pushremote_name);
- for (int i = 0; i < branch->merge_nr; i++)
- refspec_item_clear(branch->merge[i]);
- free(branch->merge);
+ if (branch->merge) {
+ for (int i = 0; i < branch->merge_nr; i++)
+ refspec_item_clear(branch->merge[i]);
+ free(branch->merge);
+ }
}
static struct rewrite *make_rewrite(struct rewrites *r,
--
2.48.1.397.gec9d649cc640
