From 8d489508194ebe7ee4eb3402c99fe65d04f36d2e Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Fri, 25 Nov 2016 17:03:56 +0100 Subject: [PATCH 1/2] cherry-pick: demonstrate a segmentation fault In https://github.com/git-for-windows/git/issues/952, a complicated scenario was described that leads to a segmentation fault in cherry-pick. It boils down to a certain code path involving a renamed file that is dirty, for which `refresh_cache_entry()` returns `NULL`, and that `NULL` not being handled properly. Signed-off-by: Johannes Schindelin --- t/t3501-revert-cherry-pick.sh | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/t/t3501-revert-cherry-pick.sh b/t/t3501-revert-cherry-pick.sh index 394f0005a1..d7b4251234 100755 --- a/t/t3501-revert-cherry-pick.sh +++ b/t/t3501-revert-cherry-pick.sh @@ -141,4 +141,16 @@ test_expect_success 'cherry-pick "-" works with arguments' ' test_cmp expect actual ' +test_expect_failure 'cherry-pick works with dirty renamed file' ' + test_commit to-rename && + git checkout -b unrelated && + test_commit unrelated && + git checkout @{-1} && + git mv to-rename.t renamed && + test_tick && + git commit -m renamed && + echo modified >renamed && + git cherry-pick refs/heads/unrelated +' + test_done From cf73492c5dd422c717a1038873d475eceec6b9bb Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Fri, 25 Nov 2016 16:53:44 +0100 Subject: [PATCH 2/2] Avoid a segmentation fault with renaming merges Under very particular circumstances, merge-recursive's `add_cacheinfo()` function gets a `NULL` returned from `refresh_cache_entry()` without expecting it, and subsequently passes it to `add_cache_entry()` which consequently crashes. Let's not crash. This fixes https://github.com/git-for-windows/git/issues/952 Signed-off-by: Johannes Schindelin --- merge-recursive.c | 2 +- t/t3501-revert-cherry-pick.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/merge-recursive.c b/merge-recursive.c index 9041c2f149..5dc7587cd3 100644 --- a/merge-recursive.c +++ b/merge-recursive.c @@ -235,7 +235,7 @@ static int add_cacheinfo(struct merge_options *o, struct cache_entry *nce; nce = refresh_cache_entry(ce, CE_MATCH_REFRESH | CE_MATCH_IGNORE_MISSING); - if (nce != ce) + if (nce && nce != ce) ret = add_cache_entry(nce, options); } return ret; diff --git a/t/t3501-revert-cherry-pick.sh b/t/t3501-revert-cherry-pick.sh index d7b4251234..4f2a263b63 100755 --- a/t/t3501-revert-cherry-pick.sh +++ b/t/t3501-revert-cherry-pick.sh @@ -141,7 +141,7 @@ test_expect_success 'cherry-pick "-" works with arguments' ' test_cmp expect actual ' -test_expect_failure 'cherry-pick works with dirty renamed file' ' +test_expect_success 'cherry-pick works with dirty renamed file' ' test_commit to-rename && git checkout -b unrelated && test_commit unrelated &&