• Jim Meyering's avatar
    mailmap: fix use of freed memory · d8d2eb7d
    Jim Meyering authored
    On an x86_64 system (F13-based), I ran these commands in an empty directory:
    
        git init
        printf '%s\n' \
          '<jdoe@example.com> <jdoe@example.COM>' \
          'John <jdoe@example.com>' > .mailmap
        git shortlog < /dev/null
    
    Here's the result:
    
        (reading log message from standard input)
        *** glibc detected *** git: free(): invalid pointer: 0x0000000000f53730 ***
        ======= Backtrace: =========
        /lib64/libc.so.6[0x31ba875676]
        git[0x48c2a5]
        git[0x4b9858]
        ...
        zsh: abort (core dumped)  git shortlog
    
    What happened?
    
    Some .mailmap entry is of the <email1> <email2> form,
    while a subsequent one looks like "User Name <Email2>,
    and the two email addresses on the right are not identical
    but are "equal" when using a case-insensitive comparator.
    
    Then, when add_mapping is processing the latter line, new_email is NULL
    and we free me->email, yet do not replace it with a new strdup'd string.
    Thus, when later we attempt to use the buffer behind that ->email pointer,
    we reference freed memory.
    
    The solution is to free ->email and ->name only if we're about to replace them.
    
    [jc: squashed in the tests from Jonathan]
    Signed-off-by: default avatarJim Meyering <meyering@redhat.com>
    Signed-off-by: default avatarJonathan Nieder <jrnieder@gmail.com>
    Signed-off-by: default avatarJunio C Hamano <gitster@pobox.com>
    d8d2eb7d
mailmap.c 6.47 KB