TortoiseProc memory corruption on empty repo
By isciu... on September 27, 2011 14:12 (imported from Google Code)
What steps will reproduce the problem?
- Init the new empty git repository (or clone this empty repo from anywhere).
- Click the "Show Log" from the TortoiseGit shell menu, then close the log window.
- Do the second step one more time.
What is the expected output? What do you see instead?
Log window should open, but TortoiseProc crashes instead.
What version of the product are you using? On what operating system?
TortoiseGit 184.108.40.206 64bit, Windows 7 x64
Please provide any additional information below.
Memory corruption occurs inside the /src/TortoiseProc/GitLogCache.cpp:
382: sizeof(SLogCacheIndexFile) + sizeof(SLogCacheIndexItem) *( m_pCacheIndex->m_Header.m_ItemCount-1)
m_pCacheIndex->m_Header.m_ItemCount may be 0, which happens exactly in the empty repo, memcpy is given 0xffffffff bytes copy, and it corrupts the heap.
In our case, the first "Show Log" command will initialize the tortoisegit.index with no elements, while the second command causes the crash.