git.ipfire.org Git - thirdparty/git.git/commit

author	David Turner <dturner@twopensource.com>
	Wed, 21 Oct 2015 17:54:11 +0000 (13:54 -0400)
committer	Junio C Hamano <gitster@pobox.com>
	Wed, 21 Oct 2015 19:47:38 +0000 (12:47 -0700)
commit	41284eb0f944fe2d73708bb4105a8e3ccd0297df
tree	d9fb4779370efc2eec5079f72c210bdec900ef87	tree \| snapshot
parent	441c4a40173fe1ee8a5c0094e587dfc47e2a6460	commit \| diff

name-hash: don't reuse cache_entry in dir_entry

Stop reusing cache_entry in dir_entry; doing so causes a
use-after-free bug.

During merges, we free entries that we no longer need in the
destination index. But those entries might have also been stored in
the dir_entry cache, and when a later call to add_to_index found them,
they would be used after being freed.

To prevent this, change dir_entry to store a copy of the name instead
of a pointer to a cache_entry. This entails some refactoring of code
that expects the cache_entry.

Keith McGuigan <kmcguigan@twitter.com> diagnosed this bug and wrote
the initial patch, but this version does not use any of Keith's code.

Helped-by: Keith McGuigan <kmcguigan@twitter.com>
Helped-by: Junio C Hamano <gitster@pobox.com>
Signed-off-by: David Turner <dturner@twopensource.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

cache.h		diff \| blob \| blame \| history
dir.c		diff \| blob \| blame \| history
name-hash.c		diff \| blob \| blame \| history
read-cache.c		diff \| blob \| blame \| history