git-am: handle missing "author" when parsing commit

We try to parse the "author" line out of a commit buffer. We handle the
case that split_ident_line() doesn't work, but we don't do any error
checking that we found an "author" line in the first place! This would
cause us to segfault on such a corrupt object.

Let's put in an explicit NULL check (we can just die(), which is what a
bogus split would do, too). As a bonus, this silences a warning when
compiling with gcc 9.2.1 using "-flto -O3", which claims that ident_len
may be uninitialized (it would only be if we had a NULL here).

Reported-by: Stephan Beyer <s-beyer@gmx.net>
Helped-by: René Scharfe <l.s.r@web.de>
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

diff --git a/builtin/am.c b/builtin/am.c
index 1aea657a7f0b56345e1b2d5f8f32df439e278e80..ee7305eaa663ae434b44ed567661b5fd81dbe817 100644 (file)
--- a/builtin/am.c
+++ b/builtin/am.c
@@ -1272,7 +1272,9 @@ static void get_commit_info(struct am_state *state, struct commit *commit)
        buffer = logmsg_reencode(commit, NULL, get_commit_output_encoding());
 
        ident_line = find_commit_header(buffer, "author", &ident_len);
-
+       if (!ident_line)
+               die(_("missing author line in commit %s"),
+                     oid_to_hex(&commit->object.oid));
        if (split_ident_line(&id, ident_line, ident_len) < 0)
                die(_("invalid ident line: %.*s"), (int)ident_len, ident_line);