list_objects_filter_copy(): deep-copy sparse_oid_name field

The purpose of our copy function is to do a deep copy of each field so
that the source and destination structs become independent. We correctly
copy the filter_spec string list, but we forgot the sparse_oid_name
field. By doing a shallow copy of the pointer, that puts us at risk for
a use-after-free if one or both of the structs is cleaned up.

I don't think this can be triggered in practice, because we tend to leak
the structs rather than actually clean them up. But this should
future-proof us for plugging those leaks.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

diff --git a/list-objects-filter-options.c b/list-objects-filter-options.c
index 4b25287886dfe7368582dd615d424e66e6f320f9..41c41c9d457c8f2ed893063e52725394ad143c90 100644 (file)
--- a/list-objects-filter-options.c
+++ b/list-objects-filter-options.c
@@ -418,6 +418,7 @@ void list_objects_filter_copy(
        string_list_init_dup(&dest->filter_spec);
        for_each_string_list_item(item, &src->filter_spec)
                string_list_append(&dest->filter_spec, item->string);
+       dest->sparse_oid_name = xstrdup_or_null(src->sparse_oid_name);
 
        ALLOC_ARRAY(dest->sub, dest->sub_alloc);
        for (i = 0; i < src->sub_nr; i++)