config.c: avoid segfault with --fixed-value and valueless config

When using `--fixed-value` with a key whose value is left empty (implied
as being "true"), 'git config' may crash when invoked like either of:

    $ git config set --file=config --value=value --fixed-value \
        section.key pattern
    $ git config --file=config --fixed-value section.key value pattern

The original bugreport[1] bisects to 00bbdde141 (builtin/config:
introduce "set" subcommand, 2024-05-06), which is a red-herring, since
the original bugreport uses the new 'git config set' invocation.

The behavior likely bisects back to c90702a1f6 (config: plumb
--fixed-value into config API, 2020-11-25), which introduces the new
--fixed-value option in the first place.

Looking at the relevant frame from a failed process's coredump, the
crash appears in config.c::matches() like so:

    (gdb) up
    #1  0x000055b3e8b06022 in matches (key=0x55b3ea894360 "section.key", value=0x0,
        store=0x7ffe99076eb0) at config.c:2884
    2884			return !strcmp(store->fixed_value, value);

where we are trying to compare the `--fixed-value` argument to `value`,
which is NULL.

Avoid attempting to match `--fixed-value` for configuration keys with no
explicit value. A future patch could consider the empty value to mean
"true", "yes", "on", etc. when invoked with `--type=bool`, but let's
punt on that for now in the name of avoiding the segfault.

[1]: https://lore.kernel.org/git/CANrWfmTek1xErBLrnoyhHN+gWU+rw14y6SQ+abZyzGoaBjmiKA@mail.gmail.com/

Reported-by: Han Jiang <jhcarl0814@gmail.com>
Signed-off-by: Taylor Blau <me@ttaylorr.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

diff --git a/config.c b/config.c
index aa2888d301a35f9ccd6d92aaae4ee177926f0424..53ecb2f32df30abd7ce595e7c496c62b69e6796e 100644 (file)
--- a/config.c
+++ b/config.c
@@ -2876,7 +2876,7 @@ static int matches(const char *key, const char *value,
 {
        if (strcmp(key, store->key))
                return 0; /* not ours */
-       if (store->fixed_value)
+       if (store->fixed_value && value)
                return !strcmp(store->fixed_value, value);
        if (!store->value_pattern)
                return 1; /* always matches */

diff --git a/t/t1300-config.sh b/t/t1300-config.sh
index f1d42b62b0585cbca3e4c494bf01142d5f1ffdb7..127671aa3f2618ef16f559ae7172c3d3f023de2b 100755 (executable)
--- a/t/t1300-config.sh
+++ b/t/t1300-config.sh
@@ -2434,6 +2434,15 @@ test_expect_success '--get and --get-all with --fixed-value' '
        test_must_fail git config --file=config --get-regexp --fixed-value fixed+ non-existent
 '
 
+test_expect_success '--fixed-value with value-less configuration' '
+       test_when_finished rm -f config &&
+       cat >config <<-\EOF &&
+       [section]
+               key
+       EOF
+       git config --file=config --fixed-value section.key value pattern
+'
+
 test_expect_success 'includeIf.hasconfig:remote.*.url' '
        git init hasremoteurlTest &&
        test_when_finished "rm -rf hasremoteurlTest" &&