commit-reach: avoid NULL dereference

The loop at the top of can_all_from_reach_with_flag() already
accounts for `from->objects[i].item' being NULL, so it follows
the cleanup loop should also account for a NULL `from_one'.

I managed to segfault here on one of my giant, many-remote repos
using `git fetch --negotiation-tip=...  --negotiation-only'
where the --negotiation-tip= argument was a glob which (inadvertently)
captured more refs than I wanted.  I have not reproduced this
in a standalone test case.

Signed-off-by: Eric Wong <e@80x24.org>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

diff --git a/commit-reach.c b/commit-reach.c
index 5a845440a996a1f56f9c92d1ac86b96a727cbe8d..7e422b0cd39776dbfaa1ea6c7d5792279f8444b2 100644 (file)
--- a/commit-reach.c
+++ b/commit-reach.c
@@ -628,8 +628,12 @@ cleanup:
        }
        free(list);
 
-       for (i = 0; i < from->nr; i++)
-               from->objects[i].item->flags &= ~assign_flag;
+       for (i = 0; i < from->nr; i++) {
+               struct object *from_one = from->objects[i].item;
+
+               if (from_one)
+                       from_one->flags &= ~assign_flag;
+       }
 
        return result;
 }