fetch: carefully clear local variable's address after use

As pointed out by CodeQL, it is a potentially dangerous practice to
store local variables' addresses in non-local structs. Yet this is
exactly what happens with the `acked_commits` attribute that is used in
`cmd_fetch()`: The pointer to a local variable is assigned to it.

Now, it is Git's convention that `cmd_*()` functions are essentially
only returning just before exiting the process, therefore there is
little danger that this attribute is used after the code flow returns
from that function.

However, code in `cmd_*()` function is often so useful that it gets
lifted into a library function, at which point this issue could become a
real problem.

Let's make sure to clear the `acked_commits` attribute out after it was
used, and before the function returns (at which point the address would
go stale).

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

diff --git a/builtin/fetch.c b/builtin/fetch.c
index cda6eaf1fd6edcde2c4a8265f895adc18e5160e7..c1a1434c7096255ea1164c7cb9cebcdfc450c80e 100644 (file)
--- a/builtin/fetch.c
+++ b/builtin/fetch.c
@@ -2560,6 +2560,7 @@ int cmd_fetch(int argc,
                if (server_options.nr)
                        gtransport->server_options = &server_options;
                result = transport_fetch_refs(gtransport, NULL);
+               gtransport->smart_options->acked_commits = NULL;
 
                oidset_iter_init(&acked_commits, &iter);
                while ((oid = oidset_iter_next(&iter)))