refs: fix segfault when aborting empty transaction

When cleaning up a transaction that has no updates queued, then the
transaction's backend data will not have been allocated. We correctly
handle this for the packed backend, where the cleanup function checks
whether the backend data has been allocated at all -- if not, then there
is nothing to clean up. For the files backend we do not check this and
as a result will hit a segfault due to dereferencing a `NULL` pointer
when cleaning up such a transaction.

Fix the issue by checking whether `backend_data` is set in the files
backend, too.

Signed-off-by: Patrick Steinhardt <ps@pks.im>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

diff --git a/refs/files-backend.c b/refs/files-backend.c
index 561c33ac8a97a8e0a3de9ba27ca9bd51937c6c03..6516c7bc8c8fea09cfd296c5c4185332b8358d06 100644 (file)
--- a/refs/files-backend.c
+++ b/refs/files-backend.c
@@ -2565,16 +2565,18 @@ static void files_transaction_cleanup(struct files_ref_store *refs,
                }
        }
 
-       if (backend_data->packed_transaction &&
-           ref_transaction_abort(backend_data->packed_transaction, &err)) {
-               error("error aborting transaction: %s", err.buf);
-               strbuf_release(&err);
-       }
+       if (backend_data) {
+               if (backend_data->packed_transaction &&
+                   ref_transaction_abort(backend_data->packed_transaction, &err)) {
+                       error("error aborting transaction: %s", err.buf);
+                       strbuf_release(&err);
+               }
 
-       if (backend_data->packed_refs_locked)
-               packed_refs_unlock(refs->packed_ref_store);
+               if (backend_data->packed_refs_locked)
+                       packed_refs_unlock(refs->packed_ref_store);
 
-       free(backend_data);
+               free(backend_data);
+       }
 
        transaction->state = REF_TRANSACTION_CLOSED;
 }