git.ipfire.org Git - thirdparty/git.git/commit

author	Johannes Schindelin <johannes.schindelin@gmx.de>
	Thu, 15 May 2025 13:11:40 +0000 (13:11 +0000)
committer	Junio C Hamano <gitster@pobox.com>
	Thu, 15 May 2025 20:46:45 +0000 (13:46 -0700)
commit	c607410ada02fce5ee2366b68543736176101295
tree	a3442ea5553ea9a03cd21be3309e783d8f7aa8ba	tree \| snapshot
parent	131a8fa8151c95f309241ead33018f30f57ff57c	commit \| diff

fetch: carefully clear local variable's address after use

As pointed out by CodeQL, it is a potentially dangerous practice to
store local variables' addresses in non-local structs. Yet this is
exactly what happens with the `acked_commits` attribute that is used in
`cmd_fetch()`: The pointer to a local variable is assigned to it.

Now, it is Git's convention that `cmd_*()` functions are essentially
only returning just before exiting the process, therefore there is
little danger that this attribute is used after the code flow returns
from that function.

However, code in `cmd_*()` function is often so useful that it gets
lifted into a library function, at which point this issue could become a
real problem.

Let's make sure to clear the `acked_commits` attribute out after it was
used, and before the function returns (at which point the address would
go stale).

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>