[PATCH 1/1] ui-log: fix data corruption

John Keeping john at keeping.me.uk
Sun Oct 16 13:54:23 CEST 2016


On Wed, Oct 12, 2016 at 01:23:45PM +0200, Jason A. Donenfeld wrote:
> So what's the verdict here? Do we have a double free or not?

The current code is fine, providing we don't re-order it.

The issue is that we free commit blobs while walking the log, so any
attempt to use them after that without reloading the data goes through a
null pointer.

We should possibly change cgit_parse_commit() to use get_commit_buffer()
rather than get_cached_commit_buffer(), which improves the usability of
that function but hides potential inefficiency if we free the buffer and
end up reloading it.

The use of get_cached_commit_buffer() dates from an update in git.git
which moved the buffer pointer out of struct commit, previously we just
accessed commit->buffer here and relied on the buffer having been loaded
previously.


More information about the CGit mailing list