From anrxc at sysphere.org  Wed Mar  4 13:20:37 2026
From: anrxc at sysphere.org (Adrian C.)
Date: Wed, 4 Mar 2026 14:20:37 +0100
Subject: Crash in the grep feature
Message-ID: <76q1sr29-so87-r86s-p0so-o69q131n456@flfcurer.bet>

Hello. I posted an example URL that crashes cgit on the IRC channel. I 
don't want to repeat it here because AI bots will follow it until the 
end of time.

https://DEV.NULL/REPOSITORYNAME/log/?q=1')EXTRACTVALUE(7345,CONCAT(0x7e,(SELECT/**/(ELT(7345=7345,1))),0x7e))+AND+'1'='1&qt=grep

From anrxc at sysphere.org  Thu Mar  5 21:44:51 2026
From: anrxc at sysphere.org (Adrian C.)
Date: Thu, 5 Mar 2026 22:44:51 +0100
Subject: Crash in the grep feature
In-Reply-To: <76q1sr29-so87-r86s-p0so-o69q131n456@flfcurer.bet>
References: <76q1sr29-so87-r86s-p0so-o69q131n456@flfcurer.bet>
Message-ID: <q09rns7n-22n2-2rp2-5rq6-7464614n75nn@flfcurer.bet>

Quick attempt at a workaround for haproxy in front of cgit 
installations:

http-request set-query %[query,regsub(qt=grep,qt=grepz,g)]

From aiden at aidenw.net  Fri Mar  6 01:06:46 2026
From: aiden at aidenw.net (Aiden Woodruff)
Date: Thu, 5 Mar 2026 20:06:46 -0500
Subject: Crash in the grep feature
In-Reply-To: <q09rns7n-22n2-2rp2-5rq6-7464614n75nn@flfcurer.bet>
References: <76q1sr29-so87-r86s-p0so-o69q131n456@flfcurer.bet>
 <q09rns7n-22n2-2rp2-5rq6-7464614n75nn@flfcurer.bet>
Message-ID: <ad18dc43-118a-4cea-bccc-39389568cc10@aidenw.net>

Adrian,

Here's a shorter example that causes a crash:

https://DEV.NULL/REPOSITORYNAME/log/?q=a**&qt=grep

I think because this is an invalid regular expression.

However, the following is also an invalid regular expression that does 
not cause a crash:

https://DEV.NULL/REPOSITORYNAME/log/?q=a?*&qt=grep

On 3/5/26 4:44 PM, Adrian C. wrote:
> Quick attempt at a workaround for haproxy in front of cgit installations:
>
> http-request set-query %[query,regsub(qt=grep,qt=grepz,g)]

This workaround is not ideal: it disables log searching completely.

-- 
Aiden Woodruff


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2792 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.zx2c4.com/pipermail/cgit/attachments/20260305/2ab53ae3/attachment.p7s>

From aiden at aidenw.net  Fri Mar  6 02:22:34 2026
From: aiden at aidenw.net (Aiden Woodruff)
Date: Thu, 5 Mar 2026 21:22:34 -0500
Subject: Crash in the grep feature
In-Reply-To: <ad18dc43-118a-4cea-bccc-39389568cc10@aidenw.net>
References: <76q1sr29-so87-r86s-p0so-o69q131n456@flfcurer.bet>
 <q09rns7n-22n2-2rp2-5rq6-7464614n75nn@flfcurer.bet>
 <ad18dc43-118a-4cea-bccc-39389568cc10@aidenw.net>
Message-ID: <1e16c644-97fb-4529-9151-df9c1c959efb@aidenw.net>

It looks like this failure is caused because it's not possible to 
directly check errors from the compile_grep_patterns [1] git function 
called in cgit_print_log [2]. The compile_grep_patterns function calls 
compile_regexp [3] which can call exit. See the following relevant lines 
from compile_regexp:

```
 ? ? err = regcomp(&p->regexp, p->pattern, regflags);
 ? ? if (err) {
 ? ? ? ? char errbuf[1024];
 ? ? ? ? regerror(err, &p->regexp, errbuf, 1024);
 ? ? ? ? compile_regexp_failed(p, errbuf);
 ? ? }
```

I think getting cgit to return an informational page here would require 
launching a separate process or changing the upstream git function to 
allow non-fatal failures.

1. https://gitlab.com/git-scm/git/-/blob/HEAD/grep.c#L770
2. https://git.zx2c4.com/cgit/tree/ui-log.c#n454
3. https://gitlab.com/git-scm/git/-/blob/HEAD/grep.c#L492

-- 
Aiden Woodruff


-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <http://lists.zx2c4.com/pipermail/cgit/attachments/20260305/3f23939d/attachment.sig>

From rito at ritovision.com  Sun Mar  8 03:45:34 2026
From: rito at ritovision.com (Rito Rhymes)
Date: Sat, 07 Mar 2026 22:45:34 -0500
Subject: [PATCH 0/5] fix broken mobile layouts across views
In-Reply-To: <20260225230729.8610-1-rito@ritovision.com>
References: <20260225230729.8610-1-rito@ritovision.com>
Message-ID: <DGX3BKW8RH2X.3C9TNPJ31LNCB@ritovision.com>

Hi,

Just following up on this patch series.
Has anyone had a chance to review it yet?

Thanks,
Rito

From Jason at zx2c4.com  Tue Mar 10 21:20:14 2026
From: Jason at zx2c4.com (Jason A. Donenfeld)
Date: Tue, 10 Mar 2026 22:20:14 +0100
Subject: [PATCH] cgit: override die routine globally
In-Reply-To: <1e16c644-97fb-4529-9151-df9c1c959efb@aidenw.net>
References: <1e16c644-97fb-4529-9151-df9c1c959efb@aidenw.net>
Message-ID: <20260310212014.2409949-1-Jason@zx2c4.com>

We don't get any return value from compile_grep_patterns calling
compile_regexp_failed, causing the default die routine to print to
stderr and then for cgit to exit ungracefully.

Instead override the default die routine to show a normal error page.

Perhaps compile_grep_patterns ought to change upstream to return an
error. But this commit here will handle future issues as well, so
perhaps not a bad idea to do anyway.

Link: https://lists.zx2c4.com/pipermail/cgit/2026-March/004982.html
Link: https://lists.zx2c4.com/pipermail/cgit/2026-March/004983.html
Reported-by: Adrian C. <anrxc at sysphere.org>
Reported-by: Aiden Woodruff <aiden at aidenw.net>
Signed-off-by: Jason A. Donenfeld <Jason at zx2c4.com>
---
 cgit.c      | 7 +++++++
 ui-shared.c | 9 +++++++--
 ui-shared.h | 1 +
 3 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/cgit.c b/cgit.c
index c91897a..c4dc94c 100644
--- a/cgit.c
+++ b/cgit.c
@@ -1058,6 +1058,12 @@ static int calc_ttl(void)
 	return ctx.cfg.cache_repo_ttl;
 }
 
+static NORETURN void cgit_die_routine(const char *msg, va_list params)
+{
+	cgit_vprint_error_page(400, "Bad request", msg, params);
+	exit(0);
+}
+
 int cmd_main(int argc, const char **argv)
 {
 	const char *path;
@@ -1065,6 +1071,7 @@ int cmd_main(int argc, const char **argv)
 
 	cgit_init_filters();
 	atexit(cgit_cleanup_filters);
+	set_die_routine(cgit_die_routine);
 
 	prepare_context();
 	cgit_repolist.length = 0;
diff --git a/ui-shared.c b/ui-shared.c
index 219b830..df52a9b 100644
--- a/ui-shared.c
+++ b/ui-shared.c
@@ -889,13 +889,18 @@ void cgit_print_docend(void)
 void cgit_print_error_page(int code, const char *msg, const char *fmt, ...)
 {
 	va_list ap;
+	va_start(ap, fmt);
+	cgit_vprint_error_page(code, msg, fmt, ap);
+	va_end(ap);
+}
+
+void cgit_vprint_error_page(int code, const char *msg, const char *fmt, va_list ap)
+{
 	ctx.page.expires = ctx.cfg.cache_dynamic_ttl;
 	ctx.page.status = code;
 	ctx.page.statusmsg = msg;
 	cgit_print_layout_start();
-	va_start(ap, fmt);
 	cgit_vprint_error(fmt, ap);
-	va_end(ap);
 	cgit_print_layout_end();
 }
 
diff --git a/ui-shared.h b/ui-shared.h
index f12fa99..2a3a7f5 100644
--- a/ui-shared.h
+++ b/ui-shared.h
@@ -73,6 +73,7 @@ extern void cgit_print_docstart(void);
 extern void cgit_print_docend(void);
 __attribute__((format (printf,3,4)))
 extern void cgit_print_error_page(int code, const char *msg, const char *fmt, ...);
+extern void cgit_vprint_error_page(int code, const char *msg, const char *fmt, va_list ap);
 extern void cgit_print_pageheader(void);
 extern void cgit_print_filemode(unsigned short mode);
 extern void cgit_compose_snapshot_prefix(struct strbuf *filename,
-- 
2.53.0


From rito at ritovision.com  Fri Mar 27 20:31:58 2026
From: rito at ritovision.com (Rito Rhymes)
Date: Fri, 27 Mar 2026 16:31:58 -0400
Subject: Follow up for mobile responsiveness patch series
In-Reply-To: <20260225230729.8610-1-rito@ritovision.com>
References: <20260225230729.8610-1-rito@ritovision.com>
Message-ID: <DHDUMHGXX5EQ.MW6J58T8M633@ritovision.com>

Hi,

Just following up again; has anyone had time to review
my patch series yet?

Let me know if there's anything more I can do here.

Rito