midx: fix broken free() in close_midx()
authorDerrick Stolee <dstolee@microsoft.com>
Mon, 8 Oct 2018 15:17:03 +0000 (08:17 -0700)
committerJunio C Hamano <gitster@pobox.com>
Tue, 9 Oct 2018 09:04:15 +0000 (18:04 +0900)
When closing a multi-pack-index, we intend to close each pack-file
and free the struct packed_git that represents it. However, this
line was previously freeing the array of pointers, not the
pointer itself. This leads to a double-free issue.

Signed-off-by: Derrick Stolee <dstolee@microsoft.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
midx.c

diff --git a/midx.c b/midx.c
index f3e8dbc..999717b 100644 (file)
--- a/midx.c
+++ b/midx.c
@@ -190,7 +190,7 @@ static void close_midx(struct multi_pack_index *m)
        for (i = 0; i < m->num_packs; i++) {
                if (m->packs[i]) {
                        close_pack(m->packs[i]);
        for (i = 0; i < m->num_packs; i++) {
                if (m->packs[i]) {
                        close_pack(m->packs[i]);
-                       free(m->packs);
+                       free(m->packs[i]);
                }
        }
        FREE_AND_NULL(m->packs);
                }
        }
        FREE_AND_NULL(m->packs);