parse_object_buffer: correct freeing the buffer
authorStefan Beller <stefanbeller@googlemail.com>
Wed, 17 Jul 2013 22:09:42 +0000 (00:09 +0200)
committerJunio C Hamano <gitster@pobox.com>
Thu, 18 Jul 2013 01:10:51 +0000 (18:10 -0700)
If we exit early in the function parse_object_buffer, we did not
write to *eaten_p. Then the calling function parse_object, which looks
like the following with respect to the eaten variable, cannot rely on a
proper value set in eaten, hence the freeing of the buffer depends
on random values in memory.

struct object *parse_object(const unsigned char *sha1)
{
int eaten;
...
obj = parse_object_buffer(sha1, type, size, buffer, &eaten);
if (!eaten)
free(buffer);
}

This change makes sure, the buffer freeing condition is deterministic.

Signed-off-by: Stefan Beller <stefanbeller@googlemail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
object.c

index 4af3451..5da4e1c 100644 (file)
--- a/object.c
+++ b/object.c
@@ -135,7 +135,7 @@ struct object *lookup_unknown_object(const unsigned char *sha1)
 struct object *parse_object_buffer(const unsigned char *sha1, enum object_type type, unsigned long size, void *buffer, int *eaten_p)
 {
        struct object *obj;
-       int eaten = 0;
+       *eaten_p = 0;
 
        obj = NULL;
        if (type == OBJ_BLOB) {
@@ -154,7 +154,7 @@ struct object *parse_object_buffer(const unsigned char *sha1, enum object_type t
                        if (!tree->object.parsed) {
                                if (parse_tree_buffer(tree, buffer, size))
                                        return NULL;
-                               eaten = 1;
+                               *eaten_p = 1;
                        }
                }
        } else if (type == OBJ_COMMIT) {
@@ -164,7 +164,7 @@ struct object *parse_object_buffer(const unsigned char *sha1, enum object_type t
                                return NULL;
                        if (!commit->buffer) {
                                commit->buffer = buffer;
-                               eaten = 1;
+                               *eaten_p = 1;
                        }
                        obj = &commit->object;
                }
@@ -181,7 +181,6 @@ struct object *parse_object_buffer(const unsigned char *sha1, enum object_type t
        }
        if (obj && obj->type == OBJ_NONE)
                obj->type = type;
-       *eaten_p = eaten;
        return obj;
 }