Bug 1581678
| Summary: | git: Null pointer dereference in git rev-parse with unknown hash | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Florian Weimer <fweimer> |
| Component: | git | Assignee: | Petr Stodulka <pstodulk> |
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 27 | CC: | amahdal, besser82, c.david86, chrisw, jbowes, pstodulk, tmz |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | git-2.14.4-1.fc27 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2018-06-01 12:19:54 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Thanks for the detailed report Florian. I reported this upstream here: https://public-inbox.org/git/20180523195227.GT26695@zaya.teonanacatl.net/T/#u This goes back a long time. The oldest git I tested was 1.8.3.1 from EL6. git-2.14.3-4.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2018-080a3d7866 git-2.14.3-4.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-080a3d7866 git-2.14.4-1.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2018-080a3d7866 git-2.14.4-1.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-080a3d7866 git-2.14.4-1.fc27 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report. |
$ git init Initialized empty Git repository in /tmp/t/.git/ $ git rev-parse ffffffffffffffffffffffffffffffffffffffff^@ Segmentation fault (core dumped) $ rpm -q git git-2.14.3-3.fc27.x86_64 GDB shows this: (gdb) break lookup_commit_reference Breakpoint 1 at 0x555555609f00: lookup_commit_reference. (3 locations) (gdb) r Starting program: /usr/bin/git rev-parse ffffffffffffffffffffffffffffffffffffffff\^@ [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib64/libthread_db.so.1". Breakpoint 1, lookup_commit_reference (oid=oid@entry=0x7fffffffd550) at commit.c:34 34 return lookup_commit_reference_gently(oid, 0); (gdb) finish Run till exit from #0 lookup_commit_reference (oid=oid@entry=0x7fffffffd550) at commit.c:34 try_parent_shorthands (arg=0x7fffffffdd44 'f' <repeats 40 times>) at builtin/rev-parse.c:314 314 include_parents = 1; Value returned is $1 = (struct commit *) 0x0 (gdb) c (gdb) c Continuing. Program received signal SIGSEGV, Segmentation fault. try_parent_shorthands (arg=0x7fffffffdd44 'f' <repeats 40 times>) at builtin/rev-parse.c:345 345 for (parents = commit->parents, parent_number = 1; (gdb) l 336,+15 336 commit = lookup_commit_reference(&oid); 337 if (exclude_parent && 338 exclude_parent > commit_list_count(commit->parents)) { 339 *dotdot = '^'; 340 return 0; 341 } 342 343 if (include_rev) 344 show_rev(NORMAL, &oid, arg); 345 for (parents = commit->parents, parent_number = 1; 346 parents; 347 parents = parents->next, parent_number++) { 348 char *name = NULL; 349 350 if (exclude_parent && parent_number != exclude_parent) 351 continue; Looks like a null pointer check is missing.