Fix null dereferences on unset format strings #1136
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Why not doing it in one line with: diff --git a/src/argv.c b/src/argv.c
index de0bcf4..27e6d31 100644
--- a/src/argv.c
+++ b/src/argv.c
@@ -472,7 +472,7 @@ argv_format(struct argv_env *argv_env, const char ***dst_argv, const char *src_a
}
}
- return src_argv[argc] == NULL;
+ return src_argv[argc] == NULL && *dst_argv;
} |
krobelus
force-pushed
the
empty-format-nil-deref
branch
2 times, most recently
from
31e6496
to
0b3fa68
Compare
|
Ok the second version does that, which makes things simpler. |
|
I think we shouldn't fail on an empty arg. That should do the trick: diff --git a/src/argv.c b/src/argv.c
index 27e6d31..2fc0d0a 100644
--- a/src/argv.c
+++ b/src/argv.c
@@ -361,7 +361,7 @@ format_append_argv(struct format_context *format, const char ***dst_argv, const
int argc;
if (!src_argv)
- return true;
+ return argv_append(dst_argv, "");
for (argc = 0; src_argv[argc]; argc++)
if (!format_append_arg(format, dst_argv, src_argv[argc])) |
krobelus
force-pushed
the
empty-format-nil-deref
branch
from
0b3fa68
to
fa49e75
Compare
|
Wow how could I miss that! Updated. |
|
I suggest adding the following test case (sorry not the best way to provide this diff). diff --git a/test/regressions/github-1136-test b/test/regressions/github-1136-test
new file mode 100755
index 0000000..25f1271
--- /dev/null
+++ b/test/regressions/github-1136-test
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+. libtest.sh
+. libgit.sh
+
+LINES=10
+
+in_work_dir create_repo_from_tgz "$base_dir/files/scala-js-benchmarks.tgz"
+
+test_case bang-cmdlineargs-doesnt-crash \
+ --args='status' \
+ --script='
+ :!%(cmdlineargs)
+ ' <<EOF
+On branch master
+Changes to be committed:
+ (no files)
+Changes not staged for commit:
+ (no files)
+Untracked files:
+ (no files)
+
+[status] Nothing to update 100%
+EOF
+
+test_case echo-cmdlineargs-doesnt-crash \
+ --args='status' \
+ --script='
+ :echo %(cmdlineargs)
+ ' <<EOF
+On branch master
+Changes to be committed:
+ (no files)
+Changes not staged for commit:
+ (no files)
+Untracked files:
+ (no files)
+
+[status] Nothing to update 100%
+EOF
+
+run_test_cases |
|
If you prefer I can do it after merging. Just wanted to see if this could be tested. |
jonas
approved these changes
Sep 25, 2021
krobelus
force-pushed
the
empty-format-nil-deref
branch
from
fa49e75
to
119638f
Compare
Tig knows three kinds of state variables that encode different information: 1. the state of the view (ARGV_ENV_INFO), like %(commit) 2. the state of the worktree (REPO_INFO), like %(repo:head) 3. the arguments given on the commandline, like %(fileargs) The values exposed by the first two kinds are never null, but most of the third kind default to null. Prior to this commit when trying to format a null value, argv_format() reported success but left the output string as null. Fix this by writing the empty string in format_append_argv(), because current callers (echo) don't really care about the difference between empty and null. Reproduce the null dereferences with :!%(fileargs) :echo %(fileargs) Surprisingly to me, this did not break this example: bind generic aaa !sh -c 'printf "%s\n" "$@" | wc -l' -- line1 %(fileargs) line2 # still prints 2 because of the early return in argv_appendn(). In future we should also fix format_append_arg(), which currently fails on :echo "%(fileargs)" because format_expand_arg() does not receive variables like %(fileargs).
krobelus
force-pushed
the
empty-format-nil-deref
branch
from
119638f
to
a0506d9
Compare
|
Thanks |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Our argv_format() reports success but leaves the output at null
when the input is "%(cmdlineargs)" and the corresponding option
("opt_cmdline_args") is null.
Other callers already check if the output is null, do the same.
Fixes two null dereferences in prompt.c:
I don't know if there is a reproducer for the change in argv.c but
this seems better.