| author | Lukas Fleischer <cgit@cryptocrack.de> | 2011-04-05 08:38:53 (UTC) |
|---|---|---|
| committer | Lars Hjemli <hjemli@gmail.com> | 2011-05-23 20:58:35 (UTC) |
| commit | 9afc883297b0d0943e9b358d2299950f33e8e5ed (patch) (side-by-side diff) | |
| tree | 27e81428c0a6ad4bbdf5633fc95b946b4a631d30 /ui-diff.c | |
| parent | a0bf375a1a9b74056a913f3687c6f5b42ad4acf6 (diff) | |
| download | cgit-9afc883297b0d0943e9b358d2299950f33e8e5ed.zip cgit-9afc883297b0d0943e9b358d2299950f33e8e5ed.tar.gz cgit-9afc883297b0d0943e9b358d2299950f33e8e5ed.tar.bz2 | |
Avoid null pointer dereference in cgit_print_diff().
When calling cgit_print_diff() with a bad new_rev and a NULL old_rev,
checking for new_rev's parent commit will result in a null pointer
dereference. Returning on an invalid commit before dereferencing fixes
this. Spotted with clang-analyzer.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
| -rw-r--r-- | ui-diff.c | 8 |
1 files changed, 6 insertions, 2 deletions
@@ -252,135 +252,139 @@ static void header(unsigned char *sha1, char *path1, int mode1, htmlf("<br/>deleted file mode %.6o", mode1); if (!subproject) { abbrev1 = xstrdup(find_unique_abbrev(sha1, DEFAULT_ABBREV)); abbrev2 = xstrdup(find_unique_abbrev(sha2, DEFAULT_ABBREV)); htmlf("<br/>index %s..%s", abbrev1, abbrev2); free(abbrev1); free(abbrev2); if (mode1 != 0 && mode2 != 0) { htmlf(" %.6o", mode1); if (mode2 != mode1) htmlf("..%.6o", mode2); } html("<br/>--- a/"); if (mode1 != 0) cgit_tree_link(path1, NULL, NULL, ctx.qry.head, sha1_to_hex(old_rev_sha1), path1); else html_txt(path1); html("<br/>+++ b/"); if (mode2 != 0) cgit_tree_link(path2, NULL, NULL, ctx.qry.head, sha1_to_hex(new_rev_sha1), path2); else html_txt(path2); } html("</div>"); } static void print_ssdiff_link() { if (!strcmp(ctx.qry.page, "diff")) { if (use_ssdiff) cgit_diff_link("Unidiff", NULL, NULL, ctx.qry.head, ctx.qry.sha1, ctx.qry.sha2, ctx.qry.path, 1); else cgit_diff_link("Side-by-side diff", NULL, NULL, ctx.qry.head, ctx.qry.sha1, ctx.qry.sha2, ctx.qry.path, 1); } } static void filepair_cb(struct diff_filepair *pair) { unsigned long old_size = 0; unsigned long new_size = 0; int binary = 0; linediff_fn print_line_fn = print_line; current_filepair = pair; if (use_ssdiff) { cgit_ssdiff_header_begin(); print_line_fn = cgit_ssdiff_line_cb; } header(pair->one->sha1, pair->one->path, pair->one->mode, pair->two->sha1, pair->two->path, pair->two->mode); if (use_ssdiff) cgit_ssdiff_header_end(); if (S_ISGITLINK(pair->one->mode) || S_ISGITLINK(pair->two->mode)) { if (S_ISGITLINK(pair->one->mode)) print_line_fn(fmt("-Subproject %s", sha1_to_hex(pair->one->sha1)), 52); if (S_ISGITLINK(pair->two->mode)) print_line_fn(fmt("+Subproject %s", sha1_to_hex(pair->two->sha1)), 52); if (use_ssdiff) cgit_ssdiff_footer(); return; } if (cgit_diff_files(pair->one->sha1, pair->two->sha1, &old_size, &new_size, &binary, ctx.qry.context, ctx.qry.ignorews, print_line_fn)) cgit_print_error("Error running diff"); if (binary) { if (use_ssdiff) html("<tr><td colspan='4'>Binary files differ</td></tr>"); else html("Binary files differ"); } if (use_ssdiff) cgit_ssdiff_footer(); } void cgit_print_diff(const char *new_rev, const char *old_rev, const char *prefix) { enum object_type type; unsigned long size; struct commit *commit, *commit2; if (!new_rev) new_rev = ctx.qry.head; get_sha1(new_rev, new_rev_sha1); type = sha1_object_info(new_rev_sha1, &size); if (type == OBJ_BAD) { cgit_print_error(fmt("Bad object name: %s", new_rev)); return; } commit = lookup_commit_reference(new_rev_sha1); - if (!commit || parse_commit(commit)) + if (!commit || parse_commit(commit)) { cgit_print_error(fmt("Bad commit: %s", sha1_to_hex(new_rev_sha1))); + return; + } if (old_rev) get_sha1(old_rev, old_rev_sha1); else if (commit->parents && commit->parents->item) hashcpy(old_rev_sha1, commit->parents->item->object.sha1); else hashclr(old_rev_sha1); if (!is_null_sha1(old_rev_sha1)) { type = sha1_object_info(old_rev_sha1, &size); if (type == OBJ_BAD) { cgit_print_error(fmt("Bad object name: %s", sha1_to_hex(old_rev_sha1))); return; } commit2 = lookup_commit_reference(old_rev_sha1); - if (!commit2 || parse_commit(commit2)) + if (!commit2 || parse_commit(commit2)) { cgit_print_error(fmt("Bad commit: %s", sha1_to_hex(old_rev_sha1))); + return; + } } if ((ctx.qry.ssdiff && !ctx.cfg.ssdiff) || (!ctx.qry.ssdiff && ctx.cfg.ssdiff)) use_ssdiff = 1; print_ssdiff_link(); cgit_print_diffstat(old_rev_sha1, new_rev_sha1, prefix); if (use_ssdiff) { html("<table summary='ssdiff' class='ssdiff'>"); } else { html("<table summary='diff' class='diff'>"); html("<tr><td>"); } cgit_diff_tree(old_rev_sha1, new_rev_sha1, filepair_cb, prefix, ctx.qry.ignorews); if (!use_ssdiff) html("</td></tr>"); html("</table>"); } |