diff options
| author | Johannes Schindelin <johannes.schindelin@gmx.de> | 2025-05-15 13:11:40 +0000 |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2025-05-15 13:46:45 -0700 |
| commit | c607410ada02fce5ee2366b68543736176101295 (patch) | |
| tree | a3442ea5553ea9a03cd21be3309e783d8f7aa8ba | |
| parent | commit: simplify code (diff) | |
| download | git-c607410ada02fce5ee2366b68543736176101295.tar.gz git-c607410ada02fce5ee2366b68543736176101295.zip | |
fetch: carefully clear local variable's address after use
As pointed out by CodeQL, it is a potentially dangerous practice to
store local variables' addresses in non-local structs. Yet this is
exactly what happens with the `acked_commits` attribute that is used in
`cmd_fetch()`: The pointer to a local variable is assigned to it.
Now, it is Git's convention that `cmd_*()` functions are essentially
only returning just before exiting the process, therefore there is
little danger that this attribute is used after the code flow returns
from that function.
However, code in `cmd_*()` function is often so useful that it gets
lifted into a library function, at which point this issue could become a
real problem.
Let's make sure to clear the `acked_commits` attribute out after it was
used, and before the function returns (at which point the address would
go stale).
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
| -rw-r--r-- | builtin/fetch.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/builtin/fetch.c b/builtin/fetch.c index cda6eaf1fd..c1a1434c70 100644 --- a/builtin/fetch.c +++ b/builtin/fetch.c @@ -2560,6 +2560,7 @@ int cmd_fetch(int argc, if (server_options.nr) gtransport->server_options = &server_options; result = transport_fetch_refs(gtransport, NULL); + gtransport->smart_options->acked_commits = NULL; oidset_iter_init(&acked_commits, &iter); while ((oid = oidset_iter_next(&iter))) |