builtin/blame: destroy initialized commit_info only

Since ea02ffa3 (mailmap: simplify map_user() interface, 2013-01-05),
find_alignment() has been invoking commit_info_destroy() on an
uninitialized auto 'struct commit_info' (when METAINFO_SHOWN is not
set). commit_info_destroy() calls strbuf_release() for each
'commit_info' strbuf member, which randomly invokes free() on
whatever random stack value happens to reside in strbuf.buf, thus
leading to periodic crashes.

Reported-by: Dilyan Palauzov <dilyan.palauzov@aegee.org>
Signed-off-by: Eric Sunshine <sunshine@sunshineco.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

diff --git a/builtin/blame.c b/builtin/blame.c
index 9047b6ef4caa0aa5ca964cdfafdbc19985a3cb25..078285d7d4eb5777cdaa7810d94e5578c394d170 100644 (file)
--- a/builtin/blame.c
+++ b/builtin/blame.c
@@ -1843,7 +1843,6 @@ static void find_alignment(struct scoreboard *sb, int *option)
 
        for (e = sb->ent; e; e = e->next) {
                struct origin *suspect = e->suspect;
-               struct commit_info ci;
                int num;
 
                if (compute_auto_abbrev)
@@ -1854,6 +1853,7 @@ static void find_alignment(struct scoreboard *sb, int *option)
                if (longest_file < num)
                        longest_file = num;
                if (!(suspect->commit->object.flags & METAINFO_SHOWN)) {
+                       struct commit_info ci;
                        suspect->commit->object.flags |= METAINFO_SHOWN;
                        get_commit_info(suspect->commit, &ci, 1);
                        if (*option & OUTPUT_SHOW_EMAIL)
@@ -1862,6 +1862,7 @@ static void find_alignment(struct scoreboard *sb, int *option)
                                num = utf8_strwidth(ci.author.buf);
                        if (longest_author < num)
                                longest_author = num;
+                       commit_info_destroy(&ci);
                }
                num = e->s_lno + e->num_lines;
                if (longest_src_lines < num)
@@ -1871,8 +1872,6 @@ static void find_alignment(struct scoreboard *sb, int *option)
                        longest_dst_lines = num;
                if (largest_score < ent_score(sb, e))
                        largest_score = ent_score(sb, e);
-
-               commit_info_destroy(&ci);
        }
        max_orig_digits = decimal_width(longest_src_lines);
        max_digits = decimal_width(longest_dst_lines);