From: Jim Meyering <jim@meyering.net>
Date: Mon, 11 Oct 2010 15:41:16 +0000 (+0200)
Subject: mailmap: fix use of freed memory
X-Git-Tag: v1.7.3.3~14^2~2
X-Git-Url: https://git.lorimer.id.au/gitweb.git/diff_plain/d8d2eb7d6b5e48c2bcb0e71a770f8a05375ac03e?hp=d8d2eb7d6b5e48c2bcb0e71a770f8a05375ac03e

mailmap: fix use of freed memory

On an x86_64 system (F13-based), I ran these commands in an empty directory:

git init
printf '%s\n' \
'<jdoe@example.com> <jdoe@example.COM>' \
'John <jdoe@example.com>' > .mailmap
git shortlog < /dev/null

Here's the result:

(reading log message from standard input)
*** glibc detected *** git: free(): invalid pointer: 0x0000000000f53730 ***
======= Backtrace: =========
/lib64/libc.so.6[0x31ba875676]
git[0x48c2a5]
git[0x4b9858]
...
zsh: abort (core dumped)  git shortlog

What happened?

Some .mailmap entry is of the <email1> <email2> form,
while a subsequent one looks like "User Name <Email2>,
and the two email addresses on the right are not identical
but are "equal" when using a case-insensitive comparator.

Then, when add_mapping is processing the latter line, new_email is NULL
and we free me->email, yet do not replace it with a new strdup'd string.
Thus, when later we attempt to use the buffer behind that ->email pointer,
we reference freed memory.

The solution is to free ->email and ->name only if we're about to replace them.

[jc: squashed in the tests from Jonathan]

Signed-off-by: Jim Meyering <meyering@redhat.com>
Signed-off-by: Jonathan Nieder <jrnieder@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
---