From 41284eb0f944fe2d73708bb4105a8e3ccd0297df Mon Sep 17 00:00:00 2001 From: David Turner Date: Wed, 21 Oct 2015 13:54:11 -0400 Subject: name-hash: don't reuse cache_entry in dir_entry Stop reusing cache_entry in dir_entry; doing so causes a use-after-free bug. During merges, we free entries that we no longer need in the destination index. But those entries might have also been stored in the dir_entry cache, and when a later call to add_to_index found them, they would be used after being freed. To prevent this, change dir_entry to store a copy of the name instead of a pointer to a cache_entry. This entails some refactoring of code that expects the cache_entry. Keith McGuigan diagnosed this bug and wrote the initial patch, but this version does not use any of Keith's code. Helped-by: Keith McGuigan Helped-by: Junio C Hamano Signed-off-by: David Turner Signed-off-by: Junio C Hamano --- cache.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'cache.h') diff --git a/cache.h b/cache.h index 22b7b81290..1afe5374b9 100644 --- a/cache.h +++ b/cache.h @@ -501,7 +501,8 @@ extern int write_locked_index(struct index_state *, struct lock_file *lock, unsi extern int discard_index(struct index_state *); extern int unmerged_index(const struct index_state *); extern int verify_path(const char *path); -extern struct cache_entry *index_dir_exists(struct index_state *istate, const char *name, int namelen); +extern int index_dir_exists(struct index_state *istate, const char *name, int namelen); +extern void adjust_dirname_case(struct index_state *istate, char *name); extern struct cache_entry *index_file_exists(struct index_state *istate, const char *name, int namelen, int igncase); extern int index_name_pos(const struct index_state *, const char *name, int namelen); #define ADD_CACHE_OK_TO_ADD 1 /* Ok to add */ -- cgit v1.3