From 351c6e719ae9c5b97506dde6bc287408b80e87e4 Mon Sep 17 00:00:00 2001 From: Karthik Nayak Date: Wed, 1 Oct 2025 14:17:29 +0200 Subject: refs/ref-cache: fix SEGFAULT when seeking in empty directories The 'cache_ref_iterator_seek()' function is used to seek the `ref_iterator` to the desired reference in the ref-cache mechanism. We use the seeking functionality to implement the '--start-after' flag in 'git-for-each-ref(1)'. When using the files-backend with packed-refs, it is possible that some of the refs directories are empty. For e.g. just after repacking, the 'refs/heads' directory would be empty. The ref-cache seek mechanism, doesn't take this into consideration when descending into a subdirectory, and makes an out of bounds access, causing SEGFAULT as we try to access entries within the directory. Fix this by breaking out of the loop when we enter an empty directory. Since we start with the base directory of 'refs/' which is never empty, it is okay to perform this check after the first iteration in the `do..while` clause. Add tests which simulate this behavior and also provide coverage over using the feature over packed-refs. Helped-by: Junio C Hamano Signed-off-by: Karthik Nayak Signed-off-by: Junio C Hamano --- refs/ref-cache.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'refs/ref-cache.c') diff --git a/refs/ref-cache.c b/refs/ref-cache.c index c180e0aad7..e5e5df16d8 100644 --- a/refs/ref-cache.c +++ b/refs/ref-cache.c @@ -539,7 +539,7 @@ static int cache_ref_iterator_seek(struct ref_iterator *ref_iterator, */ break; } - } while (slash); + } while (slash && dir->nr); } return 0; -- cgit v1.3