From: Derrick Stolee <stolee@gmail.com>
To: Phillip Wood via GitGitGadget <gitgitgadget@gmail.com>,
git@vger.kernel.org
Cc: "Derrick Stolee" <dstolee@microsoft.com>,
"René Scharfe" <l.s.r@web.de>, "Elijah Newren" <newren@gmail.com>,
"Johannes Schindelin" <Johannes.Schindelin@gmx.de>,
"Junio C Hamano" <gitster@pobox.com>,
"Phillip Wood" <phillip.wood@dunelm.org.uk>
Subject: Re: [PATCH v2] sparse index: fix use-after-free bug in cache_tree_verify()
Date: Thu, 7 Oct 2021 09:35:04 -0400 [thread overview]
Message-ID: <a5011892-1dfe-31ab-12fe-d586eb0e9dbd@gmail.com> (raw)
In-Reply-To: <pull.1053.v2.git.1633600244854.gitgitgadget@gmail.com>
On 10/7/2021 5:50 AM, Phillip Wood via GitGitGadget wrote:
> From: Phillip Wood <phillip.wood@dunelm.org.uk>
>
> In a sparse index it is possible for the tree that is being verified
> to be freed while it is being verified. This happens when the index is
> sparse but the cache tree is not and index_name_pos() looks up a path
> from the cache tree that is a descendant of a sparse index entry. That
> triggers a call to ensure_full_index() which frees the cache tree that
> is being verified. Carrying on trying to verify the tree after this
> results in a use-after-free bug. Instead restart the verification if a
> sparse index is converted to a full index. This bug is triggered by a
> call to reset_head() in "git rebase --apply". Thanks to René Scharfe
> and Derick Stolee for their help analyzing the problem.
nit: s/Derick/Derrick/
Otherwise, this version looks good to me. Thanks for putting the last
bit of polish on it.
I'm taking this patch into our microsoft/git fork as we speak [1].
[1] https://github.com/microsoft/git/pull/439
Thanks,
-Stolee
next prev parent reply other threads:[~2021-10-07 13:35 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-06 9:29 [PATCH] [RFC] sparse index: fix use-after-free bug in cache_tree_verify() Phillip Wood via GitGitGadget
2021-10-06 11:20 ` Derrick Stolee
2021-10-06 14:01 ` Phillip Wood
2021-10-06 14:19 ` Derrick Stolee
2021-10-06 19:17 ` Junio C Hamano
2021-10-06 20:43 ` Derrick Stolee
2021-10-07 9:50 ` [PATCH v2] " Phillip Wood via GitGitGadget
2021-10-07 13:35 ` Derrick Stolee [this message]
2021-10-07 14:59 ` Phillip Wood
2021-10-07 13:53 ` Derrick Stolee
2021-10-07 15:05 ` Phillip Wood
2021-10-07 15:44 ` Derrick Stolee
2021-10-07 17:59 ` Phillip Wood
2021-10-07 18:07 ` [PATCH v3] " Phillip Wood via GitGitGadget
2021-10-07 21:23 ` Junio C Hamano
2021-10-08 9:09 ` Phillip Wood
2021-10-08 18:53 ` Derrick Stolee
2021-10-08 19:57 ` Junio C Hamano
2021-10-14 13:34 ` Phillip Wood
2021-10-14 16:42 ` Junio C Hamano
2021-10-08 9:38 ` Bagas Sanjaya
2021-10-14 9:40 ` Phillip Wood
2021-10-16 9:07 ` [PATCH v4] " Phillip Wood via GitGitGadget
2021-10-17 5:38 ` Junio C Hamano
2021-10-17 19:35 ` Derrick Stolee
2021-10-18 9:37 ` Phillip Wood
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=a5011892-1dfe-31ab-12fe-d586eb0e9dbd@gmail.com \
--to=stolee@gmail.com \
--cc=Johannes.Schindelin@gmx.de \
--cc=dstolee@microsoft.com \
--cc=git@vger.kernel.org \
--cc=gitgitgadget@gmail.com \
--cc=gitster@pobox.com \
--cc=l.s.r@web.de \
--cc=newren@gmail.com \
--cc=phillip.wood@dunelm.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.