diff options
| author | Phillip Wood <phillip.wood@dunelm.org.uk> | 2025-05-09 16:22:27 +0000 |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2025-05-09 13:29:23 -0700 |
| commit | 5dbaec628d6dfbdc4db9ac528d2b77cc4286d70a (patch) | |
| tree | cbfd0e10380ed34ae424a17dec1d141b35d1d24b /builtin/commit.c | |
| parent | 74727214639d7d8635f667111f4fd6a3295a18bb (diff) | |
sequencer: rework reflog message handling
It has been reported that "git rebase --rebase-merges" can create
corrupted reflog entries like
e9c962f2ea0 HEAD@{8}: <binary>�: Merged in <branch> (pull request #4441)
This is due to a use-after-free bug that happens because
reflog_message() uses a static `struct strbuf` and is not called to
update the current reflog message stored in `ctx->reflog_message` when
creating the merge. This means `ctx->reflog_message` points to a stale
reflog message that has been freed by subsequent call to
reflog_message() by a command such as `reset` that used the return value
directly rather than storing the result in `ctx->reflog_message`.
Fix this by creating the reflog message nearer to where the commit is
created and storing it in a local variable which is passed as an
additional parameter to run_git_commit() rather than storing the message
in `struct replay_ctx`. This makes it harder to forget to call
`reflog_message()` before creating a commit and using a variable with a
narrower scope means that a stale value cannot carried across a from one
iteration of the loop to the next which should prevent any similar
use-after-free bugs in the future.
A existing test is modified to demonstrate that merges are now created
with the correct reflog message.
Reported-by: Kristoffer Haugsbakk <code@khaugsbakk.name>
Signed-off-by: Phillip Wood <phillip.wood@dunelm.org.uk>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'builtin/commit.c')
0 files changed, 0 insertions, 0 deletions