David Turner <[email protected]> writes: > Stop reusing cache_entry in dir_entry; doing so causes a > use-after-free bug. > > During merges, we free entries that we no longer need in the > destination index. But those entries might have also been stored in > the dir_entry cache, and when a later call to add_to_index found them, > they would be used after being freed. > > To prevent this, change dir_entry to store a copy of the name instead > of a pointer to a cache_entry. This entails some refactoring of code > that expects the cache_entry. > > Keith McGuigan <[email protected]> diagnosed this bug and wrote > the initial patch, but this version does not use any of Keith's code. > > Helped-by: Keith McGuigan <[email protected]> > Helped-by: Junio C Hamano <[email protected]> > Signed-off-by: David Turner <[email protected]> > ---
The patch looks good to me. Will replace the ce-refcnt one with this. Thanks for following it through. -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
