Re: [BUG] git stash show -p with invalid option aborts with double-free in... | git

Re: [BUG] git stash show -p with invalid option aborts with double-free in show_stash() (strvec_clear)

From: Jeff King <hidden>
Date: 2025-09-19 19:56:28

Possibly related (same subject, not in this thread)

2025-09-19 · Re: [BUG] git stash show -p with invalid option aborts with double-free in show_stash() (strvec_clear) · Jeff King <hidden>
2025-09-19 · Re: [BUG] git stash show -p with invalid option aborts with double-free in show_stash() (strvec_clear) · Junio C Hamano <hidden>
2025-09-19 · Re: [BUG] git stash show -p with invalid option aborts with double-free in show_stash() (strvec_clear) · Junio C Hamano <hidden>
2025-09-19 · Re: [BUG] git stash show -p with invalid option aborts with double-free in show_stash() (strvec_clear) · Jeff King <hidden>
2025-09-19 · Re: [BUG] git stash show -p with invalid option aborts with double-free in show_stash() (strvec_clear) · Junio C Hamano <hidden>

On Fri, Sep 19, 2025 at 11:15:13AM -0700, Junio C Hamano wrote:

Jeff King [off-list ref] writes:

quoted

But really, I do not know that we need to NULL the whole thing. We have
given the caller the reduced argc. The only argv invariant we are
violating is that argv[argc] should be NULL (or in this case,
argv[left]). Anything after argv+left should be considered
uninitialized. So just:

  argv[left] = NULL;

would be enough, I'd think.

Even when strvec was passed and more than one element was eaten
after parsing?  strvec_clear() goes by .nr not stopping at the first
NULL IIRC.

Yes, there is a big can of worms here. ;) It turns out that many spots
with strvecs were relying on leaving these entries untouched, and so
setting any of them to NULL causes leaks.

I think I've got it mostly worked out, but that's why I haven't sent
patches yet. Stay tuned.

-Peff

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help