update_view_title: Fix NULL dereference at startup#1293
Merged
koutcher merged 2 commits intojonas:masterfrom Oct 21, 2023
Merged
update_view_title: Fix NULL dereference at startup#1293koutcher merged 2 commits intojonas:masterfrom
koutcher merged 2 commits intojonas:masterfrom
Conversation
update_view_title can be called with a `struct view`
where `line` is NULL, and `lines` is 0.
Specifically, along this call stack:
0 update_view_title (view=0x3fdb88 <main_view>) at [...]/tig/src/view.c:690
1 0x0000000000338018 in report_clear () at [...]/tig/src/display.c:565
2 0x00000000003cfe5b in load_view (view=0x3fdb88 <main_view>, prev=0x3fdb88 <main_view>, flags=OPEN_
at [...]/tig/src/view.c:857
3 0x00000000003d0bc0 in open_view (prev=0x0, view=0x3fdb88 <main_view>, flags=OPEN_DEFAULT)
at [...]/tig/src/view.c:894
4 0x00000000003b2932 in open_main_view (prev=0x0, flags=OPEN_DEFAULT) at include/tig/main.h:57
5 0x00000000003b0cca in view_driver (view=0x0, request=REQ_VIEW_MAIN) at [...]/tig/src/tig.c:179
6 0x00000000003af96a in main (argc=1, argv=0x7fffffffddb8) at [...]/tig/src/tig.c:864
Specifically, load_view calls report_clear when `view->lines == 0`,
which calls `update_view_title`, which attempts `&view->line[...]`
on a null `line`.
It's not clear why this doesn't explode today.
I caught it when I ran tig compiled with Zig in debug mode
and it failed with an illegal instruction on the line:
struct line *line = &view->line[view->pos.lineno];
Adding a check for `NULL` or `lines == 0` resolves the issue.
b3a2bc8 to
a82402f
Compare
The prior fix was pretty blunt: return early if line is null. However, line isn't really used unless specific conditions are met. Instead of returning early, add a check for the value of line where it's first used. This also allows reducing the scope of the corresponding variables from function to a specific block.
Collaborator
|
Thanks |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
update_view_title can be called with a
struct viewwhere
lineis NULL, andlinesis 0.Along this call stack:
Specifically, load_view calls report_clear when
view->lines == 0,which calls
update_view_title, which attempts&view->line[...]on a null
line.It's not clear why this doesn't explode today.
I caught it when I ran tig compiled with Zig in debug mode
and it failed with an illegal instruction on the line:
Adding a check for
NULLorlines == 0resolves the issue.