From 390431c322b3badf7850a5653c8a126c30f95deb Mon Sep 17 00:00:00 2001 From: Adam Niedzielski Date: Wed, 1 Feb 2017 17:31:31 +0100 Subject: [PATCH 1/2] revwal: add failing test for walking with topo-sort --- tests/revwalk/basic.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/tests/revwalk/basic.c b/tests/revwalk/basic.c index 89140bc54..572035c85 100644 --- a/tests/revwalk/basic.c +++ b/tests/revwalk/basic.c @@ -331,6 +331,20 @@ void test_revwalk_basic__hide_then_push(void) cl_assert_equal_i(i, 0); } +void test_revwalk_basic__topo_crash(void) +{ + git_oid oid; + git_oid_fromstr(&oid, "5b5b025afb0b4c913b4c338a42934a3863bf3644"); + + revwalk_basic_setup_walk(NULL); + git_revwalk_sorting(_walk, GIT_SORT_TOPOLOGICAL); + + cl_git_pass(git_revwalk_push(_walk, &oid)); + cl_git_pass(git_revwalk_hide(_walk, &oid)); + + git_revwalk_next(&oid, _walk); +} + void test_revwalk_basic__push_range(void) { revwalk_basic_setup_walk(NULL); From f47db3c799b4f6b63ee8021e0c93d00d5f125c9a Mon Sep 17 00:00:00 2001 From: Patrick Steinhardt Date: Thu, 2 Feb 2017 16:02:57 +0100 Subject: [PATCH 2/2] vector: do not reverse a vector if it is empty The code reversing a vector initially determines the rear-pointer by simply subtracting 1 from the vector's length. Obviously, this fails if the vector is empty, in which case we have an integer overflow. Fix the issue by returning early if the vector is empty. --- src/vector.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/vector.c b/src/vector.c index baec8036f..620a1f56c 100644 --- a/src/vector.c +++ b/src/vector.c @@ -406,6 +406,9 @@ void git_vector_reverse(git_vector *v) { size_t a, b; + if (v->length == 0) + return; + a = 0; b = v->length - 1;