From 13deb8745d6b604a7fc45bb7ddee2a2052e80000 Mon Sep 17 00:00:00 2001 From: Patrick Steinhardt Date: Tue, 7 Jun 2016 08:35:26 +0200 Subject: [PATCH] index: fix NULL pointer access in index_remove_entry When removing an entry from the index by its position, we first retrieve the position from the index's entries and then try to remove the retrieved value from the index map with `DELETE_IN_MAP`. When `index_remove_entry` returns `NULL` we try to feed it into the `DELETE_IN_MAP` macro, which will unconditionally call `idxentry_hash` and then happily dereference the `NULL` entry pointer. Fix the issue by not passing a `NULL` entry into `DELETE_IN_MAP`. --- src/index.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/index.c b/src/index.c index 20ab6a19d..32f585faf 100644 --- a/src/index.c +++ b/src/index.c @@ -505,10 +505,11 @@ static int index_remove_entry(git_index *index, size_t pos) int error = 0; git_index_entry *entry = git_vector_get(&index->entries, pos); - if (entry != NULL) + if (entry != NULL) { git_tree_cache_invalidate_path(index->tree, entry->path); + DELETE_IN_MAP(index, entry); + } - DELETE_IN_MAP(index, entry); error = git_vector_remove(&index->entries, pos); if (!error) {