From 246d25b3ce218d2d300f60e75528c2fbe83f8db5 Mon Sep 17 00:00:00 2001 From: Patrick Steinhardt Date: Tue, 7 Jun 2016 08:35:26 +0200 Subject: [PATCH] index: fix NULL pointer access in index_remove_entry When removing an entry from the index by its position, we first retrieve the position from the index's entries and then try to remove the retrieved value from the index map with `DELETE_IN_MAP`. When `index_remove_entry` returns `NULL` we try to feed it into the `DELETE_IN_MAP` macro, which will unconditionally call `idxentry_hash` and then happily dereference the `NULL` entry pointer. Fix the issue by not passing a `NULL` entry into `DELETE_IN_MAP`. --- src/index.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/index.c b/src/index.c index 20ab6a19d..32f585faf 100644 --- a/src/index.c +++ b/src/index.c @@ -505,10 +505,11 @@ static int index_remove_entry(git_index *index, size_t pos) int error = 0; git_index_entry *entry = git_vector_get(&index->entries, pos); - if (entry != NULL) + if (entry != NULL) { git_tree_cache_invalidate_path(index->tree, entry->path); + DELETE_IN_MAP(index, entry); + } - DELETE_IN_MAP(index, entry); error = git_vector_remove(&index->entries, pos); if (!error) {