Avoid null pointer dereference in cgit_print_diff().

When calling cgit_print_diff() with a bad new_rev and a NULL old_rev, checking for new_rev's parent commit will result in a null pointer dereference. Returning on an invalid commit before dereferencing fixes this. Spotted with clang-analyzer. Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de> Signed-off-by: Lars Hjemli <hjemli@gmail.com>
author: Lukas Fleischer <cgit@cryptocrack.de> 2011-04-05 08:38:53 (UTC)
committer: Lars Hjemli <hjemli@gmail.com> 2011-05-23 20:58:35 (UTC)
commit: 9afc883297b0d0943e9b358d2299950f33e8e5ed (patch) (unidiff)
tree: 27e81428c0a6ad4bbdf5633fc95b946b4a631d30 /ui-diff.c
parent: a0bf375a1a9b74056a913f3687c6f5b42ad4acf6 (diff)
download: cgit-9afc883297b0d0943e9b358d2299950f33e8e5ed.zip
cgit-9afc883297b0d0943e9b358d2299950f33e8e5ed.tar.gz
cgit-9afc883297b0d0943e9b358d2299950f33e8e5ed.tar.bz2
1 files changed, 6 insertions, 2 deletions
diff --git a/ui-diff.c b/ui-diff.c
index a7bc667..d21541b 100644
--- a/ui-diff.c
+++ b/ui-diff.c
@@ -156,231 +156,235 @@ static void inspect_filepair(struct diff_filepair *pair)
        items[files-1].added = lines_added;
        items[files-1].removed = lines_removed;
        items[files-1].old_size = old_size;
        items[files-1].new_size = new_size;
        items[files-1].binary = binary;
        if (lines_added + lines_removed > max_changes)
                max_changes = lines_added + lines_removed;
        total_adds += lines_added;
        total_rems += lines_removed;
 }
 void cgit_print_diffstat(const unsigned char *old_sha1,
                         const unsigned char *new_sha1, const char *prefix)
 {
        int i, save_context = ctx.qry.context;
        html("<div class='diffstat-header'>");
        cgit_diff_link("Diffstat", NULL, NULL, ctx.qry.head, ctx.qry.sha1,
                       ctx.qry.sha2, NULL, 0);
        if (prefix) {
                html(" (limited to '");
                html_txt(prefix);
                html("')");
        }
        html(" (");
        ctx.qry.context = (save_context > 0 ? save_context : 3) << 1;
        cgit_self_link("more", NULL, NULL, &ctx);
        html("/");
        ctx.qry.context = (save_context > 3 ? save_context : 3) >> 1;
        cgit_self_link("less", NULL, NULL, &ctx);
        ctx.qry.context = save_context;
        html(" context)");
        html(" (");
        ctx.qry.ignorews = (ctx.qry.ignorews + 1) % 2;
        cgit_self_link(ctx.qry.ignorews ? "ignore" : "show", NULL, NULL, &ctx);
        ctx.qry.ignorews = (ctx.qry.ignorews + 1) % 2;
        html(" whitespace changes)");
        html("</div>");
        html("<table summary='diffstat' class='diffstat'>");
        max_changes = 0;
        cgit_diff_tree(old_sha1, new_sha1, inspect_filepair, prefix,
                       ctx.qry.ignorews);
        for(i = 0; i<files; i++)
                print_fileinfo(&items[i]);
        html("</table>");
        html("<div class='diffstat-summary'>");
        htmlf("%d files changed, %d insertions, %d deletions",
              files, total_adds, total_rems);
        html("</div>");
 }
 /*
 * print a single line returned from xdiff
 */
 static void print_line(char *line, int len)
 {
        char *class = "ctx";
        char c = line[len-1];
        if (line[0] == '+')
                class = "add";
        else if (line[0] == '-')
                class = "del";
        else if (line[0] == '@')
                class = "hunk";
        htmlf("<div class='%s'>", class);
        line[len-1] = '\0';
        html_txt(line);
        html("</div>");
        line[len-1] = c;
 }
 static void header(unsigned char *sha1, char *path1, int mode1,
                   unsigned char *sha2, char *path2, int mode2)
 {
        char *abbrev1, *abbrev2;
        int subproject;
        subproject = (S_ISGITLINK(mode1) || S_ISGITLINK(mode2));
        html("<div class='head'>");
        html("diff --git a/");
        html_txt(path1);
        html(" b/");
        html_txt(path2);
        if (is_null_sha1(sha1))
                path1 = "dev/null";
        if (is_null_sha1(sha2))
                path2 = "dev/null";
        if (mode1 == 0)
                htmlf("<br/>new file mode %.6o", mode2);
        if (mode2 == 0)
                htmlf("<br/>deleted file mode %.6o", mode1);
        if (!subproject) {
                abbrev1 = xstrdup(find_unique_abbrev(sha1, DEFAULT_ABBREV));
                abbrev2 = xstrdup(find_unique_abbrev(sha2, DEFAULT_ABBREV));
                htmlf("<br/>index %s..%s", abbrev1, abbrev2);
                free(abbrev1);
                free(abbrev2);
                if (mode1 != 0 && mode2 != 0) {
                        htmlf(" %.6o", mode1);
                        if (mode2 != mode1)
                                htmlf("..%.6o", mode2);
                }
                html("<br/>--- a/");
                if (mode1 != 0)
                        cgit_tree_link(path1, NULL, NULL, ctx.qry.head,
                                       sha1_to_hex(old_rev_sha1), path1);
                else
                        html_txt(path1);
                html("<br/>+++ b/");
                if (mode2 != 0)
                        cgit_tree_link(path2, NULL, NULL, ctx.qry.head,
                                       sha1_to_hex(new_rev_sha1), path2);
                else
                        html_txt(path2);
        }
        html("</div>");
 }
 static void print_ssdiff_link()
 {
        if (!strcmp(ctx.qry.page, "diff")) {
                if (use_ssdiff)
                        cgit_diff_link("Unidiff", NULL, NULL, ctx.qry.head,
                                       ctx.qry.sha1, ctx.qry.sha2, ctx.qry.path, 1);
                else
                        cgit_diff_link("Side-by-side diff", NULL, NULL,
                                       ctx.qry.head, ctx.qry.sha1,
                                       ctx.qry.sha2, ctx.qry.path, 1);
        }
 }
 static void filepair_cb(struct diff_filepair *pair)
 {
        unsigned long old_size = 0;
        unsigned long new_size = 0;
        int binary = 0;
        linediff_fn print_line_fn = print_line;
        current_filepair = pair;
        if (use_ssdiff) {
                cgit_ssdiff_header_begin();
                print_line_fn = cgit_ssdiff_line_cb;
        }
        header(pair->one->sha1, pair->one->path, pair->one->mode,
               pair->two->sha1, pair->two->path, pair->two->mode);
        if (use_ssdiff)
                cgit_ssdiff_header_end();
        if (S_ISGITLINK(pair->one->mode) || S_ISGITLINK(pair->two->mode)) {
                if (S_ISGITLINK(pair->one->mode))
                        print_line_fn(fmt("-Subproject %s", sha1_to_hex(pair->one->sha1)), 52);
                if (S_ISGITLINK(pair->two->mode))
                        print_line_fn(fmt("+Subproject %s", sha1_to_hex(pair->two->sha1)), 52);
                if (use_ssdiff)
                        cgit_ssdiff_footer();
                return;
        }
        if (cgit_diff_files(pair->one->sha1, pair->two->sha1, &old_size,
                            &new_size, &binary, ctx.qry.context,
                            ctx.qry.ignorews, print_line_fn))
                cgit_print_error("Error running diff");
        if (binary) {
                if (use_ssdiff)
                        html("<tr><td colspan='4'>Binary files differ</td></tr>");
                else
                        html("Binary files differ");
        }
        if (use_ssdiff)
                cgit_ssdiff_footer();
 }
 void cgit_print_diff(const char *new_rev, const char *old_rev, const char *prefix)
 {
        enum object_type type;
        unsigned long size;
        struct commit *commit, *commit2;
        if (!new_rev)
                new_rev = ctx.qry.head;
        get_sha1(new_rev, new_rev_sha1);
        type = sha1_object_info(new_rev_sha1, &size);
        if (type == OBJ_BAD) {
                cgit_print_error(fmt("Bad object name: %s", new_rev));
                return;
        }
        commit = lookup_commit_reference(new_rev_sha1);
-        if (!commit || parse_commit(commit))
+        if (!commit || parse_commit(commit)) {
                cgit_print_error(fmt("Bad commit: %s", sha1_to_hex(new_rev_sha1)));
+                return;
+        }
        if (old_rev)
                get_sha1(old_rev, old_rev_sha1);
        else if (commit->parents && commit->parents->item)
                hashcpy(old_rev_sha1, commit->parents->item->object.sha1);
        else
                hashclr(old_rev_sha1);
        if (!is_null_sha1(old_rev_sha1)) {
                type = sha1_object_info(old_rev_sha1, &size);
                if (type == OBJ_BAD) {
                        cgit_print_error(fmt("Bad object name: %s", sha1_to_hex(old_rev_sha1)));
                        return;
                }
                commit2 = lookup_commit_reference(old_rev_sha1);
-                if (!commit2 || parse_commit(commit2))
+                if (!commit2 || parse_commit(commit2)) {
                        cgit_print_error(fmt("Bad commit: %s", sha1_to_hex(old_rev_sha1)));
+                        return;
+                }
        }
        if ((ctx.qry.ssdiff && !ctx.cfg.ssdiff) || (!ctx.qry.ssdiff && ctx.cfg.ssdiff))
                use_ssdiff = 1;
        print_ssdiff_link();
        cgit_print_diffstat(old_rev_sha1, new_rev_sha1, prefix);
        if (use_ssdiff) {
                html("<table summary='ssdiff' class='ssdiff'>");
        } else {
                html("<table summary='diff' class='diff'>");
                html("<tr><td>");
        }
        cgit_diff_tree(old_rev_sha1, new_rev_sha1, filepair_cb, prefix,
                       ctx.qry.ignorews);
        if (!use_ssdiff)
                html("</td></tr>");
        html("</table>");
 }
author	Lukas Fleischer <cgit@cryptocrack.de>	2011-04-05 08:38:53 (UTC)
committer	Lars Hjemli <hjemli@gmail.com>	2011-05-23 20:58:35 (UTC)
commit	9afc883297b0d0943e9b358d2299950f33e8e5ed (patch) (unidiff)
tree	27e81428c0a6ad4bbdf5633fc95b946b4a631d30 /ui-diff.c
parent	a0bf375a1a9b74056a913f3687c6f5b42ad4acf6 (diff)
download	cgit-9afc883297b0d0943e9b358d2299950f33e8e5ed.zip cgit-9afc883297b0d0943e9b358d2299950f33e8e5ed.tar.gz cgit-9afc883297b0d0943e9b358d2299950f33e8e5ed.tar.bz2