Commit 13deb8745d6b604a7fc45bb7ddee2a2052e80000
2016-06-07T08:35:26
index: fix NULL pointer access in index_remove_entry When removing an entry from the index by its position, we first retrieve the position from the index's entries and then try to remove the retrieved value from the index map with `DELETE_IN_MAP`. When `index_remove_entry` returns `NULL` we try to feed it into the `DELETE_IN_MAP` macro, which will unconditionally call `idxentry_hash` and then happily dereference the `NULL` entry pointer. Fix the issue by not passing a `NULL` entry into `DELETE_IN_MAP`.
diff --git a/src/index.c b/src/index.c
index 20ab6a1..32f585f 100644
--- a/src/index.c
+++ b/src/index.c
@@ -505,10 +505,11 @@ static int index_remove_entry(git_index *index, size_t pos)
int error = 0;
git_index_entry *entry = git_vector_get(&index->entries, pos);
- if (entry != NULL)
+ if (entry != NULL) {
git_tree_cache_invalidate_path(index->tree, entry->path);
+ DELETE_IN_MAP(index, entry);
+ }
- DELETE_IN_MAP(index, entry);
error = git_vector_remove(&index->entries, pos);
if (!error) {