Commit 246d25b3ce218d2d300f60e75528c2fbe83f8db5
2016-06-07T08:35:26
index: fix NULL pointer access in index_remove_entry When removing an entry from the index by its position, we first retrieve the position from the index's entries and then try to remove the retrieved value from the index map with `DELETE_IN_MAP`. When `index_remove_entry` returns `NULL` we try to feed it into the `DELETE_IN_MAP` macro, which will unconditionally call `idxentry_hash` and then happily dereference the `NULL` entry pointer. Fix the issue by not passing a `NULL` entry into `DELETE_IN_MAP`.
diff --git a/src/index.c b/src/index.c
index 20ab6a1..32f585f 100644
--- a/src/index.c
+++ b/src/index.c
@@ -505,10 +505,11 @@ static int index_remove_entry(git_index *index, size_t pos)
int error = 0;
git_index_entry *entry = git_vector_get(&index->entries, pos);
- if (entry != NULL)
+ if (entry != NULL) {
git_tree_cache_invalidate_path(index->tree, entry->path);
+ DELETE_IN_MAP(index, entry);
+ }
- DELETE_IN_MAP(index, entry);
error = git_vector_remove(&index->entries, pos);
if (!error) {