From 71f573da2aff3ace922605320fb576bf3d8117c7 Mon Sep 17 00:00:00 2001
From: Berthold Stoeger <bstoeger@mail.tuwien.ac.at>
Date: Mon, 16 Mar 2020 18:00:20 +0100
Subject: git: return strdup()ed empty string on error in pop_cstring

The pop_cstring() function is used by the git parser to
duplicate a quoted string. On error, it returns an empty
string literal. Since the caller expects a copied string
and takes ownership of that string, it will ultimately
be freed.

Concrete example: a log with erroneous cylinder data was opened
getting such an empty string literal as description. On closing or
syncing with the cloud, the dive is freed, leading to a free
of the string literal -> crash.

Return a copy of the empty string instead.

Signed-off-by: Berthold Stoeger <bstoeger@mail.tuwien.ac.at>
---
 core/load-git.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'core')

diff --git a/core/load-git.c b/core/load-git.c
index 9d36e4e39..e99bc9af0 100644
--- a/core/load-git.c
+++ b/core/load-git.c
@@ -334,11 +334,11 @@ static char *pop_cstring(struct membuffer *str, const char *err)
 
 	if (!str) {
 		report_error("git-load: string marker without any strings ('%s')", err);
-		return "";
+		return strdup("");
 	}
 	if (!str->len) {
 		report_error("git-load: string marker after running out of strings ('%s')", err);
-		return "";
+		return strdup("");
 	}
 	len = strlen(mb_cstring(str)) + 1;
 	return remove_from_front(str, len);
-- 
cgit v1.2.3-70-g09d2