commit-reach: avoid NULL dereference

Eric Wong · gitster · commit c5773dc078f0 · 2023-02-11T11:36:24.000-08:00
The loop at the top of can_all_from_reach_with_flag() already
accounts for `from-&gt;objects[i].item' being NULL, so it follows
the cleanup loop should also account for a NULL `from_one'.

I managed to segfault here on one of my giant, many-remote repos
using `git fetch --negotiation-tip=...  --negotiation-only'
where the --negotiation-tip= argument was a glob which (inadvertently)
captured more refs than I wanted.  I have not reproduced this
in a standalone test case.

Signed-off-by: Eric Wong &lt;e@80x24.org&gt;
Signed-off-by: Junio C Hamano &lt;gitster@pobox.com&gt;
diff --git a/commit-reach.c b/commit-reach.c
@@ -628,8 +628,12 @@ int can_all_from_reach_with_flag(struct object_array *from,
 	}
 	free(list);
 
-	for (i = 0; i < from->nr; i++)
-		from->objects[i].item->flags &= ~assign_flag;
+	for (i = 0; i < from->nr; i++) {
+		struct object *from_one = from->objects[i].item;
+
+		if (from_one)
+			from_one->flags &= ~assign_flag;
+	}
 
 	return result;
 }

Original file line number	Diff line number	Diff line change
`@@ -628,8 +628,12 @@ int can_all_from_reach_with_flag(struct object_array *from,`
`628`	`628`	`}`
`629`	`629`	`free(list);`
`630`	`630`
`631`		`- for (i = 0; i < from->nr; i++)`
`632`		`- from->objects[i].item->flags &= ~assign_flag;`
	`631`	`+ for (i = 0; i < from->nr; i++) {`
	`632`	`+ struct object *from_one = from->objects[i].item;`
	`633`	`+`
	`634`	`+ if (from_one)`
	`635`	`+ from_one->flags &= ~assign_flag;`
	`636`	`+ }`
`633`	`637`
`634`	`638`	`return result;`
`635`	`639`	`}`