Merge branch 'js/fsmonitor-unpack-fix'

The data structure used by fsmonitor interface was not properly duplicated during an in-core merge, leading to use-after-free etc. * js/fsmonitor-unpack-fix: fsmonitor: do not forget to release the token in `discard_index()` fsmonitor: fix memory corruption in some corner cases
4 years ago · 1dd4e74522
2 changed files with 3 additions and 2 deletions
--- a/read-cache.c
+++ b/read-cache.c
@ -2373,6 +2373,7 @@ int discard_index(struct index_state *istate)
				@@ -2373,6 +2373,7 @@ int discard_index(struct index_state *istate)
 	cache_tree_free(&(istate->cache_tree));
 	istate->initialized = 0;
 	istate->fsmonitor_has_run_once = 0;
+	FREE_AND_NULL(istate->fsmonitor_last_update);
 	FREE_AND_NULL(istate->cache);
 	istate->cache_alloc = 0;
 	discard_split_index(istate);
--- a/unpack-trees.c
+++ b/unpack-trees.c
@ -1612,8 +1612,8 @@ int unpack_trees(unsigned len, struct tree_desc *t, struct unpack_trees_options
				@@ -1612,8 +1612,8 @@ int unpack_trees(unsigned len, struct tree_desc *t, struct unpack_trees_options
 	o->merge_size = len;
 	mark_all_ce_unused(o->src_index);

-	if (o->src_index->fsmonitor_last_update)
-		o->result.fsmonitor_last_update = o->src_index->fsmonitor_last_update;
+	o->result.fsmonitor_last_update =
+		xstrdup_or_null(o->src_index->fsmonitor_last_update);

 	/*
 	 * Sparse checkout loop #1: set NEW_SKIP_WORKTREE on existing entries