Re: Null pointer dereference in rerere.c
> I do believe this bug may actually be fixed in master, by 93406a282f > ("rerere: fix crash with files rerere can't handle", 2018-08-05). Do > you by any chance remember if you committed a file that contained > conflict markers during the rebase at some point? I might have, but I am not 100% sure. > The problem I found at the time looked the same as your backtrace > above in any case. Thanks for checking. I will keep the core dump and report back if it ever happens again.
Re: Null pointer dereference in rerere.c
On 09/27, Ruud van Asseldonk wrote: > Hi, > > I just ran into a segmentation fault during a rebase with rerere > enabled. Inspecting the core dump with gdb shows: Thanks for reporting this bug > (gdb) bt > #0 0x55d673375ce0 in do_rerere_one_path (update=0x7fff03c37f30, > rr_item=0x55d6746d0b30) at rerere.c:755 > #1 do_plain_rerere (fd=3, rr=0x7fff03c37ef0) at rerere.c:853 > #2 rerere (flags=flags@entry=0) at rerere.c:918 > #3 0x55d673246b01 in am_resolve (state=0x7fff03c38120) at > builtin/am.c:1901 > #4 cmd_am (argc=, argv=, > prefix=) at builtin/am.c:2394 > #5 0x55d67323f975 in run_builtin (argv=, > argc=, p=) at git.c:346 > #6 handle_builtin (argc=, argv=) at git.c:554 > #7 0x55d6732405e5 in run_argv (argv=0x7fff03c394a0, > argcp=0x7fff03c394ac) at git.c:606 > #8 cmd_main (argc=, argv=) at git.c:683 > #9 0x55d67323f64a in main (argc=4, argv=0x7fff03c396f8) at > common-main.c:43 > (gdb) info locals > path = 0x55d6746d08e0 "" > id = 0x55d6746d01e0 > rr_dir = 0x55d6746ccb80 > variant = > path = > id = > rr_dir = > variant = > both = > vid = > path = > (gdb) print id > $1 = (struct rerere_id *) 0x55d6746d01e0 > (gdb) print id->collection > $2 = (struct rerere_dir *) 0x55d6746ccb80 > (gdb) print id->collection->status > $3 = (unsigned char *) 0x0 > > This is using Git 2.17.1 from the 1:2.17.1-1ubuntu0.1 Ubuntu package. > Looking at the diff between v2.17.1 and master for rerere.c it looks > like the part of the rerere.c where the null pointer dereference > happens has not been touched, so the issue might still be there. > Unfortunately I was unable to reproduce the bug; after removing > .git/MERGE_RR.lock and restarting the rebase, it completed fine. I do believe this bug may actually be fixed in master, by 93406a282f ("rerere: fix crash with files rerere can't handle", 2018-08-05). Do you by any chance remember if you committed a file that contained conflict markers during the rebase at some point? The problem I found at the time looked the same as your backtrace above in any case. Would have been nice if you were able to reproduce it, just to make sure it's not something else we're seeing here. > Please let me know if there is anything I can do to help diagnose the > problem, or whether I should report the bug to Ubuntu instead. > > Kind regards, > > Ruud van Asseldonk
Re: Null pointer dereference in rerere.c
On Thu, Sep 27, 2018 at 10:24 AM Ruud van Asseldonk wrote: > Please let me know if there is anything I can do to help diagnose the > problem. Nothing yet but please keep the core dump. We might be able to dig some more out of it to confirm if we find something suspicious. -- Duy
Null pointer dereference in rerere.c
Hi, I just ran into a segmentation fault during a rebase with rerere enabled. Inspecting the core dump with gdb shows: (gdb) bt #0 0x55d673375ce0 in do_rerere_one_path (update=0x7fff03c37f30, rr_item=0x55d6746d0b30) at rerere.c:755 #1 do_plain_rerere (fd=3, rr=0x7fff03c37ef0) at rerere.c:853 #2 rerere (flags=flags@entry=0) at rerere.c:918 #3 0x55d673246b01 in am_resolve (state=0x7fff03c38120) at builtin/am.c:1901 #4 cmd_am (argc=, argv=, prefix=) at builtin/am.c:2394 #5 0x55d67323f975 in run_builtin (argv=, argc=, p=) at git.c:346 #6 handle_builtin (argc=, argv=) at git.c:554 #7 0x55d6732405e5 in run_argv (argv=0x7fff03c394a0, argcp=0x7fff03c394ac) at git.c:606 #8 cmd_main (argc=, argv=) at git.c:683 #9 0x55d67323f64a in main (argc=4, argv=0x7fff03c396f8) at common-main.c:43 (gdb) info locals path = 0x55d6746d08e0 "" id = 0x55d6746d01e0 rr_dir = 0x55d6746ccb80 variant = path = id = rr_dir = variant = both = vid = path = (gdb) print id $1 = (struct rerere_id *) 0x55d6746d01e0 (gdb) print id->collection $2 = (struct rerere_dir *) 0x55d6746ccb80 (gdb) print id->collection->status $3 = (unsigned char *) 0x0 This is using Git 2.17.1 from the 1:2.17.1-1ubuntu0.1 Ubuntu package. Looking at the diff between v2.17.1 and master for rerere.c it looks like the part of the rerere.c where the null pointer dereference happens has not been touched, so the issue might still be there. Unfortunately I was unable to reproduce the bug; after removing .git/MERGE_RR.lock and restarting the rebase, it completed fine. Please let me know if there is anything I can do to help diagnose the problem, or whether I should report the bug to Ubuntu instead. Kind regards, Ruud van Asseldonk