From: Junio C Hamano <gitster@pobox.com>
To: Taylor Blau <me@ttaylorr.com>
Cc: Tribo Dar <3bodar@gmail.com>, git@vger.kernel.org
Subject: Re: [BUG] Segmentation fault in git v2.41.0.rc1
Date: Thu, 25 May 2023 05:25:54 +0900 [thread overview]
Message-ID: <xmqqttw1fpd9.fsf@gitster.g> (raw)
In-Reply-To: <ZG4jcceXn2G6Xic0@nand.local> (Taylor Blau's message of "Wed, 24 May 2023 10:47:13 -0400")
Taylor Blau <me@ttaylorr.com> writes:
> which points to e0a862fdaf (submodule helper: convert relative URL to
> absolute URL if needed, 2018-10-16) as the culprit.
Whew, that is fairly ancient. I was afraid if we have another
regression, but it does not look that way. Fixing is certainly good
and we'd need to eventually get to it, but we have luxury to make
sure that the fix is sound without having to rush anything ;-)
In the meantime, "if it hurts, don't do it" is what we can say.
Telling random users to muck with their config in certain ways that
violate the way how the system represents (un-)initialized
submodules and then to run certain command to induce a NULL pointer
dereference is rather an ineffective social engineering as an attack
vector, so this is not urgent in that sense.
I am more worried that the original report talked about mucking with
the in-tree .gitmodules file affects the result, though. Once a
submodule is initialized, what is in the file for that submodule
should not affect the working of local Git (otherwise the file can
be used as a route to inject stuff to unsuspecting repositories),
but in this case apparently it does?
Thanks.
prev parent reply other threads:[~2023-05-24 20:26 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-05-24 6:59 [BUG] Segmentation fault in git v2.41.0.rc1 Tribo Dar
2023-05-24 14:47 ` Taylor Blau
2023-05-24 16:02 ` [PATCH] builtin/submodule--helper.c: handle missing submodule URLs Taylor Blau
2023-05-24 16:25 ` [PATCH v2] " Taylor Blau
2023-05-24 18:48 ` Eric Sunshine
2023-05-24 19:50 ` Taylor Blau
2023-05-24 19:51 ` [PATCH v3] " Taylor Blau
2023-05-24 20:29 ` René Scharfe
2023-05-24 20:36 ` Taylor Blau
2023-05-24 20:33 ` Jeff King
2023-05-24 22:58 ` [PATCH] " Jeff King
2023-05-24 20:25 ` Junio C Hamano [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=xmqqttw1fpd9.fsf@gitster.g \
--to=gitster@pobox.com \
--cc=3bodar@gmail.com \
--cc=git@vger.kernel.org \
--cc=me@ttaylorr.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).