[prev in list] [next in list] [prev in thread] [next in thread] 

List:       cgit
Subject:    SEGV in cgit-1.2.3 on following logs of a nonexistent file with cache
From:       Marko Zajc <marko () zajc ! eu ! org>
Date:       2023-06-25 2:46:44
Message-ID: 6615b2e7-625b-93d5-76dd-5c5185dfd3b3 () zajc ! eu ! org
[Download RAW message or body]

[Attachment #2 (multipart/mixed)]

[Attachment #4 (multipart/mixed)]

[Attachment #6 (text/plain)]

Dear cgit developers,

I would like to report a segmentation fault in cgit that can be 
reproduced with the following steps:

1. Set `enable-follow-links` to `1`
2. Set `cache-size` to a non-zero value. I'm not sure if this only
    occurs on specific values, but I've tried a few numbers in the 1 –
    10000 range and they all cause this to happen
3. Have cgit installed and active at least one repository
4. Try following the log of a file that doesn't exist, for example
    `https://git.zx2c4.com/cgit/log/file-that-doesnt-exist?follow=1`

On certain repositories, I am able to consistently reproduce this with 
the above steps, but others seem unaffected. Changing the `cache-size` 
value between 1 and N does not seem to change which repositories are 
affected, but I didn't try that on a very large sample size. For example:

  * git://zajc.eu.org/xheadset.git *is not affected* by this, but
  * git://zajc.eu.org/gogarchiver.git *is affected*

I don't have the stack trace, but I can try getting one in case you're 
unable to reproduce this issue.

I am using Debian 12's build of cgit 1.2.3. I have disabled 
`enable-follow-links` on my own website, so it won't exhibit this behaviour.

- Marko Zajc


["OpenPGP_0xD763FF6BE6F2A7AA_and_old_rev.asc" (application/pgp-keys)]
["OpenPGP_signature.asc" (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]