Skip to content

Fix the null reference vulnerability.#7052

Merged
ethomson merged 2 commits into
libgit2:mainfrom
QiuYitai:main
May 6, 2026
Merged

Fix the null reference vulnerability.#7052
ethomson merged 2 commits into
libgit2:mainfrom
QiuYitai:main

Conversation

@QiuYitai
Copy link
Copy Markdown
Contributor

@QiuYitai QiuYitai commented Mar 17, 2025

Hello,
Our team has recently been conducting research on a null-pointer-dereference (NPD) vulnerability detection tool and used it to scan libgit2 (the version on the master branch). After a manual review, we have identified some potentially vulnerable code snippets that may lead to null-pointer-dereference bugs.
The NULL Dereference vulnerability happens in int checkout_count_callback(), tests/libgit2/checkout/checkout_helpers.c
How the NULL Pointer Dereference happens:

  1. When workdir, baseline and target are null.
  2. Dereference of NULL variable baseline in baseline->path
int checkout_count_callback(
    git_checkout_notify_t why,
    const char *path,
    const git_diff_file *baseline,
    const git_diff_file *target,
    const git_diff_file *workdir,
    void *payload)
{
    checkout_counts *ct = payload;

    GIT_UNUSED(baseline); GIT_UNUSED(target); GIT_UNUSED(workdir);

    if (why & GIT_CHECKOUT_NOTIFY_CONFLICT) {
        ct->n_conflicts++;

=>      if (ct->debug) {
=>          if (workdir) { //false
               ......
            } else {
=>              if (baseline) {//false
                    ......
                } else {
=>                  if (target)//false
                        ......
                    else
                        fprintf(stderr, "How can a nonexistent file be a conflict (%s)\n", path);
                }
            }
        }
    }

    if (why & GIT_CHECKOUT_NOTIFY_DIRTY) {
        ct->n_dirty++;

        if (ct->debug) {
            if (workdir)
                fprintf(stderr, "M %s\n", workdir->path);
=>          else 
=>              fprintf(stderr, "D %s\n", baseline->path);
        }
    }

    .......
}

@ethomson
Copy link
Copy Markdown
Member

ethomson commented Jun 5, 2025

I'm pleased that your tool was only able to find a potential null reference vulnerability in some test code. 😁

ethomson
ethomson reviewed Jun 5, 2025
View reviewed changes
Comment thread tests/libgit2/checkout/checkout_helpers.c Outdated
@ethomson ethomson merged commit 3a244c6 into libgit2:main May 6, 2026
19 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ethomson ethomson ethomson left review comments

+1 more reviewer

@scutuatua-crypto scutuatua-crypto scutuatua-crypto approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@QiuYitai @ethomson @scutuatua-crypto