Config Memory Backend Corruption Fix#7232
Merged
Merged
Conversation
Member
|
Thanks for opening this PR, I was puzzling over this last night. |
ethomson
reviewed
Apr 29, 2026
| if ((error = git_config_list_get(&entry, memory_backend->config_list, key)) != 0) | ||
| return error; | ||
|
|
||
| git_config_list_incref(memory_backend->config_list); |
Member
There was a problem hiding this comment.
It feels like this function isn't doing anything special with the config list, it's just using it. I think that anybody using the git_config_list is going to run into this same problem?
If the entry is doing the decref during its git_config_entry_free API... then should git_config_list_get and git_config_list_get_unique do the git_config_list_incref on itself before returning an entry?
It feels like this matches the reference counting behavior between creating / returning the entry, and freeing the entry.
Contributor
Author
There was a problem hiding this comment.
Adjusting git_config_list_get and git_config_list_get_unique would be preferable, but those are also called for the config file backend, where the config_file_take_list is used beforehand which calls `git_config_list_incref', so on the face of it, changing as suggested would require refactoring the config file at the same time which seems higher risk.
For future usages of git_config_list, running into the problem depends on whether the entry free function is setup in the same way, which is currently done externally for both the file and memory backends (by read_on_variable and parse_values), so it seemed appropriate to keep the reference counting external at the same layer, rather than attempting to refactor the config file backend and assume all future usages will setup the entry free function in the same way.
Member
There was a problem hiding this comment.
I see what you mean about risk. This is a bit of a mess, isn't it? I don't feel like I can easily reason about when the reference gets incremented, which is not ideal.
I'm okay taking a tactical fix for the immediate future, but I wonder if we shouldn't consider something more holistic. 🤔
DanielEScherzer
approved these changes
Apr 29, 2026
Contributor
DanielEScherzer
left a comment
There was a problem hiding this comment.
I can confirm that with these two commits cherry-picked on top of ca22574, rust-lang/git2-rs#1226 passes the test that was previously triggering tcache_thread_shutdown(): unaligned tcache chunk detected
Member
|
Thanks for the fix - let's take this now but it's worth thinking about whether this is a bit of a footgun that will bite us again. |
Contributor
Author
|
@ethomson - Thanks for merging 🎉 I agree it's a tactical fix at best - Since your initial response, I've been having another go at a more holistic fix - certainly feels messy, but I'll raise a follow-up PR if I get anywhere with it. |
1 task
netbsd-srcmastr
pushed a commit
to NetBSD/pkgsrc
that referenced
this pull request
May 5, 2026
v1.9.3 This release includes a number of bugfixes and compatibility improvements, particularly around SHA256 support. * cmake: fix linker error when using ninja build generator by @kcsaul in libgit2/libgit2#7249 * Handle redirects with Content-Length: 0 correctly by @ethomson in libgit2/libgit2#7246 * ci: use poxygit v0.8.1 in the tests by @ethomson in libgit2/libgit2#7248 * Zero indexer stats in pack objects by @ethomson in libgit2/libgit2#7243 * submodule: git_index_add_bypath does not move conflict entries to REUC by @lrm29 in libgit2/libgit2#7003 * fix: prevent SSH timeout infinite loop and enable TCP keepalive by @ambv in libgit2/libgit2#7165 * merge_files: avoid UB in xdiff by @ethomson in libgit2/libgit2#7239 * git_merge_file_from_index: handle cases when a child (ours or theirs) is null by @eantoranz in libgit2/libgit2#7092 * cmake: write git.h.tmp to current binary directory by @kcsaul in libgit2/libgit2#7241 * fix(pack): ensure pack_backend__read returns null terminated buffer by @kanru in libgit2/libgit2#7238 * Check object lengths against headers in read_loose by @howtonotwin in libgit2/libgit2#7178 * cmake: don't recreate git2.h unnecessarily by @ethomson in libgit2/libgit2#7234 * Memory Backend Corruption Fix by @kcsaul in libgit2/libgit2#7232 * Fixed a heap-buffer-overflow in the smart_pkt.c:set_data function by @oliverchang in libgit2/libgit2#7118 * fix(transport): get oid_type on local transport by @weihanglo in libgit2/libgit2#7229 * `GIT_REMOTE_DOWNLOAD_TAGS_ALL`: remove stray "the" in docs by @DanielEScherzer in libgit2/libgit2#7228 * fix(clone): propagate object format in local clone by @weihanglo in libgit2/libgit2#7226 * repo: Fix possible null pointer dereference by @csware in libgit2/libgit2#7225 * revparse: Allow `HEAD` abbreviation `@` by @KoviRobi in libgit2/libgit2#7218 * camke: include libssh2 in `Requires.private` in the PC file by @carlosmn in libgit2/libgit2#7215 * futils: fix undefined behavior in O_FSYNC fallback definition by @cehoffman in libgit2/libgit2#7211 * pcre: actually fix dangling-pointer warning by @ethomson in libgit2/libgit2#7206 * pcre: update cmake warnings for non-gcc by @ethomson in libgit2/libgit2#7205 * Fix some warnings with gcc by @ethomson in libgit2/libgit2#7203 * fix: apply insteadOf from global config for detached remotes by @weihanglo in libgit2/libgit2#7195 * Fix `git_index_entry` documentation by @bakersdozen123 in libgit2/libgit2#7192 * config: Fix potential null value passed to %s by @ethomson in libgit2/libgit2#7190 * index: support USE_NSEC=OFF by @ethomson in libgit2/libgit2#7187 * feat(remote): expose `git_remote_oid_type` by @weihanglo in libgit2/libgit2#7185 * fix(smart): keep caps across RPC stream resets by @weihanglo in libgit2/libgit2#7183 * fix wrong comment by @Murmele in libgit2/libgit2#7181 * fix(sha256): pass correct oid type by @weihanglo in libgit2/libgit2#7179 * examples: correct `git_commit_time` comment by @qaqland in libgit2/libgit2#7175 * tests: update to latest clar by @ethomson in libgit2/libgit2#7173 * delta: fix undefined behavior in hdr_sz varint parsing by @Oblivionsage in libgit2/libgit2#7172 * ci: Update macos-13 to macos-14 images on GitHub Actions by @ambv in libgit2/libgit2#7167 * ci: Fix cases of -Werror=discarded-qualifiers raised by @gcc 15.2 by @ambv in libgit2/libgit2#7164 * Use CMAKE_INSTALL_INCLUDEDIR for libgit2package INSTALL_INTERFACE by @aware70 in libgit2/libgit2#7155 * Fix C4703 uninitialized pointer variable warnings by @ShiningMassXAcc in libgit2/libgit2#7154 * test: check the correct filesystem for case-sensitivity by @ambv in libgit2/libgit2#7153 * ci: update ci/docker/fedora to work with Rawhide 44 by @ambv in libgit2/libgit2#7152 * refs: honor REFSPEC_SHORTHAND for multi-segment refs by @roberth in libgit2/libgit2#7148 * config: Fix potential null value passed to %s by @orgads in libgit2/libgit2#7131 * Fix potential access to uninitialized variables by @orgads in libgit2/libgit2#7130 * refspec: Detect DEL character in is_valid_name by @xokdvium in libgit2/libgit2#7120 * Update documentation to clarify that cert cb is always called by @ehuss in libgit2/libgit2#7119 * Update `racy.c` reference by @emmanuel-ferdman in libgit2/libgit2#7091 * Avoid duplicate definition of git_http_auth_dummy. by @JohannesWilde in libgit2/libgit2#7077
netbsd-srcmastr
pushed a commit
to NetBSD/pkgsrc
that referenced
this pull request
May 13, 2026
v1.9.3 This release includes a number of bugfixes and compatibility improvements, particularly around SHA256 support. * cmake: fix linker error when using ninja build generator by @kcsaul in libgit2/libgit2#7249 * Handle redirects with Content-Length: 0 correctly by @ethomson in libgit2/libgit2#7246 * ci: use poxygit v0.8.1 in the tests by @ethomson in libgit2/libgit2#7248 * Zero indexer stats in pack objects by @ethomson in libgit2/libgit2#7243 * submodule: git_index_add_bypath does not move conflict entries to REUC by @lrm29 in libgit2/libgit2#7003 * fix: prevent SSH timeout infinite loop and enable TCP keepalive by @ambv in libgit2/libgit2#7165 * merge_files: avoid UB in xdiff by @ethomson in libgit2/libgit2#7239 * git_merge_file_from_index: handle cases when a child (ours or theirs) is null by @eantoranz in libgit2/libgit2#7092 * cmake: write git.h.tmp to current binary directory by @kcsaul in libgit2/libgit2#7241 * fix(pack): ensure pack_backend__read returns null terminated buffer by @kanru in libgit2/libgit2#7238 * Check object lengths against headers in read_loose by @howtonotwin in libgit2/libgit2#7178 * cmake: don't recreate git2.h unnecessarily by @ethomson in libgit2/libgit2#7234 * Memory Backend Corruption Fix by @kcsaul in libgit2/libgit2#7232 * Fixed a heap-buffer-overflow in the smart_pkt.c:set_data function by @oliverchang in libgit2/libgit2#7118 * fix(transport): get oid_type on local transport by @weihanglo in libgit2/libgit2#7229 * `GIT_REMOTE_DOWNLOAD_TAGS_ALL`: remove stray "the" in docs by @DanielEScherzer in libgit2/libgit2#7228 * fix(clone): propagate object format in local clone by @weihanglo in libgit2/libgit2#7226 * repo: Fix possible null pointer dereference by @csware in libgit2/libgit2#7225 * revparse: Allow `HEAD` abbreviation `@` by @KoviRobi in libgit2/libgit2#7218 * camke: include libssh2 in `Requires.private` in the PC file by @carlosmn in libgit2/libgit2#7215 * futils: fix undefined behavior in O_FSYNC fallback definition by @cehoffman in libgit2/libgit2#7211 * pcre: actually fix dangling-pointer warning by @ethomson in libgit2/libgit2#7206 * pcre: update cmake warnings for non-gcc by @ethomson in libgit2/libgit2#7205 * Fix some warnings with gcc by @ethomson in libgit2/libgit2#7203 * fix: apply insteadOf from global config for detached remotes by @weihanglo in libgit2/libgit2#7195 * Fix `git_index_entry` documentation by @bakersdozen123 in libgit2/libgit2#7192 * config: Fix potential null value passed to %s by @ethomson in libgit2/libgit2#7190 * index: support USE_NSEC=OFF by @ethomson in libgit2/libgit2#7187 * feat(remote): expose `git_remote_oid_type` by @weihanglo in libgit2/libgit2#7185 * fix(smart): keep caps across RPC stream resets by @weihanglo in libgit2/libgit2#7183 * fix wrong comment by @Murmele in libgit2/libgit2#7181 * fix(sha256): pass correct oid type by @weihanglo in libgit2/libgit2#7179 * examples: correct `git_commit_time` comment by @qaqland in libgit2/libgit2#7175 * tests: update to latest clar by @ethomson in libgit2/libgit2#7173 * delta: fix undefined behavior in hdr_sz varint parsing by @Oblivionsage in libgit2/libgit2#7172 * ci: Update macos-13 to macos-14 images on GitHub Actions by @ambv in libgit2/libgit2#7167 * ci: Fix cases of -Werror=discarded-qualifiers raised by @gcc 15.2 by @ambv in libgit2/libgit2#7164 * Use CMAKE_INSTALL_INCLUDEDIR for libgit2package INSTALL_INTERFACE by @aware70 in libgit2/libgit2#7155 * Fix C4703 uninitialized pointer variable warnings by @ShiningMassXAcc in libgit2/libgit2#7154 * test: check the correct filesystem for case-sensitivity by @ambv in libgit2/libgit2#7153 * ci: update ci/docker/fedora to work with Rawhide 44 by @ambv in libgit2/libgit2#7152 * refs: honor REFSPEC_SHORTHAND for multi-segment refs by @roberth in libgit2/libgit2#7148 * config: Fix potential null value passed to %s by @orgads in libgit2/libgit2#7131 * Fix potential access to uninitialized variables by @orgads in libgit2/libgit2#7130 * refspec: Detect DEL character in is_valid_name by @xokdvium in libgit2/libgit2#7120 * Update documentation to clarify that cert cb is always called by @ehuss in libgit2/libgit2#7119 * Update `racy.c` reference by @emmanuel-ferdman in libgit2/libgit2#7091 * Avoid duplicate definition of git_http_auth_dummy. by @JohannesWilde in libgit2/libgit2#7077
netbsd-srcmastr
pushed a commit
to NetBSD/pkgsrc
that referenced
this pull request
May 21, 2026
v1.9.3 This release includes a number of bugfixes and compatibility improvements, particularly around SHA256 support. * cmake: fix linker error when using ninja build generator by @kcsaul in libgit2/libgit2#7249 * Handle redirects with Content-Length: 0 correctly by @ethomson in libgit2/libgit2#7246 * ci: use poxygit v0.8.1 in the tests by @ethomson in libgit2/libgit2#7248 * Zero indexer stats in pack objects by @ethomson in libgit2/libgit2#7243 * submodule: git_index_add_bypath does not move conflict entries to REUC by @lrm29 in libgit2/libgit2#7003 * fix: prevent SSH timeout infinite loop and enable TCP keepalive by @ambv in libgit2/libgit2#7165 * merge_files: avoid UB in xdiff by @ethomson in libgit2/libgit2#7239 * git_merge_file_from_index: handle cases when a child (ours or theirs) is null by @eantoranz in libgit2/libgit2#7092 * cmake: write git.h.tmp to current binary directory by @kcsaul in libgit2/libgit2#7241 * fix(pack): ensure pack_backend__read returns null terminated buffer by @kanru in libgit2/libgit2#7238 * Check object lengths against headers in read_loose by @howtonotwin in libgit2/libgit2#7178 * cmake: don't recreate git2.h unnecessarily by @ethomson in libgit2/libgit2#7234 * Memory Backend Corruption Fix by @kcsaul in libgit2/libgit2#7232 * Fixed a heap-buffer-overflow in the smart_pkt.c:set_data function by @oliverchang in libgit2/libgit2#7118 * fix(transport): get oid_type on local transport by @weihanglo in libgit2/libgit2#7229 * `GIT_REMOTE_DOWNLOAD_TAGS_ALL`: remove stray "the" in docs by @DanielEScherzer in libgit2/libgit2#7228 * fix(clone): propagate object format in local clone by @weihanglo in libgit2/libgit2#7226 * repo: Fix possible null pointer dereference by @csware in libgit2/libgit2#7225 * revparse: Allow `HEAD` abbreviation `@` by @KoviRobi in libgit2/libgit2#7218 * camke: include libssh2 in `Requires.private` in the PC file by @carlosmn in libgit2/libgit2#7215 * futils: fix undefined behavior in O_FSYNC fallback definition by @cehoffman in libgit2/libgit2#7211 * pcre: actually fix dangling-pointer warning by @ethomson in libgit2/libgit2#7206 * pcre: update cmake warnings for non-gcc by @ethomson in libgit2/libgit2#7205 * Fix some warnings with gcc by @ethomson in libgit2/libgit2#7203 * fix: apply insteadOf from global config for detached remotes by @weihanglo in libgit2/libgit2#7195 * Fix `git_index_entry` documentation by @bakersdozen123 in libgit2/libgit2#7192 * config: Fix potential null value passed to %s by @ethomson in libgit2/libgit2#7190 * index: support USE_NSEC=OFF by @ethomson in libgit2/libgit2#7187 * feat(remote): expose `git_remote_oid_type` by @weihanglo in libgit2/libgit2#7185 * fix(smart): keep caps across RPC stream resets by @weihanglo in libgit2/libgit2#7183 * fix wrong comment by @Murmele in libgit2/libgit2#7181 * fix(sha256): pass correct oid type by @weihanglo in libgit2/libgit2#7179 * examples: correct `git_commit_time` comment by @qaqland in libgit2/libgit2#7175 * tests: update to latest clar by @ethomson in libgit2/libgit2#7173 * delta: fix undefined behavior in hdr_sz varint parsing by @Oblivionsage in libgit2/libgit2#7172 * ci: Update macos-13 to macos-14 images on GitHub Actions by @ambv in libgit2/libgit2#7167 * ci: Fix cases of -Werror=discarded-qualifiers raised by @gcc 15.2 by @ambv in libgit2/libgit2#7164 * Use CMAKE_INSTALL_INCLUDEDIR for libgit2package INSTALL_INTERFACE by @aware70 in libgit2/libgit2#7155 * Fix C4703 uninitialized pointer variable warnings by @ShiningMassXAcc in libgit2/libgit2#7154 * test: check the correct filesystem for case-sensitivity by @ambv in libgit2/libgit2#7153 * ci: update ci/docker/fedora to work with Rawhide 44 by @ambv in libgit2/libgit2#7152 * refs: honor REFSPEC_SHORTHAND for multi-segment refs by @roberth in libgit2/libgit2#7148 * config: Fix potential null value passed to %s by @orgads in libgit2/libgit2#7131 * Fix potential access to uninitialized variables by @orgads in libgit2/libgit2#7130 * refspec: Detect DEL character in is_valid_name by @xokdvium in libgit2/libgit2#7120 * Update documentation to clarify that cert cb is always called by @ehuss in libgit2/libgit2#7119 * Update `racy.c` reference by @emmanuel-ferdman in libgit2/libgit2#7091 * Avoid duplicate definition of git_http_auth_dummy. by @JohannesWilde in libgit2/libgit2#7077
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Reproduces and fixes crash when using config memory backend, where the underlying config list is freed when a config entry is, leading to a crash during the next config entry lookup.
Fixes #7219