commit b7045a4dd319c7794f8b3e7fcec3cf1fa06be040 from: Mark Jamsek date: Tue Dec 31 14:05:31 2024 UTC fix NULL deref when scrolling small tog tree views down In the rare case a tree view is smaller than four lines in height, the last_displayed_entry is NULL. Check this condition on a scroll down event with j/down arrow or ^f/pgdn to guard a NULL got_tree_entry from being passed to got_tree_entry_get_next() where it is dereferenced. And add a test case covering this path. ok stsp@ commit - 6bdea1b4f0eadfdbbcb9d9b9aa0645b52501273f commit + b7045a4dd319c7794f8b3e7fcec3cf1fa06be040 blob - 0fcbbd78a8afe17bd2f12a187cecec268453d4ea blob + 381950ee222f7b284d4a41b67b5b08dde376678a --- regress/tog/tree.sh +++ regress/tog/tree.sh @@ -340,10 +340,43 @@ test_tree_commit_keywords() fi test_done "$testroot" "$ret" } + +test_tree_insufficient_height() +{ + test_init tree_insufficient_height 120 3 + + local id=$(git_show_head $testroot/repo) + + # Cover the path that guards a NULL dereference when scrolling + # down in a tree view too small to display any tree entries. + cat <<-EOF >$TOG_TEST_SCRIPT + j attempt to scroll down + f + SCREENDUMP + EOF + cat <<-EOF >$testroot/view.expected + commit $id + [1/4] / + + EOF + + cd $testroot/repo && tog tree + cmp -s $testroot/view.expected $testroot/view + ret=$? + if [ $ret -ne 0 ]; then + diff -u $testroot/view.expected $testroot/view + test_done "$testroot" "$ret" + return 1 + fi + + test_done "$testroot" "$ret" +} + test_parseargs "$@" run_test test_tree_basic run_test test_tree_vsplit_blame run_test test_tree_hsplit_blame run_test test_tree_symlink run_test test_tree_commit_keywords +run_test test_tree_insufficient_height blob - e31dd5f281a3090496215529ba601df0b1b29849 blob + e8031edb015e8f848ba06221e89e864108afdd00 --- tog/tog.c +++ tog/tog.c @@ -9671,7 +9671,8 @@ input_tree_view(struct tog_view **new_view, struct tog s->selected++; break; } - if (got_tree_entry_get_next(s->tree, s->last_displayed_entry) + if (s->last_displayed_entry == NULL || + got_tree_entry_get_next(s->tree, s->last_displayed_entry) == NULL) { /* can't scroll any further */ view->count = 0; @@ -9687,7 +9688,8 @@ input_tree_view(struct tog_view **new_view, struct tog case CTRL('f'): case 'f': case ' ': - if (got_tree_entry_get_next(s->tree, s->last_displayed_entry) + if (s->last_displayed_entry == NULL || + got_tree_entry_get_next(s->tree, s->last_displayed_entry) == NULL) { /* can't scroll any further; move cursor down */ if (s->selected < s->ndisplayed - 1)