search

rust-lang / git2-rs

libgit2 bindings for Rust
https://docs.rs/git2
Apache License 2.0
1.65k stars 381 forks source link

Diff::merge() causes double free #964

Open slack-coder opened 1 year ago

slack-coder commented 1 year ago

The library fails with a double free when merging two Diff's built from buffers. Is this intended to be supported?

Cargo.toml

[dependencies.git2]
version = "0.17.2"
default-features = false
features = ["vendored-libgit2"]
        use git2;

        let diff_a: &str = r#"
diff --git a/README.md b/README.md
index 18fb8328..ce60f40c 100644
--- a/README.md
+++ b/README.md
@@ -4,1 +4,2 @@ componentwise
 reusing
+proverb
"#
        .trim_start();
        let mut diff_a = git2::Diff::from_buffer(diff_a.as_bytes()).unwrap();

        let diff_b: &str = r#"
diff --git a/README.md b/README.md
index 18fb8328..ce60f40c 100644
--- a/README.md
+++ b/README.md
@@ -4,2 +4,3 @@ componentwise
 reusing
 proverb
+offended
"#
        .trim_start();
        let diff_b = git2::Diff::from_buffer(diff_b.as_bytes()).unwrap();

        diff_a.merge(&diff_b).expect("merge diff from buffers");

Results in:

free(): double free detected in tcache 2
error: test failed, to rerun pass `-p radicle-cli --lib`

Edit: simplified example and added Cargo information

cloudhead commented 1 year ago

You may want to open this on libgit2 directly, as the frees are probably coming from there.

ehuss commented 1 year ago

I filed an upstream issue at https://github.com/libgit2/libgit2/issues/6588.