search

tummychow / git-absorb

git commit --fixup, but automatic
https://crates.io/crates/git-absorb
BSD 3-Clause "New" or "Revised" License
3.35k stars 59 forks source link

bump git2/libgit2-sys locked dependencies #70

Closed karlding closed 1 year ago

karlding commented 1 year ago

There is a double free in libgit2 that is fixed somewhere between v1.0.0 and v1.1.0. This means that the transitive libgit2-sys dependency needs to be after 0.12.14+1.1.0.

This manifests itself via the following error message on certain repositories:

$ git absorb
free(): double free detected in tcache 2
Aborted (core dumped)

Bump git2 to the latest version, which also updates the transitive libgit2-sys (and libgit2) dependency.

Fixes #69

tummychow commented 1 year ago

very interesting, thanks for going to the trouble of bisecting the upstream crate version. https://github.com/libgit2/libgit2/pull/5600 corroborates your analysis. (and, since you asked, there is unfortunately no better way i know of to debug an issue like this. i would say you did all the expected steps - retrieved a core dump from the reproducing repo, opened a debugger on the core dump, convinced yourself that it was upstream, and bisected your way through the versions). i will tag a release for this one since it's a pretty severe error for those that encounter it