ui-shared: don't print path crumbs without a repo
cgit_print_path_crumbs() can call repolink() which assumes that ctx.repo is non-null. Currently we don't have any commands that set want_vpath without also setting want_repo so it shouldn't be possible to fail this test, but the check in cgit.c is in the wrong order so it is possible to specify a query string like "?p=log&path=foo/bar" to end up here without a valid repository. This was found by American fuzzy lop [0]. [0] http://lcamtuf.coredump.cx/afl/ Signed-off-by: John Keeping <john@keeping.me.uk>
This commit is contained in:
父節點
6d3c8bc37f
當前提交
1b4ef6783a
@ -1039,7 +1039,7 @@ void cgit_print_pageheader(void)
|
||||
free(currenturl);
|
||||
}
|
||||
html("</td></tr></table>\n");
|
||||
if (ctx.env.authenticated && ctx.qry.vpath) {
|
||||
if (ctx.env.authenticated && ctx.repo && ctx.qry.vpath) {
|
||||
html("<div class='path'>");
|
||||
html("path: ");
|
||||
cgit_print_path_crumbs(ctx.qry.vpath);
|
||||
|
載入中…
新增問題並參考
Block a user