diff options
author | John Keeping <john@keeping.me.uk> | 2017-02-19 12:27:48 +0000 |
---|---|---|
committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2017-08-10 16:05:07 +0200 |
commit | 1b4ef6783a71962f8b5da3a23f2830f0f0f55ea0 (patch) | |
tree | 37faf12c4a5d56ec24a886bb82956d206a6f3a57 /contrib/hooks/post-receive.agefile | |
parent | ui-atom: properly escape delimiter in page link (diff) | |
download | cgit-pink-1b4ef6783a71962f8b5da3a23f2830f0f0f55ea0.tar.gz cgit-pink-1b4ef6783a71962f8b5da3a23f2830f0f0f55ea0.zip |
ui-shared: don't print path crumbs without a repo
cgit_print_path_crumbs() can call repolink() which assumes that ctx.repo is non-null. Currently we don't have any commands that set want_vpath without also setting want_repo so it shouldn't be possible to fail this test, but the check in cgit.c is in the wrong order so it is possible to specify a query string like "?p=log&path=foo/bar" to end up here without a valid repository. This was found by American fuzzy lop [0]. [0] http://lcamtuf.coredump.cx/afl/ Signed-off-by: John Keeping <john@keeping.me.uk>
Diffstat (limited to 'contrib/hooks/post-receive.agefile')
0 files changed, 0 insertions, 0 deletions