From: Josh Rickmar <openbsd+lists@zettaport.com>
Subject: Prevent segfaulting verifying "lightweight" tags
To: gameoftrees@openbsd.org
Date: Fri, 2 Sep 2022 09:51:27 -0400

Every day is a surprise with git.

diff /home/jrick/src/got
commit - 40831471082f880a26b73987b595a52dc1c93794
path + /home/jrick/src/got
blob - f9bcb1bca8436bc052e3bdeab3be53a13add0a61
file + got/got.c
--- got/got.c
+++ got/got.c
@@ -7043,7 +7043,7 @@ list_tags(struct got_repository *repo, const char *tag
 				break;
 		}
 
-		if (verify_tags) {
+		if (tag && verify_tags) {
 			ssh_sig = got_sigs_get_tagmsg_ssh_signature(
 			    got_object_tag_get_message(tag));
 			if (ssh_sig && allowed_signers == NULL) {
blob - bff93134d3aa7848b5554c7e85bc8e677b51c82d
file + regress/cmdline/tag.sh
--- regress/cmdline/tag.sh
+++ regress/cmdline/tag.sh
@@ -244,6 +244,9 @@ test_tag_list_lightweight() {
 
 	got tag -r $testroot/repo -l > $testroot/stdout
 
+	# test signature validation ignoring lightweight tags
+	got tag -r $testroot/repo -V > $testroot/stdout
+
 	echo "-----------------------------------------------" \
 		> $testroot/stdout.expected
 	echo "tag $tag2 $tag_id2" >> $testroot/stdout.expected