From: Omar Polo Subject: Re: crash in 'got log' (no reliable way to reproduce) To: Mikhail Cc: gameoftrees@openbsd.org Date: Sat, 01 Apr 2023 13:45:03 +0200 On 2023/04/01 13:04:53 +0300, Mikhail wrote: > core:/sys$ got log -p dev/pci/if_iwx.c | less > /updatechan > n > n > (i suspect next pressings should be done quickly) > > q > > Core is here: https://people.freebsd.org/~misha/got.core Haven't tried to reproduce with this recipe, but looking at the stacktrace it seems that blob is NULL and got_object_blob_close doesn't like it. > Reading symbols from got... > [New process 31956] > Core was generated by `got'. > Program terminated with signal SIGSEGV, Segmentation fault. > #0 0x0000030e9bd80ec5 in got_object_blob_close (blob=0x0) at /home/misha/work/got/got/../lib/object.c:360 > 360 free(blob->read_buf); > gef➤ bt > #0 0x0000030e9bd80ec5 in got_object_blob_close (blob=0x0) at /home/misha/work/got/got/../lib/object.c:360 > #1 0x0000030e9bd6427a in diff_blobs (blob_id1=0x3116c2de400, blob_id2=0x3116c2decc0, path=0x310f0af3480 "//sys/dev/pci/if_iwx.c", diff_context=0x3, ignore_whitespace=0x0, force_text_diff=0x0, dsa=0x0, > repo=0x310bb102460, outfile=0x31158fac818 <__sF+152>) at /home/misha/work/got/got/got.c:3711 So I guess the issue is here. We should guard got_object_blob_close(blob2) like with do with blob1. diff /home/op/w/got commit - e9e0377f452e9d3f600011e0714cc6c779f10bab path + /home/op/w/got blob - a51a450a06ab2800d2fe4a200fc31cc59364dac6 file + got/got.c --- got/got.c +++ got/got.c @@ -3707,9 +3707,10 @@ done: if (blob1) got_object_blob_close(blob1); if (fd2 != -1 && close(fd2) == -1 && err == NULL) err = got_error_from_errno("close"); - got_object_blob_close(blob2); + if (blob2) + got_object_blob_close(blob2); if (f1 && fclose(f1) == EOF && err == NULL) err = got_error_from_errno("fclose"); if (f2 && fclose(f2) == EOF && err == NULL) err = got_error_from_errno("fclose");