commit 0b570e72a9d79d0b3b0927c99cdbaff8cea86f37
from: Omar Polo <op@omarpolo.com>
date: Tue May 16 22:41:36 2023 UTC

tog: fix segfault in draw_commit

build_refs_str() can succeed returning a NULL string if a commit
has some refs pointing to it but that were all filtered out, resulting
in a NULL-deref.

ok stsp@

commit - d1bd49a9f4cb68bfe8dd012bcf41342bf93135e1
commit + 0b570e72a9d79d0b3b0927c99cdbaff8cea86f37
blob - 25bddbc9c0a8c95dc7b5008c82de519be7d36960
blob + 6d3e738e1220743df1fd30ba6a2779ff5b504e3e
--- tog/tog.c
+++ tog/tog.c
@@ -2401,6 +2401,7 @@ draw_commit(struct tog_view *view, struct got_commit_o
 	struct tog_log_view_state *s = &view->state.log;
 	const struct got_error *err = NULL;
 	char datebuf[12]; /* YYYY-MM-DD + SPACE + NUL */
+	char *refs_str = NULL;
 	char *logmsg0 = NULL, *logmsg = NULL;
 	char *author = NULL;
 	wchar_t *wlogmsg = NULL, *wauthor = NULL;
@@ -2495,13 +2496,13 @@ draw_commit(struct tog_view *view, struct got_commit_o
 
 	/* Prepend reference labels to log message if possible .*/
 	refs = got_reflist_object_id_map_lookup(tog_refs_idmap, id);
-	if (refs) {
-		char *refs_str, *newlogmsg;
-		wchar_t *ws;
-
+	if (refs)
 		err = build_refs_str(&refs_str, refs, id, s->repo);
-		if (err)
-			goto done;
+	if (err)
+		goto done;
+	if (refs_str) {
+		char *newlogmsg;
+		wchar_t *ws;
 	
 		/*
 		 * The length of this wide-char sub-string will be
@@ -2516,10 +2517,8 @@ draw_commit(struct tog_view *view, struct got_commit_o
 
 		if (asprintf(&newlogmsg, "[%s] %s", refs_str, logmsg) == -1) {
 			err = got_error_from_errno("asprintf");
-			free(refs_str);
 			goto done;
 		}
-		free(refs_str);
 
 		free(logmsg0);
 		logmsg0 = newlogmsg;
@@ -2554,6 +2553,7 @@ draw_commit(struct tog_view *view, struct got_commit_o
 done:
 	free(logmsg0);
 	free(wlogmsg);
+	free(refs_str);
 	free(author);
 	free(wauthor);
 	free(line);