commit 6484ec902f492ae83dcba7c4308aca99c149c6b7
from: Stefan Sperling <stsp@stsp.name>
date: Sat Sep 29 12:20:27 2018 UTC

fix a use after free in tog tree view

commit - 5036bf3733fae65f40cdc01cc2150ec88fdc7321
commit + 6484ec902f492ae83dcba7c4308aca99c149c6b7
blob - 78fbabbe780325781f33ac15d82be15a129bc8d0
blob + 4da4aa2741e2f8ee8cc25bc5138214def658285d
--- tog/tog.c
+++ tog/tog.c
@@ -2796,7 +2796,11 @@ open_tree_view(struct tog_view *view, struct got_tree_
 	s->root = s->tree = root;
 	s->entries = got_object_tree_get_entries(root);
 	s->first_displayed_entry = SIMPLEQ_FIRST(&s->entries->head);
-	s->commit_id = commit_id;
+	s->commit_id = got_object_id_dup(commit_id);
+	if (s->commit_id == NULL) {
+		err = got_error_from_errno();
+		goto done;
+	}
 	s->repo = repo;
 
 	view->show = show_tree_view;
@@ -2804,8 +2808,10 @@ open_tree_view(struct tog_view *view, struct got_tree_
 	view->close = close_tree_view;
 done:
 	free(commit_id_str);
-	if (err)
+	if (err) {
 		free(s->tree_label);
+		s->tree_label = NULL;
+	}
 	return err;
 }
 
@@ -2815,6 +2821,9 @@ close_tree_view(struct tog_view *view)
 	struct tog_tree_view_state *s = &view->state.tree;
 
 	free(s->tree_label);
+	s->tree_label = NULL;
+	free(s->commit_id);
+	s->commit_id = NULL;
 	while (!TAILQ_EMPTY(&s->parents)) {
 		struct tog_parent_tree *parent;
 		parent = TAILQ_FIRST(&s->parents);