1 files changed, 44 insertions, 0 deletions

diff --git a/development/cgit/patches/0013-parsing-clear-query-path-before-starting.patch b/development/cgit/patches/0013-parsing-clear-query-path-before-starting.patch
new file mode 100644
index 0000000000..ca20044d93
--- /dev/null
+++ b/development/cgit/patches/0013-parsing-clear-query-path-before-starting.patch
@@ -0,0 +1,44 @@
+From c699866699411346c5dba406457581013f85a873 Mon Sep 17 00:00:00 2001
+From: John Keeping <john@keeping.me.uk>
+Date: Sun, 19 Feb 2017 12:17:05 +0000
+Subject: [PATCH 13/15] parsing: clear query path before starting
+
+By specifying the "url" query parameter multiple times it is possible to
+end up with ctx.qry.vpath set while ctx.repo is null, which triggers an
+invalid code path from cgit_print_pageheader() while printing path
+crumbs, resulting in a null dereference.
+
+The previous patch fixed this segfault, but it makes no sense for us to
+clear ctx.repo while leaving ctx.qry.path set to the previous value, so
+let's just clear it here so that the last "url" parameter given takes
+full effect rather than partially overriding the effect of the previous
+value.
+
+Signed-off-by: John Keeping <john@keeping.me.uk>
+---
+ parsing.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/parsing.c b/parsing.c
+index 9dacb16..b8d7f10 100644
+--- a/parsing.c
++++ b/parsing.c
+@@ -21,6 +21,7 @@ void cgit_parse_url(const char *url)
+ 	struct cgit_repo *repo;
+ 
+ 	ctx.repo = NULL;
++	ctx.qry.page = NULL;
+ 	if (!url || url[0] == '\0')
+ 		return;
+ 
+@@ -53,7 +54,6 @@ void cgit_parse_url(const char *url)
+ 		}
+ 		if (cmd[1])
+ 			ctx.qry.page = xstrdup(cmd + 1);
+-		return;
+ 	}
+ }
+ 
+-- 
+2.14.1
+