ui-shared: don't print path crumbs without a repo

cgit_print_path_crumbs() can call repolink() which assumes that ctx.repo is non-null. Currently we don't have any commands that set want_vpath without also setting want_repo so it shouldn't be possible to fail this test, but the check in cgit.c is in the wrong order so it is possible to specify a query string like "?p=log&path=foo/bar" to end up here without a valid repository. This was found by American fuzzy lop [0]. [0] http://lcamtuf.coredump.cx/afl/ Signed-off-by: John Keeping <john@keeping.me.uk>
author: John Keeping <john@keeping.me.uk> 2017-02-19 12:27:48 +0000
committer: Lukas Fleischer <lfleischer@lfos.de> 2017-08-10 15:15:56 +0200
commit: fdcd7dc8186e8d928876ae858b7d2d3a87d29453 (patch)
tree: 6aaca987f01bd2bcd3d7f126db5e8ee7cf3f0d06 /ui-shared.c
parent: filter: set environment variable PYTHONIOENCODING to utf-8 (diff)
download: cgit-fdcd7dc8186e8d928876ae858b7d2d3a87d29453.tar.gz
cgit-fdcd7dc8186e8d928876ae858b7d2d3a87d29453.tar.bz2
cgit-fdcd7dc8186e8d928876ae858b7d2d3a87d29453.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/ui-shared.c b/ui-shared.c
index 2e4fcd9..e5c9a02 100644
--- a/ui-shared.c
+++ b/ui-shared.c
@@ -1039,7 +1039,7 @@ void cgit_print_pageheader(void)
 		free(currenturl);
 	}
 	html("</td></tr></table>\n");
-	if (ctx.env.authenticated && ctx.qry.vpath) {
+	if (ctx.env.authenticated && ctx.repo && ctx.qry.vpath) {
 		html("<div class='path'>");
 		html("path: ");
 		cgit_print_path_crumbs(ctx.qry.vpath);
author	John Keeping <john@keeping.me.uk>	2017-02-19 12:27:48 +0000
committer	Lukas Fleischer <lfleischer@lfos.de>	2017-08-10 15:15:56 +0200
commit	fdcd7dc8186e8d928876ae858b7d2d3a87d29453 (patch)
tree	6aaca987f01bd2bcd3d7f126db5e8ee7cf3f0d06 /ui-shared.c
parent	filter: set environment variable PYTHONIOENCODING to utf-8 (diff)
download	cgit-fdcd7dc8186e8d928876ae858b7d2d3a87d29453.tar.gz cgit-fdcd7dc8186e8d928876ae858b7d2d3a87d29453.tar.bz2 cgit-fdcd7dc8186e8d928876ae858b7d2d3a87d29453.zip