git: fix use-after-free in warnx call - gout - A static git page generator

commit 0f6d984c872f0010e8ed85fde9104e809077109d
parent 453dd3ce534a8d94595914e035ff33629f3249b7
Author: Chris Bracken <chris@bracken.jp>
Date:   Fri, 20 Feb 2026 15:29:16 +0900

git: fix use-after-free in warnx call

Diffstat:
M src/git/git.c  | 6 ++++--

1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/git/git.c b/src/git/git.c
@@ -174,12 +174,14 @@ static void libgit2_for_each_reference(Git* git,
       git_reference_free(current);
       continue;
     }
+    char* refname = estrdup(git_reference_shorthand(current));
     GitReference* ref = gitreference_create(repo, current);
     if (!ref) {
-      warnx("skipping reference with missing target: %s",
-            git_reference_shorthand(current));
+      warnx("skipping reference with missing target: %s", refname);
+      free(refname);
       continue;
     }
+    free(refname);
     repos = reallocarray(repos, repos_len + 1, sizeof(GitReference*));
     if (!repos) {
       err(1, "reallocarray");

	gout A static git page generator
	git clone https://git.bracken.jp/gout.git
	Log \| Files \| Refs \| README \| LICENSE