Cache‑file handling can corrupt memory / cause crashes #167
Description
Identified by Proton's Lumo AI agent
What the code does
QGit writes a tiny “cache” file that stores pre‑computed dates and other lookup data. When the program shuts down it frees the structures that back this cache, but it never clears the file first. In addition, the code reads the cache back into a fixed‑size buffer (sha[]) without checking that the incoming data actually fits.
Why it’s a fault
If the cache file is partially written (e.g., the program was killed, the disk ran out of space, or the file got truncated), the read routine will copy whatever bytes are there straight into the sha array. That overruns the buffer and corrupts the heap, which later shows up as a segmentation fault or an outright crash (see GitHub issue #69).
Not wiping the file before freeing the in‑memory cache means stale pointers can be dereferenced if the same process later tries to reuse the cache.
Typical symptom
Segmentation fault (core dumped) … git.cpp:2499
or “QGit crashes on some malformed git repos”.
Fix‑point – Clear the cache file (or delete it) before freeing the structures, and add a proper bounds check when reading the SHA string into the fixed‑size array.