From 9b262f6b972e71c86048224598aa9fa951f0341c Mon Sep 17 00:00:00 2001
From: Johannes Altmanninger <aclopte@gmail.com>
Date: Sat, 24 Jul 2021 11:21:19 +0200
Subject: [PATCH 1/2] Fix null dereferences on unset state variable

Tig knows three kinds of state variables that encode different
information:
1. the state of the view (ARGV_ENV_INFO), like %(commit)
2. the state of the worktree (REPO_INFO), like %(repo:head)
3. the arguments given on the commandline, like %(fileargs)

The values exposed by the first two kinds are never null,
but most of the third kind default to null.

Prior to this commit when trying to format a null value,
argv_format() reported success but left the output string
as null. Fix this by writing the empty string in format_append_argv(),
because current callers (echo) don't really care about the difference
between empty and null.

Reproduce the null dereferences with

	:!%(fileargs)
	:echo %(fileargs)

Surprisingly to me, this did not break this example:

	bind generic aaa !sh -c 'printf "%s\n" "$@" | wc -l' -- line1 %(fileargs) line2
	# still prints 2

because of the early return in argv_appendn().

In future we should also fix format_append_arg(), which currently
fails on

	:echo "%(fileargs)"

because format_expand_arg() does not receive variables like
%(fileargs).
---
 src/argv.c                        |  2 +-
 test/regressions/github-1136-test | 43 +++++++++++++++++++++++++++++++
 2 files changed, 44 insertions(+), 1 deletion(-)
 create mode 100755 test/regressions/github-1136-test

diff --git a/src/argv.c b/src/argv.c
index de0bcf43e..9885a16b4 100644
--- a/src/argv.c
+++ b/src/argv.c
@@ -361,7 +361,7 @@ format_append_argv(struct format_context *format, const char ***dst_argv, const
 	int argc;
 
 	if (!src_argv)
-		return true;
+		return argv_append(dst_argv, "");
 
 	for (argc = 0; src_argv[argc]; argc++)
 		if (!format_append_arg(format, dst_argv, src_argv[argc]))
diff --git a/test/regressions/github-1136-test b/test/regressions/github-1136-test
new file mode 100755
index 000000000..e8cc5de59
--- /dev/null
+++ b/test/regressions/github-1136-test
@@ -0,0 +1,43 @@
+#!/bin/sh
+
+. libtest.sh
+. libgit.sh
+
+LINES=10
+
+in_work_dir create_repo_from_tgz "$base_dir/files/scala-js-benchmarks.tgz"
+
+# This runs an empty command, hence the empty pager.
+test_case bang-cmdlineargs-doesnt-crash \
+	--args='status' \
+	--script='
+	:!%(cmdlineargs)
+	' <<EOF
+
+
+
+
+
+
+
+
+[pager]                                                                       0%
+EOF
+
+test_case echo-cmdlineargs-doesnt-crash \
+	--args='status' \
+	--script='
+	:echo %(cmdlineargs)
+	' <<EOF
+On branch master
+Changes to be committed:
+  (no files)
+Changes not staged for commit:
+  (no files)
+Untracked files:
+  (no files)
+
+[status] Nothing to update                                                  100%
+EOF
+
+run_test_cases

From a0506d95e61a420e3761269fcd9b5d38c40901a1 Mon Sep 17 00:00:00 2001
From: Johannes Altmanninger <aclopte@gmail.com>
Date: Tue, 14 Sep 2021 21:18:20 +0200
Subject: [PATCH 2/2] Simplify return expression that is implied by loop
 invariant.

---
 src/argv.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/argv.c b/src/argv.c
index 9885a16b4..5ba7fc175 100644
--- a/src/argv.c
+++ b/src/argv.c
@@ -367,7 +367,7 @@ format_append_argv(struct format_context *format, const char ***dst_argv, const
 		if (!format_append_arg(format, dst_argv, src_argv[argc]))
 			return false;
 
-	return src_argv[argc] == NULL;
+	return true;
 }
 
 static bool