Gitea crashes in "code.gitea.io/git/commit_info.go:218 +0x288"

[ganto]

I have a self-hosted gitea instance (currently v1.4.2) where I'm trying to import all my old git repositories. However, I found one that can crash the gitea instance when accessing it through the Web interface:

Jun 18 18:15:51 example.com gitea[13177]: [Macaron] 2018-06-18 18:15:51: Started GET /gentoo for 192.168.10.71
Jun 18 18:15:51 example.com gitea[13177]: [Macaron] 2018-06-18 18:15:51: Completed GET /gentoo 200 OK in 12.11036ms
Jun 18 18:15:54 example.com gitea[13177]: [Macaron] 2018-06-18 18:15:54: Started GET /gentoo/linuxmonk-legacy for 192.168.10.71                                
Jun 18 18:15:54 example.com gitea[13177]: panic: runtime error: slice bounds out of range
Jun 18 18:15:54 example.com gitea[13177]: goroutine 523 [running]:
Jun 18 18:15:54 example.com gitea[13177]: code.gitea.io/gitea/vendor/code.gitea.io/git.newSignatureFromCommitline(0xc4209f4c65, 0x2f, 0x59b, 0x6, 0xffffffffffffffff, 0x6)
Jun 18 18:15:54 example.com gitea[13177]:         /var/tmp/portage/www-apps/gitea-1.4.2/work/gitea-1.4.2/src/code.gitea.io/gitea/vendor/code.gitea.io/git/signature.go:35 +0x460 
Jun 18 18:15:54 example.com gitea[13177]: code.gitea.io/gitea/vendor/code.gitea.io/git.parseCommitData(0xc4209f4c00, 0x103, 0x600, 0xc4209f4c00, 0x103, 0x600) 
Jun 18 18:15:54 example.com gitea[13177]:         /var/tmp/portage/www-apps/gitea-1.4.2/work/gitea-1.4.2/src/code.gitea.io/gitea/vendor/code.gitea.io/git/repo_commit.go:69 +0x347
Jun 18 18:15:54 example.com gitea[13177]: code.gitea.io/gitea/vendor/code.gitea.io/git.(*Repository).getCommit(0xc420bd7d20, 0x16c4d394af667a84, 0xd430b22f4b726107, 0xd430b22f92755719, 0x92755719, 0x0, 0x0)
Jun 18 18:15:54 example.com gitea[13177]:         /var/tmp/portage/www-apps/gitea-1.4.2/work/gitea-1.4.2/src/code.gitea.io/gitea/vendor/code.gitea.io/git/repo_commit.go:113 +0x370
Jun 18 18:15:54 example.com gitea[13177]: code.gitea.io/gitea/vendor/code.gitea.io/git.targetedSearch(0xc420c04550, 0xc421860c00)
Jun 18 18:15:54 example.com gitea[13177]:         /var/tmp/portage/www-apps/gitea-1.4.2/work/gitea-1.4.2/src/code.gitea.io/gitea/vendor/code.gitea.io/git/commit_info.go:93 +0x1fa
Jun 18 18:15:54 example.com gitea[13177]: created by code.gitea.io/gitea/vendor/code.gitea.io/git.getCommitsInfo
Jun 18 18:15:54 example.com gitea[13177]:         /var/tmp/portage/www-apps/gitea-1.4.2/work/gitea-1.4.2/src/code.gitea.io/gitea/vendor/code.gitea.io/git/commit_info.go:218 +0x288

This only happens with this individual repository, so there must be somehow an issue with parsing the git metadata. A regular git client can handle the repository without issue.

I could reproduce the issue on try.gitea.io where I created the commitsegv repository a few minutes ago. If you want to check the logs: Jun 19, 2018 ~08:10h CEST.

The git repository which is able to crash gitea is also available here. To reproduce the bug, enter the URL in a new gitea migrate screen and after the repository is migrated, try to access the Web interface.

If you need more information, please let me know.

[ganto]

After building gitea locally on my machine and starting it directly from the build directory, the following message was giving additional hints to nail down the culprit:

[git-module] /home/user/gitea-repositories/gentoo/linuxmonk-legacy.git: git -c filter.lfs.required= -c filter.lfs.smudge= -c filter.lfs.clean= -c filter.lfs.required= -c 
filter.lfs.smudge= -c filter.lfs.clean= cat-file -p 847a66af94d3c4160761724b2fb230d419577592                                                                              
[git-module] stdout:                                                                                                                                                      
tree a159359744f49a246da1ef076d4c152ab2890791                                                                                                                            
parent fd27eadd7d85ebb13b96e969806027b458427eae                                                                                                                          
author <[email protected]> 1278795400 -0000                                                                                                                   
committer <[email protected]> 1278795400 -0000                                                                                                                
                                                                                                                                                                         
update manifest                                                                                                                                                          
                                                                                                                                                                         
svn path=/portage/; revision=1761                                                                                                                                        
                                                                                                                                                                         
panic: runtime error: slice bounds out of range

This part of the repository was originally converted to git from svn and for an unknown reason is missing the name portion in the author and committer fields.

I'm not super fluent in reading go code, but might it be, that this module is not able to handle this case?