)]}'
{
  "commit": "5f1ddcc6d53fae583aa833abad8b3d22ecf237ca",
  "tree": "fe8bfb73898e32b4663af166095b94c83c5406c0",
  "parents": [
    "6a583cf833041d08f3b6bbd3c9193e1c0545919a"
  ],
  "author": {
    "name": "YLChen-007",
    "email": "1561316811@qq.com",
    "time": "Mon Apr 13 07:56:13 2026"
  },
  "committer": {
    "name": "David Neto",
    "email": "dneto@google.com",
    "time": "Tue Jun 02 18:34:35 2026"
  },
  "message": "Fix null pointer dereference in DependencyInfoDumpingHandler\n\nAdd a null check for the return value of GetOutputStream() in\ndependency_info.cc before dereferencing the stream pointer. When\nGetOutputStream() fails to open the output file (e.g., due to\npermission errors, full disk, or non-existent directory), it returns\nnullptr. The code previously unconditionally dereferenced this pointer,\ncausing a segmentation fault (SIGSEGV).\n\nThis is the same vulnerability pattern that was fixed in\nfile_compiler.cc (commit 1d97901), but was missed in the\ndependency_info.cc code path. The fix follows the identical pattern:\ncheck the pointer for null before use and return false on failure.\n\nBug: Null pointer dereference when glslc is invoked with -MD flag\nand the dependency info output file cannot be opened for writing.\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "2f1ef2f4a446669c3c6e7565ebab08eaa0066e4f",
      "old_mode": 33188,
      "old_path": "glslc/src/dependency_info.cc",
      "new_id": "1ba3afb9cdab0ab91f3864ae2172e706e2cbe474",
      "new_mode": 33188,
      "new_path": "glslc/src/dependency_info.cc"
    },
    {
      "type": "modify",
      "old_id": "e32ff0720062f81ef45c6626b79fd86bb73ec00d",
      "old_mode": 33188,
      "old_path": "glslc/test/option_dash_M.py",
      "new_id": "39091c0d4b0acad74618e496e27c5d11fcccf037",
      "new_mode": 33188,
      "new_path": "glslc/test/option_dash_M.py"
    }
  ]
}