bisect: ensure head is non-NULL before using it

bisect_start() calls refs_resolve_ref_unsafe() to resolve HEAD.
When this returns NULL (e.g., HEAD does not exist as a proper
ref), the code falls back to repo_get_oid("HEAD") to try to
resolve the OID directly. If that succeeds, execution continues
with head still set to NULL.

Later, at line 838, head is passed to repo_get_oid() and
starts_with(), both of which dereference the NULL pointer.

The scenario: refs_resolve_ref_unsafe returns NULL but
repo_get_oid succeeds. This can happen when HEAD is a detached
bare OID that the ref backend cannot resolve symbolically (a
potential edge case with the reftable backend) but the OID itself
is valid. In this case, the bisect-start file does not yet exist
(this is a fresh "git bisect start"), so the else branch at line
836 is taken with the NULL head.

Set head to "HEAD" as a fallback when refs_resolve_ref_unsafe
fails but the OID resolves. The subsequent code at line 838 will
then take the first branch (repo_get_oid succeeds, head does not
start with "refs/heads/") and record the OID hex as the start
point, which is the correct behavior for a detached HEAD.

Pointed out by Coverity.

Assisted-by: Claude Opus 4.6
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>

Author: dscho

builtin/bisect.c

@@ -808,9 +808,11 @@ static enum bisect_error bisect_start(struct bisect_terms *terms, int argc,
 	 */
 	head = refs_resolve_ref_unsafe(get_main_ref_store(the_repository),
 				       "HEAD", 0, &head_oid, &flags);
-	if (!head)
+	if (!head) {
 		if (repo_get_oid(the_repository, "HEAD", &head_oid))
 			return error(_("bad HEAD - I need a HEAD"));
+		head = "HEAD";
+	}
 
 	/*
 	 * Check if we are bisecting