* [PATCH 1/3] refs.c: ensure struct whose member may be passed to realloc is initialized
[not found] <3k7giKa3PkJZo51iAXivXCFEZpYY2WC3depjtuvksrCQPax7dSLVCXpMlqLxWtZfSp6P10yMhMg@cipher.nrlssc.navy.mil>
@ 2011-10-08 3:20 ` Brandon Casey
2011-10-08 3:20 ` [PATCH 2/3] refs.c: abort ref search if ref array is empty Brandon Casey
2011-10-08 3:20 ` [PATCH 3/3] refs.c: free duplicate entries in the ref array instead of leaking them Brandon Casey
2 siblings, 0 replies; 3+ messages in thread
From: Brandon Casey @ 2011-10-08 3:20 UTC (permalink / raw
To: git; +Cc: julian, Brandon Casey
From: Brandon Casey <drafnel@gmail.com>
The variable "refs" is allocated on the stack but is not initialized. It
is passed to read_packed_refs(), and its struct members may eventually be
passed to add_ref() and ALLOC_GROW(). Since the structure has not been
initialized, its members may contain random non-zero values. So let's
initialize it.
The call sequence looks something like this:
resolve_gitlink_packed_ref(...) {
struct cached_refs refs;
...
read_packed_refs(f, &refs);
...
}
read_packed_refs(FILE*, struct cached_refs *cached_refs) {
...
add_ref(name, sha1, flag, &cached_refs->packed, &last);
...
}
add_ref(..., struct ref_array *refs, struct ref_entry **) {
...
ALLOC_GROW(refs->refs, refs->nr + 1, refs->alloc);
}
Signed-off-by: Brandon Casey <casey@nrlssc.navy.mil>
---
refs.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/refs.c b/refs.c
index 5835b40..c31b461 100644
--- a/refs.c
+++ b/refs.c
@@ -360,6 +360,7 @@ static int resolve_gitlink_packed_ref(char *name, int pathlen, const char *refna
f = fopen(name, "r");
if (!f)
return -1;
+ memset(&refs, 0, sizeof(refs));
read_packed_refs(f, &refs);
fclose(f);
ref = search_ref_array(&refs.packed, refname);
--
1.7.7
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [PATCH 2/3] refs.c: abort ref search if ref array is empty
[not found] <3k7giKa3PkJZo51iAXivXCFEZpYY2WC3depjtuvksrCQPax7dSLVCXpMlqLxWtZfSp6P10yMhMg@cipher.nrlssc.navy.mil>
2011-10-08 3:20 ` [PATCH 1/3] refs.c: ensure struct whose member may be passed to realloc is initialized Brandon Casey
@ 2011-10-08 3:20 ` Brandon Casey
2011-10-08 3:20 ` [PATCH 3/3] refs.c: free duplicate entries in the ref array instead of leaking them Brandon Casey
2 siblings, 0 replies; 3+ messages in thread
From: Brandon Casey @ 2011-10-08 3:20 UTC (permalink / raw
To: git; +Cc: julian, Brandon Casey
From: Brandon Casey <drafnel@gmail.com>
The bsearch() implementation on IRIX 6.5 segfaults if it is passed NULL
for the base array argument even if number-of-elements is zero. So, let's
work around it by detecting an empty array and aborting early.
This is a useful optimization in its own right anyway, since we avoid a
useless allocation and initialization of the ref_entry when the ref array
is empty.
Signed-off-by: Brandon Casey <casey@nrlssc.navy.mil>
---
refs.c | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)
diff --git a/refs.c b/refs.c
index c31b461..cbc4c5d 100644
--- a/refs.c
+++ b/refs.c
@@ -110,6 +110,9 @@ static struct ref_entry *search_ref_array(struct ref_array *array, const char *n
if (name == NULL)
return NULL;
+ if (!array->nr)
+ return NULL;
+
len = strlen(name) + 1;
e = xmalloc(sizeof(struct ref_entry) + len);
memcpy(e->name, name, len);
--
1.7.7
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [PATCH 3/3] refs.c: free duplicate entries in the ref array instead of leaking them
[not found] <3k7giKa3PkJZo51iAXivXCFEZpYY2WC3depjtuvksrCQPax7dSLVCXpMlqLxWtZfSp6P10yMhMg@cipher.nrlssc.navy.mil>
2011-10-08 3:20 ` [PATCH 1/3] refs.c: ensure struct whose member may be passed to realloc is initialized Brandon Casey
2011-10-08 3:20 ` [PATCH 2/3] refs.c: abort ref search if ref array is empty Brandon Casey
@ 2011-10-08 3:20 ` Brandon Casey
2 siblings, 0 replies; 3+ messages in thread
From: Brandon Casey @ 2011-10-08 3:20 UTC (permalink / raw
To: git; +Cc: julian, Brandon Casey
From: Brandon Casey <drafnel@gmail.com>
Signed-off-by: Brandon Casey <casey@nrlssc.navy.mil>
---
refs.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/refs.c b/refs.c
index cbc4c5d..df39297 100644
--- a/refs.c
+++ b/refs.c
@@ -94,6 +94,7 @@ static void sort_ref_array(struct ref_array *array)
die("Duplicated ref, and SHA1s don't match: %s",
a->name);
warning("Duplicated ref: %s", a->name);
+ free(b);
continue;
}
i++;
--
1.7.7
^ permalink raw reply related [flat|nested] 3+ messages in thread
end of thread, other threads:[~2011-10-08 3:21 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <3k7giKa3PkJZo51iAXivXCFEZpYY2WC3depjtuvksrCQPax7dSLVCXpMlqLxWtZfSp6P10yMhMg@cipher.nrlssc.navy.mil>
2011-10-08 3:20 ` [PATCH 1/3] refs.c: ensure struct whose member may be passed to realloc is initialized Brandon Casey
2011-10-08 3:20 ` [PATCH 2/3] refs.c: abort ref search if ref array is empty Brandon Casey
2011-10-08 3:20 ` [PATCH 3/3] refs.c: free duplicate entries in the ref array instead of leaking them Brandon Casey
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).