[PATCH 1/3] refs.c: ensure struct whose member may be passed to realloc is initialized

git@vger.kernel.org mailing list mirror (one of many)
 help / color / mirror / code / Atom feed

* [PATCH 1/3] refs.c: ensure struct whose member may be passed to realloc is initialized
       [not found] <3k7giKa3PkJZo51iAXivXCFEZpYY2WC3depjtuvksrCQPax7dSLVCXpMlqLxWtZfSp6P10yMhMg@cipher.nrlssc.navy.mil>
@ 2011-10-08  3:20 ` Brandon Casey
  2011-10-08  3:20 ` [PATCH 2/3] refs.c: abort ref search if ref array is empty Brandon Casey
  2011-10-08  3:20 ` [PATCH 3/3] refs.c: free duplicate entries in the ref array instead of leaking them Brandon Casey
  2 siblings, 0 replies; 3+ messages in thread
From: Brandon Casey @ 2011-10-08  3:20 UTC (permalink / raw
  To: git; +Cc: julian, Brandon Casey

From: Brandon Casey <drafnel@gmail.com>

The variable "refs" is allocated on the stack but is not initialized.  It
is passed to read_packed_refs(), and its struct members may eventually be
passed to add_ref() and ALLOC_GROW().  Since the structure has not been
initialized, its members may contain random non-zero values.  So let's
initialize it.

The call sequence looks something like this:

   resolve_gitlink_packed_ref(...) {

       struct cached_refs refs;
       ...
       read_packed_refs(f, &refs);
       ...
   }

   read_packed_refs(FILE*, struct cached_refs *cached_refs) {
       ...
       add_ref(name, sha1, flag, &cached_refs->packed, &last);
       ...
   }

   add_ref(..., struct ref_array *refs, struct ref_entry **) {
       ...
       ALLOC_GROW(refs->refs, refs->nr + 1, refs->alloc);
   }

Signed-off-by: Brandon Casey <casey@nrlssc.navy.mil>
---
 refs.c |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/refs.c b/refs.c
index 5835b40..c31b461 100644
--- a/refs.c
+++ b/refs.c
@@ -360,6 +360,7 @@ static int resolve_gitlink_packed_ref(char *name, int pathlen, const char *refna
 	f = fopen(name, "r");
 	if (!f)
 		return -1;
+	memset(&refs, 0, sizeof(refs));
 	read_packed_refs(f, &refs);
 	fclose(f);
 	ref = search_ref_array(&refs.packed, refname);
-- 
1.7.7

^ permalink raw reply related	[flat|nested] 3+ messages in thread

* [PATCH 2/3] refs.c: abort ref search if ref array is empty
       [not found] <3k7giKa3PkJZo51iAXivXCFEZpYY2WC3depjtuvksrCQPax7dSLVCXpMlqLxWtZfSp6P10yMhMg@cipher.nrlssc.navy.mil>
  2011-10-08  3:20 ` [PATCH 1/3] refs.c: ensure struct whose member may be passed to realloc is initialized Brandon Casey
@ 2011-10-08  3:20 ` Brandon Casey
  2011-10-08  3:20 ` [PATCH 3/3] refs.c: free duplicate entries in the ref array instead of leaking them Brandon Casey
  2 siblings, 0 replies; 3+ messages in thread
From: Brandon Casey @ 2011-10-08  3:20 UTC (permalink / raw
  To: git; +Cc: julian, Brandon Casey

From: Brandon Casey <drafnel@gmail.com>

The bsearch() implementation on IRIX 6.5 segfaults if it is passed NULL
for the base array argument even if number-of-elements is zero.  So, let's
work around it by detecting an empty array and aborting early.

This is a useful optimization in its own right anyway, since we avoid a
useless allocation and initialization of the ref_entry when the ref array
is empty.

Signed-off-by: Brandon Casey <casey@nrlssc.navy.mil>
---
 refs.c |    3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)

diff --git a/refs.c b/refs.c
index c31b461..cbc4c5d 100644
--- a/refs.c
+++ b/refs.c
@@ -110,6 +110,9 @@ static struct ref_entry *search_ref_array(struct ref_array *array, const char *n
 	if (name == NULL)
 		return NULL;
 
+	if (!array->nr)
+		return NULL;
+
 	len = strlen(name) + 1;
 	e = xmalloc(sizeof(struct ref_entry) + len);
 	memcpy(e->name, name, len);
-- 
1.7.7

^ permalink raw reply related	[flat|nested] 3+ messages in thread

* [PATCH 3/3] refs.c: free duplicate entries in the ref array instead of leaking them
       [not found] <3k7giKa3PkJZo51iAXivXCFEZpYY2WC3depjtuvksrCQPax7dSLVCXpMlqLxWtZfSp6P10yMhMg@cipher.nrlssc.navy.mil>
  2011-10-08  3:20 ` [PATCH 1/3] refs.c: ensure struct whose member may be passed to realloc is initialized Brandon Casey
  2011-10-08  3:20 ` [PATCH 2/3] refs.c: abort ref search if ref array is empty Brandon Casey
@ 2011-10-08  3:20 ` Brandon Casey
  2 siblings, 0 replies; 3+ messages in thread
From: Brandon Casey @ 2011-10-08  3:20 UTC (permalink / raw
  To: git; +Cc: julian, Brandon Casey

From: Brandon Casey <drafnel@gmail.com>


Signed-off-by: Brandon Casey <casey@nrlssc.navy.mil>
---
 refs.c |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/refs.c b/refs.c
index cbc4c5d..df39297 100644
--- a/refs.c
+++ b/refs.c
@@ -94,6 +94,7 @@ static void sort_ref_array(struct ref_array *array)
 				die("Duplicated ref, and SHA1s don't match: %s",
 				    a->name);
 			warning("Duplicated ref: %s", a->name);
+			free(b);
 			continue;
 		}
 		i++;
-- 
1.7.7

^ permalink raw reply related	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2011-10-08  3:21 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
     [not found] <3k7giKa3PkJZo51iAXivXCFEZpYY2WC3depjtuvksrCQPax7dSLVCXpMlqLxWtZfSp6P10yMhMg@cipher.nrlssc.navy.mil>
2011-10-08  3:20 ` [PATCH 1/3] refs.c: ensure struct whose member may be passed to realloc is initialized Brandon Casey
2011-10-08  3:20 ` [PATCH 2/3] refs.c: abort ref search if ref array is empty Brandon Casey
2011-10-08  3:20 ` [PATCH 3/3] refs.c: free duplicate entries in the ref array instead of leaking them Brandon Casey

Code repositories for project(s) associated with this public inbox

	https://80x24.org/mirrors/git.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).