* [PATCH 1/2] am: plug small memory leak when split_mail_stgit_series() fails
@ 2016-05-11 23:35 Junio C Hamano
2016-05-11 23:35 ` [PATCH 2/2] am: plug FILE * leak in split_mail_conv() Junio C Hamano
0 siblings, 1 reply; 8+ messages in thread
From: Junio C Hamano @ 2016-05-11 23:35 UTC (permalink / raw)
To: git
Signed-off-by: Junio C Hamano <gitster@pobox.com>
---
builtin/am.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/builtin/am.c b/builtin/am.c
index ec75906..f1a84c6 100644
--- a/builtin/am.c
+++ b/builtin/am.c
@@ -842,9 +842,11 @@ static int split_mail_stgit_series(struct am_state *state, const char **paths,
series_dir = dirname(series_dir_buf);
fp = fopen(*paths, "r");
- if (!fp)
+ if (!fp) {
+ free(series_dir_buf);
return error(_("could not open '%s' for reading: %s"), *paths,
strerror(errno));
+ }
while (!strbuf_getline(&sb, fp, '\n')) {
if (*sb.buf == '#')
--
2.8.2-679-g91c6421
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH 2/2] am: plug FILE * leak in split_mail_conv()
2016-05-11 23:35 [PATCH 1/2] am: plug small memory leak when split_mail_stgit_series() fails Junio C Hamano
@ 2016-05-11 23:35 ` Junio C Hamano
2016-05-12 4:47 ` Jeff King
0 siblings, 1 reply; 8+ messages in thread
From: Junio C Hamano @ 2016-05-11 23:35 UTC (permalink / raw)
To: git
Signed-off-by: Junio C Hamano <gitster@pobox.com>
---
builtin/am.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/builtin/am.c b/builtin/am.c
index f1a84c6..a373928 100644
--- a/builtin/am.c
+++ b/builtin/am.c
@@ -761,9 +761,11 @@ static int split_mail_conv(mail_conv_fn fn, struct am_state *state,
mail = mkpath("%s/%0*d", state->dir, state->prec, i + 1);
out = fopen(mail, "w");
- if (!out)
+ if (!out) {
+ fclose(in);
return error(_("could not open '%s' for writing: %s"),
mail, strerror(errno));
+ }
ret = fn(out, in, keep_cr);
--
2.8.2-679-g91c6421
^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [PATCH 2/2] am: plug FILE * leak in split_mail_conv()
2016-05-11 23:35 ` [PATCH 2/2] am: plug FILE * leak in split_mail_conv() Junio C Hamano
@ 2016-05-12 4:47 ` Jeff King
2016-05-12 5:23 ` Mikael Magnusson
` (2 more replies)
0 siblings, 3 replies; 8+ messages in thread
From: Jeff King @ 2016-05-12 4:47 UTC (permalink / raw)
To: Junio C Hamano; +Cc: git
On Wed, May 11, 2016 at 04:35:46PM -0700, Junio C Hamano wrote:
> Signed-off-by: Junio C Hamano <gitster@pobox.com>
> ---
> builtin/am.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/builtin/am.c b/builtin/am.c
> index f1a84c6..a373928 100644
> --- a/builtin/am.c
> +++ b/builtin/am.c
> @@ -761,9 +761,11 @@ static int split_mail_conv(mail_conv_fn fn, struct am_state *state,
> mail = mkpath("%s/%0*d", state->dir, state->prec, i + 1);
>
> out = fopen(mail, "w");
> - if (!out)
> + if (!out) {
> + fclose(in);
> return error(_("could not open '%s' for writing: %s"),
> mail, strerror(errno));
> + }
Presumably `fclose` doesn't ever overwrite errno in practice, but I
guess it could in theory.
I also found it weird that we might fclose(stdin) via this line, but
that matches what happens in the non-error path, so I guess it's OK?
-Peff
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH 2/2] am: plug FILE * leak in split_mail_conv()
2016-05-12 4:47 ` Jeff King
@ 2016-05-12 5:23 ` Mikael Magnusson
2016-05-12 5:29 ` Jeff King
2016-05-12 7:59 ` Eric Wong
2016-05-12 15:59 ` Junio C Hamano
2 siblings, 1 reply; 8+ messages in thread
From: Mikael Magnusson @ 2016-05-12 5:23 UTC (permalink / raw)
To: Jeff King; +Cc: Junio C Hamano, git
On Thu, May 12, 2016 at 6:47 AM, Jeff King <peff@peff.net> wrote:
> On Wed, May 11, 2016 at 04:35:46PM -0700, Junio C Hamano wrote:
>
>> Signed-off-by: Junio C Hamano <gitster@pobox.com>
>> ---
>> builtin/am.c | 4 +++-
>> 1 file changed, 3 insertions(+), 1 deletion(-)
>>
>> diff --git a/builtin/am.c b/builtin/am.c
>> index f1a84c6..a373928 100644
>> --- a/builtin/am.c
>> +++ b/builtin/am.c
>> @@ -761,9 +761,11 @@ static int split_mail_conv(mail_conv_fn fn, struct am_state *state,
>> mail = mkpath("%s/%0*d", state->dir, state->prec, i + 1);
>>
>> out = fopen(mail, "w");
>> - if (!out)
>> + if (!out) {
>> + fclose(in);
>> return error(_("could not open '%s' for writing: %s"),
>> mail, strerror(errno));
>> + }
>
> Presumably `fclose` doesn't ever overwrite errno in practice, but I
> guess it could in theory.
It probably does pretty often in general, but not when the file is
opened for input only.
--
Mikael Magnusson
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH 2/2] am: plug FILE * leak in split_mail_conv()
2016-05-12 5:23 ` Mikael Magnusson
@ 2016-05-12 5:29 ` Jeff King
0 siblings, 0 replies; 8+ messages in thread
From: Jeff King @ 2016-05-12 5:29 UTC (permalink / raw)
To: Mikael Magnusson; +Cc: Junio C Hamano, git
On Thu, May 12, 2016 at 07:23:02AM +0200, Mikael Magnusson wrote:
> >> - if (!out)
> >> + if (!out) {
> >> + fclose(in);
> >> return error(_("could not open '%s' for writing: %s"),
> >> mail, strerror(errno));
> >> + }
> >
> > Presumably `fclose` doesn't ever overwrite errno in practice, but I
> > guess it could in theory.
>
> It probably does pretty often in general, but not when the file is
> opened for input only.
Right, I should have said "this fclose".
I think EBADF is the only likely error when closing input, and that's
presumably impossible here.
-Peff
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH 2/2] am: plug FILE * leak in split_mail_conv()
2016-05-12 4:47 ` Jeff King
2016-05-12 5:23 ` Mikael Magnusson
@ 2016-05-12 7:59 ` Eric Wong
2016-05-12 8:03 ` Jeff King
2016-05-12 15:59 ` Junio C Hamano
2 siblings, 1 reply; 8+ messages in thread
From: Eric Wong @ 2016-05-12 7:59 UTC (permalink / raw)
To: Jeff King; +Cc: Junio C Hamano, git
Jeff King <peff@peff.net> wrote:
> On Wed, May 11, 2016 at 04:35:46PM -0700, Junio C Hamano wrote:
> > +++ b/builtin/am.c
> > @@ -761,9 +761,11 @@ static int split_mail_conv(mail_conv_fn fn, struct am_state *state,
> > mail = mkpath("%s/%0*d", state->dir, state->prec, i + 1);
> >
> > out = fopen(mail, "w");
> > - if (!out)
> > + if (!out) {
> > + fclose(in);
> > return error(_("could not open '%s' for writing: %s"),
> > mail, strerror(errno));
> > + }
>
> Presumably `fclose` doesn't ever overwrite errno in practice, but I
> guess it could in theory.
I think both patches in this series would benefit from capturing
errno before cleanup. `fclose` can call `free`, and `free` could
do any manner of things such as calling `madvise` with a flag
not implemented in the running kernel, or failing an optional
trylock without being fatal.
There's lots of non-standard malloc implementations out there :)
So I'm not sure if there's ever a guarantee that a non-error
function call preserves `errno`.
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH 2/2] am: plug FILE * leak in split_mail_conv()
2016-05-12 7:59 ` Eric Wong
@ 2016-05-12 8:03 ` Jeff King
0 siblings, 0 replies; 8+ messages in thread
From: Jeff King @ 2016-05-12 8:03 UTC (permalink / raw)
To: Eric Wong; +Cc: Junio C Hamano, git
On Thu, May 12, 2016 at 07:59:39AM +0000, Eric Wong wrote:
> I think both patches in this series would benefit from capturing
> errno before cleanup. `fclose` can call `free`, and `free` could
> do any manner of things such as calling `madvise` with a flag
> not implemented in the running kernel, or failing an optional
> trylock without being fatal.
>
> There's lots of non-standard malloc implementations out there :)
>
> So I'm not sure if there's ever a guarantee that a non-error
> function call preserves `errno`.
Good point. This came up not too long ago in:
http://article.gmane.org/gmane.comp.version-control.git/286460
I believe POSIX does say that non-error calls should preserve errno, but
all the world is not POSIX. And a future POSIX will mandate that `free`
should not touch errno, but it's not the future yet (and also, all the
world's not POSIX).
-Peff
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH 2/2] am: plug FILE * leak in split_mail_conv()
2016-05-12 4:47 ` Jeff King
2016-05-12 5:23 ` Mikael Magnusson
2016-05-12 7:59 ` Eric Wong
@ 2016-05-12 15:59 ` Junio C Hamano
2 siblings, 0 replies; 8+ messages in thread
From: Junio C Hamano @ 2016-05-12 15:59 UTC (permalink / raw)
To: Jeff King; +Cc: git
Jeff King <peff@peff.net> writes:
> Presumably `fclose` doesn't ever overwrite errno in practice, but I
> guess it could in theory.
Yeah, these two patches share the same issue.
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2016-05-12 15:59 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-05-11 23:35 [PATCH 1/2] am: plug small memory leak when split_mail_stgit_series() fails Junio C Hamano
2016-05-11 23:35 ` [PATCH 2/2] am: plug FILE * leak in split_mail_conv() Junio C Hamano
2016-05-12 4:47 ` Jeff King
2016-05-12 5:23 ` Mikael Magnusson
2016-05-12 5:29 ` Jeff King
2016-05-12 7:59 ` Eric Wong
2016-05-12 8:03 ` Jeff King
2016-05-12 15:59 ` Junio C Hamano
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).