* [PATCH] rerere: fix memory leak if rerere images can't be read
@ 2010-02-23 20:11 Bert Wesarg
2010-02-23 21:26 ` Johannes Schindelin
0 siblings, 1 reply; 5+ messages in thread
From: Bert Wesarg @ 2010-02-23 20:11 UTC (permalink / raw
To: Johannes Schindelin; +Cc: Bert Wesarg, Junio C Hamano, git
Signed-off-by: Bert Wesarg <bert.wesarg@googlemail.com>
---
rerere.c | 6 ++++--
1 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/rerere.c b/rerere.c
index d1d3e75..9ca4cb8 100644
--- a/rerere.c
+++ b/rerere.c
@@ -364,16 +364,17 @@ static int find_conflict(struct string_list *conflict)
static int merge(const char *name, const char *path)
{
int ret;
- mmfile_t cur, base, other;
+ mmfile_t cur = {NULL, 0}, base = {NULL, 0}, other = {NULL, 0};
mmbuffer_t result = {NULL, 0};
if (handle_file(path, NULL, rerere_path(name, "thisimage")) < 0)
return 1;
+ ret = 1;
if (read_mmfile(&cur, rerere_path(name, "thisimage")) ||
read_mmfile(&base, rerere_path(name, "preimage")) ||
read_mmfile(&other, rerere_path(name, "postimage")))
- return 1;
+ goto out;
ret = ll_merge(&result, path, &base, &cur, "", &other, "", 0);
if (!ret) {
FILE *f = fopen(path, "w");
@@ -387,6 +388,7 @@ static int merge(const char *name, const char *path)
strerror(errno));
}
+out:
free(cur.ptr);
free(base.ptr);
free(other.ptr);
--
1.7.0.500.ge51cb
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH] rerere: fix memory leak if rerere images can't be read
2010-02-23 20:11 [PATCH] rerere: fix memory leak if rerere images can't be read Bert Wesarg
@ 2010-02-23 21:26 ` Johannes Schindelin
2010-02-23 21:56 ` Bert Wesarg
0 siblings, 1 reply; 5+ messages in thread
From: Johannes Schindelin @ 2010-02-23 21:26 UTC (permalink / raw
To: Bert Wesarg; +Cc: Junio C Hamano, git
Hi,
On Tue, 23 Feb 2010, Bert Wesarg wrote:
> Signed-off-by: Bert Wesarg <bert.wesarg@googlemail.com>
> ---
> rerere.c | 6 ++++--
> 1 files changed, 4 insertions(+), 2 deletions(-)
Looks good to me, except...
> diff --git a/rerere.c b/rerere.c
> index d1d3e75..9ca4cb8 100644
> --- a/rerere.c
> +++ b/rerere.c
> @@ -364,16 +364,17 @@ static int find_conflict(struct string_list *conflict)
> static int merge(const char *name, const char *path)
> {
> int ret;
> - mmfile_t cur, base, other;
> + mmfile_t cur = {NULL, 0}, base = {NULL, 0}, other = {NULL, 0};
> mmbuffer_t result = {NULL, 0};
>
> if (handle_file(path, NULL, rerere_path(name, "thisimage")) < 0)
> return 1;
>
> + ret = 1;
This initialization can come earlier, at declaration time.
> if (read_mmfile(&cur, rerere_path(name, "thisimage")) ||
> read_mmfile(&base, rerere_path(name, "preimage")) ||
> read_mmfile(&other, rerere_path(name, "postimage")))
> - return 1;
> + goto out;
> ret = ll_merge(&result, path, &base, &cur, "", &other, "", 0);
> if (!ret) {
> FILE *f = fopen(path, "w");
Ciao,
Dscho
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] rerere: fix memory leak if rerere images can't be read
2010-02-23 21:26 ` Johannes Schindelin
@ 2010-02-23 21:56 ` Bert Wesarg
2010-02-23 22:12 ` Johannes Schindelin
2010-02-23 22:53 ` Junio C Hamano
0 siblings, 2 replies; 5+ messages in thread
From: Bert Wesarg @ 2010-02-23 21:56 UTC (permalink / raw
To: Johannes Schindelin; +Cc: Junio C Hamano, git
On Tue, Feb 23, 2010 at 22:26, Johannes Schindelin
<Johannes.Schindelin@gmx.de> wrote:
> Hi,
>
> On Tue, 23 Feb 2010, Bert Wesarg wrote:
>
>> Signed-off-by: Bert Wesarg <bert.wesarg@googlemail.com>
>> ---
>> rerere.c | 6 ++++--
>> 1 files changed, 4 insertions(+), 2 deletions(-)
>
> Looks good to me, except...
>
>> diff --git a/rerere.c b/rerere.c
>> index d1d3e75..9ca4cb8 100644
>> --- a/rerere.c
>> +++ b/rerere.c
>> @@ -364,16 +364,17 @@ static int find_conflict(struct string_list *conflict)
>> static int merge(const char *name, const char *path)
>> {
>> int ret;
>> - mmfile_t cur, base, other;
>> + mmfile_t cur = {NULL, 0}, base = {NULL, 0}, other = {NULL, 0};
>> mmbuffer_t result = {NULL, 0};
>>
>> if (handle_file(path, NULL, rerere_path(name, "thisimage")) < 0)
>> return 1;
>>
>> + ret = 1;
>
> This initialization can come earlier, at declaration time.
I thought about it, but I think it is clearer to put just in front of
the condition which may fail.
Bye,
Bert
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] rerere: fix memory leak if rerere images can't be read
2010-02-23 21:56 ` Bert Wesarg
@ 2010-02-23 22:12 ` Johannes Schindelin
2010-02-23 22:53 ` Junio C Hamano
1 sibling, 0 replies; 5+ messages in thread
From: Johannes Schindelin @ 2010-02-23 22:12 UTC (permalink / raw
To: Bert Wesarg; +Cc: Junio C Hamano, git
[-- Attachment #1: Type: TEXT/PLAIN, Size: 1338 bytes --]
Hi,
On Tue, 23 Feb 2010, Bert Wesarg wrote:
> On Tue, Feb 23, 2010 at 22:26, Johannes Schindelin
> <Johannes.Schindelin@gmx.de> wrote:
>
> > On Tue, 23 Feb 2010, Bert Wesarg wrote:
> >
> >> Signed-off-by: Bert Wesarg <bert.wesarg@googlemail.com>
> >> ---
> >> rerere.c | 6 ++++--
> >> 1 files changed, 4 insertions(+), 2 deletions(-)
> >
> > Looks good to me, except...
> >
> >> diff --git a/rerere.c b/rerere.c
> >> index d1d3e75..9ca4cb8 100644
> >> --- a/rerere.c
> >> +++ b/rerere.c
> >> @@ -364,16 +364,17 @@ static int find_conflict(struct string_list *conflict)
> >> static int merge(const char *name, const char *path)
> >> {
> >> int ret;
> >> - mmfile_t cur, base, other;
> >> + mmfile_t cur = {NULL, 0}, base = {NULL, 0}, other = {NULL, 0};
> >> mmbuffer_t result = {NULL, 0};
> >>
> >> if (handle_file(path, NULL, rerere_path(name, "thisimage")) < 0)
> >> return 1;
> >>
> >> + ret = 1;
> >
> > This initialization can come earlier, at declaration time.
> I thought about it, but I think it is clearer to put just in front of
> the condition which may fail.
Well, to _this_ developer, it is clearer when a variable has been
initialized in any case. No need to think about how it could be used
uninitialized. But if you insist...
Ciao,
Dscho
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] rerere: fix memory leak if rerere images can't be read
2010-02-23 21:56 ` Bert Wesarg
2010-02-23 22:12 ` Johannes Schindelin
@ 2010-02-23 22:53 ` Junio C Hamano
1 sibling, 0 replies; 5+ messages in thread
From: Junio C Hamano @ 2010-02-23 22:53 UTC (permalink / raw
To: Bert Wesarg; +Cc: Johannes Schindelin, Junio C Hamano, git
Bert Wesarg <bert.wesarg@googlemail.com> writes:
> On Tue, Feb 23, 2010 at 22:26, Johannes Schindelin
>>> diff --git a/rerere.c b/rerere.c
>>> index d1d3e75..9ca4cb8 100644
>>> --- a/rerere.c
>>> +++ b/rerere.c
>>> @@ -364,16 +364,17 @@ static int find_conflict(struct string_list *conflict)
>>> static int merge(const char *name, const char *path)
>>> {
>>> int ret;
>>> - mmfile_t cur, base, other;
>>> + mmfile_t cur = {NULL, 0}, base = {NULL, 0}, other = {NULL, 0};
>>> mmbuffer_t result = {NULL, 0};
>>>
>>> if (handle_file(path, NULL, rerere_path(name, "thisimage")) < 0)
>>> return 1;
>>>
>>> + ret = 1;
>>
>> This initialization can come earlier, at declaration time.
Yes it can, but I do not think it makes it any easier to read.
> I thought about it, but I think it is clearer to put just in front of
> the condition which may fail.
And I do not think yours is much easier to follow, either.
The function looks like:
static int merge()
{
int ret; /* uninitialized */
...
if (something)
return 1; /* error */
if (some thing
that does allocation and is
fairly large)
return 1; /* error */
ret = operation_that_return_status();
free resources
return ret;
}
If you initialize ret early, it might make "ret" always defined, but it
also makes the first "return 1" give you "huh, why not use ret?".
static int merge()
{
int ret = 1; /* assume bad things will happen */
...
if (something)
return 1; /* error */
if (some thing
that does allocation and is
fairly large)
goto out; /* error */
ret = operation_that_return_status();
out:
free resources
return ret;
}
Also it makes clearing of assumed error harder to spot.
Bert's version is not much better. That "set ret to positive before going
to the exit codepath" logically belongs to the error case. IOW:
static int merge()
{
int ret; /* uninitialized */
...
if (something)
return 1; /* error */
if (some thing
that does allocation and is
fairly large) {
ret = 1;
goto out; /* error */
}
ret = operation_that_return_status();
out:
free resources
return ret;
}
We could initialize ret to 0 at the beginning, to signal the people who
might be tempted to touch the code later that you are supposed to flip it
to non-zero when you find an error and jump to out. An immediate follow
up to such a change would be to do something like:
static int merge()
{
int ret = 0; /* no error yet */
...
if (something) {
ret = 1;
goto out; /* error */
}
if (some thing
that does allocation and is
fairly large) {
ret = 1;
goto out; /* error */
}
ret = operation_that_return_status();
out:
free resources
return ret;
}
but the first condition hasn't even allocated anything to be freed, so
there isn't much point doing this either.
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2010-02-23 22:53 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-02-23 20:11 [PATCH] rerere: fix memory leak if rerere images can't be read Bert Wesarg
2010-02-23 21:26 ` Johannes Schindelin
2010-02-23 21:56 ` Bert Wesarg
2010-02-23 22:12 ` Johannes Schindelin
2010-02-23 22:53 ` Junio C Hamano
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).