From: Elijah Newren <newren@gmail.com>
To: Andrzej Hunt <andrzej@ahunt.org>
Cc: Git Mailing List <git@vger.kernel.org>
Subject: Re: [PATCH 12/12] reset: clear_unpack_trees_porcelain to plug leak
Date: Mon, 21 Jun 2021 14:44:58 -0700 [thread overview]
Message-ID: <CABPp-BH23-c9cFvMw==WUukcoswne7Qc9H65Nuk5Km5Coco2vA@mail.gmail.com> (raw)
In-Reply-To: <20210620151204.19260-13-andrzej@ahunt.org>
On Sun, Jun 20, 2021 at 8:15 AM <andrzej@ahunt.org> wrote:
>
> From: Andrzej Hunt <ajrhunt@google.com>
>
> setup_unpack_trees_porcelain() populates various fields on
> unpack_tree_opts, we need to call clear_unpack_trees_porcelain() to
> avoid leaking them. Specifically, we used to leak
> unpack_tree_opts.msgs_to_free.
>
> We have to do this in leave_reset_head because there are multiple
> scenarios where unpack_tree_opts has already been configured, followed
> by a 'goto leave_reset_head'. But we can also 'goto leave_reset_head'
> prior to having initialised unpack_tree_opts via memset(..., 0, ...).
> Therefore we also move unpack_tree_opts initialisation to the start of
> reset_head(), and convert it to use brace initialisation - which
> guarantees that we can never clear an unitialised unpack_tree_opts.
I think you mean either "uninitialized" or "uninitialised" (missing an
'in' in the spelling)
> clear_unpack_tree_opts() is always safe to call as long as
> unpack_tree_opts is at least zero-initialised, i.e. it does not depend
> on a previous call to setup_unpack_trees_porcelain().
>
> LSAN output from t0021:
>
> Direct leak of 192 byte(s) in 1 object(s) allocated from:
> #0 0x49ab49 in realloc ../projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:164:3
> #1 0xa721e5 in xrealloc wrapper.c:126:8
> #2 0x9f7861 in strvec_push_nodup strvec.c:19:2
> #3 0x9f7861 in strvec_pushf strvec.c:39:2
> #4 0xa43e14 in setup_unpack_trees_porcelain unpack-trees.c:129:3
> #5 0x97e011 in reset_head reset.c:53:2
> #6 0x61dfa5 in cmd_rebase builtin/rebase.c:1991:9
> #7 0x4ce83e in run_builtin git.c:475:11
> #8 0x4ccafe in handle_builtin git.c:729:3
> #9 0x4cb01c in run_argv git.c:818:4
> #10 0x4cb01c in cmd_main git.c:949:19
> #11 0x6b3f3d in main common-main.c:52:11
> #12 0x7fa8addf3349 in __libc_start_main (/lib64/libc.so.6+0x24349)
>
> Indirect leak of 147 byte(s) in 1 object(s) allocated from:
> #0 0x49ab49 in realloc ../projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:164:3
> #1 0xa721e5 in xrealloc wrapper.c:126:8
> #2 0x9e8d54 in strbuf_grow strbuf.c:98:2
> #3 0x9e8d54 in strbuf_vaddf strbuf.c:401:3
> #4 0x9f7774 in strvec_pushf strvec.c:36:2
> #5 0xa43e14 in setup_unpack_trees_porcelain unpack-trees.c:129:3
> #6 0x97e011 in reset_head reset.c:53:2
> #7 0x61dfa5 in cmd_rebase builtin/rebase.c:1991:9
> #8 0x4ce83e in run_builtin git.c:475:11
> #9 0x4ccafe in handle_builtin git.c:729:3
> #10 0x4cb01c in run_argv git.c:818:4
> #11 0x4cb01c in cmd_main git.c:949:19
> #12 0x6b3f3d in main common-main.c:52:11
> #13 0x7fa8addf3349 in __libc_start_main (/lib64/libc.so.6+0x24349)
>
> Indirect leak of 134 byte(s) in 1 object(s) allocated from:
> #0 0x49ab49 in realloc ../projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:164:3
> #1 0xa721e5 in xrealloc wrapper.c:126:8
> #2 0x9e8d54 in strbuf_grow strbuf.c:98:2
> #3 0x9e8d54 in strbuf_vaddf strbuf.c:401:3
> #4 0x9f7774 in strvec_pushf strvec.c:36:2
> #5 0xa43fe4 in setup_unpack_trees_porcelain unpack-trees.c:168:3
> #6 0x97e011 in reset_head reset.c:53:2
> #7 0x61dfa5 in cmd_rebase builtin/rebase.c:1991:9
> #8 0x4ce83e in run_builtin git.c:475:11
> #9 0x4ccafe in handle_builtin git.c:729:3
> #10 0x4cb01c in run_argv git.c:818:4
> #11 0x4cb01c in cmd_main git.c:949:19
> #12 0x6b3f3d in main common-main.c:52:11
> #13 0x7fa8addf3349 in __libc_start_main (/lib64/libc.so.6+0x24349)
>
> Indirect leak of 130 byte(s) in 1 object(s) allocated from:
> #0 0x49ab49 in realloc ../projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:164:3
> #1 0xa721e5 in xrealloc wrapper.c:126:8
> #2 0x9e8d54 in strbuf_grow strbuf.c:98:2
> #3 0x9e8d54 in strbuf_vaddf strbuf.c:401:3
> #4 0x9f7774 in strvec_pushf strvec.c:36:2
> #5 0xa43f20 in setup_unpack_trees_porcelain unpack-trees.c:150:3
> #6 0x97e011 in reset_head reset.c:53:2
> #7 0x61dfa5 in cmd_rebase builtin/rebase.c:1991:9
> #8 0x4ce83e in run_builtin git.c:475:11
> #9 0x4ccafe in handle_builtin git.c:729:3
> #10 0x4cb01c in run_argv git.c:818:4
> #11 0x4cb01c in cmd_main git.c:949:19
> #12 0x6b3f3d in main common-main.c:52:11
> #13 0x7fa8addf3349 in __libc_start_main (/lib64/libc.so.6+0x24349)
>
> SUMMARY: AddressSanitizer: 603 byte(s) leaked in 4 allocation(s).
>
> Signed-off-by: Andrzej Hunt <andrzej@ahunt.org>
> ---
> reset.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/reset.c b/reset.c
> index 4bea758053..79310ae071 100644
> --- a/reset.c
> +++ b/reset.c
> @@ -21,7 +21,7 @@ int reset_head(struct repository *r, struct object_id *oid, const char *action,
> struct object_id head_oid;
> struct tree_desc desc[2] = { { NULL }, { NULL } };
> struct lock_file lock = LOCK_INIT;
> - struct unpack_trees_options unpack_tree_opts;
> + struct unpack_trees_options unpack_tree_opts = { 0 };
> struct tree *tree;
> const char *reflog_action;
> struct strbuf msg = STRBUF_INIT;
> @@ -49,7 +49,6 @@ int reset_head(struct repository *r, struct object_id *oid, const char *action,
> if (refs_only)
> goto reset_head_refs;
>
> - memset(&unpack_tree_opts, 0, sizeof(unpack_tree_opts));
> setup_unpack_trees_porcelain(&unpack_tree_opts, action);
> unpack_tree_opts.head_idx = 1;
> unpack_tree_opts.src_index = r->index;
> @@ -134,6 +133,7 @@ int reset_head(struct repository *r, struct object_id *oid, const char *action,
> leave_reset_head:
> strbuf_release(&msg);
> rollback_lock_file(&lock);
> + clear_unpack_trees_porcelain(&unpack_tree_opts);
> while (nr)
> free((void *)desc[--nr].buffer);
> return ret;
> --
> 2.26.2
Nice catch, and nice explanation. I think we probably have several
similar problems throughout the code base; a quick grep (`git grep -e
struct.unpack_trees_options -e clear_unpack_trees_porcelain`) suggests
there are several places that clear_unpack_trees_porcelain() is
probably missing and which could likely use your struct initialization
trick as well.
next prev parent reply other threads:[~2021-06-21 21:45 UTC|newest]
Thread overview: 51+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-20 15:11 [PATCH 00/12] Fix all leaks in tests t0002-t0099: Part 2 andrzej
2021-06-20 15:11 ` [PATCH 01/12] fmt-merge-msg: free newly allocated temporary strings when done andrzej
2021-06-21 20:34 ` Elijah Newren
2021-06-20 15:11 ` [PATCH 02/12] environment: move strbuf into block to plug leak andrzej
2021-06-21 20:49 ` Elijah Newren
2021-06-26 8:27 ` René Scharfe
2021-06-20 15:11 ` [PATCH 03/12] builtin/submodule--helper: release unused strbuf to avoid leak andrzej
2021-06-20 15:11 ` [PATCH 04/12] builtin/for-each-repo: remove unnecessary argv copy to plug leak andrzej
2021-06-21 20:55 ` Elijah Newren
2021-06-20 15:11 ` [PATCH 05/12] diffcore-rename: move old_dir/new_dir definition " andrzej
2021-06-21 14:01 ` Elijah Newren
2021-06-20 15:11 ` [PATCH 06/12] ref-filter: also free head for ATOM_HEAD to avoid leak andrzej
2021-06-21 21:10 ` Elijah Newren
2021-06-20 15:11 ` [PATCH 07/12] read-cache: call diff_setup_done " andrzej
2021-06-21 21:17 ` Elijah Newren
2021-06-20 15:12 ` [PATCH 08/12] convert: release strbuf " andrzej
2021-06-21 20:31 ` Elijah Newren
2021-06-20 15:12 ` [PATCH 09/12] builtin/mv: free or UNLEAK multiple pointers at end of cmd_mv andrzej
2021-06-20 15:12 ` [PATCH 10/12] builtin/merge: free found_ref when done andrzej
2021-06-21 21:27 ` Elijah Newren
2021-06-20 15:12 ` [PATCH 11/12] builtin/rebase: fix options.strategy memory lifecycle andrzej
2021-06-20 18:14 ` Phillip Wood
2021-06-21 21:39 ` Elijah Newren
2021-06-22 9:02 ` Phillip Wood
2021-07-25 13:03 ` Andrzej Hunt
2021-07-27 19:34 ` Phillip Wood
2021-06-20 15:12 ` [PATCH 12/12] reset: clear_unpack_trees_porcelain to plug leak andrzej
2021-06-21 21:44 ` Elijah Newren [this message]
2021-06-21 21:54 ` [PATCH 00/12] Fix all leaks in tests t0002-t0099: Part 2 Elijah Newren
2021-07-25 13:05 ` Andrzej Hunt
2021-07-26 8:01 ` Christian Couder
2021-07-25 13:08 ` [PATCH v2 " andrzej
2021-07-25 13:08 ` [PATCH v2 01/12] fmt-merge-msg: free newly allocated temporary strings when done andrzej
2021-07-26 19:20 ` Junio C Hamano
2021-07-25 13:08 ` [PATCH v2 02/12] environment: move strbuf into block to plug leak andrzej
2021-07-25 13:08 ` [PATCH v2 03/12] builtin/submodule--helper: release unused strbuf to avoid leak andrzej
2021-07-25 13:08 ` [PATCH v2 04/12] builtin/for-each-repo: remove unnecessary argv copy to plug leak andrzej
2021-07-26 20:02 ` Junio C Hamano
2021-07-25 13:08 ` [PATCH v2 05/12] diffcore-rename: move old_dir/new_dir definition " andrzej
2021-07-26 20:02 ` Junio C Hamano
2021-07-25 13:08 ` [PATCH v2 06/12] ref-filter: also free head for ATOM_HEAD to avoid leak andrzej
2021-07-26 20:04 ` Junio C Hamano
2021-07-25 13:08 ` [PATCH v2 07/12] read-cache: call diff_setup_done " andrzej
2021-07-26 20:10 ` Junio C Hamano
2021-07-25 13:08 ` [PATCH v2 08/12] convert: release strbuf " andrzej
2021-07-26 20:15 ` Junio C Hamano
2021-07-25 13:08 ` [PATCH v2 09/12] builtin/mv: free or UNLEAK multiple pointers at end of cmd_mv andrzej
2021-07-25 13:08 ` [PATCH v2 10/12] builtin/merge: free found_ref when done andrzej
2021-07-25 13:08 ` [PATCH v2 11/12] builtin/rebase: fix options.strategy memory lifecycle andrzej
2021-07-25 13:08 ` [PATCH v2 12/12] reset: clear_unpack_trees_porcelain to plug leak andrzej
2021-07-26 20:20 ` [PATCH v2 00/12] Fix all leaks in tests t0002-t0099: Part 2 Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CABPp-BH23-c9cFvMw==WUukcoswne7Qc9H65Nuk5Km5Coco2vA@mail.gmail.com' \
--to=newren@gmail.com \
--cc=andrzej@ahunt.org \
--cc=git@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).