Re: [PATCH 1/2] commit: fix "author_ident" leak

[Junio C Hamano <gitster@pobox.com>]

Ævar Arnfjörð Bjarmason  <avarab@gmail.com> writes:

> Fix a leak in cmd_commit(), since 4c28e4ada03 (commit: die before
> asking to edit the log message, 2010-12-20) we have been freeing the
> "author_ident" "struct strbuf", but not in the case where

It took me an actual reading of the code to see that the above
refers to one and the same thing (i.e. "author_ident variable of
type struct strbuf").  I think it should be sufficient and clearer
to just mention "author_ident" here.

> prepare_to_commit() returns non-zero.

Good eyes.  

> Signed-off-by: Ævar Arnfjörð Bjarmason <avarab@gmail.com>
> ---
>  builtin/commit.c | 9 ++++++---
>  1 file changed, 6 insertions(+), 3 deletions(-)
>
> diff --git a/builtin/commit.c b/builtin/commit.c
> index 6b99ac276d8..696b3527adf 100644
> --- a/builtin/commit.c
> +++ b/builtin/commit.c
> @@ -1689,6 +1689,7 @@ int cmd_commit(int argc, const char **argv, const char *prefix)
>  	struct commit *current_head = NULL;
>  	struct commit_extra_header *extra = NULL;
>  	struct strbuf err = STRBUF_INIT;
> +	int ret = 0;
>  
>  	if (argc == 2 && !strcmp(argv[1], "-h"))
>  		usage_with_options(builtin_commit_usage, builtin_commit_options);
> @@ -1723,8 +1724,9 @@ int cmd_commit(int argc, const char **argv, const char *prefix)
>  	   running hooks, writing the trees, and interacting with the user.  */
>  	if (!prepare_to_commit(index_file, prefix,
>  			       current_head, &s, &author_ident)) {
> +		ret = 1;
>  		rollback_index_files();
> -		return 1;
> +		goto cleanup;
>  	}
>  
>  	/* Determine parents */
> @@ -1822,7 +1824,6 @@ int cmd_commit(int argc, const char **argv, const char *prefix)
>  		rollback_index_files();
>  		die(_("failed to write commit object"));
>  	}
> -	strbuf_release(&author_ident);
>  	free_commit_extra_headers(extra);

Hmph, if we hit one of the two die() after this point before we
reach the "cleanup" label, author_ident will be left on the stack,
which we may want to UNLEAK()?

I am wondering if prepare_to_commit(), which is the one that is
responsible for allocating and using the information in the strbuf,
should be the one who is responsible for cleaning it when it failed
to do its thing, but I do not think it is a good idea, because the
caller MUST release it in the success case anyway.  So dealing with
the releasing here does make sense.

By jumping to the cleanup label, we not just release author_ident,
but we start unleak'ing err and sb as well, which shouldn't be a
problem, hopefully.

Will queue.

Thanks.

>  	if (update_head_with_reflog(current_head, &oid, reflog_msg, &sb,
> @@ -1863,7 +1864,9 @@ int cmd_commit(int argc, const char **argv, const char *prefix)
>  
>  	apply_autostash(git_path_merge_autostash(the_repository));
>  
> +cleanup:
> +	strbuf_release(&author_ident);
>  	UNLEAK(err);
>  	UNLEAK(sb);
> -	return 0;
> +	return ret;
>  }