git@vger.kernel.org list mirror (unofficial, one of many)
 help / color / mirror / code / Atom feed
From: Junio C Hamano <gitster@pobox.com>
To: "Ævar Arnfjörð Bjarmason" <avarab@gmail.com>
Cc: git@vger.kernel.org
Subject: Re: [PATCH 1/2] commit: fix "author_ident" leak
Date: Wed, 16 Feb 2022 09:59:50 -0800	[thread overview]
Message-ID: <xmqqee42u1yh.fsf@gitster.g> (raw)
In-Reply-To: <patch-1.2-25202a1d07f-20220216T081844Z-avarab@gmail.com> (=?utf-8?B?IsOGdmFyCUFybmZqw7Zyw7A=?= Bjarmason"'s message of "Wed, 16 Feb 2022 09:21:05 +0100")

Ævar Arnfjörð Bjarmason  <avarab@gmail.com> writes:

> Fix a leak in cmd_commit(), since 4c28e4ada03 (commit: die before
> asking to edit the log message, 2010-12-20) we have been freeing the
> "author_ident" "struct strbuf", but not in the case where

It took me an actual reading of the code to see that the above
refers to one and the same thing (i.e. "author_ident variable of
type struct strbuf").  I think it should be sufficient and clearer
to just mention "author_ident" here.

> prepare_to_commit() returns non-zero.

Good eyes.  

> Signed-off-by: Ævar Arnfjörð Bjarmason <avarab@gmail.com>
> ---
>  builtin/commit.c | 9 ++++++---
>  1 file changed, 6 insertions(+), 3 deletions(-)
>
> diff --git a/builtin/commit.c b/builtin/commit.c
> index 6b99ac276d8..696b3527adf 100644
> --- a/builtin/commit.c
> +++ b/builtin/commit.c
> @@ -1689,6 +1689,7 @@ int cmd_commit(int argc, const char **argv, const char *prefix)
>  	struct commit *current_head = NULL;
>  	struct commit_extra_header *extra = NULL;
>  	struct strbuf err = STRBUF_INIT;
> +	int ret = 0;
>  
>  	if (argc == 2 && !strcmp(argv[1], "-h"))
>  		usage_with_options(builtin_commit_usage, builtin_commit_options);
> @@ -1723,8 +1724,9 @@ int cmd_commit(int argc, const char **argv, const char *prefix)
>  	   running hooks, writing the trees, and interacting with the user.  */
>  	if (!prepare_to_commit(index_file, prefix,
>  			       current_head, &s, &author_ident)) {
> +		ret = 1;
>  		rollback_index_files();
> -		return 1;
> +		goto cleanup;
>  	}
>  
>  	/* Determine parents */
> @@ -1822,7 +1824,6 @@ int cmd_commit(int argc, const char **argv, const char *prefix)
>  		rollback_index_files();
>  		die(_("failed to write commit object"));
>  	}
> -	strbuf_release(&author_ident);
>  	free_commit_extra_headers(extra);

Hmph, if we hit one of the two die() after this point before we
reach the "cleanup" label, author_ident will be left on the stack,
which we may want to UNLEAK()?

I am wondering if prepare_to_commit(), which is the one that is
responsible for allocating and using the information in the strbuf,
should be the one who is responsible for cleaning it when it failed
to do its thing, but I do not think it is a good idea, because the
caller MUST release it in the success case anyway.  So dealing with
the releasing here does make sense.

By jumping to the cleanup label, we not just release author_ident,
but we start unleak'ing err and sb as well, which shouldn't be a
problem, hopefully.

Will queue.

Thanks.

>  	if (update_head_with_reflog(current_head, &oid, reflog_msg, &sb,
> @@ -1863,7 +1864,9 @@ int cmd_commit(int argc, const char **argv, const char *prefix)
>  
>  	apply_autostash(git_path_merge_autostash(the_repository));
>  
> +cleanup:
> +	strbuf_release(&author_ident);
>  	UNLEAK(err);
>  	UNLEAK(sb);
> -	return 0;
> +	return ret;
>  }

  reply	other threads:[~2022-02-16 18:00 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-02-16  8:21 [PATCH 0/2] commit: trivial leak fix, add 2 tests to linux-leaks CI Ævar Arnfjörð Bjarmason
2022-02-16  8:21 ` [PATCH 1/2] commit: fix "author_ident" leak Ævar Arnfjörð Bjarmason
2022-02-16 17:59   ` Junio C Hamano [this message]
2022-02-16  8:21 ` [PATCH 2/2] commit: use strbuf_release() instead of UNLEAK() Ævar Arnfjörð Bjarmason
2022-02-16 18:03   ` Junio C Hamano
2022-02-16 18:30     ` Junio C Hamano
2022-02-18 12:35       ` Whether to keep using UNLEAK() in built-ins (was: [PATCH 2/2] commit: use strbuf_release() instead of UNLEAK()) Ævar Arnfjörð Bjarmason
2022-02-18 18:19         ` Whether to keep using UNLEAK() in built-ins Junio C Hamano
2022-02-18 19:31           ` Ævar Arnfjörð Bjarmason
2022-05-12 22:51 ` [PATCH] commit: fix "author_ident" leak Junio C Hamano
2022-05-17 13:48   ` Ævar Arnfjörð Bjarmason
2022-05-18 16:30     ` Junio C Hamano

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: http://vger.kernel.org/majordomo-info.html

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=xmqqee42u1yh.fsf@gitster.g \
    --to=gitster@pobox.com \
    --cc=avarab@gmail.com \
    --cc=git@vger.kernel.org \
    --subject='Re: [PATCH 1/2] commit: fix "author_ident" leak' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Code repositories for project(s) associated with this inbox:

	https://80x24.org/mirrors/git.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).