From: Johannes Schindelin <Johannes.Schindelin@gmx.de>
To: Patrick Steinhardt <ps@pks.im>
Cc: Johannes Schindelin via GitGitGadget <gitgitgadget@gmail.com>,
git@vger.kernel.org
Subject: Re: [PATCH 07/13] dir: free allocations on parse-error paths in read_one_dir()
Date: Sat, 4 Jul 2026 10:58:56 +0200 (CEST) [thread overview]
Message-ID: <0278c01a-5a7d-e6a4-bee3-4df6df7e5276@gmx.de> (raw)
In-Reply-To: <akTIOeXFhNjJ7V3i@pks.im>
Hi Patrick,
On Wed, 1 Jul 2026, Patrick Steinhardt wrote:
> On Wed, Jul 01, 2026 at 07:04:25AM +0000, Johannes Schindelin via GitGitGadget wrote:
> > diff --git a/dir.c b/dir.c
> > index 32430090dc..23335b9f7a 100644
> > --- a/dir.c
> > +++ b/dir.c
> > @@ -3792,13 +3792,18 @@ static int read_one_dir(struct untracked_cache_dir **untracked_,
> > ALLOC_ARRAY(ud.untracked, ud.untracked_nr);
> >
> > ud.dirs_alloc = ud.dirs_nr = decode_varint(&data);
> > - if (data > end)
> > + if (data > end) {
> > + free(ud.untracked);
> > return -1;
> > + }
> > ALLOC_ARRAY(ud.dirs, ud.dirs_nr);
> >
> > eos = memchr(data, '\0', end - data);
> > - if (!eos || eos == end)
> > + if (!eos || eos == end) {
> > + free(ud.untracked);
> > + free(ud.dirs);
> > return -1;
> > + }
> >
> > *untracked_ = untracked = xmalloc(st_add3(sizeof(*untracked), eos - data, 1));
> > memcpy(untracked, &ud, sizeof(ud));
>
> Hm. Here we assign ownership to the caller, but this still feels quite
> off to me as we also have two more early returns after this point that
> seem to leak memory. Do the callers make sure to always free the data?
Ownership transfers to the caller on the `xmalloc`/`memcpy` line: the
`memcpy` copies the `ud.untracked` and `ud.dirs` pointers into the freshly
xmalloc'd struct that becomes `*untracked_`. From there, any subsequent
failure in the caller reaches `free_untracked_cache()` and then
`free_untracked()`, which releases both arrays. So the two further early
returns are correct as-are.
I will fold that reasoning into the v2 commit message so a future
reader does not have to re-derive it.
Incidentally, and orthogonal to Coverity's leak report: on those same
failure paths, individual slots of `->dirs` and `->untracked` remain
uninitialised, so `free_untracked()` walks garbage pointers before it
ever reaches the two `free()` calls above. That is a separate
crash-on-cleanup bug and I would prefer to address it in a follow-up
rather than widen the scope of this series.
Ciao,
Johannes
next prev parent reply other threads:[~2026-07-04 8:58 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-07-01 7:04 [PATCH 00/13] coverity: fix leaks and error paths Johannes Schindelin via GitGitGadget
2026-07-01 7:04 ` [PATCH 01/13] load_one_loose_object_map(): fix resource leak Johannes Schindelin via GitGitGadget
2026-07-01 7:56 ` Patrick Steinhardt
2026-07-01 16:25 ` Junio C Hamano
2026-07-04 8:58 ` Johannes Schindelin
2026-07-01 7:04 ` [PATCH 02/13] loose: avoid closing invalid fd on error path Johannes Schindelin via GitGitGadget
2026-07-01 7:56 ` Patrick Steinhardt
2026-07-01 7:04 ` [PATCH 03/13] download_https_uri_to_file(): do not leak fd upon failure Johannes Schindelin via GitGitGadget
2026-07-01 7:04 ` [PATCH 04/13] run-command: avoid close(-1) in start_command() error paths Johannes Schindelin via GitGitGadget
2026-07-01 7:56 ` Patrick Steinhardt
2026-07-01 7:04 ` [PATCH 05/13] run_diff_files: avoid memory leak Johannes Schindelin via GitGitGadget
2026-07-01 7:56 ` Patrick Steinhardt
2026-07-04 8:58 ` Johannes Schindelin
2026-07-01 7:04 ` [PATCH 06/13] line-log: avoid redundant copy that leaks in process_ranges Johannes Schindelin via GitGitGadget
2026-07-01 8:02 ` Jeff King
2026-07-01 7:04 ` [PATCH 07/13] dir: free allocations on parse-error paths in read_one_dir() Johannes Schindelin via GitGitGadget
2026-07-01 7:56 ` Patrick Steinhardt
2026-07-04 8:58 ` Johannes Schindelin [this message]
2026-07-01 7:04 ` [PATCH 08/13] submodule: fix cwd leak in get_superproject_working_tree() Johannes Schindelin via GitGitGadget
2026-07-01 7:56 ` Patrick Steinhardt
2026-07-04 8:59 ` Johannes Schindelin
2026-07-01 7:04 ` [PATCH 09/13] worktree: fix resource leaks when branch creation fails Johannes Schindelin via GitGitGadget
2026-07-01 7:04 ` [PATCH 10/13] imap-send: avoid leaking the IMAP upload buffer Johannes Schindelin via GitGitGadget
2026-07-01 7:04 ` [PATCH 11/13] reftable/table: release filter on error path Johannes Schindelin via GitGitGadget
2026-07-01 7:04 ` [PATCH 12/13] fsmonitor: plug token-data leak on early daemon-startup failures Johannes Schindelin via GitGitGadget
2026-07-01 7:04 ` [PATCH 13/13] mingw: make exit_process() own the process handle on all paths Johannes Schindelin via GitGitGadget
2026-07-01 17:34 ` [PATCH 00/13] coverity: fix leaks and error paths Junio C Hamano
2026-07-05 8:24 ` [PATCH v2 00/12] " Johannes Schindelin via GitGitGadget
2026-07-05 8:24 ` [PATCH v2 01/12] load_one_loose_object_map(): fix resource leak Johannes Schindelin via GitGitGadget
2026-07-05 8:24 ` [PATCH v2 02/12] loose: avoid closing invalid fd on error path Johannes Schindelin via GitGitGadget
2026-07-05 8:24 ` [PATCH v2 03/12] download_https_uri_to_file(): do not leak fd upon failure Johannes Schindelin via GitGitGadget
2026-07-05 8:24 ` [PATCH v2 04/12] run-command: avoid `close(-1)` in `start_command()` error paths Johannes Schindelin via GitGitGadget
2026-07-05 8:24 ` [PATCH v2 05/12] line-log: avoid redundant copy that leaks in process_ranges Johannes Schindelin via GitGitGadget
2026-07-05 8:24 ` [PATCH v2 06/12] dir: free allocations on parse-error paths in `read_one_dir()` Johannes Schindelin via GitGitGadget
2026-07-05 8:24 ` [PATCH v2 07/12] submodule: fix cwd leak in `get_superproject_working_tree()` Johannes Schindelin via GitGitGadget
2026-07-05 8:24 ` [PATCH v2 08/12] worktree: fix resource leaks when branch creation fails Johannes Schindelin via GitGitGadget
2026-07-05 8:24 ` [PATCH v2 09/12] imap-send: avoid leaking the IMAP upload buffer Johannes Schindelin via GitGitGadget
2026-07-05 8:24 ` [PATCH v2 10/12] reftable/table: release filter on error path Johannes Schindelin via GitGitGadget
2026-07-05 8:24 ` [PATCH v2 11/12] fsmonitor: plug token-data leak on early daemon-startup failures Johannes Schindelin via GitGitGadget
2026-07-05 8:24 ` [PATCH v2 12/12] mingw: make `exit_process()` own the process handle on all paths Johannes Schindelin via GitGitGadget
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0278c01a-5a7d-e6a4-bee3-4df6df7e5276@gmx.de \
--to=johannes.schindelin@gmx.de \
--cc=git@vger.kernel.org \
--cc=gitgitgadget@gmail.com \
--cc=ps@pks.im \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.