* [PATCH 1/2] Don't leak file descriptors from unavailable pack files.
@ 2007-02-02 8:00 Shawn O. Pearce
2007-02-02 8:37 ` Junio C Hamano
0 siblings, 1 reply; 4+ messages in thread
From: Shawn O. Pearce @ 2007-02-02 8:00 UTC (permalink / raw)
To: Junio C Hamano; +Cc: git
If open_packed_git failed it may have been because the packfile
actually exists and is readable, but some sort of verification
did not pass. In this case open_packed_git left pack_fd filled
in, as the file descriptor is valid. We don't want to leak the
file descriptor, nor do we want to allow someone in the future
to use this packed_git.
Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
---
sha1_file.c | 4 ++++
1 files changed, 4 insertions(+), 0 deletions(-)
diff --git a/sha1_file.c b/sha1_file.c
index 37669d6..ba1c799 100644
--- a/sha1_file.c
+++ b/sha1_file.c
@@ -1414,6 +1414,10 @@ static int find_pack_entry(const unsigned char *sha1, struct pack_entry *e, cons
* was loaded!
*/
if (p->pack_fd == -1 && open_packed_git(p)) {
+ if (p->pack_fd != -1) {
+ close(p->pack_fd);
+ p->pack_fd = -1;
+ }
error("packfile %s cannot be accessed", p->pack_name);
continue;
}
--
1.5.0.rc3.1.ge4b0e
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH 1/2] Don't leak file descriptors from unavailable pack files.
2007-02-02 8:00 [PATCH 1/2] Don't leak file descriptors from unavailable pack files Shawn O. Pearce
@ 2007-02-02 8:37 ` Junio C Hamano
2007-02-02 8:53 ` Shawn O. Pearce
0 siblings, 1 reply; 4+ messages in thread
From: Junio C Hamano @ 2007-02-02 8:37 UTC (permalink / raw)
To: Shawn O. Pearce; +Cc: git
"Shawn O. Pearce" <spearce@spearce.org> writes:
> If open_packed_git failed it may have been because the packfile
> actually exists and is readable, but some sort of verification
> did not pass. In this case open_packed_git left pack_fd filled
> in, as the file descriptor is valid.
> if (p->pack_fd == -1 && open_packed_git(p)) {
> + if (p->pack_fd != -1) {
> + close(p->pack_fd);
> + p->pack_fd = -1;
> + }
I agree leaking fd is not nice, but I wonder if that should be
dealt with by the caller.
Originally it did not matter as open_packed_git() died, but
shouldn't it be closing the fd and marking p->pack_fd with -1, as
you made it return instead of die?
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH 1/2] Don't leak file descriptors from unavailable pack files.
2007-02-02 8:37 ` Junio C Hamano
@ 2007-02-02 8:53 ` Shawn O. Pearce
2007-02-03 5:33 ` Junio C Hamano
0 siblings, 1 reply; 4+ messages in thread
From: Shawn O. Pearce @ 2007-02-02 8:53 UTC (permalink / raw)
To: Junio C Hamano; +Cc: git
Junio C Hamano <junkio@cox.net> wrote:
> I agree leaking fd is not nice, but I wonder if that should be
> dealt with by the caller.
>
> Originally it did not matter as open_packed_git() died, but
> shouldn't it be closing the fd and marking p->pack_fd with -1, as
> you made it return instead of die?
Yea, I thought of that when I wrote that evil patch...
But open_packed_git has 12 things that can cause it to return
an error. That's basically a rewrite of the function. This was
4 lines added to the only caller which didn't die().
Probably the wrong thing to do. But the patch was shorter!
Do you want to reject this patch and have me rewrite open_packed_git
instead?
--
Shawn.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH 1/2] Don't leak file descriptors from unavailable pack files.
2007-02-02 8:53 ` Shawn O. Pearce
@ 2007-02-03 5:33 ` Junio C Hamano
0 siblings, 0 replies; 4+ messages in thread
From: Junio C Hamano @ 2007-02-03 5:33 UTC (permalink / raw)
To: Shawn O. Pearce; +Cc: git
"Shawn O. Pearce" <spearce@spearce.org> writes:
> Junio C Hamano <junkio@cox.net> wrote:
>> I agree leaking fd is not nice, but I wonder if that should be
>> dealt with by the caller.
>>
>> Originally it did not matter as open_packed_git() died, but
>> shouldn't it be closing the fd and marking p->pack_fd with -1, as
>> you made it return instead of die?
>
> Yea, I thought of that when I wrote that evil patch...
>
> But open_packed_git has 12 things that can cause it to return
> an error. That's basically a rewrite of the function. This was
> 4 lines added to the only caller which didn't die().
Well, you can let the compiler to do the job, like this,
perhaps, if you really want to be lazy. There won't be any
overhead from the extra call level, as there is only one caller
of open_packed_git_1() which will be inlined ;-).
diff --git a/sha1_file.c b/sha1_file.c
index 2eff14a..45e410e 100644
--- a/sha1_file.c
+++ b/sha1_file.c
@@ -552,7 +552,11 @@ void unuse_pack(struct pack_window **w_cursor)
}
}
-static int open_packed_git(struct packed_git *p)
+/*
+ * Do not call this directly as this leaks p->pack_fd on error return;
+ * call open_packed_git() instead.
+ */
+static int open_packed_git_1(struct packed_git *p)
{
struct stat st;
struct pack_header hdr;
@@ -608,6 +612,17 @@ static int open_packed_git(struct packed_git *p)
return 0;
}
+static int open_packed_git(struct packed_git *p)
+{
+ if (!open_packed_git_1(p))
+ return 0;
+ if (p->pack_fd != -1) {
+ close(p->pack_fd);
+ p->pack_fd = -1;
+ }
+ return -1;
+}
+
static int in_window(struct pack_window *win, unsigned long offset)
{
/* We must promise at least 20 bytes (one hash) after the
^ permalink raw reply related [flat|nested] 4+ messages in thread
end of thread, other threads:[~2007-02-03 5:33 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-02-02 8:00 [PATCH 1/2] Don't leak file descriptors from unavailable pack files Shawn O. Pearce
2007-02-02 8:37 ` Junio C Hamano
2007-02-02 8:53 ` Shawn O. Pearce
2007-02-03 5:33 ` Junio C Hamano
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).