From: Jeff King <peff@peff.net>
To: Stefan Beller <sbeller@google.com>
Cc: sunshine@sunshineco.com, gitster@pobox.com, git@vger.kernel.org
Subject: Re: [PATCHv3 3/4] bundle: don't leak an fd in case of early return
Date: Thu, 31 Mar 2016 15:11:52 -0400 [thread overview]
Message-ID: <20160331191151.GA5013@sigill.intra.peff.net> (raw)
In-Reply-To: <1459447446-32260-4-git-send-email-sbeller@google.com>
On Thu, Mar 31, 2016 at 11:04:05AM -0700, Stefan Beller wrote:
> diff --git a/bundle.c b/bundle.c
> index 506ac49..31ae1da 100644
> --- a/bundle.c
> +++ b/bundle.c
> @@ -435,12 +435,14 @@ int create_bundle(struct bundle_header *header, const char *path,
>
> /* write prerequisites */
> if (compute_and_write_prerequisites(bundle_fd, &revs, argc, argv))
> - return -1;
> + goto err;
>
> argc = setup_revisions(argc, argv, &revs, NULL);
>
> - if (argc > 1)
> - return error(_("unrecognized argument: %s"), argv[1]);
> + if (argc > 1) {
> + error(_("unrecognized argument: %s"), argv[1]);
> + goto err;
> + }
>
> object_array_remove_duplicates(&revs.pending);
>
> @@ -448,17 +450,22 @@ int create_bundle(struct bundle_header *header, const char *path,
> if (!ref_count)
> die(_("Refusing to create empty bundle."));
> else if (ref_count < 0)
> - return -1;
> + goto err;
>
> /* write pack */
> if (write_pack_data(bundle_fd, &revs))
> - return -1;
> + goto err;
Sorry for not noticing this before, but if we assume write_pack_data
always closes bundle_fd, even on error (and I think it does), then the
close() in the "err" code path is redundant from this goto, right?
I guess it is harmless, as nobody could have opened a new descriptor in
the interim, so our close(bundle_fd) will just get EBADF. But I guess we
could also do:
if (write_pack_data(bundle_fd, &revs)) {
bundle_fd = -1;
goto err;
}
or even:
ret = write_pack_data(bundle_fd, &revs);
bundle_fd = -1; /* closed by write_pack_data */
if (ret)
goto err;
to ensure that nobody (including the non-error code paths) uses it
again.
Like I said, I don't think it's buggy in the current code, but it does
seem a little fragile.
> +err:
> + if (!bundle_to_stdout)
> + close(bundle_fd);
> + rollback_lock_file(&lock);
> + return -1;
Similarly, I think the rollback_lock_file() call is redundant if
bundle_to_stdout is set (because we don't have created a lockfile in the
first place). I think this is more explicitly OK, because the lockfile
keeps an "am I initialized" flag, but perhaps sticking inside the "if
(!bundle_to_stdout)" condition makes it more clear that it's not an
error (especially because the "commit_lock_file" call above is inside
one).
-Peff
next prev parent reply other threads:[~2016-03-31 19:12 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-03-31 18:04 [PATCHv3 0/4] Some cleanups Stefan Beller
2016-03-31 18:04 ` [PATCHv3 1/4] notes: don't leak memory in git_config_get_notes_strategy Stefan Beller
2016-03-31 21:08 ` Eric Sunshine
2016-03-31 22:54 ` Junio C Hamano
2016-03-31 23:32 ` Jeff King
2016-03-31 18:04 ` [PATCHv3 2/4] abbrev_sha1_in_line: don't leak memory Stefan Beller
2016-03-31 18:04 ` [PATCHv3 3/4] bundle: don't leak an fd in case of early return Stefan Beller
2016-03-31 19:11 ` Jeff King [this message]
2016-03-31 18:04 ` [PATCHv3 4/4] credential-cache, send_request: close fd when done Stefan Beller
2016-03-31 19:12 ` [PATCHv3 0/4] Some cleanups Jeff King
2016-03-31 19:31 ` Junio C Hamano
2016-03-31 19:33 ` Jeff King
2016-03-31 20:11 ` Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160331191151.GA5013@sigill.intra.peff.net \
--to=peff@peff.net \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=sbeller@google.com \
--cc=sunshine@sunshineco.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).