From: Jeff King <peff@peff.net>
To: Patrick Steinhardt <ps@pks.im>
Cc: Junio C Hamano <gitster@pobox.com>,
git@vger.kernel.org, Brooke Kuhlmann <brooke@alchemists.io>
Subject: Re: [PATCH 10/9] ref-filter: fix leak with unterminated %(if) atoms
Date: Thu, 12 Sep 2024 07:18:58 -0400 [thread overview]
Message-ID: <20240912111858.GA617985@coredump.intra.peff.net> (raw)
In-Reply-To: <ZuLA0SBqhBbBdcd1@pks.im>
On Thu, Sep 12, 2024 at 12:22:16PM +0200, Patrick Steinhardt wrote:
> > diff --git c/ref-filter.c w/ref-filter.c
> > index b06e18a569..d2040f5047 100644
> > --- c/ref-filter.c
> > +++ w/ref-filter.c
> > @@ -3471,7 +3471,8 @@ int format_ref_array_item(struct ref_array_item *info,
> > }
> > }
> > if (state.stack->prev) {
> > - pop_stack_element(&state.stack);
> > + while (state.stack->prev)
> > + pop_stack_element(&state.stack);
> > return strbuf_addf_ret(error_buf, -1, _("format: %%(end) atom missing"));
> > }
> > strbuf_addbuf(final_buf, &state.stack->output);
>
> Hm. It certainly feels like we should do that. I couldn't construct a
> test case that fails with the leak sanitizer though. If it's a leak I'm
> sure I'll eventually hit it when I continue down the road headed towards
> leak-free-ness.
Hmm. I think just:
./git for-each-ref --format='%(if)%(then)%(if)%(then)%(if)%(then)'
should trigger it, and running it in the debugger I can see that we exit
the function with multiple entries.
Valgrind claims the memory is still reachable, but I don't see how. The
"state" variable is accessible only inside that function. The only thing
we do after returning is die(). I wonder if it is a false negative
because the stack is left undisturbed (especially because the compiler
knows that die() does not return).
At any rate, I think the same would apply to the earlier error returns:
diff --git a/ref-filter.c b/ref-filter.c
index b06e18a569..a339f0ab0f 100644
--- a/ref-filter.c
+++ b/ref-filter.c
@@ -3454,7 +3454,8 @@ int format_ref_array_item(struct ref_array_item *info,
pos = parse_ref_filter_atom(format, sp + 2, ep, error_buf);
if (pos < 0 || get_ref_atom_value(info, pos, &atomv, error_buf) ||
atomv->handler(atomv, &state, error_buf)) {
- pop_stack_element(&state.stack);
+ while (state.stack->prev)
+ pop_stack_element(&state.stack);
return -1;
}
}
@@ -3466,7 +3467,8 @@ int format_ref_array_item(struct ref_array_item *info,
struct atom_value resetv = ATOM_VALUE_INIT;
resetv.s = GIT_COLOR_RESET;
if (append_atom(&resetv, &state, error_buf)) {
- pop_stack_element(&state.stack);
+ while (state.stack->prev)
+ pop_stack_element(&state.stack);
return -1;
}
}
I wasn't sure why the non-error code path wouldn't need the same, but it
looks like there's some popping that happens in the various callbacks?
I'm not very familiar with this code, and it's hard to follow the flow
through the function pointers.
All that said, I am content to leave it for now. Even if it's a real
leak, it's one that happens once per program right before exiting with
an error. Most of the value in cleaning up trivial leaks like that are
to reduce the noise from analyzers so that we can find the much more
important leaks that scale with the input. If the analyzers aren't
complaining and we think it's trivial, it may not be worth spending a
lot of time on.
-Peff
next prev parent reply other threads:[~2024-09-12 11:18 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-09-09 23:07 [PATCH 0/9] ref-filter %(trailer) fixes Jeff King
2024-09-09 23:08 ` [PATCH 1/9] t6300: drop newline from wrapped test title Jeff King
2024-09-09 23:12 ` [PATCH 2/9] ref-filter: avoid extra copies of payload/signature Jeff King
2024-09-10 6:09 ` Patrick Steinhardt
2024-09-10 6:26 ` Jeff King
2024-09-09 23:14 ` [PATCH 3/9] ref-filter: strip signature when parsing tag trailers Jeff King
2024-09-10 6:08 ` Patrick Steinhardt
2024-09-10 6:28 ` Jeff King
2024-09-09 23:14 ` [PATCH 4/9] ref-filter: drop useless cast in trailers_atom_parser() Jeff King
2024-09-09 23:16 ` [PATCH 5/9] ref-filter: store ref_trailer_buf data per-atom Jeff King
2024-09-10 6:08 ` Patrick Steinhardt
2024-09-09 23:18 ` [PATCH 6/9] ref-filter: fix leak of %(trailers) "argbuf" Jeff King
2024-09-10 6:09 ` Patrick Steinhardt
2024-09-10 6:33 ` Jeff King
2024-09-09 23:19 ` [PATCH 7/9] ref-filter: fix leak with %(describe) arguments Jeff King
2024-09-09 23:19 ` [PATCH 8/9] ref-filter: fix leak when formatting %(push:remoteref) Jeff King
2024-09-10 6:09 ` Patrick Steinhardt
2024-09-09 23:21 ` [PATCH 9/9] ref-filter: add ref_format_clear() function Jeff King
2024-09-10 6:09 ` Patrick Steinhardt
2024-09-10 6:37 ` Jeff King
2024-09-10 6:57 ` [PATCH 10/9] ref-filter: fix leak with unterminated %(if) atoms Patrick Steinhardt
2024-09-10 7:12 ` Jeff King
2024-09-10 16:48 ` Junio C Hamano
2024-09-12 10:22 ` Patrick Steinhardt
2024-09-12 11:18 ` Jeff King [this message]
2024-09-12 11:32 ` Patrick Steinhardt
2024-09-12 20:24 ` Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240912111858.GA617985@coredump.intra.peff.net \
--to=peff@peff.net \
--cc=brooke@alchemists.io \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=ps@pks.im \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).