* [PATCH] reftable: fix unlikely leak on API error
@ 2026-06-28 9:03 Jeff King
2026-06-28 9:06 ` Jeff King
0 siblings, 1 reply; 2+ messages in thread
From: Jeff King @ 2026-06-28 9:03 UTC (permalink / raw)
To: git; +Cc: Patrick Steinhardt
If the reftable writer sees a bogus block size, we return with
REFTABLE_API_ERROR, leaking the reftable_writer struct we previously
allocated. Originally this case was a BUG(), but it became a regular
return in 445f9f4f35 (reftable: stop using `BUG()` in trivial cases,
2025-02-18).
We could obviously fix it by calling "reftable_free(wp)". But we can
observe that we never use the allocated "wp" until after we've validated
the input options. So let's just bump the allocation down. That fixes
the leak, and I think makes the flow of the function more logical
(we validate our inputs before doing any work).
Signed-off-by: Jeff King <peff@peff.net>
---
Noticed by Coverity as a "new" problem, though it has been there for
over a year. Presumably the nearby changes from 44f46f2be5 (reftable:
split up write options, 2026-06-25) confused it. There's a backlog of
hundreds of Coverity problems, most of which are garbage, so I tend to
only look at the ones it marks as new.
reftable/writer.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/reftable/writer.c b/reftable/writer.c
index 0133b64975..1bd4aa388b 100644
--- a/reftable/writer.c
+++ b/reftable/writer.c
@@ -152,16 +152,16 @@ int reftable_writer_new(struct reftable_writer **out,
struct reftable_write_options opts = {0};
struct reftable_writer *wp;
- wp = reftable_calloc(1, sizeof(*wp));
- if (!wp)
- return REFTABLE_OUT_OF_MEMORY_ERROR;
-
if (_opts)
opts = *_opts;
options_set_defaults(&opts);
if (opts.block_size >= (1 << 24))
return REFTABLE_API_ERROR;
+ wp = reftable_calloc(1, sizeof(*wp));
+ if (!wp)
+ return REFTABLE_OUT_OF_MEMORY_ERROR;
+
reftable_buf_init(&wp->block_writer_data.last_key);
reftable_buf_init(&wp->last_key);
reftable_buf_init(&wp->scratch);
--
2.55.0.rc2.353.gf769b6597e
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] reftable: fix unlikely leak on API error
2026-06-28 9:03 [PATCH] reftable: fix unlikely leak on API error Jeff King
@ 2026-06-28 9:06 ` Jeff King
0 siblings, 0 replies; 2+ messages in thread
From: Jeff King @ 2026-06-28 9:06 UTC (permalink / raw)
To: git; +Cc: Patrick Steinhardt
On Sun, Jun 28, 2026 at 05:03:14AM -0400, Jeff King wrote:
> Noticed by Coverity as a "new" problem, though it has been there for
> over a year. Presumably the nearby changes from 44f46f2be5 (reftable:
> split up write options, 2026-06-25) confused it. There's a backlog of
> hundreds of Coverity problems, most of which are garbage, so I tend to
> only look at the ones it marks as new.
This does conflict textually with 44f46f2be5, which adds a new line
nearby. Resolving like:
diff --cc reftable/writer.c
index f850e9d599,1bd4aa388b..d969a6a021
--- a/reftable/writer.c
+++ b/reftable/writer.c
@@@ -161,9 -158,10 +157,13 @@@ int reftable_writer_new(struct reftable
if (opts.block_size >= (1 << 24))
return REFTABLE_API_ERROR;
+ if (!hash_id)
+ hash_id = REFTABLE_HASH_SHA1;
+
+ wp = reftable_calloc(1, sizeof(*wp));
+ if (!wp)
+ return REFTABLE_OUT_OF_MEMORY_ERROR;
+
reftable_buf_init(&wp->block_writer_data.last_key);
reftable_buf_init(&wp->last_key);
reftable_buf_init(&wp->scratch);
makes sense to me, as it keeps the hash_id setting with the "opts"
setup.
-Peff
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2026-06-28 9:06 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-06-28 9:03 [PATCH] reftable: fix unlikely leak on API error Jeff King
2026-06-28 9:06 ` Jeff King
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox