Git development
 help / color / mirror / Atom feed
From: Jeff King <peff@peff.net>
To: Patrick Steinhardt <ps@pks.im>
Cc: git@vger.kernel.org, Karthik Nayak <karthik.188@gmail.com>
Subject: Re: [PATCH 2/2] format-patch: fix leak of rev_info in prepare_bases()
Date: Wed, 1 Jul 2026 04:13:58 -0400	[thread overview]
Message-ID: <20260701081358.GB813310@coredump.intra.peff.net> (raw)
In-Reply-To: <akOZy-BygZS8fqPM@pks.im>

On Tue, Jun 30, 2026 at 12:26:19PM +0200, Patrick Steinhardt wrote:

> >   make SANITIZE=leak
> >   cd t
> >   GIT_TEST_COMMIT_GRAPH=1 ./t4014-format-patch.sh
> > 
> > which yields many entries like:
> > 
> >   ==git==3687620==ERROR: LeakSanitizer: detected memory leaks
> >   Direct leak of 200 byte(s) in 1 object(s) allocated from:
> >       #0 0x7f4ccba185cb in malloc ../../../../src/libsanitizer/lsan/lsan_interceptors.cpp:74
> >       #1 0x55cd452cdd0b in do_xmalloc wrapper.c:55
> >       #2 0x55cd452cdd9d in xmalloc wrapper.c:76
> >       #3 0x55cd45255473 in init_topo_walk revision.c:3845
> >       #4 0x55cd45255bef in prepare_revision_walk revision.c:4017
> >       #5 0x55cd44ffec40 in prepare_bases builtin/log.c:1872
> >       #6 0x55cd450010ec in cmd_format_patch builtin/log.c:2439
> 
> Interesting. Makes me wonder whether we should modify linux-TEST-vars to
> also run with the leak checker enabled. Ideally we'd of course just do
> this for all jobs, but the overhead is probably way too high... yes,
> doing a simple benchmark shows a ~3x hit.
> 
> So this is definitely nothing we want to do for all jobs. But for the
> linux-TEST-vars job it might make sense, as it exercises a bunch of
> non-default code paths.

We already run a special leak job for linux-reftables. Why not turn that
job into "leaks plus reftables plus test-vars"? The only downside would
be potentially hiding leaks found by linux-reftables-leaks if the
test-vars features force us into a difference code path. But looking at
the list, it doesn't seem likely to me. None of them is particularly
ref-related.

In fact, I kind of wonder if we could fold linux-reftables into the
test-vars job completely.

> One thing worth noting: there are still six test suites that are failing
> with this patch: t0095, t3451, t3452, t3453, t4013 and t4211. The t345x
> failures are because of the missing call to `repo_unuse_commit_buffer()`
> in git-history(1), which we already noted elsewhere.
> 
> All of the remaining leaks in t0095, t4013 and t4211 seem to be related
> to bloom filters.

I sent some patches to fix the bloom-filter cases.

Building with OPENSSL_SHA1_UNSAFE turns up more. The core issue is that
recent versions of openssl require an allocation to open a sha1 context,
and we free it in git_hash_final(). So code paths that abort mid-hash
will leak the allocation, and we need a git_hash_discard().

It comes up mostly with csum-file.[ch], since that's where we use the
unsafe variant.

If you further build with OPENSSL_SHA1 (using it for _all_ hash
computations), there are a few more cases. It's hard to care too much
since that isn't a recommended build (and we've even discussed dropping
support for non-dc sha1 totally). But sha256 has the same issue, so
we'll want to fix it eventually (I didn't try leak-checking the
linux-sha256 build, but I expect it would complain a lot).

I have some patches but they need a bit of polish. In particular I think
we'll have to tweak the hash.h #define mess to expose a "discard"
primitive from each implementation (otherwise we have to finalize the
hash to discard, which is a little inefficient). I didn't quite have the
stomach for that tonight.

-Peff

  reply	other threads:[~2026-07-01  8:13 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-06-30  6:39 [PATCH 0/2] small leak fix in format-patch Jeff King
2026-06-30  6:41 ` [PATCH 1/2] t: move LSan errors from stdout to stderr Jeff King
2026-06-30  6:43 ` [PATCH 2/2] format-patch: fix leak of rev_info in prepare_bases() Jeff King
2026-06-30 10:26   ` Patrick Steinhardt
2026-07-01  8:13     ` Jeff King [this message]
2026-07-01  8:42       ` Patrick Steinhardt
2026-07-01  8:47         ` Jeff King
2026-07-01  9:01           ` Patrick Steinhardt
2026-07-02  8:58             ` Jeff King
2026-07-02 10:08               ` Patrick Steinhardt
2026-07-03 20:45                 ` Junio C Hamano
2026-07-06  0:34                   ` Jeff King
2026-07-06  5:57                     ` Patrick Steinhardt
2026-07-04 21:13 ` [PATCH 0/2] small leak fix in format-patch Karthik Nayak
2026-07-06  0:01   ` Jeff King

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260701081358.GB813310@coredump.intra.peff.net \
    --to=peff@peff.net \
    --cc=git@vger.kernel.org \
    --cc=karthik.188@gmail.com \
    --cc=ps@pks.im \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox