From: Jeff King <peff@peff.net>
To: git@vger.kernel.org
Cc: Patrick Steinhardt <ps@pks.im>
Subject: [PATCH 6/9] check_stream_oid(): discard hash on read error
Date: Thu, 2 Jul 2026 04:05:03 -0400 [thread overview]
Message-ID: <20260702080503.GF2029434@coredump.intra.peff.net> (raw)
In-Reply-To: <20260702075234.GA1548258@coredump.intra.peff.net>
The happy path of check_stream_oid() is to initialize a hash, feed the
loose object zlib stream into it, and then get the final result. But if
we hit a zlib error or see extra cruft we'll bail early with an error.
Since we never call git_hash_final() in this cases, any resources held
by the git_hash_ctx may be leaked. Our default hash algorithms don't
allocate anything in the hash_ctx, but some implementations do. For
example, running:
make SANITIZE=leak \
OPENSSL_SHA256=1 \
GIT_TEST_DEFAULT_HASH=sha256 \
test
will fail t1450, since it feeds corrupted objects that cause us to bail
from check_stream_oid(). This patch fixes it by discarding the hash in
those early return paths. Trying to jump to a common "out:" label is not
worth it here, as we must _not_ discard a hash that was already fed to
git_hash_final(). And the hash_ctx itself does not carry any information
(so we cannot check for a NULL pointer, etc).
Signed-off-by: Jeff King <peff@peff.net>
---
object-file.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/object-file.c b/object-file.c
index 32a0d6d237..035d005279 100644
--- a/object-file.c
+++ b/object-file.c
@@ -1587,11 +1587,13 @@ static int check_stream_oid(git_zstream *stream,
if (status != Z_STREAM_END) {
error(_("corrupt loose object '%s'"), oid_to_hex(expected_oid));
+ git_hash_discard(&c);
return -1;
}
if (stream->avail_in) {
error(_("garbage at end of loose object '%s'"),
oid_to_hex(expected_oid));
+ git_hash_discard(&c);
return -1;
}
--
2.55.0.418.g37da59dd42
next prev parent reply other threads:[~2026-07-02 8:05 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-07-02 7:52 [PATCH 0/9] hash algorithm leak fixes Jeff King
2026-07-02 7:57 ` [PATCH 1/9] csum-file: drop discard_hashfile() Jeff King
2026-07-02 18:19 ` Junio C Hamano
2026-07-02 21:06 ` Jeff King
2026-07-03 11:27 ` Patrick Steinhardt
2026-07-02 7:59 ` [PATCH 2/9] hash: add discard primitive Jeff King
2026-07-03 11:27 ` Patrick Steinhardt
2026-07-02 8:01 ` [PATCH 3/9] csum-file: always finalize or discard hash Jeff King
2026-07-02 8:03 ` [PATCH 4/9] csum-file: provide a function to release checkpoints Jeff King
2026-07-03 11:27 ` Patrick Steinhardt
2026-07-02 8:04 ` [PATCH 5/9] patch-id: discard hash when done Jeff King
2026-07-02 8:05 ` Jeff King [this message]
2026-07-02 8:07 ` [PATCH 7/9] http: discard hash in dumb-http http_object_request Jeff King
2026-07-03 11:27 ` Patrick Steinhardt
2026-07-03 13:47 ` brian m. carlson
2026-07-06 0:01 ` Jeff King
2026-07-06 0:44 ` Jeff King
2026-07-06 6:16 ` Patrick Steinhardt
2026-07-02 8:09 ` [PATCH 8/9] hash: fix memory leak copying sha256 gcrypt handles Jeff King
2026-07-02 8:13 ` [PATCH 9/9] hash: add platform-specific discard functions Jeff King
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260702080503.GF2029434@coredump.intra.peff.net \
--to=peff@peff.net \
--cc=git@vger.kernel.org \
--cc=ps@pks.im \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox