Git development
 help / color / mirror / Atom feed
From: "brian m. carlson" <sandals@crustytoothpaste.net>
To: <git@vger.kernel.org>
Cc: Junio C Hamano <gitster@pobox.com>, Jeff King <peff@peff.net>,
	Patrick Steinhardt <ps@pks.im>
Subject: [PATCH 2/2] rust: discard hash context when finished
Date: Sun, 19 Jul 2026 01:08:42 +0000	[thread overview]
Message-ID: <20260719010842.17991-3-sandals@crustytoothpaste.net> (raw)
In-Reply-To: <20260719010842.17991-1-sandals@crustytoothpaste.net>

When we allocate a context but then abandon it, we never discard it,
which means that the underlying crypto library context may leak.  This
doesn't happen with our default block code, but it may with OpenSSL.
Note that we do call git_hash_free, which frees the memory we called
from git_hash_alloc, but doesn't discard the underlying context itself.

This can be seen with the following command when compiling with OpenSSL
and running with nightly Rust:

    RUSTFLAGS='-Z sanitizer=leak' cargo test

Discard the context in our context handler.  Note that it is fine to do
so even after finalizing the context, so our final functions which take
self instead of &mut self will not mishandle memory.

Signed-off-by: brian m. carlson <sandals@crustytoothpaste.net>
---
 src/hash.rs | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/hash.rs b/src/hash.rs
index 4d14e4b4fa..e1f2d31fc3 100644
--- a/src/hash.rs
+++ b/src/hash.rs
@@ -194,7 +194,10 @@ impl Clone for CryptoHasher {
 
 impl Drop for CryptoHasher {
     fn drop(&mut self) {
-        unsafe { c::git_hash_free(self.ctx) };
+        unsafe {
+            c::git_hash_discard(self.ctx);
+            c::git_hash_free(self.ctx);
+        };
     }
 }
 
@@ -356,6 +359,7 @@ pub mod c {
         pub fn git_hash_clone(dst: *mut c_void, src: *const c_void);
         pub fn git_hash_update(ctx: *mut c_void, inp: *const c_void, len: usize);
         pub fn git_hash_final(hash: *mut u8, ctx: *mut c_void);
+        pub fn git_hash_discard(ctx: *mut c_void);
         pub fn git_hash_final_oid(hash: *mut c_void, ctx: *mut c_void);
     }
 }
@@ -450,6 +454,7 @@ mod tests {
                 h.update(&data[2..]);
 
                 let h2 = h.clone();
+                let h3 = h2.clone();
 
                 let actual_oid = h.into_oid();
                 assert_eq!(**oid, actual_oid);
@@ -463,6 +468,7 @@ mod tests {
 
                 let actual_oid = h.into_oid();
                 assert_eq!(**oid, actual_oid);
+                std::mem::drop(h3);
             }
         }
     }

  parent reply	other threads:[~2026-07-19  1:08 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-07-19  1:08 [PATCH 0/2] Rust hash cleanups brian m. carlson
2026-07-19  1:08 ` [PATCH 1/2] hash: initialize context before cloning brian m. carlson
2026-07-19  1:08 ` brian m. carlson [this message]
2026-07-19  8:07 ` [PATCH 0/2] Rust hash cleanups Jeff King

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260719010842.17991-3-sandals@crustytoothpaste.net \
    --to=sandals@crustytoothpaste.net \
    --cc=git@vger.kernel.org \
    --cc=gitster@pobox.com \
    --cc=peff@peff.net \
    --cc=ps@pks.im \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox