[PATCH 01/11] Fix memory leak in traverse_commit_list

[PATCH 01/11] Fix memory leak in traverse_commit_list

[Shawn O. Pearce]

If we were listing objects too then the objects were buffered in an
array only reachable from a stack allocated structure.  When this
function returns that array would be leaked as nobody would have
a reference to it anymore.

Historically this hasn't been a problem as the primary user of
traverse_commit_list() (the noble git-rev-list) would terminate
as soon as the function was finished, thus allowing the operating
system to cleanup memory.  However we have been leaking this data
in git-pack-objects ever since that program learned how to run the
revision listing internally, rather than relying on reading object
names from git-rev-list.

To better facilitate reuse of traverse_commit_list during other
builtin tools (such as git-fetch) we shouldn't leak temporary memory
like this and instead we need to clean up properly after ourselves.

Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
---
 list-objects.c |    7 +++++++
 1 files changed, 7 insertions(+), 0 deletions(-)

diff --git a/list-objects.c b/list-objects.c
index e5c88c2..713bef9 100644
--- a/list-objects.c
+++ b/list-objects.c
@@ -170,4 +170,11 @@ void traverse_commit_list(struct rev_info *revs,
 	}
 	for (i = 0; i < objects.nr; i++)
 		show_object(&objects.objects[i]);
+	free(objects.objects);
+	if (revs->pending.nr) {
+		revs->pending.nr = 0;
+		revs->pending.alloc = 0;
+		revs->pending.objects = NULL;
+		free(revs->pending.objects);
+	}
 }
-- 
1.5.3.5.1622.g41d10

Re: [PATCH 01/11] Fix memory leak in traverse_commit_list

[Junio C Hamano]

"Shawn O. Pearce" <spearce@spearce.org> writes:

> diff --git a/list-objects.c b/list-objects.c
> index e5c88c2..713bef9 100644
> --- a/list-objects.c
> +++ b/list-objects.c
> @@ -170,4 +170,11 @@ void traverse_commit_list(struct rev_info *revs,
>  	}
>  	for (i = 0; i < objects.nr; i++)
>  		show_object(&objects.objects[i]);
> +	free(objects.objects);
> +	if (revs->pending.nr) {
> +		revs->pending.nr = 0;
> +		revs->pending.alloc = 0;
> +		revs->pending.objects = NULL;
> +		free(revs->pending.objects);
> +	}
>  }

It is locally verifiable that objects.objects are no longer
needed after this point, but it made me a bit nervous about
freeing of revs->pending.objects.

I think the existing callers are all Ok, but somebody else
should double check.

Re: [PATCH 01/11] Fix memory leak in traverse_commit_list

[Johannes Schindelin]

Hi,

On Fri, 9 Nov 2007, Junio C Hamano wrote:

> "Shawn O. Pearce" <spearce@spearce.org> writes:
> 
> > diff --git a/list-objects.c b/list-objects.c
> > index e5c88c2..713bef9 100644
> > --- a/list-objects.c
> > +++ b/list-objects.c
> > @@ -170,4 +170,11 @@ void traverse_commit_list(struct rev_info *revs,
> >  	}
> >  	for (i = 0; i < objects.nr; i++)
> >  		show_object(&objects.objects[i]);
> > +	free(objects.objects);
> > +	if (revs->pending.nr) {
> > +		revs->pending.nr = 0;
> > +		revs->pending.alloc = 0;
> > +		revs->pending.objects = NULL;
> > +		free(revs->pending.objects);

Umm. Isn't this the wrong way around?  Should you not free() first, and 
then set to NULL?

Ciao,
Dscho

Re: [PATCH 01/11] Fix memory leak in traverse_commit_list

[Shawn O. Pearce]

Junio C Hamano <gitster@pobox.com> wrote:
> "Shawn O. Pearce" <spearce@spearce.org> writes:
> 
> > diff --git a/list-objects.c b/list-objects.c
> > index e5c88c2..713bef9 100644
> > --- a/list-objects.c
> > +++ b/list-objects.c
> > @@ -170,4 +170,11 @@ void traverse_commit_list(struct rev_info *revs,
> >  	}
> >  	for (i = 0; i < objects.nr; i++)
> >  		show_object(&objects.objects[i]);
> > +	free(objects.objects);
> > +	if (revs->pending.nr) {
> > +		revs->pending.nr = 0;
> > +		revs->pending.alloc = 0;
> > +		revs->pending.objects = NULL;
> > +		free(revs->pending.objects);
> > +	}
> >  }
> 
> It is locally verifiable that objects.objects are no longer
> needed after this point, but it made me a bit nervous about
> freeing of revs->pending.objects.
> 
> I think the existing callers are all Ok, but somebody else
> should double check.

There are 5 calllers:

* builtin-fetch.c:

   This one I added with my series.  It doesn't care about the
   pending object list.

* builtin-pack-objects.c:

   This doesn't care about the pending list after the call to
   traverse_commit_list.

* builtin-rev-list.c (2):

   Two calls; the first one is for the bisect case where we print
   bisect stats and then return 0 and the second is the end of
   the program for the non-bisect case.  Neither cares about the
   pending list.

* upload-pack.c:

   This is called in the async thread spawned by upload-pack to
   feed pack-objects.  The last thing the async thread does is run
   traverse_commit_list, at which point it exits.  I actually have
   to wonder why we didn't just teach this trick to pack-objects
   so we could avoid the async complexity here in upload-pack.

So yea, the cleanup here is safe, assuming I didn't make the
extremely obvious leak of setting to NULL then calling free()
(as Dscho pointed out).

-- 
Shawn.