From: Taylor Blau <me@ttaylorr.com>
To: Junio C Hamano <gitster@pobox.com>
Cc: Taylor Blau <me@ttaylorr.com>,
git@vger.kernel.org, avarab@gmail.com, dstolee@microsoft.com,
peff@peff.net
Subject: Re: [PATCH v2 5/9] builtin/repack.c: avoid leaking child arguments
Date: Thu, 28 Oct 2021 16:25:48 -0400 [thread overview]
Message-ID: <YXsHTKGBYYeDsdhh@nand.local> (raw)
In-Reply-To: <xmqqzgqut4lr.fsf@gitster.g>
On Wed, Oct 27, 2021 at 04:44:48PM -0700, Junio C Hamano wrote:
> Taylor Blau <me@ttaylorr.com> writes:
>
> > @@ -586,8 +588,10 @@ static int write_midx_included_packs(struct string_list *include,
> > strvec_pushf(&cmd.args, "--refs-snapshot=%s", refs_snapshot);
> >
> > ret = start_command(&cmd);
> > - if (ret)
> > + if (ret) {
> > + child_process_clear(&cmd);
> > return ret;
> > + }
>
> This happens only when start_command() returns an error. But the
> function always calls child_process_clear() before doing so.
>
> So I am not sure if this hunk is needed. It didn't exist in v1, if
> I recall correctly. Am I missing something obvious?
No, it was the person replying to you missing something obvious ;).
Any hunks like this that call child_process_clear() after
start_command() returns a non-zero value are unnecessary. But the one in
repack_promisor_objects() is good, and does prevent the leak that had
led me in this direction in the first place.
Here is a suitable replacement for this patch (I believe that everything
else in this version is fine as-is):
--- >8 ---
Subject: [PATCH] builtin/repack.c: avoid leaking child arguments
`git repack` invokes a handful of child processes: one to write the
actual pack, and optionally ones to repack promisor objects and update
the MIDX.
Most of these are freed automatically by calling `start_command()` (which
invokes it on error) and `finish_command()` which calls it
automatically.
But repack_promisor_objects() can initialize a child_process, populate
its array of arguments, and then return from the function before even
calling start_command().
Make sure that the prepared list of arguments is freed by calling
child_process_clear() ourselves to avoid leaking memory along this path.
Signed-off-by: Taylor Blau <me@ttaylorr.com>
---
builtin/repack.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/builtin/repack.c b/builtin/repack.c
index 0b2d1e5d82..9b74e0d468 100644
--- a/builtin/repack.c
+++ b/builtin/repack.c
@@ -258,9 +258,11 @@ static void repack_promisor_objects(const struct pack_objects_args *args,
for_each_packed_object(write_oid, &cmd,
FOR_EACH_OBJECT_PROMISOR_ONLY);
- if (cmd.in == -1)
+ if (cmd.in == -1) {
/* No packed objects; cmd was never started */
+ child_process_clear(&cmd);
return;
+ }
close(cmd.in);
--
2.33.0.96.g73915697e6
next prev parent reply other threads:[~2021-10-28 20:25 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-26 21:01 [PATCH v2 0/9] midx: clean up t5319 under 'SANITIZE=leak' Taylor Blau
2021-10-26 21:01 ` [PATCH v2 1/9] midx.c: clean up chunkfile after reading the MIDX Taylor Blau
2021-10-26 21:01 ` [PATCH v2 2/9] midx.c: don't leak MIDX from verify_midx_file Taylor Blau
2021-10-26 21:01 ` [PATCH v2 3/9] t/helper/test-read-midx.c: free MIDX within read_midx_file() Taylor Blau
2021-10-26 21:01 ` [PATCH v2 4/9] builtin/pack-objects.c: don't leak memory via arguments Taylor Blau
2021-10-26 21:01 ` [PATCH v2 5/9] builtin/repack.c: avoid leaking child arguments Taylor Blau
2021-10-27 23:44 ` Junio C Hamano
2021-10-28 20:25 ` Taylor Blau [this message]
2021-10-26 21:01 ` [PATCH v2 6/9] builtin/multi-pack-index.c: don't leak concatenated options Taylor Blau
2021-10-26 21:01 ` [PATCH v2 7/9] midx.c: write MIDX filenames to strbuf Taylor Blau
2021-10-26 21:01 ` [PATCH v2 8/9] pack-bitmap.c: don't leak type-level bitmaps Taylor Blau
2021-10-26 21:01 ` [PATCH v2 9/9] pack-bitmap.c: more aggressively free in free_bitmap_index() Taylor Blau
2021-10-27 23:49 ` [PATCH v2 0/9] midx: clean up t5319 under 'SANITIZE=leak' Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YXsHTKGBYYeDsdhh@nand.local \
--to=me@ttaylorr.com \
--cc=avarab@gmail.com \
--cc=dstolee@microsoft.com \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=peff@peff.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).