From: "Alex via GitGitGadget" <gitgitgadget@gmail.com>
To: git@vger.kernel.org
Cc: Alex <alexguo1023@gmail.com>, jinyaoguo <guo846@purdue.edu>
Subject: [PATCH] Allocate msg only after fatal checks to avoid leaks
Date: Fri, 13 Jun 2025 19:32:21 +0000 [thread overview]
Message-ID: <pull.1998.git.git.1749843142000.gitgitgadget@gmail.com> (raw)
From: jinyaoguo <guo846@purdue.edu>
In parse_reuse_arg, we previously called xmalloc and strbuf_init
before resolving the ref and reading the object, leading to a
leaked msg on die() paths. This change moves the allocation of
struct note_msg until after repo_get_oid and
repo_read_object_file succeed, ensuring no heap memory is held
when a fatal error is triggered.
Signed-off-by: jinyaoguo <guo846@purdue.edu>
---
Allocate msg only after fatal checks to avoid leaks
Published-As: https://github.com/gitgitgadget/git/releases/tag/pr-git-1998%2Fmugitya03%2Fmlk-3-v1
Fetch-It-Via: git fetch https://github.com/gitgitgadget/git pr-git-1998/mugitya03/mlk-3-v1
Pull-Request: https://github.com/git/git/pull/1998
builtin/notes.c | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/builtin/notes.c b/builtin/notes.c
index a3f433ca4c0..6df8a7998fb 100644
--- a/builtin/notes.c
+++ b/builtin/notes.c
@@ -308,7 +308,7 @@ static int parse_file_arg(const struct option *opt, const char *arg, int unset)
static int parse_reuse_arg(const struct option *opt, const char *arg, int unset)
{
struct note_data *d = opt->value;
- struct note_msg *msg = xmalloc(sizeof(*msg));
+ struct note_msg *msg;
char *value;
struct object_id object;
enum object_type type;
@@ -316,17 +316,17 @@ static int parse_reuse_arg(const struct option *opt, const char *arg, int unset)
BUG_ON_OPT_NEG(unset);
- strbuf_init(&msg->buf, 0);
if (repo_get_oid(the_repository, arg, &object))
die(_("failed to resolve '%s' as a valid ref."), arg);
if (!(value = repo_read_object_file(the_repository, &object, &type, &len)))
die(_("failed to read object '%s'."), arg);
- if (type != OBJ_BLOB) {
- strbuf_release(&msg->buf);
- free(value);
- free(msg);
- die(_("cannot read note data from non-blob object '%s'."), arg);
- }
+ if (type != OBJ_BLOB) {
+ free(value);
+ die(_("cannot read note data from non-blob object '%s'."), arg);
+ }
+
+ msg = xmalloc(sizeof(*msg));
+ strbuf_init(&msg->buf, 0);
strbuf_add(&msg->buf, value, len);
free(value);
base-commit: 9edff09aec9b5aaa3d5528129bb279a4d34cf5b3
--
gitgitgadget
next reply other threads:[~2025-06-13 19:32 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-06-13 19:32 Alex via GitGitGadget [this message]
2025-06-13 20:37 ` [PATCH] Allocate msg only after fatal checks to avoid leaks Junio C Hamano
2025-06-14 8:26 ` lidongyan
2025-06-14 15:40 ` Junio C Hamano
2025-06-14 15:50 ` lidongyan
2025-06-14 23:01 ` Jeff King
2025-06-15 0:45 ` Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=pull.1998.git.git.1749843142000.gitgitgadget@gmail.com \
--to=gitgitgadget@gmail.com \
--cc=alexguo1023@gmail.com \
--cc=git@vger.kernel.org \
--cc=guo846@purdue.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox