From: Junio C Hamano <gitster@pobox.com>
To: "René Scharfe" <l.s.r@web.de>
Cc: Git List <git@vger.kernel.org>, Patrick Steinhardt <ps@pks.im>
Subject: Re: [PATCH 1/4] reftable: avoid leaks on realloc error
Date: Thu, 26 Dec 2024 21:39:57 -0800 [thread overview]
Message-ID: <xmqqttapvg42.fsf@gitster.g> (raw)
In-Reply-To: <9b2f4baa-b602-4cc5-8dfc-dd941b1d7af6@web.de> ("René Scharfe"'s message of "Wed, 25 Dec 2024 19:38:29 +0100")
René Scharfe <l.s.r@web.de> writes:
> +#define REFTABLE_ALLOC_GROW_OR_NULL(x, nr, alloc) do { \
> + void *reftable_alloc_grow_or_null_orig_ptr = (x); \
> + REFTABLE_ALLOC_GROW((x), (nr), (alloc)); \
> + if (!(x)) { \
> + reftable_free(reftable_alloc_grow_or_null_orig_ptr); \
> + alloc = 0; \
> + } \
> +} while (0)
It is tricky what (x) means at each reference site ;-) but the above
looks good.
> #define REFTABLE_FREE_AND_NULL(p) do { reftable_free(p); (p) = NULL; } while (0)
>
> #ifndef REFTABLE_ALLOW_BANNED_ALLOCATORS
> diff --git a/reftable/block.c b/reftable/block.c
> index 0198078485..9858bbc7c5 100644
> --- a/reftable/block.c
> +++ b/reftable/block.c
> @@ -53,7 +53,8 @@ static int block_writer_register_restart(struct block_writer *w, int n,
> if (2 + 3 * rlen + n > w->block_size - w->next)
> return -1;
> if (is_restart) {
> - REFTABLE_ALLOC_GROW(w->restarts, w->restart_len + 1, w->restart_cap);
> + REFTABLE_ALLOC_GROW_OR_NULL(w->restarts, w->restart_len + 1,
> + w->restart_cap);
> if (!w->restarts)
> return REFTABLE_OUT_OF_MEMORY_ERROR;
> w->restarts[w->restart_len++] = w->next;
> @@ -176,7 +177,8 @@ int block_writer_finish(struct block_writer *w)
> * is guaranteed to return `Z_STREAM_END`.
> */
> compressed_len = deflateBound(w->zstream, src_len);
> - REFTABLE_ALLOC_GROW(w->compressed, compressed_len, w->compressed_cap);
> + REFTABLE_ALLOC_GROW_OR_NULL(w->compressed, compressed_len,
> + w->compressed_cap);
> if (!w->compressed) {
> ret = REFTABLE_OUT_OF_MEMORY_ERROR;
> return ret;
> @@ -235,8 +237,8 @@ int block_reader_init(struct block_reader *br, struct reftable_block *block,
> uLong src_len = block->len - block_header_skip;
>
> /* Log blocks specify the *uncompressed* size in their header. */
> - REFTABLE_ALLOC_GROW(br->uncompressed_data, sz,
> - br->uncompressed_cap);
> + REFTABLE_ALLOC_GROW_OR_NULL(br->uncompressed_data, sz,
> + br->uncompressed_cap);
> if (!br->uncompressed_data) {
> err = REFTABLE_OUT_OF_MEMORY_ERROR;
> goto done;
These all have "has the preceding realloc() return NULL?" check and
error handling, so they are strict improvement whose only effect is
to plug the leak (and clearing of the allocation).
> diff --git a/reftable/pq.c b/reftable/pq.c
> index 6ee1164dd3..5591e875e1 100644
> --- a/reftable/pq.c
> +++ b/reftable/pq.c
> @@ -49,7 +49,7 @@ int merged_iter_pqueue_add(struct merged_iter_pqueue *pq, const struct pq_entry
> {
> size_t i = 0;
>
> - REFTABLE_ALLOC_GROW(pq->heap, pq->len + 1, pq->cap);
> + REFTABLE_ALLOC_GROW_OR_NULL(pq->heap, pq->len + 1, pq->cap);
> if (!pq->heap)
> return REFTABLE_OUT_OF_MEMORY_ERROR;
> pq->heap[pq->len++] = *e;
Ditto. And the same can be said to all hunks that follow (omitted).
Makes one wonder what remaining callers of REFTABLE_ALLOC_GROW()
(other than the one in REFTABLE_ALLOC_GROW_OR_NULL()) are getting;
hopefully the next steps will deal with them?
next prev parent reply other threads:[~2024-12-27 5:40 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-12-25 18:33 [PATCH 0/4] reftable: fix realloc error handling René Scharfe
2024-12-25 18:38 ` [PATCH 1/4] reftable: avoid leaks on realloc error René Scharfe
2024-12-27 5:39 ` Junio C Hamano [this message]
2024-12-27 10:33 ` Patrick Steinhardt
2024-12-27 20:16 ` René Scharfe
2024-12-30 6:29 ` Patrick Steinhardt
2024-12-25 18:38 ` [PATCH 2/4] reftable: fix allocation count " René Scharfe
2024-12-27 10:33 ` Patrick Steinhardt
2024-12-27 20:16 ` René Scharfe
2024-12-27 20:16 ` René Scharfe
2024-12-25 18:38 ` [PATCH 3/4] reftable: handle realloc error in parse_names() René Scharfe
2024-12-25 18:38 ` [PATCH 4/4] t-reftable-merged: check realloc errors René Scharfe
2024-12-27 5:46 ` Junio C Hamano
2024-12-27 10:34 ` Patrick Steinhardt
2024-12-27 20:16 ` René Scharfe
2024-12-27 10:34 ` [PATCH 0/4] reftable: fix realloc error handling Patrick Steinhardt
2024-12-27 16:02 ` Junio C Hamano
2024-12-28 9:43 ` [PATCH v2 " René Scharfe
2024-12-28 9:47 ` [PATCH v2 1/4] reftable: avoid leaks on realloc error René Scharfe
2024-12-30 7:25 ` Patrick Steinhardt
2024-12-28 9:48 ` [PATCH v2 2/4] reftable: fix allocation count " René Scharfe
2024-12-28 9:48 ` [PATCH v2 3/4] reftable: handle realloc error in parse_names() René Scharfe
2024-12-30 7:25 ` Patrick Steinhardt
2024-12-28 9:49 ` [PATCH v2 4/4] t-reftable-merged: handle realloc errors René Scharfe
2024-12-30 7:25 ` [PATCH v2 0/4] reftable: fix realloc error handling Patrick Steinhardt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=xmqqttapvg42.fsf@gitster.g \
--to=gitster@pobox.com \
--cc=git@vger.kernel.org \
--cc=l.s.r@web.de \
--cc=ps@pks.im \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).