On Wed, Jan 30, 2013 at 06:01:04PM -0800, Stephen Boyd wrote:
> Failing to close the stderr pipe in verify_signed_buffer() causes
> git to run out of file descriptors if there are many calls to
> verify_signed_buffer(). An easy way to trigger this is to run
>
> git log --show-signature --merges | grep "key"
>
> on the linux kernel git repo. Eventually it will fail with
>
> error: cannot create pipe for gpg: Too many open files
> error: could not run gpg.
>
> Close the stderr pipe so that this can't happen.
I was able to easily reproduce the bug and verify your fix here.
> diff --git a/gpg-interface.c b/gpg-interface.c
> index 0863c61..2c0bed3 100644
> --- a/gpg-interface.c
> +++ b/gpg-interface.c
> @@ -133,6 +133,8 @@ int verify_signed_buffer(const char *payload, size_t payload_size,
> if (gpg_output)
> strbuf_read(gpg_output, gpg.err, 0);
> ret = finish_command(&gpg);
> + if (gpg_output)
> + close(gpg.err);
The strbuf_read above will read to EOF, so it should be equivalent (and
IMHO slightly more readable) to do:
diff --git a/gpg-interface.c b/gpg-interface.c
index 0863c61..5f142f6 100644
--- a/gpg-interface.c
+++ b/gpg-interface.c
@@ -130,8 +130,10 @@ int verify_signed_buffer(const char *payload, size_t payload_size,
write_in_full(gpg.in, payload, payload_size);
close(gpg.in);
- if (gpg_output)
+ if (gpg_output) {
strbuf_read(gpg_output, gpg.err, 0);
+ close(gpg.err);
+ }
ret = finish_command(&gpg);
unlink_or_warn(path);
But that is a minor nit; either way, the patch looks good to me.
-Peff
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html