Hi Junio, On Wed, 31 Aug 2016, Junio C Hamano wrote: > Jakub Narębski <jnareb@xxxxxxxxx> writes: > > >> + else { > >> + opts->gpg_sign = buf.buf + 2; > >> + strbuf_detach(&buf, NULL); > > > > Wouldn't we leak 2 characters that got skipped? Maybe xstrdup would > > be better (if it is leaked, and not reattached)? > > An attempt to avoid leaking by calling free(opts->gpg_sign) would > make it crash, which would be even worse ;-). As I pointed out in a couple of replies yesterday: we cannot assume that gpg_sign is free()able. That's the entire reason behind the sequencer_entrust() dance. Ciao, Dscho