We free()d the `log` buffer when dwim_log() returned 1, but not when it
returned a larger value (which meant that it still allocated the buffer
but we simply ignored it).
While in the vicinity, make sure that the `reflogs` structure as well as
the `branch` variable are released properly, too.
Identified by Coverity.
Signed-off-by: Johannes Schindelin <johannes.schindelin@xxxxxx>
---
reflog-walk.c | 20 +++++++++++++++++---
1 file changed, 17 insertions(+), 3 deletions(-)
diff --git a/reflog-walk.c b/reflog-walk.c
index 99679f58255..c63eb1a3fd7 100644
--- a/reflog-walk.c
+++ b/reflog-walk.c
@@ -183,7 +183,11 @@ int add_reflog_for_walk(struct reflog_walk_info *info,
if (!reflogs || reflogs->nr == 0) {
struct object_id oid;
char *b;
- if (dwim_log(branch, strlen(branch), oid.hash, &b) == 1) {
+ int ret = dwim_log(branch, strlen(branch),
+ oid.hash, &b);
+ if (ret > 1)
+ free(b);
+ else if (ret == 1) {
if (reflogs) {
free(reflogs->ref);
free(reflogs);
@@ -193,17 +197,27 @@ int add_reflog_for_walk(struct reflog_walk_info *info,
reflogs = read_complete_reflog(branch);
}
}
- if (!reflogs || reflogs->nr == 0)
+ if (!reflogs || reflogs->nr == 0) {
+ if (reflogs) {
+ free(reflogs->ref);
+ free(reflogs);
+ }
+ free(branch);
return -1;
+ }
string_list_insert(&info->complete_reflogs, branch)->util
= reflogs;
}
+ free(branch);
commit_reflog = xcalloc(1, sizeof(struct commit_reflog));
if (recno < 0) {
commit_reflog->recno = get_reflog_recno_by_time(reflogs, timestamp);
if (commit_reflog->recno < 0) {
- free(branch);
+ if (reflogs) {
+ free(reflogs->ref);
+ free(reflogs);
+ }
free(commit_reflog);
return -1;
}
--
2.12.2.windows.2.800.gede8f145e06