On Sat, Mar 24, 2018 at 1:37 PM, Joel Teichroeb <joel@xxxxxxxxxxxxx> wrote:
> diff --git a/builtin/stash--helper.c b/builtin/stash--helper.c
> @@ -0,0 +1,339 @@
> +static int get_stash_info(struct stash_info *info, const char *commit)
> +{
> + struct strbuf w_commit_rev = STRBUF_INIT;
> + struct strbuf b_commit_rev = STRBUF_INIT;
> + struct strbuf w_tree_rev = STRBUF_INIT;
> + struct strbuf b_tree_rev = STRBUF_INIT;
> + struct strbuf i_tree_rev = STRBUF_INIT;
> + struct strbuf u_tree_rev = STRBUF_INIT;
> + struct strbuf commit_buf = STRBUF_INIT;
> + struct strbuf symbolic = STRBUF_INIT;
> + struct strbuf out = STRBUF_INIT;
'commit_buf' is being leaked. All the others seem to be covered (even
in the case of early 'return').
> + if (commit == NULL) {
> + strbuf_addf(&commit_buf, "%s@{0}", ref_stash);
> + revision = commit_buf.buf;
> + } else if (strspn(commit, "0123456789") == strlen(commit)) {
> + strbuf_addf(&commit_buf, "%s@{%s}", ref_stash, commit);
> + revision = commit_buf.buf;
> + }
> +static int do_apply_stash(const char *prefix, struct stash_info *info, int index)
> +{
> + if (index) {
> + if (!oidcmp(&info->b_tree, &info->i_tree) || !oidcmp(&c_tree, &info->i_tree)) {
> + has_index = 0;
> + } else {
> + struct child_process cp = CHILD_PROCESS_INIT;
> + struct strbuf out = STRBUF_INIT;
> + struct argv_array args = ARGV_ARRAY_INIT;
> + cp.git_cmd = 1;
> + argv_array_pushl(&cp.args, "diff-tree", "--binary", NULL);
> + argv_array_pushf(&cp.args, "%s^2^..%s^2", sha1_to_hex(info->w_commit.hash), sha1_to_hex(info->w_commit.hash));
> + if (pipe_command(&cp, NULL, 0, &out, 0, NULL, 0))
> + return -1;
Leaking 'out'?
> +
> + child_process_init(&cp);
> + cp.git_cmd = 1;
> + argv_array_pushl(&cp.args, "apply", "--cached", NULL);
> + if (pipe_command(&cp, out.buf, out.len, NULL, 0, NULL, 0))
> + return -1;
Leaking 'out'.
> +
> + strbuf_release(&out);
> + discard_cache();
> + read_cache();
> + if (write_cache_as_tree(index_tree.hash, 0, NULL))
> + return -1;
> +
> + argv_array_push(&args, "reset");
> + cmd_reset(args.argc, args.argv, prefix);
> + }
> + }
> + if (has_index) {
> + if (reset_tree(index_tree, 0, 0))
> + return -1;
> + } else {
> + struct child_process cp = CHILD_PROCESS_INIT;
> + struct strbuf out = STRBUF_INIT;
> + cp.git_cmd = 1;
> + argv_array_pushl(&cp.args, "diff-index", "--cached", "--name-only", "--diff-filter=A", NULL);
> + argv_array_push(&cp.args, sha1_to_hex(c_tree.hash));
> + ret = pipe_command(&cp, NULL, 0, &out, 0, NULL, 0);
> + if (ret)
> + return -1;
> +
> + if (reset_tree(c_tree, 0, 1))
> + return -1;
Leaking 'out' at these two 'return's?
> + child_process_init(&cp);
> + cp.git_cmd = 1;
> + argv_array_pushl(&cp.args, "update-index", "--add", "--stdin", NULL);
> + ret = pipe_command(&cp, out.buf, out.len, NULL, 0, NULL, 0);
> + if (ret)
> + return -1;
And here.
> +
> + strbuf_release(&out);
> + discard_cache();
> + }
> +
> + if (!quiet) {
> + struct argv_array args = ARGV_ARRAY_INIT;
> + argv_array_push(&args, "status");
> + cmd_status(args.argc, args.argv, prefix);
> + }
> +
> + return 0;
> +}
> +
> +static int apply_stash(int argc, const char **argv, const char *prefix)
> +{
> + const char *commit = NULL;
> + int index = 0;
> + struct stash_info info;
> + struct option options[] = {
> + OPT__QUIET(&quiet, N_("be quiet, only report errors")),
> + OPT_BOOL(0, "index", &index,
> + N_("attempt to ininstate the index")),
"ininstate"??
> + OPT_END()
> + };
> +
> + argc = parse_options(argc, argv, prefix, options,
> + git_stash_helper_apply_usage, 0);
> +
> + if (argc == 1) {
> + commit = argv[0];
> + }
> +
> + if (get_stash_info(&info, commit))
> + return -1;
> +
> +
> + return do_apply_stash(prefix, &info, index);
> +}
