From: Andrzej Hunt <ajrhunt@xxxxxxxxxx> init_db() could populate various fields on repo_fmt, we add a clear_repo_fmt() call to guarantee that we won't leak any of repo_fmt's members. At this time, we do not allocate any new data into repo_fmt, but that changes in the following patch that is currently in seen: https://lore.kernel.org/git/2fd7cb8c0983501e2af2f195aec81d7c17fb80e1.1618832277.git.gitgitgadget@xxxxxxxxx/ Because it adds the following allocation in init_db(): repo_fmt.ref_storage = xstrdup(ref_storage_format); The patch linked to above is only exposing a preexisting problem - we can add clear_repository_format() independently to preemptively avoid this class of leak entirely. Leaks in init_db() are of little significance as this function is called immediately at the end of cmd_init_db(). However a leak in init_db() will cause all known leak-free tests (t0000+1+5) to start failing when run with LSAN - preemptively plugging such leaks is therefore helpful to avoid regressing on those tests, and more significantly helps the ongoing efforts to get all of t0000-t0099 to run leak-free. LSAN output from t0000 on seen: Direct leak of 6 byte(s) in 1 object(s) allocated from: #0 0x4868b4 in strdup ../projects/compiler-rt/lib/asan/asan_interceptors.cpp:452:3 #1 0xaa1218 in xstrdup wrapper.c:29:14 #2 0x5a4b0a in init_db builtin/init-db.c:442:25 #3 0x5a7a17 in cmd_init_db builtin/init-db.c:742:9 #4 0x4ce8fe in run_builtin git.c:461:11 #5 0x4ccbc8 in handle_builtin git.c:718:3 #6 0x4cb0cc in run_argv git.c:785:4 #7 0x4cb0cc in cmd_main git.c:916:19 #8 0x6bf63d in main common-main.c:52:11 #9 0x7f3222f5f349 in __libc_start_main (/lib64/libc.so.6+0x24349) SUMMARY: AddressSanitizer: 6 byte(s) leaked in 1 allocation(s). Signed-off-by: Andrzej Hunt <ajrhunt@xxxxxxxxxx> --- builtin/init-db: preemptively plug repo_fmt leak This patch preemptively plugs a leak which is currently only occuring in seen in hn/reftable. This patch is orthogonal to that series (that series starts allocating new memory into an already existing struct - and my patch only adds a clear call for that struct - in other words my patch is safe to use independent of hn/reftable). But there's also no good reason to use this patch independently of that series since we're not leaking prior to that series. I'm not sure what the optimal logistics with my patch are, feel free to integrate it into that series and/or to fold my change into the relevant commit if that's easiest! Published-As: https://github.com/gitgitgadget/git/releases/tag/pr-git-1018%2Fahunt%2Finit_db_leak-v1 Fetch-It-Via: git fetch https://github.com/gitgitgadget/git pr-git-1018/ahunt/init_db_leak-v1 Pull-Request: https://github.com/git/git/pull/1018 builtin/init-db.c | 1 + 1 file changed, 1 insertion(+) diff --git a/builtin/init-db.c b/builtin/init-db.c index 31b718259a64..b25147ebaf59 100644 --- a/builtin/init-db.c +++ b/builtin/init-db.c @@ -512,6 +512,7 @@ int init_db(const char *git_dir, const char *real_git_dir, git_dir, len && git_dir[len-1] != '/' ? "/" : ""); } + clear_repository_format(&repo_fmt); free(original_git_dir); return 0; } base-commit: c3901c8daf043cdc16ffb20d3a410f3a2d5494fd -- gitgitgadget
