Re: [PATCH 06/12] ref-filter: also free head for ATOM_HEAD to avoid leak

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, Jun 20, 2021 at 8:14 AM <andrzej@xxxxxxxxx> wrote:
>
> From: Andrzej Hunt <ajrhunt@xxxxxxxxxx>
>
> u.head is populated using resolve_refdup(), which returns a newly
> allocated string - hence we also need to free() it.
>
> Found while running t0041 with LSAN:
>
> Direct leak of 16 byte(s) in 1 object(s) allocated from:
>     #0 0x486804 in strdup ../projects/compiler-rt/lib/asan/asan_interceptors.cpp:452:3
>     #1 0xa8be98 in xstrdup wrapper.c:29:14
>     #2 0x9481db in head_atom_parser ref-filter.c:549:17
>     #3 0x9408c7 in parse_ref_filter_atom ref-filter.c:703:30
>     #4 0x9400e3 in verify_ref_format ref-filter.c:974:8
>     #5 0x4f9e8b in print_ref_list builtin/branch.c:439:6
>     #6 0x4f9e8b in cmd_branch builtin/branch.c:757:3
>     #7 0x4ce83e in run_builtin git.c:475:11
>     #8 0x4ccafe in handle_builtin git.c:729:3
>     #9 0x4cb01c in run_argv git.c:818:4
>     #10 0x4cb01c in cmd_main git.c:949:19
>     #11 0x6bdc2d in main common-main.c:52:11
>     #12 0x7f96edf86349 in __libc_start_main (/lib64/libc.so.6+0x24349)
>
> SUMMARY: AddressSanitizer: 16 byte(s) leaked in 1 allocation(s).
>
> Signed-off-by: Andrzej Hunt <andrzej@xxxxxxxxx>
> ---
>  ref-filter.c | 8 ++++++--
>  1 file changed, 6 insertions(+), 2 deletions(-)
>
> diff --git a/ref-filter.c b/ref-filter.c
> index 4db0e40ff4..f8bfd25ae4 100644
> --- a/ref-filter.c
> +++ b/ref-filter.c
> @@ -2225,8 +2225,12 @@ void ref_array_clear(struct ref_array *array)
>         FREE_AND_NULL(array->items);
>         array->nr = array->alloc = 0;
>
> -       for (i = 0; i < used_atom_cnt; i++)
> -               free((char *)used_atom[i].name);
> +       for (i = 0; i < used_atom_cnt; i++) {
> +               struct used_atom *atom = &used_atom[i];
> +               if (atom->atom_type == ATOM_HEAD)
> +                       free(atom->u.head);
> +               free((char *)atom->name);
> +       }
>         FREE_AND_NULL(used_atom);
>         used_atom_cnt = 0;
>
> --
> 2.26.2

Makes sense.  I think builtin/branch.c and builtin/show-branch.c may
have similar problems with resolve_refdup() calls from a few greps.
You don't need to include those in this series, but if you want to
also tackle those, it would be nice.



[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]

  Powered by Linux