On 14/07/2021 19:23, Ævar Arnfjörð Bjarmason wrote:
Fix a couple of trivial memory leaks introduced in 3efd0bedc6 (config:
add conditional include, 2017-03-01) and my own 867ad08a26 (hooks:
allow customizing where the hook directory is, 2016-05-04).
In the latter case the "fix" is UNLEAK() on the global variable. This
allows us to run all t13*config* tests under SANITIZE=leak.
With this change we can now run almost the whole set of config.c
tests (t13*config) under SANITIZE=leak, so let's do so, with a few
exceptions:
* The test added in ce81b1da23 (config: add new way to pass config
via `--config-env`, 2021-01-12), it fails in GitHub CI, but passes
for me locally. Let's just skip it for now.
* Ditto the split_cmdline and "aliases of builtins" tests, the former
required splitting up an existing test, there an issue with the test
that would have also been revealed by skipping it.
Signed-off-by: Ævar Arnfjörð Bjarmason <avarab@xxxxxxxxx>
---
config.c | 17 ++++++++++++-----
t/t1300-config.sh | 16 ++++++++++------
t/test-lib.sh | 1 +
3 files changed, 23 insertions(+), 11 deletions(-)
diff --git a/config.c b/config.c
index f9c400ad30..38e132c0e2 100644
--- a/config.c
+++ b/config.c
@@ -138,8 +138,10 @@ static int handle_path_include(const char *path, struct config_include_data *inc
return config_error_nonbool("include.path");
expanded = expand_user_path(path, 0);
- if (!expanded)
- return error(_("could not expand include path '%s'"), path);
+ if (!expanded) {
+ ret = error(_("could not expand include path '%s'"), path);
+ goto cleanup;
+ }
path = expanded;
/*
@@ -149,8 +151,10 @@ static int handle_path_include(const char *path, struct config_include_data *inc
if (!is_absolute_path(path)) {
char *slash;
- if (!cf || !cf->path)
- return error(_("relative config includes must come from files"));
+ if (!cf || !cf->path) {
+ ret = error(_("relative config includes must come from files"));
+ goto cleanup;
+ }
slash = find_last_dir_sep(cf->path);
if (slash)
@@ -168,6 +172,7 @@ static int handle_path_include(const char *path, struct config_include_data *inc
ret = git_config_from_file(git_config_include, path, inc);
inc->depth--;
}
+cleanup:
strbuf_release(&buf);
free(expanded);
return ret;
@@ -1331,8 +1336,10 @@ static int git_default_core_config(const char *var, const char *value, void *cb)
if (!strcmp(var, "core.attributesfile"))
return git_config_pathname(&git_attributes_file, var, value);
- if (!strcmp(var, "core.hookspath"))
+ if (!strcmp(var, "core.hookspath")) {
+ UNLEAK(git_hooks_path);
return git_config_pathname(&git_hooks_path, var, value);
+ }
Why is the UNLEAK necessary here? We generally want to limit use of
UNLEAK to cmd_* functions or direct helpers. git_default_core_config()
seems generic enough that it could be called from anywhere, and using
UNLEAK here means we're potentially masking a real leak?
IIUC the leak here happens because:
- git_hooks_path is a global variable - hence it's unlikely we'd ever
bother cleaning it up.
- git_default_core_config() gets called a first time with
core.hookspath, and we end up allocating new memory into
git_hooks_path.
- git_default_core_config() gets called again with core.hookspath,
and we overwrite git_hooks_path with a new string which leaks
the string that git_hooks_path used to point to.
So I think the real fix is to free(git_hooks_path) instead of an UNLEAK?
(Looking at the surrounding code, it looks like the same pattern of leak
might be repeated for other similar globals - is it worth auditing those
while we're here?)
if (!strcmp(var, "core.bare")) {
is_bare_repository_cfg = git_config_bool(var, value);
diff --git a/t/t1300-config.sh b/t/t1300-config.sh
index 9ff46f3b04..93ad0f4887 100755
--- a/t/t1300-config.sh
+++ b/t/t1300-config.sh
@@ -1050,12 +1050,16 @@ test_expect_success SYMLINKS 'symlink to nonexistent configuration' '
test_must_fail git config --file=linktolinktonada --list
'
-test_expect_success 'check split_cmdline return' "
- git config alias.split-cmdline-fix 'echo \"' &&
- test_must_fail git split-cmdline-fix &&
+test_expect_success 'setup check split_cmdline return' "
echo foo > foo &&
git add foo &&
- git commit -m 'initial commit' &&
+ git commit -m 'initial commit'
+"
+
+test_expect_success !SANITIZE_LEAK 'check split_cmdline return' "
+ git config alias.split-cmdline-fix 'echo \"' &&
+ test_must_fail git split-cmdline-fix &&
+
git config branch.main.mergeoptions 'echo \"' &&
test_must_fail git merge main
"
@@ -1101,7 +1105,7 @@ test_expect_success 'key sanity-checking' '
git config foo."ba =z".bar false
'
-test_expect_success 'git -c works with aliases of builtins' '
+test_expect_success !SANITIZE_LEAK 'git -c works with aliases of builtins' '
git config alias.checkconfig "-c foo.check=bar config foo.check" &&
echo bar >expect &&
git checkconfig >actual &&
@@ -1397,7 +1401,7 @@ test_expect_success 'git --config-env with missing value' '
grep "invalid config format: config" error
'
-test_expect_success 'git --config-env fails with invalid parameters' '
+test_expect_success !SANITIZE_LEAK 'git --config-env fails with invalid parameters' '
test_must_fail git --config-env=foo.flag config --bool foo.flag 2>error &&
test_i18ngrep "invalid config format: foo.flag" error &&
test_must_fail git --config-env=foo.flag= config --bool foo.flag 2>error &&
diff --git a/t/test-lib.sh b/t/test-lib.sh
index 9201510e16..98e20950c3 100644
--- a/t/test-lib.sh
+++ b/t/test-lib.sh
@@ -1370,6 +1370,7 @@ maybe_skip_all_sanitize_leak () {
add_sanitize_leak_true 't000*'
add_sanitize_leak_true 't001*'
add_sanitize_leak_true 't006*'
+ add_sanitize_leak_true 't13*config*'
# Blacklist patterns (overrides whitelist)
add_sanitize_leak_false 't000[469]*'
