On Wed, Jul 14 2021, Andrzej Hunt wrote:
> On 14/07/2021 19:23, Ævar Arnfjörð Bjarmason wrote:
>> Fix a couple of trivial memory leaks introduced in 3efd0bedc6 (config:
>> add conditional include, 2017-03-01) and my own 867ad08a26 (hooks:
>> allow customizing where the hook directory is, 2016-05-04).
>> In the latter case the "fix" is UNLEAK() on the global
>> variable. This
>> allows us to run all t13*config* tests under SANITIZE=leak.
>> With this change we can now run almost the whole set of config.c
>> tests (t13*config) under SANITIZE=leak, so let's do so, with a few
>> exceptions:
>> * The test added in ce81b1da23 (config: add new way to pass config
>> via `--config-env`, 2021-01-12), it fails in GitHub CI, but passes
>> for me locally. Let's just skip it for now.
>> * Ditto the split_cmdline and "aliases of builtins" tests, the
>> former
>> required splitting up an existing test, there an issue with the test
>> that would have also been revealed by skipping it.
>> Signed-off-by: Ævar Arnfjörð Bjarmason <avarab@xxxxxxxxx>
>> ---
>> config.c | 17 ++++++++++++-----
>> t/t1300-config.sh | 16 ++++++++++------
>> t/test-lib.sh | 1 +
>> 3 files changed, 23 insertions(+), 11 deletions(-)
>> diff --git a/config.c b/config.c
>> index f9c400ad30..38e132c0e2 100644
>> --- a/config.c
>> +++ b/config.c
>> @@ -138,8 +138,10 @@ static int handle_path_include(const char *path, struct config_include_data *inc
>> return config_error_nonbool("include.path");
>> expanded = expand_user_path(path, 0);
>> - if (!expanded)
>> - return error(_("could not expand include path '%s'"), path);
>> + if (!expanded) {
>> + ret = error(_("could not expand include path '%s'"), path);
>> + goto cleanup;
>> + }
>> path = expanded;
>> /*
>> @@ -149,8 +151,10 @@ static int handle_path_include(const char *path, struct config_include_data *inc
>> if (!is_absolute_path(path)) {
>> char *slash;
>> - if (!cf || !cf->path)
>> - return error(_("relative config includes must come from files"));
>> + if (!cf || !cf->path) {
>> + ret = error(_("relative config includes must come from files"));
>> + goto cleanup;
>> + }
>> slash = find_last_dir_sep(cf->path);
>> if (slash)
>> @@ -168,6 +172,7 @@ static int handle_path_include(const char *path, struct config_include_data *inc
>> ret = git_config_from_file(git_config_include, path, inc);
>> inc->depth--;
>> }
>> +cleanup:
>> strbuf_release(&buf);
>> free(expanded);
>> return ret;
>> @@ -1331,8 +1336,10 @@ static int git_default_core_config(const char *var, const char *value, void *cb)
>> if (!strcmp(var, "core.attributesfile"))
>> return git_config_pathname(&git_attributes_file, var, value);
>> - if (!strcmp(var, "core.hookspath"))
>> + if (!strcmp(var, "core.hookspath")) {
>> + UNLEAK(git_hooks_path);
>> return git_config_pathname(&git_hooks_path, var, value);
>> + }
>
> Why is the UNLEAK necessary here? We generally want to limit use of
> UNLEAK to cmd_* functions or direct helpers. git_default_core_config()
> seems generic enough that it could be called from anywhere, and using
> UNLEAK here means we're potentially masking a real leak?
>
> IIUC the leak here happens because:
> - git_hooks_path is a global variable - hence it's unlikely we'd ever
> bother cleaning it up.
> - git_default_core_config() gets called a first time with
> core.hookspath, and we end up allocating new memory into
> git_hooks_path.
> - git_default_core_config() gets called again with core.hookspath,
> and we overwrite git_hooks_path with a new string which leaks
> the string that git_hooks_path used to point to.
>
> So I think the real fix is to free(git_hooks_path) instead of an
> UNLEAK? (Looking at the surrounding code, it looks like the same
> pattern of leak might be repeated for other similar globals - is it
> worth auditing those while we're here?)
Good point, I'll fix that.
I was doing this rather blindly to see if I could get this larg batch of
tests to pass with some a minimal fixes/whitelisting of some "known
bad".
>> if (!strcmp(var, "core.bare")) {
>> is_bare_repository_cfg = git_config_bool(var, value);
>> diff --git a/t/t1300-config.sh b/t/t1300-config.sh
>> index 9ff46f3b04..93ad0f4887 100755
>> --- a/t/t1300-config.sh
>> +++ b/t/t1300-config.sh
>> @@ -1050,12 +1050,16 @@ test_expect_success SYMLINKS 'symlink to nonexistent configuration' '
>> test_must_fail git config --file=linktolinktonada --list
>> '
>> -test_expect_success 'check split_cmdline return' "
>> - git config alias.split-cmdline-fix 'echo \"' &&
>> - test_must_fail git split-cmdline-fix &&
>> +test_expect_success 'setup check split_cmdline return' "
>> echo foo > foo &&
>> git add foo &&
>> - git commit -m 'initial commit' &&
>> + git commit -m 'initial commit'
>> +"
>> +
>> +test_expect_success !SANITIZE_LEAK 'check split_cmdline return' "
>> + git config alias.split-cmdline-fix 'echo \"' &&
>> + test_must_fail git split-cmdline-fix &&
>> +
>> git config branch.main.mergeoptions 'echo \"' &&
>> test_must_fail git merge main
>> "
>> @@ -1101,7 +1105,7 @@ test_expect_success 'key sanity-checking' '
>> git config foo."ba =z".bar false
>> '
>> -test_expect_success 'git -c works with aliases of builtins' '
>> +test_expect_success !SANITIZE_LEAK 'git -c works with aliases of builtins' '
>> git config alias.checkconfig "-c foo.check=bar config foo.check" &&
>> echo bar >expect &&
>> git checkconfig >actual &&
>> @@ -1397,7 +1401,7 @@ test_expect_success 'git --config-env with missing value' '
>> grep "invalid config format: config" error
>> '
>> -test_expect_success 'git --config-env fails with invalid
>> parameters' '
>> +test_expect_success !SANITIZE_LEAK 'git --config-env fails with invalid parameters' '
>> test_must_fail git --config-env=foo.flag config --bool foo.flag 2>error &&
>> test_i18ngrep "invalid config format: foo.flag" error &&
>> test_must_fail git --config-env=foo.flag= config --bool foo.flag 2>error &&
>> diff --git a/t/test-lib.sh b/t/test-lib.sh
>> index 9201510e16..98e20950c3 100644
>> --- a/t/test-lib.sh
>> +++ b/t/test-lib.sh
>> @@ -1370,6 +1370,7 @@ maybe_skip_all_sanitize_leak () {
>> add_sanitize_leak_true 't000*'
>> add_sanitize_leak_true 't001*'
>> add_sanitize_leak_true 't006*'
>> + add_sanitize_leak_true 't13*config*'
>> # Blacklist patterns (overrides whitelist)
>> add_sanitize_leak_false 't000[469]*'
>>
