On Fri, Aug 20, 2021 at 10:58:56AM -0400, Derrick Stolee wrote: > On 8/20/2021 4:44 AM, Mike Hommey wrote: > > normalized_url = url_normalize(url.buf, &config.url); > > > > git_config(urlmatch_config_entry, &config); > > + string_list_clear(&config.vars, 1); > > free(normalized_url); > > strbuf_release(&url); > > A good find! This is obviously correct and a valuable change > to make. If you are interested in doing a little extra work, > then I think there is something more we could do here. > > I took a look at the rest of "struct urlmatch_config" to see > if anything else needed to be cleared, and it turns out that > config.url.url is an allocated string, but happens to be > equal to normalized_url, which is freed here. > > Perhaps the optimal organization would be to have a > clear_urlmatch_config() method that clears all allocated data > within the config, and change things like url_normalize() > return a 'const char *' to make it clear that the url should > be freed somewhere else. Yeah, I had the same thought; it feels like we're peeking into details of how url_config works (especially the knowledge that we we should be passing free_util). > It would help unify the handling of code that is somewhat > duplicated (but slightly different each time) across > credential_apply_config(), http_init(), get_urlmatch(), > and cmd__urlmatch_normalization(). Agreed. It looks like http_init() has the same leak that is fixed here. -Peff
