When reading bisect refs we read the reference mapping to the "bad" term into the global `current_bad_oid` variable. This is an allocated string, but because it is global we never have to free it. This changes though when `register_ref()` is being called multiple times, at which point we'll overwrite the previous pointer and thus make it unreachable. Fix this issue by freeing the previous value. This leak is exposed by t6030, but plugging it does not make the whole test suite pass. Signed-off-by: Patrick Steinhardt <ps@xxxxxx> --- bisect.c | 1 + 1 file changed, 1 insertion(+) diff --git a/bisect.c b/bisect.c index e9e603877eba059c878ff92bc11dd84553d0649e..6dbc22f84fce11743f0e79eb4f8100c7ec07238f 100644 --- a/bisect.c +++ b/bisect.c @@ -456,6 +456,7 @@ static int register_ref(const char *refname, const char *referent UNUSED, const strbuf_addstr(&good_prefix, "-"); if (!strcmp(refname, term_bad)) { + free(current_bad_oid); current_bad_oid = xmalloc(sizeof(*current_bad_oid)); oidcpy(current_bad_oid, oid); } else if (starts_with(refname, good_prefix.buf)) { -- 2.47.0.274.g962d0b743d.dirty