Nicolas Pitre <nico@xxxxxxx> writes: > ..., but it is still > a bit more "correct" to leak it implicitly rather than explicitly. I do not follow this logic to debate which incorrectness is more correct, but I do not mind the removal of free() there. I am not sure about the install_packed_git() piece, though. This part of the code predates Shawn's windowed mmap and all other recent code improvements, but the original motivation of not installing the pack was to make sure that codepaths outside verify_packfile() would not see the objects from the pack being verified at all. IOW, the omission originally was intentional. I just quickly looked at verify_packfile() after applying your series, and it seems that nothing tries to access objects with only their SHA-1 names without explicitly telling which pack to read from, so it should still be safe even if we did not install the packed git (iow, the normal codepath would not try to pick up objects from the suspect pack that is being validated). But it made me feel a bit worried. -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
