| Message ID | 20240622043648.M78681@dcvr (mailing list archive) |
|---|---|
| State | Accepted |
| Commit | 493fdae0464282fbac99f60d94bfaabf5559c9ff |
| Headers | show |
| Series | object-file: fix leak on conversion failure | expand |
On 6/22/24 12:36 AM, Eric Wong wrote: > I'm not sure exactly how to trigger the leak, but it seems fairly > obvious that the `content' buffer should be freed even if > convert_object_file() fails. Noticed while working in this area > on unrelated things. Definitely a good thing to include, even if it is unlikely to be hit frequently in common scenarios. > ret = convert_object_file(&outbuf, > the_hash_algo, input_algo, > content, size, type, !do_die); > + free(content); > if (ret == -1) > return -1; > - free(content); I looked at the context of this function to see that 'content' was local to the method, so was not "owned" by something outside of the method that might expect to reuse the buffer on failure. Thanks, -Stolee
Derrick Stolee <stolee@gmail.com> writes: > On 6/22/24 12:36 AM, Eric Wong wrote: >> I'm not sure exactly how to trigger the leak, but it seems fairly >> obvious that the `content' buffer should be freed even if >> convert_object_file() fails. Noticed while working in this area >> on unrelated things. > > Definitely a good thing to include, even if it is unlikely to > be hit frequently in common scenarios. > >> ret = convert_object_file(&outbuf, >> the_hash_algo, input_algo, >> content, size, type, !do_die); >> + free(content); >> if (ret == -1) >> return -1; >> - free(content); > > I looked at the context of this function to see that 'content' > was local to the method, so was not "owned" by something outside > of the method that might expect to reuse the buffer on failure. Thanks, both. Will queue.
diff --git a/object-file.c b/object-file.c index d3cf4b8b2e..00c8f1039b 100644 --- a/object-file.c +++ b/object-file.c @@ -1711,9 +1711,9 @@ static int oid_object_info_convert(struct repository *r, ret = convert_object_file(&outbuf, the_hash_algo, input_algo, content, size, type, !do_die); + free(content); if (ret == -1) return -1; - free(content); size = outbuf.len; content = strbuf_detach(&outbuf, NULL); }
I'm not sure exactly how to trigger the leak, but it seems fairly obvious that the `content' buffer should be freed even if convert_object_file() fails. Noticed while working in this area on unrelated things. Signed-off-by: Eric Wong <e@80x24.org> --- object-file.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)