[v2,02/12] environment: move strbuf into block to plug leak

Message ID	20210725130830.5145-3-andrzej@ahunt.org (mailing list archive)
State	Accepted
Commit	14c3dd817dbdb957e22ebc9f2e8d78a2f901ef7f
Headers	show Return-Path: <git-owner@kernel.org> From: andrzej@ahunt.org To: git@vger.kernel.org Cc: andrzej@ahunt.org, phillip.wood123@gmail.com, newren@gmail.com Subject: [PATCH v2 02/12] environment: move strbuf into block to plug leak Date: Sun, 25 Jul 2021 15:08:20 +0200 Message-Id: <20210725130830.5145-3-andrzej@ahunt.org> In-Reply-To: <20210725130830.5145-1-andrzej@ahunt.org> References: <20210620151204.19260-1-andrzej@ahunt.org> <20210725130830.5145-1-andrzej@ahunt.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	[v2,01/12] fmt-merge-msg: free newly allocated temporary strings when done \| expand [v2,01/12] fmt-merge-msg: free newly allocated temporary strings when done [v2,02/12] environment: move strbuf into block to plug leak [v2,03/12] builtin/submodule--helper: release unused strbuf to avoid leak [v2,04/12] builtin/for-each-repo: remove unnecessary argv copy to plug leak [v2,05/12] diffcore-rename: move old_dir/new_dir definition to plug leak [v2,06/12] ref-filter: also free head for ATOM_HEAD to avoid leak [v2,07/12] read-cache: call diff_setup_done to avoid leak [v2,08/12] convert: release strbuf to avoid leak [v2,09/12] builtin/mv: free or UNLEAK multiple pointers at end of cmd_mv [v2,10/12] builtin/merge: free found_ref when done [v2,11/12] builtin/rebase: fix options.strategy memory lifecycle [v2,12/12] reset: clear_unpack_trees_porcelain to plug leak

Message ID

20210725130830.5145-3-andrzej@ahunt.org (mailing list archive)

State

Accepted

Commit

14c3dd817dbdb957e22ebc9f2e8d78a2f901ef7f

Headers

From: andrzej@ahunt.org
To: git@vger.kernel.org
Cc: andrzej@ahunt.org, phillip.wood123@gmail.com, newren@gmail.com
Subject: [PATCH v2 02/12] environment: move strbuf into block to plug leak
Date: Sun, 25 Jul 2021 15:08:20 +0200
Message-Id: <20210725130830.5145-3-andrzej@ahunt.org>
In-Reply-To: <20210725130830.5145-1-andrzej@ahunt.org>
References: <20210620151204.19260-1-andrzej@ahunt.org>
 <20210725130830.5145-1-andrzej@ahunt.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk

Series

[v2,01/12] fmt-merge-msg: free newly allocated temporary strings when done | expand

Commit Message

Andrzej Hunt July 25, 2021, 1:08 p.m. UTC

From: Andrzej Hunt <ajrhunt@google.com>

realpath is only populated if we execute the git_work_tree_initialized
block. However that block also causes us to return early, meaning we
never actually release the strbuf in the case where we populated it.
Therefore we move all strbuf related code into the block to guarantee
that we can't leak it.

LSAN output from t0095:

Direct leak of 129 byte(s) in 1 object(s) allocated from:
    #0 0x49a9b9 in realloc ../projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:164:3
    #1 0x78f585 in xrealloc wrapper.c:126:8
    #2 0x713ff4 in strbuf_grow strbuf.c:98:2
    #3 0x713ff4 in strbuf_getcwd strbuf.c:597:3
    #4 0x4f0c18 in strbuf_realpath_1 abspath.c:99:7
    #5 0x5ae4a4 in set_git_work_tree environment.c:259:3
    #6 0x6fdd8a in setup_discovered_git_dir setup.c:931:2
    #7 0x6fdd8a in setup_git_directory_gently setup.c:1235:12
    #8 0x4cb50d in get_bloom_filter_for_commit t/helper/test-bloom.c:41:2
    #9 0x4cb50d in cmd__bloom t/helper/test-bloom.c:95:3
    #10 0x4caa1f in cmd_main t/helper/test-tool.c:124:11
    #11 0x4caded in main common-main.c:52:11
    #12 0x7f0869f02349 in __libc_start_main (/lib64/libc.so.6+0x24349)

SUMMARY: AddressSanitizer: 129 byte(s) leaked in 1 allocation(s).

It looks like this leak has existed since realpath was first added to
set_git_work_tree() in:
  3d7747e318 (real_path: remove unsafe API, 2020-03-10)

Signed-off-by: Andrzej Hunt <andrzej@ahunt.org>
---
 environment.c | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/environment.c b/environment.c
index 2f27008424..d6b22ede7e 100644
--- a/environment.c
+++ b/environment.c
@@ -253,21 +253,20 @@  static int git_work_tree_initialized;
  */
 void set_git_work_tree(const char *new_work_tree)
 {
-	struct strbuf realpath = STRBUF_INIT;
-
 	if (git_work_tree_initialized) {
+		struct strbuf realpath = STRBUF_INIT;
+
 		strbuf_realpath(&realpath, new_work_tree, 1);
 		new_work_tree = realpath.buf;
 		if (strcmp(new_work_tree, the_repository->worktree))
 			die("internal error: work tree has already been set\n"
 			    "Current worktree: %s\nNew worktree: %s",
 			    the_repository->worktree, new_work_tree);
+		strbuf_release(&realpath);
 		return;
 	}
 	git_work_tree_initialized = 1;
 	repo_set_worktree(the_repository, new_work_tree);
-
-	strbuf_release(&realpath);
 }
 
 const char *get_git_work_tree(void)

[v2,02/12] environment: move strbuf into block to plug leak

Commit Message

Patch