| Message ID | 20210820084413.1503711-1-mh@glandium.org (mailing list archive) |
|---|---|
| State | Accepted |
| Commit | 5146c2f148e903db2d906dae372803d9c8c3bbcf |
| Headers | show |
| Series | Fix leak in credential_apply_config | expand |
On 8/20/2021 4:44 AM, Mike Hommey wrote: > normalized_url = url_normalize(url.buf, &config.url); > > git_config(urlmatch_config_entry, &config); > + string_list_clear(&config.vars, 1); > free(normalized_url); > strbuf_release(&url); A good find! This is obviously correct and a valuable change to make. If you are interested in doing a little extra work, then I think there is something more we could do here. I took a look at the rest of "struct urlmatch_config" to see if anything else needed to be cleared, and it turns out that config.url.url is an allocated string, but happens to be equal to normalized_url, which is freed here. Perhaps the optimal organization would be to have a clear_urlmatch_config() method that clears all allocated data within the config, and change things like url_normalize() return a 'const char *' to make it clear that the url should be freed somewhere else. It would help unify the handling of code that is somewhat duplicated (but slightly different each time) across credential_apply_config(), http_init(), get_urlmatch(), and cmd__urlmatch_normalization(). Thanks, -Stolee
On Fri, Aug 20, 2021 at 10:58:56AM -0400, Derrick Stolee wrote: > On 8/20/2021 4:44 AM, Mike Hommey wrote: > > normalized_url = url_normalize(url.buf, &config.url); > > > > git_config(urlmatch_config_entry, &config); > > + string_list_clear(&config.vars, 1); > > free(normalized_url); > > strbuf_release(&url); > > A good find! This is obviously correct and a valuable change > to make. If you are interested in doing a little extra work, > then I think there is something more we could do here. > > I took a look at the rest of "struct urlmatch_config" to see > if anything else needed to be cleared, and it turns out that > config.url.url is an allocated string, but happens to be > equal to normalized_url, which is freed here. > > Perhaps the optimal organization would be to have a > clear_urlmatch_config() method that clears all allocated data > within the config, and change things like url_normalize() > return a 'const char *' to make it clear that the url should > be freed somewhere else. Yeah, I had the same thought; it feels like we're peeking into details of how url_config works (especially the knowledge that we we should be passing free_util). > It would help unify the handling of code that is somewhat > duplicated (but slightly different each time) across > credential_apply_config(), http_init(), get_urlmatch(), > and cmd__urlmatch_normalization(). Agreed. It looks like http_init() has the same leak that is fixed here. -Peff
On Fri, Aug 20, 2021 at 01:56:20PM -0400, Jeff King wrote: > > It would help unify the handling of code that is somewhat > > duplicated (but slightly different each time) across > > credential_apply_config(), http_init(), get_urlmatch(), > > and cmd__urlmatch_normalization(). > > Agreed. It looks like http_init() has the same leak that is fixed here. Oh, nevermind. That call is indeed correct. Apparently if you re-order two lines I'm unable to see them. ;) -Peff
diff --git a/credential.c b/credential.c index 3c05c7c669..000ac7a8d4 100644 --- a/credential.c +++ b/credential.c @@ -128,6 +128,7 @@ static void credential_apply_config(struct credential *c) normalized_url = url_normalize(url.buf, &config.url); git_config(urlmatch_config_entry, &config); + string_list_clear(&config.vars, 1); free(normalized_url); strbuf_release(&url);
Signed-off-by: Mike Hommey <mh@glandium.org> --- credential.c | 1 + 1 file changed, 1 insertion(+)