diff mbox series

object-file: fix leak on conversion failure

Message ID 20240622043648.M78681@dcvr (mailing list archive)
State Accepted
Commit 493fdae0464282fbac99f60d94bfaabf5559c9ff
Headers show
Series object-file: fix leak on conversion failure | expand

Commit Message

Eric Wong June 22, 2024, 4:36 a.m. UTC
I'm not sure exactly how to trigger the leak, but it seems fairly
obvious that the `content' buffer should be freed even if
convert_object_file() fails.  Noticed while working in this area
on unrelated things.

Signed-off-by: Eric Wong <e@80x24.org>
---
 object-file.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Derrick Stolee June 23, 2024, 4:34 p.m. UTC | #1
On 6/22/24 12:36 AM, Eric Wong wrote:
> I'm not sure exactly how to trigger the leak, but it seems fairly
> obvious that the `content' buffer should be freed even if
> convert_object_file() fails.  Noticed while working in this area
> on unrelated things.

Definitely a good thing to include, even if it is unlikely to
be hit frequently in common scenarios.

>   			ret = convert_object_file(&outbuf,
>   						  the_hash_algo, input_algo,
>   						  content, size, type, !do_die);
> +			free(content);
>   			if (ret == -1)
>   				return -1;
> -			free(content);

I looked at the context of this function to see that 'content'
was local to the method, so was not "owned" by something outside
of the method that might expect to reuse the buffer on failure.

Thanks,
-Stolee
Junio C Hamano June 24, 2024, 4:08 p.m. UTC | #2
Derrick Stolee <stolee@gmail.com> writes:

> On 6/22/24 12:36 AM, Eric Wong wrote:
>> I'm not sure exactly how to trigger the leak, but it seems fairly
>> obvious that the `content' buffer should be freed even if
>> convert_object_file() fails.  Noticed while working in this area
>> on unrelated things.
>
> Definitely a good thing to include, even if it is unlikely to
> be hit frequently in common scenarios.
>
>>   			ret = convert_object_file(&outbuf,
>>   						  the_hash_algo, input_algo,
>>   						  content, size, type, !do_die);
>> +			free(content);
>>   			if (ret == -1)
>>   				return -1;
>> -			free(content);
>
> I looked at the context of this function to see that 'content'
> was local to the method, so was not "owned" by something outside
> of the method that might expect to reuse the buffer on failure.

Thanks, both.

Will queue.
diff mbox series

Patch

diff --git a/object-file.c b/object-file.c
index d3cf4b8b2e..00c8f1039b 100644
--- a/object-file.c
+++ b/object-file.c
@@ -1711,9 +1711,9 @@  static int oid_object_info_convert(struct repository *r,
 			ret = convert_object_file(&outbuf,
 						  the_hash_algo, input_algo,
 						  content, size, type, !do_die);
+			free(content);
 			if (ret == -1)
 				return -1;
-			free(content);
 			size = outbuf.len;
 			content = strbuf_detach(&outbuf, NULL);
 		}