[15/26] help: fix leaking `struct cmdnames`

Message ID	2fb012662d6c5720be1fe86973640c7a2d6f5681.1730901926.git.ps@pks.im (mailing list archive)
State	New, archived
Headers	show Received: from fhigh-a5-smtp.messagingengine.com (fhigh-a5-smtp.messagingengine.com [103.168.172.156]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C4C08204928 for <git@vger.kernel.org>; Wed, 6 Nov 2024 15:11:11 +0000 (UTC) Feedback-ID: i197146af:Fastmail Date: Wed, 6 Nov 2024 16:11:03 +0100 From: Patrick Steinhardt <ps@pks.im> To: git@vger.kernel.org Subject: [PATCH 15/26] help: fix leaking `struct cmdnames` Message-ID: <2fb012662d6c5720be1fe86973640c7a2d6f5681.1730901926.git.ps@pks.im> References: <cover.1730901926.git.ps@pks.im> Precedence: bulk MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <cover.1730901926.git.ps@pks.im>
Series	[01/26] builtin/blame: fix leaking blame entries with `--incremental` \| expand [01/26] builtin/blame: fix leaking blame entries with `--incremental` [02/26] bisect: fix leaking good/bad terms when reading multipe times [03/26] bisect: fix leaking string in `handle_bad_merge_base()` [04/26] bisect: fix leaking `current_bad_oid` [05/26] bisect: fix multiple leaks in `bisect_next_all()` [06/26] bisect: fix leaking commit list items in `check_merge_base()` [07/26] bisect: fix various cases where we leak commit list items [08/26] line-log: fix leak when rewriting commit parents [09/26] strvec: introduce new `strvec_splice()` function [10/26] git: refactor alias handling to use a `struct strvec` [11/26] git: refactor builtin handling to use a `struct strvec` [12/26] split-index: fix memory leak in `move_cache_to_base_index()` [13/26] builtin/sparse-checkout: fix leaking sanitized patterns [14/26] help: refactor to not use globals for reading config [15/26] help: fix leaking `struct cmdnames` [16/26] help: fix leaking return value from `help_unknown_cmd()` [17/26] builtin/help: fix leaks in `check_git_cmd()` [18/26] builtin/init-db: fix leaking directory paths [19/26] builtin/branch: fix leaking sorting options [20/26] t/helper: fix leaking commit graph in "read-graph" subcommand [21/26] git-compat-util: drop `UNLEAK()` annotation [22/26] t5601: work around leak sanitizer issue [23/26] t: mark some tests as leak free [24/26] t: remove unneeded !SANITIZE_LEAK prerequisites [25/26] test-lib: unconditionally enable leak checking [26/26] t: remove TEST_PASSES_SANITIZE_LEAK annotations

Message ID

2fb012662d6c5720be1fe86973640c7a2d6f5681.1730901926.git.ps@pks.im (mailing list archive)

State

New, archived

Headers

Feedback-ID: i197146af:Fastmail
Date: Wed, 6 Nov 2024 16:11:03 +0100
From: Patrick Steinhardt <ps@pks.im>
To: git@vger.kernel.org
Subject: [PATCH 15/26] help: fix leaking `struct cmdnames`
Message-ID: 
 <2fb012662d6c5720be1fe86973640c7a2d6f5681.1730901926.git.ps@pks.im>
References: <cover.1730901926.git.ps@pks.im>
Precedence: bulk
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <cover.1730901926.git.ps@pks.im>

Series

[01/26] builtin/blame: fix leaking blame entries with `--incremental` | expand

Commit Message

Patrick Steinhardt Nov. 6, 2024, 3:11 p.m. UTC

We're populating multiple `struct cmdnames`, but don't ever free them.
Create a common exit path where we do so.

Note that this also requires us to use `FREE_AND_NULL()` when freeing
`cmdnames::names`, as we may otherwise try to free it multiple times.

Signed-off-by: Patrick Steinhardt <ps@pks.im>
---
 help.c | 24 +++++++++++++++++-------
 1 file changed, 17 insertions(+), 7 deletions(-)

Comments

Rubén Justo Nov. 10, 2024, 9:46 p.m. UTC | #1

On Wed, Nov 06, 2024 at 04:11:03PM +0100, Patrick Steinhardt wrote:
> We're populating multiple `struct cmdnames`, but don't ever free them.
> Create a common exit path where we do so.
> 
> Note that this also requires us to use `FREE_AND_NULL()` when freeing
> `cmdnames::names`, as we may otherwise try to free it multiple times.
> 
> Signed-off-by: Patrick Steinhardt <ps@pks.im>
> ---
>  help.c | 24 +++++++++++++++++-------
>  1 file changed, 17 insertions(+), 7 deletions(-)
> 
> diff --git a/help.c b/help.c
> index 8794f81db9b..51adc530d7a 100644
> --- a/help.c
> +++ b/help.c
> @@ -169,7 +169,7 @@ void cmdnames_release(struct cmdnames *cmds)
>  	int i;
>  	for (i = 0; i < cmds->cnt; ++i)
>  		free(cmds->names[i]);
> -	free(cmds->names);
> +	FREE_AND_NULL(cmds->names);
>  	cmds->cnt = 0;
>  	cmds->alloc = 0;
>  }
> @@ -619,6 +619,7 @@ const char *help_unknown_cmd(const char *cmd)
>  	struct cmdnames main_cmds = { 0 };
>  	struct cmdnames other_cmds = { 0 };
>  	struct cmdname_help *common_cmds;
> +	const char *assumed = NULL;
>  
>  	read_early_config(the_repository, git_unknown_cmd_config, &cfg);
>  
> @@ -630,7 +631,7 @@ const char *help_unknown_cmd(const char *cmd)
>  
>  	if (cfg.autocorrect == AUTOCORRECT_NEVER) {
>  		fprintf_ln(stderr, _("git: '%s' is not a git command. See 'git --help'."), cmd);
> -		exit(1);
> +		goto out;

We haven't set a value for `assumed` at this point, so it's NULL, and in the
new exit path we `exit(1)` when `assumed` is NULL.  OK.

However, I think we don't need this change.  And keeping the `exit(1)` close to
the error message seems like a good idea.  Perhaps, in another series, we could
change it to `die()`.

>  	}
>  
>  	load_command_list("git-", &main_cmds, &other_cmds);
> @@ -695,7 +696,7 @@ const char *help_unknown_cmd(const char *cmd)
>  			; /* still counting */
>  	}
>  	if (cfg.autocorrect && n == 1 && SIMILAR_ENOUGH(best_similarity)) {
> -		const char *assumed = main_cmds.names[0]->name;
> +		assumed = main_cmds.names[0]->name;
>  		main_cmds.names[0] = NULL;
>  		cmdnames_release(&main_cmds);
>  		fprintf_ln(stderr,
> @@ -714,8 +715,10 @@ const char *help_unknown_cmd(const char *cmd)
>  			answer = git_prompt(msg.buf, PROMPT_ECHO);
>  			strbuf_release(&msg);
>  			if (!(starts_with(answer, "y") ||
> -			      starts_with(answer, "Y")))
> -				exit(1);
> +			      starts_with(answer, "Y"))) {
> +				assumed = NULL;
> +				goto out;
> +			}

OK.  But, as above, I don't think we need to change this either.

>  		} else {
>  			fprintf_ln(stderr,
>  				   _("Continuing in %0.1f seconds, "
> @@ -723,7 +726,8 @@ const char *help_unknown_cmd(const char *cmd)
>  				   (float)cfg.autocorrect/10.0, assumed);
>  			sleep_millisec(cfg.autocorrect * 100);
>  		}
> -		return assumed;
> +
> +		goto out;

OK.

>  	}
>  
>  	fprintf_ln(stderr, _("git: '%s' is not a git command. See 'git --help'."), cmd);
> @@ -738,7 +742,13 @@ const char *help_unknown_cmd(const char *cmd)
>  			fprintf(stderr, "\t%s\n", main_cmds.names[i]->name);
>  	}
>  
> -	exit(1);
> +out:
> +	cmdnames_release(&cfg.aliases);
> +	cmdnames_release(&main_cmds);
> +	cmdnames_release(&other_cmds);
> +	if (!assumed)
> +		exit(1);
> +	return assumed;

OK.

>  }
>  
>  void get_version_info(struct strbuf *buf, int show_build_options)
> -- 
> 2.47.0.229.g8f8d6eee53.dirty
>

Patrick Steinhardt Nov. 11, 2024, 9:09 a.m. UTC | #2

On Sun, Nov 10, 2024 at 10:46:29PM +0100, Rubén Justo wrote:
> On Wed, Nov 06, 2024 at 04:11:03PM +0100, Patrick Steinhardt wrote:
> > @@ -630,7 +631,7 @@ const char *help_unknown_cmd(const char *cmd)
> >  
> >  	if (cfg.autocorrect == AUTOCORRECT_NEVER) {
> >  		fprintf_ln(stderr, _("git: '%s' is not a git command. See 'git --help'."), cmd);
> > -		exit(1);
> > +		goto out;
> 
> We haven't set a value for `assumed` at this point, so it's NULL, and in the
> new exit path we `exit(1)` when `assumed` is NULL.  OK.
> 
> However, I think we don't need this change.  And keeping the `exit(1)` close to
> the error message seems like a good idea.  Perhaps, in another series, we could
> change it to `die()`.

Yeah, good point indeed. I'll adapt this.

Patrick

diff --git a/help.c b/help.c
index 8794f81db9b..51adc530d7a 100644
--- a/help.c
+++ b/help.c
@@ -169,7 +169,7 @@  void cmdnames_release(struct cmdnames *cmds)
 	int i;
 	for (i = 0; i < cmds->cnt; ++i)
 		free(cmds->names[i]);
-	free(cmds->names);
+	FREE_AND_NULL(cmds->names);
 	cmds->cnt = 0;
 	cmds->alloc = 0;
 }
@@ -619,6 +619,7 @@  const char *help_unknown_cmd(const char *cmd)
 	struct cmdnames main_cmds = { 0 };
 	struct cmdnames other_cmds = { 0 };
 	struct cmdname_help *common_cmds;
+	const char *assumed = NULL;
 
 	read_early_config(the_repository, git_unknown_cmd_config, &cfg);
 
@@ -630,7 +631,7 @@  const char *help_unknown_cmd(const char *cmd)
 
 	if (cfg.autocorrect == AUTOCORRECT_NEVER) {
 		fprintf_ln(stderr, _("git: '%s' is not a git command. See 'git --help'."), cmd);
-		exit(1);
+		goto out;
 	}
 
 	load_command_list("git-", &main_cmds, &other_cmds);
@@ -695,7 +696,7 @@  const char *help_unknown_cmd(const char *cmd)
 			; /* still counting */
 	}
 	if (cfg.autocorrect && n == 1 && SIMILAR_ENOUGH(best_similarity)) {
-		const char *assumed = main_cmds.names[0]->name;
+		assumed = main_cmds.names[0]->name;
 		main_cmds.names[0] = NULL;
 		cmdnames_release(&main_cmds);
 		fprintf_ln(stderr,
@@ -714,8 +715,10 @@  const char *help_unknown_cmd(const char *cmd)
 			answer = git_prompt(msg.buf, PROMPT_ECHO);
 			strbuf_release(&msg);
 			if (!(starts_with(answer, "y") ||
-			      starts_with(answer, "Y")))
-				exit(1);
+			      starts_with(answer, "Y"))) {
+				assumed = NULL;
+				goto out;
+			}
 		} else {
 			fprintf_ln(stderr,
 				   _("Continuing in %0.1f seconds, "
@@ -723,7 +726,8 @@  const char *help_unknown_cmd(const char *cmd)
 				   (float)cfg.autocorrect/10.0, assumed);
 			sleep_millisec(cfg.autocorrect * 100);
 		}
-		return assumed;
+
+		goto out;
 	}
 
 	fprintf_ln(stderr, _("git: '%s' is not a git command. See 'git --help'."), cmd);
@@ -738,7 +742,13 @@  const char *help_unknown_cmd(const char *cmd)
 			fprintf(stderr, "\t%s\n", main_cmds.names[i]->name);
 	}
 
-	exit(1);
+out:
+	cmdnames_release(&cfg.aliases);
+	cmdnames_release(&main_cmds);
+	cmdnames_release(&other_cmds);
+	if (!assumed)
+		exit(1);
+	return assumed;
 }
 
 void get_version_info(struct strbuf *buf, int show_build_options)

[15/26] help: fix leaking `struct cmdnames`

Commit Message

Comments

Patch