[04/22] builtin/push: fix leaking refspec query result

Message ID	92fc97b3db86bb0bdf610a2f76c03a96a99bfe8d.1724656120.git.ps@pks.im (mailing list archive)
State	Superseded
Headers	show Received: from fout3-smtp.messagingengine.com (fout3-smtp.messagingengine.com [103.168.172.146]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3026412DD88 for <git@vger.kernel.org>; Mon, 26 Aug 2024 07:21:48 +0000 (UTC) Feedback-ID: i197146af:Fastmail Date: Mon, 26 Aug 2024 09:21:45 +0200 From: Patrick Steinhardt <ps@pks.im> To: git@vger.kernel.org Subject: [PATCH 04/22] builtin/push: fix leaking refspec query result Message-ID: <92fc97b3db86bb0bdf610a2f76c03a96a99bfe8d.1724656120.git.ps@pks.im> References: <cover.1724656120.git.ps@pks.im> Precedence: bulk MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <cover.1724656120.git.ps@pks.im>
Series	Memory leak fixes (pt.6) \| expand [00/22] Memory leak fixes (pt.6) [01/22] t/test-lib: allow skipping leak checks for passing tests [02/22] fetch-pack: fix memory leaks on fetch negotiation [03/22] send-pack: fix leaking common object IDs [04/22] builtin/push: fix leaking refspec query result [05/22] upload-pack: fix leaking child process data on reachability checks [06/22] submodule: fix leaking fetch task data [07/22] builtin/submodule--helper: fix leaking refs on push-check [08/22] remote: fix leaking tracking refs [09/22] remote: fix leak in reachability check of a remote-tracking ref [10/22] send-pack: fix leaking push cert nonce [11/22] gpg-interface: fix misdesigned signing key interfaces [12/22] object: clear grafts when clearing parsed object pool [13/22] shallow: free grafts when unregistering them [14/22] shallow: fix leaking members of `struct shallow_info` [15/22] negotiator/skipping: fix leaking commit entries [16/22] builtin/repack: fix leaking line buffer when packing promisors [17/22] builtin/pack-objects: plug leaking list of keep-packs [18/22] builtin/grep: fix leaking object context [19/22] builtin/fmt-merge-msg: fix leaking buffers [20/22] match-trees: fix leaking prefixes in `shift_tree()` [21/22] merge-ort: fix two leaks when handling directory rename modifications [22/22] builtin/repack: fix leaking keep-pack list

Message ID

92fc97b3db86bb0bdf610a2f76c03a96a99bfe8d.1724656120.git.ps@pks.im (mailing list archive)

State

Superseded

Headers

Feedback-ID: i197146af:Fastmail
Date: Mon, 26 Aug 2024 09:21:45 +0200
From: Patrick Steinhardt <ps@pks.im>
To: git@vger.kernel.org
Subject: [PATCH 04/22] builtin/push: fix leaking refspec query result
Message-ID: 
 <92fc97b3db86bb0bdf610a2f76c03a96a99bfe8d.1724656120.git.ps@pks.im>
References: <cover.1724656120.git.ps@pks.im>
Precedence: bulk
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <cover.1724656120.git.ps@pks.im>

Series

Memory leak fixes (pt.6) | expand

Commit Message

Patrick Steinhardt Aug. 26, 2024, 7:21 a.m. UTC

When appending a refspec via `refspec_append_mapped()` we leak the
result of `query_refspecs()`. The overall logic around refspec queries
is quite weird, as callers are expected to either set the `src` or `dst`
pointers, and then the (allocated) result will be in the respective
other struct member.

As we have the `src` member set, plugging the memory leak is thus as
easy as just freeing the `dst` member. While at it, use designated
initializers to initialize the structure.

This leak was exposed by t5516, but fixing it is not sufficient to make
the whole test suite leak free.

Signed-off-by: Patrick Steinhardt <ps@pks.im>
---
 builtin/push.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

Comments

Junio C Hamano Aug. 30, 2024, 9:59 p.m. UTC | #1

Patrick Steinhardt <ps@pks.im> writes:

> When appending a refspec via `refspec_append_mapped()` we leak the
> result of `query_refspecs()`. The overall logic around refspec queries
> is quite weird, as callers are expected to either set the `src` or `dst`
> pointers, and then the (allocated) result will be in the respective
> other struct member.

Hmph, is it necessary to say "quite weird" for the purpose of this
change?  The query interface is designed to be usable to query both
ways and within that constraints, I find it designed very nicely
(but I do not think that is necessary to be said for the purpose of
this change, either)..

> As we have the `src` member set, plugging the memory leak is thus as
> easy as just freeing the `dst` member. While at it, use designated
> initializers to initialize the structure.

In order to understand this paragraph, of course, it helps for a
reader to understand that the query_refspecs() gives an answer by
populating the side other than the query side, and the answers are
what we want to release.

> This leak was exposed by t5516, but fixing it is not sufficient to make
> the whole test suite leak free.
>
> Signed-off-by: Patrick Steinhardt <ps@pks.im>
> ---
>  builtin/push.c | 8 +++++---
>  1 file changed, 5 insertions(+), 3 deletions(-)
>
> diff --git a/builtin/push.c b/builtin/push.c
> index 7a67398124f..0b123eb9c1e 100644
> --- a/builtin/push.c
> +++ b/builtin/push.c
> @@ -72,13 +72,15 @@ static void refspec_append_mapped(struct refspec *refspec, const char *ref,
>  	const char *branch_name;
>  
>  	if (remote->push.nr) {
> -		struct refspec_item query;
> -		memset(&query, 0, sizeof(struct refspec_item));
> -		query.src = matched->name;
> +		struct refspec_item query = {
> +			.src = matched->name,
> +		};

This is "while at it" change that does not contribute to the leak or
the leakfix; the resulting code is easier to read.

>  		if (!query_refspecs(&remote->push, &query) && query.dst) {
>  			refspec_appendf(refspec, "%s%s:%s",
>  					query.force ? "+" : "",
>  					query.src, query.dst);
> +			free(query.dst);

And this is the real fix, which looks good.

Thanks.

>  			return;
>  		}
>  	}

Patrick Steinhardt Sept. 2, 2024, 9:27 a.m. UTC | #2

On Fri, Aug 30, 2024 at 02:59:01PM -0700, Junio C Hamano wrote:
> Patrick Steinhardt <ps@pks.im> writes:
> 
> > When appending a refspec via `refspec_append_mapped()` we leak the
> > result of `query_refspecs()`. The overall logic around refspec queries
> > is quite weird, as callers are expected to either set the `src` or `dst`
> > pointers, and then the (allocated) result will be in the respective
> > other struct member.
> 
> Hmph, is it necessary to say "quite weird" for the purpose of this
> change?  The query interface is designed to be usable to query both
> ways and within that constraints, I find it designed very nicely
> (but I do not think that is necessary to be said for the purpose of
> this change, either)..

I don't quite agree that it's nicely designed -- I find it rather hard
to use and reason about, and the fact that so many callsites get this
interface wrong seems to indicate that there is at least some sort of
truth to this assessment.

But I don't mind removing this subjective opinion from the commit
message. I'll do that in case I end up rerolling this patch series.

Thanks!

Patrick

diff --git a/builtin/push.c b/builtin/push.c
index 7a67398124f..0b123eb9c1e 100644
--- a/builtin/push.c
+++ b/builtin/push.c
@@ -72,13 +72,15 @@  static void refspec_append_mapped(struct refspec *refspec, const char *ref,
 	const char *branch_name;
 
 	if (remote->push.nr) {
-		struct refspec_item query;
-		memset(&query, 0, sizeof(struct refspec_item));
-		query.src = matched->name;
+		struct refspec_item query = {
+			.src = matched->name,
+		};
+
 		if (!query_refspecs(&remote->push, &query) && query.dst) {
 			refspec_appendf(refspec, "%s%s:%s",
 					query.force ? "+" : "",
 					query.src, query.dst);
+			free(query.dst);
 			return;
 		}
 	}

[04/22] builtin/push: fix leaking refspec query result

Commit Message

Comments

Patch