| Message ID | patch-v3-23.26-4c60784d281-20220721T191249Z-avarab@gmail.com (mailing list archive) |
|---|---|
| State | Superseded |
| Headers | show |
| Series | submodule--helper: fix memory leaks | expand |
Ævar Arnfjörð Bjarmason <avarab@gmail.com> writes: > Change code downstream of module_update() to short-circuit and return > to the top-level on failure, rather than calling exit(). > > To do so we need to diligently check whether we "must_die_on_failure", > which is a pattern started in c51f8f94e5b (submodule--helper: run > update procedures from C, 2021-08-24), but which hadn't been completed > to the point where we could avoid calling exit() here. > > This introduces no functional changes, but makes it easier to both > call these routines as a library in the future, and to avoid leaking > memory. > > Signed-off-by: Ævar Arnfjörð Bjarmason <avarab@gmail.com> > --- > builtin/submodule--helper.c | 36 ++++++++++++++++++++++++++---------- > 1 file changed, 26 insertions(+), 10 deletions(-) > > diff --git a/builtin/submodule--helper.c b/builtin/submodule--helper.c > index 790f0ccb82e..b65665105e7 100644 > --- a/builtin/submodule--helper.c > +++ b/builtin/submodule--helper.c > @@ -2283,7 +2283,8 @@ static int fetch_in_submodule(const char *module_path, int depth, int quiet, str > return run_command(&cp); > } > > -static int run_update_command(struct update_data *ud, int subforce) > +static int run_update_command(struct update_data *ud, int subforce, > + int *must_die_on_failurep) It's not obvious in the context lines, but there is an auto variable named "must_die_on_failure", so we need the "p". > { > struct child_process cp = CHILD_PROCESS_INIT; > char *oid = oid_to_hex(&ud->oid); > @@ -2345,8 +2346,10 @@ static int run_update_command(struct update_data *ud, int subforce) > BUG("unexpected update strategy type: %s", > submodule_strategy_to_string(&ud->update_strategy)); > } > - if (must_die_on_failure) > - exit(128); > + if (must_die_on_failure) { > + *must_die_on_failurep = 1; > + return 128; > + } [...] > > /* the command failed, but update must continue */ > return 1; > @@ -2380,7 +2383,8 @@ static int run_update_command(struct update_data *ud, int subforce) > return 0; > } > > -static int run_update_procedure(struct update_data *ud) > +static int run_update_procedure(struct update_data *ud, > + int *must_die_on_failure) > { > int subforce = is_null_oid(&ud->suboid) || ud->force; > > @@ -2407,7 +2411,7 @@ static int run_update_procedure(struct update_data *ud) > ud->displaypath, oid_to_hex(&ud->oid)); > } > > - return run_update_command(ud, subforce); > + return run_update_command(ud, subforce, must_die_on_failure); > } > > static const char *remote_submodule_branch(const char *path) > @@ -2543,7 +2547,8 @@ static void update_data_to_args(struct update_data *update_data, struct strvec * > "--no-single-branch"); > } > > -static int update_submodule(struct update_data *update_data) > +static int update_submodule(struct update_data *update_data, > + int *must_die_on_failure) > { > int ret = 1; > > @@ -2584,8 +2589,13 @@ static int update_submodule(struct update_data *update_data) > } > > if (!oideq(&update_data->oid, &update_data->suboid) || update_data->force) { > - if (run_update_procedure(update_data)) > + ret = run_update_procedure(update_data, must_die_on_failure); > + if (ret && *must_die_on_failure) { > + goto cleanup; > + } else if (ret) { > + ret = 1; > goto cleanup; > + } > } > > if (update_data->recursive) { > @@ -2608,7 +2618,8 @@ static int update_submodule(struct update_data *update_data) > die_message(_("Failed to recurse into submodule path '%s'"), > update_data->displaypath); > if (ret == 128) { > - exit(ret); > + *must_die_on_failure = 1; > + goto cleanup; One important property in the preimage is that there's an obvious connection between the exit(128) and this section here, i.e. the child "git submodule update" process failed in a way that the parent needs to stop immediately. With this patch, this property is no longer obvious because we return 128 from the lowest level (run_update_command()). By the time we reach the top level (module_update()), it's no longer clear that the return value was meant to be 128. Two ways we can fix this: 1) Just return 128 at all levels to mean "must die on failure", which will let us get rid of "must_die_on_failure". or... > } else if (ret) { > ret = 1; > goto cleanup; > @@ -2646,13 +2657,18 @@ static int update_submodules(struct update_data *update_data) > > for (i = 0; i < suc.update_clone_nr; i++) { > struct update_clone_data ucd = suc.update_clone[i]; > + int code; > + int must_die_on_failure = 0; > > oidcpy(&update_data->oid, &ucd.oid); > update_data->just_cloned = ucd.just_cloned; > update_data->sm_path = ucd.sub->path; > > - if (update_submodule(update_data)) > - res = 1; > + code = update_submodule(update_data, &must_die_on_failure); > + if (code) > + res = code; > + if (must_die_on_failure) > + goto cleanup; > } 2) In update_submodules() (i.e. just before module_update()), we make update_submodules() return 128 if must_die_on_failure != 0. Then we can drop the return value of 128 from the rest of the call chain and just use an opaque nonzero return value instead. > > cleanup: > -- > 2.37.1.1095.g0bd6f54ba8a
diff --git a/builtin/submodule--helper.c b/builtin/submodule--helper.c index 790f0ccb82e..b65665105e7 100644 --- a/builtin/submodule--helper.c +++ b/builtin/submodule--helper.c @@ -2283,7 +2283,8 @@ static int fetch_in_submodule(const char *module_path, int depth, int quiet, str return run_command(&cp); } -static int run_update_command(struct update_data *ud, int subforce) +static int run_update_command(struct update_data *ud, int subforce, + int *must_die_on_failurep) { struct child_process cp = CHILD_PROCESS_INIT; char *oid = oid_to_hex(&ud->oid); @@ -2345,8 +2346,10 @@ static int run_update_command(struct update_data *ud, int subforce) BUG("unexpected update strategy type: %s", submodule_strategy_to_string(&ud->update_strategy)); } - if (must_die_on_failure) - exit(128); + if (must_die_on_failure) { + *must_die_on_failurep = 1; + return 128; + } /* the command failed, but update must continue */ return 1; @@ -2380,7 +2383,8 @@ static int run_update_command(struct update_data *ud, int subforce) return 0; } -static int run_update_procedure(struct update_data *ud) +static int run_update_procedure(struct update_data *ud, + int *must_die_on_failure) { int subforce = is_null_oid(&ud->suboid) || ud->force; @@ -2407,7 +2411,7 @@ static int run_update_procedure(struct update_data *ud) ud->displaypath, oid_to_hex(&ud->oid)); } - return run_update_command(ud, subforce); + return run_update_command(ud, subforce, must_die_on_failure); } static const char *remote_submodule_branch(const char *path) @@ -2543,7 +2547,8 @@ static void update_data_to_args(struct update_data *update_data, struct strvec * "--no-single-branch"); } -static int update_submodule(struct update_data *update_data) +static int update_submodule(struct update_data *update_data, + int *must_die_on_failure) { int ret = 1; @@ -2584,8 +2589,13 @@ static int update_submodule(struct update_data *update_data) } if (!oideq(&update_data->oid, &update_data->suboid) || update_data->force) { - if (run_update_procedure(update_data)) + ret = run_update_procedure(update_data, must_die_on_failure); + if (ret && *must_die_on_failure) { + goto cleanup; + } else if (ret) { + ret = 1; goto cleanup; + } } if (update_data->recursive) { @@ -2608,7 +2618,8 @@ static int update_submodule(struct update_data *update_data) die_message(_("Failed to recurse into submodule path '%s'"), update_data->displaypath); if (ret == 128) { - exit(ret); + *must_die_on_failure = 1; + goto cleanup; } else if (ret) { ret = 1; goto cleanup; @@ -2646,13 +2657,18 @@ static int update_submodules(struct update_data *update_data) for (i = 0; i < suc.update_clone_nr; i++) { struct update_clone_data ucd = suc.update_clone[i]; + int code; + int must_die_on_failure = 0; oidcpy(&update_data->oid, &ucd.oid); update_data->just_cloned = ucd.just_cloned; update_data->sm_path = ucd.sub->path; - if (update_submodule(update_data)) - res = 1; + code = update_submodule(update_data, &must_die_on_failure); + if (code) + res = code; + if (must_die_on_failure) + goto cleanup; } cleanup:
Change code downstream of module_update() to short-circuit and return to the top-level on failure, rather than calling exit(). To do so we need to diligently check whether we "must_die_on_failure", which is a pattern started in c51f8f94e5b (submodule--helper: run update procedures from C, 2021-08-24), but which hadn't been completed to the point where we could avoid calling exit() here. This introduces no functional changes, but makes it easier to both call these routines as a library in the future, and to avoid leaking memory. Signed-off-by: Ævar Arnfjörð Bjarmason <avarab@gmail.com> --- builtin/submodule--helper.c | 36 ++++++++++++++++++++++++++---------- 1 file changed, 26 insertions(+), 10 deletions(-)