From patchwork Sun Mar 21 16:58:29 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrzej Hunt X-Patchwork-Id: 12153141 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-12.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6433AC433C1 for ; Sun, 21 Mar 2021 16:59:57 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 2884761946 for ; Sun, 21 Mar 2021 16:59:57 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230104AbhCUQ7L (ORCPT ); Sun, 21 Mar 2021 12:59:11 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52646 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230045AbhCUQ6l (ORCPT ); Sun, 21 Mar 2021 12:58:41 -0400 Received: from mail-wm1-x329.google.com (mail-wm1-x329.google.com [IPv6:2a00:1450:4864:20::329]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D7A57C061762 for ; Sun, 21 Mar 2021 09:58:40 -0700 (PDT) Received: by mail-wm1-x329.google.com with SMTP id t5-20020a1c77050000b029010e62cea9deso7960183wmi.0 for ; Sun, 21 Mar 2021 09:58:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=message-id:in-reply-to:references:from:date:subject:fcc :content-transfer-encoding:mime-version:to:cc; bh=VRVig6r2OQ7VUMmLKHIM+DZFPJ7DwZl4ljHRZhrvI1M=; b=KLcVGJFIhop4Tjs1KPrwc91AgN3gmcGixTw9Jj6ABtw2ua1vhr1DGQ8J48eH+yvgBY Fi1GpCtC6bs+9HJ6nnSG0S9SYOG4AoOGbur2bR3B1DJlbxGilSs6cadWzjNasmRBpL63 MSzg5TaHTXsVamjH+8tx5/Qvz/vU9yy5MWNjvYBZ7kSE0YnpXrninm45hH7yzzL0ObKs kpClLNisjnUfAwiHkjFAD0uct3MHkbg3hALZVBKRENG91EewY31AYX8ujBYxfZCcGi+s YRdabhbd+0nOMIEAQsvTGXf0kYm6lxkT882BccK0+pSBaqlh7EyIarnIq+/CxI4ZS2Gp 9p5w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:message-id:in-reply-to:references:from:date :subject:fcc:content-transfer-encoding:mime-version:to:cc; bh=VRVig6r2OQ7VUMmLKHIM+DZFPJ7DwZl4ljHRZhrvI1M=; b=EKCqk9JshWH8oUfdjJI+KV8o5G3M++EQqKfcE8N0n9wwlYBpNddg0ExmpNqZAWG0tu Lii1A+zrh5IBb8dsUN9+NltBOI+5xI/gJhiX7Y7UJu1+7aApQPSXgM9NDJzBJSmpgiKb KSK0scQ0CbOl8YCfnkn8n4rM25wETajnRjYQNIGg/6h2QzlgExDeCH7oXGLaG2vfQ4St DC2ksDG6R8EdsAKVF0DfBJL/NFti1jF1MhRB8sL2sPk139COyxiDdCbHFird/pbSvLfx +8bksAvj/4v9RmbQ5en/DkRAUMbuPcW4jAKEsI0pKcFDzGshVAisTC7jXR8v8/lHevmR qYnA== X-Gm-Message-State: AOAM532iYQ7vhaD+D8afs/cm0/06hyA7bDXYoOujIolF831R3ds3iKui s6oW0OFUzqP8T24bytV2vKWUWVagUXU= X-Google-Smtp-Source: ABdhPJyP1YJxSwGlVzdUpg7YeS8RX4B79jjABS+UfC3a0b8IuNrrASTW3vyfHPz1jAxPzdlquxg70Q== X-Received: by 2002:a1c:600a:: with SMTP id u10mr12575028wmb.139.1616345919658; Sun, 21 Mar 2021 09:58:39 -0700 (PDT) Received: from [127.0.0.1] ([13.74.141.28]) by smtp.gmail.com with ESMTPSA id m3sm15138932wme.40.2021.03.21.09.58.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 21 Mar 2021 09:58:39 -0700 (PDT) Message-Id: <6af157dfed796508933793f6c4e7453764643fd4.1616345918.git.gitgitgadget@gmail.com> In-Reply-To: References: Date: Sun, 21 Mar 2021 16:58:29 +0000 Subject: [PATCH v3 1/9] symbolic-ref: don't leak shortened refname in check_symref() Fcc: Sent MIME-Version: 1.0 To: git@vger.kernel.org Cc: Eric Sunshine , Martin =?utf-8?b?w4VncmVu?= , Andrzej Hunt , Andrzej Hunt Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org From: Andrzej Hunt From: Andrzej Hunt shorten_unambiguous_ref() returns an allocated string. We have to track it separately from the const refname. This leak has existed since: 9ab55daa55 (git symbolic-ref --delete $symref, 2012-10-21) This leak was found when running t0001 with LSAN, see also LSAN output below: Direct leak of 19 byte(s) in 1 object(s) allocated from: #0 0x486514 in strdup /home/abuild/rpmbuild/BUILD/llvm-11.0.0.src/build/../projects/compiler-rt/lib/asan/asan_interceptors.cpp:452:3 #1 0x9ab048 in xstrdup /home/ahunt/oss-fuzz/git/wrapper.c:29:14 #2 0x8b452f in refs_shorten_unambiguous_ref /home/ahunt/oss-fuzz/git/refs.c #3 0x8b47e8 in shorten_unambiguous_ref /home/ahunt/oss-fuzz/git/refs.c:1287:9 #4 0x679fce in check_symref /home/ahunt/oss-fuzz/git/builtin/symbolic-ref.c:28:14 #5 0x679ad8 in cmd_symbolic_ref /home/ahunt/oss-fuzz/git/builtin/symbolic-ref.c:70:9 #6 0x4cd60d in run_builtin /home/ahunt/oss-fuzz/git/git.c:453:11 #7 0x4cb2da in handle_builtin /home/ahunt/oss-fuzz/git/git.c:704:3 #8 0x4ccc37 in run_argv /home/ahunt/oss-fuzz/git/git.c:771:4 #9 0x4cac29 in cmd_main /home/ahunt/oss-fuzz/git/git.c:902:19 #10 0x69cc6e in main /home/ahunt/oss-fuzz/git/common-main.c:52:11 #11 0x7f98388a4349 in __libc_start_main (/lib64/libc.so.6+0x24349) Signed-off-by: Andrzej Hunt --- builtin/symbolic-ref.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/builtin/symbolic-ref.c b/builtin/symbolic-ref.c index 80237f0df10f..e547a08d6c7c 100644 --- a/builtin/symbolic-ref.c +++ b/builtin/symbolic-ref.c @@ -24,9 +24,11 @@ static int check_symref(const char *HEAD, int quiet, int shorten, int print) return 1; } if (print) { + char *to_free = NULL; if (shorten) - refname = shorten_unambiguous_ref(refname, 0); + refname = to_free = shorten_unambiguous_ref(refname, 0); puts(refname); + free(to_free); } return 0; } From patchwork Sun Mar 21 16:58:30 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrzej Hunt X-Patchwork-Id: 12153143 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-12.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id B8374C433DB for ; Sun, 21 Mar 2021 16:59:57 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 6C87961947 for ; Sun, 21 Mar 2021 16:59:57 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230125AbhCUQ7N (ORCPT ); Sun, 21 Mar 2021 12:59:13 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52648 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230046AbhCUQ6l (ORCPT ); Sun, 21 Mar 2021 12:58:41 -0400 Received: from mail-wm1-x333.google.com (mail-wm1-x333.google.com [IPv6:2a00:1450:4864:20::333]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7DC9DC061574 for ; Sun, 21 Mar 2021 09:58:41 -0700 (PDT) Received: by mail-wm1-x333.google.com with SMTP id k128so5767648wmk.4 for ; Sun, 21 Mar 2021 09:58:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=message-id:in-reply-to:references:from:date:subject:fcc :content-transfer-encoding:mime-version:to:cc; bh=F0opQpe7BV1fXWQ5HltcF7A+GqCj/k0iJf9Vz5xKxgw=; b=jgwol8JpYuA+fMGzEzBYEQWwMnROU8a4zGf9PMnH04YI0AFFRptLjgNyFgWyOaIR++ 5kuSDiPgYcd+Qa1q0h+CxnZigTRwx7KPRjJU1XdbSYwsZeW434GBByQ8/hmOOE0pkakZ 5tt+GBvL/ar3+paRvnzVMBxLjZXryG16BIjwuhU+9gcczgpCK2dvRDvPkgjBYGh4BoRQ RYD+fx0qg+3sBSGi6uR4LBeuO2ryALmTht3Po5Xf70zWVS/z1wFelAJBoVI07qI/2lur jtxVzNvyGp1/KG5kCSJDVnN++zHNPuPSNFbuJdHu84eDSkbTprP1UY+NZN6WqCY+srOy BQjQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:message-id:in-reply-to:references:from:date :subject:fcc:content-transfer-encoding:mime-version:to:cc; bh=F0opQpe7BV1fXWQ5HltcF7A+GqCj/k0iJf9Vz5xKxgw=; b=o9/RkaUi57jbj8QrUp1vp5vHkSBCTJtHQ7qzljJ9Dg33edxxokRY/p2MgtoU5wHT0O p6g/yXamv7tB6hZmWYobBSKU5F2xtYyFT91tJoxzgOoOEm2aYaPNQ+xthqllyyz6Eyrp jftnmhOOeO7ER1KNw61kewhdC2IYYIe51oG9r2HGpGl0qn9vkOfbgPmH9qUQ7Wz1yF7V ebp0gKshpk10sALo6yewHC3247qrT/CbqBQkRFWN0rqJ74Ardz02+umrtqa6XL0UTSci M0hlLzdH6IPjFGhlpAvBI9VKt0Znwk9LVuLrGypk7f9gMbpP8SwmqJysWy5840qdYD0W E5/Q== X-Gm-Message-State: AOAM5325L+aOG1vy7JQCbwkYaZvIgp1UdU6SRosA7sgAKTj8Fo8PD5v4 b33SOHpWyzLpZ0b5YfwDxivBeAgw5dw= X-Google-Smtp-Source: ABdhPJwCyPT6hfr6TOUOfF0lRF7sD+YoZ6u4lRu5TsqZ4RCw0ZRS7EHJRQZhtp1FU6HsjyNxi8RetQ== X-Received: by 2002:a1c:df8a:: with SMTP id w132mr12440372wmg.53.1616345920218; Sun, 21 Mar 2021 09:58:40 -0700 (PDT) Received: from [127.0.0.1] ([13.74.141.28]) by smtp.gmail.com with ESMTPSA id j13sm16482671wrt.29.2021.03.21.09.58.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 21 Mar 2021 09:58:39 -0700 (PDT) Message-Id: In-Reply-To: References: Date: Sun, 21 Mar 2021 16:58:30 +0000 Subject: [PATCH v3 2/9] reset: free instead of leaking unneeded ref Fcc: Sent MIME-Version: 1.0 To: git@vger.kernel.org Cc: Eric Sunshine , Martin =?utf-8?b?w4VncmVu?= , Andrzej Hunt , Andrzej Hunt Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org From: Andrzej Hunt From: Andrzej Hunt dwim_ref() allocs a new string into ref. Instead of setting to NULL to discard it, we can FREE_AND_NULL. This leak appears to have been introduced in: 4cf76f6bbf (builtin/reset: compute checkout metadata for reset, 2020-03-16) This leak was found when running t0001 with LSAN, see also LSAN output below: Direct leak of 5 byte(s) in 1 object(s) allocated from: #0 0x486514 in strdup /home/abuild/rpmbuild/BUILD/llvm-11.0.0.src/build/../projects/compiler-rt/lib/asan/asan_interceptors.cpp:452:3 #1 0x9a7108 in xstrdup /home/ahunt/oss-fuzz/git/wrapper.c:29:14 #2 0x8add6b in expand_ref /home/ahunt/oss-fuzz/git/refs.c:670:12 #3 0x8ad777 in repo_dwim_ref /home/ahunt/oss-fuzz/git/refs.c:644:22 #4 0x6394af in dwim_ref /home/ahunt/oss-fuzz/git/./refs.h:162:9 #5 0x637e5c in cmd_reset /home/ahunt/oss-fuzz/git/builtin/reset.c:426:4 #6 0x4cd60d in run_builtin /home/ahunt/oss-fuzz/git/git.c:453:11 #7 0x4cb2da in handle_builtin /home/ahunt/oss-fuzz/git/git.c:704:3 #8 0x4ccc37 in run_argv /home/ahunt/oss-fuzz/git/git.c:771:4 #9 0x4cac29 in cmd_main /home/ahunt/oss-fuzz/git/git.c:902:19 #10 0x69c5ce in main /home/ahunt/oss-fuzz/git/common-main.c:52:11 #11 0x7f57ebb9d349 in __libc_start_main (/lib64/libc.so.6+0x24349) Signed-off-by: Andrzej Hunt --- builtin/reset.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/builtin/reset.c b/builtin/reset.c index c635b062c3a7..43e855cb8876 100644 --- a/builtin/reset.c +++ b/builtin/reset.c @@ -425,7 +425,7 @@ int cmd_reset(int argc, const char **argv, const char *prefix) dwim_ref(rev, strlen(rev), &dummy, &ref, 0); if (ref && !starts_with(ref, "refs/")) - ref = NULL; + FREE_AND_NULL(ref); err = reset_index(ref, &oid, reset_type, quiet); if (reset_type == KEEP && !err) From patchwork Sun Mar 21 16:58:31 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrzej Hunt X-Patchwork-Id: 12153149 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-12.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id C6D5FC433E0 for ; Sun, 21 Mar 2021 16:59:57 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 8594E6194C for ; Sun, 21 Mar 2021 16:59:57 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230115AbhCUQ7N (ORCPT ); Sun, 21 Mar 2021 12:59:13 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52656 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230047AbhCUQ6m (ORCPT ); Sun, 21 Mar 2021 12:58:42 -0400 Received: from mail-wr1-x42d.google.com (mail-wr1-x42d.google.com [IPv6:2a00:1450:4864:20::42d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 05277C061574 for ; Sun, 21 Mar 2021 09:58:42 -0700 (PDT) Received: by mail-wr1-x42d.google.com with SMTP id b9so14219609wrt.8 for ; Sun, 21 Mar 2021 09:58:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=message-id:in-reply-to:references:from:date:subject:fcc :content-transfer-encoding:mime-version:to:cc; bh=n4+S2Pqpnjccom1Dygbobupx9Ufrm4jBnm7Kzcw1WCE=; b=XLUtlmwajkIUgtD1VwWcx2iuS/NeqsdsFjyYHtEvjlZqyz2AOaPc/V/RjGVMTPlTWJ GprlwxmQkE0uvtDipoohrQwdNGF9/V41dtR4+TfqRTsFNJQJRmLnV/bGMIgpsdqQLuWz M2FvmAPg9mvhrzpcGmA37R+th4lqtSojui4PfBazbNqYt1tkdSzrcMS4Jz4xD1RjTe0g 2rs2hRk3vdcnI++CdEXpqYIrstHk4Wf1g3VW0HSgu76ldiiL7pOUv1D8Ub8mblHEn+Eq kwqYRWZYhme1Ybq/etpiyHeTI1/FsrBZGgslqDpZyHqU7kEUkdQVEobeQKPfJ39LGwNW ZC1A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:message-id:in-reply-to:references:from:date :subject:fcc:content-transfer-encoding:mime-version:to:cc; bh=n4+S2Pqpnjccom1Dygbobupx9Ufrm4jBnm7Kzcw1WCE=; b=bK3HglbvTP8+fOsynUNWDwF5muwegOk7sG2GMuntQ8IDV2kLIjh6l/kYqOYM9gMroo FCmthk/kPNIGDHfV87VFzOQ7fjhTZK0CdzErwTHQYijb2PxEyOWORtW8rqIejEoSUwU2 cKeSj48tBvsv1EYDTmLsLXuDeHopPirJrfpvCmu0cZrdzkqx3Y6DAuiRx4o0yrZn7ftC X5F9CjfhJkutKNkDxPIhJr5+gZEQsnEjR1gNr6JkKHBTnfpaa24qrMaPmc02YMiIN27h 2q6aWvF0CkHwOEWPB4mKOcNzkpu0Ak6Ra9AsCYRRpYKa/u/GKAWmA11RysoV0IqfMZ/+ 5V9w== X-Gm-Message-State: AOAM532fTl0G0fIvB1OIJGDFvVrONXMvR2uZJq/D+lFDxDwvbiFWM+tz w93/31Df/Ccqawza9URSuyxwaTruM0Q= X-Google-Smtp-Source: ABdhPJyEQYpadVsKmEZYb17Yxz9yN0gJCgAfigS73IMoHm77GrS0YDCH8fFABSlAdgnNaagsH2Jg+Q== X-Received: by 2002:adf:ab52:: with SMTP id r18mr14226823wrc.65.1616345920770; Sun, 21 Mar 2021 09:58:40 -0700 (PDT) Received: from [127.0.0.1] ([13.74.141.28]) by smtp.gmail.com with ESMTPSA id j20sm13432249wmp.30.2021.03.21.09.58.40 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 21 Mar 2021 09:58:40 -0700 (PDT) Message-Id: <40c5c915fc1e818661fc272cdc8c37678e8f3fcf.1616345918.git.gitgitgadget@gmail.com> In-Reply-To: References: Date: Sun, 21 Mar 2021 16:58:31 +0000 Subject: [PATCH v3 3/9] clone: free or UNLEAK further pointers when finished Fcc: Sent MIME-Version: 1.0 To: git@vger.kernel.org Cc: Eric Sunshine , Martin =?utf-8?b?w4VncmVu?= , Andrzej Hunt , Andrzej Hunt Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org From: Andrzej Hunt From: Andrzej Hunt Most of these pointers can safely be freed when cmd_clone() completes, therefore we make sure to free them. The one exception is that we have to UNLEAK(repo) because it can point either to argv[0], or a malloc'd string returned by absolute_pathdup(). We also have to free(path) in the middle of cmd_clone(): later during cmd_clone(), path is unconditionally overwritten with a different path, triggering a leak. Freeing the first path immediately after use (but only in the case where it contains data) seems like the cleanest solution, as opposed to freeing it unconditionally before path is reused for another path. This leak appears to have been introduced in: f38aa83f9a (use local cloning if insteadOf makes a local URL, 2014-07-17) These leaks were found when running t0001 with LSAN, see also an excerpt of the LSAN output below (the full list is omitted because it's far too long, and mostly consists of indirect leakage of members of the refs we are freeing). Direct leak of 178 byte(s) in 1 object(s) allocated from: #0 0x49a53d in malloc /home/abuild/rpmbuild/BUILD/llvm-11.0.0.src/build/../projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:145:3 #1 0x9a6ff4 in do_xmalloc /home/ahunt/oss-fuzz/git/wrapper.c:41:8 #2 0x9a6fca in xmalloc /home/ahunt/oss-fuzz/git/wrapper.c:62:9 #3 0x8ce296 in copy_ref /home/ahunt/oss-fuzz/git/remote.c:885:8 #4 0x8d2ebd in guess_remote_head /home/ahunt/oss-fuzz/git/remote.c:2215:10 #5 0x51d0c5 in cmd_clone /home/ahunt/oss-fuzz/git/builtin/clone.c:1308:4 #6 0x4cd60d in run_builtin /home/ahunt/oss-fuzz/git/git.c:453:11 #7 0x4cb2da in handle_builtin /home/ahunt/oss-fuzz/git/git.c:704:3 #8 0x4ccc37 in run_argv /home/ahunt/oss-fuzz/git/git.c:771:4 #9 0x4cac29 in cmd_main /home/ahunt/oss-fuzz/git/git.c:902:19 #10 0x69c45e in main /home/ahunt/oss-fuzz/git/common-main.c:52:11 #11 0x7f6a459d5349 in __libc_start_main (/lib64/libc.so.6+0x24349) Direct leak of 165 byte(s) in 1 object(s) allocated from: #0 0x49a53d in malloc /home/abuild/rpmbuild/BUILD/llvm-11.0.0.src/build/../projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:145:3 #1 0x9a6fc4 in do_xmalloc /home/ahunt/oss-fuzz/git/wrapper.c:41:8 #2 0x9a6f9a in xmalloc /home/ahunt/oss-fuzz/git/wrapper.c:62:9 #3 0x8ce266 in copy_ref /home/ahunt/oss-fuzz/git/remote.c:885:8 #4 0x51e9bd in wanted_peer_refs /home/ahunt/oss-fuzz/git/builtin/clone.c:574:21 #5 0x51cfe1 in cmd_clone /home/ahunt/oss-fuzz/git/builtin/clone.c:1284:17 #6 0x4cd60d in run_builtin /home/ahunt/oss-fuzz/git/git.c:453:11 #7 0x4cb2da in handle_builtin /home/ahunt/oss-fuzz/git/git.c:704:3 #8 0x4ccc37 in run_argv /home/ahunt/oss-fuzz/git/git.c:771:4 #9 0x4cac29 in cmd_main /home/ahunt/oss-fuzz/git/git.c:902:19 #10 0x69c42e in main /home/ahunt/oss-fuzz/git/common-main.c:52:11 #11 0x7f8fef0c2349 in __libc_start_main (/lib64/libc.so.6+0x24349) Direct leak of 178 byte(s) in 1 object(s) allocated from: #0 0x49a53d in malloc /home/abuild/rpmbuild/BUILD/llvm-11.0.0.src/build/../projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:145:3 #1 0x9a6ff4 in do_xmalloc /home/ahunt/oss-fuzz/git/wrapper.c:41:8 #2 0x9a6fca in xmalloc /home/ahunt/oss-fuzz/git/wrapper.c:62:9 #3 0x8ce296 in copy_ref /home/ahunt/oss-fuzz/git/remote.c:885:8 #4 0x8d2ebd in guess_remote_head /home/ahunt/oss-fuzz/git/remote.c:2215:10 #5 0x51d0c5 in cmd_clone /home/ahunt/oss-fuzz/git/builtin/clone.c:1308:4 #6 0x4cd60d in run_builtin /home/ahunt/oss-fuzz/git/git.c:453:11 #7 0x4cb2da in handle_builtin /home/ahunt/oss-fuzz/git/git.c:704:3 #8 0x4ccc37 in run_argv /home/ahunt/oss-fuzz/git/git.c:771:4 #9 0x4cac29 in cmd_main /home/ahunt/oss-fuzz/git/git.c:902:19 #10 0x69c45e in main /home/ahunt/oss-fuzz/git/common-main.c:52:11 #11 0x7f6a459d5349 in __libc_start_main (/lib64/libc.so.6+0x24349) Direct leak of 165 byte(s) in 1 object(s) allocated from: #0 0x49a6b2 in calloc /home/abuild/rpmbuild/BUILD/llvm-11.0.0.src/build/../projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:154:3 #1 0x9a72f2 in xcalloc /home/ahunt/oss-fuzz/git/wrapper.c:140:8 #2 0x8ce203 in alloc_ref_with_prefix /home/ahunt/oss-fuzz/git/remote.c:867:20 #3 0x8ce1a2 in alloc_ref /home/ahunt/oss-fuzz/git/remote.c:875:9 #4 0x72f63e in process_ref_v2 /home/ahunt/oss-fuzz/git/connect.c:426:8 #5 0x72f21a in get_remote_refs /home/ahunt/oss-fuzz/git/connect.c:525:8 #6 0x979ab7 in handshake /home/ahunt/oss-fuzz/git/transport.c:305:4 #7 0x97872d in get_refs_via_connect /home/ahunt/oss-fuzz/git/transport.c:339:9 #8 0x9774b5 in transport_get_remote_refs /home/ahunt/oss-fuzz/git/transport.c:1388:4 #9 0x51cf80 in cmd_clone /home/ahunt/oss-fuzz/git/builtin/clone.c:1271:9 #10 0x4cd60d in run_builtin /home/ahunt/oss-fuzz/git/git.c:453:11 #11 0x4cb2da in handle_builtin /home/ahunt/oss-fuzz/git/git.c:704:3 #12 0x4ccc37 in run_argv /home/ahunt/oss-fuzz/git/git.c:771:4 #13 0x4cac29 in cmd_main /home/ahunt/oss-fuzz/git/git.c:902:19 #14 0x69c45e in main /home/ahunt/oss-fuzz/git/common-main.c:52:11 #15 0x7f6a459d5349 in __libc_start_main (/lib64/libc.so.6+0x24349) Direct leak of 105 byte(s) in 1 object(s) allocated from: #0 0x49a859 in realloc /home/abuild/rpmbuild/BUILD/llvm-11.0.0.src/build/../projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:164:3 #1 0x9a71f6 in xrealloc /home/ahunt/oss-fuzz/git/wrapper.c:126:8 #2 0x93622d in strbuf_grow /home/ahunt/oss-fuzz/git/strbuf.c:98:2 #3 0x937a73 in strbuf_addch /home/ahunt/oss-fuzz/git/./strbuf.h:231:3 #4 0x939fcd in strbuf_add_absolute_path /home/ahunt/oss-fuzz/git/strbuf.c:911:4 #5 0x69d3ce in absolute_pathdup /home/ahunt/oss-fuzz/git/abspath.c:261:2 #6 0x51c688 in cmd_clone /home/ahunt/oss-fuzz/git/builtin/clone.c:1021:10 #7 0x4cd60d in run_builtin /home/ahunt/oss-fuzz/git/git.c:453:11 #8 0x4cb2da in handle_builtin /home/ahunt/oss-fuzz/git/git.c:704:3 #9 0x4ccc37 in run_argv /home/ahunt/oss-fuzz/git/git.c:771:4 #10 0x4cac29 in cmd_main /home/ahunt/oss-fuzz/git/git.c:902:19 #11 0x69c45e in main /home/ahunt/oss-fuzz/git/common-main.c:52:11 #12 0x7f6a459d5349 in __libc_start_main (/lib64/libc.so.6+0x24349) Signed-off-by: Andrzej Hunt --- builtin/clone.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/builtin/clone.c b/builtin/clone.c index 51e844a2de0a..952fe3d8fc88 100644 --- a/builtin/clone.c +++ b/builtin/clone.c @@ -964,10 +964,10 @@ int cmd_clone(int argc, const char **argv, const char *prefix) { int is_bundle = 0, is_local; const char *repo_name, *repo, *work_tree, *git_dir; - char *path, *dir, *display_repo = NULL; + char *path = NULL, *dir, *display_repo = NULL; int dest_exists, real_dest_exists = 0; const struct ref *refs, *remote_head; - const struct ref *remote_head_points_at; + struct ref *remote_head_points_at = NULL; const struct ref *our_head_points_at; struct ref *mapped_refs; const struct ref *ref; @@ -1017,9 +1017,10 @@ int cmd_clone(int argc, const char **argv, const char *prefix) repo_name = argv[0]; path = get_repo_path(repo_name, &is_bundle); - if (path) + if (path) { + FREE_AND_NULL(path); repo = absolute_pathdup(repo_name); - else if (strchr(repo_name, ':')) { + } else if (strchr(repo_name, ':')) { repo = repo_name; display_repo = transport_anonymize_url(repo); } else @@ -1393,6 +1394,11 @@ int cmd_clone(int argc, const char **argv, const char *prefix) strbuf_release(&reflog_msg); strbuf_release(&branch_top); strbuf_release(&key); + free_refs(mapped_refs); + free_refs(remote_head_points_at); + free(dir); + free(path); + UNLEAK(repo); junk_mode = JUNK_LEAVE_ALL; strvec_clear(&transport_ls_refs_options.ref_prefixes); From patchwork Sun Mar 21 16:58:32 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrzej Hunt X-Patchwork-Id: 12153147 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-12.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0166EC433E2 for ; Sun, 21 Mar 2021 16:59:57 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id BDFF561959 for ; Sun, 21 Mar 2021 16:59:57 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230134AbhCUQ7P (ORCPT ); Sun, 21 Mar 2021 12:59:15 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52658 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230050AbhCUQ6n (ORCPT ); Sun, 21 Mar 2021 12:58:43 -0400 Received: from mail-wm1-x336.google.com (mail-wm1-x336.google.com [IPv6:2a00:1450:4864:20::336]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 887FAC061762 for ; Sun, 21 Mar 2021 09:58:42 -0700 (PDT) Received: by mail-wm1-x336.google.com with SMTP id g25so8199095wmh.0 for ; Sun, 21 Mar 2021 09:58:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=message-id:in-reply-to:references:from:date:subject:fcc :content-transfer-encoding:mime-version:to:cc; bh=dsdlIfBIWjFjjQUFEJkLCxf+5hhOr4wPB3YEkStWjUU=; b=sVBIpX4pKdzvaf2+JXwkFEktW1J0jaDZk/BHVjTT43iiTJOnIXEmhWO9H0nkYynIYR d7q6rZfBUpOnmZqKTRpffzOIe37FfsMtFMSwo/uz3NdCv9XaWYftKUmho0V1Y744iMTQ N+Pe9hmySpM8OFLGfMpejTzsovBeuB2CogPzzLxdMkqnPfZY9ob8rOVSixfqePQDiSx9 F60cCjX+UqCEmEDQt6STqe6bCZ8QYpwW1DpggWgtR4pFwqZKxdphYYeU4z/NtgoCDrvz zWPtYveTOks7OzkYivuTNikSsuqGBMJoWokVHKXc6HOaDe2woidkGrUPDXxN8iVD2D5/ PjMw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:message-id:in-reply-to:references:from:date :subject:fcc:content-transfer-encoding:mime-version:to:cc; bh=dsdlIfBIWjFjjQUFEJkLCxf+5hhOr4wPB3YEkStWjUU=; b=VPTKRIdkE5q1uKP+CslFxfuxdT07byj06Oht3wsF+wOHFwqyby2TlM0dBbpO8702ov ZCC4CVSP07o4v30Z5gmYqpFPzMz94TkrIRiQeCMCkEQMBCHp3NsjoUnCsQCVda96xW73 p0dpe1rAGNMzbs3ryoVF/PDRt7oZwUnCPe2QKzr4+mviCZL3WK9scGbTmX4fbZ3zPbeW xcRbPHJXXbEfVwKpAjo6Go9VLgnGFuHxZDZMsPMsJU2qaWX5q0jenuWJTW+108A4Rh3R GCJ2nPB9TjgmsxfHkcWlRxTQ3Sqe1ZPpMsnsDLP80GVxIrc0Q1epmdYaOUg/C3rRCD1h 6EoA== X-Gm-Message-State: AOAM5315+CvdP5g/FXLBav8tEyrunt9eB2eR7S23VXTfgZo3VSo29hS2 AymtOLGJ9367hCSHvO4Y9K1cx9vuPcY= X-Google-Smtp-Source: ABdhPJxIjrI1xsGlshx7VWKxbV+iDvdWzWpNnVxFNb8c1YQiBIBCde7+l4hhb+IQHMdaU6h3gGl+Uw== X-Received: by 2002:a7b:cd8f:: with SMTP id y15mr12623662wmj.185.1616345921326; Sun, 21 Mar 2021 09:58:41 -0700 (PDT) Received: from [127.0.0.1] ([13.74.141.28]) by smtp.gmail.com with ESMTPSA id q19sm17835567wrg.80.2021.03.21.09.58.40 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 21 Mar 2021 09:58:41 -0700 (PDT) Message-Id: <963f291d53444243c5ed183815729cefaceab323.1616345918.git.gitgitgadget@gmail.com> In-Reply-To: References: Date: Sun, 21 Mar 2021 16:58:32 +0000 Subject: [PATCH v3 4/9] worktree: fix leak in dwim_branch() Fcc: Sent MIME-Version: 1.0 To: git@vger.kernel.org Cc: Eric Sunshine , Martin =?utf-8?b?w4VncmVu?= , Andrzej Hunt , Andrzej Hunt Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org From: Andrzej Hunt From: Andrzej Hunt Make sure that we release the temporary strbuf during dwim_branch() for all codepaths (and not just for the early return). This leak appears to have been introduced in: f60a7b763f (worktree: teach "add" to check out existing branches, 2018-04-24) Note that UNLEAK(branchname) is still needed: the returned result is used in add(), and is stored in a pointer which is used to point at one of: - a string literal ("HEAD") - member of argv (whatever the user specified in their invocation) - or our newly allocated string returned from dwim_branch() Fixing the branchname leak isn't impossible, but does not seem worthwhile given that add() is called directly from cmd_main(), and cmd_main() returns immediately thereafter - UNLEAK is good enough. This leak was found when running t0001 with LSAN, see also LSAN output below: Direct leak of 60 byte(s) in 1 object(s) allocated from: #0 0x49a859 in realloc /home/abuild/rpmbuild/BUILD/llvm-11.0.0.src/build/../projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:164:3 #1 0x9ab076 in xrealloc /home/ahunt/oss-fuzz/git/wrapper.c:126:8 #2 0x939fcd in strbuf_grow /home/ahunt/oss-fuzz/git/strbuf.c:98:2 #3 0x93af53 in strbuf_splice /home/ahunt/oss-fuzz/git/strbuf.c:239:3 #4 0x83559a in strbuf_check_branch_ref /home/ahunt/oss-fuzz/git/object-name.c:1593:2 #5 0x6988b9 in dwim_branch /home/ahunt/oss-fuzz/git/builtin/worktree.c:454:20 #6 0x695f8f in add /home/ahunt/oss-fuzz/git/builtin/worktree.c:525:19 #7 0x694a04 in cmd_worktree /home/ahunt/oss-fuzz/git/builtin/worktree.c:1036:10 #8 0x4cd60d in run_builtin /home/ahunt/oss-fuzz/git/git.c:453:11 #9 0x4cb2da in handle_builtin /home/ahunt/oss-fuzz/git/git.c:704:3 #10 0x4ccc37 in run_argv /home/ahunt/oss-fuzz/git/git.c:771:4 #11 0x4cac29 in cmd_main /home/ahunt/oss-fuzz/git/git.c:902:19 #12 0x69caee in main /home/ahunt/oss-fuzz/git/common-main.c:52:11 #13 0x7f7b7dd10349 in __libc_start_main (/lib64/libc.so.6+0x24349) Signed-off-by: Andrzej Hunt --- builtin/worktree.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/builtin/worktree.c b/builtin/worktree.c index 1cd5c2016e3f..b0563aef685f 100644 --- a/builtin/worktree.c +++ b/builtin/worktree.c @@ -446,16 +446,18 @@ static void print_preparing_worktree_line(int detach, static const char *dwim_branch(const char *path, const char **new_branch) { int n; + int branch_exists; const char *s = worktree_basename(path, &n); const char *branchname = xstrndup(s, n); struct strbuf ref = STRBUF_INIT; UNLEAK(branchname); - if (!strbuf_check_branch_ref(&ref, branchname) && - ref_exists(ref.buf)) { - strbuf_release(&ref); + + branch_exists = !strbuf_check_branch_ref(&ref, branchname) && + ref_exists(ref.buf); + strbuf_release(&ref); + if (branch_exists) return branchname; - } *new_branch = branchname; if (guess_remote) { From patchwork Sun Mar 21 16:58:33 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrzej Hunt X-Patchwork-Id: 12153155 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-12.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 17598C433E4 for ; Sun, 21 Mar 2021 16:59:58 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id DA0556194D for ; Sun, 21 Mar 2021 16:59:57 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230131AbhCUQ7N (ORCPT ); Sun, 21 Mar 2021 12:59:13 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52662 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230051AbhCUQ6n (ORCPT ); Sun, 21 Mar 2021 12:58:43 -0400 Received: from mail-wr1-x42c.google.com (mail-wr1-x42c.google.com [IPv6:2a00:1450:4864:20::42c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 146E7C061574 for ; Sun, 21 Mar 2021 09:58:43 -0700 (PDT) Received: by mail-wr1-x42c.google.com with SMTP id x13so14217804wrs.9 for ; Sun, 21 Mar 2021 09:58:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=message-id:in-reply-to:references:from:date:subject:fcc :content-transfer-encoding:mime-version:to:cc; bh=1KBF5N6/UdlX0Uvlr+J/y3JlDuq6Ng41G1ae0vnw04Y=; b=Zrm/cL8gXj6FnBdLAWAWMWbGmEwGDj0Z4k4FNFK0eBEmWUBDpC7bwLSJ5CroxEj3XU uz637ltKXz8ci8SXoszD4Q86X5K0g1jBPZBXR6sb4lwUeMxZn7ASoRiLp6l/KTgcpwDW GJH+PzuFE9y77UUDclsOHWSF46BD5++wM7WuR0LSWkSG4IEitwyRep+6ldxhNjbviSzt Mesy3Gsw4tE/dh/QGIJKZ9eq0HakaKUUwmRsdvrTokJfmwijhtMnJKlgJjMWNWEVN3tM gUghRQE+9EoTvhXBJ+4sTzlYEwWQ0AGfVL6Ou96MCFkD+Oku+YDPqsqMNmx9lIkPWCH6 RieA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:message-id:in-reply-to:references:from:date :subject:fcc:content-transfer-encoding:mime-version:to:cc; bh=1KBF5N6/UdlX0Uvlr+J/y3JlDuq6Ng41G1ae0vnw04Y=; b=B20XZCBjAsF0MMlS7JYCmIWk3BVYM5h9dks1cp9FZlDu4kVbHOGVEgLl5VXTkeOhET RXMmvdnzueM/p8P3Ol9/O2dp+HugFvt4O3iwJY+d1ShDuG5GJPflCyYvb2NqeZXSNPsG ggT/DkZLvey/3yvG0uAjRtHk1eL5MWCCbpExrHi8m+Q+UlYR9cECquqLkI3IL/NhQSY4 Yu3POtoGz8pnBYVgQ+XiC/X4FMcObX/CPB+J3z25jjfNe0qyiUDWo5YshdHOKE4RxhL6 RBsH1xptZA7gpMSUxJ606GKMag20qkUiSTOHnvVBMZbniQyEthn3DxAP7ZjfwdaC574u 3ntQ== X-Gm-Message-State: AOAM533FK93dV5HwnVbH8EtNja1StMKk9uMXOzILL8D17zCJaiUmJNjx wAnmLsIYHj3akYeuYPUFWAkn9Kcwc/k= X-Google-Smtp-Source: ABdhPJyR9W328Iu3WDMCZVUdU9V+UddUDeI6pazO3z98uQ3xZc+YEhEL3qYs+4ITT9pXgFHdBLkaGA== X-Received: by 2002:adf:e60a:: with SMTP id p10mr14361472wrm.291.1616345921884; Sun, 21 Mar 2021 09:58:41 -0700 (PDT) Received: from [127.0.0.1] ([13.74.141.28]) by smtp.gmail.com with ESMTPSA id m17sm17226917wrx.92.2021.03.21.09.58.41 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 21 Mar 2021 09:58:41 -0700 (PDT) Message-Id: In-Reply-To: References: Date: Sun, 21 Mar 2021 16:58:33 +0000 Subject: [PATCH v3 5/9] init: remove git_init_db_config() while fixing leaks Fcc: Sent MIME-Version: 1.0 To: git@vger.kernel.org Cc: Eric Sunshine , Martin =?utf-8?b?w4VncmVu?= , Andrzej Hunt , Andrzej Hunt Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org From: Andrzej Hunt From: Andrzej Hunt The primary goal of this change is to stop leaking init_db_template_dir. This leak can happen because: 1. git_init_db_config() allocates new memory into init_db_template_dir without first freeing the existing value. 2. init_db_template_dir might already contain data, either because: 2.1 git_config() can be invoked twice with this callback in a single process - at least 2 allocations are likely. 2.2 A single git_config() allocation can invoke the callback multiple times for a given key (see further explanation in the function docs) - each of those calls will trigger another leak. The simplest fix for the leak would be to free(init_db_template_dir) before overwriting it. Instead we choose to convert to fetching init.templatedir via git_config_get_value() as that is more explicit, more efficient, and avoids allocations (the returned result is owned by the config cache, so we aren't responsible for freeing it). If we remove init_db_template_dir, git_init_db_config() ends up being responsible only for forwarding core.* config values to platform_core_config(). However platform_core_config() already ignores non-core.* config values, so we can safely remove git_init_db_config() and invoke git_config() directly with platform_core_config() as the callback. The platform_core_config forwarding was originally added in: 287853392a (mingw: respect core.hidedotfiles = false in git-init again, 2019-03-11 And I suspect the potential for a leak existed since the original implementation of git_init_db_config in: 90b45187ba (Add `init.templatedir` configuration variable., 2010-02-17) LSAN output from t0001: Direct leak of 73 byte(s) in 1 object(s) allocated from: #0 0x49a859 in realloc /home/abuild/rpmbuild/BUILD/llvm-11.0.0.src/build/../projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:164:3 #1 0x9a7276 in xrealloc /home/ahunt/oss-fuzz/git/wrapper.c:126:8 #2 0x9362ad in strbuf_grow /home/ahunt/oss-fuzz/git/strbuf.c:98:2 #3 0x936eaa in strbuf_add /home/ahunt/oss-fuzz/git/strbuf.c:295:2 #4 0x868112 in strbuf_addstr /home/ahunt/oss-fuzz/git/./strbuf.h:304:2 #5 0x86a8ad in expand_user_path /home/ahunt/oss-fuzz/git/path.c:758:2 #6 0x720bb1 in git_config_pathname /home/ahunt/oss-fuzz/git/config.c:1287:10 #7 0x5960e2 in git_init_db_config /home/ahunt/oss-fuzz/git/builtin/init-db.c:161:11 #8 0x7255b8 in configset_iter /home/ahunt/oss-fuzz/git/config.c:1982:7 #9 0x7253fc in repo_config /home/ahunt/oss-fuzz/git/config.c:2311:2 #10 0x725ca7 in git_config /home/ahunt/oss-fuzz/git/config.c:2399:2 #11 0x593e8d in create_default_files /home/ahunt/oss-fuzz/git/builtin/init-db.c:225:2 #12 0x5935c6 in init_db /home/ahunt/oss-fuzz/git/builtin/init-db.c:449:11 #13 0x59588e in cmd_init_db /home/ahunt/oss-fuzz/git/builtin/init-db.c:714:9 #14 0x4cd60d in run_builtin /home/ahunt/oss-fuzz/git/git.c:453:11 #15 0x4cb2da in handle_builtin /home/ahunt/oss-fuzz/git/git.c:704:3 #16 0x4ccc37 in run_argv /home/ahunt/oss-fuzz/git/git.c:771:4 #17 0x4cac29 in cmd_main /home/ahunt/oss-fuzz/git/git.c:902:19 #18 0x69c4de in main /home/ahunt/oss-fuzz/git/common-main.c:52:11 #19 0x7f23552d6349 in __libc_start_main (/lib64/libc.so.6+0x24349) Signed-off-by: Andrzej Hunt --- builtin/init-db.c | 28 +++++++--------------------- 1 file changed, 7 insertions(+), 21 deletions(-) diff --git a/builtin/init-db.c b/builtin/init-db.c index dcc45bef5148..d31dbc883746 100644 --- a/builtin/init-db.c +++ b/builtin/init-db.c @@ -25,7 +25,6 @@ static int init_is_bare_repository = 0; static int init_shared_repository = -1; -static const char *init_db_template_dir; static void copy_templates_1(struct strbuf *path, struct strbuf *template_path, DIR *dir) @@ -94,7 +93,7 @@ static void copy_templates_1(struct strbuf *path, struct strbuf *template_path, } } -static void copy_templates(const char *template_dir) +static void copy_templates(const char *template_dir, const char *init_template_dir) { struct strbuf path = STRBUF_INIT; struct strbuf template_path = STRBUF_INIT; @@ -107,7 +106,7 @@ static void copy_templates(const char *template_dir) if (!template_dir) template_dir = getenv(TEMPLATE_DIR_ENVIRONMENT); if (!template_dir) - template_dir = init_db_template_dir; + template_dir = init_template_dir; if (!template_dir) template_dir = to_free = system_path(DEFAULT_GIT_TEMPLATE_DIR); if (!template_dir[0]) { @@ -154,17 +153,6 @@ static void copy_templates(const char *template_dir) clear_repository_format(&template_format); } -static int git_init_db_config(const char *k, const char *v, void *cb) -{ - if (!strcmp(k, "init.templatedir")) - return git_config_pathname(&init_db_template_dir, k, v); - - if (starts_with(k, "core.")) - return platform_core_config(k, v, cb); - - return 0; -} - /* * If the git_dir is not directly inside the working tree, then git will not * find it by default, and we need to set the worktree explicitly. @@ -212,10 +200,7 @@ static int create_default_files(const char *template_path, int reinit; int filemode; struct strbuf err = STRBUF_INIT; - - /* Just look for `init.templatedir` */ - init_db_template_dir = NULL; /* re-set in case it was set before */ - git_config(git_init_db_config, NULL); + const char *init_template_dir = NULL; /* * First copy the templates -- we might have the default @@ -226,7 +211,8 @@ static int create_default_files(const char *template_path, * values (since we've just potentially changed what's available on * disk). */ - copy_templates(template_path); + git_config_get_value("init.templatedir", &init_template_dir); + copy_templates(template_path, init_template_dir); git_config_clear(); reset_shared_repository(); git_config(git_default_config, NULL); @@ -422,8 +408,8 @@ int init_db(const char *git_dir, const char *real_git_dir, } startup_info->have_repository = 1; - /* Just look for `core.hidedotfiles` */ - git_config(git_init_db_config, NULL); + /* Ensure `core.hidedotfiles` is processed */ + git_config(platform_core_config, NULL); safe_create_dir(git_dir, 0); From patchwork Sun Mar 21 16:58:34 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrzej Hunt X-Patchwork-Id: 12153153 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-12.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 425CEC433E6 for ; Sun, 21 Mar 2021 16:59:58 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id EE02E6194F for ; Sun, 21 Mar 2021 16:59:57 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230140AbhCUQ7Q (ORCPT ); Sun, 21 Mar 2021 12:59:16 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52664 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230053AbhCUQ6n (ORCPT ); Sun, 21 Mar 2021 12:58:43 -0400 Received: from mail-wm1-x329.google.com (mail-wm1-x329.google.com [IPv6:2a00:1450:4864:20::329]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8704CC061762 for ; Sun, 21 Mar 2021 09:58:43 -0700 (PDT) Received: by mail-wm1-x329.google.com with SMTP id g20so8167111wmk.3 for ; Sun, 21 Mar 2021 09:58:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=message-id:in-reply-to:references:from:date:subject:fcc :content-transfer-encoding:mime-version:to:cc; bh=GagUwiP0HL+zZ0S6XbUDvsJLMDayoR/u1iElHCEGZxE=; b=OXJGBX7zz39V5upBoQPgBB2QgQ0GEwFRzpKcz+r833R55F4kseZJm2McQiUajA0F1p j5FneX+KyGmHuGO7hHOAn81+wXX9yI44bIpE3+drIhjYbm5C3v808stJ/nIGes8l611r plYoJjiC7uumJZZcgexVlRD0H7uQ004KBpE4WgeHz4TRp7UA6IJM0wSt0W7FXwz+H862 aujA7aC77ihSJrQr5QzdMefexlvCLVyYEtcPngWQ79dTLO1UQHq/donBT+h4HHYmyrEJ dwibbjKQdyCCLWmTjZc3HZDk0AFq5ch6Q2ODYwnTif/Sp5ekzy7lGDttWHp56Ger1HzH kWBQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:message-id:in-reply-to:references:from:date :subject:fcc:content-transfer-encoding:mime-version:to:cc; bh=GagUwiP0HL+zZ0S6XbUDvsJLMDayoR/u1iElHCEGZxE=; b=GeQxXlPFN/bzL93UwYq7uZcLxSQ0bOruWPBsJlH0edocPGmD9nXH0a8VU8nv3S8VaA PJudrSA8osZ/4WV7QfxP7G+M0JTHg6oRdGyp2SqbUHDBQpuyKo99v2/INFswmeOA9PvJ mYCOcymYi7ys4YMIzxPS2rbxqN/5fNwtHvnZr0VkYwR18nFYHLYbCWlAEDePc2kmaEYc dcZczH3oZoxzSVh9zBRmTdqgWfjwd7BPX8OqJ82m1B8wuouak5JZCnTCkCCD0C4tr2Cg 1DUlStjpnxqBKx9UpNLjkAZNjfI1FjONy9LdHZNnccXIqbS+pVD1iEW6f+a+H66TFaK7 xVuQ== X-Gm-Message-State: AOAM531eaYp4fnq1w06M87HkAtiXYNvBKkebktQ98WD6m1gIcuMEEGLG Qu3DpzvnkAaoQRr1j/h/hyZEdpRz8dI= X-Google-Smtp-Source: ABdhPJzyimHPluVRl0xovBbw0WY+KLofgVavGnH8XqCdzofIrxIRX/zxGBLVOk6uxzjBMXvQ22pVzA== X-Received: by 2002:a05:600c:4f03:: with SMTP id l3mr12563369wmq.149.1616345922374; Sun, 21 Mar 2021 09:58:42 -0700 (PDT) Received: from [127.0.0.1] ([13.74.141.28]) by smtp.gmail.com with ESMTPSA id g15sm13315538wmq.31.2021.03.21.09.58.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 21 Mar 2021 09:58:42 -0700 (PDT) Message-Id: <953cc8f29885305bed1690caf5e1169d7f08fd2a.1616345918.git.gitgitgadget@gmail.com> In-Reply-To: References: Date: Sun, 21 Mar 2021 16:58:34 +0000 Subject: [PATCH v3 6/9] init-db: silence template_dir leak when converting to absolute path Fcc: Sent MIME-Version: 1.0 To: git@vger.kernel.org Cc: Eric Sunshine , Martin =?utf-8?b?w4VncmVu?= , Andrzej Hunt , Andrzej Hunt Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org From: Andrzej Hunt From: Andrzej Hunt template_dir starts off pointing to either argv or nothing. However if the value supplied in argv is a relative path, absolute_pathdup() is used to turn it into an absolute path. absolute_pathdup() allocates a new string, and we then "leak" it when cmd_init_db() completes. We don't bother to actually free the return value (instead we UNLEAK it), because there's no significant advantage to doing so here. Correctly freeing it would require more significant changes to code flow which would be more noisy than beneficial. Signed-off-by: Andrzej Hunt --- builtin/init-db.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/builtin/init-db.c b/builtin/init-db.c index d31dbc883746..efc66523e22c 100644 --- a/builtin/init-db.c +++ b/builtin/init-db.c @@ -561,8 +561,10 @@ int cmd_init_db(int argc, const char **argv, const char *prefix) if (real_git_dir && !is_absolute_path(real_git_dir)) real_git_dir = real_pathdup(real_git_dir, 1); - if (template_dir && *template_dir && !is_absolute_path(template_dir)) + if (template_dir && *template_dir && !is_absolute_path(template_dir)) { template_dir = absolute_pathdup(template_dir); + UNLEAK(template_dir); + } if (argc == 1) { int mkdir_tried = 0; From patchwork Sun Mar 21 16:58:35 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrzej Hunt X-Patchwork-Id: 12153151 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-12.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2E8DCC433E3 for ; Sun, 21 Mar 2021 16:59:58 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 1508361920 for ; Sun, 21 Mar 2021 16:59:58 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230137AbhCUQ7P (ORCPT ); Sun, 21 Mar 2021 12:59:15 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52670 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230060AbhCUQ6o (ORCPT ); Sun, 21 Mar 2021 12:58:44 -0400 Received: from mail-wr1-x42d.google.com (mail-wr1-x42d.google.com [IPv6:2a00:1450:4864:20::42d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0CAFDC061574 for ; Sun, 21 Mar 2021 09:58:44 -0700 (PDT) Received: by mail-wr1-x42d.google.com with SMTP id x13so14217830wrs.9 for ; Sun, 21 Mar 2021 09:58:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=message-id:in-reply-to:references:from:date:subject:fcc :content-transfer-encoding:mime-version:to:cc; bh=+9wIkNaZUclrgqntftFA9bP3wLy769DmOL70Y+eUFk8=; b=HH6lYJHmRXbKU5TEX6VcSBw/OpzhlSDFhdp5aoGAJw4/c8Ply/2JjqrCWEll7IVbBs sz+QiCQ5COunBUBRhA1FF+29P0QinJvU62qn9c4npEPB9o2l14PSrj5I8V30Afjo/rK5 JHFM3QgfJ5dxpMRX7TTTvWBuXECtd8n83BU7O9/aRHBc2OszgOQbPkyt/ouNVPKCDiCE 3ydoGaba+CUNYimDsiDF/nUwjNRRMUMKEyzmnTg5mApt0uburU0gC/FY/SpFjqEx+eDt 1WUE8tbZKmCC8osTLkJC2liFqhMZjm/TAOP/LC8xhW4Nw3ZNtCnQ2u6qrsTCIEVtl0BJ 27UA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:message-id:in-reply-to:references:from:date :subject:fcc:content-transfer-encoding:mime-version:to:cc; bh=+9wIkNaZUclrgqntftFA9bP3wLy769DmOL70Y+eUFk8=; b=lhLnh1DJXaYuWC9jGElb/5DiA6XchOPIyxn8vsH6Qoo9wv56/wCxry/jIJxOV+LkDg 5PHtiZuy4GZxQOTL1Y0WEeQm7CPy5lqBgqp82fKWftlmJUTGJ9wHgglD779hXxC+ttmS TQAw0fqGOWN7Ez64u50FzBRPmrxMDYeIalfIc+ZSGNB4gliyUGKwCHeitROKBtRmw/BV hlDkqfGUPhqkqBHBVTR/Rblpd0hB+2ixCWwARaeFCO53cJZFZbhQFYXABJLhZTjdKm5D Czwa/OWvddg/xevQzUBlrWuNFrnH+SkkxenQJ9Q4dpOfX5BdZdLXoGgbnGdvgPVpb9DB Xl5A== X-Gm-Message-State: AOAM533yMORVxnkprxsED1mpmqWnmoJkpH03U1Eyvx40YMNr9WI2FOmX nl9X/Ywo6DCjbEDX6JLifqferrYRR4o= X-Google-Smtp-Source: ABdhPJx+T2AuXRstlfJhJBhKjdeWmGZkbLQuwIK0IVj8ayn1GQBoFkia8/KvZi3HFtIlQqIdggtcnQ== X-Received: by 2002:a5d:5744:: with SMTP id q4mr14706596wrw.390.1616345922889; Sun, 21 Mar 2021 09:58:42 -0700 (PDT) Received: from [127.0.0.1] ([13.74.141.28]) by smtp.gmail.com with ESMTPSA id g11sm16507188wrw.89.2021.03.21.09.58.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 21 Mar 2021 09:58:42 -0700 (PDT) Message-Id: In-Reply-To: References: Date: Sun, 21 Mar 2021 16:58:35 +0000 Subject: [PATCH v3 7/9] parse-options: convert bitfield values to use binary shift Fcc: Sent MIME-Version: 1.0 To: git@vger.kernel.org Cc: Eric Sunshine , Martin =?utf-8?b?w4VncmVu?= , Andrzej Hunt , Andrzej Hunt Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org From: Andrzej Hunt From: Andrzej Hunt Because it's easier to read, but also likely to be easier to maintain. I am making this change because I need to add a new flag in a later commit. Also add a trailing comma to the last enum entry to simplify addition of new flags. This change was originally suggested by Peff in: https://public-inbox.org/git/YEZ%2FBWWbpfVwl6nO@coredump.intra.peff.net/ Signed-off-by: Andrzej Hunt --- parse-options.h | 34 +++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/parse-options.h b/parse-options.h index ff6506a50470..f2ddef18f7b0 100644 --- a/parse-options.h +++ b/parse-options.h @@ -28,26 +28,26 @@ enum parse_opt_type { }; enum parse_opt_flags { - PARSE_OPT_KEEP_DASHDASH = 1, - PARSE_OPT_STOP_AT_NON_OPTION = 2, - PARSE_OPT_KEEP_ARGV0 = 4, - PARSE_OPT_KEEP_UNKNOWN = 8, - PARSE_OPT_NO_INTERNAL_HELP = 16, - PARSE_OPT_ONE_SHOT = 32 + PARSE_OPT_KEEP_DASHDASH = 1 << 0, + PARSE_OPT_STOP_AT_NON_OPTION = 1 << 1, + PARSE_OPT_KEEP_ARGV0 = 1 << 2, + PARSE_OPT_KEEP_UNKNOWN = 1 << 3, + PARSE_OPT_NO_INTERNAL_HELP = 1 << 4, + PARSE_OPT_ONE_SHOT = 1 << 5, }; enum parse_opt_option_flags { - PARSE_OPT_OPTARG = 1, - PARSE_OPT_NOARG = 2, - PARSE_OPT_NONEG = 4, - PARSE_OPT_HIDDEN = 8, - PARSE_OPT_LASTARG_DEFAULT = 16, - PARSE_OPT_NODASH = 32, - PARSE_OPT_LITERAL_ARGHELP = 64, - PARSE_OPT_SHELL_EVAL = 256, - PARSE_OPT_NOCOMPLETE = 512, - PARSE_OPT_COMP_ARG = 1024, - PARSE_OPT_CMDMODE = 2048 + PARSE_OPT_OPTARG = 1 << 0, + PARSE_OPT_NOARG = 1 << 1, + PARSE_OPT_NONEG = 1 << 2, + PARSE_OPT_HIDDEN = 1 << 3, + PARSE_OPT_LASTARG_DEFAULT = 1 << 4, + PARSE_OPT_NODASH = 1 << 5, + PARSE_OPT_LITERAL_ARGHELP = 1 << 6, + PARSE_OPT_SHELL_EVAL = 1 << 8, + PARSE_OPT_NOCOMPLETE = 1 << 9, + PARSE_OPT_COMP_ARG = 1 << 10, + PARSE_OPT_CMDMODE = 1 << 11, }; enum parse_opt_result { From patchwork Sun Mar 21 16:58:36 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrzej Hunt X-Patchwork-Id: 12153159 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-12.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 64785C433E5 for ; Sun, 21 Mar 2021 16:59:58 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 391266195F for ; Sun, 21 Mar 2021 16:59:58 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230150AbhCUQ7R (ORCPT ); Sun, 21 Mar 2021 12:59:17 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52672 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230094AbhCUQ6o (ORCPT ); Sun, 21 Mar 2021 12:58:44 -0400 Received: from mail-wr1-x430.google.com (mail-wr1-x430.google.com [IPv6:2a00:1450:4864:20::430]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 86223C061762 for ; Sun, 21 Mar 2021 09:58:44 -0700 (PDT) Received: by mail-wr1-x430.google.com with SMTP id o16so14240792wrn.0 for ; Sun, 21 Mar 2021 09:58:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=message-id:in-reply-to:references:from:date:subject:fcc :content-transfer-encoding:mime-version:to:cc; bh=s3sylX8C/0CkY7T2dJl90yJrHQwgZE3ujpf8j+jlFYk=; b=XawBAEl12BMS4rOYDYjw80kgjTmJq9aFjTlDtg8krCjBjXQhSCksZXdQTcoj/8HF9K 6pJ7X8AJHp5iB1QIF8fJFmOOjD2D39c8JAu0BbdSeeaZ/mbckkVxqCL0YX9T3bgGZiBk jpdOKP8vwowiZKRXdIV2QBYZVH59+WbecuqNXPRMNV2IvQiMVijrKXkOxF1H5gt7fSDN 0veqRJFxNmLf5513AkC4rYds4W8MwVTgSAM6od3KoekVLyvhy5/TF6icQwlDWjpZ0Eq7 LBI/MqxnM0hiLKGWfmExZZSB4IiTVTr0OwZUnVVzBEIcu8B0OKCO+4f+772FPHPt6hdg xsyQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:message-id:in-reply-to:references:from:date :subject:fcc:content-transfer-encoding:mime-version:to:cc; bh=s3sylX8C/0CkY7T2dJl90yJrHQwgZE3ujpf8j+jlFYk=; b=Ir/R6ZDWwB46opbm7TDYambYventFJpAQZdKXi/7Mucm40rNLvQSB064HjtQiCTfHz wNLb/IvpAQkm27GvrXFMFaUEfIcK4+AEROmZsqM/LyPEceLECq6WrDPdFD4Y4M4G3HaM hlf+T8z8KGHz4NGb3AGiB8tB11RDqX5uv6bl+4nviKYfDwt4tX7E1E+rfu0tXj24lmNe xK+fdVsdFTp9H1wI3x5zLtQSGxkTLRx5gZqgzg2vqUUR/sdRgu4alCKPGGebdLJOU64s EPkF2TsnqPUb6YBJSOwtLxfjVYOdebN7bq6IY73c/jYzgk55FGdpWpuVUxw8zMeaA5Jx myNA== X-Gm-Message-State: AOAM533T3M22VuMAzAFCDbc01wd7rraVQQJa6CU51t0PmoK6pId4x5Pk 45rHrIFql/sDQYz9mvotaZI/1RmN40U= X-Google-Smtp-Source: ABdhPJwj0EyRX2fVzv6/6VUMOeaXdKRRG6vZzM70KqBr+oHdQ3BnZ8RcG4RxyObDrihRB3dX/i7HKA== X-Received: by 2002:a05:6000:124f:: with SMTP id j15mr14341037wrx.263.1616345923389; Sun, 21 Mar 2021 09:58:43 -0700 (PDT) Received: from [127.0.0.1] ([13.74.141.28]) by smtp.gmail.com with ESMTPSA id s83sm14291566wmf.26.2021.03.21.09.58.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 21 Mar 2021 09:58:43 -0700 (PDT) Message-Id: <6e46cd332023a579ab0b4c682111c085a634dafb.1616345918.git.gitgitgadget@gmail.com> In-Reply-To: References: Date: Sun, 21 Mar 2021 16:58:36 +0000 Subject: [PATCH v3 8/9] parse-options: don't leak alias help messages Fcc: Sent MIME-Version: 1.0 To: git@vger.kernel.org Cc: Eric Sunshine , Martin =?utf-8?b?w4VncmVu?= , Andrzej Hunt , Andrzej Hunt Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org From: Andrzej Hunt From: Andrzej Hunt preprocess_options() allocates new strings for help messages for OPTION_ALIAS. Therefore we also need to clean those help messages up when freeing the returned options. First introduced in: 7c280589cf (parse-options: teach "git cmd -h" to show alias as alias, 2020-03-16) The preprocessed options themselves no longer contain any indication that a given option is/was an alias - therefore we add a new flag to indicate former aliases. (An alternative approach would be to look back at the original options to determine which options are aliases - but that seems like a fragile approach. Or we could even look at the alias_groups list - which might be less fragile, but would be slower as it requires nested looping.) As far as I can tell, parse_options() is only ever used once per command, and the help messages are small - hence this leak has very little impact. This leak was found while running t0001. LSAN output can be found below: Direct leak of 65 byte(s) in 1 object(s) allocated from: #0 0x49a859 in realloc /home/abuild/rpmbuild/BUILD/llvm-11.0.0.src/build/../projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:164:3 #1 0x9aae36 in xrealloc /home/ahunt/oss-fuzz/git/wrapper.c:126:8 #2 0x939d8d in strbuf_grow /home/ahunt/oss-fuzz/git/strbuf.c:98:2 #3 0x93b936 in strbuf_vaddf /home/ahunt/oss-fuzz/git/strbuf.c:392:3 #4 0x93b7ff in strbuf_addf /home/ahunt/oss-fuzz/git/strbuf.c:333:2 #5 0x86747e in preprocess_options /home/ahunt/oss-fuzz/git/parse-options.c:666:3 #6 0x866ed2 in parse_options /home/ahunt/oss-fuzz/git/parse-options.c:847:17 #7 0x51c4a7 in cmd_clone /home/ahunt/oss-fuzz/git/builtin/clone.c:989:9 #8 0x4cd60d in run_builtin /home/ahunt/oss-fuzz/git/git.c:453:11 #9 0x4cb2da in handle_builtin /home/ahunt/oss-fuzz/git/git.c:704:3 #10 0x4ccc37 in run_argv /home/ahunt/oss-fuzz/git/git.c:771:4 #11 0x4cac29 in cmd_main /home/ahunt/oss-fuzz/git/git.c:902:19 #12 0x69c9fe in main /home/ahunt/oss-fuzz/git/common-main.c:52:11 #13 0x7fdac42d4349 in __libc_start_main (/lib64/libc.so.6+0x24349) Signed-off-by: Andrzej Hunt --- parse-options.c | 19 ++++++++++++++++++- parse-options.h | 1 + 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/parse-options.c b/parse-options.c index fbea16eaf5c2..e6f56768ca5d 100644 --- a/parse-options.c +++ b/parse-options.c @@ -625,6 +625,8 @@ static int show_gitcomp(const struct option *opts, int show_all) * * Right now this is only used to preprocess and substitute * OPTION_ALIAS. + * + * The returned options should be freed using free_preprocessed_options. */ static struct option *preprocess_options(struct parse_opt_ctx_t *ctx, const struct option *options) @@ -678,6 +680,7 @@ static struct option *preprocess_options(struct parse_opt_ctx_t *ctx, newopt[i].short_name = short_name; newopt[i].long_name = long_name; newopt[i].help = strbuf_detach(&help, NULL); + newopt[i].flags |= PARSE_OPT_FROM_ALIAS; break; } @@ -693,6 +696,20 @@ static struct option *preprocess_options(struct parse_opt_ctx_t *ctx, return newopt; } +static void free_preprocessed_options(struct option *options) +{ + int i; + + if (!options) + return; + + for (i = 0; options[i].type != OPTION_END; i++) { + if (options[i].flags & PARSE_OPT_FROM_ALIAS) + free((void *)options[i].help); + } + free(options); +} + static int usage_with_options_internal(struct parse_opt_ctx_t *, const char * const *, const struct option *, int, int); @@ -870,7 +887,7 @@ int parse_options(int argc, const char **argv, const char *prefix, } precompose_argv_prefix(argc, argv, NULL); - free(real_options); + free_preprocessed_options(real_options); free(ctx.alias_groups); return parse_options_end(&ctx); } diff --git a/parse-options.h b/parse-options.h index f2ddef18f7b0..a845a9d95274 100644 --- a/parse-options.h +++ b/parse-options.h @@ -44,6 +44,7 @@ enum parse_opt_option_flags { PARSE_OPT_LASTARG_DEFAULT = 1 << 4, PARSE_OPT_NODASH = 1 << 5, PARSE_OPT_LITERAL_ARGHELP = 1 << 6, + PARSE_OPT_FROM_ALIAS = 1 << 7, PARSE_OPT_SHELL_EVAL = 1 << 8, PARSE_OPT_NOCOMPLETE = 1 << 9, PARSE_OPT_COMP_ARG = 1 << 10, From patchwork Sun Mar 21 16:58:37 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrzej Hunt X-Patchwork-Id: 12153157 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-12.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 46167C433E8 for ; Sun, 21 Mar 2021 16:59:58 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 275596195D for ; Sun, 21 Mar 2021 16:59:58 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230145AbhCUQ7R (ORCPT ); Sun, 21 Mar 2021 12:59:17 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52676 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230097AbhCUQ6p (ORCPT ); Sun, 21 Mar 2021 12:58:45 -0400 Received: from mail-wm1-x329.google.com (mail-wm1-x329.google.com [IPv6:2a00:1450:4864:20::329]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0B826C061574 for ; Sun, 21 Mar 2021 09:58:45 -0700 (PDT) Received: by mail-wm1-x329.google.com with SMTP id 12so8163381wmf.5 for ; Sun, 21 Mar 2021 09:58:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=message-id:in-reply-to:references:from:date:subject:fcc :content-transfer-encoding:mime-version:to:cc; bh=w6qLCctNTv8MpxBrRJRL/C5eJlKxXD1cvuh1dptgELc=; b=uDd7vnOVrM79wSEqnIPcff8JrS1lvbMBAr6OXgz0Twzs+tLohuki3af8QOz5n92nwg g6BXZOKPHneK/AKj7dh1EzCvy54zAni/dX2S67wK5xIBRWMaDrCrM1SsYmilMGKDP1oi kUxhi/eCcF4gxHOvmK9IHDg/W/gYnG8Zmd93R29diVHl1ZjnzJbxtIyedfUmSRaoZU/Q E4ACw4SPjx2r5WdhxwPiTZBI59H5cD2V+uY6rLIthQ1TeEfliQxf4IAUrl2vRnOuCHC0 hZn3ioysJuMgH4katLRSGmnxlqs+84A28u7Hz8lIpVdBZQ3Eg8Otk8YjeFZ0OL80Yzo7 IG7Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:message-id:in-reply-to:references:from:date :subject:fcc:content-transfer-encoding:mime-version:to:cc; bh=w6qLCctNTv8MpxBrRJRL/C5eJlKxXD1cvuh1dptgELc=; b=e35+KiypLE6kDrPbAz314YCAxp1KWh9aAAQne0/LsohfjAZ67OZNKLq5k4wJPjMorA B9vbBJYgo2z0nkeML4v09nqaZsV8STdsr7z5ow+yhOeV/Qjl6FSTUAw2rA4ZGvjnDpED feAY/T+d3g07hqWfDJbo3FSspLSA7iKPY63avQqryioCf5jRPEmsMs5jdwMjth+B+JxI RIa+AVj+Y1D2sB/EeuzPmTUp3ZFNzDbeRylUPob+KG9cRNt0ck/o0dbYd6uSXbW3Ri3M rVzYBgjXveKJnEAo5V2JsJvZ8FnkiUphCRsNIEREAHFt6wb6EfB+fxGlfK6XP7ju+1m7 Jzyw== X-Gm-Message-State: AOAM533mXy80DcSDlDx2Wghu4xgSqZZqfnpDd5i11ZKXna5WLS6nTh3u neilVj5uBocfhtaA9lVIXHV6RKf/C74= X-Google-Smtp-Source: ABdhPJzYk3soMqWfeAMFbMrTSkIKFlNBG29cWzrlVQNeJk++wC7F+X82kzXkOUiONWzLJ7GuahhnHg== X-Received: by 2002:a05:600c:203:: with SMTP id 3mr12299995wmi.88.1616345923867; Sun, 21 Mar 2021 09:58:43 -0700 (PDT) Received: from [127.0.0.1] ([13.74.141.28]) by smtp.gmail.com with ESMTPSA id x6sm13891891wmj.32.2021.03.21.09.58.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 21 Mar 2021 09:58:43 -0700 (PDT) Message-Id: <50a2b9693aa37b0907452054cb2ad98f8ecdc910.1616345918.git.gitgitgadget@gmail.com> In-Reply-To: References: Date: Sun, 21 Mar 2021 16:58:37 +0000 Subject: [PATCH v3 9/9] transport: also free remote_refs in transport_disconnect() Fcc: Sent MIME-Version: 1.0 To: git@vger.kernel.org Cc: Eric Sunshine , Martin =?utf-8?b?w4VncmVu?= , Andrzej Hunt , Andrzej Hunt Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org From: Andrzej Hunt From: Andrzej Hunt transport_get_remote_refs() can populate the transport struct's remote_refs. transport_disconnect() is already responsible for most of transport's cleanup - therefore we also take care of freeing remote_refs there. There are 2 locations where transport_disconnect() is called before we're done using the returned remote_refs. This patch changes those callsites to only call transport_disconnect() after the returned refs are no longer being used - which is necessary to safely be able to free remote_refs during transport_disconnect(). This commit fixes the following leak which was found while running t0000, but is expected to also fix the same pattern of leak in all locations that use transport_get_remote_refs(): Direct leak of 165 byte(s) in 1 object(s) allocated from: #0 0x49a6b2 in calloc /home/abuild/rpmbuild/BUILD/llvm-11.0.0.src/build/../projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:154:3 #1 0x9a72f2 in xcalloc /home/ahunt/oss-fuzz/git/wrapper.c:140:8 #2 0x8ce203 in alloc_ref_with_prefix /home/ahunt/oss-fuzz/git/remote.c:867:20 #3 0x8ce1a2 in alloc_ref /home/ahunt/oss-fuzz/git/remote.c:875:9 #4 0x72f63e in process_ref_v2 /home/ahunt/oss-fuzz/git/connect.c:426:8 #5 0x72f21a in get_remote_refs /home/ahunt/oss-fuzz/git/connect.c:525:8 #6 0x979ab7 in handshake /home/ahunt/oss-fuzz/git/transport.c:305:4 #7 0x97872d in get_refs_via_connect /home/ahunt/oss-fuzz/git/transport.c:339:9 #8 0x9774b5 in transport_get_remote_refs /home/ahunt/oss-fuzz/git/transport.c:1388:4 #9 0x51cf80 in cmd_clone /home/ahunt/oss-fuzz/git/builtin/clone.c:1271:9 #10 0x4cd60d in run_builtin /home/ahunt/oss-fuzz/git/git.c:453:11 #11 0x4cb2da in handle_builtin /home/ahunt/oss-fuzz/git/git.c:704:3 #12 0x4ccc37 in run_argv /home/ahunt/oss-fuzz/git/git.c:771:4 #13 0x4cac29 in cmd_main /home/ahunt/oss-fuzz/git/git.c:902:19 #14 0x69c45e in main /home/ahunt/oss-fuzz/git/common-main.c:52:11 #15 0x7f6a459d5349 in __libc_start_main (/lib64/libc.so.6+0x24349) Signed-off-by: Andrzej Hunt --- builtin/ls-remote.c | 4 ++-- builtin/remote.c | 8 ++++---- transport.c | 2 ++ 3 files changed, 8 insertions(+), 6 deletions(-) diff --git a/builtin/ls-remote.c b/builtin/ls-remote.c index abfa9847374f..1794548c7117 100644 --- a/builtin/ls-remote.c +++ b/builtin/ls-remote.c @@ -124,8 +124,6 @@ int cmd_ls_remote(int argc, const char **argv, const char *prefix) int hash_algo = hash_algo_by_ptr(transport_get_hash_algo(transport)); repo_set_hash_algo(the_repository, hash_algo); } - if (transport_disconnect(transport)) - return 1; if (!dest && !quiet) fprintf(stderr, "From %s\n", *remote->url); @@ -151,5 +149,7 @@ int cmd_ls_remote(int argc, const char **argv, const char *prefix) } ref_array_clear(&ref_array); + if (transport_disconnect(transport)) + return 1; return status; } diff --git a/builtin/remote.c b/builtin/remote.c index d11a5589e49d..e31d9c99470e 100644 --- a/builtin/remote.c +++ b/builtin/remote.c @@ -938,9 +938,6 @@ static int get_remote_ref_states(const char *name, struct ref_states *states, int query) { - struct transport *transport; - const struct ref *remote_refs; - states->remote = remote_get(name); if (!states->remote) return error(_("No such remote: '%s'"), name); @@ -948,10 +945,12 @@ static int get_remote_ref_states(const char *name, read_branches(); if (query) { + struct transport *transport; + const struct ref *remote_refs; + transport = transport_get(states->remote, states->remote->url_nr > 0 ? states->remote->url[0] : NULL); remote_refs = transport_get_remote_refs(transport, NULL); - transport_disconnect(transport); states->queried = 1; if (query & GET_REF_STATES) @@ -960,6 +959,7 @@ static int get_remote_ref_states(const char *name, get_head_names(remote_refs, states); if (query & GET_PUSH_REF_STATES) get_push_ref_states(remote_refs, states); + transport_disconnect(transport); } else { for_each_ref(append_ref_to_tracked_list, states); string_list_sort(&states->tracked); diff --git a/transport.c b/transport.c index 1c4ab676d1b1..eb4b2d4e475f 100644 --- a/transport.c +++ b/transport.c @@ -1452,6 +1452,8 @@ int transport_disconnect(struct transport *transport) int ret = 0; if (transport->vtable->disconnect) ret = transport->vtable->disconnect(transport); + if (transport->got_remote_refs) + free_refs((void *)transport->remote_refs); free(transport); return ret; }