From patchwork Sat Dec 28 09:47:05 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Ren=C3=A9_Scharfe?= X-Patchwork-Id: 13922272 Received: from mout.web.de (mout.web.de [212.227.15.14]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6E9834594D for ; Sat, 28 Dec 2024 09:47:10 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=212.227.15.14 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1735379233; cv=none; b=bvJ9LcfvXpRxVGcu7HzJzty2MQzZp8whAMN1YkAoo5ibdYaskTaDNwcDjgzUFfdmxrcjyjdB/w6GUJkJxYVIeEJ4AJvvZpHGeXH6Aw1HUfNXaCDKa/Hov5fVaif0x3mUBtSKR+a6EDaBKFChvwCqBoFAOmQmowkZhPvIY2C1bPo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1735379233; c=relaxed/simple; bh=m39T0hgHpPxdxPW/AwfbmUse/iN+S1VV2c9z99gWSwc=; h=Message-ID:Date:MIME-Version:Subject:From:To:Cc:References: In-Reply-To:Content-Type; b=KmotdAyecVIV1geEC96rE3ehZ/merkRXFyPn4jljxoTWrR8zSRUYX+FZTO+MyBHAVGPaAz4GVR19COcZ+YX4NMLu5qJiSZtASJBtsSX6TPe7ICQVJICouOkECmuIrD6HXilbveJps/oVnhCG29KsUoExpx+dkytzv87RvIzAGI0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=web.de; spf=pass smtp.mailfrom=web.de; dkim=pass (2048-bit key) header.d=web.de header.i=l.s.r@web.de header.b=YPbEx2Pi; arc=none smtp.client-ip=212.227.15.14 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=web.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=web.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=web.de header.i=l.s.r@web.de header.b="YPbEx2Pi" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=web.de; s=s29768273; t=1735379226; x=1735984026; i=l.s.r@web.de; bh=LIv5TvXjvG5dfdh+vX8re0Uwr7Vtc3hrVWgAxRhxb+Y=; h=X-UI-Sender-Class:Message-ID:Date:MIME-Version:Subject:From:To: Cc:References:In-Reply-To:Content-Type:Content-Transfer-Encoding: cc:content-transfer-encoding:content-type:date:from:message-id: mime-version:reply-to:subject:to; b=YPbEx2PiOYD3M+nITpJ88b8PXrD78sgyJKeSqpNYXA48zRCwOx/ussFiO/jzP8a0 dcpbNlzCBlZ5AagP5mmxYQIInKaRCwsfxWUGqRf1bOdYCyswBoS6gW5m77Hwy1gnu vMFtTGA54p6nlRUohuC1OKUqirYvjuBe6tRGT7LS/qXqEC31spBwtwPloQQaorw1J P2k5sgdHJsZMqKxW4Kg+EqoYMCeXjNyKpK9icn09GfxQTta97Fn3DBMISGICw6qg8 zPR1EoMGAYK3clYbrARzXS3Z/ivF6fDtyNEI8nwP5rSaDQmXNcald0Rlc5JKSbr2X /eXYCV2NwYrf9FybFw== X-UI-Sender-Class: 814a7b36-bfc1-4dae-8640-3722d8ec6cd6 Received: from [192.168.178.29] ([79.203.20.45]) by smtp.web.de (mrweb006 [213.165.67.108]) with ESMTPSA (Nemesis) id 1Mfc8y-1u2k653hGa-00bAsM; Sat, 28 Dec 2024 10:47:05 +0100 Message-ID: <2f12efca-8b38-446a-a4a6-f80898275acc@web.de> Date: Sat, 28 Dec 2024 10:47:05 +0100 Precedence: bulk X-Mailing-List: git@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: [PATCH v2 1/4] reftable: avoid leaks on realloc error From: =?utf-8?q?Ren=C3=A9_Scharfe?= To: Git List Cc: Patrick Steinhardt , Junio C Hamano References: <2b9fba8d-be63-4145-9d25-a2151e422cfa@web.de> Content-Language: en-US In-Reply-To: X-Provags-ID: V03:K1:U41/IJkQcYe0zYw/xawCFVbiIDB7aLzq8LI9wd6S/Kzbz8beCmF FhoBJxnoxtUfPN9BcN0klIN+T+BmXc/2XOrFS26rwkjVM+KOcHx0rX/88m7/kcS1dmYukiO Cy12S9JjJ1qOV5Gwku1TZckGbur0bIn+EZpDX9RKw/Qjg2TCWSTUblgzw+5BUKs/0ah1X1v eGIZ0MeeB19YH3Ot1tuYg== X-Spam-Flag: NO UI-OutboundReport: notjunk:1;M01:P0:dCf+VxDGJek=;GJVRk5Jcg9Ws/9Z6lC3lTH7xjU1 1G8dEzTZ6TyUL6lYkepQnWweFkjPh4QC3v4XIUo6ohrgJ3ZhhLa0i9nxbRwBIlWDwUSGwebVO MK08KoS7OuXI36v3FpfCmTkZUY6mt59KPpUDpukdT2SHk4mRVvRzykwQSvQgG53Sft2Wpm0BB XioSAdN53Pn0TqhH/LEFjMoejf0wvqbpeMEARcnvoSzIoFOVMtSahUkm6JDbhjCZ5ij+xbRNh U1n3yS9ez0sUWFxVUhLIzpJGvRu3lUN0UGwYJDkHy2efUIZ4lcEaLfihwpQdVdN0Jwe9J4eCA yn8s184lUl6RbxVGKE+Hf/vAX4RJjaeHI6/wIgOYss1KOj1/46leuBvF/bFZZhJTXYpKB8ovv syeKvQU52n4ttsluD/pVRWmqU0GubPvY0pe72F4gr9y6rsrbc9YsLDO8ykza9I+fJtq7bQRhI 1zxDu6SfHDTmZNxfDiUxfww/srG7g81E8Ry2AKPXY5YYLiIodtH3UcoRcua96Ky+kaz5z1UpP uO/easfKxfR413O1eJwuXek3FSeSL2HMVnMY3YKhzz+xj3Z65gmYhEtOjCA3FTdMunXM0diE6 3ZQxkE3DG/kSpylxHo7XSMM5zChjMh9Oest37Kc5U2ME9pbCzduCn6BYAmmZP9fgNggpYyZxz USrQh3sV8A5RpuQg81l0RUm1mQQBlzAurolLG1aQZpCEY7su18EjalKQAqODFe6rdBUFubz/e RbXHDJ0QuAz5ANmV/RxcmKLlq9oZJXsTTgG50chr6jw/YBlzUbbL9NO+2RuP0Tl5LLvOq3sHB nxHwLOt2lZawshVTE05lIekspc8Gjz5vxbfXtYwh7tV1NYkQrUUFqc357w2U9iDRjcz4A4Wkl ja10oVipnmVKMn7WFQnHXoeLSCB/tf2V3sNmUGhki1NlBIkYZKOI53pFtCPssq4H65t6JiSqd W4U8mEZJ7Jz9ZeqGMStj1PTsscokTJzwJsEt3NpM7JzwPC3huR7cBmQT0ejOwP98j/7WhdkMv w7jS9i5giv/hjqfzGcwccZmlfY/XcEj742okrhfzagz2nhsZ35GPkfa8i1uBvXw24U5lnVbtz 0XSRMx3b0= When realloc(3) fails, it returns NULL and keeps the original allocation intact. REFTABLE_ALLOC_GROW overwrites both the original pointer and the allocation count variable in that case, simultaneously leaking the original allocation and misrepresenting the number of storable items. parse_names() and reftable_buf_add() avoid leaking by restoring the original pointer value on failure, but all other callers seem to be OK with losing the old allocation. Add a new variant of the macro, REFTABLE_ALLOC_GROW_OR_NULL, which plugs the leak and zeros the allocation counter. Use it for those callers. Signed-off-by: René Scharfe --- reftable/basics.h | 10 ++++++++++ reftable/block.c | 10 ++++++---- reftable/pq.c | 2 +- reftable/record.c | 12 ++++++------ reftable/stack.c | 8 +++++--- reftable/writer.c | 5 +++-- t/unit-tests/t-reftable-basics.c | 30 ++++++++++++++++++++++++++++++ 7 files changed, 61 insertions(+), 16 deletions(-) -- 2.47.1 diff --git a/reftable/basics.h b/reftable/basics.h index 36beda2c25..259f4c274c 100644 --- a/reftable/basics.h +++ b/reftable/basics.h @@ -129,6 +129,16 @@ char *reftable_strdup(const char *str); REFTABLE_REALLOC_ARRAY(x, alloc); \ } \ } while (0) + +#define REFTABLE_ALLOC_GROW_OR_NULL(x, nr, alloc) do { \ + void *reftable_alloc_grow_or_null_orig_ptr = (x); \ + REFTABLE_ALLOC_GROW((x), (nr), (alloc)); \ + if (!(x)) { \ + reftable_free(reftable_alloc_grow_or_null_orig_ptr); \ + alloc = 0; \ + } \ +} while (0) + #define REFTABLE_FREE_AND_NULL(p) do { reftable_free(p); (p) = NULL; } while (0) #ifndef REFTABLE_ALLOW_BANNED_ALLOCATORS diff --git a/reftable/block.c b/reftable/block.c index 0198078485..9858bbc7c5 100644 --- a/reftable/block.c +++ b/reftable/block.c @@ -53,7 +53,8 @@ static int block_writer_register_restart(struct block_writer *w, int n, if (2 + 3 * rlen + n > w->block_size - w->next) return -1; if (is_restart) { - REFTABLE_ALLOC_GROW(w->restarts, w->restart_len + 1, w->restart_cap); + REFTABLE_ALLOC_GROW_OR_NULL(w->restarts, w->restart_len + 1, + w->restart_cap); if (!w->restarts) return REFTABLE_OUT_OF_MEMORY_ERROR; w->restarts[w->restart_len++] = w->next; @@ -176,7 +177,8 @@ int block_writer_finish(struct block_writer *w) * is guaranteed to return `Z_STREAM_END`. */ compressed_len = deflateBound(w->zstream, src_len); - REFTABLE_ALLOC_GROW(w->compressed, compressed_len, w->compressed_cap); + REFTABLE_ALLOC_GROW_OR_NULL(w->compressed, compressed_len, + w->compressed_cap); if (!w->compressed) { ret = REFTABLE_OUT_OF_MEMORY_ERROR; return ret; @@ -235,8 +237,8 @@ int block_reader_init(struct block_reader *br, struct reftable_block *block, uLong src_len = block->len - block_header_skip; /* Log blocks specify the *uncompressed* size in their header. */ - REFTABLE_ALLOC_GROW(br->uncompressed_data, sz, - br->uncompressed_cap); + REFTABLE_ALLOC_GROW_OR_NULL(br->uncompressed_data, sz, + br->uncompressed_cap); if (!br->uncompressed_data) { err = REFTABLE_OUT_OF_MEMORY_ERROR; goto done; diff --git a/reftable/pq.c b/reftable/pq.c index 6ee1164dd3..5591e875e1 100644 --- a/reftable/pq.c +++ b/reftable/pq.c @@ -49,7 +49,7 @@ int merged_iter_pqueue_add(struct merged_iter_pqueue *pq, const struct pq_entry { size_t i = 0; - REFTABLE_ALLOC_GROW(pq->heap, pq->len + 1, pq->cap); + REFTABLE_ALLOC_GROW_OR_NULL(pq->heap, pq->len + 1, pq->cap); if (!pq->heap) return REFTABLE_OUT_OF_MEMORY_ERROR; pq->heap[pq->len++] = *e; diff --git a/reftable/record.c b/reftable/record.c index fb5652ed57..04429d23fe 100644 --- a/reftable/record.c +++ b/reftable/record.c @@ -246,8 +246,8 @@ static int reftable_ref_record_copy_from(void *rec, const void *src_rec, if (src->refname) { size_t refname_len = strlen(src->refname); - REFTABLE_ALLOC_GROW(ref->refname, refname_len + 1, - ref->refname_cap); + REFTABLE_ALLOC_GROW_OR_NULL(ref->refname, refname_len + 1, + ref->refname_cap); if (!ref->refname) { err = REFTABLE_OUT_OF_MEMORY_ERROR; goto out; @@ -385,7 +385,7 @@ static int reftable_ref_record_decode(void *rec, struct reftable_buf key, SWAP(r->refname, refname); SWAP(r->refname_cap, refname_cap); - REFTABLE_ALLOC_GROW(r->refname, key.len + 1, r->refname_cap); + REFTABLE_ALLOC_GROW_OR_NULL(r->refname, key.len + 1, r->refname_cap); if (!r->refname) { err = REFTABLE_OUT_OF_MEMORY_ERROR; goto done; @@ -839,7 +839,7 @@ static int reftable_log_record_decode(void *rec, struct reftable_buf key, if (key.len <= 9 || key.buf[key.len - 9] != 0) return REFTABLE_FORMAT_ERROR; - REFTABLE_ALLOC_GROW(r->refname, key.len - 8, r->refname_cap); + REFTABLE_ALLOC_GROW_OR_NULL(r->refname, key.len - 8, r->refname_cap); if (!r->refname) { err = REFTABLE_OUT_OF_MEMORY_ERROR; goto done; @@ -947,8 +947,8 @@ static int reftable_log_record_decode(void *rec, struct reftable_buf key, } string_view_consume(&in, n); - REFTABLE_ALLOC_GROW(r->value.update.message, scratch->len + 1, - r->value.update.message_cap); + REFTABLE_ALLOC_GROW_OR_NULL(r->value.update.message, scratch->len + 1, + r->value.update.message_cap); if (!r->value.update.message) { err = REFTABLE_OUT_OF_MEMORY_ERROR; goto done; diff --git a/reftable/stack.c b/reftable/stack.c index 634f0c5425..531660a49f 100644 --- a/reftable/stack.c +++ b/reftable/stack.c @@ -317,7 +317,9 @@ static int reftable_stack_reload_once(struct reftable_stack *st, * thus need to keep them alive here, which we * do by bumping their refcount. */ - REFTABLE_ALLOC_GROW(reused, reused_len + 1, reused_alloc); + REFTABLE_ALLOC_GROW_OR_NULL(reused, + reused_len + 1, + reused_alloc); if (!reused) { err = REFTABLE_OUT_OF_MEMORY_ERROR; goto done; @@ -949,8 +951,8 @@ int reftable_addition_add(struct reftable_addition *add, if (err < 0) goto done; - REFTABLE_ALLOC_GROW(add->new_tables, add->new_tables_len + 1, - add->new_tables_cap); + REFTABLE_ALLOC_GROW_OR_NULL(add->new_tables, add->new_tables_len + 1, + add->new_tables_cap); if (!add->new_tables) { err = REFTABLE_OUT_OF_MEMORY_ERROR; goto done; diff --git a/reftable/writer.c b/reftable/writer.c index 624e90fb53..740c98038e 100644 --- a/reftable/writer.c +++ b/reftable/writer.c @@ -254,7 +254,8 @@ static int writer_index_hash(struct reftable_writer *w, struct reftable_buf *has if (key->offset_len > 0 && key->offsets[key->offset_len - 1] == off) return 0; - REFTABLE_ALLOC_GROW(key->offsets, key->offset_len + 1, key->offset_cap); + REFTABLE_ALLOC_GROW_OR_NULL(key->offsets, key->offset_len + 1, + key->offset_cap); if (!key->offsets) return REFTABLE_OUT_OF_MEMORY_ERROR; key->offsets[key->offset_len++] = off; @@ -820,7 +821,7 @@ static int writer_flush_nonempty_block(struct reftable_writer *w) * Note that this also applies when flushing index blocks, in which * case we will end up with a multi-level index. */ - REFTABLE_ALLOC_GROW(w->index, w->index_len + 1, w->index_cap); + REFTABLE_ALLOC_GROW_OR_NULL(w->index, w->index_len + 1, w->index_cap); if (!w->index) return REFTABLE_OUT_OF_MEMORY_ERROR; diff --git a/t/unit-tests/t-reftable-basics.c b/t/unit-tests/t-reftable-basics.c index 65d50df091..5bf79c9976 100644 --- a/t/unit-tests/t-reftable-basics.c +++ b/t/unit-tests/t-reftable-basics.c @@ -20,6 +20,11 @@ static int integer_needle_lesseq(size_t i, void *_args) return args->needle <= args->haystack[i]; } +static void *realloc_stub(void *p UNUSED, size_t size UNUSED) +{ + return NULL; +} + int cmd_main(int argc UNUSED, const char *argv[] UNUSED) { if_test ("binary search with binsearch works") { @@ -141,5 +146,30 @@ int cmd_main(int argc UNUSED, const char *argv[] UNUSED) check_int(in, ==, out); } + if_test ("REFTABLE_ALLOC_GROW_OR_NULL works") { + int *arr = NULL; + size_t alloc = 0, old_alloc; + + REFTABLE_ALLOC_GROW_OR_NULL(arr, 1, alloc); + check(arr != NULL); + check_uint(alloc, >=, 1); + arr[0] = 42; + + old_alloc = alloc; + REFTABLE_ALLOC_GROW_OR_NULL(arr, old_alloc + 1, alloc); + check(arr != NULL); + check_uint(alloc, >, old_alloc); + arr[alloc - 1] = 42; + + old_alloc = alloc; + reftable_set_alloc(malloc, realloc_stub, free); + REFTABLE_ALLOC_GROW_OR_NULL(arr, old_alloc + 1, alloc); + check(arr == NULL); + check_uint(alloc, ==, 0); + reftable_set_alloc(malloc, realloc, free); + + reftable_free(arr); + } + return test_done(); } From patchwork Sat Dec 28 09:48:00 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Ren=C3=A9_Scharfe?= X-Patchwork-Id: 13922273 Received: from mout.web.de (mout.web.de [212.227.15.14]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D61A578C6C for ; Sat, 28 Dec 2024 09:48:05 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=212.227.15.14 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1735379288; cv=none; b=Pi/5+VOSELBHdcuGLdZZ/fCeGfMB3W3fxJ/xCOV9Loy+99tcdcvHZpTkWItDptvkGyEJBf/hIAg8fG7vG5CeqC31r0W87X2JnqbJyXa6XuVp98KhV6npql9035vUsFaTJ2YYWSOyqpwj56vBC7uJsF8/kstJ7wIunqdJiDiKAsU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1735379288; c=relaxed/simple; bh=F0R2c5OzU4OHtrCBw1mEJYKk3Z7/EY7aroh9EMGqZBU=; h=Message-ID:Date:MIME-Version:Subject:From:To:Cc:References: In-Reply-To:Content-Type; b=ajPJ/Phu/bBPfYR0I0/umiVaFc9evRClVsuvJS7g+RJDBPvjL+/rR6kdibDKWZhlyoMM327yQ67HwYjCqh0BeMkov3Ua6Zn2NCM06am+S5BcDK4EISYqM4usHRFSTZjn+8bnkKadJ+Et7+WemeNufOQ03nT/f5GYL7WJQskddKg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=web.de; spf=pass smtp.mailfrom=web.de; dkim=pass (2048-bit key) header.d=web.de header.i=l.s.r@web.de header.b=PLLrVQbo; arc=none smtp.client-ip=212.227.15.14 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=web.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=web.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=web.de header.i=l.s.r@web.de header.b="PLLrVQbo" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=web.de; s=s29768273; t=1735379281; x=1735984081; i=l.s.r@web.de; bh=LyUm3heSyZSHQOyd2BRQ1Rpa3Uq9HkHmGjrahLY6Ge8=; h=X-UI-Sender-Class:Message-ID:Date:MIME-Version:Subject:From:To: Cc:References:In-Reply-To:Content-Type:Content-Transfer-Encoding: cc:content-transfer-encoding:content-type:date:from:message-id: mime-version:reply-to:subject:to; b=PLLrVQboI6h06v0CUXDgVnYYC/wnKxFGXteZiBGLGdjGnz4zz0ckI1aCR7MYcSwN 5mWTfLKtXmoYdNIV/f5OApKyJeAd+WZwrl/dAO5EnrhsZyAf/3lLyOcavgDm5SBtV upQmYL3DY+42FfEl96bExXaupudtfPqV1ecqD+4FAba0LyQ8217ub3JgRLdtBzHw0 /xV2Gk3ViSBbfbRyXfw1WahYyKtRS2JpkjXP9o+y2fNWUBE586B6F0Cw6eFaSL93O /R3rZV4MuOpYwqbfla1Lm+eCrSe8UwV5QAL0r1WftWPTeQcwCtA0C4u6cAG21wULM FBZdkCbDMatkc2a6qQ== X-UI-Sender-Class: 814a7b36-bfc1-4dae-8640-3722d8ec6cd6 Received: from [192.168.178.29] ([79.203.20.45]) by smtp.web.de (mrweb005 [213.165.67.108]) with ESMTPSA (Nemesis) id 1MLRYd-1t8yw60pUp-00KEE3; Sat, 28 Dec 2024 10:48:01 +0100 Message-ID: <8bc6592f-f589-4c72-84d7-bd16ea9d753c@web.de> Date: Sat, 28 Dec 2024 10:48:00 +0100 Precedence: bulk X-Mailing-List: git@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: [PATCH v2 2/4] reftable: fix allocation count on realloc error From: =?utf-8?q?Ren=C3=A9_Scharfe?= To: Git List Cc: Patrick Steinhardt , Junio C Hamano References: <2b9fba8d-be63-4145-9d25-a2151e422cfa@web.de> Content-Language: en-US In-Reply-To: X-Provags-ID: V03:K1:27/oszUJNAFZJsPT8zO0e/OFoRc2FpTU83RRaD6LrB5jelOqJPo tW9RqrSRXr+V1mZfPyrte8K/Z/0rbFPT6+xwVfKptrXXYt7Z1xBsafbts0AtY5qzigXnWZo 38Oijrl7rSr0HgKcTCPyoRWD3dsF4fh58Pqh5F+DeQXi4BMLsvlPXfsuEUuneT/Yx2vR4Nm lTPpZfitOnFAYYNJ4yEGQ== X-Spam-Flag: NO UI-OutboundReport: notjunk:1;M01:P0:jjMMp2fvGl4=;YtFTdExdpp3FzkBbLyf9iHFf5Rz Peh6YfSIjfC7LG4iZLjn3nCdpkfg1vaZo3+CEJSW5Vf0Z6Hes2ThC+IYFrIiqNSL5eOqEpWEx 9ny5+9RX1dhQpfnoLWdUAxgT5UYw9xLDPULzUXXXxTYo6zhqRFDpm5uFcTmTDPPouLgBJksAJ 7Jl0zKz7WnN16rr6s0I0WL6k0wE529ufuMzG+a0u7Gy1dnjYMCTGeVEU/cVf9NdE1qxy6h7PK toa/pr/kaVVQsskrORewRbohuI2pIi5ZvNo9LokjQon+sxzzls+XG7cGXRbcdY9XFSHQVKxCa f+CHmQEiMJ/W+BnnwuWVdSOoLqN/hgv+HTnJombNpHii0KSCHV88L+nCPCf+GgteS2ddr9rc2 jNbV+o8Q1lmY86Kwu6wsAWSL21Gvkccrqfq6RzATLYgVS1ErIKh0umrERtTtqZhMlzTZfmXjU 4Z/ktlJsKw/nsW5qqZq50U1h2YEUA4TgXRbz+faAdvQwRq/MAnWQkULbdOQn7YSbjbH5UkgyR 1/tOz3wU8MLNXJWmUpbn+ode0sosI9ouy7SdsT9tLJxzuIH12/xg/YBAdMN0UkX2Myrtezvt0 JecSDxYun9OxlJxoeOOPm94r9eLLVLthdiWX9/kZulJmqtaBwg2Nur4OqLKr7KO5iqrVigyS7 KwhvMBKgwbQwsRfJlz5U+Km96sYiBk7iZeww8O/Ro9CO1dyY1ZuO4VYXYgwJ80Fln29kMtkAm eZ3ND5Y3wquMTIqejZFguEvC8B3ky02lunHyLdwf5dbzzXF4CxH5/OADeqDAgym25a6B4KEHG AoajKHjfgJrRgMShRkpSsR1/saHpzObwW47n5o6lTXFXu0cyasRy6Isg0cYrCHeHKpP5HOWfp 5Vl4oWOUNLS4PAr5/9Edw+jCZDR1VRXgEDzCHGXE3IRBOhW9jsDoG3IJoe9TXOLPdprsr5s9Z CQFFGVxndXNjljAeHM0HegPbWsBY1eLFohmfyEhPGEKXpJKSJ2A6ONmd0WFaIHL+gKRJ5WLE3 uP1qiGQs1YDBjlMFvkvTzg/QCHmXCpldhFcdFVJQRmSdITFSEafD5K3hRDLkWIGUzNNhB85ZH lpK/8AA6Q= When realloc(3) fails, it returns NULL and keeps the original allocation intact. REFTABLE_ALLOC_GROW overwrites both the original pointer and the allocation count variable in that case, simultaneously leaking the original allocation and misrepresenting the number of storable items. parse_names() avoids the leak by keeping the original pointer if reallocation fails, but still increase the allocation count in such a case as if it succeeded. That's OK, because the error handling code just frees everything and doesn't look at names_cap anymore. reftable_buf_add() does the same, but here it is a problem as it leaves the reftable_buf in a broken state, with ->alloc being roughly twice as big as the actually allocated memory, allowing out-of-bounds writes in subsequent calls. Reimplement REFTABLE_ALLOC_GROW to avoid leaks, keep allocation counts in sync and still signal failures to callers while avoiding code duplication in callers. Make it an expression that evaluates to 0 if no reallocation is needed or it succeeded and 1 on failure while keeping the original pointer and allocation counter values. Adjust REFTABLE_ALLOC_GROW_OR_NULL to the new calling convention for REFTABLE_ALLOC_GROW, but keep its support for non-size_t alloc variables for now. Signed-off-by: René Scharfe --- reftable/basics.c | 11 +++------ reftable/basics.h | 39 +++++++++++++++++++++----------- t/unit-tests/t-reftable-basics.c | 26 +++++++++++++++++++++ 3 files changed, 55 insertions(+), 21 deletions(-) -- 2.47.1 diff --git a/reftable/basics.c b/reftable/basics.c index 70b1091d14..cd6b39dbe9 100644 --- a/reftable/basics.c +++ b/reftable/basics.c @@ -124,11 +124,8 @@ int reftable_buf_add(struct reftable_buf *buf, const void *data, size_t len) size_t newlen = buf->len + len; if (newlen + 1 > buf->alloc) { - char *reallocated = buf->buf; - REFTABLE_ALLOC_GROW(reallocated, newlen + 1, buf->alloc); - if (!reallocated) + if (REFTABLE_ALLOC_GROW(buf->buf, newlen + 1, buf->alloc)) return REFTABLE_OUT_OF_MEMORY_ERROR; - buf->buf = reallocated; } memcpy(buf->buf + buf->len, data, len); @@ -233,11 +230,9 @@ char **parse_names(char *buf, int size) next = end; } if (p < next) { - char **names_grown = names; - REFTABLE_ALLOC_GROW(names_grown, names_len + 1, names_cap); - if (!names_grown) + if (REFTABLE_ALLOC_GROW(names, names_len + 1, + names_cap)) goto err; - names = names_grown; names[names_len] = reftable_strdup(p); if (!names[names_len++]) diff --git a/reftable/basics.h b/reftable/basics.h index 259f4c274c..4bf71b0954 100644 --- a/reftable/basics.h +++ b/reftable/basics.h @@ -120,22 +120,35 @@ char *reftable_strdup(const char *str); #define REFTABLE_ALLOC_ARRAY(x, alloc) (x) = reftable_malloc(st_mult(sizeof(*(x)), (alloc))) #define REFTABLE_CALLOC_ARRAY(x, alloc) (x) = reftable_calloc((alloc), sizeof(*(x))) #define REFTABLE_REALLOC_ARRAY(x, alloc) (x) = reftable_realloc((x), st_mult(sizeof(*(x)), (alloc))) -#define REFTABLE_ALLOC_GROW(x, nr, alloc) \ - do { \ - if ((nr) > alloc) { \ - alloc = 2 * (alloc) + 1; \ - if (alloc < (nr)) \ - alloc = (nr); \ - REFTABLE_REALLOC_ARRAY(x, alloc); \ - } \ - } while (0) + +static inline void *reftable_alloc_grow(void *p, size_t nelem, size_t elsize, + size_t *allocp) +{ + void *new_p; + size_t alloc = *allocp * 2 + 1; + if (alloc < nelem) + alloc = nelem; + new_p = reftable_realloc(p, st_mult(elsize, alloc)); + if (!new_p) + return p; + *allocp = alloc; + return new_p; +} + +#define REFTABLE_ALLOC_GROW(x, nr, alloc) ( \ + (nr) > (alloc) && ( \ + (x) = reftable_alloc_grow((x), (nr), sizeof(*(x)), &(alloc)), \ + (nr) > (alloc) \ + ) \ +) #define REFTABLE_ALLOC_GROW_OR_NULL(x, nr, alloc) do { \ - void *reftable_alloc_grow_or_null_orig_ptr = (x); \ - REFTABLE_ALLOC_GROW((x), (nr), (alloc)); \ - if (!(x)) { \ - reftable_free(reftable_alloc_grow_or_null_orig_ptr); \ + size_t reftable_alloc_grow_or_null_alloc = alloc; \ + if (REFTABLE_ALLOC_GROW((x), (nr), reftable_alloc_grow_or_null_alloc)) { \ + REFTABLE_FREE_AND_NULL(x); \ alloc = 0; \ + } else { \ + alloc = reftable_alloc_grow_or_null_alloc; \ } \ } while (0) diff --git a/t/unit-tests/t-reftable-basics.c b/t/unit-tests/t-reftable-basics.c index 5bf79c9976..990dc1a244 100644 --- a/t/unit-tests/t-reftable-basics.c +++ b/t/unit-tests/t-reftable-basics.c @@ -146,6 +146,32 @@ int cmd_main(int argc UNUSED, const char *argv[] UNUSED) check_int(in, ==, out); } + if_test ("REFTABLE_ALLOC_GROW works") { + int *arr = NULL, *old_arr; + size_t alloc = 0, old_alloc; + + check(!REFTABLE_ALLOC_GROW(arr, 1, alloc)); + check(arr != NULL); + check_uint(alloc, >=, 1); + arr[0] = 42; + + old_alloc = alloc; + old_arr = arr; + reftable_set_alloc(malloc, realloc_stub, free); + check(REFTABLE_ALLOC_GROW(arr, old_alloc + 1, alloc)); + check(arr == old_arr); + check_uint(alloc, ==, old_alloc); + + old_alloc = alloc; + reftable_set_alloc(malloc, realloc, free); + check(!REFTABLE_ALLOC_GROW(arr, old_alloc + 1, alloc)); + check(arr != NULL); + check_uint(alloc, >, old_alloc); + arr[alloc - 1] = 42; + + reftable_free(arr); + } + if_test ("REFTABLE_ALLOC_GROW_OR_NULL works") { int *arr = NULL; size_t alloc = 0, old_alloc; From patchwork Sat Dec 28 09:48:50 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Ren=C3=A9_Scharfe?= X-Patchwork-Id: 13922274 Received: from mout.web.de (mout.web.de [212.227.15.3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AF5AD433A4 for ; Sat, 28 Dec 2024 09:48:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=212.227.15.3 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1735379340; cv=none; b=aDogWw1d30LBi+xP4uz86X0nHn5hKMniiQMVRKOtnhdE82q+yvgCRPBCswg3nz1f0t/OOvBZgpHg18FiuWlDlwXtJTbJWnT1JtK3VyhwCe4ZAOnQTdAzHXPbDr5fJOqeCfg/8fvz8cvtclsVGJd1tGKvcC+kc+Sk/TMdAIaha9s= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1735379340; c=relaxed/simple; bh=BT3ZlamRjlTQ/Q1prjgXuyg7Xvp7GA+x9fRxobDZtCg=; h=Message-ID:Date:MIME-Version:Subject:From:To:Cc:References: In-Reply-To:Content-Type; b=GBkdQOSRyAwWF6APKW+NYwBzHCkxcgzgIkDY7hLuV0QQ/wZyxAJHQq8YrH4ZkmwjfGWu901Opbvhofxe+Hp4tKMQ4TJNB8dn+xItJTz+sF56YjjnURxP2bzshEV8G1Xj5fUl3xLpdE5oZUTzfEylqmxZHzcuxEnE5usWMl+C04s= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=web.de; spf=pass smtp.mailfrom=web.de; dkim=pass (2048-bit key) header.d=web.de header.i=l.s.r@web.de header.b=MFRNmCQa; arc=none smtp.client-ip=212.227.15.3 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=web.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=web.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=web.de header.i=l.s.r@web.de header.b="MFRNmCQa" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=web.de; s=s29768273; t=1735379331; x=1735984131; i=l.s.r@web.de; bh=WhvwdGGVHmi193NooQ/nKPF9sG6V7N0tx6bM2/tX8eo=; h=X-UI-Sender-Class:Message-ID:Date:MIME-Version:Subject:From:To: Cc:References:In-Reply-To:Content-Type:Content-Transfer-Encoding: cc:content-transfer-encoding:content-type:date:from:message-id: mime-version:reply-to:subject:to; b=MFRNmCQaHubKcasyaVFRTTcavo5xhnAQLvu9IuC/l+h+lJSR6jDun+Psx6u/UybC YQJyWa8lxoNj/L9doxhHcRALGrt+S+ZB/alPrI4DbeUUUfF3wyfavyzOKnKnfQVAP 6MQqPEDPs243HR/m+eNmbMBb+9V1HZVtnr+q1FPynAmSws38+jAAB1BfpLGkGepWP oMfsewQIqR0xlENn+/TfRaVKJ0Dz3iQpCvriOGsHY/VwByGuMuYIlLPQlpgKVDxsp LK9Bwejpemf/0g5guswAZw4HnhWVSyg/n3pmC47PmHc1siNygnzBPVBi2kw81UFcl oUC3xfYMTxa0p3/ZZA== X-UI-Sender-Class: 814a7b36-bfc1-4dae-8640-3722d8ec6cd6 Received: from [192.168.178.29] ([79.203.20.45]) by smtp.web.de (mrweb006 [213.165.67.108]) with ESMTPSA (Nemesis) id 1MDvDU-1tHc5G3g6W-00GNOc; Sat, 28 Dec 2024 10:48:50 +0100 Message-ID: Date: Sat, 28 Dec 2024 10:48:50 +0100 Precedence: bulk X-Mailing-List: git@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: [PATCH v2 3/4] reftable: handle realloc error in parse_names() From: =?utf-8?q?Ren=C3=A9_Scharfe?= To: Git List Cc: Patrick Steinhardt , Junio C Hamano References: <2b9fba8d-be63-4145-9d25-a2151e422cfa@web.de> Content-Language: en-US In-Reply-To: X-Provags-ID: V03:K1:VLBu1z+BAJZ40YVt8rFIkBraaZFSMIMUOEwL2PKqdwuGraz1oN5 AninCvoSvITlIub9Oo0sdbMURLvWBnFeu02ZjGE2dwA0LjLuizXzmN4QuRb5Q0bWpu4B5NN jVoyWoyjTWgyi4AT+QqfM+hGFv+dtl6QkMRY86t8VLajQ9s3PhCjw9v2bhku5iaF5eyFqwt /Mj9jjmG6qZ81SdELBA1A== X-Spam-Flag: NO UI-OutboundReport: notjunk:1;M01:P0:yGmUcUL069Q=;AF1zzZDLlw2dF/vIXQ9oEQgmG7J qqEvUJ9IgY3HvfEj6SosQgQ5TFX22nZ7p0nEBmyd5S7XcZO4UlgXnKv8xwArbiYtG3pfXE19g Z5n+gt6A5WGNnMhzJjiQ6lNzERlYGKOdL/bVLQ7zFVXRudf2ic20hu0Qe5zsM+x9M/Ehi6eDy LgAwNojfeawV0HbZK66IIywQwdgfdIThaIpba68amDfDqfqZRlo/4f7wxfuGOJv563p1uRHsZ UpXL96n/9We7Xwh6N/udVc3lHpIXEEJyaH2BveAeUiw5YLhWXY6U195RmOz1r0lTANW/A/CQo HbIKG4F1fwba10sNm36vkEAUGqPLruLltAIw0wTpUsrCaMI0npFBwFSoxJOcoiU4rX8d90X2q OhC3cGED1qTK3WxVR/URzfvJQR2DjMwABy2XvMxjHY9dTWVjOyqkAOPwlhZNH44MqSHi7Ztyl tFZXUwdLrAcJbrFuWckxVnvIQo09tr6cM2oEp2qme3Us+otqlIcwKbd9K77sAXv+fqIkzTCgw Oauoo3du5dsVBxQ4WbrlRTctrn0BigeRdER1pYO2Vl1vN8AH3D265IB0hyEmtwo4q/HUbY/Fa 7ogU0nR9enT3vmoY4a1pfxuW+hPZgweaHk0CTjPgJQyuBr8tVXoaOW+a1FoP7AfSUw3+lndCc c3NsF3RWgxJ7dZtxRXQ1hYkUb417e1d6Oulote/o6Qj3IeE+vJ6ZX0IeOtITTy4147t/Q4DFe 9jctYegxOFgHcsxTxyzqy7imBWRHlDyG1hERdY1TvEsRTxSCR5c7fF+Ouu4WJDH23KWVvn5wO Th9UXg227GESRIuBbwa+c1LUFDStSIgheORgZpMngmBkXlPusisakce15jkmXRlRdozJ62yaj 6lTUancEARzNVwIWyRWDvkQnnTr+RSw5+EEhwV91OzTAfHcIMdyw1s9Yvg51pV4+kX1FTSxJj i7ghwyE5BuO3yPFAKS8HSqKbjgYmBD9uptya45YPcGz4e9BvsapSaIJkoYBPZlse0WmSMt6CL hKQd8reR3PGvfCgZeTHADooYCdlxePWEaDMZa98qqODu9eWYZvxZbnYSoJa+RzSZilK7rCEfs 2NyS9uAvk= Check the final reallocation for adding the terminating NULL and handle it just like those in the loop. Simply use REFTABLE_ALLOC_GROW instead of keeping the REFTABLE_REALLOC_ARRAY call and adding code to preserve the original pointer value around it. Signed-off-by: René Scharfe --- reftable/basics.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) -- 2.47.1 diff --git a/reftable/basics.c b/reftable/basics.c index cd6b39dbe9..fe2b83ff83 100644 --- a/reftable/basics.c +++ b/reftable/basics.c @@ -241,7 +241,8 @@ char **parse_names(char *buf, int size) p = next + 1; } - REFTABLE_REALLOC_ARRAY(names, names_len + 1); + if (REFTABLE_ALLOC_GROW(names, names_len + 1, names_cap)) + goto err; names[names_len] = NULL; return names; From patchwork Sat Dec 28 09:49:38 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Ren=C3=A9_Scharfe?= X-Patchwork-Id: 13922275 Received: from mout.web.de (mout.web.de [212.227.15.14]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 54546433A4 for ; Sat, 28 Dec 2024 09:49:43 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=212.227.15.14 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1735379385; cv=none; b=oLGj5lAwFCeMVN07ALI/445cpXWJOLSOyqnVxfV+99A+/m6ZOKAo55ps6Jk3b2N5NvG7IoUjQOCKqbimfSw0H8pK8WRO8wSuyW+gAeGcfTERHJkgqqGbA4YGleTiKJ1vloUzBkHedJVM83NgK5HWyUg5j8scPH2nAJhute5QtHI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1735379385; c=relaxed/simple; bh=OXlRXF3AqxENeuz8kmkXHvJehkPWhRN7W7f/yJxugCA=; h=Message-ID:Date:MIME-Version:Subject:From:To:Cc:References: In-Reply-To:Content-Type; b=rNHEgD16SBt4jd6tYwC1bx0LpLt5/ffJYi+XjcL+Y5Axy04LKo7e6UL8ymeyneBozdl1JO1DGOLP1bvtFMc96DcdI4PLdFYiBERwui1FkQbTiqOYc+ELitTR0ISnQDFM9QMHmiv7wx+aGPz6Dnke9/yCbRCjFO2rQ7h2/HlnB+k= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=web.de; spf=pass smtp.mailfrom=web.de; dkim=pass (2048-bit key) header.d=web.de header.i=l.s.r@web.de header.b=kXbEgyFw; arc=none smtp.client-ip=212.227.15.14 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=web.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=web.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=web.de header.i=l.s.r@web.de header.b="kXbEgyFw" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=web.de; s=s29768273; t=1735379379; x=1735984179; i=l.s.r@web.de; bh=kcrkxjD2WV/GHRFksAJCFRvefRGq+noNEUMGS9ew4v0=; h=X-UI-Sender-Class:Message-ID:Date:MIME-Version:Subject:From:To: Cc:References:In-Reply-To:Content-Type:Content-Transfer-Encoding: cc:content-transfer-encoding:content-type:date:from:message-id: mime-version:reply-to:subject:to; b=kXbEgyFw6AqH3bOHg2/U4aKa+r9pRe8CgWJBAcLab6n2tdfjLpsHvq7jsUTpLSuy mwz3B3MO30vI3jcX43+KqgdRUMrPOMkIJ5RpUYWkhtRQ5ECf4dH7yXbH4X4wELUe0 gMIzFaCypGpUKSNNggNbfzuGJEOn7LBmadZuQqY3WX/u1tKq0UIlVxJ/xX/nOEeaZ sdn5igu+2s41J9bzYJwCDHmUovdcVNneJK8VtLzFXQofwnpF4D/OghNLxXL1/1Q5F lxztQ9ludVy9gmXWiLWBBAmUBjT2ZO7Ue2bsts1clQInkKXdEUTDGgphm+WWRxILu bzFVSr6sBJuW1NOMTA== X-UI-Sender-Class: 814a7b36-bfc1-4dae-8640-3722d8ec6cd6 Received: from [192.168.178.29] ([79.203.20.45]) by smtp.web.de (mrweb005 [213.165.67.108]) with ESMTPSA (Nemesis) id 1MlbHC-1trDkH0Ows-00kJlX; Sat, 28 Dec 2024 10:49:39 +0100 Message-ID: Date: Sat, 28 Dec 2024 10:49:38 +0100 Precedence: bulk X-Mailing-List: git@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: [PATCH v2 4/4] t-reftable-merged: handle realloc errors From: =?utf-8?q?Ren=C3=A9_Scharfe?= To: Git List Cc: Patrick Steinhardt , Junio C Hamano References: <2b9fba8d-be63-4145-9d25-a2151e422cfa@web.de> Content-Language: en-US In-Reply-To: X-Provags-ID: V03:K1:+XAPQ8oVS6W+kTPooz0bRvfuf4SvHPq+MTs4EFIl8mXt/3hRImh chDtaow/JvTlO2wMKq0n6y5yhCM8NXc1MQFeF/6g7zYiXx0VKTMYXU7CNKmcXWXFTMz7WxZ djh7gWgupmdHvU8pEdIcgPIqIpucZOA0qPn0SBNgOKEgbZm9Fshv9Rhngqt5MmcoCGMW+cu AwFtA3wEc+MTV97Cp/Ezw== X-Spam-Flag: NO UI-OutboundReport: notjunk:1;M01:P0:zV79Dv+bPeM=;cIglaNM7OYpynX5Mj5uOH6Q/NP2 RI2Jq/oKLmkD38nz6/ukEW5ApL9Og9FBYJV/fcKVLz7jmC/9b/ycJHlD8rk93iq1dn61YoqbH 910e5S8iq9jCLIErOxOofuy8Lkp/GLHU+/xPUaeqWObefBt5asMkWGrFng1l1kM5uNg3H5Vtf ifud3l1pLGyN46c6/B2sY+fdzicmDSlhVV2U4UPnuK3xg8R/HkKGYy0MPlk6JpYT/qOXxApuM G79Pjp0XsJeKO4wtOcWq0fZCS0yPZ4XowpsJqBElmoOxurB+tUzK1Ct3zQ6HMmyC+yC1B5vWu OQg4NmXSkDmYYBHV2BsDQ2dsxt6DB+WFa5GTN0XAd0v/lWNZhZEL5liLU45OTbo7daxMLUJjs ZR/dvl2RsSZFHFu4j73updf0wRRRV18zL1yLqA1fqn8RiwdQrtDxv523sGbq4uzS23Vp3PAqL 9arIJ8/hcXYk1STnPn6TbVBFtw0JCV2LtPLVO5ypkDRvXslLS7PNFveMMwPTRUJ6tNvo5mn/a xR4bTgLwwVKKxa2aYetWbKNHu0YAiGBwJnO7DOxDdyrkOWXhKIBeOxi/+HCXncS4hnKnBIiqd Ai5FtI5+6rGGBRt9GjsSvt93LUVS1GgADb/ig0zaW0oarNfsVZo9M47SsBqUa3bTBONDmX78F z3xynvLY6er0jvmJkaKsUy6/p6kXuiV4671NLN54DfNiDdZkMgbxvDn4lBSTAII/HGOCvS6WY wb7IjzP6eZiySuClUkdr6XAIpVRGKvKgKY8KlJk1gy+ZV253/BPm63JU4eNWHtBdhkch+AL2l 5lxEN3uUhRytlQ/gUjp72cRgZYuoawVcLsvElOV05/qLuHXZgP2KXp7KQmN64z7Yf7td7K2Xr NLVRPoO140EyAq4LfRP0cDr1F9qgl6/en0jddosWExQNqpXdDW9Wp5MgqGu4CMsIUyNMJMy0+ NdMYW44QUMBv9ElJta8MkaGKR4n1w6P3v7iGIvS2ZO3uwKKFgtRXfxHdXGyFcTvDLYZGmtBXV 1P9zeBQn5mzXm9m/rzeJXU3n0pVIuqetB9Ma6FHSzw41y8dYv7qRF4ZZ7PyBi6+kao+ePsbDd zCPN71hWI= Check reallocation errors in unit tests, like everywhere else. Signed-off-by: René Scharfe --- t/unit-tests/t-reftable-merged.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) -- 2.47.1 diff --git a/t/unit-tests/t-reftable-merged.c b/t/unit-tests/t-reftable-merged.c index a12bd0e1a3..60836f80d6 100644 --- a/t/unit-tests/t-reftable-merged.c +++ b/t/unit-tests/t-reftable-merged.c @@ -178,7 +178,7 @@ static void t_merged_refs(void) if (err > 0) break; - REFTABLE_ALLOC_GROW(out, len + 1, cap); + check(!REFTABLE_ALLOC_GROW(out, len + 1, cap)); out[len++] = ref; } reftable_iterator_destroy(&it); @@ -459,7 +459,7 @@ static void t_merged_logs(void) if (err > 0) break; - REFTABLE_ALLOC_GROW(out, len + 1, cap); + check(!REFTABLE_ALLOC_GROW(out, len + 1, cap)); out[len++] = log; } reftable_iterator_destroy(&it);