From 4fa268738ca91347be0945c9ef12dd1ace0e70da Mon Sep 17 00:00:00 2001 From: Andrzej Hunt Date: Sun, 25 Apr 2021 14:16:13 +0000 Subject: builtin/bugreport: don't leak prefixed filename prefix_filename() returns newly allocated memory, and strbuf_addstr() doesn't take ownership of its inputs. Therefore we have to make sure to store and free prefix_filename()'s result. As this leak is in cmd_bugreport(), we could just as well UNLEAK the prefix - but there's no good reason not to just free it properly. This leak was found while running t0091, see output below: Direct leak of 24 byte(s) in 1 object(s) allocated from: #0 0x49ab79 in realloc /home/abuild/rpmbuild/BUILD/llvm-11.0.0.src/build/../projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:164:3 #1 0x9acc66 in xrealloc wrapper.c:126:8 #2 0x93baed in strbuf_grow strbuf.c:98:2 #3 0x93c6ea in strbuf_add strbuf.c:295:2 #4 0x69f162 in strbuf_addstr ./strbuf.h:304:2 #5 0x69f083 in prefix_filename abspath.c:277:2 #6 0x4fb275 in cmd_bugreport builtin/bugreport.c:146:9 #7 0x4cd91d in run_builtin git.c:467:11 #8 0x4cb5f3 in handle_builtin git.c:719:3 #9 0x4ccf47 in run_argv git.c:808:4 #10 0x4caf49 in cmd_main git.c:939:19 #11 0x69df9e in main common-main.c:52:11 #12 0x7f523a987349 in __libc_start_main (/lib64/libc.so.6+0x24349) Signed-off-by: Andrzej Hunt Signed-off-by: Junio C Hamano diff --git a/builtin/bugreport.c b/builtin/bugreport.c index ad3cc9c..9915a58 100644 --- a/builtin/bugreport.c +++ b/builtin/bugreport.c @@ -129,6 +129,7 @@ int cmd_bugreport(int argc, const char **argv, const char *prefix) char *option_output = NULL; char *option_suffix = "%Y-%m-%d-%H%M"; const char *user_relative_path = NULL; + char *prefixed_filename; const struct option bugreport_options[] = { OPT_STRING('o', "output-directory", &option_output, N_("path"), @@ -142,9 +143,9 @@ int cmd_bugreport(int argc, const char **argv, const char *prefix) bugreport_usage, 0); /* Prepare the path to put the result */ - strbuf_addstr(&report_path, - prefix_filename(prefix, - option_output ? option_output : "")); + prefixed_filename = prefix_filename(prefix, + option_output ? option_output : ""); + strbuf_addstr(&report_path, prefixed_filename); strbuf_complete(&report_path, '/'); strbuf_addstr(&report_path, "git-bugreport-"); @@ -189,6 +190,7 @@ int cmd_bugreport(int argc, const char **argv, const char *prefix) fprintf(stderr, _("Created new report at '%s'.\n"), user_relative_path); + free(prefixed_filename); UNLEAK(buffer); UNLEAK(report_path); return !!launch_editor(report_path.buf, NULL, NULL); -- cgit v0.10.2-6-g49f6