From b2e5d75d17c6ba13dc5966692c8ed9c105b4e13a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=86var=20Arnfj=C3=B6r=C3=B0=20Bjarmason?= Date: Tue, 7 Feb 2023 00:07:36 +0100 Subject: tests: mark tests as passing with SANITIZE=leak MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When the "ab/various-leak-fixes" topic was merged in [1] only t6021 would fail if the tests were run in the "GIT_TEST_PASSING_SANITIZE_LEAK=check" mode, i.e. to check whether we marked all leak-free tests with "TEST_PASSES_SANITIZE_LEAK=true". Since then we've had various tests starting to pass under SANITIZE=leak. Let's mark those as passing, this is when they started to pass, narrowed down with "git bisect": - t5317-pack-objects-filter-objects.sh: In faebba436e6 (list-objects-filter: plug pattern_list leak, 2022-12-01). - t3210-pack-refs.sh, t5613-info-alternate.sh, t7403-submodule-sync.sh: In 189e97bc4ba (diff: remove parseopts member from struct diff_options, 2022-12-01). - t1408-packed-refs.sh: In ab91f6b7c42 (Merge branch 'rs/diff-parseopts', 2022-12-19). - t0023-crlf-am.sh, t4152-am-subjects.sh, t4254-am-corrupt.sh, t4256-am-format-flowed.sh, t4257-am-interactive.sh, t5403-post-checkout-hook.sh: In a658e881c13 (am: don't pass strvec to apply_parse_options(), 2022-12-13) - t1301-shared-repo.sh, t1302-repo-version.sh: In b07a819c05f (reflog: clear leftovers in reflog_expiry_cleanup(), 2022-12-13). - t1304-default-acl.sh, t1410-reflog.sh, t5330-no-lazy-fetch-with-commit-graph.sh, t5502-quickfetch.sh, t5604-clone-reference.sh, t6014-rev-list-all.sh, t7701-repack-unpack-unreachable.sh: In b0c61be3209 (Merge branch 'rs/reflog-expiry-cleanup', 2022-12-26) - t3800-mktag.sh, t5302-pack-index.sh, t5306-pack-nobase.sh, t5573-pull-verify-signatures.sh, t7612-merge-verify-signatures.sh: In 69bbbe484ba (hash-object: use fsck for object checks, 2023-01-18). - t1451-fsck-buffer.sh: In 8e4309038f0 (fsck: do not assume NUL-termination of buffers, 2023-01-19). - t6501-freshen-objects.sh: In abf2bb895b4 (Merge branch 'jk/hash-object-fsck', 2023-01-30) 1. 9ea1378d046 (Merge branch 'ab/various-leak-fixes', 2022-12-14) Signed-off-by: Ævar Arnfjörð Bjarmason Signed-off-by: Junio C Hamano diff --git a/t/t0023-crlf-am.sh b/t/t0023-crlf-am.sh index f9bbb91..5758055 100755 --- a/t/t0023-crlf-am.sh +++ b/t/t0023-crlf-am.sh @@ -2,6 +2,7 @@ test_description='Test am with auto.crlf' +TEST_PASSES_SANITIZE_LEAK=true . ./test-lib.sh cat >patchfile <<\EOF diff --git a/t/t1301-shared-repo.sh b/t/t1301-shared-repo.sh index 58d6da7..1b6437e 100755 --- a/t/t1301-shared-repo.sh +++ b/t/t1301-shared-repo.sh @@ -9,6 +9,7 @@ GIT_TEST_DEFAULT_INITIAL_BRANCH_NAME=main export GIT_TEST_DEFAULT_INITIAL_BRANCH_NAME TEST_CREATE_REPO_NO_TEMPLATE=1 +TEST_PASSES_SANITIZE_LEAK=true . ./test-lib.sh # Remove a default ACL from the test dir if possible. diff --git a/t/t1302-repo-version.sh b/t/t1302-repo-version.sh index 7cf80bf..70389fa 100755 --- a/t/t1302-repo-version.sh +++ b/t/t1302-repo-version.sh @@ -5,6 +5,7 @@ test_description='Test repository version check' +TEST_PASSES_SANITIZE_LEAK=true . ./test-lib.sh test_expect_success 'setup' ' diff --git a/t/t1304-default-acl.sh b/t/t1304-default-acl.sh index c69ae41..31b89dd 100755 --- a/t/t1304-default-acl.sh +++ b/t/t1304-default-acl.sh @@ -9,6 +9,7 @@ test_description='Test repository with default ACL' # => this must come before . ./test-lib.sh umask 077 +TEST_PASSES_SANITIZE_LEAK=true . ./test-lib.sh # We need an arbitrary other user give permission to using ACLs. root diff --git a/t/t1408-packed-refs.sh b/t/t1408-packed-refs.sh index 41ba1f1..9469c79 100755 --- a/t/t1408-packed-refs.sh +++ b/t/t1408-packed-refs.sh @@ -5,6 +5,7 @@ test_description='packed-refs entries are covered by loose refs' GIT_TEST_DEFAULT_INITIAL_BRANCH_NAME=main export GIT_TEST_DEFAULT_INITIAL_BRANCH_NAME +TEST_PASSES_SANITIZE_LEAK=true . ./test-lib.sh test_expect_success setup ' diff --git a/t/t1410-reflog.sh b/t/t1410-reflog.sh index aa59954..6c45965 100755 --- a/t/t1410-reflog.sh +++ b/t/t1410-reflog.sh @@ -7,6 +7,7 @@ test_description='Test prune and reflog expiration' GIT_TEST_DEFAULT_INITIAL_BRANCH_NAME=main export GIT_TEST_DEFAULT_INITIAL_BRANCH_NAME +TEST_PASSES_SANITIZE_LEAK=true . ./test-lib.sh check_have () { diff --git a/t/t1451-fsck-buffer.sh b/t/t1451-fsck-buffer.sh index 9ac270a..3413da4 100755 --- a/t/t1451-fsck-buffer.sh +++ b/t/t1451-fsck-buffer.sh @@ -14,6 +14,8 @@ so. These tests _might_ catch such overruns in normal use, but should be run with ASan or valgrind for more confidence. ' + +TEST_PASSES_SANITIZE_LEAK=true . ./test-lib.sh # the general idea for tags and commits is to build up the "base" file diff --git a/t/t3210-pack-refs.sh b/t/t3210-pack-refs.sh index 577f32d..07a0ff9 100755 --- a/t/t3210-pack-refs.sh +++ b/t/t3210-pack-refs.sh @@ -12,6 +12,7 @@ semantic is still the same. GIT_TEST_DEFAULT_INITIAL_BRANCH_NAME=main export GIT_TEST_DEFAULT_INITIAL_BRANCH_NAME +TEST_PASSES_SANITIZE_LEAK=true . ./test-lib.sh test_expect_success 'enable reflogs' ' diff --git a/t/t3800-mktag.sh b/t/t3800-mktag.sh index e3cf0ff..d3e428f 100755 --- a/t/t3800-mktag.sh +++ b/t/t3800-mktag.sh @@ -4,6 +4,7 @@ test_description='git mktag: tag object verify test' +TEST_PASSES_SANITIZE_LEAK=true . ./test-lib.sh ########################################################### diff --git a/t/t4152-am-subjects.sh b/t/t4152-am-subjects.sh index 4c68245..9f2edba 100755 --- a/t/t4152-am-subjects.sh +++ b/t/t4152-am-subjects.sh @@ -1,6 +1,8 @@ #!/bin/sh test_description='test subject preservation with format-patch | am' + +TEST_PASSES_SANITIZE_LEAK=true . ./test-lib.sh make_patches() { diff --git a/t/t4254-am-corrupt.sh b/t/t4254-am-corrupt.sh index 54be7da..45f1d4f 100755 --- a/t/t4254-am-corrupt.sh +++ b/t/t4254-am-corrupt.sh @@ -1,6 +1,8 @@ #!/bin/sh test_description='git am with corrupt input' + +TEST_PASSES_SANITIZE_LEAK=true . ./test-lib.sh make_mbox_with_nul () { diff --git a/t/t4256-am-format-flowed.sh b/t/t4256-am-format-flowed.sh index 2369c4e..1015273 100755 --- a/t/t4256-am-format-flowed.sh +++ b/t/t4256-am-format-flowed.sh @@ -2,6 +2,7 @@ test_description='test format=flowed support of git am' +TEST_PASSES_SANITIZE_LEAK=true . ./test-lib.sh test_expect_success 'setup' ' diff --git a/t/t4257-am-interactive.sh b/t/t4257-am-interactive.sh index aed8f4d..f26d7fd 100755 --- a/t/t4257-am-interactive.sh +++ b/t/t4257-am-interactive.sh @@ -1,6 +1,8 @@ #!/bin/sh test_description='am --interactive tests' + +TEST_PASSES_SANITIZE_LEAK=true . ./test-lib.sh test_expect_success 'set up patches to apply' ' diff --git a/t/t5302-pack-index.sh b/t/t5302-pack-index.sh index 59e9e77..f89809b 100755 --- a/t/t5302-pack-index.sh +++ b/t/t5302-pack-index.sh @@ -4,6 +4,8 @@ # test_description='pack index with 64-bit offsets and object CRC' + +TEST_PASSES_SANITIZE_LEAK=true . ./test-lib.sh test_expect_success 'setup' ' diff --git a/t/t5306-pack-nobase.sh b/t/t5306-pack-nobase.sh index 51973f4..846c5ca 100755 --- a/t/t5306-pack-nobase.sh +++ b/t/t5306-pack-nobase.sh @@ -6,6 +6,8 @@ test_description='git-pack-object with missing base ' + +TEST_PASSES_SANITIZE_LEAK=true . ./test-lib.sh # Create A-B chain diff --git a/t/t5317-pack-objects-filter-objects.sh b/t/t5317-pack-objects-filter-objects.sh index 5b707d9..b26d476 100755 --- a/t/t5317-pack-objects-filter-objects.sh +++ b/t/t5317-pack-objects-filter-objects.sh @@ -5,6 +5,7 @@ test_description='git pack-objects using object filtering' GIT_TEST_DEFAULT_INITIAL_BRANCH_NAME=main export GIT_TEST_DEFAULT_INITIAL_BRANCH_NAME +TEST_PASSES_SANITIZE_LEAK=true . ./test-lib.sh # Test blob:none filter. diff --git a/t/t5330-no-lazy-fetch-with-commit-graph.sh b/t/t5330-no-lazy-fetch-with-commit-graph.sh index 2cc7fd7..5eb28f0 100755 --- a/t/t5330-no-lazy-fetch-with-commit-graph.sh +++ b/t/t5330-no-lazy-fetch-with-commit-graph.sh @@ -2,6 +2,7 @@ test_description='test for no lazy fetch with the commit-graph' +TEST_PASSES_SANITIZE_LEAK=true . ./test-lib.sh test_expect_success 'setup: prepare a repository with a commit' ' diff --git a/t/t5403-post-checkout-hook.sh b/t/t5403-post-checkout-hook.sh index 978f240..cfaae54 100755 --- a/t/t5403-post-checkout-hook.sh +++ b/t/t5403-post-checkout-hook.sh @@ -7,6 +7,7 @@ test_description='Test the post-checkout hook.' GIT_TEST_DEFAULT_INITIAL_BRANCH_NAME=main export GIT_TEST_DEFAULT_INITIAL_BRANCH_NAME +TEST_PASSES_SANITIZE_LEAK=true . ./test-lib.sh test_expect_success setup ' diff --git a/t/t5502-quickfetch.sh b/t/t5502-quickfetch.sh index b160f8b..7b3ff21 100755 --- a/t/t5502-quickfetch.sh +++ b/t/t5502-quickfetch.sh @@ -5,6 +5,7 @@ test_description='test quickfetch from local' GIT_TEST_DEFAULT_INITIAL_BRANCH_NAME=main export GIT_TEST_DEFAULT_INITIAL_BRANCH_NAME +TEST_PASSES_SANITIZE_LEAK=true . ./test-lib.sh test_expect_success setup ' diff --git a/t/t5573-pull-verify-signatures.sh b/t/t5573-pull-verify-signatures.sh index a53dd85..1221ac0 100755 --- a/t/t5573-pull-verify-signatures.sh +++ b/t/t5573-pull-verify-signatures.sh @@ -1,6 +1,8 @@ #!/bin/sh test_description='pull signature verification tests' + +TEST_PASSES_SANITIZE_LEAK=true . ./test-lib.sh . "$TEST_DIRECTORY/lib-gpg.sh" diff --git a/t/t5604-clone-reference.sh b/t/t5604-clone-reference.sh index 2734e37..dc86dea 100755 --- a/t/t5604-clone-reference.sh +++ b/t/t5604-clone-reference.sh @@ -7,6 +7,7 @@ test_description='test clone --reference' GIT_TEST_DEFAULT_INITIAL_BRANCH_NAME=main export GIT_TEST_DEFAULT_INITIAL_BRANCH_NAME +TEST_PASSES_SANITIZE_LEAK=true . ./test-lib.sh base_dir=$(pwd) diff --git a/t/t5613-info-alternate.sh b/t/t5613-info-alternate.sh index 895f46b..7708cba 100755 --- a/t/t5613-info-alternate.sh +++ b/t/t5613-info-alternate.sh @@ -4,6 +4,8 @@ # test_description='test transitive info/alternate entries' + +TEST_PASSES_SANITIZE_LEAK=true . ./test-lib.sh test_expect_success 'preparing first repository' ' diff --git a/t/t6014-rev-list-all.sh b/t/t6014-rev-list-all.sh index c9bedd2..16b8bd1 100755 --- a/t/t6014-rev-list-all.sh +++ b/t/t6014-rev-list-all.sh @@ -2,6 +2,7 @@ test_description='--all includes detached HEADs' +TEST_PASSES_SANITIZE_LEAK=true . ./test-lib.sh diff --git a/t/t6021-rev-list-exclude-hidden.sh b/t/t6021-rev-list-exclude-hidden.sh index 32b2b09..11c50b7 100755 --- a/t/t6021-rev-list-exclude-hidden.sh +++ b/t/t6021-rev-list-exclude-hidden.sh @@ -2,6 +2,7 @@ test_description='git rev-list --exclude-hidden test' +TEST_PASSES_SANITIZE_LEAK=true . ./test-lib.sh test_expect_success 'setup' ' diff --git a/t/t6501-freshen-objects.sh b/t/t6501-freshen-objects.sh index 1066245..3968b47 100755 --- a/t/t6501-freshen-objects.sh +++ b/t/t6501-freshen-objects.sh @@ -28,6 +28,7 @@ test_description='check pruning of dependent objects' GIT_TEST_DEFAULT_INITIAL_BRANCH_NAME=main export GIT_TEST_DEFAULT_INITIAL_BRANCH_NAME +TEST_PASSES_SANITIZE_LEAK=true . ./test-lib.sh # We care about reachability, so we do not want to use diff --git a/t/t7403-submodule-sync.sh b/t/t7403-submodule-sync.sh index ea92ef5..ff09443 100755 --- a/t/t7403-submodule-sync.sh +++ b/t/t7403-submodule-sync.sh @@ -11,6 +11,7 @@ These tests exercise the "git submodule sync" subcommand. GIT_TEST_DEFAULT_INITIAL_BRANCH_NAME=main export GIT_TEST_DEFAULT_INITIAL_BRANCH_NAME +TEST_PASSES_SANITIZE_LEAK=true . ./test-lib.sh test_expect_success setup ' diff --git a/t/t7612-merge-verify-signatures.sh b/t/t7612-merge-verify-signatures.sh index 61330f7..f5c90cc 100755 --- a/t/t7612-merge-verify-signatures.sh +++ b/t/t7612-merge-verify-signatures.sh @@ -4,6 +4,7 @@ test_description='merge signature verification tests' GIT_TEST_DEFAULT_INITIAL_BRANCH_NAME=main export GIT_TEST_DEFAULT_INITIAL_BRANCH_NAME +TEST_PASSES_SANITIZE_LEAK=true . ./test-lib.sh . "$TEST_DIRECTORY/lib-gpg.sh" diff --git a/t/t7701-repack-unpack-unreachable.sh b/t/t7701-repack-unpack-unreachable.sh index b7ac4f5..ebb2678 100755 --- a/t/t7701-repack-unpack-unreachable.sh +++ b/t/t7701-repack-unpack-unreachable.sh @@ -5,6 +5,7 @@ test_description='git repack works correctly' GIT_TEST_DEFAULT_INITIAL_BRANCH_NAME=main export GIT_TEST_DEFAULT_INITIAL_BRANCH_NAME +TEST_PASSES_SANITIZE_LEAK=true . ./test-lib.sh fsha1= -- cgit v0.10.2-6-g49f6 From 53537c6c17737010b7090634257b6274347bdbc8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=86var=20Arnfj=C3=B6r=C3=B0=20Bjarmason?= Date: Tue, 7 Feb 2023 00:07:37 +0100 Subject: bundle.c: don't leak the "args" in the "struct child_process" MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fix a leak that's been here since 7366096de9d (bundle API: change "flags" to be "extra_index_pack_args", 2021-09-05). If we can't verify the bundle, we didn't call child_process_clear() to clear the "args". But rather than adding an additional child_process_clear() call, let's verify the bundle before we start preparing the process we're going to spawn. If we fail to verify, we don't need to push anything to the child_process "args". Helped-by: Elijah Newren Signed-off-by: Ævar Arnfjörð Bjarmason Signed-off-by: Junio C Hamano diff --git a/bundle.c b/bundle.c index 4ef7256..9ebb10a 100644 --- a/bundle.c +++ b/bundle.c @@ -627,6 +627,10 @@ int unbundle(struct repository *r, struct bundle_header *header, enum verify_bundle_flags flags) { struct child_process ip = CHILD_PROCESS_INIT; + + if (verify_bundle(r, header, flags)) + return -1; + strvec_pushl(&ip.args, "index-pack", "--fix-thin", "--stdin", NULL); /* If there is a filter, then we need to create the promisor pack. */ @@ -638,8 +642,6 @@ int unbundle(struct repository *r, struct bundle_header *header, strvec_clear(extra_index_pack_args); } - if (verify_bundle(r, header, flags)) - return -1; ip.in = bundle_fd; ip.no_stdout = 1; ip.git_cmd = 1; -- cgit v0.10.2-6-g49f6 From e8ed0a8ac5ecb4379018e78188ed3ff489c7cfc5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=86var=20Arnfj=C3=B6r=C3=B0=20Bjarmason?= Date: Tue, 7 Feb 2023 00:07:38 +0100 Subject: commit-graph: use free_commit_graph() instead of UNLEAK() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit In 0bfb48e6723 (builtin/commit-graph.c: UNLEAK variables, 2018-10-03) this was made to UNLEAK(), but we can just as easily invoke the free_commit_graph() function added in c3756d5b7fc (commit-graph: add free_commit_graph, 2018-07-11) instead. Signed-off-by: Ævar Arnfjörð Bjarmason Signed-off-by: Junio C Hamano diff --git a/builtin/commit-graph.c b/builtin/commit-graph.c index e8f77f5..0102ac8 100644 --- a/builtin/commit-graph.c +++ b/builtin/commit-graph.c @@ -67,6 +67,7 @@ static int graph_verify(int argc, const char **argv, const char *prefix) int fd; struct stat st; int flags = 0; + int ret; static struct option builtin_commit_graph_verify_options[] = { OPT_BOOL(0, "shallow", &opts.shallow, @@ -111,8 +112,9 @@ static int graph_verify(int argc, const char **argv, const char *prefix) if (!graph) return !!open_ok; - UNLEAK(graph); - return verify_commit_graph(the_repository, graph, flags); + ret = verify_commit_graph(the_repository, graph, flags); + free_commit_graph(graph); + return ret; } extern int read_replace_refs; -- cgit v0.10.2-6-g49f6 From 81e5c39cf63b414468adcc6601184212e68e1fc1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=86var=20Arnfj=C3=B6r=C3=B0=20Bjarmason?= Date: Tue, 7 Feb 2023 00:07:39 +0100 Subject: clone: use free() instead of UNLEAK() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Change an UNLEAK() added in 0c4542738e6 (clone: free or UNLEAK further pointers when finished, 2021-03-14) to use a "to_free" pattern instead. In this case the "repo" can be either this absolute_pathdup() value, or in the "else if" branch seen in the context the the "argv[0]" argument to "main()". We can only free() the value in the former case, hence the "to_free" pattern. Signed-off-by: Ævar Arnfjörð Bjarmason Signed-off-by: Junio C Hamano diff --git a/builtin/clone.c b/builtin/clone.c index 5453ba5..ba82f5e 100644 --- a/builtin/clone.c +++ b/builtin/clone.c @@ -892,6 +892,7 @@ int cmd_clone(int argc, const char **argv, const char *prefix) int is_bundle = 0, is_local; int reject_shallow = 0; const char *repo_name, *repo, *work_tree, *git_dir; + char *repo_to_free = NULL; char *path = NULL, *dir, *display_repo = NULL; int dest_exists, real_dest_exists = 0; const struct ref *refs, *remote_head; @@ -949,7 +950,7 @@ int cmd_clone(int argc, const char **argv, const char *prefix) path = get_repo_path(repo_name, &is_bundle); if (path) { FREE_AND_NULL(path); - repo = absolute_pathdup(repo_name); + repo = repo_to_free = absolute_pathdup(repo_name); } else if (strchr(repo_name, ':')) { repo = repo_name; display_repo = transport_anonymize_url(repo); @@ -1413,7 +1414,7 @@ int cmd_clone(int argc, const char **argv, const char *prefix) free(unborn_head); free(dir); free(path); - UNLEAK(repo); + free(repo_to_free); junk_mode = JUNK_LEAVE_ALL; transport_ls_refs_options_release(&transport_ls_refs_options); -- cgit v0.10.2-6-g49f6 From 7615cf94d2af0f9ae71c4302092990e635f23a8f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=86var=20Arnfj=C3=B6r=C3=B0=20Bjarmason?= Date: Tue, 7 Feb 2023 00:07:40 +0100 Subject: various: add missing clear_pathspec(), fix leaks MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fix memory leaks resulting from a missing clear_pathspec(). - archive.c: Plug a leak in the "struct archiver_args", and clear_pathspec() the "pathspec" member that the "parse_pathspec_arg()" call in this function populates. - builtin/clean.c: Fix a memory leak that's been with us since 893d839970c (clean: convert to use parse_pathspec, 2013-07-14). - builtin/reset.c: Add clear_pathspec() calls to cmd_reset(), including to the codepaths where we'd return early. - builtin/stash.c: Call clear_pathspec() on the pathspec initialized in push_stash(). Signed-off-by: Ævar Arnfjörð Bjarmason Signed-off-by: Junio C Hamano diff --git a/archive.c b/archive.c index 81ff76f..f2a8756 100644 --- a/archive.c +++ b/archive.c @@ -710,6 +710,7 @@ int write_archive(int argc, const char **argv, const char *prefix, string_list_clear_func(&args.extra_files, extra_file_info_clear); free(args.refname); + clear_pathspec(&args.pathspec); return rc; } diff --git a/builtin/clean.c b/builtin/clean.c index b2701a2..b15eab3 100644 --- a/builtin/clean.c +++ b/builtin/clean.c @@ -1092,5 +1092,6 @@ int cmd_clean(int argc, const char **argv, const char *prefix) strbuf_release(&buf); string_list_clear(&del_list, 0); string_list_clear(&exclude_list, 0); + clear_pathspec(&pathspec); return (errors != 0); } diff --git a/builtin/reset.c b/builtin/reset.c index fea20a9..e9c1061 100644 --- a/builtin/reset.c +++ b/builtin/reset.c @@ -390,7 +390,8 @@ int cmd_reset(int argc, const char **argv, const char *prefix) if (reset_type != NONE) die(_("options '%s' and '%s' cannot be used together"), "--patch", "--{hard,mixed,soft}"); trace2_cmd_mode("patch-interactive"); - return run_add_interactive(rev, "--patch=reset", &pathspec); + update_ref_status = run_add_interactive(rev, "--patch=reset", &pathspec); + goto cleanup; } /* git reset tree [--] paths... can be used to @@ -439,8 +440,10 @@ int cmd_reset(int argc, const char **argv, const char *prefix) LOCK_DIE_ON_ERROR); if (reset_type == MIXED) { int flags = quiet ? REFRESH_QUIET : REFRESH_IN_PORCELAIN; - if (read_from_tree(&pathspec, &oid, intent_to_add)) - return 1; + if (read_from_tree(&pathspec, &oid, intent_to_add)) { + update_ref_status = 1; + goto cleanup; + } the_index.updated_skipworktree = 1; if (!no_refresh && get_git_work_tree()) { uint64_t t_begin, t_delta_in_ms; @@ -488,5 +491,7 @@ int cmd_reset(int argc, const char **argv, const char *prefix) discard_index(&the_index); +cleanup: + clear_pathspec(&pathspec); return update_ref_status; } diff --git a/builtin/stash.c b/builtin/stash.c index 839569a..71a4ee6 100644 --- a/builtin/stash.c +++ b/builtin/stash.c @@ -1727,6 +1727,7 @@ static int push_stash(int argc, const char **argv, const char *prefix, OPT_PATHSPEC_FILE_NUL(&pathspec_file_nul), OPT_END() }; + int ret; if (argc) { force_assume = !strcmp(argv[0], "-p"); @@ -1766,8 +1767,10 @@ static int push_stash(int argc, const char **argv, const char *prefix, die(_("the option '%s' requires '%s'"), "--pathspec-file-nul", "--pathspec-from-file"); } - return do_push_stash(&ps, stash_msg, quiet, keep_index, patch_mode, - include_untracked, only_staged); + ret = do_push_stash(&ps, stash_msg, quiet, keep_index, patch_mode, + include_untracked, only_staged); + clear_pathspec(&ps); + return ret; } static int push_stash_unassumed(int argc, const char **argv, const char *prefix) diff --git a/t/t5001-archive-attr.sh b/t/t5001-archive-attr.sh index 2f6eef5..04d300e 100755 --- a/t/t5001-archive-attr.sh +++ b/t/t5001-archive-attr.sh @@ -3,6 +3,7 @@ test_description='git archive attribute tests' TEST_CREATE_REPO_NO_TEMPLATE=1 +TEST_PASSES_SANITIZE_LEAK=true . ./test-lib.sh SUBSTFORMAT='%H (%h)%n' diff --git a/t/t5004-archive-corner-cases.sh b/t/t5004-archive-corner-cases.sh index ae508e2..9f2c6da 100755 --- a/t/t5004-archive-corner-cases.sh +++ b/t/t5004-archive-corner-cases.sh @@ -1,6 +1,8 @@ #!/bin/sh test_description='test corner cases of git-archive' + +TEST_PASSES_SANITIZE_LEAK=true . ./test-lib.sh # the 10knuls.tar file is used to test for an empty git generated tar diff --git a/t/t7105-reset-patch.sh b/t/t7105-reset-patch.sh index fc2a6cf..9b46da7 100755 --- a/t/t7105-reset-patch.sh +++ b/t/t7105-reset-patch.sh @@ -1,6 +1,8 @@ #!/bin/sh test_description='git reset --patch' + +TEST_PASSES_SANITIZE_LEAK=true . ./lib-patch-mode.sh test_expect_success PERL 'setup' ' diff --git a/t/t7106-reset-unborn-branch.sh b/t/t7106-reset-unborn-branch.sh index ecb85c3..a0b67a0 100755 --- a/t/t7106-reset-unborn-branch.sh +++ b/t/t7106-reset-unborn-branch.sh @@ -1,6 +1,8 @@ #!/bin/sh test_description='git reset should work on unborn branch' + +TEST_PASSES_SANITIZE_LEAK=true . ./test-lib.sh test_expect_success 'setup' ' diff --git a/t/t7107-reset-pathspec-file.sh b/t/t7107-reset-pathspec-file.sh index 523efbe..af5ea40 100755 --- a/t/t7107-reset-pathspec-file.sh +++ b/t/t7107-reset-pathspec-file.sh @@ -2,6 +2,7 @@ test_description='reset --pathspec-from-file' +TEST_PASSES_SANITIZE_LEAK=true . ./test-lib.sh test_tick diff --git a/t/t7301-clean-interactive.sh b/t/t7301-clean-interactive.sh index a07e8b8..d82a321 100755 --- a/t/t7301-clean-interactive.sh +++ b/t/t7301-clean-interactive.sh @@ -2,6 +2,7 @@ test_description='git clean -i basic tests' +TEST_PASSES_SANITIZE_LEAK=true . ./test-lib.sh . "$TEST_DIRECTORY"/lib-terminal.sh -- cgit v0.10.2-6-g49f6 From 486620ae0c4fd0c68cdd10140c769825d758564f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=86var=20Arnfj=C3=B6r=C3=B0=20Bjarmason?= Date: Tue, 7 Feb 2023 00:07:41 +0100 Subject: name-rev: don't xstrdup() an already dup'd string MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When "add_to_tip_table()" is called with a non-zero "shorten_unambiguous" we always return an xstrdup()'d string, which we'd then xstrdup() again, leaking memory. See [1] and [2] for how this leak came about. We could xstrdup() only if "shorten_unambiguous" wasn't true, but let's instead inline this code, so that information on whether we need to xstrdup() is contained within add_to_tip_table(). 1. 98c5c4ad015 (name-rev: allow to specify a subpath for --refs option, 2013-06-18) 2. b23e0b9353e (name-rev: allow converting the exact object name at the tip of a ref, 2013-07-07) Signed-off-by: Ævar Arnfjörð Bjarmason Signed-off-by: Junio C Hamano diff --git a/builtin/name-rev.c b/builtin/name-rev.c index 15535e9..49fae52 100644 --- a/builtin/name-rev.c +++ b/builtin/name-rev.c @@ -273,17 +273,6 @@ static int subpath_matches(const char *path, const char *filter) return -1; } -static const char *name_ref_abbrev(const char *refname, int shorten_unambiguous) -{ - if (shorten_unambiguous) - refname = shorten_unambiguous_ref(refname, 0); - else if (skip_prefix(refname, "refs/heads/", &refname)) - ; /* refname already advanced */ - else - skip_prefix(refname, "refs/", &refname); - return refname; -} - struct name_ref_data { int tags_only; int name_only; @@ -309,11 +298,19 @@ static void add_to_tip_table(const struct object_id *oid, const char *refname, int shorten_unambiguous, struct commit *commit, timestamp_t taggerdate, int from_tag, int deref) { - refname = name_ref_abbrev(refname, shorten_unambiguous); + char *short_refname = NULL; + + if (shorten_unambiguous) + short_refname = shorten_unambiguous_ref(refname, 0); + else if (skip_prefix(refname, "refs/heads/", &refname)) + ; /* refname already advanced */ + else + skip_prefix(refname, "refs/", &refname); ALLOC_GROW(tip_table.table, tip_table.nr + 1, tip_table.alloc); oidcpy(&tip_table.table[tip_table.nr].oid, oid); - tip_table.table[tip_table.nr].refname = xstrdup(refname); + tip_table.table[tip_table.nr].refname = short_refname ? + short_refname : xstrdup(refname); tip_table.table[tip_table.nr].commit = commit; tip_table.table[tip_table.nr].taggerdate = taggerdate; tip_table.table[tip_table.nr].from_tag = from_tag; -- cgit v0.10.2-6-g49f6 From 90428ddccf7bc0c0c192fc973b2d1a7a47605e10 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=86var=20Arnfj=C3=B6r=C3=B0=20Bjarmason?= Date: Tue, 7 Feb 2023 00:07:42 +0100 Subject: repack: fix leaks on error with "goto cleanup" MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit In cmd_repack() when we hit an error, replace "return ret" with "goto cleanup" to ensure we free the necessary data structures. Helped-by: Elijah Newren Signed-off-by: Ævar Arnfjörð Bjarmason Signed-off-by: Junio C Hamano diff --git a/builtin/repack.c b/builtin/repack.c index c1402ad..f649379 100644 --- a/builtin/repack.c +++ b/builtin/repack.c @@ -948,7 +948,7 @@ int cmd_repack(int argc, const char **argv, const char *prefix) ret = start_command(&cmd); if (ret) - return ret; + goto cleanup; if (geometry) { FILE *in = xfdopen(cmd.in, "w"); @@ -977,7 +977,7 @@ int cmd_repack(int argc, const char **argv, const char *prefix) fclose(out); ret = finish_command(&cmd); if (ret) - return ret; + goto cleanup; if (!names.nr && !po_args.quiet) printf_ln(_("Nothing new to pack.")); @@ -1007,7 +1007,7 @@ int cmd_repack(int argc, const char **argv, const char *prefix) &existing_nonkept_packs, &existing_kept_packs); if (ret) - return ret; + goto cleanup; if (delete_redundant && expire_to) { /* @@ -1039,7 +1039,7 @@ int cmd_repack(int argc, const char **argv, const char *prefix) &existing_nonkept_packs, &existing_kept_packs); if (ret) - return ret; + goto cleanup; } } @@ -1115,7 +1115,7 @@ int cmd_repack(int argc, const char **argv, const char *prefix) string_list_clear(&include, 0); if (ret) - return ret; + goto cleanup; } reprepare_packed_git(the_repository); @@ -1172,10 +1172,11 @@ int cmd_repack(int argc, const char **argv, const char *prefix) write_midx_file(get_object_directory(), NULL, NULL, flags); } +cleanup: string_list_clear(&names, 1); string_list_clear(&existing_nonkept_packs, 0); string_list_clear(&existing_kept_packs, 0); clear_pack_geometry(geometry); - return 0; + return ret; } diff --git a/t/t5312-prune-corruption.sh b/t/t5312-prune-corruption.sh index 9d8e249..230cb38 100755 --- a/t/t5312-prune-corruption.sh +++ b/t/t5312-prune-corruption.sh @@ -14,6 +14,7 @@ what currently happens. If that changes, these tests should be revisited. GIT_TEST_DEFAULT_INITIAL_BRANCH_NAME=main export GIT_TEST_DEFAULT_INITIAL_BRANCH_NAME +TEST_PASSES_SANITIZE_LEAK=true . ./test-lib.sh test_expect_success 'disable reflogs' ' diff --git a/t/t6011-rev-list-with-bad-commit.sh b/t/t6011-rev-list-with-bad-commit.sh index bad02cf..b2e422c 100755 --- a/t/t6011-rev-list-with-bad-commit.sh +++ b/t/t6011-rev-list-with-bad-commit.sh @@ -2,6 +2,7 @@ test_description='git rev-list should notice bad commits' +TEST_PASSES_SANITIZE_LEAK=true . ./test-lib.sh # Note: -- cgit v0.10.2-6-g49f6 From 9f24f3c719ccb4553f97a861c37cbedcc7357762 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=86var=20Arnfj=C3=B6r=C3=B0=20Bjarmason?= Date: Tue, 7 Feb 2023 00:07:43 +0100 Subject: worktree: fix a trivial leak in prune_worktrees() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We were leaking both the "struct strbuf" in prune_worktrees(), as well as the "path" we got from should_prune_worktree(). Since these were the only two uses of the "struct string_list" let's change it to a "DUP" and push these to it with "string_list_append_nodup()". For the string_list_append_nodup() we could also string_list_append() the main_path.buf, and then strbuf_release(&main_path) right away. But doing it this way avoids an allocation, as we already have the "struct strbuf" prepared for appending to "kept". Signed-off-by: Ævar Arnfjörð Bjarmason Signed-off-by: Junio C Hamano diff --git a/builtin/worktree.c b/builtin/worktree.c index f51c40f..254283a 100644 --- a/builtin/worktree.c +++ b/builtin/worktree.c @@ -173,7 +173,7 @@ static void prune_worktrees(void) { struct strbuf reason = STRBUF_INIT; struct strbuf main_path = STRBUF_INIT; - struct string_list kept = STRING_LIST_INIT_NODUP; + struct string_list kept = STRING_LIST_INIT_DUP; DIR *dir = opendir(git_path("worktrees")); struct dirent *d; if (!dir) @@ -184,14 +184,14 @@ static void prune_worktrees(void) if (should_prune_worktree(d->d_name, &reason, &path, expire)) prune_worktree(d->d_name, reason.buf); else if (path) - string_list_append(&kept, path)->util = xstrdup(d->d_name); + string_list_append_nodup(&kept, path)->util = xstrdup(d->d_name); } closedir(dir); strbuf_add_absolute_path(&main_path, get_git_common_dir()); /* massage main worktree absolute path to match 'gitdir' content */ strbuf_strip_suffix(&main_path, "/."); - string_list_append(&kept, strbuf_detach(&main_path, NULL)); + string_list_append_nodup(&kept, strbuf_detach(&main_path, NULL)); prune_dups(&kept); string_list_clear(&kept, 1); diff --git a/t/t2401-worktree-prune.sh b/t/t2401-worktree-prune.sh index 3d28c7f..568a47e 100755 --- a/t/t2401-worktree-prune.sh +++ b/t/t2401-worktree-prune.sh @@ -5,6 +5,7 @@ test_description='prune $GIT_DIR/worktrees' GIT_TEST_DEFAULT_INITIAL_BRANCH_NAME=main export GIT_TEST_DEFAULT_INITIAL_BRANCH_NAME +TEST_PASSES_SANITIZE_LEAK=true . ./test-lib.sh test_expect_success initialize ' diff --git a/t/t2406-worktree-repair.sh b/t/t2406-worktree-repair.sh index 5c44453..8970780 100755 --- a/t/t2406-worktree-repair.sh +++ b/t/t2406-worktree-repair.sh @@ -2,6 +2,7 @@ test_description='test git worktree repair' +TEST_PASSES_SANITIZE_LEAK=true . ./test-lib.sh test_expect_success setup ' -- cgit v0.10.2-6-g49f6 From eef75d247a5f1ce07cb21fa05196cdf7bc443e13 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=86var=20Arnfj=C3=B6r=C3=B0=20Bjarmason?= Date: Tue, 7 Feb 2023 00:07:44 +0100 Subject: http-backend.c: fix "dir" and "cmd_arg" leaks in cmd_main() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Free the "dir" variable after we're done with it. Before 917adc03608 (http-backend: add GIT_PROJECT_ROOT environment var, 2009-10-30) there was no leak here, as we'd get it via getenv(), but since 917adc03608 we've xstrdup()'d it (or the equivalent), so we need to free() it. We also need to free the "cmd_arg" variable, which has been leaked ever since it was added in 2f4038ab337 (Git-aware CGI to provide dumb HTTP transport, 2009-10-30). Signed-off-by: Ævar Arnfjörð Bjarmason Signed-off-by: Junio C Hamano diff --git a/http-backend.c b/http-backend.c index 6eb3b2f..67819d9 100644 --- a/http-backend.c +++ b/http-backend.c @@ -786,6 +786,7 @@ int cmd_main(int argc, const char **argv) if (!getenv("GIT_HTTP_EXPORT_ALL") && access("git-daemon-export-ok", F_OK) ) not_found(&hdr, "Repository not exported: '%s'", dir); + free(dir); http_config(); max_request_buffer = git_env_ulong("GIT_HTTP_MAX_REQUEST_BUFFER", @@ -795,5 +796,6 @@ int cmd_main(int argc, const char **argv) setenv(GIT_PROTOCOL_ENVIRONMENT, proto_header, 0); cmd->imp(&hdr, cmd_arg); + free(cmd_arg); return 0; } -- cgit v0.10.2-6-g49f6 From 2139bd0200b2ee51674d8778cd26a9f38220a5b7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=86var=20Arnfj=C3=B6r=C3=B0=20Bjarmason?= Date: Tue, 7 Feb 2023 00:07:45 +0100 Subject: http-backend.c: fix cmd_main() memory leak, refactor reg{exec,free}() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fix a memory leak that's been with us ever since 2f4038ab337 (Git-aware CGI to provide dumb HTTP transport, 2009-10-30). In this case we're not calling regerror() after a failed regexec(), and don't otherwise use "re" afterwards. We can therefore simplify this code by calling regfree() right after the regexec(). An alternative fix would be to add a regfree() to both the "return" and "break" path in this for-loop. Signed-off-by: Ævar Arnfjörð Bjarmason Signed-off-by: Junio C Hamano diff --git a/http-backend.c b/http-backend.c index 67819d9..8ab58e5 100644 --- a/http-backend.c +++ b/http-backend.c @@ -759,10 +759,14 @@ int cmd_main(int argc, const char **argv) struct service_cmd *c = &services[i]; regex_t re; regmatch_t out[1]; + int ret; if (regcomp(&re, c->pattern, REG_EXTENDED)) die("Bogus regex in service table: %s", c->pattern); - if (!regexec(&re, dir, 1, out, 0)) { + ret = regexec(&re, dir, 1, out, 0); + regfree(&re); + + if (!ret) { size_t n; if (strcmp(method, c->method)) @@ -774,7 +778,6 @@ int cmd_main(int argc, const char **argv) dir[out[0].rm_so] = 0; break; } - regfree(&re); } if (!cmd) -- cgit v0.10.2-6-g49f6 From 9d01cfed6915b1e99c266fd578e39c7aba7767dc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=86var=20Arnfj=C3=B6r=C3=B0=20Bjarmason?= Date: Tue, 7 Feb 2023 00:07:46 +0100 Subject: commit-graph: fix a parse_options_concat() leak MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When the parse_options_concat() was added to this file in 84e4484f128 (commit-graph: use parse_options_concat(), 2021-08-23) we wouldn't free() it if we returned early in these cases. Since "result" is 0 by default we can "goto cleanup" in both cases, and only need to set "result" if write_commit_graph_reachable() fails. Signed-off-by: Ævar Arnfjörð Bjarmason Signed-off-by: Junio C Hamano diff --git a/builtin/commit-graph.c b/builtin/commit-graph.c index 0102ac8..93704f9 100644 --- a/builtin/commit-graph.c +++ b/builtin/commit-graph.c @@ -269,8 +269,8 @@ static int graph_write(int argc, const char **argv, const char *prefix) if (opts.reachable) { if (write_commit_graph_reachable(odb, flags, &write_opts)) - return 1; - return 0; + result = 1; + goto cleanup; } if (opts.stdin_packs) { -- cgit v0.10.2-6-g49f6 From 81559612a94636f1efe8268385fe6a4ab182ac19 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=86var=20Arnfj=C3=B6r=C3=B0=20Bjarmason?= Date: Tue, 7 Feb 2023 00:07:47 +0100 Subject: show-branch: free() allocated "head" before return MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Stop leaking the "head" variable, which we've been leaking since it was originally added in [1], and in its current form since [2] 1. ed378ec7e85 (Make ref resolution saner, 2006-09-11) 2. d9e557a320b (show-branch: store resolved head in heap buffer, 2017-02-14). Signed-off-by: Ævar Arnfjörð Bjarmason Signed-off-by: Junio C Hamano diff --git a/builtin/show-branch.c b/builtin/show-branch.c index c013aba..358ac3e 100644 --- a/builtin/show-branch.c +++ b/builtin/show-branch.c @@ -956,5 +956,6 @@ int cmd_show_branch(int ac, const char **av, const char *prefix) if (shown_merge_point && --extra < 0) break; } + free(head); return 0; } -- cgit v0.10.2-6-g49f6 From 345e216f63a71ab58f81cf4eae1eb2a458304ca1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=86var=20Arnfj=C3=B6r=C3=B0=20Bjarmason?= Date: Tue, 7 Feb 2023 00:07:48 +0100 Subject: builtin/merge.c: use fixed strings, not "strbuf", fix leak MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Follow-up 465028e0e25 (merge: add missing strbuf_release(), 2021-10-07) and address the "msg" memory leak in this block. We could free "&msg" before the "goto done" here, but even better is to avoid allocating it in the first place. By repeating the "Fast-forward" string here we can avoid using a "struct strbuf" altogether. Suggested-by: René Scharfe Signed-off-by: Ævar Arnfjörð Bjarmason Signed-off-by: Junio C Hamano diff --git a/builtin/merge.c b/builtin/merge.c index 74de2eb..32733e5 100644 --- a/builtin/merge.c +++ b/builtin/merge.c @@ -1560,7 +1560,9 @@ int cmd_merge(int argc, const char **argv, const char *prefix) !common->next && oideq(&common->item->object.oid, &head_commit->object.oid)) { /* Again the most common case of merging one remote. */ - struct strbuf msg = STRBUF_INIT; + const char *msg = have_message ? + "Fast-forward (no commit created; -m option ignored)" : + "Fast-forward"; struct commit *commit; if (verbosity >= 0) { @@ -1570,10 +1572,6 @@ int cmd_merge(int argc, const char **argv, const char *prefix) find_unique_abbrev(&remoteheads->item->object.oid, DEFAULT_ABBREV)); } - strbuf_addstr(&msg, "Fast-forward"); - if (have_message) - strbuf_addstr(&msg, - " (no commit created; -m option ignored)"); commit = remoteheads->item; if (!commit) { ret = 1; @@ -1592,9 +1590,8 @@ int cmd_merge(int argc, const char **argv, const char *prefix) goto done; } - finish(head_commit, remoteheads, &commit->object.oid, msg.buf); + finish(head_commit, remoteheads, &commit->object.oid, msg); remove_merge_branch_state(the_repository); - strbuf_release(&msg); goto done; } else if (!remoteheads->next && common->next) ; diff --git a/t/t6439-merge-co-error-msgs.sh b/t/t6439-merge-co-error-msgs.sh index 52cf0c8..0cbec57 100755 --- a/t/t6439-merge-co-error-msgs.sh +++ b/t/t6439-merge-co-error-msgs.sh @@ -5,6 +5,7 @@ test_description='unpack-trees error messages' GIT_TEST_DEFAULT_INITIAL_BRANCH_NAME=main export GIT_TEST_DEFAULT_INITIAL_BRANCH_NAME +TEST_PASSES_SANITIZE_LEAK=true . ./test-lib.sh -- cgit v0.10.2-6-g49f6 From 41211db10f27de1a21ef2fd287f168ef25231275 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=86var=20Arnfj=C3=B6r=C3=B0=20Bjarmason?= Date: Tue, 7 Feb 2023 00:07:49 +0100 Subject: builtin/merge.c: free "&buf" on "Your local changes..." error MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Plug a memory leak introduced in [1], since that change didn't follow the "goto done" pattern introduced in [2] we'd leak the "&buf" memory. 1. e4cdfe84a0d (merge: abort if index does not match HEAD for trivial merges, 2022-07-23) 2. d5a35c114ab (Copy resolve_ref() return value for longer use, 2011-11-13) Signed-off-by: Ævar Arnfjörð Bjarmason Signed-off-by: Junio C Hamano diff --git a/builtin/merge.c b/builtin/merge.c index 32733e5..5a834b1 100644 --- a/builtin/merge.c +++ b/builtin/merge.c @@ -1618,7 +1618,8 @@ int cmd_merge(int argc, const char **argv, const char *prefix) error(_("Your local changes to the following files would be overwritten by merge:\n %s"), sb.buf); strbuf_release(&sb); - return 2; + ret = 2; + goto done; } /* See if it is really trivial. */ -- cgit v0.10.2-6-g49f6 From 891c9965fbc05848fb66444274e39c7ae2c6f321 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=86var=20Arnfj=C3=B6r=C3=B0=20Bjarmason?= Date: Tue, 7 Feb 2023 00:07:50 +0100 Subject: grep.c: refactor free_grep_patterns() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Refactor the free_grep_patterns() function to split out the freeing of the "struct grep_pat" it contains. Right now we're only freeing the "pattern_list", but we should be freeing another member of the same type, which we'll do in the subsequent commit. Let's also replace the "return" if we don't have an "opt->pattern_expression" with a conditional call of free_pattern_expr(). Before db84376f981 (grep.c: remove "extended" in favor of "pattern_expression", fix segfault, 2022-10-11) the pattern here was: if (!x) return; free_pattern_expr(y); While at it, instead of: if (!x) return; free_pattern_expr(x); Let's instead do: if (x) free_pattern_expr(x); This will make it easier to free additional members from free_grep_patterns() in the future. Helped-by: Elijah Newren Signed-off-by: Ævar Arnfjörð Bjarmason Signed-off-by: Junio C Hamano diff --git a/grep.c b/grep.c index 1687f65..f8708e1 100644 --- a/grep.c +++ b/grep.c @@ -769,11 +769,11 @@ static void free_pattern_expr(struct grep_expr *x) free(x); } -void free_grep_patterns(struct grep_opt *opt) +static void free_grep_pat(struct grep_pat *pattern) { struct grep_pat *p, *n; - for (p = opt->pattern_list; p; p = n) { + for (p = pattern; p; p = n) { n = p->next; switch (p->token) { case GREP_PATTERN: /* atom */ @@ -790,10 +790,14 @@ void free_grep_patterns(struct grep_opt *opt) } free(p); } +} - if (!opt->pattern_expression) - return; - free_pattern_expr(opt->pattern_expression); +void free_grep_patterns(struct grep_opt *opt) +{ + free_grep_pat(opt->pattern_list); + + if (opt->pattern_expression) + free_pattern_expr(opt->pattern_expression); } static const char *end_of_line(const char *cp, unsigned long *left) -- cgit v0.10.2-6-g49f6 From fb2ebe72a37423e7c375d933d3c277b8cc81efba Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=86var=20Arnfj=C3=B6r=C3=B0=20Bjarmason?= Date: Tue, 7 Feb 2023 00:07:51 +0100 Subject: grep API: plug memory leaks by freeing "header_list" MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When the "header_list" struct member was added in [1], freeing this field was neglected. Fix that now, so that commands like ./git -P log -1 --color=always --author=A origin/master will run leak-free. 1. 80235ba79ef ("log --author=me --grep=it" should find intersection, not union, 2010-01-17) Helped-by: Elijah Newren Signed-off-by: Ævar Arnfjörð Bjarmason Signed-off-by: Junio C Hamano diff --git a/grep.c b/grep.c index f8708e1..92ece4b 100644 --- a/grep.c +++ b/grep.c @@ -795,6 +795,7 @@ static void free_grep_pat(struct grep_pat *pattern) void free_grep_patterns(struct grep_opt *opt) { free_grep_pat(opt->pattern_list); + free_grep_pat(opt->header_list); if (opt->pattern_expression) free_pattern_expr(opt->pattern_expression); -- cgit v0.10.2-6-g49f6 From 1fdd31cf52a242c3b73b4093a68a30123c5c7549 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=86var=20Arnfj=C3=B6r=C3=B0=20Bjarmason?= Date: Tue, 7 Feb 2023 00:07:52 +0100 Subject: receive-pack: release the linked "struct command *" list MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fix a memory leak that's been with us since this code was introduced in [1]. Later in [2] we started using FLEX_ALLOC_MEM() to allocate the "struct command *". 1. 575f497456e (Add first cut at "git-receive-pack", 2005-06-29) 2. eb1af2df0b1 (git-receive-pack: start parsing ref update commands, 2005-06-29) Signed-off-by: Ævar Arnfjörð Bjarmason Signed-off-by: Junio C Hamano diff --git a/builtin/receive-pack.c b/builtin/receive-pack.c index a90af30..cd5c7a2 100644 --- a/builtin/receive-pack.c +++ b/builtin/receive-pack.c @@ -2032,6 +2032,16 @@ static struct command **queue_command(struct command **tail, return &cmd->next; } +static void free_commands(struct command *commands) +{ + while (commands) { + struct command *next = commands->next; + + free(commands); + commands = next; + } +} + static void queue_commands_from_cert(struct command **tail, struct strbuf *push_cert) { @@ -2569,6 +2579,7 @@ int cmd_receive_pack(int argc, const char **argv, const char *prefix) run_receive_hook(commands, "post-receive", 1, &push_options); run_update_post_hook(commands); + free_commands(commands); string_list_clear(&push_options, 0); if (auto_gc) { struct child_process proc = CHILD_PROCESS_INIT; diff --git a/t/t5405-send-pack-rewind.sh b/t/t5405-send-pack-rewind.sh index 11f0323..1686ac1 100755 --- a/t/t5405-send-pack-rewind.sh +++ b/t/t5405-send-pack-rewind.sh @@ -5,6 +5,7 @@ test_description='forced push to replace commit we do not have' GIT_TEST_DEFAULT_INITIAL_BRANCH_NAME=main export GIT_TEST_DEFAULT_INITIAL_BRANCH_NAME +TEST_PASSES_SANITIZE_LEAK=true . ./test-lib.sh test_expect_success setup ' diff --git a/t/t5406-remote-rejects.sh b/t/t5406-remote-rejects.sh index dcbeb42..d6a9946 100755 --- a/t/t5406-remote-rejects.sh +++ b/t/t5406-remote-rejects.sh @@ -2,6 +2,7 @@ test_description='remote push rejects are reported by client' +TEST_PASSES_SANITIZE_LEAK=true . ./test-lib.sh test_expect_success 'setup' ' diff --git a/t/t5507-remote-environment.sh b/t/t5507-remote-environment.sh index e614929..c6a6957 100755 --- a/t/t5507-remote-environment.sh +++ b/t/t5507-remote-environment.sh @@ -1,6 +1,8 @@ #!/bin/sh test_description='check environment showed to remote side of transports' + +TEST_PASSES_SANITIZE_LEAK=true . ./test-lib.sh test_expect_success 'set up "remote" push situation' ' diff --git a/t/t5522-pull-symlink.sh b/t/t5522-pull-symlink.sh index bcff460..394bc60 100755 --- a/t/t5522-pull-symlink.sh +++ b/t/t5522-pull-symlink.sh @@ -2,6 +2,7 @@ test_description='pulling from symlinked subdir' +TEST_PASSES_SANITIZE_LEAK=true . ./test-lib.sh # The scenario we are building: diff --git a/t/t5527-fetch-odd-refs.sh b/t/t5527-fetch-odd-refs.sh index e2770e4..98ece27 100755 --- a/t/t5527-fetch-odd-refs.sh +++ b/t/t5527-fetch-odd-refs.sh @@ -4,6 +4,7 @@ test_description='test fetching of oddly-named refs' GIT_TEST_DEFAULT_INITIAL_BRANCH_NAME=main export GIT_TEST_DEFAULT_INITIAL_BRANCH_NAME +TEST_PASSES_SANITIZE_LEAK=true . ./test-lib.sh # afterwards we will have: diff --git a/t/t5560-http-backend-noserver.sh b/t/t5560-http-backend-noserver.sh index d30cf4f..f75068d 100755 --- a/t/t5560-http-backend-noserver.sh +++ b/t/t5560-http-backend-noserver.sh @@ -4,6 +4,7 @@ test_description='test git-http-backend-noserver' GIT_TEST_DEFAULT_INITIAL_BRANCH_NAME=main export GIT_TEST_DEFAULT_INITIAL_BRANCH_NAME +TEST_PASSES_SANITIZE_LEAK=true . ./test-lib.sh HTTPD_DOCUMENT_ROOT_PATH="$TRASH_DIRECTORY" diff --git a/t/t5561-http-backend.sh b/t/t5561-http-backend.sh index 9c57d84..e1d3b8c 100755 --- a/t/t5561-http-backend.sh +++ b/t/t5561-http-backend.sh @@ -4,6 +4,7 @@ test_description='test git-http-backend' GIT_TEST_DEFAULT_INITIAL_BRANCH_NAME=main export GIT_TEST_DEFAULT_INITIAL_BRANCH_NAME +TEST_PASSES_SANITIZE_LEAK=true . ./test-lib.sh . "$TEST_DIRECTORY"/lib-httpd.sh diff --git a/t/t5562-http-backend-content-length.sh b/t/t5562-http-backend-content-length.sh index b68ec22..7ee9858 100755 --- a/t/t5562-http-backend-content-length.sh +++ b/t/t5562-http-backend-content-length.sh @@ -1,6 +1,8 @@ #!/bin/sh test_description='test git-http-backend respects CONTENT_LENGTH' + +TEST_PASSES_SANITIZE_LEAK=true . ./test-lib.sh test_lazy_prereq GZIP 'gzip --version' diff --git a/t/t5705-session-id-in-capabilities.sh b/t/t5705-session-id-in-capabilities.sh index ed38c76..b8a722e 100755 --- a/t/t5705-session-id-in-capabilities.sh +++ b/t/t5705-session-id-in-capabilities.sh @@ -2,6 +2,7 @@ test_description='session ID in capabilities' +TEST_PASSES_SANITIZE_LEAK=true . ./test-lib.sh REPO="$(pwd)/repo" -- cgit v0.10.2-6-g49f6 From aa561208d9d41d757ede1fb40d3ae2c164a21f97 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=86var=20Arnfj=C3=B6r=C3=B0=20Bjarmason?= Date: Tue, 7 Feb 2023 00:07:53 +0100 Subject: push: refactor refspec_append_mapped() for subsequent leak-fix MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The set_refspecs() caller of refspec_append_mapped() (added in [1]) left open the question[2] of whether the "remote" we lazily fetch might be NULL in the "[...]uniquely name our ref?" case, as remote_get() can return NULL. If we got past the "[...]uniquely name our ref?" case we'd have already segfaulted if we tried to dereference it as "remote->push.nr". In these cases the config mechanism & previous remote validation will have bailed out earlier. Let's refactor this code to clarify that, we'll now BUG() out if we can't get a "remote", and will no longer retrieve it for these common cases where we don't need it. 1. ca02465b413 (push: use remote.$name.push as a refmap, 2013-12-03) 2. https://lore.kernel.org/git/c0c07b89-7eaf-21cd-748e-e14ea57f09fd@web.de/ Signed-off-by: Ævar Arnfjörð Bjarmason Signed-off-by: Junio C Hamano diff --git a/builtin/push.c b/builtin/push.c index 60ac801..97b35ec 100644 --- a/builtin/push.c +++ b/builtin/push.c @@ -63,16 +63,9 @@ static struct refspec rs = REFSPEC_INIT_PUSH; static struct string_list push_options_config = STRING_LIST_INIT_DUP; static void refspec_append_mapped(struct refspec *refspec, const char *ref, - struct remote *remote, struct ref *local_refs) + struct remote *remote, struct ref *matched) { const char *branch_name; - struct ref *matched = NULL; - - /* Does "ref" uniquely name our ref? */ - if (count_refspec_match(ref, local_refs, &matched) != 1) { - refspec_append(refspec, ref); - return; - } if (remote->push.nr) { struct refspec_item query; @@ -120,12 +113,24 @@ static void set_refspecs(const char **refs, int nr, const char *repo) die(_("--delete only accepts plain target ref names")); refspec_appendf(&rs, ":%s", ref); } else if (!strchr(ref, ':')) { - if (!remote) { - /* lazily grab remote and local_refs */ - remote = remote_get(repo); + struct ref *matched = NULL; + + /* lazily grab local_refs */ + if (!local_refs) local_refs = get_local_heads(); + + /* Does "ref" uniquely name our ref? */ + if (count_refspec_match(ref, local_refs, &matched) != 1) { + refspec_append(&rs, ref); + } else { + /* lazily grab remote */ + if (!remote) + remote = remote_get(repo); + if (!remote) + BUG("must get a remote for repo '%s'", repo); + + refspec_append_mapped(&rs, ref, remote, matched); } - refspec_append_mapped(&rs, ref, remote, local_refs); } else refspec_append(&rs, ref); } -- cgit v0.10.2-6-g49f6 From c65d18cb5259079f44c055c07bf46c13c75780c1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=86var=20Arnfj=C3=B6r=C3=B0=20Bjarmason?= Date: Tue, 7 Feb 2023 00:07:54 +0100 Subject: push: free_refs() the "local_refs" in set_refspecs() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fix a memory leak that's been with us since this code was added in ca02465b413 (push: use remote.$name.push as a refmap, 2013-12-03). The "remote = remote_get(...)" added in the same commit would seem to leak based only on the context here, but that function is a wrapper for sticking the remotes we fetch into "the_repository->remote_state". See fd3cb0501e1 (remote: move static variables into per-repository struct, 2021-11-17) for the addition of code in repository.c that free's the "remote" allocated here. Signed-off-by: Ævar Arnfjörð Bjarmason Signed-off-by: Junio C Hamano diff --git a/builtin/push.c b/builtin/push.c index 97b35ec..8f7d326 100644 --- a/builtin/push.c +++ b/builtin/push.c @@ -134,6 +134,7 @@ static void set_refspecs(const char **refs, int nr, const char *repo) } else refspec_append(&rs, ref); } + free_refs(local_refs); } static int push_url_of_remote(struct remote *remote, const char ***url_p) diff --git a/t/t1416-ref-transaction-hooks.sh b/t/t1416-ref-transaction-hooks.sh index 2773172..b32ca79 100755 --- a/t/t1416-ref-transaction-hooks.sh +++ b/t/t1416-ref-transaction-hooks.sh @@ -5,6 +5,7 @@ test_description='reference transaction hooks' GIT_TEST_DEFAULT_INITIAL_BRANCH_NAME=main export GIT_TEST_DEFAULT_INITIAL_BRANCH_NAME +TEST_PASSES_SANITIZE_LEAK=true . ./test-lib.sh test_expect_success setup ' diff --git a/t/t2402-worktree-list.sh b/t/t2402-worktree-list.sh index 79e0fce..9ad9be0 100755 --- a/t/t2402-worktree-list.sh +++ b/t/t2402-worktree-list.sh @@ -5,6 +5,7 @@ test_description='test git worktree list' GIT_TEST_DEFAULT_INITIAL_BRANCH_NAME=main export GIT_TEST_DEFAULT_INITIAL_BRANCH_NAME +TEST_PASSES_SANITIZE_LEAK=true . ./test-lib.sh test_expect_success 'setup' ' diff --git a/t/t5504-fetch-receive-strict.sh b/t/t5504-fetch-receive-strict.sh index 88d3c56..0b8ab4a 100755 --- a/t/t5504-fetch-receive-strict.sh +++ b/t/t5504-fetch-receive-strict.sh @@ -4,6 +4,7 @@ test_description='fetch/receive strict mode' GIT_TEST_DEFAULT_INITIAL_BRANCH_NAME=main export GIT_TEST_DEFAULT_INITIAL_BRANCH_NAME +TEST_PASSES_SANITIZE_LEAK=true . ./test-lib.sh test_expect_success 'setup and inject "corrupt or missing" object' ' diff --git a/t/t5523-push-upstream.sh b/t/t5523-push-upstream.sh index fdb4292..c9acc07 100755 --- a/t/t5523-push-upstream.sh +++ b/t/t5523-push-upstream.sh @@ -4,6 +4,7 @@ test_description='push with --set-upstream' GIT_TEST_DEFAULT_INITIAL_BRANCH_NAME=main export GIT_TEST_DEFAULT_INITIAL_BRANCH_NAME +TEST_PASSES_SANITIZE_LEAK=true . ./test-lib.sh . "$TEST_DIRECTORY"/lib-terminal.sh diff --git a/t/t5529-push-errors.sh b/t/t5529-push-errors.sh index ce85fd3..0247137 100755 --- a/t/t5529-push-errors.sh +++ b/t/t5529-push-errors.sh @@ -1,6 +1,8 @@ #!/bin/sh test_description='detect some push errors early (before contacting remote)' + +TEST_PASSES_SANITIZE_LEAK=true . ./test-lib.sh test_expect_success 'setup commits' ' diff --git a/t/t5546-receive-limits.sh b/t/t5546-receive-limits.sh index 0b0e987..eed3c9d 100755 --- a/t/t5546-receive-limits.sh +++ b/t/t5546-receive-limits.sh @@ -1,6 +1,8 @@ #!/bin/sh test_description='check receive input limits' + +TEST_PASSES_SANITIZE_LEAK=true . ./test-lib.sh # Let's run tests with different unpack limits: 1 and 10000 diff --git a/t/t5547-push-quarantine.sh b/t/t5547-push-quarantine.sh index 1876fb3..9f899b8 100755 --- a/t/t5547-push-quarantine.sh +++ b/t/t5547-push-quarantine.sh @@ -1,6 +1,8 @@ #!/bin/sh test_description='check quarantine of objects during push' + +TEST_PASSES_SANITIZE_LEAK=true . ./test-lib.sh test_expect_success 'create picky dest repo' ' diff --git a/t/t5606-clone-options.sh b/t/t5606-clone-options.sh index cf221e9..27f9f77 100755 --- a/t/t5606-clone-options.sh +++ b/t/t5606-clone-options.sh @@ -4,6 +4,7 @@ test_description='basic clone options' GIT_TEST_DEFAULT_INITIAL_BRANCH_NAME=main export GIT_TEST_DEFAULT_INITIAL_BRANCH_NAME +TEST_PASSES_SANITIZE_LEAK=true . ./test-lib.sh test_expect_success 'setup' ' diff --git a/t/t5810-proto-disable-local.sh b/t/t5810-proto-disable-local.sh index c1ef99b..8626102 100755 --- a/t/t5810-proto-disable-local.sh +++ b/t/t5810-proto-disable-local.sh @@ -1,6 +1,8 @@ #!/bin/sh test_description='test disabling of local paths in clone/fetch' + +TEST_PASSES_SANITIZE_LEAK=true . ./test-lib.sh . "$TEST_DIRECTORY/lib-proto-disable.sh" diff --git a/t/t5813-proto-disable-ssh.sh b/t/t5813-proto-disable-ssh.sh index 3f084ee..2e975dc 100755 --- a/t/t5813-proto-disable-ssh.sh +++ b/t/t5813-proto-disable-ssh.sh @@ -1,6 +1,8 @@ #!/bin/sh test_description='test disabling of git-over-ssh in clone/fetch' + +TEST_PASSES_SANITIZE_LEAK=true . ./test-lib.sh . "$TEST_DIRECTORY/lib-proto-disable.sh" diff --git a/t/t7409-submodule-detached-work-tree.sh b/t/t7409-submodule-detached-work-tree.sh index 374ed48..574a6fc 100755 --- a/t/t7409-submodule-detached-work-tree.sh +++ b/t/t7409-submodule-detached-work-tree.sh @@ -13,6 +13,7 @@ TEST_NO_CREATE_REPO=1 GIT_TEST_DEFAULT_INITIAL_BRANCH_NAME=main export GIT_TEST_DEFAULT_INITIAL_BRANCH_NAME +TEST_PASSES_SANITIZE_LEAK=true . ./test-lib.sh test_expect_success 'setup' ' diff --git a/t/t7416-submodule-dash-url.sh b/t/t7416-submodule-dash-url.sh index 3ebd985..7cf72b9 100755 --- a/t/t7416-submodule-dash-url.sh +++ b/t/t7416-submodule-dash-url.sh @@ -1,6 +1,8 @@ #!/bin/sh test_description='check handling of disallowed .gitmodule urls' + +TEST_PASSES_SANITIZE_LEAK=true . ./test-lib.sh test_expect_success 'setup' ' diff --git a/t/t7450-bad-git-dotfiles.sh b/t/t7450-bad-git-dotfiles.sh index ba1f569..0d0c3f2 100755 --- a/t/t7450-bad-git-dotfiles.sh +++ b/t/t7450-bad-git-dotfiles.sh @@ -12,6 +12,8 @@ Such as: - symlinked .gitmodules, etc ' + +TEST_PASSES_SANITIZE_LEAK=true . ./test-lib.sh . "$TEST_DIRECTORY"/lib-pack.sh -- cgit v0.10.2-6-g49f6