From: "Ævar Arnfjörð Bjarmason" <avarab@gmail.com>
To: git@vger.kernel.org
Cc: "Junio C Hamano" <gitster@pobox.com>,
"Phillip Wood" <phillip.wood123@gmail.com>,
"Jeff King" <peff@peff.net>,
"Derrick Stolee" <derrickstolee@github.com>,
"Elijah Newren" <newren@gmail.com>,
"Ævar Arnfjörð Bjarmason" <avarab@gmail.com>
Subject: [PATCH v2 10/15] sequencer.c: fix "opts->strategy" leak in read_strategy_opts()
Date: Tue, 8 Nov 2022 19:17:46 +0100 [thread overview]
Message-ID: <patch-v2-10.15-243ab74120b-20221108T172650Z-avarab@gmail.com> (raw)
In-Reply-To: <cover-v2-00.15-00000000000-20221108T172650Z-avarab@gmail.com>
When "read_strategy_opts()" is called we may have populated the
"opts->strategy" before, so we'll need to free() it to avoid leaking
memory.
We populate it before because we cal get_replay_opts() from within
"rebase.c" with an already populated "opts", which we then copy. Then
if we're doing a "rebase -i" the sequencer API itself will promptly
clobber our alloc'd version of it with its own.
If this code is changed to do, instead of the added free() here a:
if (opts->strategy)
opts->strategy = xstrdup("another leak");
We get a couple of stacktraces from -fsanitize=leak showing how we
ended up clobbering the already allocated value, i.e.:
Direct leak of 6 byte(s) in 1 object(s) allocated from:
#0 0x7f2e8cd45545 in __interceptor_malloc ../../../../src/libsanitizer/lsan/lsan_interceptors.cpp:75
#1 0x7f2e8cb0fcaa in __GI___strdup string/strdup.c:42
#2 0x6c4778 in xstrdup wrapper.c:39
#3 0x66bcb8 in read_strategy_opts sequencer.c:2902
#4 0x66bf7b in read_populate_opts sequencer.c:2969
#5 0x6723f9 in sequencer_continue sequencer.c:5063
#6 0x4a4f74 in run_sequencer_rebase builtin/rebase.c:348
#7 0x4a64c8 in run_specific_rebase builtin/rebase.c:753
#8 0x4a9b8b in cmd_rebase builtin/rebase.c:1824
#9 0x407a32 in run_builtin git.c:466
#10 0x407e0a in handle_builtin git.c:721
#11 0x40803d in run_argv git.c:788
#12 0x40850f in cmd_main git.c:923
#13 0x4eee79 in main common-main.c:57
#14 0x7f2e8ca9f209 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
#15 0x7f2e8ca9f2bb in __libc_start_main_impl ../csu/libc-start.c:389
#16 0x405fd0 in _start (git+0x405fd0)
Direct leak of 4 byte(s) in 1 object(s) allocated from:
#0 0x7f2e8cd45545 in __interceptor_malloc ../../../../src/libsanitizer/lsan/lsan_interceptors.cpp:75
#1 0x7f2e8cb0fcaa in __GI___strdup string/strdup.c:42
#2 0x6c4778 in xstrdup wrapper.c:39
#3 0x4a3c31 in xstrdup_or_null git-compat-util.h:1169
#4 0x4a447a in get_replay_opts builtin/rebase.c:163
#5 0x4a4f5b in run_sequencer_rebase builtin/rebase.c:346
#6 0x4a64c8 in run_specific_rebase builtin/rebase.c:753
#7 0x4a9b8b in cmd_rebase builtin/rebase.c:1824
#8 0x407a32 in run_builtin git.c:466
#9 0x407e0a in handle_builtin git.c:721
#10 0x40803d in run_argv git.c:788
#11 0x40850f in cmd_main git.c:923
#12 0x4eee79 in main common-main.c:57
#13 0x7f2e8ca9f209 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
#14 0x7f2e8ca9f2bb in __libc_start_main_impl ../csu/libc-start.c:389
#15 0x405fd0 in _start (git+0x405fd0)
This can be seen in e.g. the 4th test of
"t3404-rebase-interactive.sh".
In the larger picture the ownership of the "struct replay_opts" is
quite a mess, e.g. in this case rebase.c's static "get_replay_opts()"
function partially creates it, but nothing in rebase.c will free()
it. The structure is "mostly owned" by the sequencer API, but it also
expects to get these partially populated versions of it.
It would be better to have rebase keep track of what it allocated, and
free() that, and to pass that as a "const" to the sequencer API, which
would copy what it needs to its own version, and to free() that.
But doing so is a much larger change, and however messy the ownership
boundary is here is consistent with what we're doing already, so let's
just free() this to fix the leak.
Signed-off-by: Ævar Arnfjörð Bjarmason <avarab@gmail.com>
---
sequencer.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/sequencer.c b/sequencer.c
index e23f6f0b718..433fec21562 100644
--- a/sequencer.c
+++ b/sequencer.c
@@ -2897,6 +2897,7 @@ static void read_strategy_opts(struct replay_opts *opts, struct strbuf *buf)
strbuf_reset(buf);
if (!read_oneliner(buf, rebase_path_strategy(), 0))
return;
+ free(opts->strategy);
opts->strategy = strbuf_detach(buf, NULL);
if (!read_oneliner(buf, rebase_path_strategy_opts(), 0))
return;
--
2.38.0.1467.g709fbdff1a9
next prev parent reply other threads:[~2022-11-08 18:18 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-03 17:05 [PATCH 00/17] leak fixes: use existing constructors & other trivia Ævar Arnfjörð Bjarmason
2022-11-03 17:06 ` [PATCH 01/17] tests: mark tests as passing with SANITIZE=leak Ævar Arnfjörð Bjarmason
2022-11-03 17:06 ` [PATCH 02/17] {reset,merge}: call discard_index() before returning Ævar Arnfjörð Bjarmason
2022-11-03 17:06 ` [PATCH 03/17] commit: discard partial cache before (re-)reading it Ævar Arnfjörð Bjarmason
2022-11-03 17:06 ` [PATCH 04/17] read-cache.c: clear and free "sparse_checkout_patterns" Ævar Arnfjörð Bjarmason
2022-11-03 17:06 ` [PATCH 05/17] dir.c: free "ident" and "exclude_per_dir" in "struct untracked_cache" Ævar Arnfjörð Bjarmason
2022-11-03 17:06 ` [PATCH 06/17] built-ins & libs & helpers: add/move destructors, fix leaks Ævar Arnfjörð Bjarmason
2022-11-03 17:06 ` [PATCH 07/17] unpack-file: fix ancient leak in create_temp_file() Ævar Arnfjörð Bjarmason
2022-11-03 17:06 ` [PATCH 08/17] revision API: call graph_clear() in release_revisions() Ævar Arnfjörð Bjarmason
2022-11-03 17:06 ` [PATCH 09/17] ls-files: fix a --with-tree memory leak Ævar Arnfjörð Bjarmason
2022-11-03 17:06 ` [PATCH 10/17] sequencer.c: fix "opts->strategy" leak in read_strategy_opts() Ævar Arnfjörð Bjarmason
2022-11-04 14:50 ` Phillip Wood
2022-11-04 21:44 ` Taylor Blau
2022-11-05 12:43 ` Ævar Arnfjörð Bjarmason
2022-11-08 15:00 ` Phillip Wood
2022-11-08 15:26 ` Ævar Arnfjörð Bjarmason
2022-11-03 17:06 ` [PATCH 11/17] connected.c: free the "struct packed_git" Ævar Arnfjörð Bjarmason
2022-11-03 17:06 ` [PATCH 12/17] sequencer.c: fix a pick_commits() leak Ævar Arnfjörð Bjarmason
2022-11-03 17:06 ` [PATCH 13/17] rebase: don't leak on "--abort" Ævar Arnfjörð Bjarmason
2022-11-04 14:42 ` Phillip Wood
2022-11-05 12:01 ` Ævar Arnfjörð Bjarmason
2022-11-03 17:06 ` [PATCH 14/17] sequencer.c: fix sequencer_continue() leak Ævar Arnfjörð Bjarmason
2022-11-03 17:06 ` [PATCH 15/17] cherry-pick: free "struct replay_opts" members Ævar Arnfjörð Bjarmason
2022-11-03 17:06 ` [PATCH 16/17] revert: fix parse_options_concat() leak Ævar Arnfjörð Bjarmason
2022-11-03 17:06 ` [PATCH 17/17] built-ins: use free() not UNLEAK() if trivial, rm dead code Ævar Arnfjörð Bjarmason
2022-11-04 15:20 ` [PATCH 00/17] leak fixes: use existing constructors & other trivia Phillip Wood
2022-11-05 12:46 ` Ævar Arnfjörð Bjarmason
2022-11-07 9:46 ` Phillip Wood
2022-11-08 18:17 ` [PATCH v2 00/15] " Ævar Arnfjörð Bjarmason
2022-11-08 18:17 ` [PATCH v2 01/15] tests: mark tests as passing with SANITIZE=leak Ævar Arnfjörð Bjarmason
2022-11-08 18:17 ` [PATCH v2 02/15] {reset,merge}: call discard_index() before returning Ævar Arnfjörð Bjarmason
2022-11-08 18:17 ` [PATCH v2 03/15] commit: discard partial cache before (re-)reading it Ævar Arnfjörð Bjarmason
2022-11-08 18:17 ` [PATCH v2 04/15] read-cache.c: clear and free "sparse_checkout_patterns" Ævar Arnfjörð Bjarmason
2022-11-08 18:17 ` [PATCH v2 05/15] dir.c: free "ident" and "exclude_per_dir" in "struct untracked_cache" Ævar Arnfjörð Bjarmason
2022-11-08 18:17 ` [PATCH v2 06/15] built-ins & libs & helpers: add/move destructors, fix leaks Ævar Arnfjörð Bjarmason
2022-11-08 18:17 ` [PATCH v2 07/15] unpack-file: fix ancient leak in create_temp_file() Ævar Arnfjörð Bjarmason
2022-11-08 18:17 ` [PATCH v2 08/15] revision API: call graph_clear() in release_revisions() Ævar Arnfjörð Bjarmason
2022-11-08 18:17 ` [PATCH v2 09/15] ls-files: fix a --with-tree memory leak Ævar Arnfjörð Bjarmason
2022-11-08 18:17 ` Ævar Arnfjörð Bjarmason [this message]
2022-11-08 18:17 ` [PATCH v2 11/15] connected.c: free the "struct packed_git" Ævar Arnfjörð Bjarmason
2022-11-08 18:17 ` [PATCH v2 12/15] rebase: don't leak on "--abort" Ævar Arnfjörð Bjarmason
2022-11-08 18:17 ` [PATCH v2 13/15] cherry-pick: free "struct replay_opts" members Ævar Arnfjörð Bjarmason
2022-11-08 18:17 ` [PATCH v2 14/15] revert: fix parse_options_concat() leak Ævar Arnfjörð Bjarmason
2022-11-08 18:17 ` [PATCH v2 15/15] built-ins: use free() not UNLEAK() if trivial, rm dead code Ævar Arnfjörð Bjarmason
2022-11-08 20:54 ` [PATCH v2 00/15] leak fixes: use existing constructors & other trivia Taylor Blau
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=patch-v2-10.15-243ab74120b-20221108T172650Z-avarab@gmail.com \
--to=avarab@gmail.com \
--cc=derrickstolee@github.com \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=newren@gmail.com \
--cc=peff@peff.net \
--cc=phillip.wood123@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).