{{ message }}
[bash completion] allow display of the name of the remote the current branch is tracking#11
Closed
tomster wants to merge 1 commit into
Closed
[bash completion] allow display of the name of the remote the current branch is tracking#11tomster wants to merge 1 commit into
tomster wants to merge 1 commit into
Conversation
…g in the bash prompt
Member
Author
|
Should I send a patch to the git@vger.kernel.org mailing list or can i somehow reference this pull request and/or the sha of my commit? |
Member
gitster
added a commit
that referenced
this pull request
Oct 28, 2011
asmeurer
pushed a commit
to asmeurer/git
that referenced
this pull request
Jan 9, 2012
pclouds
referenced
this pull request
in TortoiseGit/tgit
Jan 13, 2012
Signed-off-by: Nguyễn Thái Ngọc Duy <pclouds@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
gitster
added a commit
that referenced
this pull request
Apr 30, 2012
gitster
added a commit
that referenced
this pull request
Jan 30, 2013
gitster
added a commit
that referenced
this pull request
Mar 20, 2015
Signed-off-by: Junio C Hamano <gitster@pobox.com>
gitster
added a commit
that referenced
this pull request
Mar 20, 2015
* master: Post 2.3 cycle (batch #11)
gitster
added a commit
that referenced
this pull request
Mar 27, 2017
ahunt
added a commit
to ahunt/git
that referenced
this pull request
Feb 19, 2021
write_commit_graph initialises topo_levels using init_topo_level_slab(), next it calls compute_topological_levels() which can cause the slab to grow, we therefore need to clear the slab again using clear_topo_level_slab() when we're done. First introduced in 72a2bfc - which is currently only in master and not on maint. LeakSanitizer output: ==1026==ERROR: LeakSanitizer: detected memory leaks Direct leak of 8 byte(s) in 1 object(s) allocated from: #0 0x498ae9 in realloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:164:3 #1 0xafbed8 in xrealloc /src/git/wrapper.c:126:8 #2 0x7966d1 in topo_level_slab_at_peek /src/git/commit-graph.c:71:1 #3 0x7965e0 in topo_level_slab_at /src/git/commit-graph.c:71:1 #4 0x78fbf5 in compute_topological_levels /src/git/commit-graph.c:1472:12 #5 0x78c5c3 in write_commit_graph /src/git/commit-graph.c:2456:2 #6 0x535c5f in graph_write /src/git/builtin/commit-graph.c:299:6 #7 0x5350ca in cmd_commit_graph /src/git/builtin/commit-graph.c:337:11 git#8 0x4cddb1 in run_builtin /src/git/git.c:453:11 git#9 0x4cabe2 in handle_builtin /src/git/git.c:704:3 git#10 0x4cd084 in run_argv /src/git/git.c:771:4 git#11 0x4ca424 in cmd_main /src/git/git.c:902:19 git#12 0x707fb6 in main /src/git/common-main.c:52:11 git#13 0x7fee4249383f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2083f) Indirect leak of 524256 byte(s) in 1 object(s) allocated from: #0 0x498942 in calloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:154:3 #1 0xafc088 in xcalloc /src/git/wrapper.c:140:8 #2 0x796870 in topo_level_slab_at_peek /src/git/commit-graph.c:71:1 #3 0x7965e0 in topo_level_slab_at /src/git/commit-graph.c:71:1 #4 0x78fbf5 in compute_topological_levels /src/git/commit-graph.c:1472:12 #5 0x78c5c3 in write_commit_graph /src/git/commit-graph.c:2456:2 #6 0x535c5f in graph_write /src/git/builtin/commit-graph.c:299:6 #7 0x5350ca in cmd_commit_graph /src/git/builtin/commit-graph.c:337:11 git#8 0x4cddb1 in run_builtin /src/git/git.c:453:11 git#9 0x4cabe2 in handle_builtin /src/git/git.c:704:3 git#10 0x4cd084 in run_argv /src/git/git.c:771:4 git#11 0x4ca424 in cmd_main /src/git/git.c:902:19 git#12 0x707fb6 in main /src/git/common-main.c:52:11 git#13 0x7fee4249383f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2083f) SUMMARY: AddressSanitizer: 524264 byte(s) leaked in 2 allocation(s).
ahunt
added a commit
to ahunt/git
that referenced
this pull request
Feb 19, 2021
write_commit_graph initialises topo_levels using init_topo_level_slab(), next it calls compute_topological_levels() which can cause the slab to grow, we therefore need to clear the slab again using clear_topo_level_slab() when we're done. First introduced in 72a2bfc - which is currently only in master and not on maint. LeakSanitizer output: ==1026==ERROR: LeakSanitizer: detected memory leaks Direct leak of 8 byte(s) in 1 object(s) allocated from: #0 0x498ae9 in realloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:164:3 #1 0xafbed8 in xrealloc /src/git/wrapper.c:126:8 #2 0x7966d1 in topo_level_slab_at_peek /src/git/commit-graph.c:71:1 #3 0x7965e0 in topo_level_slab_at /src/git/commit-graph.c:71:1 #4 0x78fbf5 in compute_topological_levels /src/git/commit-graph.c:1472:12 #5 0x78c5c3 in write_commit_graph /src/git/commit-graph.c:2456:2 #6 0x535c5f in graph_write /src/git/builtin/commit-graph.c:299:6 #7 0x5350ca in cmd_commit_graph /src/git/builtin/commit-graph.c:337:11 git#8 0x4cddb1 in run_builtin /src/git/git.c:453:11 git#9 0x4cabe2 in handle_builtin /src/git/git.c:704:3 git#10 0x4cd084 in run_argv /src/git/git.c:771:4 git#11 0x4ca424 in cmd_main /src/git/git.c:902:19 git#12 0x707fb6 in main /src/git/common-main.c:52:11 git#13 0x7fee4249383f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2083f) Indirect leak of 524256 byte(s) in 1 object(s) allocated from: #0 0x498942 in calloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:154:3 #1 0xafc088 in xcalloc /src/git/wrapper.c:140:8 #2 0x796870 in topo_level_slab_at_peek /src/git/commit-graph.c:71:1 #3 0x7965e0 in topo_level_slab_at /src/git/commit-graph.c:71:1 #4 0x78fbf5 in compute_topological_levels /src/git/commit-graph.c:1472:12 #5 0x78c5c3 in write_commit_graph /src/git/commit-graph.c:2456:2 #6 0x535c5f in graph_write /src/git/builtin/commit-graph.c:299:6 #7 0x5350ca in cmd_commit_graph /src/git/builtin/commit-graph.c:337:11 git#8 0x4cddb1 in run_builtin /src/git/git.c:453:11 git#9 0x4cabe2 in handle_builtin /src/git/git.c:704:3 git#10 0x4cd084 in run_argv /src/git/git.c:771:4 git#11 0x4ca424 in cmd_main /src/git/git.c:902:19 git#12 0x707fb6 in main /src/git/common-main.c:52:11 git#13 0x7fee4249383f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2083f) SUMMARY: AddressSanitizer: 524264 byte(s) leaked in 2 allocation(s). Signed-off-by: Andrzej Hunt <ajrhunt@google.com>
ahunt
added a commit
to ahunt/git
that referenced
this pull request
Feb 19, 2021
write_commit_graph initialises topo_levels using init_topo_level_slab(), next it calls compute_topological_levels() which can cause the slab to grow, we therefore need to clear the slab again using clear_topo_level_slab() when we're done. First introduced in 72a2bfc - which is currently only in master and not on maint. LeakSanitizer output: ==1026==ERROR: LeakSanitizer: detected memory leaks Direct leak of 8 byte(s) in 1 object(s) allocated from: #0 0x498ae9 in realloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:164:3 #1 0xafbed8 in xrealloc /src/git/wrapper.c:126:8 #2 0x7966d1 in topo_level_slab_at_peek /src/git/commit-graph.c:71:1 #3 0x7965e0 in topo_level_slab_at /src/git/commit-graph.c:71:1 #4 0x78fbf5 in compute_topological_levels /src/git/commit-graph.c:1472:12 #5 0x78c5c3 in write_commit_graph /src/git/commit-graph.c:2456:2 #6 0x535c5f in graph_write /src/git/builtin/commit-graph.c:299:6 #7 0x5350ca in cmd_commit_graph /src/git/builtin/commit-graph.c:337:11 git#8 0x4cddb1 in run_builtin /src/git/git.c:453:11 git#9 0x4cabe2 in handle_builtin /src/git/git.c:704:3 git#10 0x4cd084 in run_argv /src/git/git.c:771:4 git#11 0x4ca424 in cmd_main /src/git/git.c:902:19 git#12 0x707fb6 in main /src/git/common-main.c:52:11 git#13 0x7fee4249383f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2083f) Indirect leak of 524256 byte(s) in 1 object(s) allocated from: #0 0x498942 in calloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:154:3 #1 0xafc088 in xcalloc /src/git/wrapper.c:140:8 #2 0x796870 in topo_level_slab_at_peek /src/git/commit-graph.c:71:1 #3 0x7965e0 in topo_level_slab_at /src/git/commit-graph.c:71:1 #4 0x78fbf5 in compute_topological_levels /src/git/commit-graph.c:1472:12 #5 0x78c5c3 in write_commit_graph /src/git/commit-graph.c:2456:2 #6 0x535c5f in graph_write /src/git/builtin/commit-graph.c:299:6 #7 0x5350ca in cmd_commit_graph /src/git/builtin/commit-graph.c:337:11 git#8 0x4cddb1 in run_builtin /src/git/git.c:453:11 git#9 0x4cabe2 in handle_builtin /src/git/git.c:704:3 git#10 0x4cd084 in run_argv /src/git/git.c:771:4 git#11 0x4ca424 in cmd_main /src/git/git.c:902:19 git#12 0x707fb6 in main /src/git/common-main.c:52:11 git#13 0x7fee4249383f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2083f) SUMMARY: AddressSanitizer: 524264 byte(s) leaked in 2 allocation(s). Signed-off-by: Andrzej Hunt <ajrhunt@google.com>
gitster
pushed a commit
that referenced
this pull request
Feb 23, 2021
write_commit_graph initialises topo_levels using init_topo_level_slab(), next it calls compute_topological_levels() which can cause the slab to grow, we therefore need to clear the slab again using clear_topo_level_slab() when we're done. First introduced in 72a2bfc (commit-graph: add a slab to store topological levels, 2021-01-16). LeakSanitizer output: ==1026==ERROR: LeakSanitizer: detected memory leaks Direct leak of 8 byte(s) in 1 object(s) allocated from: #0 0x498ae9 in realloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:164:3 #1 0xafbed8 in xrealloc /src/git/wrapper.c:126:8 #2 0x7966d1 in topo_level_slab_at_peek /src/git/commit-graph.c:71:1 #3 0x7965e0 in topo_level_slab_at /src/git/commit-graph.c:71:1 #4 0x78fbf5 in compute_topological_levels /src/git/commit-graph.c:1472:12 #5 0x78c5c3 in write_commit_graph /src/git/commit-graph.c:2456:2 #6 0x535c5f in graph_write /src/git/builtin/commit-graph.c:299:6 #7 0x5350ca in cmd_commit_graph /src/git/builtin/commit-graph.c:337:11 #8 0x4cddb1 in run_builtin /src/git/git.c:453:11 #9 0x4cabe2 in handle_builtin /src/git/git.c:704:3 #10 0x4cd084 in run_argv /src/git/git.c:771:4 #11 0x4ca424 in cmd_main /src/git/git.c:902:19 #12 0x707fb6 in main /src/git/common-main.c:52:11 #13 0x7fee4249383f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2083f) Indirect leak of 524256 byte(s) in 1 object(s) allocated from: #0 0x498942 in calloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:154:3 #1 0xafc088 in xcalloc /src/git/wrapper.c:140:8 #2 0x796870 in topo_level_slab_at_peek /src/git/commit-graph.c:71:1 #3 0x7965e0 in topo_level_slab_at /src/git/commit-graph.c:71:1 #4 0x78fbf5 in compute_topological_levels /src/git/commit-graph.c:1472:12 #5 0x78c5c3 in write_commit_graph /src/git/commit-graph.c:2456:2 #6 0x535c5f in graph_write /src/git/builtin/commit-graph.c:299:6 #7 0x5350ca in cmd_commit_graph /src/git/builtin/commit-graph.c:337:11 #8 0x4cddb1 in run_builtin /src/git/git.c:453:11 #9 0x4cabe2 in handle_builtin /src/git/git.c:704:3 #10 0x4cd084 in run_argv /src/git/git.c:771:4 #11 0x4ca424 in cmd_main /src/git/git.c:902:19 #12 0x707fb6 in main /src/git/common-main.c:52:11 #13 0x7fee4249383f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2083f) SUMMARY: AddressSanitizer: 524264 byte(s) leaked in 2 allocation(s). Signed-off-by: Andrzej Hunt <ajrhunt@google.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
ahunt
added a commit
to ahunt/git
that referenced
this pull request
Feb 28, 2021
Both invocations of transport_helper_init take ownership of name, see:
- Path 1:
helper = xstrndup(...)
https://git.kernel.org/pub/scm/git/git.git/tree/transport.c#n1049
followed by transport_helper_init taking ownership:
https://git.kernel.org/pub/scm/git/git.git/tree/transport.c#n1053
- Path 2:
handler = xmemdupz(...), immediately followed by transpot_helper_init
taking ownership:
https://git.kernel.org/pub/scm/git/git.git/tree/transport.c#n1083
Therefore it seems clear that all functions clearing helper_data
should also be responsible for clearing the name. (We also add
a comment to transport_helper_init to make the ownership explicit.)
This avoids leaks such as the following, which I used to see on
every git pull - it's minor, but noisy. In most cases there appears
to be only one transport (so we'd leak at most once). The biggest
exception is builtin/push.c which can create multiple transports
in a loop, but even there the impact is unlikely to be noticeable.
Direct leak of 6 byte(s) in 1 object(s) allocated from:
#0 0x49a53d in malloc /home/abuild/rpmbuild/BUILD/llvm-11.0.0.src/build/../projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:145:3
#1 0x9a6fe4 in do_xmalloc /home/ahunt/oss-fuzz/git/wrapper.c:41:8
#2 0x9a7078 in do_xmallocz /home/ahunt/oss-fuzz/git/wrapper.c:75:8
#3 0x9a705a in xmallocz /home/ahunt/oss-fuzz/git/wrapper.c:83:9
#4 0x9a7107 in xmemdupz /home/ahunt/oss-fuzz/git/wrapper.c:99:16
#5 0x975338 in transport_get /home/ahunt/oss-fuzz/git/transport.c:1083:19
#6 0x5636c0 in prepare_transport /home/ahunt/oss-fuzz/git/builtin/fetch.c:1388:14
#7 0x56294d in fetch_one /home/ahunt/oss-fuzz/git/builtin/fetch.c:1837:15
git#8 0x561e2c in cmd_fetch /home/ahunt/oss-fuzz/git/builtin/fetch.c:1993:12
git#9 0x4cd60d in run_builtin /home/ahunt/oss-fuzz/git/git.c:453:11
git#10 0x4cb2da in handle_builtin /home/ahunt/oss-fuzz/git/git.c:704:3
git#11 0x4ccc37 in run_argv /home/ahunt/oss-fuzz/git/git.c:771:4
git#12 0x4cac29 in cmd_main /home/ahunt/oss-fuzz/git/git.c:902:19
git#13 0x69c43e in main /home/ahunt/oss-fuzz/git/common-main.c:52:11
git#14 0x7fec22a90349 in __libc_start_main (/lib64/libc.so.6+0x24349)
SUMMARY: AddressSanitizer: 6 byte(s) leaked in 1 allocation(s).
ahunt
added a commit
to ahunt/git
that referenced
this pull request
Feb 28, 2021
Both invocations of transport_helper_init take ownership of name, see:
- Path 1:
helper = xstrndup(...)
https://git.kernel.org/pub/scm/git/git.git/tree/transport.c#n1049
followed by transport_helper_init taking ownership:
https://git.kernel.org/pub/scm/git/git.git/tree/transport.c#n1053
- Path 2:
handler = xmemdupz(...), immediately followed by transpot_helper_init
taking ownership:
https://git.kernel.org/pub/scm/git/git.git/tree/transport.c#n1083
Therefore it seems clear that all functions clearing helper_data
should also be responsible for clearing the name. (We also add
a comment to transport_helper_init to make the ownership explicit.)
This avoids leaks such as the following, which I used to see on
every git pull - it's minor, but noisy. In most cases there appears
to be only one transport (so we'd leak at most once). The biggest
exception is builtin/push.c which can create multiple transports
in a loop, but even there the impact is unlikely to be noticeable.
Direct leak of 6 byte(s) in 1 object(s) allocated from:
#0 0x49a53d in malloc /home/abuild/rpmbuild/BUILD/llvm-11.0.0.src/build/../projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:145:3
#1 0x9a6fe4 in do_xmalloc /home/ahunt/oss-fuzz/git/wrapper.c:41:8
#2 0x9a7078 in do_xmallocz /home/ahunt/oss-fuzz/git/wrapper.c:75:8
#3 0x9a705a in xmallocz /home/ahunt/oss-fuzz/git/wrapper.c:83:9
#4 0x9a7107 in xmemdupz /home/ahunt/oss-fuzz/git/wrapper.c:99:16
#5 0x975338 in transport_get /home/ahunt/oss-fuzz/git/transport.c:1083:19
#6 0x5636c0 in prepare_transport /home/ahunt/oss-fuzz/git/builtin/fetch.c:1388:14
#7 0x56294d in fetch_one /home/ahunt/oss-fuzz/git/builtin/fetch.c:1837:15
git#8 0x561e2c in cmd_fetch /home/ahunt/oss-fuzz/git/builtin/fetch.c:1993:12
git#9 0x4cd60d in run_builtin /home/ahunt/oss-fuzz/git/git.c:453:11
git#10 0x4cb2da in handle_builtin /home/ahunt/oss-fuzz/git/git.c:704:3
git#11 0x4ccc37 in run_argv /home/ahunt/oss-fuzz/git/git.c:771:4
git#12 0x4cac29 in cmd_main /home/ahunt/oss-fuzz/git/git.c:902:19
git#13 0x69c43e in main /home/ahunt/oss-fuzz/git/common-main.c:52:11
git#14 0x7fec22a90349 in __libc_start_main (/lib64/libc.so.6+0x24349)
SUMMARY: AddressSanitizer: 6 byte(s) leaked in 1 allocation(s).
Signed-off-by: Andrzej Hunt <ajrhunt@google.com>
ahunt
added a commit
to ahunt/git
that referenced
this pull request
Feb 28, 2021
Both invocations of transport_helper_init take ownership of name, see:
- Path 1:
helper = xstrndup(...)
https://git.kernel.org/pub/scm/git/git.git/tree/transport.c#n1049
followed by transport_helper_init taking ownership:
https://git.kernel.org/pub/scm/git/git.git/tree/transport.c#n1053
- Path 2:
handler = xmemdupz(...), immediately followed by transpot_helper_init
taking ownership:
https://git.kernel.org/pub/scm/git/git.git/tree/transport.c#n1083
Therefore it seems clear that all functions clearing helper_data
should also be responsible for clearing the name. (We also add
a comment to transport_helper_init to make the ownership explicit.)
This avoids leaks such as the following, which I used to see on
every git pull - it's minor, but noisy. In most cases there appears
to be only one transport (so we'd leak at most once). The biggest
exception is builtin/push.c which can create multiple transports
in a loop, but even there the impact is unlikely to be noticeable.
Direct leak of 6 byte(s) in 1 object(s) allocated from:
#0 0x49a53d in malloc /home/abuild/rpmbuild/BUILD/llvm-11.0.0.src/build/../projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:145:3
#1 0x9a6fe4 in do_xmalloc /home/ahunt/oss-fuzz/git/wrapper.c:41:8
#2 0x9a7078 in do_xmallocz /home/ahunt/oss-fuzz/git/wrapper.c:75:8
#3 0x9a705a in xmallocz /home/ahunt/oss-fuzz/git/wrapper.c:83:9
#4 0x9a7107 in xmemdupz /home/ahunt/oss-fuzz/git/wrapper.c:99:16
#5 0x975338 in transport_get /home/ahunt/oss-fuzz/git/transport.c:1083:19
#6 0x5636c0 in prepare_transport /home/ahunt/oss-fuzz/git/builtin/fetch.c:1388:14
#7 0x56294d in fetch_one /home/ahunt/oss-fuzz/git/builtin/fetch.c:1837:15
git#8 0x561e2c in cmd_fetch /home/ahunt/oss-fuzz/git/builtin/fetch.c:1993:12
git#9 0x4cd60d in run_builtin /home/ahunt/oss-fuzz/git/git.c:453:11
git#10 0x4cb2da in handle_builtin /home/ahunt/oss-fuzz/git/git.c:704:3
git#11 0x4ccc37 in run_argv /home/ahunt/oss-fuzz/git/git.c:771:4
git#12 0x4cac29 in cmd_main /home/ahunt/oss-fuzz/git/git.c:902:19
git#13 0x69c43e in main /home/ahunt/oss-fuzz/git/common-main.c:52:11
git#14 0x7fec22a90349 in __libc_start_main (/lib64/libc.so.6+0x24349)
SUMMARY: AddressSanitizer: 6 byte(s) leaked in 1 allocation(s).
Signed-off-by: Andrzej Hunt <ajrhunt@google.com>
ahunt
added a commit
to ahunt/git
that referenced
this pull request
Mar 5, 2021
Fixes the following leak encountered when running t0001:
Direct leak of 19 byte(s) in 1 object(s) allocated from:
#0 0x486514 in strdup /home/abuild/rpmbuild/BUILD/llvm-11.0.0.src/build/../projects/compiler-rt/lib/asan/asan_interceptors.cpp:452:3
#1 0x9ab048 in xstrdup /home/ahunt/oss-fuzz/git/wrapper.c:29:14
#2 0x8b452f in refs_shorten_unambiguous_ref /home/ahunt/oss-fuzz/git/refs.c
#3 0x8b47e8 in shorten_unambiguous_ref /home/ahunt/oss-fuzz/git/refs.c:1287:9
#4 0x679fce in check_symref /home/ahunt/oss-fuzz/git/builtin/symbolic-ref.c:28:14
#5 0x679ad8 in cmd_symbolic_ref /home/ahunt/oss-fuzz/git/builtin/symbolic-ref.c:70:9
#6 0x4cd60d in run_builtin /home/ahunt/oss-fuzz/git/git.c:453:11
#7 0x4cb2da in handle_builtin /home/ahunt/oss-fuzz/git/git.c:704:3
git#8 0x4ccc37 in run_argv /home/ahunt/oss-fuzz/git/git.c:771:4
git#9 0x4cac29 in cmd_main /home/ahunt/oss-fuzz/git/git.c:902:19
git#10 0x69cc6e in main /home/ahunt/oss-fuzz/git/common-main.c:52:11
git#11 0x7f98388a4349 in __libc_start_main (/lib64/libc.so.6+0x24349)
ahunt
added a commit
to ahunt/git
that referenced
this pull request
Mar 5, 2021
dwim_ref() allocs a new string into ref. If we want to discard ref we should also free it. This leak appears to have been introduced in: 4cf76f6 (builtin/reset: compute checkout metadata for reset, 2020-03-16) Leak found while running t0001: Direct leak of 5 byte(s) in 1 object(s) allocated from: #0 0x486514 in strdup /home/abuild/rpmbuild/BUILD/llvm-11.0.0.src/build/../projects/compiler-rt/lib/asan/asan_interceptors.cpp:452:3 #1 0x9a7108 in xstrdup /home/ahunt/oss-fuzz/git/wrapper.c:29:14 #2 0x8add6b in expand_ref /home/ahunt/oss-fuzz/git/refs.c:670:12 #3 0x8ad777 in repo_dwim_ref /home/ahunt/oss-fuzz/git/refs.c:644:22 #4 0x6394af in dwim_ref /home/ahunt/oss-fuzz/git/./refs.h:162:9 #5 0x637e5c in cmd_reset /home/ahunt/oss-fuzz/git/builtin/reset.c:426:4 #6 0x4cd60d in run_builtin /home/ahunt/oss-fuzz/git/git.c:453:11 #7 0x4cb2da in handle_builtin /home/ahunt/oss-fuzz/git/git.c:704:3 git#8 0x4ccc37 in run_argv /home/ahunt/oss-fuzz/git/git.c:771:4 git#9 0x4cac29 in cmd_main /home/ahunt/oss-fuzz/git/git.c:902:19 git#10 0x69c5ce in main /home/ahunt/oss-fuzz/git/common-main.c:52:11 git#11 0x7f57ebb9d349 in __libc_start_main (/lib64/libc.so.6+0x24349)
ahunt
added a commit
to ahunt/git
that referenced
this pull request
Mar 5, 2021
This squashes numerous direct and indirect leaks encountered while running t0001
with LSAN. A selection of LSAN outputs are included below (the full list is
omitted because it's just too long and uninteresting).
We also add one free in the middle of cmd_clone(): path will be overwritten later,
hence we should free it after the first use to avoid a leak.
Direct leak of 178 byte(s) in 1 object(s) allocated from:
#0 0x49a53d in malloc /home/abuild/rpmbuild/BUILD/llvm-11.0.0.src/build/../projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:145:3
#1 0x9a6ff4 in do_xmalloc /home/ahunt/oss-fuzz/git/wrapper.c:41:8
#2 0x9a6fca in xmalloc /home/ahunt/oss-fuzz/git/wrapper.c:62:9
#3 0x8ce296 in copy_ref /home/ahunt/oss-fuzz/git/remote.c:885:8
#4 0x8d2ebd in guess_remote_head /home/ahunt/oss-fuzz/git/remote.c:2215:10
#5 0x51d0c5 in cmd_clone /home/ahunt/oss-fuzz/git/builtin/clone.c:1308:4
#6 0x4cd60d in run_builtin /home/ahunt/oss-fuzz/git/git.c:453:11
#7 0x4cb2da in handle_builtin /home/ahunt/oss-fuzz/git/git.c:704:3
git#8 0x4ccc37 in run_argv /home/ahunt/oss-fuzz/git/git.c:771:4
git#9 0x4cac29 in cmd_main /home/ahunt/oss-fuzz/git/git.c:902:19
git#10 0x69c45e in main /home/ahunt/oss-fuzz/git/common-main.c:52:11
git#11 0x7f6a459d5349 in __libc_start_main (/lib64/libc.so.6+0x24349)
Direct leak of 165 byte(s) in 1 object(s) allocated from:
#0 0x49a53d in malloc /home/abuild/rpmbuild/BUILD/llvm-11.0.0.src/build/../projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:145:3
#1 0x9a6fc4 in do_xmalloc /home/ahunt/oss-fuzz/git/wrapper.c:41:8
#2 0x9a6f9a in xmalloc /home/ahunt/oss-fuzz/git/wrapper.c:62:9
#3 0x8ce266 in copy_ref /home/ahunt/oss-fuzz/git/remote.c:885:8
#4 0x51e9bd in wanted_peer_refs /home/ahunt/oss-fuzz/git/builtin/clone.c:574:21
#5 0x51cfe1 in cmd_clone /home/ahunt/oss-fuzz/git/builtin/clone.c:1284:17
#6 0x4cd60d in run_builtin /home/ahunt/oss-fuzz/git/git.c:453:11
#7 0x4cb2da in handle_builtin /home/ahunt/oss-fuzz/git/git.c:704:3
git#8 0x4ccc37 in run_argv /home/ahunt/oss-fuzz/git/git.c:771:4
git#9 0x4cac29 in cmd_main /home/ahunt/oss-fuzz/git/git.c:902:19
git#10 0x69c42e in main /home/ahunt/oss-fuzz/git/common-main.c:52:11
git#11 0x7f8fef0c2349 in __libc_start_main (/lib64/libc.so.6+0x24349)
Direct leak of 165 byte(s) in 1 object(s) allocated from:
#0 0x49a6b2 in calloc /home/abuild/rpmbuild/BUILD/llvm-11.0.0.src/build/../projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:154:3
#1 0x9a72f2 in xcalloc /home/ahunt/oss-fuzz/git/wrapper.c:140:8
#2 0x8ce203 in alloc_ref_with_prefix /home/ahunt/oss-fuzz/git/remote.c:867:20
#3 0x8ce1a2 in alloc_ref /home/ahunt/oss-fuzz/git/remote.c:875:9
#4 0x72f63e in process_ref_v2 /home/ahunt/oss-fuzz/git/connect.c:426:8
#5 0x72f21a in get_remote_refs /home/ahunt/oss-fuzz/git/connect.c:525:8
#6 0x979ab7 in handshake /home/ahunt/oss-fuzz/git/transport.c:305:4
#7 0x97872d in get_refs_via_connect /home/ahunt/oss-fuzz/git/transport.c:339:9
git#8 0x9774b5 in transport_get_remote_refs /home/ahunt/oss-fuzz/git/transport.c:1388:4
git#9 0x51cf80 in cmd_clone /home/ahunt/oss-fuzz/git/builtin/clone.c:1271:9
git#10 0x4cd60d in run_builtin /home/ahunt/oss-fuzz/git/git.c:453:11
git#11 0x4cb2da in handle_builtin /home/ahunt/oss-fuzz/git/git.c:704:3
git#12 0x4ccc37 in run_argv /home/ahunt/oss-fuzz/git/git.c:771:4
git#13 0x4cac29 in cmd_main /home/ahunt/oss-fuzz/git/git.c:902:19
git#14 0x69c45e in main /home/ahunt/oss-fuzz/git/common-main.c:52:11
git#15 0x7f6a459d5349 in __libc_start_main (/lib64/libc.so.6+0x24349)
Direct leak of 178 byte(s) in 1 object(s) allocated from:
#0 0x49a53d in malloc /home/abuild/rpmbuild/BUILD/llvm-11.0.0.src/build/../projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:145:3
#1 0x9a6ff4 in do_xmalloc /home/ahunt/oss-fuzz/git/wrapper.c:41:8
#2 0x9a6fca in xmalloc /home/ahunt/oss-fuzz/git/wrapper.c:62:9
#3 0x8ce296 in copy_ref /home/ahunt/oss-fuzz/git/remote.c:885:8
#4 0x8d2ebd in guess_remote_head /home/ahunt/oss-fuzz/git/remote.c:2215:10
#5 0x51d0c5 in cmd_clone /home/ahunt/oss-fuzz/git/builtin/clone.c:1308:4
#6 0x4cd60d in run_builtin /home/ahunt/oss-fuzz/git/git.c:453:11
#7 0x4cb2da in handle_builtin /home/ahunt/oss-fuzz/git/git.c:704:3
git#8 0x4ccc37 in run_argv /home/ahunt/oss-fuzz/git/git.c:771:4
git#9 0x4cac29 in cmd_main /home/ahunt/oss-fuzz/git/git.c:902:19
git#10 0x69c45e in main /home/ahunt/oss-fuzz/git/common-main.c:52:11
git#11 0x7f6a459d5349 in __libc_start_main (/lib64/libc.so.6+0x24349)
Direct leak of 165 byte(s) in 1 object(s) allocated from:
#0 0x49a6b2 in calloc /home/abuild/rpmbuild/BUILD/llvm-11.0.0.src/build/../projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:154:3
#1 0x9a72f2 in xcalloc /home/ahunt/oss-fuzz/git/wrapper.c:140:8
#2 0x8ce203 in alloc_ref_with_prefix /home/ahunt/oss-fuzz/git/remote.c:867:20
#3 0x8ce1a2 in alloc_ref /home/ahunt/oss-fuzz/git/remote.c:875:9
#4 0x72f63e in process_ref_v2 /home/ahunt/oss-fuzz/git/connect.c:426:8
#5 0x72f21a in get_remote_refs /home/ahunt/oss-fuzz/git/connect.c:525:8
#6 0x979ab7 in handshake /home/ahunt/oss-fuzz/git/transport.c:305:4
#7 0x97872d in get_refs_via_connect /home/ahunt/oss-fuzz/git/transport.c:339:9
git#8 0x9774b5 in transport_get_remote_refs /home/ahunt/oss-fuzz/git/transport.c:1388:4
git#9 0x51cf80 in cmd_clone /home/ahunt/oss-fuzz/git/builtin/clone.c:1271:9
git#10 0x4cd60d in run_builtin /home/ahunt/oss-fuzz/git/git.c:453:11
git#11 0x4cb2da in handle_builtin /home/ahunt/oss-fuzz/git/git.c:704:3
git#12 0x4ccc37 in run_argv /home/ahunt/oss-fuzz/git/git.c:771:4
git#13 0x4cac29 in cmd_main /home/ahunt/oss-fuzz/git/git.c:902:19
git#14 0x69c45e in main /home/ahunt/oss-fuzz/git/common-main.c:52:11
git#15 0x7f6a459d5349 in __libc_start_main (/lib64/libc.so.6+0x24349)
Direct leak of 105 byte(s) in 1 object(s) allocated from:
#0 0x49a859 in realloc /home/abuild/rpmbuild/BUILD/llvm-11.0.0.src/build/../projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:164:3
#1 0x9a71f6 in xrealloc /home/ahunt/oss-fuzz/git/wrapper.c:126:8
#2 0x93622d in strbuf_grow /home/ahunt/oss-fuzz/git/strbuf.c:98:2
#3 0x937a73 in strbuf_addch /home/ahunt/oss-fuzz/git/./strbuf.h:231:3
#4 0x939fcd in strbuf_add_absolute_path /home/ahunt/oss-fuzz/git/strbuf.c:911:4
#5 0x69d3ce in absolute_pathdup /home/ahunt/oss-fuzz/git/abspath.c:261:2
#6 0x51c688 in cmd_clone /home/ahunt/oss-fuzz/git/builtin/clone.c:1021:10
#7 0x4cd60d in run_builtin /home/ahunt/oss-fuzz/git/git.c:453:11
git#8 0x4cb2da in handle_builtin /home/ahunt/oss-fuzz/git/git.c:704:3
git#9 0x4ccc37 in run_argv /home/ahunt/oss-fuzz/git/git.c:771:4
git#10 0x4cac29 in cmd_main /home/ahunt/oss-fuzz/git/git.c:902:19
git#11 0x69c45e in main /home/ahunt/oss-fuzz/git/common-main.c:52:11
git#12 0x7f6a459d5349 in __libc_start_main (/lib64/libc.so.6+0x24349)
ahunt
added a commit
to ahunt/git
that referenced
this pull request
Mar 5, 2021
Make sure we release a temporary strbuf during dwim_branch() for all codepaths.
Furthermore, UNLEAK dwim_branch()'s return value in add().
add() is only used directly from cmd_worktree(), hence there's little value
in making sure we actually free() the pointer there (vs just using UNLEAK).
Using free() would require more complicated changes as the same pointer is used
to point to either a string literal, an array member owned elsewhere, or a newly
allocated string returned by dwim_branch().
Both leaks found when running t0001 with LSAN (clang-11):
Direct leak of 60 byte(s) in 1 object(s) allocated from:
#0 0x49a859 in realloc /home/abuild/rpmbuild/BUILD/llvm-11.0.0.src/build/../projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:164:3
#1 0x9ab076 in xrealloc /home/ahunt/oss-fuzz/git/wrapper.c:126:8
#2 0x939fcd in strbuf_grow /home/ahunt/oss-fuzz/git/strbuf.c:98:2
#3 0x93af53 in strbuf_splice /home/ahunt/oss-fuzz/git/strbuf.c:239:3
#4 0x83559a in strbuf_check_branch_ref /home/ahunt/oss-fuzz/git/object-name.c:1593:2
#5 0x6988b9 in dwim_branch /home/ahunt/oss-fuzz/git/builtin/worktree.c:454:20
#6 0x695f8f in add /home/ahunt/oss-fuzz/git/builtin/worktree.c:525:19
#7 0x694a04 in cmd_worktree /home/ahunt/oss-fuzz/git/builtin/worktree.c:1036:10
git#8 0x4cd60d in run_builtin /home/ahunt/oss-fuzz/git/git.c:453:11
git#9 0x4cb2da in handle_builtin /home/ahunt/oss-fuzz/git/git.c:704:3
git#10 0x4ccc37 in run_argv /home/ahunt/oss-fuzz/git/git.c:771:4
git#11 0x4cac29 in cmd_main /home/ahunt/oss-fuzz/git/git.c:902:19
git#12 0x69caee in main /home/ahunt/oss-fuzz/git/common-main.c:52:11
git#13 0x7f7b7dd10349 in __libc_start_main (/lib64/libc.so.6+0x24349)
Direct leak of 16 byte(s) in 1 object(s) allocated from:
#0 0x49a53d in malloc /home/abuild/rpmbuild/BUILD/llvm-11.0.0.src/build/../projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:145:3
#1 0x9aae74 in do_xmalloc /home/ahunt/oss-fuzz/git/wrapper.c:41:8
#2 0x9aaf08 in do_xmallocz /home/ahunt/oss-fuzz/git/wrapper.c:75:8
#3 0x9aaeea in xmallocz /home/ahunt/oss-fuzz/git/wrapper.c:83:9
#4 0x9aaf97 in xmemdupz /home/ahunt/oss-fuzz/git/wrapper.c:99:16
#5 0x9aafee in xstrndup /home/ahunt/oss-fuzz/git/wrapper.c:105:9
#6 0x698887 in dwim_branch /home/ahunt/oss-fuzz/git/builtin/worktree.c:450:27
#7 0x695f8f in add /home/ahunt/oss-fuzz/git/builtin/worktree.c:525:19
git#8 0x694a04 in cmd_worktree /home/ahunt/oss-fuzz/git/builtin/worktree.c:1036:10
git#9 0x4cd60d in run_builtin /home/ahunt/oss-fuzz/git/git.c:453:11
git#10 0x4cb2da in handle_builtin /home/ahunt/oss-fuzz/git/git.c:704:3
git#11 0x4ccc37 in run_argv /home/ahunt/oss-fuzz/git/git.c:771:4
git#12 0x4cac29 in cmd_main /home/ahunt/oss-fuzz/git/git.c:902:19
git#13 0x69caee in main /home/ahunt/oss-fuzz/git/common-main.c:52:11
git#14 0x7f7b7dd10349 in __libc_start_main (/lib64/libc.so.6+0x24349)
ahunt
added a commit
to ahunt/git
that referenced
this pull request
Mar 5, 2021
init_db_config_path could be leaked because:
1. git_init_db_config() allocates new data into init_db_config_path on every
invocation without freeing preexisting data.
2. git_init_db_config() can be called multiple times for a single git_config()
invocation (see docs on git_config() for context).
Furthermore, until very recently, git_config(git_init_db_config(), ...) could
have been invoked twice in a single process as git_init_db_config() used to
be used to handle core.* config settings. This was changed in a previous
patch in this series.
Freeing the existing value in git_init_db_config() would be the least intrusive
fix, however switching to git_config_get_value() simplifies the code further by
letting us remove the static pointer (furthermore, the returned data is owned by
the config cache, saving us from having to worry about freeing it later).
LSAN output from t0001:
Direct leak of 73 byte(s) in 1 object(s) allocated from:
#0 0x49a859 in realloc /home/abuild/rpmbuild/BUILD/llvm-11.0.0.src/build/../projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:164:3
#1 0x9a7276 in xrealloc /home/ahunt/oss-fuzz/git/wrapper.c:126:8
#2 0x9362ad in strbuf_grow /home/ahunt/oss-fuzz/git/strbuf.c:98:2
#3 0x936eaa in strbuf_add /home/ahunt/oss-fuzz/git/strbuf.c:295:2
#4 0x868112 in strbuf_addstr /home/ahunt/oss-fuzz/git/./strbuf.h:304:2
#5 0x86a8ad in expand_user_path /home/ahunt/oss-fuzz/git/path.c:758:2
#6 0x720bb1 in git_config_pathname /home/ahunt/oss-fuzz/git/config.c:1287:10
#7 0x5960e2 in git_init_db_config /home/ahunt/oss-fuzz/git/builtin/init-db.c:161:11
git#8 0x7255b8 in configset_iter /home/ahunt/oss-fuzz/git/config.c:1982:7
git#9 0x7253fc in repo_config /home/ahunt/oss-fuzz/git/config.c:2311:2
git#10 0x725ca7 in git_config /home/ahunt/oss-fuzz/git/config.c:2399:2
git#11 0x593e8d in create_default_files /home/ahunt/oss-fuzz/git/builtin/init-db.c:225:2
git#12 0x5935c6 in init_db /home/ahunt/oss-fuzz/git/builtin/init-db.c:449:11
git#13 0x59588e in cmd_init_db /home/ahunt/oss-fuzz/git/builtin/init-db.c:714:9
git#14 0x4cd60d in run_builtin /home/ahunt/oss-fuzz/git/git.c:453:11
git#15 0x4cb2da in handle_builtin /home/ahunt/oss-fuzz/git/git.c:704:3
git#16 0x4ccc37 in run_argv /home/ahunt/oss-fuzz/git/git.c:771:4
git#17 0x4cac29 in cmd_main /home/ahunt/oss-fuzz/git/git.c:902:19
git#18 0x69c4de in main /home/ahunt/oss-fuzz/git/common-main.c:52:11
git#19 0x7f23552d6349 in __libc_start_main (/lib64/libc.so.6+0x24349)
ahunt
added a commit
to ahunt/git
that referenced
this pull request
Mar 5, 2021
preprocess_options() allocates new strings for help messages if the input options contain aliases. Therefore we also need to clean those help messages up when freeing the returned options. First introduced in: 7c28058 (parse-options: teach "git cmd -h" to show alias as alias, 2020-03-16) The preprocessed options themselves no longer contain any indication that a given option is/was an alias: the easiest and fastest way to figure it out is to look back at the original options. Alternatively we could iterate over the alias_groups list - but that would require nested looping and is likely to be a (little) less efficient. As far as I can tell, parse_options() is only ever used once per command, and the help messages are small - hence this leak has very little impact. This leak was found while running t0001. LSAN output can be found below: Direct leak of 65 byte(s) in 1 object(s) allocated from: #0 0x49a859 in realloc /home/abuild/rpmbuild/BUILD/llvm-11.0.0.src/build/../projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:164:3 #1 0x9aae36 in xrealloc /home/ahunt/oss-fuzz/git/wrapper.c:126:8 #2 0x939d8d in strbuf_grow /home/ahunt/oss-fuzz/git/strbuf.c:98:2 #3 0x93b936 in strbuf_vaddf /home/ahunt/oss-fuzz/git/strbuf.c:392:3 #4 0x93b7ff in strbuf_addf /home/ahunt/oss-fuzz/git/strbuf.c:333:2 #5 0x86747e in preprocess_options /home/ahunt/oss-fuzz/git/parse-options.c:666:3 #6 0x866ed2 in parse_options /home/ahunt/oss-fuzz/git/parse-options.c:847:17 #7 0x51c4a7 in cmd_clone /home/ahunt/oss-fuzz/git/builtin/clone.c:989:9 git#8 0x4cd60d in run_builtin /home/ahunt/oss-fuzz/git/git.c:453:11 git#9 0x4cb2da in handle_builtin /home/ahunt/oss-fuzz/git/git.c:704:3 git#10 0x4ccc37 in run_argv /home/ahunt/oss-fuzz/git/git.c:771:4 git#11 0x4cac29 in cmd_main /home/ahunt/oss-fuzz/git/git.c:902:19 git#12 0x69c9fe in main /home/ahunt/oss-fuzz/git/common-main.c:52:11 git#13 0x7fdac42d4349 in __libc_start_main (/lib64/libc.so.6+0x24349)
ahunt
added a commit
to ahunt/git
that referenced
this pull request
Mar 5, 2021
Fixes the following leak encountered when running t0001:
Direct leak of 19 byte(s) in 1 object(s) allocated from:
#0 0x486514 in strdup /home/abuild/rpmbuild/BUILD/llvm-11.0.0.src/build/../projects/compiler-rt/lib/asan/asan_interceptors.cpp:452:3
#1 0x9ab048 in xstrdup /home/ahunt/oss-fuzz/git/wrapper.c:29:14
#2 0x8b452f in refs_shorten_unambiguous_ref /home/ahunt/oss-fuzz/git/refs.c
#3 0x8b47e8 in shorten_unambiguous_ref /home/ahunt/oss-fuzz/git/refs.c:1287:9
#4 0x679fce in check_symref /home/ahunt/oss-fuzz/git/builtin/symbolic-ref.c:28:14
#5 0x679ad8 in cmd_symbolic_ref /home/ahunt/oss-fuzz/git/builtin/symbolic-ref.c:70:9
#6 0x4cd60d in run_builtin /home/ahunt/oss-fuzz/git/git.c:453:11
#7 0x4cb2da in handle_builtin /home/ahunt/oss-fuzz/git/git.c:704:3
git#8 0x4ccc37 in run_argv /home/ahunt/oss-fuzz/git/git.c:771:4
git#9 0x4cac29 in cmd_main /home/ahunt/oss-fuzz/git/git.c:902:19
git#10 0x69cc6e in main /home/ahunt/oss-fuzz/git/common-main.c:52:11
git#11 0x7f98388a4349 in __libc_start_main (/lib64/libc.so.6+0x24349)
ahunt
added a commit
to ahunt/git
that referenced
this pull request
Mar 5, 2021
dwim_ref() allocs a new string into ref. If we want to discard ref we should also free it. This leak appears to have been introduced in: 4cf76f6 (builtin/reset: compute checkout metadata for reset, 2020-03-16) Leak found while running t0001: Direct leak of 5 byte(s) in 1 object(s) allocated from: #0 0x486514 in strdup /home/abuild/rpmbuild/BUILD/llvm-11.0.0.src/build/../projects/compiler-rt/lib/asan/asan_interceptors.cpp:452:3 #1 0x9a7108 in xstrdup /home/ahunt/oss-fuzz/git/wrapper.c:29:14 #2 0x8add6b in expand_ref /home/ahunt/oss-fuzz/git/refs.c:670:12 #3 0x8ad777 in repo_dwim_ref /home/ahunt/oss-fuzz/git/refs.c:644:22 #4 0x6394af in dwim_ref /home/ahunt/oss-fuzz/git/./refs.h:162:9 #5 0x637e5c in cmd_reset /home/ahunt/oss-fuzz/git/builtin/reset.c:426:4 #6 0x4cd60d in run_builtin /home/ahunt/oss-fuzz/git/git.c:453:11 #7 0x4cb2da in handle_builtin /home/ahunt/oss-fuzz/git/git.c:704:3 git#8 0x4ccc37 in run_argv /home/ahunt/oss-fuzz/git/git.c:771:4 git#9 0x4cac29 in cmd_main /home/ahunt/oss-fuzz/git/git.c:902:19 git#10 0x69c5ce in main /home/ahunt/oss-fuzz/git/common-main.c:52:11 git#11 0x7f57ebb9d349 in __libc_start_main (/lib64/libc.so.6+0x24349)
ahunt
added a commit
to ahunt/git
that referenced
this pull request
Mar 5, 2021
This squashes numerous direct and indirect leaks encountered while running t0001
with LSAN. A selection of LSAN outputs are included below (the full list is
omitted because it's just too long and uninteresting).
We also add one free in the middle of cmd_clone(): path will be overwritten later,
hence we should free it after the first use to avoid a leak.
Direct leak of 178 byte(s) in 1 object(s) allocated from:
#0 0x49a53d in malloc /home/abuild/rpmbuild/BUILD/llvm-11.0.0.src/build/../projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:145:3
#1 0x9a6ff4 in do_xmalloc /home/ahunt/oss-fuzz/git/wrapper.c:41:8
#2 0x9a6fca in xmalloc /home/ahunt/oss-fuzz/git/wrapper.c:62:9
#3 0x8ce296 in copy_ref /home/ahunt/oss-fuzz/git/remote.c:885:8
#4 0x8d2ebd in guess_remote_head /home/ahunt/oss-fuzz/git/remote.c:2215:10
#5 0x51d0c5 in cmd_clone /home/ahunt/oss-fuzz/git/builtin/clone.c:1308:4
#6 0x4cd60d in run_builtin /home/ahunt/oss-fuzz/git/git.c:453:11
#7 0x4cb2da in handle_builtin /home/ahunt/oss-fuzz/git/git.c:704:3
git#8 0x4ccc37 in run_argv /home/ahunt/oss-fuzz/git/git.c:771:4
git#9 0x4cac29 in cmd_main /home/ahunt/oss-fuzz/git/git.c:902:19
git#10 0x69c45e in main /home/ahunt/oss-fuzz/git/common-main.c:52:11
git#11 0x7f6a459d5349 in __libc_start_main (/lib64/libc.so.6+0x24349)
Direct leak of 165 byte(s) in 1 object(s) allocated from:
#0 0x49a53d in malloc /home/abuild/rpmbuild/BUILD/llvm-11.0.0.src/build/../projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:145:3
#1 0x9a6fc4 in do_xmalloc /home/ahunt/oss-fuzz/git/wrapper.c:41:8
#2 0x9a6f9a in xmalloc /home/ahunt/oss-fuzz/git/wrapper.c:62:9
#3 0x8ce266 in copy_ref /home/ahunt/oss-fuzz/git/remote.c:885:8
#4 0x51e9bd in wanted_peer_refs /home/ahunt/oss-fuzz/git/builtin/clone.c:574:21
#5 0x51cfe1 in cmd_clone /home/ahunt/oss-fuzz/git/builtin/clone.c:1284:17
#6 0x4cd60d in run_builtin /home/ahunt/oss-fuzz/git/git.c:453:11
#7 0x4cb2da in handle_builtin /home/ahunt/oss-fuzz/git/git.c:704:3
git#8 0x4ccc37 in run_argv /home/ahunt/oss-fuzz/git/git.c:771:4
git#9 0x4cac29 in cmd_main /home/ahunt/oss-fuzz/git/git.c:902:19
git#10 0x69c42e in main /home/ahunt/oss-fuzz/git/common-main.c:52:11
git#11 0x7f8fef0c2349 in __libc_start_main (/lib64/libc.so.6+0x24349)
Direct leak of 165 byte(s) in 1 object(s) allocated from:
#0 0x49a6b2 in calloc /home/abuild/rpmbuild/BUILD/llvm-11.0.0.src/build/../projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:154:3
#1 0x9a72f2 in xcalloc /home/ahunt/oss-fuzz/git/wrapper.c:140:8
#2 0x8ce203 in alloc_ref_with_prefix /home/ahunt/oss-fuzz/git/remote.c:867:20
#3 0x8ce1a2 in alloc_ref /home/ahunt/oss-fuzz/git/remote.c:875:9
#4 0x72f63e in process_ref_v2 /home/ahunt/oss-fuzz/git/connect.c:426:8
#5 0x72f21a in get_remote_refs /home/ahunt/oss-fuzz/git/connect.c:525:8
#6 0x979ab7 in handshake /home/ahunt/oss-fuzz/git/transport.c:305:4
#7 0x97872d in get_refs_via_connect /home/ahunt/oss-fuzz/git/transport.c:339:9
git#8 0x9774b5 in transport_get_remote_refs /home/ahunt/oss-fuzz/git/transport.c:1388:4
git#9 0x51cf80 in cmd_clone /home/ahunt/oss-fuzz/git/builtin/clone.c:1271:9
git#10 0x4cd60d in run_builtin /home/ahunt/oss-fuzz/git/git.c:453:11
git#11 0x4cb2da in handle_builtin /home/ahunt/oss-fuzz/git/git.c:704:3
git#12 0x4ccc37 in run_argv /home/ahunt/oss-fuzz/git/git.c:771:4
git#13 0x4cac29 in cmd_main /home/ahunt/oss-fuzz/git/git.c:902:19
git#14 0x69c45e in main /home/ahunt/oss-fuzz/git/common-main.c:52:11
git#15 0x7f6a459d5349 in __libc_start_main (/lib64/libc.so.6+0x24349)
Direct leak of 178 byte(s) in 1 object(s) allocated from:
#0 0x49a53d in malloc /home/abuild/rpmbuild/BUILD/llvm-11.0.0.src/build/../projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:145:3
#1 0x9a6ff4 in do_xmalloc /home/ahunt/oss-fuzz/git/wrapper.c:41:8
#2 0x9a6fca in xmalloc /home/ahunt/oss-fuzz/git/wrapper.c:62:9
#3 0x8ce296 in copy_ref /home/ahunt/oss-fuzz/git/remote.c:885:8
#4 0x8d2ebd in guess_remote_head /home/ahunt/oss-fuzz/git/remote.c:2215:10
#5 0x51d0c5 in cmd_clone /home/ahunt/oss-fuzz/git/builtin/clone.c:1308:4
#6 0x4cd60d in run_builtin /home/ahunt/oss-fuzz/git/git.c:453:11
#7 0x4cb2da in handle_builtin /home/ahunt/oss-fuzz/git/git.c:704:3
git#8 0x4ccc37 in run_argv /home/ahunt/oss-fuzz/git/git.c:771:4
git#9 0x4cac29 in cmd_main /home/ahunt/oss-fuzz/git/git.c:902:19
git#10 0x69c45e in main /home/ahunt/oss-fuzz/git/common-main.c:52:11
git#11 0x7f6a459d5349 in __libc_start_main (/lib64/libc.so.6+0x24349)
Direct leak of 165 byte(s) in 1 object(s) allocated from:
#0 0x49a6b2 in calloc /home/abuild/rpmbuild/BUILD/llvm-11.0.0.src/build/../projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:154:3
#1 0x9a72f2 in xcalloc /home/ahunt/oss-fuzz/git/wrapper.c:140:8
#2 0x8ce203 in alloc_ref_with_prefix /home/ahunt/oss-fuzz/git/remote.c:867:20
#3 0x8ce1a2 in alloc_ref /home/ahunt/oss-fuzz/git/remote.c:875:9
#4 0x72f63e in process_ref_v2 /home/ahunt/oss-fuzz/git/connect.c:426:8
#5 0x72f21a in get_remote_refs /home/ahunt/oss-fuzz/git/connect.c:525:8
#6 0x979ab7 in handshake /home/ahunt/oss-fuzz/git/transport.c:305:4
#7 0x97872d in get_refs_via_connect /home/ahunt/oss-fuzz/git/transport.c:339:9
git#8 0x9774b5 in transport_get_remote_refs /home/ahunt/oss-fuzz/git/transport.c:1388:4
git#9 0x51cf80 in cmd_clone /home/ahunt/oss-fuzz/git/builtin/clone.c:1271:9
git#10 0x4cd60d in run_builtin /home/ahunt/oss-fuzz/git/git.c:453:11
git#11 0x4cb2da in handle_builtin /home/ahunt/oss-fuzz/git/git.c:704:3
git#12 0x4ccc37 in run_argv /home/ahunt/oss-fuzz/git/git.c:771:4
git#13 0x4cac29 in cmd_main /home/ahunt/oss-fuzz/git/git.c:902:19
git#14 0x69c45e in main /home/ahunt/oss-fuzz/git/common-main.c:52:11
git#15 0x7f6a459d5349 in __libc_start_main (/lib64/libc.so.6+0x24349)
Direct leak of 105 byte(s) in 1 object(s) allocated from:
#0 0x49a859 in realloc /home/abuild/rpmbuild/BUILD/llvm-11.0.0.src/build/../projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:164:3
#1 0x9a71f6 in xrealloc /home/ahunt/oss-fuzz/git/wrapper.c:126:8
#2 0x93622d in strbuf_grow /home/ahunt/oss-fuzz/git/strbuf.c:98:2
#3 0x937a73 in strbuf_addch /home/ahunt/oss-fuzz/git/./strbuf.h:231:3
#4 0x939fcd in strbuf_add_absolute_path /home/ahunt/oss-fuzz/git/strbuf.c:911:4
#5 0x69d3ce in absolute_pathdup /home/ahunt/oss-fuzz/git/abspath.c:261:2
#6 0x51c688 in cmd_clone /home/ahunt/oss-fuzz/git/builtin/clone.c:1021:10
#7 0x4cd60d in run_builtin /home/ahunt/oss-fuzz/git/git.c:453:11
git#8 0x4cb2da in handle_builtin /home/ahunt/oss-fuzz/git/git.c:704:3
git#9 0x4ccc37 in run_argv /home/ahunt/oss-fuzz/git/git.c:771:4
git#10 0x4cac29 in cmd_main /home/ahunt/oss-fuzz/git/git.c:902:19
git#11 0x69c45e in main /home/ahunt/oss-fuzz/git/common-main.c:52:11
git#12 0x7f6a459d5349 in __libc_start_main (/lib64/libc.so.6+0x24349)
ahunt
added a commit
to ahunt/git
that referenced
this pull request
Mar 5, 2021
preprocess_options() allocates new strings for help messages if the input options contain aliases. Therefore we also need to clean those help messages up when freeing the returned options. First introduced in: 7c28058 (parse-options: teach "git cmd -h" to show alias as alias, 2020-03-16) The preprocessed options themselves no longer contain any indication that a given option is/was an alias: the easiest and fastest way to figure it out is to look back at the original options. Alternatively we could iterate over the alias_groups list - but that would require nested looping and is likely to be a (little) less efficient. As far as I can tell, parse_options() is only ever used once per command, and the help messages are small - hence this leak has very little impact. This leak was found while running t0001. LSAN output can be found below: Direct leak of 65 byte(s) in 1 object(s) allocated from: #0 0x49a859 in realloc /home/abuild/rpmbuild/BUILD/llvm-11.0.0.src/build/../projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:164:3 #1 0x9aae36 in xrealloc /home/ahunt/oss-fuzz/git/wrapper.c:126:8 #2 0x939d8d in strbuf_grow /home/ahunt/oss-fuzz/git/strbuf.c:98:2 #3 0x93b936 in strbuf_vaddf /home/ahunt/oss-fuzz/git/strbuf.c:392:3 #4 0x93b7ff in strbuf_addf /home/ahunt/oss-fuzz/git/strbuf.c:333:2 #5 0x86747e in preprocess_options /home/ahunt/oss-fuzz/git/parse-options.c:666:3 #6 0x866ed2 in parse_options /home/ahunt/oss-fuzz/git/parse-options.c:847:17 #7 0x51c4a7 in cmd_clone /home/ahunt/oss-fuzz/git/builtin/clone.c:989:9 git#8 0x4cd60d in run_builtin /home/ahunt/oss-fuzz/git/git.c:453:11 git#9 0x4cb2da in handle_builtin /home/ahunt/oss-fuzz/git/git.c:704:3 git#10 0x4ccc37 in run_argv /home/ahunt/oss-fuzz/git/git.c:771:4 git#11 0x4cac29 in cmd_main /home/ahunt/oss-fuzz/git/git.c:902:19 git#12 0x69c9fe in main /home/ahunt/oss-fuzz/git/common-main.c:52:11 git#13 0x7fdac42d4349 in __libc_start_main (/lib64/libc.so.6+0x24349)
ahunt
added a commit
to ahunt/git
that referenced
this pull request
Mar 6, 2021
This leak has existed since: 9ab55da (git symbolic-ref --delete $symref, 2012-10-21) This leak was found when running t0001 with LSAN, see also LSAN output below: Direct leak of 19 byte(s) in 1 object(s) allocated from: #0 0x486514 in strdup /home/abuild/rpmbuild/BUILD/llvm-11.0.0.src/build/../projects/compiler-rt/lib/asan/asan_interceptors.cpp:452:3 #1 0x9ab048 in xstrdup /home/ahunt/oss-fuzz/git/wrapper.c:29:14 #2 0x8b452f in refs_shorten_unambiguous_ref /home/ahunt/oss-fuzz/git/refs.c #3 0x8b47e8 in shorten_unambiguous_ref /home/ahunt/oss-fuzz/git/refs.c:1287:9 #4 0x679fce in check_symref /home/ahunt/oss-fuzz/git/builtin/symbolic-ref.c:28:14 #5 0x679ad8 in cmd_symbolic_ref /home/ahunt/oss-fuzz/git/builtin/symbolic-ref.c:70:9 #6 0x4cd60d in run_builtin /home/ahunt/oss-fuzz/git/git.c:453:11 #7 0x4cb2da in handle_builtin /home/ahunt/oss-fuzz/git/git.c:704:3 git#8 0x4ccc37 in run_argv /home/ahunt/oss-fuzz/git/git.c:771:4 git#9 0x4cac29 in cmd_main /home/ahunt/oss-fuzz/git/git.c:902:19 git#10 0x69cc6e in main /home/ahunt/oss-fuzz/git/common-main.c:52:11 git#11 0x7f98388a4349 in __libc_start_main (/lib64/libc.so.6+0x24349)
ahunt
added a commit
to ahunt/git
that referenced
this pull request
Mar 6, 2021
dwim_ref() allocs a new string into ref. If we want to discard ref we should also free it. This leak appears to have been introduced in: 4cf76f6 (builtin/reset: compute checkout metadata for reset, 2020-03-16) This leak was found when running t0001 with LSAN, see also LSAN output below: Direct leak of 5 byte(s) in 1 object(s) allocated from: #0 0x486514 in strdup /home/abuild/rpmbuild/BUILD/llvm-11.0.0.src/build/../projects/compiler-rt/lib/asan/asan_interceptors.cpp:452:3 #1 0x9a7108 in xstrdup /home/ahunt/oss-fuzz/git/wrapper.c:29:14 #2 0x8add6b in expand_ref /home/ahunt/oss-fuzz/git/refs.c:670:12 #3 0x8ad777 in repo_dwim_ref /home/ahunt/oss-fuzz/git/refs.c:644:22 #4 0x6394af in dwim_ref /home/ahunt/oss-fuzz/git/./refs.h:162:9 #5 0x637e5c in cmd_reset /home/ahunt/oss-fuzz/git/builtin/reset.c:426:4 #6 0x4cd60d in run_builtin /home/ahunt/oss-fuzz/git/git.c:453:11 #7 0x4cb2da in handle_builtin /home/ahunt/oss-fuzz/git/git.c:704:3 git#8 0x4ccc37 in run_argv /home/ahunt/oss-fuzz/git/git.c:771:4 git#9 0x4cac29 in cmd_main /home/ahunt/oss-fuzz/git/git.c:902:19 git#10 0x69c5ce in main /home/ahunt/oss-fuzz/git/common-main.c:52:11 git#11 0x7f57ebb9d349 in __libc_start_main (/lib64/libc.so.6+0x24349)
ahunt
added a commit
to ahunt/git
that referenced
this pull request
Mar 6, 2021
Most of these pointers can safely be freed when cmd_clone() completes, therefore we make sure to free them. The one exception is that we UNLEAK(repo) because repo can point either to argv[0], or a malloc'd string returned by absolute_pathdup(). We also have to free(path) in the middle of cmd_clone(): path is unconditionally overwritten later (with a different path), triggering a leak of the original contents. Hence we need to free it: freeing immediately after use (but only in the case where it contains data) seems like the cleanest solution, as opposed to freeing it unconditionally before path is reused for another path. This leak appears to have been introduced in: f38aa83 (use local cloning if insteadOf makes a local URL, 2014-07-17) These leaks were found when running t0001 with LSAN, see also an excerpt of the LSAN output below (the full list is omitted because it's far too long, and mostly consists of indirect leakage of members of the refs we are freeing). Direct leak of 178 byte(s) in 1 object(s) allocated from: #0 0x49a53d in malloc /home/abuild/rpmbuild/BUILD/llvm-11.0.0.src/build/../projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:145:3 #1 0x9a6ff4 in do_xmalloc /home/ahunt/oss-fuzz/git/wrapper.c:41:8 #2 0x9a6fca in xmalloc /home/ahunt/oss-fuzz/git/wrapper.c:62:9 #3 0x8ce296 in copy_ref /home/ahunt/oss-fuzz/git/remote.c:885:8 #4 0x8d2ebd in guess_remote_head /home/ahunt/oss-fuzz/git/remote.c:2215:10 #5 0x51d0c5 in cmd_clone /home/ahunt/oss-fuzz/git/builtin/clone.c:1308:4 #6 0x4cd60d in run_builtin /home/ahunt/oss-fuzz/git/git.c:453:11 #7 0x4cb2da in handle_builtin /home/ahunt/oss-fuzz/git/git.c:704:3 git#8 0x4ccc37 in run_argv /home/ahunt/oss-fuzz/git/git.c:771:4 git#9 0x4cac29 in cmd_main /home/ahunt/oss-fuzz/git/git.c:902:19 git#10 0x69c45e in main /home/ahunt/oss-fuzz/git/common-main.c:52:11 git#11 0x7f6a459d5349 in __libc_start_main (/lib64/libc.so.6+0x24349) Direct leak of 165 byte(s) in 1 object(s) allocated from: #0 0x49a53d in malloc /home/abuild/rpmbuild/BUILD/llvm-11.0.0.src/build/../projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:145:3 #1 0x9a6fc4 in do_xmalloc /home/ahunt/oss-fuzz/git/wrapper.c:41:8 #2 0x9a6f9a in xmalloc /home/ahunt/oss-fuzz/git/wrapper.c:62:9 #3 0x8ce266 in copy_ref /home/ahunt/oss-fuzz/git/remote.c:885:8 #4 0x51e9bd in wanted_peer_refs /home/ahunt/oss-fuzz/git/builtin/clone.c:574:21 #5 0x51cfe1 in cmd_clone /home/ahunt/oss-fuzz/git/builtin/clone.c:1284:17 #6 0x4cd60d in run_builtin /home/ahunt/oss-fuzz/git/git.c:453:11 vv #7 0x4cb2da in handle_builtin /home/ahunt/oss-fuzz/git/git.c:704:3 git#8 0x4ccc37 in run_argv /home/ahunt/oss-fuzz/git/git.c:771:4 git#9 0x4cac29 in cmd_main /home/ahunt/oss-fuzz/git/git.c:902:19 git#10 0x69c42e in main /home/ahunt/oss-fuzz/git/common-main.c:52:11 git#11 0x7f8fef0c2349 in __libc_start_main (/lib64/libc.so.6+0x24349) Direct leak of 165 byte(s) in 1 object(s) allocated from: #0 0x49a6b2 in calloc /home/abuild/rpmbuild/BUILD/llvm-11.0.0.src/build/../projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:154:3 #1 0x9a72f2 in xcalloc /home/ahunt/oss-fuzz/git/wrapper.c:140:8 #2 0x8ce203 in alloc_ref_with_prefix /home/ahunt/oss-fuzz/git/remote.c:867:20 #3 0x8ce1a2 in alloc_ref /home/ahunt/oss-fuzz/git/remote.c:875:9 #4 0x72f63e in process_ref_v2 /home/ahunt/oss-fuzz/git/connect.c:426:8 #5 0x72f21a in get_remote_refs /home/ahunt/oss-fuzz/git/connect.c:525:8 #6 0x979ab7 in handshake /home/ahunt/oss-fuzz/git/transport.c:305:4 #7 0x97872d in get_refs_via_connect /home/ahunt/oss-fuzz/git/transport.c:339:9 git#8 0x9774b5 in transport_get_remote_refs /home/ahunt/oss-fuzz/git/transport.c:1388:4 git#9 0x51cf80 in cmd_clone /home/ahunt/oss-fuzz/git/builtin/clone.c:1271:9 git#10 0x4cd60d in run_builtin /home/ahunt/oss-fuzz/git/git.c:453:11 git#11 0x4cb2da in handle_builtin /home/ahunt/oss-fuzz/git/git.c:704:3 git#12 0x4ccc37 in run_argv /home/ahunt/oss-fuzz/git/git.c:771:4 git#13 0x4cac29 in cmd_main /home/ahunt/oss-fuzz/git/git.c:902:19 git#14 0x69c45e in main /home/ahunt/oss-fuzz/git/common-main.c:52:11 git#15 0x7f6a459d5349 in __libc_start_main (/lib64/libc.so.6+0x24349) Direct leak of 178 byte(s) in 1 object(s) allocated from: #0 0x49a53d in malloc /home/abuild/rpmbuild/BUILD/llvm-11.0.0.src/build/../projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:145:3 #1 0x9a6ff4 in do_xmalloc /home/ahunt/oss-fuzz/git/wrapper.c:41:8 #2 0x9a6fca in xmalloc /home/ahunt/oss-fuzz/git/wrapper.c:62:9 #3 0x8ce296 in copy_ref /home/ahunt/oss-fuzz/git/remote.c:885:8 #4 0x8d2ebd in guess_remote_head /home/ahunt/oss-fuzz/git/remote.c:2215:10 #5 0x51d0c5 in cmd_clone /home/ahunt/oss-fuzz/git/builtin/clone.c:1308:4 #6 0x4cd60d in run_builtin /home/ahunt/oss-fuzz/git/git.c:453:11 #7 0x4cb2da in handle_builtin /home/ahunt/oss-fuzz/git/git.c:704:3 git#8 0x4ccc37 in run_argv /home/ahunt/oss-fuzz/git/git.c:771:4 git#9 0x4cac29 in cmd_main /home/ahunt/oss-fuzz/git/git.c:902:19 git#10 0x69c45e in main /home/ahunt/oss-fuzz/git/common-main.c:52:11 git#11 0x7f6a459d5349 in __libc_start_main (/lib64/libc.so.6+0x24349) Direct leak of 165 byte(s) in 1 object(s) allocated from: #0 0x49a6b2 in calloc /home/abuild/rpmbuild/BUILD/llvm-11.0.0.src/build/../projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:154:3 #1 0x9a72f2 in xcalloc /home/ahunt/oss-fuzz/git/wrapper.c:140:8 #2 0x8ce203 in alloc_ref_with_prefix /home/ahunt/oss-fuzz/git/remote.c:867:20 #3 0x8ce1a2 in alloc_ref /home/ahunt/oss-fuzz/git/remote.c:875:9 #4 0x72f63e in process_ref_v2 /home/ahunt/oss-fuzz/git/connect.c:426:8 #5 0x72f21a in get_remote_refs /home/ahunt/oss-fuzz/git/connect.c:525:8 #6 0x979ab7 in handshake /home/ahunt/oss-fuzz/git/transport.c:305:4 #7 0x97872d in get_refs_via_connect /home/ahunt/oss-fuzz/git/transport.c:339:9 git#8 0x9774b5 in transport_get_remote_refs /home/ahunt/oss-fuzz/git/transport.c:1388:4 git#9 0x51cf80 in cmd_clone /home/ahunt/oss-fuzz/git/builtin/clone.c:1271:9 git#10 0x4cd60d in run_builtin /home/ahunt/oss-fuzz/git/git.c:453:11 git#11 0x4cb2da in handle_builtin /home/ahunt/oss-fuzz/git/git.c:704:3 git#12 0x4ccc37 in run_argv /home/ahunt/oss-fuzz/git/git.c:771:4 git#13 0x4cac29 in cmd_main /home/ahunt/oss-fuzz/git/git.c:902:19 git#14 0x69c45e in main /home/ahunt/oss-fuzz/git/common-main.c:52:11 git#15 0x7f6a459d5349 in __libc_start_main (/lib64/libc.so.6+0x24349) Direct leak of 105 byte(s) in 1 object(s) allocated from: #0 0x49a859 in realloc /home/abuild/rpmbuild/BUILD/llvm-11.0.0.src/build/../projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:164:3 #1 0x9a71f6 in xrealloc /home/ahunt/oss-fuzz/git/wrapper.c:126:8 #2 0x93622d in strbuf_grow /home/ahunt/oss-fuzz/git/strbuf.c:98:2 #3 0x937a73 in strbuf_addch /home/ahunt/oss-fuzz/git/./strbuf.h:231:3 #4 0x939fcd in strbuf_add_absolute_path /home/ahunt/oss-fuzz/git/strbuf.c:911:4 #5 0x69d3ce in absolute_pathdup /home/ahunt/oss-fuzz/git/abspath.c:261:2 #6 0x51c688 in cmd_clone /home/ahunt/oss-fuzz/git/builtin/clone.c:1021:10 #7 0x4cd60d in run_builtin /home/ahunt/oss-fuzz/git/git.c:453:11 git#8 0x4cb2da in handle_builtin /home/ahunt/oss-fuzz/git/git.c:704:3 git#9 0x4ccc37 in run_argv /home/ahunt/oss-fuzz/git/git.c:771:4 git#10 0x4cac29 in cmd_main /home/ahunt/oss-fuzz/git/git.c:902:19 git#11 0x69c45e in main /home/ahunt/oss-fuzz/git/common-main.c:52:11 git#12 0x7f6a459d5349 in __libc_start_main (/lib64/libc.so.6+0x24349)
ahunt
added a commit
to ahunt/git
that referenced
this pull request
Mar 6, 2021
Make sure that we release the temporary strbuf during dwim_branch() for all codepaths (and not just the early return). This leak appears to have been introduced in: f60a7b7 (worktree: teach "add" to check out existing branches, 2018-04-24) Note that UNLEAK(branchname) is still needed: the returned result is used in add(), and is stored in a pointer which is used to point at one of: - a string literal - member of an array owned outside of cmd_worktree - or our newly allocated string returned from dwim_branch() Fixing that leak isn't impossible, but does not seem worthwhile given that add() is called directly from cmd_main(), and cmd_main() returns immediately thereafter - UNLEAK is good enough. This leak was found when running t0001 with LSAN, see also LSAN output below: Direct leak of 60 byte(s) in 1 object(s) allocated from: #0 0x49a859 in realloc /home/abuild/rpmbuild/BUILD/llvm-11.0.0.src/build/../projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:164:3 #1 0x9ab076 in xrealloc /home/ahunt/oss-fuzz/git/wrapper.c:126:8 #2 0x939fcd in strbuf_grow /home/ahunt/oss-fuzz/git/strbuf.c:98:2 #3 0x93af53 in strbuf_splice /home/ahunt/oss-fuzz/git/strbuf.c:239:3 #4 0x83559a in strbuf_check_branch_ref /home/ahunt/oss-fuzz/git/object-name.c:1593:2 #5 0x6988b9 in dwim_branch /home/ahunt/oss-fuzz/git/builtin/worktree.c:454:20 #6 0x695f8f in add /home/ahunt/oss-fuzz/git/builtin/worktree.c:525:19 #7 0x694a04 in cmd_worktree /home/ahunt/oss-fuzz/git/builtin/worktree.c:1036:10 git#8 0x4cd60d in run_builtin /home/ahunt/oss-fuzz/git/git.c:453:11 git#9 0x4cb2da in handle_builtin /home/ahunt/oss-fuzz/git/git.c:704:3 git#10 0x4ccc37 in run_argv /home/ahunt/oss-fuzz/git/git.c:771:4 git#11 0x4cac29 in cmd_main /home/ahunt/oss-fuzz/git/git.c:902:19 git#12 0x69caee in main /home/ahunt/oss-fuzz/git/common-main.c:52:11 git#13 0x7f7b7dd10349 in __libc_start_main (/lib64/libc.so.6+0x24349)
ahunt
added a commit
to ahunt/git
that referenced
this pull request
Mar 6, 2021
init_db_config_path could be leaked because: 1. git_init_db_config() allocates new data into init_db_config_path on every invocation without freeing preexisting data. 2. git_init_db_config() can be called multiple times for a single git_config() invocation (see docs on git_config() for context). Furthermore, until very recently, git_config(git_init_db_config(), ...) could have been invoked twice in a single process as git_init_db_config() used to be used to handle core.* config settings. This was changed in a previous patch in this series - that change alone might fix the leak in some scenarios, but is not enough to guarantee that we never leak. Freeing the existing value in git_init_db_config() would be the least intrusive fix, however switching to git_config_get_value() simplifies the code further by letting us remove the static pointer (furthermore, the returned data is owned by the config cache, saving us from having to worry about freeing it later). The following commit is when we first started using git_init_db_config() for 2 different purposes: 2878533 (mingw: respect core.hidedotfiles = false in git-init again, 2019-03-11) Although I suspect the potential for a leak existed since the original implementation in: 90b4518 (Add `init.templatedir` configuration variable., 2010-02-17) LSAN output from t0001: Direct leak of 73 byte(s) in 1 object(s) allocated from: #0 0x49a859 in realloc /home/abuild/rpmbuild/BUILD/llvm-11.0.0.src/build/../projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:164:3 #1 0x9a7276 in xrealloc /home/ahunt/oss-fuzz/git/wrapper.c:126:8 #2 0x9362ad in strbuf_grow /home/ahunt/oss-fuzz/git/strbuf.c:98:2 #3 0x936eaa in strbuf_add /home/ahunt/oss-fuzz/git/strbuf.c:295:2 #4 0x868112 in strbuf_addstr /home/ahunt/oss-fuzz/git/./strbuf.h:304:2 #5 0x86a8ad in expand_user_path /home/ahunt/oss-fuzz/git/path.c:758:2 #6 0x720bb1 in git_config_pathname /home/ahunt/oss-fuzz/git/config.c:1287:10 #7 0x5960e2 in git_init_db_config /home/ahunt/oss-fuzz/git/builtin/init-db.c:161:11 git#8 0x7255b8 in configset_iter /home/ahunt/oss-fuzz/git/config.c:1982:7 git#9 0x7253fc in repo_config /home/ahunt/oss-fuzz/git/config.c:2311:2 git#10 0x725ca7 in git_config /home/ahunt/oss-fuzz/git/config.c:2399:2 git#11 0x593e8d in create_default_files /home/ahunt/oss-fuzz/git/builtin/init-db.c:225:2 git#12 0x5935c6 in init_db /home/ahunt/oss-fuzz/git/builtin/init-db.c:449:11 git#13 0x59588e in cmd_init_db /home/ahunt/oss-fuzz/git/builtin/init-db.c:714:9 git#14 0x4cd60d in run_builtin /home/ahunt/oss-fuzz/git/git.c:453:11 git#15 0x4cb2da in handle_builtin /home/ahunt/oss-fuzz/git/git.c:704:3 git#16 0x4ccc37 in run_argv /home/ahunt/oss-fuzz/git/git.c:771:4 git#17 0x4cac29 in cmd_main /home/ahunt/oss-fuzz/git/git.c:902:19 git#18 0x69c4de in main /home/ahunt/oss-fuzz/git/common-main.c:52:11 git#19 0x7f23552d6349 in __libc_start_main (/lib64/libc.so.6+0x24349)
ahunt
added a commit
to ahunt/git
that referenced
this pull request
Mar 6, 2021
preprocess_options() allocates new strings for help messages for OPTION_ALIAS. Therefore we also need to clean those help messages up when freeing the returned options. First introduced in: 7c28058 (parse-options: teach "git cmd -h" to show alias as alias, 2020-03-16) The preprocessed options themselves no longer contain any indication that a given option is/was an alias: the easiest and fastest way to figure it out is to look back at the original options. Alternatively we could iterate over the alias_groups list - but that would require nested looping and is likely to be a (little) less efficient. As far as I can tell, parse_options() is only ever used once per command, and the help messages are small - hence this leak has very little impact. This leak was found while running t0001. LSAN output can be found below: Direct leak of 65 byte(s) in 1 object(s) allocated from: #0 0x49a859 in realloc /home/abuild/rpmbuild/BUILD/llvm-11.0.0.src/build/../projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:164:3 #1 0x9aae36 in xrealloc /home/ahunt/oss-fuzz/git/wrapper.c:126:8 #2 0x939d8d in strbuf_grow /home/ahunt/oss-fuzz/git/strbuf.c:98:2 #3 0x93b936 in strbuf_vaddf /home/ahunt/oss-fuzz/git/strbuf.c:392:3 #4 0x93b7ff in strbuf_addf /home/ahunt/oss-fuzz/git/strbuf.c:333:2 #5 0x86747e in preprocess_options /home/ahunt/oss-fuzz/git/parse-options.c:666:3 #6 0x866ed2 in parse_options /home/ahunt/oss-fuzz/git/parse-options.c:847:17 #7 0x51c4a7 in cmd_clone /home/ahunt/oss-fuzz/git/builtin/clone.c:989:9 git#8 0x4cd60d in run_builtin /home/ahunt/oss-fuzz/git/git.c:453:11 git#9 0x4cb2da in handle_builtin /home/ahunt/oss-fuzz/git/git.c:704:3 git#10 0x4ccc37 in run_argv /home/ahunt/oss-fuzz/git/git.c:771:4 git#11 0x4cac29 in cmd_main /home/ahunt/oss-fuzz/git/git.c:902:19 git#12 0x69c9fe in main /home/ahunt/oss-fuzz/git/common-main.c:52:11 git#13 0x7fdac42d4349 in __libc_start_main (/lib64/libc.so.6+0x24349)
ahunt
added a commit
to ahunt/git
that referenced
this pull request
Mar 6, 2021
init_db_config_path could be leaked because: 1. git_init_db_config() allocates new data into init_db_config_path on every invocation without freeing preexisting data. 2. git_init_db_config() can be called multiple times for a single git_config() invocation (see docs on git_config() for context). Furthermore, until very recently, git_config(git_init_db_config(), ...) could have been invoked twice in a single process as git_init_db_config() used to be used to handle core.* config settings. This was changed in a previous patch in this series - that change alone might fix the leak in some scenarios, but is not enough to guarantee that we never leak. Freeing the existing value in git_init_db_config() would be the least intrusive fix, however switching to git_config_get_value() simplifies the code further by letting us remove the static pointer (furthermore, the returned data is owned by the config cache, saving us from having to worry about freeing it later). The following commit is when we first started using git_init_db_config() for 2 different purposes: 2878533 (mingw: respect core.hidedotfiles = false in git-init again, 2019-03-11) Although I suspect the potential for a leak existed since the original implementation in: 90b4518 (Add `init.templatedir` configuration variable., 2010-02-17) LSAN output from t0001: Direct leak of 73 byte(s) in 1 object(s) allocated from: #0 0x49a859 in realloc /home/abuild/rpmbuild/BUILD/llvm-11.0.0.src/build/../projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:164:3 #1 0x9a7276 in xrealloc /home/ahunt/oss-fuzz/git/wrapper.c:126:8 #2 0x9362ad in strbuf_grow /home/ahunt/oss-fuzz/git/strbuf.c:98:2 #3 0x936eaa in strbuf_add /home/ahunt/oss-fuzz/git/strbuf.c:295:2 #4 0x868112 in strbuf_addstr /home/ahunt/oss-fuzz/git/./strbuf.h:304:2 #5 0x86a8ad in expand_user_path /home/ahunt/oss-fuzz/git/path.c:758:2 #6 0x720bb1 in git_config_pathname /home/ahunt/oss-fuzz/git/config.c:1287:10 #7 0x5960e2 in git_init_db_config /home/ahunt/oss-fuzz/git/builtin/init-db.c:161:11 git#8 0x7255b8 in configset_iter /home/ahunt/oss-fuzz/git/config.c:1982:7 git#9 0x7253fc in repo_config /home/ahunt/oss-fuzz/git/config.c:2311:2 git#10 0x725ca7 in git_config /home/ahunt/oss-fuzz/git/config.c:2399:2 git#11 0x593e8d in create_default_files /home/ahunt/oss-fuzz/git/builtin/init-db.c:225:2 git#12 0x5935c6 in init_db /home/ahunt/oss-fuzz/git/builtin/init-db.c:449:11 git#13 0x59588e in cmd_init_db /home/ahunt/oss-fuzz/git/builtin/init-db.c:714:9 git#14 0x4cd60d in run_builtin /home/ahunt/oss-fuzz/git/git.c:453:11 git#15 0x4cb2da in handle_builtin /home/ahunt/oss-fuzz/git/git.c:704:3 git#16 0x4ccc37 in run_argv /home/ahunt/oss-fuzz/git/git.c:771:4 git#17 0x4cac29 in cmd_main /home/ahunt/oss-fuzz/git/git.c:902:19 git#18 0x69c4de in main /home/ahunt/oss-fuzz/git/common-main.c:52:11 git#19 0x7f23552d6349 in __libc_start_main (/lib64/libc.so.6+0x24349)
ahunt
added a commit
to ahunt/git
that referenced
this pull request
Mar 6, 2021
preprocess_options() allocates new strings for help messages for OPTION_ALIAS. Therefore we also need to clean those help messages up when freeing the returned options. First introduced in: 7c28058 (parse-options: teach "git cmd -h" to show alias as alias, 2020-03-16) The preprocessed options themselves no longer contain any indication that a given option is/was an alias: the easiest and fastest way to figure it out is to look back at the original options. Alternatively we could iterate over the alias_groups list - but that would require nested looping and is likely to be a (little) less efficient. As far as I can tell, parse_options() is only ever used once per command, and the help messages are small - hence this leak has very little impact. This leak was found while running t0001. LSAN output can be found below: Direct leak of 65 byte(s) in 1 object(s) allocated from: #0 0x49a859 in realloc /home/abuild/rpmbuild/BUILD/llvm-11.0.0.src/build/../projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:164:3 #1 0x9aae36 in xrealloc /home/ahunt/oss-fuzz/git/wrapper.c:126:8 #2 0x939d8d in strbuf_grow /home/ahunt/oss-fuzz/git/strbuf.c:98:2 #3 0x93b936 in strbuf_vaddf /home/ahunt/oss-fuzz/git/strbuf.c:392:3 #4 0x93b7ff in strbuf_addf /home/ahunt/oss-fuzz/git/strbuf.c:333:2 #5 0x86747e in preprocess_options /home/ahunt/oss-fuzz/git/parse-options.c:666:3 #6 0x866ed2 in parse_options /home/ahunt/oss-fuzz/git/parse-options.c:847:17 #7 0x51c4a7 in cmd_clone /home/ahunt/oss-fuzz/git/builtin/clone.c:989:9 git#8 0x4cd60d in run_builtin /home/ahunt/oss-fuzz/git/git.c:453:11 git#9 0x4cb2da in handle_builtin /home/ahunt/oss-fuzz/git/git.c:704:3 git#10 0x4ccc37 in run_argv /home/ahunt/oss-fuzz/git/git.c:771:4 git#11 0x4cac29 in cmd_main /home/ahunt/oss-fuzz/git/git.c:902:19 git#12 0x69c9fe in main /home/ahunt/oss-fuzz/git/common-main.c:52:11 git#13 0x7fdac42d4349 in __libc_start_main (/lib64/libc.so.6+0x24349)
ahunt
added a commit
to ahunt/git
that referenced
this pull request
Mar 6, 2021
Also UNLEAK template_dir in cmd_init_db(), as we are passing it into init_db() and cannot easily free it without making more intrusive changes to execution flow. init_db_config_path could be leaked because: 1. git_init_db_config() allocates new data into init_db_config_path on every invocation without freeing preexisting data. 2. git_init_db_config() can be called multiple times for a single git_config() invocation (see docs on git_config() for context). Furthermore, until very recently, git_config(git_init_db_config(), ...) could have been invoked twice in a single process as git_init_db_config() used to be used to handle core.* config settings. This was changed in a previous patch in this series - that change alone might fix the leak in some scenarios, but is not enough to guarantee that we never leak. Freeing the existing value in git_init_db_config() would be the least intrusive fix, however switching to git_config_get_value() simplifies the code further by letting us remove the static pointer (furthermore, the returned data is owned by the config cache, saving us from having to worry about freeing it later). The following commit is when we first started using git_init_db_config() for 2 different purposes: 2878533 (mingw: respect core.hidedotfiles = false in git-init again, 2019-03-11) Although I suspect the potential for a leak existed since the original implementation in: 90b4518 (Add `init.templatedir` configuration variable., 2010-02-17) LSAN output from t0001: Direct leak of 73 byte(s) in 1 object(s) allocated from: #0 0x49a859 in realloc /home/abuild/rpmbuild/BUILD/llvm-11.0.0.src/build/../projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:164:3 #1 0x9a7276 in xrealloc /home/ahunt/oss-fuzz/git/wrapper.c:126:8 #2 0x9362ad in strbuf_grow /home/ahunt/oss-fuzz/git/strbuf.c:98:2 #3 0x936eaa in strbuf_add /home/ahunt/oss-fuzz/git/strbuf.c:295:2 #4 0x868112 in strbuf_addstr /home/ahunt/oss-fuzz/git/./strbuf.h:304:2 #5 0x86a8ad in expand_user_path /home/ahunt/oss-fuzz/git/path.c:758:2 #6 0x720bb1 in git_config_pathname /home/ahunt/oss-fuzz/git/config.c:1287:10 #7 0x5960e2 in git_init_db_config /home/ahunt/oss-fuzz/git/builtin/init-db.c:161:11 git#8 0x7255b8 in configset_iter /home/ahunt/oss-fuzz/git/config.c:1982:7 git#9 0x7253fc in repo_config /home/ahunt/oss-fuzz/git/config.c:2311:2 git#10 0x725ca7 in git_config /home/ahunt/oss-fuzz/git/config.c:2399:2 git#11 0x593e8d in create_default_files /home/ahunt/oss-fuzz/git/builtin/init-db.c:225:2 git#12 0x5935c6 in init_db /home/ahunt/oss-fuzz/git/builtin/init-db.c:449:11 git#13 0x59588e in cmd_init_db /home/ahunt/oss-fuzz/git/builtin/init-db.c:714:9 git#14 0x4cd60d in run_builtin /home/ahunt/oss-fuzz/git/git.c:453:11 git#15 0x4cb2da in handle_builtin /home/ahunt/oss-fuzz/git/git.c:704:3 git#16 0x4ccc37 in run_argv /home/ahunt/oss-fuzz/git/git.c:771:4 git#17 0x4cac29 in cmd_main /home/ahunt/oss-fuzz/git/git.c:902:19 git#18 0x69c4de in main /home/ahunt/oss-fuzz/git/common-main.c:52:11 git#19 0x7f23552d6349 in __libc_start_main (/lib64/libc.so.6+0x24349)
ahunt
added a commit
to ahunt/git
that referenced
this pull request
Mar 6, 2021
preprocess_options() allocates new strings for help messages for OPTION_ALIAS. Therefore we also need to clean those help messages up when freeing the returned options. First introduced in: 7c28058 (parse-options: teach "git cmd -h" to show alias as alias, 2020-03-16) The preprocessed options themselves no longer contain any indication that a given option is/was an alias: the easiest and fastest way to figure it out is to look back at the original options. Alternatively we could iterate over the alias_groups list - but that would require nested looping and is likely to be a (little) less efficient. As far as I can tell, parse_options() is only ever used once per command, and the help messages are small - hence this leak has very little impact. This leak was found while running t0001. LSAN output can be found below: Direct leak of 65 byte(s) in 1 object(s) allocated from: #0 0x49a859 in realloc /home/abuild/rpmbuild/BUILD/llvm-11.0.0.src/build/../projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:164:3 #1 0x9aae36 in xrealloc /home/ahunt/oss-fuzz/git/wrapper.c:126:8 #2 0x939d8d in strbuf_grow /home/ahunt/oss-fuzz/git/strbuf.c:98:2 #3 0x93b936 in strbuf_vaddf /home/ahunt/oss-fuzz/git/strbuf.c:392:3 #4 0x93b7ff in strbuf_addf /home/ahunt/oss-fuzz/git/strbuf.c:333:2 #5 0x86747e in preprocess_options /home/ahunt/oss-fuzz/git/parse-options.c:666:3 #6 0x866ed2 in parse_options /home/ahunt/oss-fuzz/git/parse-options.c:847:17 #7 0x51c4a7 in cmd_clone /home/ahunt/oss-fuzz/git/builtin/clone.c:989:9 git#8 0x4cd60d in run_builtin /home/ahunt/oss-fuzz/git/git.c:453:11 git#9 0x4cb2da in handle_builtin /home/ahunt/oss-fuzz/git/git.c:704:3 git#10 0x4ccc37 in run_argv /home/ahunt/oss-fuzz/git/git.c:771:4 git#11 0x4cac29 in cmd_main /home/ahunt/oss-fuzz/git/git.c:902:19 git#12 0x69c9fe in main /home/ahunt/oss-fuzz/git/common-main.c:52:11 git#13 0x7fdac42d4349 in __libc_start_main (/lib64/libc.so.6+0x24349)
ahunt
added a commit
to ahunt/git
that referenced
this pull request
Mar 6, 2021
This leak has existed since: 9ab55da (git symbolic-ref --delete $symref, 2012-10-21) This leak was found when running t0001 with LSAN, see also LSAN output below: Direct leak of 19 byte(s) in 1 object(s) allocated from: #0 0x486514 in strdup /home/abuild/rpmbuild/BUILD/llvm-11.0.0.src/build/../projects/compiler-rt/lib/asan/asan_interceptors.cpp:452:3 #1 0x9ab048 in xstrdup /home/ahunt/oss-fuzz/git/wrapper.c:29:14 #2 0x8b452f in refs_shorten_unambiguous_ref /home/ahunt/oss-fuzz/git/refs.c #3 0x8b47e8 in shorten_unambiguous_ref /home/ahunt/oss-fuzz/git/refs.c:1287:9 #4 0x679fce in check_symref /home/ahunt/oss-fuzz/git/builtin/symbolic-ref.c:28:14 #5 0x679ad8 in cmd_symbolic_ref /home/ahunt/oss-fuzz/git/builtin/symbolic-ref.c:70:9 #6 0x4cd60d in run_builtin /home/ahunt/oss-fuzz/git/git.c:453:11 #7 0x4cb2da in handle_builtin /home/ahunt/oss-fuzz/git/git.c:704:3 git#8 0x4ccc37 in run_argv /home/ahunt/oss-fuzz/git/git.c:771:4 git#9 0x4cac29 in cmd_main /home/ahunt/oss-fuzz/git/git.c:902:19 git#10 0x69cc6e in main /home/ahunt/oss-fuzz/git/common-main.c:52:11 git#11 0x7f98388a4349 in __libc_start_main (/lib64/libc.so.6+0x24349) Signed-off-by: Andrzej Hunt <ajrhunt@google.com>
ahunt
added a commit
to ahunt/git
that referenced
this pull request
Mar 6, 2021
dwim_ref() allocs a new string into ref. If we want to discard ref we should also free it. This leak appears to have been introduced in: 4cf76f6 (builtin/reset: compute checkout metadata for reset, 2020-03-16) This leak was found when running t0001 with LSAN, see also LSAN output below: Direct leak of 5 byte(s) in 1 object(s) allocated from: #0 0x486514 in strdup /home/abuild/rpmbuild/BUILD/llvm-11.0.0.src/build/../projects/compiler-rt/lib/asan/asan_interceptors.cpp:452:3 #1 0x9a7108 in xstrdup /home/ahunt/oss-fuzz/git/wrapper.c:29:14 #2 0x8add6b in expand_ref /home/ahunt/oss-fuzz/git/refs.c:670:12 #3 0x8ad777 in repo_dwim_ref /home/ahunt/oss-fuzz/git/refs.c:644:22 #4 0x6394af in dwim_ref /home/ahunt/oss-fuzz/git/./refs.h:162:9 #5 0x637e5c in cmd_reset /home/ahunt/oss-fuzz/git/builtin/reset.c:426:4 #6 0x4cd60d in run_builtin /home/ahunt/oss-fuzz/git/git.c:453:11 #7 0x4cb2da in handle_builtin /home/ahunt/oss-fuzz/git/git.c:704:3 git#8 0x4ccc37 in run_argv /home/ahunt/oss-fuzz/git/git.c:771:4 git#9 0x4cac29 in cmd_main /home/ahunt/oss-fuzz/git/git.c:902:19 git#10 0x69c5ce in main /home/ahunt/oss-fuzz/git/common-main.c:52:11 git#11 0x7f57ebb9d349 in __libc_start_main (/lib64/libc.so.6+0x24349) Signed-off-by: Andrzej Hunt <ajrhunt@google.com>
ahunt
added a commit
to ahunt/git
that referenced
this pull request
Mar 6, 2021
Most of these pointers can safely be freed when cmd_clone() completes, therefore we make sure to free them. The one exception is that we UNLEAK(repo) because repo can point either to argv[0], or a malloc'd string returned by absolute_pathdup(). We also have to free(path) in the middle of cmd_clone(): path is unconditionally overwritten later (with a different path), triggering a leak of the original contents. Hence we need to free it: freeing immediately after use (but only in the case where it contains data) seems like the cleanest solution, as opposed to freeing it unconditionally before path is reused for another path. This leak appears to have been introduced in: f38aa83 (use local cloning if insteadOf makes a local URL, 2014-07-17) These leaks were found when running t0001 with LSAN, see also an excerpt of the LSAN output below (the full list is omitted because it's far too long, and mostly consists of indirect leakage of members of the refs we are freeing). Direct leak of 178 byte(s) in 1 object(s) allocated from: #0 0x49a53d in malloc /home/abuild/rpmbuild/BUILD/llvm-11.0.0.src/build/../projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:145:3 #1 0x9a6ff4 in do_xmalloc /home/ahunt/oss-fuzz/git/wrapper.c:41:8 #2 0x9a6fca in xmalloc /home/ahunt/oss-fuzz/git/wrapper.c:62:9 #3 0x8ce296 in copy_ref /home/ahunt/oss-fuzz/git/remote.c:885:8 #4 0x8d2ebd in guess_remote_head /home/ahunt/oss-fuzz/git/remote.c:2215:10 #5 0x51d0c5 in cmd_clone /home/ahunt/oss-fuzz/git/builtin/clone.c:1308:4 #6 0x4cd60d in run_builtin /home/ahunt/oss-fuzz/git/git.c:453:11 #7 0x4cb2da in handle_builtin /home/ahunt/oss-fuzz/git/git.c:704:3 git#8 0x4ccc37 in run_argv /home/ahunt/oss-fuzz/git/git.c:771:4 git#9 0x4cac29 in cmd_main /home/ahunt/oss-fuzz/git/git.c:902:19 git#10 0x69c45e in main /home/ahunt/oss-fuzz/git/common-main.c:52:11 git#11 0x7f6a459d5349 in __libc_start_main (/lib64/libc.so.6+0x24349) Direct leak of 165 byte(s) in 1 object(s) allocated from: #0 0x49a53d in malloc /home/abuild/rpmbuild/BUILD/llvm-11.0.0.src/build/../projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:145:3 #1 0x9a6fc4 in do_xmalloc /home/ahunt/oss-fuzz/git/wrapper.c:41:8 #2 0x9a6f9a in xmalloc /home/ahunt/oss-fuzz/git/wrapper.c:62:9 #3 0x8ce266 in copy_ref /home/ahunt/oss-fuzz/git/remote.c:885:8 #4 0x51e9bd in wanted_peer_refs /home/ahunt/oss-fuzz/git/builtin/clone.c:574:21 #5 0x51cfe1 in cmd_clone /home/ahunt/oss-fuzz/git/builtin/clone.c:1284:17 #6 0x4cd60d in run_builtin /home/ahunt/oss-fuzz/git/git.c:453:11 vv #7 0x4cb2da in handle_builtin /home/ahunt/oss-fuzz/git/git.c:704:3 git#8 0x4ccc37 in run_argv /home/ahunt/oss-fuzz/git/git.c:771:4 git#9 0x4cac29 in cmd_main /home/ahunt/oss-fuzz/git/git.c:902:19 git#10 0x69c42e in main /home/ahunt/oss-fuzz/git/common-main.c:52:11 git#11 0x7f8fef0c2349 in __libc_start_main (/lib64/libc.so.6+0x24349) Direct leak of 165 byte(s) in 1 object(s) allocated from: #0 0x49a6b2 in calloc /home/abuild/rpmbuild/BUILD/llvm-11.0.0.src/build/../projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:154:3 #1 0x9a72f2 in xcalloc /home/ahunt/oss-fuzz/git/wrapper.c:140:8 #2 0x8ce203 in alloc_ref_with_prefix /home/ahunt/oss-fuzz/git/remote.c:867:20 #3 0x8ce1a2 in alloc_ref /home/ahunt/oss-fuzz/git/remote.c:875:9 #4 0x72f63e in process_ref_v2 /home/ahunt/oss-fuzz/git/connect.c:426:8 #5 0x72f21a in get_remote_refs /home/ahunt/oss-fuzz/git/connect.c:525:8 #6 0x979ab7 in handshake /home/ahunt/oss-fuzz/git/transport.c:305:4 #7 0x97872d in get_refs_via_connect /home/ahunt/oss-fuzz/git/transport.c:339:9 git#8 0x9774b5 in transport_get_remote_refs /home/ahunt/oss-fuzz/git/transport.c:1388:4 git#9 0x51cf80 in cmd_clone /home/ahunt/oss-fuzz/git/builtin/clone.c:1271:9 git#10 0x4cd60d in run_builtin /home/ahunt/oss-fuzz/git/git.c:453:11 git#11 0x4cb2da in handle_builtin /home/ahunt/oss-fuzz/git/git.c:704:3 git#12 0x4ccc37 in run_argv /home/ahunt/oss-fuzz/git/git.c:771:4 git#13 0x4cac29 in cmd_main /home/ahunt/oss-fuzz/git/git.c:902:19 git#14 0x69c45e in main /home/ahunt/oss-fuzz/git/common-main.c:52:11 git#15 0x7f6a459d5349 in __libc_start_main (/lib64/libc.so.6+0x24349) Direct leak of 178 byte(s) in 1 object(s) allocated from: #0 0x49a53d in malloc /home/abuild/rpmbuild/BUILD/llvm-11.0.0.src/build/../projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:145:3 #1 0x9a6ff4 in do_xmalloc /home/ahunt/oss-fuzz/git/wrapper.c:41:8 #2 0x9a6fca in xmalloc /home/ahunt/oss-fuzz/git/wrapper.c:62:9 #3 0x8ce296 in copy_ref /home/ahunt/oss-fuzz/git/remote.c:885:8 #4 0x8d2ebd in guess_remote_head /home/ahunt/oss-fuzz/git/remote.c:2215:10 #5 0x51d0c5 in cmd_clone /home/ahunt/oss-fuzz/git/builtin/clone.c:1308:4 #6 0x4cd60d in run_builtin /home/ahunt/oss-fuzz/git/git.c:453:11 #7 0x4cb2da in handle_builtin /home/ahunt/oss-fuzz/git/git.c:704:3 git#8 0x4ccc37 in run_argv /home/ahunt/oss-fuzz/git/git.c:771:4 git#9 0x4cac29 in cmd_main /home/ahunt/oss-fuzz/git/git.c:902:19 git#10 0x69c45e in main /home/ahunt/oss-fuzz/git/common-main.c:52:11 git#11 0x7f6a459d5349 in __libc_start_main (/lib64/libc.so.6+0x24349) Direct leak of 165 byte(s) in 1 object(s) allocated from: #0 0x49a6b2 in calloc /home/abuild/rpmbuild/BUILD/llvm-11.0.0.src/build/../projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:154:3 #1 0x9a72f2 in xcalloc /home/ahunt/oss-fuzz/git/wrapper.c:140:8 #2 0x8ce203 in alloc_ref_with_prefix /home/ahunt/oss-fuzz/git/remote.c:867:20 #3 0x8ce1a2 in alloc_ref /home/ahunt/oss-fuzz/git/remote.c:875:9 #4 0x72f63e in process_ref_v2 /home/ahunt/oss-fuzz/git/connect.c:426:8 #5 0x72f21a in get_remote_refs /home/ahunt/oss-fuzz/git/connect.c:525:8 #6 0x979ab7 in handshake /home/ahunt/oss-fuzz/git/transport.c:305:4 #7 0x97872d in get_refs_via_connect /home/ahunt/oss-fuzz/git/transport.c:339:9 git#8 0x9774b5 in transport_get_remote_refs /home/ahunt/oss-fuzz/git/transport.c:1388:4 git#9 0x51cf80 in cmd_clone /home/ahunt/oss-fuzz/git/builtin/clone.c:1271:9 git#10 0x4cd60d in run_builtin /home/ahunt/oss-fuzz/git/git.c:453:11 git#11 0x4cb2da in handle_builtin /home/ahunt/oss-fuzz/git/git.c:704:3 git#12 0x4ccc37 in run_argv /home/ahunt/oss-fuzz/git/git.c:771:4 git#13 0x4cac29 in cmd_main /home/ahunt/oss-fuzz/git/git.c:902:19 git#14 0x69c45e in main /home/ahunt/oss-fuzz/git/common-main.c:52:11 git#15 0x7f6a459d5349 in __libc_start_main (/lib64/libc.so.6+0x24349) Direct leak of 105 byte(s) in 1 object(s) allocated from: #0 0x49a859 in realloc /home/abuild/rpmbuild/BUILD/llvm-11.0.0.src/build/../projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:164:3 #1 0x9a71f6 in xrealloc /home/ahunt/oss-fuzz/git/wrapper.c:126:8 #2 0x93622d in strbuf_grow /home/ahunt/oss-fuzz/git/strbuf.c:98:2 #3 0x937a73 in strbuf_addch /home/ahunt/oss-fuzz/git/./strbuf.h:231:3 #4 0x939fcd in strbuf_add_absolute_path /home/ahunt/oss-fuzz/git/strbuf.c:911:4 #5 0x69d3ce in absolute_pathdup /home/ahunt/oss-fuzz/git/abspath.c:261:2 #6 0x51c688 in cmd_clone /home/ahunt/oss-fuzz/git/builtin/clone.c:1021:10 #7 0x4cd60d in run_builtin /home/ahunt/oss-fuzz/git/git.c:453:11 git#8 0x4cb2da in handle_builtin /home/ahunt/oss-fuzz/git/git.c:704:3 git#9 0x4ccc37 in run_argv /home/ahunt/oss-fuzz/git/git.c:771:4 git#10 0x4cac29 in cmd_main /home/ahunt/oss-fuzz/git/git.c:902:19 git#11 0x69c45e in main /home/ahunt/oss-fuzz/git/common-main.c:52:11 git#12 0x7f6a459d5349 in __libc_start_main (/lib64/libc.so.6+0x24349) Signed-off-by: Andrzej Hunt <ajrhunt@google.com>
ahunt
added a commit
to ahunt/git
that referenced
this pull request
Mar 6, 2021
Make sure that we release the temporary strbuf during dwim_branch() for all codepaths (and not just the early return). This leak appears to have been introduced in: f60a7b7 (worktree: teach "add" to check out existing branches, 2018-04-24) Note that UNLEAK(branchname) is still needed: the returned result is used in add(), and is stored in a pointer which is used to point at one of: - a string literal - member of an array owned outside of cmd_worktree - or our newly allocated string returned from dwim_branch() Fixing that leak isn't impossible, but does not seem worthwhile given that add() is called directly from cmd_main(), and cmd_main() returns immediately thereafter - UNLEAK is good enough. This leak was found when running t0001 with LSAN, see also LSAN output below: Direct leak of 60 byte(s) in 1 object(s) allocated from: #0 0x49a859 in realloc /home/abuild/rpmbuild/BUILD/llvm-11.0.0.src/build/../projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:164:3 #1 0x9ab076 in xrealloc /home/ahunt/oss-fuzz/git/wrapper.c:126:8 #2 0x939fcd in strbuf_grow /home/ahunt/oss-fuzz/git/strbuf.c:98:2 #3 0x93af53 in strbuf_splice /home/ahunt/oss-fuzz/git/strbuf.c:239:3 #4 0x83559a in strbuf_check_branch_ref /home/ahunt/oss-fuzz/git/object-name.c:1593:2 #5 0x6988b9 in dwim_branch /home/ahunt/oss-fuzz/git/builtin/worktree.c:454:20 #6 0x695f8f in add /home/ahunt/oss-fuzz/git/builtin/worktree.c:525:19 #7 0x694a04 in cmd_worktree /home/ahunt/oss-fuzz/git/builtin/worktree.c:1036:10 git#8 0x4cd60d in run_builtin /home/ahunt/oss-fuzz/git/git.c:453:11 git#9 0x4cb2da in handle_builtin /home/ahunt/oss-fuzz/git/git.c:704:3 git#10 0x4ccc37 in run_argv /home/ahunt/oss-fuzz/git/git.c:771:4 git#11 0x4cac29 in cmd_main /home/ahunt/oss-fuzz/git/git.c:902:19 git#12 0x69caee in main /home/ahunt/oss-fuzz/git/common-main.c:52:11 git#13 0x7f7b7dd10349 in __libc_start_main (/lib64/libc.so.6+0x24349) Signed-off-by: Andrzej Hunt <ajrhunt@google.com>
ahunt
added a commit
to ahunt/git
that referenced
this pull request
Mar 6, 2021
Also UNLEAK template_dir in cmd_init_db(), as we are passing it into init_db() and cannot easily free it without making more intrusive changes to execution flow. init_db_config_path could be leaked because: 1. git_init_db_config() allocates new data into init_db_config_path on every invocation without freeing preexisting data. 2. git_init_db_config() can be called multiple times for a single git_config() invocation (see docs on git_config() for context). Furthermore, until very recently, git_config(git_init_db_config(), ...) could have been invoked twice in a single process as git_init_db_config() used to be used to handle core.* config settings. This was changed in a previous patch in this series - that change alone might fix the leak in some scenarios, but is not enough to guarantee that we never leak. Freeing the existing value in git_init_db_config() would be the least intrusive fix, however switching to git_config_get_value() simplifies the code further by letting us remove the static pointer (furthermore, the returned data is owned by the config cache, saving us from having to worry about freeing it later). The following commit is when we first started using git_init_db_config() for 2 different purposes: 2878533 (mingw: respect core.hidedotfiles = false in git-init again, 2019-03-11) Although I suspect the potential for a leak existed since the original implementation in: 90b4518 (Add `init.templatedir` configuration variable., 2010-02-17) LSAN output from t0001: Direct leak of 73 byte(s) in 1 object(s) allocated from: #0 0x49a859 in realloc /home/abuild/rpmbuild/BUILD/llvm-11.0.0.src/build/../projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:164:3 #1 0x9a7276 in xrealloc /home/ahunt/oss-fuzz/git/wrapper.c:126:8 #2 0x9362ad in strbuf_grow /home/ahunt/oss-fuzz/git/strbuf.c:98:2 #3 0x936eaa in strbuf_add /home/ahunt/oss-fuzz/git/strbuf.c:295:2 #4 0x868112 in strbuf_addstr /home/ahunt/oss-fuzz/git/./strbuf.h:304:2 #5 0x86a8ad in expand_user_path /home/ahunt/oss-fuzz/git/path.c:758:2 #6 0x720bb1 in git_config_pathname /home/ahunt/oss-fuzz/git/config.c:1287:10 #7 0x5960e2 in git_init_db_config /home/ahunt/oss-fuzz/git/builtin/init-db.c:161:11 git#8 0x7255b8 in configset_iter /home/ahunt/oss-fuzz/git/config.c:1982:7 git#9 0x7253fc in repo_config /home/ahunt/oss-fuzz/git/config.c:2311:2 git#10 0x725ca7 in git_config /home/ahunt/oss-fuzz/git/config.c:2399:2 git#11 0x593e8d in create_default_files /home/ahunt/oss-fuzz/git/builtin/init-db.c:225:2 git#12 0x5935c6 in init_db /home/ahunt/oss-fuzz/git/builtin/init-db.c:449:11 git#13 0x59588e in cmd_init_db /home/ahunt/oss-fuzz/git/builtin/init-db.c:714:9 git#14 0x4cd60d in run_builtin /home/ahunt/oss-fuzz/git/git.c:453:11 git#15 0x4cb2da in handle_builtin /home/ahunt/oss-fuzz/git/git.c:704:3 git#16 0x4ccc37 in run_argv /home/ahunt/oss-fuzz/git/git.c:771:4 git#17 0x4cac29 in cmd_main /home/ahunt/oss-fuzz/git/git.c:902:19 git#18 0x69c4de in main /home/ahunt/oss-fuzz/git/common-main.c:52:11 git#19 0x7f23552d6349 in __libc_start_main (/lib64/libc.so.6+0x24349) Signed-off-by: Andrzej Hunt <ajrhunt@google.com>
ahunt
added a commit
to ahunt/git
that referenced
this pull request
Mar 6, 2021
preprocess_options() allocates new strings for help messages for OPTION_ALIAS. Therefore we also need to clean those help messages up when freeing the returned options. First introduced in: 7c28058 (parse-options: teach "git cmd -h" to show alias as alias, 2020-03-16) The preprocessed options themselves no longer contain any indication that a given option is/was an alias: the easiest and fastest way to figure it out is to look back at the original options. Alternatively we could iterate over the alias_groups list - but that would require nested looping and is likely to be a (little) less efficient. As far as I can tell, parse_options() is only ever used once per command, and the help messages are small - hence this leak has very little impact. This leak was found while running t0001. LSAN output can be found below: Direct leak of 65 byte(s) in 1 object(s) allocated from: #0 0x49a859 in realloc /home/abuild/rpmbuild/BUILD/llvm-11.0.0.src/build/../projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:164:3 #1 0x9aae36 in xrealloc /home/ahunt/oss-fuzz/git/wrapper.c:126:8 #2 0x939d8d in strbuf_grow /home/ahunt/oss-fuzz/git/strbuf.c:98:2 #3 0x93b936 in strbuf_vaddf /home/ahunt/oss-fuzz/git/strbuf.c:392:3 #4 0x93b7ff in strbuf_addf /home/ahunt/oss-fuzz/git/strbuf.c:333:2 #5 0x86747e in preprocess_options /home/ahunt/oss-fuzz/git/parse-options.c:666:3 #6 0x866ed2 in parse_options /home/ahunt/oss-fuzz/git/parse-options.c:847:17 #7 0x51c4a7 in cmd_clone /home/ahunt/oss-fuzz/git/builtin/clone.c:989:9 git#8 0x4cd60d in run_builtin /home/ahunt/oss-fuzz/git/git.c:453:11 git#9 0x4cb2da in handle_builtin /home/ahunt/oss-fuzz/git/git.c:704:3 git#10 0x4ccc37 in run_argv /home/ahunt/oss-fuzz/git/git.c:771:4 git#11 0x4cac29 in cmd_main /home/ahunt/oss-fuzz/git/git.c:902:19 git#12 0x69c9fe in main /home/ahunt/oss-fuzz/git/common-main.c:52:11 git#13 0x7fdac42d4349 in __libc_start_main (/lib64/libc.so.6+0x24349) Signed-off-by: Andrzej Hunt <ajrhunt@google.com>
ahunt
added a commit
to ahunt/git
that referenced
this pull request
Mar 8, 2021
The primary goal of this change is to stop leaking init_db_template_dir. This
leak can happen because:
1. git_init_db_config() allocates new memory into init_db_template_dir without
first freeing.
2. init_db_template_dir might already contain data, either because:
2.1 git_config() can be invoked twice with this callback in a single process -
at least 2 allocations are likely.
2.2 A single git_config() allocation can invoke the callback multiple times for
a given key (see further explanation in the function docs) - each of those
calls will trigger another leak.
The simplest fix for the leak would be to free(init_db_template_dir) before
overwriting it. Instead we convert to git_config_get_value() as that is more
explicit, seemingly more efficient, AND avoids allocations (the returned result
is owned by the config cache, so we aren't responsible for freeing it).
By removing init_db_template_dir, git_init_db_config() ends up only being
responsible for forwarding core.* config values to platform_core_config().
However platform_core_config() already ignores non-core.* config values,
so we can safely remove git_init_db_config() and invoke git_config() directly on
platform_core_config().
In addition to those changes, we squash another leak by UNLEAK'ing template_dir
in cmd_init_db(). We are already passing it into init_db() and cannot easily
free it without making more intrusive changes to execution flow.
The platform_core_config forwarding was originally added in:
2878533 (mingw: respect core.hidedotfiles = false in git-init again, 2019-03-11
I suspect the potential for a leak existed since the original implementation of
git_init_db_config in:
90b4518 (Add `init.templatedir` configuration variable., 2010-02-17)
LSAN output from t0001:
Direct leak of 73 byte(s) in 1 object(s) allocated from:
#0 0x49a859 in realloc /home/abuild/rpmbuild/BUILD/llvm-11.0.0.src/build/../projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:164:3
#1 0x9a7276 in xrealloc /home/ahunt/oss-fuzz/git/wrapper.c:126:8
#2 0x9362ad in strbuf_grow /home/ahunt/oss-fuzz/git/strbuf.c:98:2
#3 0x936eaa in strbuf_add /home/ahunt/oss-fuzz/git/strbuf.c:295:2
#4 0x868112 in strbuf_addstr /home/ahunt/oss-fuzz/git/./strbuf.h:304:2
#5 0x86a8ad in expand_user_path /home/ahunt/oss-fuzz/git/path.c:758:2
#6 0x720bb1 in git_config_pathname /home/ahunt/oss-fuzz/git/config.c:1287:10
#7 0x5960e2 in git_init_db_config /home/ahunt/oss-fuzz/git/builtin/init-db.c:161:11
git#8 0x7255b8 in configset_iter /home/ahunt/oss-fuzz/git/config.c:1982:7
git#9 0x7253fc in repo_config /home/ahunt/oss-fuzz/git/config.c:2311:2
git#10 0x725ca7 in git_config /home/ahunt/oss-fuzz/git/config.c:2399:2
git#11 0x593e8d in create_default_files /home/ahunt/oss-fuzz/git/builtin/init-db.c:225:2
git#12 0x5935c6 in init_db /home/ahunt/oss-fuzz/git/builtin/init-db.c:449:11
git#13 0x59588e in cmd_init_db /home/ahunt/oss-fuzz/git/builtin/init-db.c:714:9
git#14 0x4cd60d in run_builtin /home/ahunt/oss-fuzz/git/git.c:453:11
git#15 0x4cb2da in handle_builtin /home/ahunt/oss-fuzz/git/git.c:704:3
git#16 0x4ccc37 in run_argv /home/ahunt/oss-fuzz/git/git.c:771:4
git#17 0x4cac29 in cmd_main /home/ahunt/oss-fuzz/git/git.c:902:19
git#18 0x69c4de in main /home/ahunt/oss-fuzz/git/common-main.c:52:11
git#19 0x7f23552d6349 in __libc_start_main (/lib64/libc.so.6+0x24349)
Signed-off-by: Andrzej Hunt <ajrhunt@google.com>
ahunt
added a commit
to ahunt/git
that referenced
this pull request
Mar 8, 2021
preprocess_options() allocates new strings for help messages for OPTION_ALIAS. Therefore we also need to clean those help messages up when freeing the returned options. First introduced in: 7c28058 (parse-options: teach "git cmd -h" to show alias as alias, 2020-03-16) The preprocessed options themselves no longer contain any indication that a given option is/was an alias: the easiest and fastest way to figure it out is to look back at the original options. Alternatively we could iterate over the alias_groups list - but that would require nested looping and is likely to be a (little) less efficient. As far as I can tell, parse_options() is only ever used once per command, and the help messages are small - hence this leak has very little impact. This leak was found while running t0001. LSAN output can be found below: Direct leak of 65 byte(s) in 1 object(s) allocated from: #0 0x49a859 in realloc /home/abuild/rpmbuild/BUILD/llvm-11.0.0.src/build/../projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:164:3 #1 0x9aae36 in xrealloc /home/ahunt/oss-fuzz/git/wrapper.c:126:8 #2 0x939d8d in strbuf_grow /home/ahunt/oss-fuzz/git/strbuf.c:98:2 #3 0x93b936 in strbuf_vaddf /home/ahunt/oss-fuzz/git/strbuf.c:392:3 #4 0x93b7ff in strbuf_addf /home/ahunt/oss-fuzz/git/strbuf.c:333:2 #5 0x86747e in preprocess_options /home/ahunt/oss-fuzz/git/parse-options.c:666:3 #6 0x866ed2 in parse_options /home/ahunt/oss-fuzz/git/parse-options.c:847:17 #7 0x51c4a7 in cmd_clone /home/ahunt/oss-fuzz/git/builtin/clone.c:989:9 git#8 0x4cd60d in run_builtin /home/ahunt/oss-fuzz/git/git.c:453:11 git#9 0x4cb2da in handle_builtin /home/ahunt/oss-fuzz/git/git.c:704:3 git#10 0x4ccc37 in run_argv /home/ahunt/oss-fuzz/git/git.c:771:4 git#11 0x4cac29 in cmd_main /home/ahunt/oss-fuzz/git/git.c:902:19 git#12 0x69c9fe in main /home/ahunt/oss-fuzz/git/common-main.c:52:11 git#13 0x7fdac42d4349 in __libc_start_main (/lib64/libc.so.6+0x24349) Signed-off-by: Andrzej Hunt <ajrhunt@google.com>
ahunt
added a commit
to ahunt/git
that referenced
this pull request
Mar 8, 2021
The primary goal of this change is to stop leaking init_db_template_dir. This
leak can happen because:
1. git_init_db_config() allocates new memory into init_db_template_dir without
first freeing.
2. init_db_template_dir might already contain data, either because:
2.1 git_config() can be invoked twice with this callback in a single process -
at least 2 allocations are likely.
2.2 A single git_config() allocation can invoke the callback multiple times for
a given key (see further explanation in the function docs) - each of those
calls will trigger another leak.
The simplest fix for the leak would be to free(init_db_template_dir) before
overwriting it. Instead we convert to git_config_get_value() as that is more
explicit, seemingly more efficient, AND avoids allocations (the returned result
is owned by the config cache, so we aren't responsible for freeing it).
By removing init_db_template_dir, git_init_db_config() ends up only being
responsible for forwarding core.* config values to platform_core_config().
However platform_core_config() already ignores non-core.* config values,
so we can safely remove git_init_db_config() and invoke git_config() directly on
platform_core_config().
The platform_core_config forwarding was originally added in:
2878533 (mingw: respect core.hidedotfiles = false in git-init again, 2019-03-11
I suspect the potential for a leak existed since the original implementation of
git_init_db_config in:
90b4518 (Add `init.templatedir` configuration variable., 2010-02-17)
LSAN output from t0001:
Direct leak of 73 byte(s) in 1 object(s) allocated from:
#0 0x49a859 in realloc /home/abuild/rpmbuild/BUILD/llvm-11.0.0.src/build/../projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:164:3
#1 0x9a7276 in xrealloc /home/ahunt/oss-fuzz/git/wrapper.c:126:8
#2 0x9362ad in strbuf_grow /home/ahunt/oss-fuzz/git/strbuf.c:98:2
#3 0x936eaa in strbuf_add /home/ahunt/oss-fuzz/git/strbuf.c:295:2
#4 0x868112 in strbuf_addstr /home/ahunt/oss-fuzz/git/./strbuf.h:304:2
#5 0x86a8ad in expand_user_path /home/ahunt/oss-fuzz/git/path.c:758:2
#6 0x720bb1 in git_config_pathname /home/ahunt/oss-fuzz/git/config.c:1287:10
#7 0x5960e2 in git_init_db_config /home/ahunt/oss-fuzz/git/builtin/init-db.c:161:11
git#8 0x7255b8 in configset_iter /home/ahunt/oss-fuzz/git/config.c:1982:7
git#9 0x7253fc in repo_config /home/ahunt/oss-fuzz/git/config.c:2311:2
git#10 0x725ca7 in git_config /home/ahunt/oss-fuzz/git/config.c:2399:2
git#11 0x593e8d in create_default_files /home/ahunt/oss-fuzz/git/builtin/init-db.c:225:2
git#12 0x5935c6 in init_db /home/ahunt/oss-fuzz/git/builtin/init-db.c:449:11
git#13 0x59588e in cmd_init_db /home/ahunt/oss-fuzz/git/builtin/init-db.c:714:9
git#14 0x4cd60d in run_builtin /home/ahunt/oss-fuzz/git/git.c:453:11
git#15 0x4cb2da in handle_builtin /home/ahunt/oss-fuzz/git/git.c:704:3
git#16 0x4ccc37 in run_argv /home/ahunt/oss-fuzz/git/git.c:771:4
git#17 0x4cac29 in cmd_main /home/ahunt/oss-fuzz/git/git.c:902:19
git#18 0x69c4de in main /home/ahunt/oss-fuzz/git/common-main.c:52:11
git#19 0x7f23552d6349 in __libc_start_main (/lib64/libc.so.6+0x24349)
Signed-off-by: Andrzej Hunt <ajrhunt@google.com>
ahunt
added a commit
to ahunt/git
that referenced
this pull request
Mar 8, 2021
preprocess_options() allocates new strings for help messages for OPTION_ALIAS. Therefore we also need to clean those help messages up when freeing the returned options. First introduced in: 7c28058 (parse-options: teach "git cmd -h" to show alias as alias, 2020-03-16) The preprocessed options themselves no longer contain any indication that a given option is/was an alias: the easiest and fastest way to figure it out is to look back at the original options. Alternatively we could iterate over the alias_groups list - but that would require nested looping and is likely to be a (little) less efficient. As far as I can tell, parse_options() is only ever used once per command, and the help messages are small - hence this leak has very little impact. This leak was found while running t0001. LSAN output can be found below: Direct leak of 65 byte(s) in 1 object(s) allocated from: #0 0x49a859 in realloc /home/abuild/rpmbuild/BUILD/llvm-11.0.0.src/build/../projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:164:3 #1 0x9aae36 in xrealloc /home/ahunt/oss-fuzz/git/wrapper.c:126:8 #2 0x939d8d in strbuf_grow /home/ahunt/oss-fuzz/git/strbuf.c:98:2 #3 0x93b936 in strbuf_vaddf /home/ahunt/oss-fuzz/git/strbuf.c:392:3 #4 0x93b7ff in strbuf_addf /home/ahunt/oss-fuzz/git/strbuf.c:333:2 #5 0x86747e in preprocess_options /home/ahunt/oss-fuzz/git/parse-options.c:666:3 #6 0x866ed2 in parse_options /home/ahunt/oss-fuzz/git/parse-options.c:847:17 #7 0x51c4a7 in cmd_clone /home/ahunt/oss-fuzz/git/builtin/clone.c:989:9 git#8 0x4cd60d in run_builtin /home/ahunt/oss-fuzz/git/git.c:453:11 git#9 0x4cb2da in handle_builtin /home/ahunt/oss-fuzz/git/git.c:704:3 git#10 0x4ccc37 in run_argv /home/ahunt/oss-fuzz/git/git.c:771:4 git#11 0x4cac29 in cmd_main /home/ahunt/oss-fuzz/git/git.c:902:19 git#12 0x69c9fe in main /home/ahunt/oss-fuzz/git/common-main.c:52:11 git#13 0x7fdac42d4349 in __libc_start_main (/lib64/libc.so.6+0x24349) Signed-off-by: Andrzej Hunt <ajrhunt@google.com>
ahunt
added a commit
to ahunt/git
that referenced
this pull request
Mar 8, 2021
Make sure that we release the temporary strbuf during dwim_branch() for all codepaths (and not just the early return). This leak appears to have been introduced in: f60a7b7 (worktree: teach "add" to check out existing branches, 2018-04-24) Note that UNLEAK(branchname) is still needed: the returned result is used in add(), and is stored in a pointer which is used to point at one of: - a string literal - member of an array owned outside of cmd_worktree - or our newly allocated string returned from dwim_branch() Fixing that leak isn't impossible, but does not seem worthwhile given that add() is called directly from cmd_main(), and cmd_main() returns immediately thereafter - UNLEAK is good enough. This leak was found when running t0001 with LSAN, see also LSAN output below: Direct leak of 60 byte(s) in 1 object(s) allocated from: #0 0x49a859 in realloc /home/abuild/rpmbuild/BUILD/llvm-11.0.0.src/build/../projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:164:3 #1 0x9ab076 in xrealloc /home/ahunt/oss-fuzz/git/wrapper.c:126:8 #2 0x939fcd in strbuf_grow /home/ahunt/oss-fuzz/git/strbuf.c:98:2 #3 0x93af53 in strbuf_splice /home/ahunt/oss-fuzz/git/strbuf.c:239:3 #4 0x83559a in strbuf_check_branch_ref /home/ahunt/oss-fuzz/git/object-name.c:1593:2 #5 0x6988b9 in dwim_branch /home/ahunt/oss-fuzz/git/builtin/worktree.c:454:20 #6 0x695f8f in add /home/ahunt/oss-fuzz/git/builtin/worktree.c:525:19 #7 0x694a04 in cmd_worktree /home/ahunt/oss-fuzz/git/builtin/worktree.c:1036:10 git#8 0x4cd60d in run_builtin /home/ahunt/oss-fuzz/git/git.c:453:11 git#9 0x4cb2da in handle_builtin /home/ahunt/oss-fuzz/git/git.c:704:3 git#10 0x4ccc37 in run_argv /home/ahunt/oss-fuzz/git/git.c:771:4 git#11 0x4cac29 in cmd_main /home/ahunt/oss-fuzz/git/git.c:902:19 git#12 0x69caee in main /home/ahunt/oss-fuzz/git/common-main.c:52:11 git#13 0x7f7b7dd10349 in __libc_start_main (/lib64/libc.so.6+0x24349) Signed-off-by: Andrzej Hunt <ajrhunt@google.com>
ahunt
added a commit
to ahunt/git
that referenced
this pull request
Mar 8, 2021
The primary goal of this change is to stop leaking init_db_template_dir. This
leak can happen because:
1. git_init_db_config() allocates new memory into init_db_template_dir without
first freeing.
2. init_db_template_dir might already contain data, either because:
2.1 git_config() can be invoked twice with this callback in a single process -
at least 2 allocations are likely.
2.2 A single git_config() allocation can invoke the callback multiple times for
a given key (see further explanation in the function docs) - each of those
calls will trigger another leak.
The simplest fix for the leak would be to free(init_db_template_dir) before
overwriting it. Instead we convert to git_config_get_value() as that is more
explicit, seemingly more efficient, AND avoids allocations (the returned result
is owned by the config cache, so we aren't responsible for freeing it).
By removing init_db_template_dir, git_init_db_config() ends up only being
responsible for forwarding core.* config values to platform_core_config().
However platform_core_config() already ignores non-core.* config values,
so we can safely remove git_init_db_config() and invoke git_config() directly on
platform_core_config().
The platform_core_config forwarding was originally added in:
2878533 (mingw: respect core.hidedotfiles = false in git-init again, 2019-03-11
I suspect the potential for a leak existed since the original implementation of
git_init_db_config in:
90b4518 (Add `init.templatedir` configuration variable., 2010-02-17)
LSAN output from t0001:
Direct leak of 73 byte(s) in 1 object(s) allocated from:
#0 0x49a859 in realloc /home/abuild/rpmbuild/BUILD/llvm-11.0.0.src/build/../projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:164:3
#1 0x9a7276 in xrealloc /home/ahunt/oss-fuzz/git/wrapper.c:126:8
#2 0x9362ad in strbuf_grow /home/ahunt/oss-fuzz/git/strbuf.c:98:2
#3 0x936eaa in strbuf_add /home/ahunt/oss-fuzz/git/strbuf.c:295:2
#4 0x868112 in strbuf_addstr /home/ahunt/oss-fuzz/git/./strbuf.h:304:2
#5 0x86a8ad in expand_user_path /home/ahunt/oss-fuzz/git/path.c:758:2
#6 0x720bb1 in git_config_pathname /home/ahunt/oss-fuzz/git/config.c:1287:10
#7 0x5960e2 in git_init_db_config /home/ahunt/oss-fuzz/git/builtin/init-db.c:161:11
git#8 0x7255b8 in configset_iter /home/ahunt/oss-fuzz/git/config.c:1982:7
git#9 0x7253fc in repo_config /home/ahunt/oss-fuzz/git/config.c:2311:2
git#10 0x725ca7 in git_config /home/ahunt/oss-fuzz/git/config.c:2399:2
git#11 0x593e8d in create_default_files /home/ahunt/oss-fuzz/git/builtin/init-db.c:225:2
git#12 0x5935c6 in init_db /home/ahunt/oss-fuzz/git/builtin/init-db.c:449:11
git#13 0x59588e in cmd_init_db /home/ahunt/oss-fuzz/git/builtin/init-db.c:714:9
git#14 0x4cd60d in run_builtin /home/ahunt/oss-fuzz/git/git.c:453:11
git#15 0x4cb2da in handle_builtin /home/ahunt/oss-fuzz/git/git.c:704:3
git#16 0x4ccc37 in run_argv /home/ahunt/oss-fuzz/git/git.c:771:4
git#17 0x4cac29 in cmd_main /home/ahunt/oss-fuzz/git/git.c:902:19
git#18 0x69c4de in main /home/ahunt/oss-fuzz/git/common-main.c:52:11
git#19 0x7f23552d6349 in __libc_start_main (/lib64/libc.so.6+0x24349)
Signed-off-by: Andrzej Hunt <ajrhunt@google.com>
ahunt
added a commit
to ahunt/git
that referenced
this pull request
Mar 8, 2021
preprocess_options() allocates new strings for help messages for OPTION_ALIAS. Therefore we also need to clean those help messages up when freeing the returned options. First introduced in: 7c28058 (parse-options: teach "git cmd -h" to show alias as alias, 2020-03-16) The preprocessed options themselves no longer contain any indication that a given option is/was an alias: the easiest and fastest way to figure it out is to look back at the original options. Alternatively we could iterate over the alias_groups list - but that would require nested looping and is likely to be a (little) less efficient. As far as I can tell, parse_options() is only ever used once per command, and the help messages are small - hence this leak has very little impact. This leak was found while running t0001. LSAN output can be found below: Direct leak of 65 byte(s) in 1 object(s) allocated from: #0 0x49a859 in realloc /home/abuild/rpmbuild/BUILD/llvm-11.0.0.src/build/../projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:164:3 #1 0x9aae36 in xrealloc /home/ahunt/oss-fuzz/git/wrapper.c:126:8 #2 0x939d8d in strbuf_grow /home/ahunt/oss-fuzz/git/strbuf.c:98:2 #3 0x93b936 in strbuf_vaddf /home/ahunt/oss-fuzz/git/strbuf.c:392:3 #4 0x93b7ff in strbuf_addf /home/ahunt/oss-fuzz/git/strbuf.c:333:2 #5 0x86747e in preprocess_options /home/ahunt/oss-fuzz/git/parse-options.c:666:3 #6 0x866ed2 in parse_options /home/ahunt/oss-fuzz/git/parse-options.c:847:17 #7 0x51c4a7 in cmd_clone /home/ahunt/oss-fuzz/git/builtin/clone.c:989:9 git#8 0x4cd60d in run_builtin /home/ahunt/oss-fuzz/git/git.c:453:11 git#9 0x4cb2da in handle_builtin /home/ahunt/oss-fuzz/git/git.c:704:3 git#10 0x4ccc37 in run_argv /home/ahunt/oss-fuzz/git/git.c:771:4 git#11 0x4cac29 in cmd_main /home/ahunt/oss-fuzz/git/git.c:902:19 git#12 0x69c9fe in main /home/ahunt/oss-fuzz/git/common-main.c:52:11 git#13 0x7fdac42d4349 in __libc_start_main (/lib64/libc.so.6+0x24349) Signed-off-by: Andrzej Hunt <ajrhunt@google.com>
ahunt
added a commit
to ahunt/git
that referenced
this pull request
Mar 8, 2021
This leak has existed since: 9ab55da (git symbolic-ref --delete $symref, 2012-10-21) This leak was found when running t0001 with LSAN, see also LSAN output below: Direct leak of 19 byte(s) in 1 object(s) allocated from: #0 0x486514 in strdup /home/abuild/rpmbuild/BUILD/llvm-11.0.0.src/build/../projects/compiler-rt/lib/asan/asan_interceptors.cpp:452:3 #1 0x9ab048 in xstrdup /home/ahunt/oss-fuzz/git/wrapper.c:29:14 #2 0x8b452f in refs_shorten_unambiguous_ref /home/ahunt/oss-fuzz/git/refs.c #3 0x8b47e8 in shorten_unambiguous_ref /home/ahunt/oss-fuzz/git/refs.c:1287:9 #4 0x679fce in check_symref /home/ahunt/oss-fuzz/git/builtin/symbolic-ref.c:28:14 #5 0x679ad8 in cmd_symbolic_ref /home/ahunt/oss-fuzz/git/builtin/symbolic-ref.c:70:9 #6 0x4cd60d in run_builtin /home/ahunt/oss-fuzz/git/git.c:453:11 #7 0x4cb2da in handle_builtin /home/ahunt/oss-fuzz/git/git.c:704:3 git#8 0x4ccc37 in run_argv /home/ahunt/oss-fuzz/git/git.c:771:4 git#9 0x4cac29 in cmd_main /home/ahunt/oss-fuzz/git/git.c:902:19 git#10 0x69cc6e in main /home/ahunt/oss-fuzz/git/common-main.c:52:11 git#11 0x7f98388a4349 in __libc_start_main (/lib64/libc.so.6+0x24349) Signed-off-by: Andrzej Hunt <ajrhunt@google.com>
ahunt
added a commit
to ahunt/git
that referenced
this pull request
Mar 8, 2021
dwim_ref() allocs a new string into ref. Instead of setting to NULL to discard it, we can FREE_AND_NULL. This leak appears to have been introduced in: 4cf76f6 (builtin/reset: compute checkout metadata for reset, 2020-03-16) This leak was found when running t0001 with LSAN, see also LSAN output below: Direct leak of 5 byte(s) in 1 object(s) allocated from: #0 0x486514 in strdup /home/abuild/rpmbuild/BUILD/llvm-11.0.0.src/build/../projects/compiler-rt/lib/asan/asan_interceptors.cpp:452:3 #1 0x9a7108 in xstrdup /home/ahunt/oss-fuzz/git/wrapper.c:29:14 #2 0x8add6b in expand_ref /home/ahunt/oss-fuzz/git/refs.c:670:12 #3 0x8ad777 in repo_dwim_ref /home/ahunt/oss-fuzz/git/refs.c:644:22 #4 0x6394af in dwim_ref /home/ahunt/oss-fuzz/git/./refs.h:162:9 #5 0x637e5c in cmd_reset /home/ahunt/oss-fuzz/git/builtin/reset.c:426:4 #6 0x4cd60d in run_builtin /home/ahunt/oss-fuzz/git/git.c:453:11 #7 0x4cb2da in handle_builtin /home/ahunt/oss-fuzz/git/git.c:704:3 git#8 0x4ccc37 in run_argv /home/ahunt/oss-fuzz/git/git.c:771:4 git#9 0x4cac29 in cmd_main /home/ahunt/oss-fuzz/git/git.c:902:19 git#10 0x69c5ce in main /home/ahunt/oss-fuzz/git/common-main.c:52:11 git#11 0x7f57ebb9d349 in __libc_start_main (/lib64/libc.so.6+0x24349) Signed-off-by: Andrzej Hunt <ajrhunt@google.com>
ahunt
added a commit
to ahunt/git
that referenced
this pull request
Mar 8, 2021
Most of these pointers can safely be freed when cmd_clone() completes, therefore we make sure to free them. The one exception is that we have to UNLEAK(repo) because it can point either to argv[0], or a malloc'd string returned by absolute_pathdup(). We also have to free(path) in the middle of cmd_clone(): later during cmd_clone(), path is unconditionally overwritten with a different path, triggering a leak. Freeing the first path immediately after use (but only in the case where it contains data) seems like the cleanest solution, as opposed to freeing it unconditionally before path is reused for another path. This leak appears to have been introduced in: f38aa83 (use local cloning if insteadOf makes a local URL, 2014-07-17) These leaks were found when running t0001 with LSAN, see also an excerpt of the LSAN output below (the full list is omitted because it's far too long, and mostly consists of indirect leakage of members of the refs we are freeing). Direct leak of 178 byte(s) in 1 object(s) allocated from: #0 0x49a53d in malloc /home/abuild/rpmbuild/BUILD/llvm-11.0.0.src/build/../projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:145:3 #1 0x9a6ff4 in do_xmalloc /home/ahunt/oss-fuzz/git/wrapper.c:41:8 #2 0x9a6fca in xmalloc /home/ahunt/oss-fuzz/git/wrapper.c:62:9 #3 0x8ce296 in copy_ref /home/ahunt/oss-fuzz/git/remote.c:885:8 #4 0x8d2ebd in guess_remote_head /home/ahunt/oss-fuzz/git/remote.c:2215:10 #5 0x51d0c5 in cmd_clone /home/ahunt/oss-fuzz/git/builtin/clone.c:1308:4 #6 0x4cd60d in run_builtin /home/ahunt/oss-fuzz/git/git.c:453:11 #7 0x4cb2da in handle_builtin /home/ahunt/oss-fuzz/git/git.c:704:3 git#8 0x4ccc37 in run_argv /home/ahunt/oss-fuzz/git/git.c:771:4 git#9 0x4cac29 in cmd_main /home/ahunt/oss-fuzz/git/git.c:902:19 git#10 0x69c45e in main /home/ahunt/oss-fuzz/git/common-main.c:52:11 git#11 0x7f6a459d5349 in __libc_start_main (/lib64/libc.so.6+0x24349) Direct leak of 165 byte(s) in 1 object(s) allocated from: #0 0x49a53d in malloc /home/abuild/rpmbuild/BUILD/llvm-11.0.0.src/build/../projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:145:3 #1 0x9a6fc4 in do_xmalloc /home/ahunt/oss-fuzz/git/wrapper.c:41:8 #2 0x9a6f9a in xmalloc /home/ahunt/oss-fuzz/git/wrapper.c:62:9 #3 0x8ce266 in copy_ref /home/ahunt/oss-fuzz/git/remote.c:885:8 #4 0x51e9bd in wanted_peer_refs /home/ahunt/oss-fuzz/git/builtin/clone.c:574:21 #5 0x51cfe1 in cmd_clone /home/ahunt/oss-fuzz/git/builtin/clone.c:1284:17 #6 0x4cd60d in run_builtin /home/ahunt/oss-fuzz/git/git.c:453:11 vv #7 0x4cb2da in handle_builtin /home/ahunt/oss-fuzz/git/git.c:704:3 git#8 0x4ccc37 in run_argv /home/ahunt/oss-fuzz/git/git.c:771:4 git#9 0x4cac29 in cmd_main /home/ahunt/oss-fuzz/git/git.c:902:19 git#10 0x69c42e in main /home/ahunt/oss-fuzz/git/common-main.c:52:11 git#11 0x7f8fef0c2349 in __libc_start_main (/lib64/libc.so.6+0x24349) Direct leak of 165 byte(s) in 1 object(s) allocated from: #0 0x49a6b2 in calloc /home/abuild/rpmbuild/BUILD/llvm-11.0.0.src/build/../projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:154:3 #1 0x9a72f2 in xcalloc /home/ahunt/oss-fuzz/git/wrapper.c:140:8 #2 0x8ce203 in alloc_ref_with_prefix /home/ahunt/oss-fuzz/git/remote.c:867:20 #3 0x8ce1a2 in alloc_ref /home/ahunt/oss-fuzz/git/remote.c:875:9 #4 0x72f63e in process_ref_v2 /home/ahunt/oss-fuzz/git/connect.c:426:8 #5 0x72f21a in get_remote_refs /home/ahunt/oss-fuzz/git/connect.c:525:8 #6 0x979ab7 in handshake /home/ahunt/oss-fuzz/git/transport.c:305:4 #7 0x97872d in get_refs_via_connect /home/ahunt/oss-fuzz/git/transport.c:339:9 git#8 0x9774b5 in transport_get_remote_refs /home/ahunt/oss-fuzz/git/transport.c:1388:4 git#9 0x51cf80 in cmd_clone /home/ahunt/oss-fuzz/git/builtin/clone.c:1271:9 git#10 0x4cd60d in run_builtin /home/ahunt/oss-fuzz/git/git.c:453:11 git#11 0x4cb2da in handle_builtin /home/ahunt/oss-fuzz/git/git.c:704:3 git#12 0x4ccc37 in run_argv /home/ahunt/oss-fuzz/git/git.c:771:4 git#13 0x4cac29 in cmd_main /home/ahunt/oss-fuzz/git/git.c:902:19 git#14 0x69c45e in main /home/ahunt/oss-fuzz/git/common-main.c:52:11 git#15 0x7f6a459d5349 in __libc_start_main (/lib64/libc.so.6+0x24349) Direct leak of 178 byte(s) in 1 object(s) allocated from: #0 0x49a53d in malloc /home/abuild/rpmbuild/BUILD/llvm-11.0.0.src/build/../projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:145:3 #1 0x9a6ff4 in do_xmalloc /home/ahunt/oss-fuzz/git/wrapper.c:41:8 #2 0x9a6fca in xmalloc /home/ahunt/oss-fuzz/git/wrapper.c:62:9 #3 0x8ce296 in copy_ref /home/ahunt/oss-fuzz/git/remote.c:885:8 #4 0x8d2ebd in guess_remote_head /home/ahunt/oss-fuzz/git/remote.c:2215:10 #5 0x51d0c5 in cmd_clone /home/ahunt/oss-fuzz/git/builtin/clone.c:1308:4 #6 0x4cd60d in run_builtin /home/ahunt/oss-fuzz/git/git.c:453:11 #7 0x4cb2da in handle_builtin /home/ahunt/oss-fuzz/git/git.c:704:3 git#8 0x4ccc37 in run_argv /home/ahunt/oss-fuzz/git/git.c:771:4 git#9 0x4cac29 in cmd_main /home/ahunt/oss-fuzz/git/git.c:902:19 git#10 0x69c45e in main /home/ahunt/oss-fuzz/git/common-main.c:52:11 git#11 0x7f6a459d5349 in __libc_start_main (/lib64/libc.so.6+0x24349) Direct leak of 165 byte(s) in 1 object(s) allocated from: #0 0x49a6b2 in calloc /home/abuild/rpmbuild/BUILD/llvm-11.0.0.src/build/../projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:154:3 #1 0x9a72f2 in xcalloc /home/ahunt/oss-fuzz/git/wrapper.c:140:8 #2 0x8ce203 in alloc_ref_with_prefix /home/ahunt/oss-fuzz/git/remote.c:867:20 #3 0x8ce1a2 in alloc_ref /home/ahunt/oss-fuzz/git/remote.c:875:9 #4 0x72f63e in process_ref_v2 /home/ahunt/oss-fuzz/git/connect.c:426:8 #5 0x72f21a in get_remote_refs /home/ahunt/oss-fuzz/git/connect.c:525:8 #6 0x979ab7 in handshake /home/ahunt/oss-fuzz/git/transport.c:305:4 #7 0x97872d in get_refs_via_connect /home/ahunt/oss-fuzz/git/transport.c:339:9 git#8 0x9774b5 in transport_get_remote_refs /home/ahunt/oss-fuzz/git/transport.c:1388:4 git#9 0x51cf80 in cmd_clone /home/ahunt/oss-fuzz/git/builtin/clone.c:1271:9 git#10 0x4cd60d in run_builtin /home/ahunt/oss-fuzz/git/git.c:453:11 git#11 0x4cb2da in handle_builtin /home/ahunt/oss-fuzz/git/git.c:704:3 git#12 0x4ccc37 in run_argv /home/ahunt/oss-fuzz/git/git.c:771:4 git#13 0x4cac29 in cmd_main /home/ahunt/oss-fuzz/git/git.c:902:19 git#14 0x69c45e in main /home/ahunt/oss-fuzz/git/common-main.c:52:11 git#15 0x7f6a459d5349 in __libc_start_main (/lib64/libc.so.6+0x24349) Direct leak of 105 byte(s) in 1 object(s) allocated from: #0 0x49a859 in realloc /home/abuild/rpmbuild/BUILD/llvm-11.0.0.src/build/../projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:164:3 #1 0x9a71f6 in xrealloc /home/ahunt/oss-fuzz/git/wrapper.c:126:8 #2 0x93622d in strbuf_grow /home/ahunt/oss-fuzz/git/strbuf.c:98:2 #3 0x937a73 in strbuf_addch /home/ahunt/oss-fuzz/git/./strbuf.h:231:3 #4 0x939fcd in strbuf_add_absolute_path /home/ahunt/oss-fuzz/git/strbuf.c:911:4 #5 0x69d3ce in absolute_pathdup /home/ahunt/oss-fuzz/git/abspath.c:261:2 #6 0x51c688 in cmd_clone /home/ahunt/oss-fuzz/git/builtin/clone.c:1021:10 #7 0x4cd60d in run_builtin /home/ahunt/oss-fuzz/git/git.c:453:11 git#8 0x4cb2da in handle_builtin /home/ahunt/oss-fuzz/git/git.c:704:3 git#9 0x4ccc37 in run_argv /home/ahunt/oss-fuzz/git/git.c:771:4 git#10 0x4cac29 in cmd_main /home/ahunt/oss-fuzz/git/git.c:902:19 git#11 0x69c45e in main /home/ahunt/oss-fuzz/git/common-main.c:52:11 git#12 0x7f6a459d5349 in __libc_start_main (/lib64/libc.so.6+0x24349) Signed-off-by: Andrzej Hunt <ajrhunt@google.com>
ahunt
added a commit
to ahunt/git
that referenced
this pull request
Mar 8, 2021
Make sure that we release the temporary strbuf during dwim_branch() for all codepaths (and not just for the early return). This leak appears to have been introduced in: f60a7b7 (worktree: teach "add" to check out existing branches, 2018-04-24) Note that UNLEAK(branchname) is still needed: the returned result is used in add(), and is stored in a pointer which is used to point at one of: - a string literal ("HEAD") - member of argv (whatever the user specified in their invocation) - or our newly allocated string returned from dwim_branch() Fixing this leak isn't impossible, but does not seem worthwhile given that add() is called directly from cmd_main(), and cmd_main() returns immediately thereafter - UNLEAK is good enough. This leak was found when running t0001 with LSAN, see also LSAN output below: Direct leak of 60 byte(s) in 1 object(s) allocated from: #0 0x49a859 in realloc /home/abuild/rpmbuild/BUILD/llvm-11.0.0.src/build/../projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:164:3 #1 0x9ab076 in xrealloc /home/ahunt/oss-fuzz/git/wrapper.c:126:8 #2 0x939fcd in strbuf_grow /home/ahunt/oss-fuzz/git/strbuf.c:98:2 #3 0x93af53 in strbuf_splice /home/ahunt/oss-fuzz/git/strbuf.c:239:3 #4 0x83559a in strbuf_check_branch_ref /home/ahunt/oss-fuzz/git/object-name.c:1593:2 #5 0x6988b9 in dwim_branch /home/ahunt/oss-fuzz/git/builtin/worktree.c:454:20 #6 0x695f8f in add /home/ahunt/oss-fuzz/git/builtin/worktree.c:525:19 #7 0x694a04 in cmd_worktree /home/ahunt/oss-fuzz/git/builtin/worktree.c:1036:10 git#8 0x4cd60d in run_builtin /home/ahunt/oss-fuzz/git/git.c:453:11 git#9 0x4cb2da in handle_builtin /home/ahunt/oss-fuzz/git/git.c:704:3 git#10 0x4ccc37 in run_argv /home/ahunt/oss-fuzz/git/git.c:771:4 git#11 0x4cac29 in cmd_main /home/ahunt/oss-fuzz/git/git.c:902:19 git#12 0x69caee in main /home/ahunt/oss-fuzz/git/common-main.c:52:11 git#13 0x7f7b7dd10349 in __libc_start_main (/lib64/libc.so.6+0x24349) Signed-off-by: Andrzej Hunt <ajrhunt@google.com>
ahunt
added a commit
to ahunt/git
that referenced
this pull request
Mar 8, 2021
The primary goal of this change is to stop leaking init_db_template_dir.
This leak can happen because:
1. git_init_db_config() allocates new memory into init_db_template_dir
without first freeing.
2. init_db_template_dir might already contain data, either because:
2.1 git_config() can be invoked twice with this callback in a single
process - at least 2 allocations are likely.
2.2 A single git_config() allocation can invoke the callback multiple
times for a given key (see further explanation in the function
docs) - each of those calls will trigger another leak.
The simplest fix for the leak would be to free(init_db_template_dir)
before overwriting it. Instead we choose to convert to fetching
init.templatedir via git_config_get_value() as that is more explicit,
more efficient, and avoids allocations (the returned result is owned by
the config cache, so we aren't responsible for freeing it).
If we remove init_db_template_dir, git_init_db_config() ends up being
responsible only for forwarding core.* config values to
platform_core_config(). However platform_core_config() already ignores
non-core.* config values, so we can safely remove git_init_db_config()
and invoke git_config() directly with platform_core_config() as the
callback.
The platform_core_config forwarding was originally added in:
2878533 (mingw: respect core.hidedotfiles = false in git-init again, 2019-03-11
And I suspect the potential for a leak existed since the original
implementation of git_init_db_config in:
90b4518 (Add `init.templatedir` configuration variable., 2010-02-17)
LSAN output from t0001:
Direct leak of 73 byte(s) in 1 object(s) allocated from:
#0 0x49a859 in realloc /home/abuild/rpmbuild/BUILD/llvm-11.0.0.src/build/../projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:164:3
#1 0x9a7276 in xrealloc /home/ahunt/oss-fuzz/git/wrapper.c:126:8
#2 0x9362ad in strbuf_grow /home/ahunt/oss-fuzz/git/strbuf.c:98:2
#3 0x936eaa in strbuf_add /home/ahunt/oss-fuzz/git/strbuf.c:295:2
#4 0x868112 in strbuf_addstr /home/ahunt/oss-fuzz/git/./strbuf.h:304:2
#5 0x86a8ad in expand_user_path /home/ahunt/oss-fuzz/git/path.c:758:2
#6 0x720bb1 in git_config_pathname /home/ahunt/oss-fuzz/git/config.c:1287:10
#7 0x5960e2 in git_init_db_config /home/ahunt/oss-fuzz/git/builtin/init-db.c:161:11
git#8 0x7255b8 in configset_iter /home/ahunt/oss-fuzz/git/config.c:1982:7
git#9 0x7253fc in repo_config /home/ahunt/oss-fuzz/git/config.c:2311:2
git#10 0x725ca7 in git_config /home/ahunt/oss-fuzz/git/config.c:2399:2
git#11 0x593e8d in create_default_files /home/ahunt/oss-fuzz/git/builtin/init-db.c:225:2
git#12 0x5935c6 in init_db /home/ahunt/oss-fuzz/git/builtin/init-db.c:449:11
git#13 0x59588e in cmd_init_db /home/ahunt/oss-fuzz/git/builtin/init-db.c:714:9
git#14 0x4cd60d in run_builtin /home/ahunt/oss-fuzz/git/git.c:453:11
git#15 0x4cb2da in handle_builtin /home/ahunt/oss-fuzz/git/git.c:704:3
git#16 0x4ccc37 in run_argv /home/ahunt/oss-fuzz/git/git.c:771:4
git#17 0x4cac29 in cmd_main /home/ahunt/oss-fuzz/git/git.c:902:19
git#18 0x69c4de in main /home/ahunt/oss-fuzz/git/common-main.c:52:11
git#19 0x7f23552d6349 in __libc_start_main (/lib64/libc.so.6+0x24349)
Signed-off-by: Andrzej Hunt <ajrhunt@google.com>
ahunt
added a commit
to ahunt/git
that referenced
this pull request
Mar 8, 2021
preprocess_options() allocates new strings for help messages for OPTION_ALIAS. Therefore we also need to clean those help messages up when freeing the returned options. First introduced in: 7c28058 (parse-options: teach "git cmd -h" to show alias as alias, 2020-03-16) The preprocessed options themselves no longer contain any indication that a given option is/was an alias: the easiest and fastest way to figure it out is to look back at the original options. Alternatively we could iterate over the alias_groups list - but that would require nested looping and is likely to be a (little) less efficient. As far as I can tell, parse_options() is only ever used once per command, and the help messages are small - hence this leak has very little impact. This leak was found while running t0001. LSAN output can be found below: Direct leak of 65 byte(s) in 1 object(s) allocated from: #0 0x49a859 in realloc /home/abuild/rpmbuild/BUILD/llvm-11.0.0.src/build/../projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:164:3 #1 0x9aae36 in xrealloc /home/ahunt/oss-fuzz/git/wrapper.c:126:8 #2 0x939d8d in strbuf_grow /home/ahunt/oss-fuzz/git/strbuf.c:98:2 #3 0x93b936 in strbuf_vaddf /home/ahunt/oss-fuzz/git/strbuf.c:392:3 #4 0x93b7ff in strbuf_addf /home/ahunt/oss-fuzz/git/strbuf.c:333:2 #5 0x86747e in preprocess_options /home/ahunt/oss-fuzz/git/parse-options.c:666:3 #6 0x866ed2 in parse_options /home/ahunt/oss-fuzz/git/parse-options.c:847:17 #7 0x51c4a7 in cmd_clone /home/ahunt/oss-fuzz/git/builtin/clone.c:989:9 git#8 0x4cd60d in run_builtin /home/ahunt/oss-fuzz/git/git.c:453:11 git#9 0x4cb2da in handle_builtin /home/ahunt/oss-fuzz/git/git.c:704:3 git#10 0x4ccc37 in run_argv /home/ahunt/oss-fuzz/git/git.c:771:4 git#11 0x4cac29 in cmd_main /home/ahunt/oss-fuzz/git/git.c:902:19 git#12 0x69c9fe in main /home/ahunt/oss-fuzz/git/common-main.c:52:11 git#13 0x7fdac42d4349 in __libc_start_main (/lib64/libc.so.6+0x24349) Signed-off-by: Andrzej Hunt <ajrhunt@google.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.

i'm a plone developer and we're currently in the process of switching our 60+ packages to git(hub) and we're encouraging contributors to fork them and issue pull requests. this means, that we often end up with multiple origins for a given package and it easily becomes confusing, which remote a branch is tracking, so i've looked into adding it to the bash prompt.
is this useful enough to be included into the main line?