From: Patrick Steinhardt Date: Thu, 1 Aug 2024 10:40:02 +0000 (+0200) Subject: builtin/ls-remote: fix leaking `pattern` strings X-Git-Tag: v2.47.0-rc0~153^2~15 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=4119fc08e2ed5611c21de9162b3ab61ef0014ada;p=thirdparty%2Fgit.git builtin/ls-remote: fix leaking `pattern` strings Users can pass patterns to git-ls-remote(1), which allows them to filter the list of printed references. We assemble those patterns into an array and prefix them with "*/", but never free either the array nor the allocated strings. Refactor the code to use a `struct strvec` instead of manually tracking the strings in an array. Like this, we can easily use `strvec_clear()` to release both the vector and the contained string for us, plugging the leak. Helped-by: Taylor Blau Signed-off-by: Patrick Steinhardt Signed-off-by: Junio C Hamano --- diff --git a/builtin/ls-remote.c b/builtin/ls-remote.c index debf2d4f88..5b61af5d78 100644 --- a/builtin/ls-remote.c +++ b/builtin/ls-remote.c @@ -19,17 +19,16 @@ static const char * const ls_remote_usage[] = { * Is there one among the list of patterns that match the tail part * of the path? */ -static int tail_match(const char **pattern, const char *path) +static int tail_match(const struct strvec *pattern, const char *path) { - const char *p; char *pathbuf; - if (!pattern) + if (!pattern->nr) return 1; /* no restriction */ pathbuf = xstrfmt("/%s", path); - while ((p = *(pattern++)) != NULL) { - if (!wildmatch(p, pathbuf, 0)) { + for (size_t i = 0; i < pattern->nr; i++) { + if (!wildmatch(pattern->v[i], pathbuf, 0)) { free(pathbuf); return 1; } @@ -47,7 +46,7 @@ int cmd_ls_remote(int argc, const char **argv, const char *prefix) int status = 0; int show_symref_target = 0; const char *uploadpack = NULL; - const char **pattern = NULL; + struct strvec pattern = STRVEC_INIT; struct transport_ls_refs_options transport_options = TRANSPORT_LS_REFS_OPTIONS_INIT; int i; @@ -93,13 +92,8 @@ int cmd_ls_remote(int argc, const char **argv, const char *prefix) packet_trace_identity("ls-remote"); - if (argc > 1) { - int i; - CALLOC_ARRAY(pattern, argc); - for (i = 1; i < argc; i++) { - pattern[i - 1] = xstrfmt("*/%s", argv[i]); - } - } + for (int i = 1; i < argc; i++) + strvec_pushf(&pattern, "*/%s", argv[i]); if (flags & REF_TAGS) strvec_push(&transport_options.ref_prefixes, "refs/tags/"); @@ -136,7 +130,7 @@ int cmd_ls_remote(int argc, const char **argv, const char *prefix) struct ref_array_item *item; if (!check_ref_type(ref, flags)) continue; - if (!tail_match(pattern, ref->name)) + if (!tail_match(&pattern, ref->name)) continue; item = ref_array_push(&ref_array, ref->name, &ref->old_oid); item->symref = xstrdup_or_null(ref->symref); @@ -158,5 +152,7 @@ int cmd_ls_remote(int argc, const char **argv, const char *prefix) if (transport_disconnect(transport)) status = 1; transport_ls_refs_options_release(&transport_options); + + strvec_clear(&pattern); return status; } diff --git a/t/t5535-fetch-push-symref.sh b/t/t5535-fetch-push-symref.sh index e8f6d233ff..7122af7fdb 100755 --- a/t/t5535-fetch-push-symref.sh +++ b/t/t5535-fetch-push-symref.sh @@ -2,6 +2,7 @@ test_description='avoiding conflicting update through symref aliasing' +TEST_PASSES_SANITIZE_LEAK=true . ./test-lib.sh test_expect_success 'setup' '