]> git.ipfire.org Git - thirdparty/git.git/commitdiff
reftable: fix unlikely leak on API error
authorJeff King <peff@peff.net>
Sun, 28 Jun 2026 09:03:14 +0000 (05:03 -0400)
committerJunio C Hamano <gitster@pobox.com>
Sun, 28 Jun 2026 15:35:06 +0000 (08:35 -0700)
If the reftable writer sees a bogus block size, we return with
REFTABLE_API_ERROR, leaking the reftable_writer struct we previously
allocated. Originally this case was a BUG(), but it became a regular
return in 445f9f4f35 (reftable: stop using `BUG()` in trivial cases,
2025-02-18).

We could obviously fix it by calling "reftable_free(wp)". But we can
observe that we never use the allocated "wp" until after we've validated
the input options. So let's just bump the allocation down. That fixes
the leak, and I think makes the flow of the function more logical
(we validate our inputs before doing any work).

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
reftable/writer.c

index 0133b649759bcfba8f0e4e89740704da39b78d32..1bd4aa388beb1603f9fa7f14e1fa181a2ccbc772 100644 (file)
@@ -152,16 +152,16 @@ int reftable_writer_new(struct reftable_writer **out,
        struct reftable_write_options opts = {0};
        struct reftable_writer *wp;
 
-       wp = reftable_calloc(1, sizeof(*wp));
-       if (!wp)
-               return REFTABLE_OUT_OF_MEMORY_ERROR;
-
        if (_opts)
                opts = *_opts;
        options_set_defaults(&opts);
        if (opts.block_size >= (1 << 24))
                return REFTABLE_API_ERROR;
 
+       wp = reftable_calloc(1, sizeof(*wp));
+       if (!wp)
+               return REFTABLE_OUT_OF_MEMORY_ERROR;
+
        reftable_buf_init(&wp->block_writer_data.last_key);
        reftable_buf_init(&wp->last_key);
        reftable_buf_init(&wp->scratch);