* [PATCH 0/6] Fix several obvious memory leaks
@ 2013-03-04 12:25 cgit
2013-03-04 12:25 ` [PATCH 1/6] Free reflists after usage cgit
` (6 more replies)
0 siblings, 7 replies; 10+ messages in thread
From: cgit @ 2013-03-04 12:25 UTC (permalink / raw)
This is far from complete but fixes a couple of obvious memory leaks
seen when running `PATH_INFO=/cgit/[...]/ ./cgit` using valgrind.
In particular, this fixes all "definitely lost" block seen with:
* /cgit/refs/
* /cgit/tree/
* /cgit/commit/
* /cgit/diff/
Lukas Fleischer (6):
Free reflists after usage
print_tag_downloads(): Free ref variable
find_default_branch(): Free refmatch after usage
cgit_print_tree(): Free curr_rev after usage
cgit_print_commit(): Free tmp variable
cgit_print_snapshot_links(): Free prefix variable
cgit.c | 8 ++++++++
cgit.h | 1 +
shared.c | 36 ++++++++++++++++++++++++++++++++++++
ui-commit.c | 1 +
ui-refs.c | 12 +++++++++++-
ui-shared.c | 1 +
ui-tree.c | 5 ++++-
7 files changed, 62 insertions(+), 2 deletions(-)
--
1.8.2.rc0.247.g811e0c0
^ permalink raw reply [flat|nested] 10+ messages in thread
* [PATCH 1/6] Free reflists after usage
2013-03-04 12:25 [PATCH 0/6] Fix several obvious memory leaks cgit
@ 2013-03-04 12:25 ` cgit
2013-03-04 12:25 ` [PATCH 2/6] print_tag_downloads(): Free ref variable cgit
` (5 subsequent siblings)
6 siblings, 0 replies; 10+ messages in thread
From: cgit @ 2013-03-04 12:25 UTC (permalink / raw)
Free reflists in cgit_print_branches() and in cgit_print_tags() before
returning reflist structures to the stack.
This fixes following memory leaks seen with "PATH_INFO=/cgit/refs/":
==5710== 1,312 (32 direct, 1,280 indirect) bytes in 1 blocks are definitely lost in loss record 63 of 71
==5710== at 0x4C2C04B: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==5710== by 0x4C2C2FF: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==5710== by 0x46CA9B: xrealloc (wrapper.c:100)
==5710== by 0x40AAA6: cgit_add_ref (shared.c:156)
==5710== by 0x40ABC4: cgit_refs_cb (shared.c:186)
==5710== by 0x44BCBA: do_one_ref (refs.c:527)
==5710== by 0x44D240: do_for_each_ref_in_dir (refs.c:553)
==5710== by 0x44D6BA: do_for_each_ref (refs.c:1298)
==5710== by 0x410FE2: cgit_print_branches (ui-refs.c:191)
==5710== by 0x4111E9: cgit_print_refs (ui-refs.c:244)
==5710== by 0x407C85: refs_fn (cmd.c:105)
==5710== by 0x405DDF: process_request (cgit.c:566)
==5710==
==5710== 6,846 (256 direct, 6,590 indirect) bytes in 1 blocks are definitely lost in loss record 68 of 71
==5710== at 0x4C2C25E: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==5710== by 0x46CA9B: xrealloc (wrapper.c:100)
==5710== by 0x40AAA6: cgit_add_ref (shared.c:156)
==5710== by 0x40ABC4: cgit_refs_cb (shared.c:186)
==5710== by 0x44BCBA: do_one_ref (refs.c:527)
==5710== by 0x44D240: do_for_each_ref_in_dir (refs.c:553)
==5710== by 0x44D6EC: do_for_each_ref (refs.c:1288)
==5710== by 0x4110D5: cgit_print_tags (ui-refs.c:218)
==5710== by 0x4111FD: cgit_print_refs (ui-refs.c:246)
==5710== by 0x407C85: refs_fn (cmd.c:105)
==5710== by 0x405DDF: process_request (cgit.c:566)
==5710== by 0x407490: cache_process (cache.c:322)
Signed-off-by: Lukas Fleischer <cgit at cryptocrack.de>
---
cgit.h | 1 +
shared.c | 36 ++++++++++++++++++++++++++++++++++++
ui-refs.c | 4 ++++
3 files changed, 41 insertions(+)
diff --git a/cgit.h b/cgit.h
index c655bd8..ed5cf14 100644
--- a/cgit.h
+++ b/cgit.h
@@ -304,6 +304,7 @@ extern char *strlpart(char *txt, int maxlen);
extern char *strrpart(char *txt, int maxlen);
extern void cgit_add_ref(struct reflist *list, struct refinfo *ref);
+extern void cgit_free_reflist_inner(struct reflist *list);
extern int cgit_refs_cb(const char *refname, const unsigned char *sha1,
int flags, void *cb_data);
diff --git a/shared.c b/shared.c
index 124d079..cc06930 100644
--- a/shared.c
+++ b/shared.c
@@ -176,6 +176,42 @@ static struct refinfo *cgit_mk_refinfo(const char *refname, const unsigned char
return ref;
}
+static void cgit_free_taginfo(struct taginfo *tag)
+{
+ if (tag->tagger)
+ free(tag->tagger);
+ if (tag->tagger_email)
+ free(tag->tagger_email);
+ if (tag->msg)
+ free(tag->msg);
+ free(tag);
+}
+
+static void cgit_free_refinfo(struct refinfo *ref)
+{
+ if (ref->refname)
+ free((char *)ref->refname);
+ switch (ref->object->type) {
+ case OBJ_TAG:
+ cgit_free_taginfo(ref->tag);
+ break;
+ case OBJ_COMMIT:
+ cgit_free_commitinfo(ref->commit);
+ break;
+ }
+ free(ref);
+}
+
+void cgit_free_reflist_inner(struct reflist *list)
+{
+ int i;
+
+ for (i = 0; i < list->count; i++) {
+ cgit_free_refinfo(list->refs[i]);
+ }
+ free(list->refs);
+}
+
int cgit_refs_cb(const char *refname, const unsigned char *sha1, int flags,
void *cb_data)
{
diff --git a/ui-refs.c b/ui-refs.c
index ce06b08..4a9b8d3 100644
--- a/ui-refs.c
+++ b/ui-refs.c
@@ -205,6 +205,8 @@ void cgit_print_branches(int maxcount)
if (maxcount < list.count)
print_refs_link("heads");
+
+ cgit_free_reflist_inner(&list);
}
void cgit_print_tags(int maxcount)
@@ -229,6 +231,8 @@ void cgit_print_tags(int maxcount)
if (maxcount < list.count)
print_refs_link("tags");
+
+ cgit_free_reflist_inner(&list);
}
void cgit_print_refs()
--
1.8.2.rc0.247.g811e0c0
^ permalink raw reply [flat|nested] 10+ messages in thread
* [PATCH 2/6] print_tag_downloads(): Free ref variable
2013-03-04 12:25 [PATCH 0/6] Fix several obvious memory leaks cgit
2013-03-04 12:25 ` [PATCH 1/6] Free reflists after usage cgit
@ 2013-03-04 12:25 ` cgit
2013-03-04 12:25 ` [PATCH 3/6] find_default_branch(): Free refmatch after usage cgit
` (4 subsequent siblings)
6 siblings, 0 replies; 10+ messages in thread
From: cgit @ 2013-03-04 12:25 UTC (permalink / raw)
Make sure the ref variable is freed if we build a
"$basename-$version"-style ref.
This fixes following memory leak seen with "PATH_INFO=/cgit/refs/":
==8784== 323 bytes in 29 blocks are definitely lost in loss record 41 of 53
==8784== at 0x4C2C04B: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==8784== by 0x56F2DF1: strdup (in /usr/lib/libc-2.17.so)
==8784== by 0x46CA28: xstrdup (wrapper.c:35)
==8784== by 0x410DA6: print_tag_downloads (ui-refs.c:115)
==8784== by 0x410F02: print_tag (ui-refs.c:141)
==8784== by 0x41128B: cgit_print_tags (ui-refs.c:230)
==8784== by 0x41134D: cgit_print_refs (ui-refs.c:250)
==8784== by 0x407C85: refs_fn (cmd.c:105)
==8784== by 0x405DDF: process_request (cgit.c:566)
==8784== by 0x407490: cache_process (cache.c:322)
==8784== by 0x406C18: main (cgit.c:864)
Signed-off-by: Lukas Fleischer <cgit at cryptocrack.de>
---
ui-refs.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/ui-refs.c b/ui-refs.c
index 4a9b8d3..e89f836 100644
--- a/ui-refs.c
+++ b/ui-refs.c
@@ -103,6 +103,7 @@ static void print_tag_downloads(const struct cgit_repo *repo, const char *ref)
const struct cgit_snapshot_format* f;
char *filename;
const char *basename;
+ int free_ref = 0;
if (!ref || strlen(ref) < 2)
return;
@@ -111,8 +112,10 @@ static void print_tag_downloads(const struct cgit_repo *repo, const char *ref)
if (prefixcmp(ref, basename) != 0) {
if ((ref[0] == 'v' || ref[0] == 'V') && isdigit(ref[1]))
ref++;
- if (isdigit(ref[0]))
+ if (isdigit(ref[0])) {
ref = xstrdup(fmt("%s-%s", basename, ref));
+ free_ref = 1;
+ }
}
for (f = cgit_snapshot_formats; f->suffix; f++) {
@@ -122,6 +125,9 @@ static void print_tag_downloads(const struct cgit_repo *repo, const char *ref)
cgit_snapshot_link(filename, NULL, NULL, NULL, NULL, filename);
html(" ");
}
+
+ if (free_ref)
+ free((char *)ref);
}
static int print_tag(struct refinfo *ref)
{
--
1.8.2.rc0.247.g811e0c0
^ permalink raw reply [flat|nested] 10+ messages in thread
* [PATCH 3/6] find_default_branch(): Free refmatch after usage
2013-03-04 12:25 [PATCH 0/6] Fix several obvious memory leaks cgit
2013-03-04 12:25 ` [PATCH 1/6] Free reflists after usage cgit
2013-03-04 12:25 ` [PATCH 2/6] print_tag_downloads(): Free ref variable cgit
@ 2013-03-04 12:25 ` cgit
2013-03-04 12:25 ` [PATCH 4/6] cgit_print_tree(): Free curr_rev " cgit
` (3 subsequent siblings)
6 siblings, 0 replies; 10+ messages in thread
From: cgit @ 2013-03-04 12:25 UTC (permalink / raw)
Fixes following memory leak seen with "PATH_INFO=/cgit/refs/":
==13408== 7 bytes in 1 blocks are definitely lost in loss record 4 of 52
==13408== at 0x4C2C04B: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==13408== by 0x56F2DF1: strdup (in /usr/lib/libc-2.17.so)
==13408== by 0x46CA78: xstrdup (wrapper.c:35)
==13408== by 0x405840: find_current_ref (cgit.c:426)
==13408== by 0x44BE5A: do_one_ref (refs.c:527)
==13408== by 0x44D3E0: do_for_each_ref_in_dir (refs.c:553)
==13408== by 0x44D85A: do_for_each_ref (refs.c:1298)
==13408== by 0x405889: find_default_branch (cgit.c:438)
==13408== by 0x405AC4: prepare_repo_cmd (cgit.c:490)
==13408== by 0x405D97: process_request (cgit.c:557)
==13408== by 0x407490: cache_process (cache.c:322)
==13408== by 0x406C18: main (cgit.c:864)
Signed-off-by: Lukas Fleischer <cgit at cryptocrack.de>
---
cgit.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/cgit.c b/cgit.c
index 5b20de3..afafcce 100644
--- a/cgit.c
+++ b/cgit.c
@@ -427,6 +427,12 @@ static int find_current_ref(const char *refname, const unsigned char *sha1,
return info->match;
}
+static void free_refmatch_inner(struct refmatch *info)
+{
+ if (info->first_ref)
+ free(info->first_ref);
+}
+
static char *find_default_branch(struct cgit_repo *repo)
{
struct refmatch info;
@@ -442,6 +448,8 @@ static char *find_default_branch(struct cgit_repo *repo)
ref = info.first_ref;
if (ref)
ref = xstrdup(ref);
+ free_refmatch_inner(&info);
+
return ref;
}
--
1.8.2.rc0.247.g811e0c0
^ permalink raw reply [flat|nested] 10+ messages in thread
* [PATCH 4/6] cgit_print_tree(): Free curr_rev after usage
2013-03-04 12:25 [PATCH 0/6] Fix several obvious memory leaks cgit
` (2 preceding siblings ...)
2013-03-04 12:25 ` [PATCH 3/6] find_default_branch(): Free refmatch after usage cgit
@ 2013-03-04 12:25 ` cgit
2013-03-05 1:36 ` Jason
2013-03-04 12:25 ` [PATCH 5/6] cgit_print_commit(): Free tmp variable cgit
` (2 subsequent siblings)
6 siblings, 1 reply; 10+ messages in thread
From: cgit @ 2013-03-04 12:25 UTC (permalink / raw)
Fixes following memory leak seen with "PATH_INFO=/cgit/tree/":
==15715== 7 bytes in 1 blocks are definitely lost in loss record 4 of 51
==15715== at 0x4C2C04B: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==15715== by 0x56F2DF1: strdup (in /usr/lib/libc-2.17.so)
==15715== by 0x46CAA8: xstrdup (wrapper.c:35)
==15715== by 0x418A4C: cgit_print_tree (ui-tree.c:274)
==15715== by 0x407D91: tree_fn (cmd.c:131)
==15715== by 0x405E16: process_request (cgit.c:574)
==15715== by 0x4074C8: cache_process (cache.c:322)
==15715== by 0x406C4F: main (cgit.c:872)
Signed-off-by: Lukas Fleischer <cgit at cryptocrack.de>
---
ui-tree.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/ui-tree.c b/ui-tree.c
index 561f9e7..d74f048 100644
--- a/ui-tree.c
+++ b/ui-tree.c
@@ -271,7 +271,6 @@ void cgit_print_tree(const char *rev, char *path)
if (!rev)
rev = ctx.qry.head;
- walk_tree_ctx.curr_rev = xstrdup(rev);
if (get_sha1(rev, sha1)) {
cgit_print_error(fmt("Invalid revision name: %s", rev));
return;
@@ -282,12 +281,16 @@ void cgit_print_tree(const char *rev, char *path)
return;
}
+ walk_tree_ctx.curr_rev = xstrdup(rev);
+
if (path == NULL) {
ls_tree(commit->tree->object.sha1, NULL, &walk_tree_ctx);
+ free(walk_tree_ctx.curr_rev);
return;
}
read_tree_recursive(commit->tree, "", 0, 0, &paths, walk_tree, &walk_tree_ctx);
if (walk_tree_ctx.state == 1)
ls_tail();
+ free(walk_tree_ctx.curr_rev);
}
--
1.8.2.rc0.247.g811e0c0
^ permalink raw reply [flat|nested] 10+ messages in thread
* [PATCH 5/6] cgit_print_commit(): Free tmp variable
2013-03-04 12:25 [PATCH 0/6] Fix several obvious memory leaks cgit
` (3 preceding siblings ...)
2013-03-04 12:25 ` [PATCH 4/6] cgit_print_tree(): Free curr_rev " cgit
@ 2013-03-04 12:25 ` cgit
2013-03-04 12:25 ` [PATCH 6/6] cgit_print_snapshot_links(): Free prefix variable cgit
2013-03-05 0:53 ` [PATCH 0/6] Fix several obvious memory leaks Jason
6 siblings, 0 replies; 10+ messages in thread
From: cgit @ 2013-03-04 12:25 UTC (permalink / raw)
Fixes following memory leak seen with "PATH_INFO=/cgit/commit/":
==16894== 7 bytes in 1 blocks are definitely lost in loss record 4 of 92
==16894== at 0x4C2C04B: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==16894== by 0x56F2DF1: strdup (in /usr/lib/libc-2.17.so)
==16894== by 0x46CAC8: xstrdup (wrapper.c:35)
==16894== by 0x40CD6F: cgit_print_commit (ui-commit.c:70)
==16894== by 0x407B06: commit_fn (cmd.c:54)
==16894== by 0x405E16: process_request (cgit.c:574)
==16894== by 0x4074C8: cache_process (cache.c:322)
==16894== by 0x406C4F: main (cgit.c:872)
Signed-off-by: Lukas Fleischer <cgit at cryptocrack.de>
---
ui-commit.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/ui-commit.c b/ui-commit.c
index 74f37c8..0783285 100644
--- a/ui-commit.c
+++ b/ui-commit.c
@@ -74,6 +74,7 @@ void cgit_print_commit(char *hex, const char *prefix)
html(" /");
cgit_tree_link(prefix, NULL, NULL, ctx.qry.head, tmp, prefix);
}
+ free(tmp);
html("</td></tr>\n");
for (p = commit->parents; p; p = p->next) {
parent = lookup_commit_reference(p->item->object.sha1);
--
1.8.2.rc0.247.g811e0c0
^ permalink raw reply [flat|nested] 10+ messages in thread
* [PATCH 6/6] cgit_print_snapshot_links(): Free prefix variable
2013-03-04 12:25 [PATCH 0/6] Fix several obvious memory leaks cgit
` (4 preceding siblings ...)
2013-03-04 12:25 ` [PATCH 5/6] cgit_print_commit(): Free tmp variable cgit
@ 2013-03-04 12:25 ` cgit
2013-03-05 0:53 ` [PATCH 0/6] Fix several obvious memory leaks Jason
6 siblings, 0 replies; 10+ messages in thread
From: cgit @ 2013-03-04 12:25 UTC (permalink / raw)
Fixes following memory leak seen with "PATH_INFO=/cgit/commit/":
==16894== 12 bytes in 1 blocks are definitely lost in loss record 9 of 92
==16894== at 0x4C2C04B: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==16894== by 0x56F2DF1: strdup (in /usr/lib/libc-2.17.so)
==16894== by 0x46CAC8: xstrdup (wrapper.c:35)
==16894== by 0x414E34: cgit_print_snapshot_links (ui-shared.c:926)
==16894== by 0x40CFA1: cgit_print_commit (ui-commit.c:102)
==16894== by 0x407B06: commit_fn (cmd.c:54)
==16894== by 0x405E16: process_request (cgit.c:574)
==16894== by 0x4074C8: cache_process (cache.c:322)
==16894== by 0x406C4F: main (cgit.c:872)
Signed-off-by: Lukas Fleischer <cgit at cryptocrack.de>
---
ui-shared.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/ui-shared.c b/ui-shared.c
index 77a302d..d3e6488 100644
--- a/ui-shared.c
+++ b/ui-shared.c
@@ -931,4 +931,5 @@ void cgit_print_snapshot_links(const char *repo, const char *head,
cgit_snapshot_link(filename, NULL, NULL, NULL, NULL, filename);
html("<br/>");
}
+ free(prefix);
}
--
1.8.2.rc0.247.g811e0c0
^ permalink raw reply [flat|nested] 10+ messages in thread
* [PATCH 0/6] Fix several obvious memory leaks
2013-03-04 12:25 [PATCH 0/6] Fix several obvious memory leaks cgit
` (5 preceding siblings ...)
2013-03-04 12:25 ` [PATCH 6/6] cgit_print_snapshot_links(): Free prefix variable cgit
@ 2013-03-05 0:53 ` Jason
2013-03-05 1:50 ` Jason
6 siblings, 1 reply; 10+ messages in thread
From: Jason @ 2013-03-05 0:53 UTC (permalink / raw)
On Mon, Mar 4, 2013 at 7:25 AM, Lukas Fleischer <cgit at cryptocrack.de> wrote:
> This is far from complete but fixes a couple of obvious memory leaks
> seen when running `PATH_INFO=/cgit/[...]/ ./cgit` using valgrind.
I'm putting these in the lf/memleak branch for now. It's important
that I spend a bit of time checking these carefully, because the big
risk we take with free(3)ing with a sledge-hammer is that we introduce
use-after-frees.
^ permalink raw reply [flat|nested] 10+ messages in thread
* [PATCH 4/6] cgit_print_tree(): Free curr_rev after usage
2013-03-04 12:25 ` [PATCH 4/6] cgit_print_tree(): Free curr_rev " cgit
@ 2013-03-05 1:36 ` Jason
0 siblings, 0 replies; 10+ messages in thread
From: Jason @ 2013-03-05 1:36 UTC (permalink / raw)
On Mon, Mar 4, 2013 at 7:25 AM, Lukas Fleischer <cgit at cryptocrack.de> wrote:
> if (path == NULL) {
> ls_tree(commit->tree->object.sha1, NULL, &walk_tree_ctx);
> + free(walk_tree_ctx.curr_rev);
> return;
> }
>
> read_tree_recursive(commit->tree, "", 0, 0, &paths, walk_tree, &walk_tree_ctx);
> if (walk_tree_ctx.state == 1)
> ls_tail();
> + free(walk_tree_ctx.curr_rev);
> }
For clean-up code that needs to be repeated for different error paths,
I generally prefer to have a "goto cleanup;" line, in the style of the
kernel. This function is simple enough that it's not a huge deal, but
it can help avoid bugs in the future when different folks are
modifying the function.
^ permalink raw reply [flat|nested] 10+ messages in thread
* [PATCH 0/6] Fix several obvious memory leaks
2013-03-05 0:53 ` [PATCH 0/6] Fix several obvious memory leaks Jason
@ 2013-03-05 1:50 ` Jason
0 siblings, 0 replies; 10+ messages in thread
From: Jason @ 2013-03-05 1:50 UTC (permalink / raw)
On Mon, Mar 4, 2013 at 7:53 PM, Jason A. Donenfeld <Jason at zx2c4.com> wrote:
> I'm putting these in the lf/memleak branch for now. It's important
> that I spend a bit of time checking these carefully, because the big
> risk we take with free(3)ing with a sledge-hammer is that we introduce
> use-after-frees.
That series ended up being much simpler than I thought it'd be. I like
splitting out the freeing of structs into smaller static functions, as
you've done; they're easily inlinable by the compiler, and it keeps
things cleaner. We still have a long ways to go, but this is a decent
way to get started. I've merged the lf/memleak branch to wip. Thanks a
bunch Lukas.
^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2013-03-05 1:50 UTC | newest]
Thread overview: 10+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-03-04 12:25 [PATCH 0/6] Fix several obvious memory leaks cgit
2013-03-04 12:25 ` [PATCH 1/6] Free reflists after usage cgit
2013-03-04 12:25 ` [PATCH 2/6] print_tag_downloads(): Free ref variable cgit
2013-03-04 12:25 ` [PATCH 3/6] find_default_branch(): Free refmatch after usage cgit
2013-03-04 12:25 ` [PATCH 4/6] cgit_print_tree(): Free curr_rev " cgit
2013-03-05 1:36 ` Jason
2013-03-04 12:25 ` [PATCH 5/6] cgit_print_commit(): Free tmp variable cgit
2013-03-04 12:25 ` [PATCH 6/6] cgit_print_snapshot_links(): Free prefix variable cgit
2013-03-05 0:53 ` [PATCH 0/6] Fix several obvious memory leaks Jason
2013-03-05 1:50 ` Jason
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).