From 57295d8f55fa384cb282d7d63cb3926c970f3936 Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Wed, 19 Apr 2017 16:11:51 +0200 Subject: [PATCH 01/31] fixup! mingw: use domain information for default email Noticed by Coverity. Signed-off-by: Johannes Schindelin --- ident.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/ident.c b/ident.c index 1c6788b153..853f888e94 100644 --- a/ident.c +++ b/ident.c @@ -169,9 +169,10 @@ const char *ident_default_email(void) strbuf_addstr(&git_default_email, email); committer_ident_explicitly_given |= IDENT_MAIL_GIVEN; author_ident_explicitly_given |= IDENT_MAIL_GIVEN; - } else if ((email = query_user_email()) && email[0]) + } else if ((email = query_user_email()) && email[0]) { strbuf_addstr(&git_default_email, email); - else + free((char *)email); + } else copy_email(xgetpwuid_self(&default_email_is_bogus), &git_default_email, &default_email_is_bogus); strbuf_trim(&git_default_email); From f811241018195495d4b71cdb26b7d2a947ba2c38 Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Fri, 21 Apr 2017 14:47:58 +0200 Subject: [PATCH 02/31] fixup! Help debugging with MSys2 by optionally executing bash with strace Identified by Coverity. Signed-off-by: Johannes Schindelin --- compat/mingw.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/compat/mingw.c b/compat/mingw.c index 4713369cd1..7840377c65 100644 --- a/compat/mingw.c +++ b/compat/mingw.c @@ -1558,12 +1558,18 @@ static pid_t mingw_spawnve_fd(const char *cmd, const char **argv, char **deltaen if (getenv("GIT_STRACE_COMMANDS")) { char **path = get_path_split(); - cmd = path_lookup("strace.exe", path, 1); - if (!cmd) + char *p = path_lookup("strace.exe", path, 1); + if (!p) { + free_path_split(path); return error("strace not found!"); - if (xutftowcs_path(wcmd, cmd) < 0) + } + free_path_split(path); + if (xutftowcs_path(wcmd, p) < 0) { + free(p); return -1; + } strbuf_insert(&args, 0, "strace ", 7); + free(p); } ALLOC_ARRAY(wargs, st_add(st_mult(2, args.len), 1)); From edffb73b20e84db69c230832e6c1838ff9ca8701 Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Wed, 19 Apr 2017 16:16:44 +0200 Subject: [PATCH 03/31] mingw: avoid memory leak when splitting PATH In the (admittedly, concocted) case that PATH consists only of colons, we would leak the duplicated string. Signed-off-by: Johannes Schindelin --- compat/mingw.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/compat/mingw.c b/compat/mingw.c index 7840377c65..4cbae6b621 100644 --- a/compat/mingw.c +++ b/compat/mingw.c @@ -1164,8 +1164,10 @@ static char **get_path_split(void) ++n; } } - if (!n) + if (!n) { + free(envpath); return NULL; + } ALLOC_ARRAY(path, n + 1); p = envpath; From 2c9bc7ed8df5365c8e48d59efa5053efa0fbaa64 Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Mon, 17 Apr 2017 12:17:17 +0200 Subject: [PATCH 04/31] winansi: avoid use of uninitialized value When stdout is not connected to a Win32 console, we incorrectly used an uninitialized value for the "plain" character attributes. Detected by Coverity. Signed-off-by: Johannes Schindelin --- compat/winansi.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/compat/winansi.c b/compat/winansi.c index 7e3534e9a1..8c87b0f552 100644 --- a/compat/winansi.c +++ b/compat/winansi.c @@ -100,6 +100,8 @@ static int is_console(int fd) if (!fd) { if (!GetConsoleMode(hcon, &mode)) return 0; + sbi.wAttributes = FOREGROUND_BLUE | FOREGROUND_GREEN | + FOREGROUND_RED; } else if (!GetConsoleScreenBufferInfo(hcon, &sbi)) return 0; From 09b998a6af7712223ff8ab38ff80b91e2b8729f1 Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Wed, 26 Apr 2017 10:38:19 +0200 Subject: [PATCH 05/31] winansi: avoid buffer overrun When we could not convert the UTF-8 sequence into Unicode for writing to the Console, we should not try to write an insanely-long sequence of invalid wide characters (mistaking the negative return value for an unsigned length). Reported by Coverity. Signed-off-by: Johannes Schindelin --- compat/winansi.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/compat/winansi.c b/compat/winansi.c index 8c87b0f552..d348da4f6c 100644 --- a/compat/winansi.c +++ b/compat/winansi.c @@ -130,6 +130,11 @@ static void write_console(unsigned char *str, size_t len) /* convert utf-8 to utf-16 */ int wlen = xutftowcsn(wbuf, (char*) str, ARRAY_SIZE(wbuf), len); + if (wlen < 0) { + wchar_t *err = L"[invalid]"; + WriteConsoleW(console, err, wcslen(err), &dummy, NULL); + return; + } /* write directly to console */ WriteConsoleW(console, wbuf, wlen, &dummy, NULL); From a655c11256c138cb082640b47925794f9afb06d6 Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Mon, 17 Apr 2017 13:03:10 +0200 Subject: [PATCH 06/31] sequencer: plug resource leak when skipping unnecessary picks The resource leak only happens in case of an error writing or truncating the file, therefore it seems less critical, but we should still fix it nonetheless. Discovered by Coverity. Signed-off-by: Johannes Schindelin --- sequencer.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sequencer.c b/sequencer.c index e25a4e1180..9c765e8850 100644 --- a/sequencer.c +++ b/sequencer.c @@ -2678,11 +2678,13 @@ int skip_unnecessary_picks(void) if (write_in_full(fd, todo_list.buf.buf + offset, todo_list.buf.len - offset) < 0) { todo_list_release(&todo_list); + close(fd); return error_errno(_("could not write to '%s'"), rebase_path_todo()); } if (ftruncate(fd, todo_list.buf.len - offset) < 0) { todo_list_release(&todo_list); + close(fd); return error_errno(_("could not truncate '%s'"), rebase_path_todo()); } From 5fe7e42028abbb0a8a9394e4968ef837d26b477d Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Mon, 17 Apr 2017 13:04:57 +0200 Subject: [PATCH 07/31] add_commit_patch_id(): avoid allocating memory unnecessarily It would appear that we allocate (and forget to release) memory if the patch ID is not even defined. Reported by the Coverity tool. Signed-off-by: Johannes Schindelin --- patch-ids.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/patch-ids.c b/patch-ids.c index ce285c2e0c..660177875a 100644 --- a/patch-ids.c +++ b/patch-ids.c @@ -99,11 +99,12 @@ struct patch_id *has_commit_patch_id(struct commit *commit, struct patch_id *add_commit_patch_id(struct commit *commit, struct patch_ids *ids) { - struct patch_id *key = xcalloc(1, sizeof(*key)); + struct patch_id *key; if (!patch_id_defined(commit)) return NULL; + key = xcalloc(1, sizeof(*key)); if (init_patch_id_entry(key, commit, ids)) { free(key); return NULL; From 523ea055e8c926e94a6d33f81a71fa707d253203 Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Mon, 17 Apr 2017 13:18:32 +0200 Subject: [PATCH 08/31] git_config_rename_section_in_file(): avoid resource leak In case of errors, we really want the file descriptor to be closed. Discovered by a Coverity scan. Signed-off-by: Johannes Schindelin --- config.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/config.c b/config.c index 09d5efeaa6..a77896fa61 100644 --- a/config.c +++ b/config.c @@ -2426,7 +2426,7 @@ int git_config_rename_section_in_file(const char *config_filename, struct lock_file *lock; int out_fd; char buf[1024]; - FILE *config_file; + FILE *config_file = NULL; struct stat st; if (new_name && !section_name_is_ok(new_name)) { @@ -2508,11 +2508,14 @@ int git_config_rename_section_in_file(const char *config_filename, } } fclose(config_file); + config_file = NULL; commit_and_out: if (commit_lock_file(lock) < 0) ret = error_errno("could not write config file %s", config_filename); out: + if (config_file) + fclose(config_file); rollback_lock_file(lock); out_no_rollback: free(filename_buf); From cf05da96a33c44d3ba9fd01e75a4fff514ae9c3a Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Mon, 17 Apr 2017 13:42:44 +0200 Subject: [PATCH 09/31] get_mail_commit_oid(): avoid resource leak When we fail to read, or parse, the file, we still want to close the file descriptor and release the strbuf. Reported via Coverity. Signed-off-by: Johannes Schindelin --- builtin/am.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/builtin/am.c b/builtin/am.c index 31fb60578f..a9c6d7088e 100644 --- a/builtin/am.c +++ b/builtin/am.c @@ -1355,15 +1355,16 @@ static int get_mail_commit_oid(struct object_id *commit_id, const char *mail) struct strbuf sb = STRBUF_INIT; FILE *fp = xfopen(mail, "r"); const char *x; + int ret = 0; if (strbuf_getline_lf(&sb, fp)) - return -1; + ret = -1; - if (!skip_prefix(sb.buf, "From ", &x)) - return -1; + if (!ret && !skip_prefix(sb.buf, "From ", &x)) + ret = -1; - if (get_oid_hex(x, commit_id) < 0) - return -1; + if (!ret && get_oid_hex(x, commit_id) < 0) + ret = -1; strbuf_release(&sb); fclose(fp); From 34fa615f97b477cc6d1cd02c16553a6f80da89c6 Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Mon, 17 Apr 2017 13:47:28 +0200 Subject: [PATCH 10/31] http-backend: avoid memory leaks Reported via Coverity. Signed-off-by: Johannes Schindelin --- http-backend.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/http-backend.c b/http-backend.c index eef0a361f4..d12572fda1 100644 --- a/http-backend.c +++ b/http-backend.c @@ -681,8 +681,10 @@ int cmd_main(int argc, const char **argv) if (!regexec(&re, dir, 1, out, 0)) { size_t n; - if (strcmp(method, c->method)) + if (strcmp(method, c->method)) { + free(dir); return bad_request(&hdr, c); + } cmd = c; n = out[0].rm_eo - out[0].rm_so; @@ -708,5 +710,7 @@ int cmd_main(int argc, const char **argv) max_request_buffer); cmd->imp(&hdr, cmd_arg); + free(dir); + free(cmd_arg); return 0; } From 48c8dccc9b1237f3248125cb04e3e2b40e6ae168 Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Mon, 17 Apr 2017 22:39:04 +0200 Subject: [PATCH 11/31] difftool: close file descriptors after reading Spotted by Coverity. Signed-off-by: Johannes Schindelin --- builtin/difftool.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/builtin/difftool.c b/builtin/difftool.c index 3a77aeb682..f04064d727 100644 --- a/builtin/difftool.c +++ b/builtin/difftool.c @@ -226,6 +226,7 @@ static void changed_files(struct hashmap *result, const char *index_path, hashmap_entry_init(entry, strhash(buf.buf)); hashmap_add(result, entry); } + fclose(fp); if (finish_command(&diff_files)) die("diff-files did not exit properly"); strbuf_release(&index_env); @@ -456,6 +457,7 @@ static int run_dir_diff(const char *extcmd, int symlinks, const char *prefix, } } + fclose(fp); if (finish_command(&child)) { ret = error("error occurred running diff --raw"); goto finish; From 152312932eb096a991594d90647428f008b31d8a Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Mon, 17 Apr 2017 22:40:30 +0200 Subject: [PATCH 12/31] status: close file descriptor after reading git-rebase-todo Reported via Coverity. Signed-off-by: Johannes Schindelin --- wt-status.c | 1 + 1 file changed, 1 insertion(+) diff --git a/wt-status.c b/wt-status.c index 4bb46781c8..ff1ae80065 100644 --- a/wt-status.c +++ b/wt-status.c @@ -1155,6 +1155,7 @@ static int read_rebase_todolist(const char *fname, struct string_list *lines) abbrev_sha1_in_line(&line); string_list_append(lines, line.buf); } + fclose(f); return 0; } From 917eead1fb6050b627769e5c242afbb64841e879 Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Mon, 17 Apr 2017 22:51:58 +0200 Subject: [PATCH 13/31] Check for EOF while parsing mails Reported via Coverity. Signed-off-by: Johannes Schindelin --- builtin/mailsplit.c | 2 +- mailinfo.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/builtin/mailsplit.c b/builtin/mailsplit.c index 30681681c1..c0d88f9751 100644 --- a/builtin/mailsplit.c +++ b/builtin/mailsplit.c @@ -232,7 +232,7 @@ static int split_mbox(const char *file, const char *dir, int allow_bare, do { peek = fgetc(f); - } while (isspace(peek)); + } while (peek >= 0 && isspace(peek)); ungetc(peek, f); if (strbuf_getwholeline(&buf, f, '\n')) { diff --git a/mailinfo.c b/mailinfo.c index a489d9d0fb..659136cc58 100644 --- a/mailinfo.c +++ b/mailinfo.c @@ -1094,7 +1094,7 @@ int mailinfo(struct mailinfo *mi, const char *msg, const char *patch) do { peek = fgetc(mi->input); - } while (isspace(peek)); + } while (peek >= 0 && isspace(peek)); ungetc(peek, mi->input); /* process the email header */ From 7cc78ac6fc99857ace9a43fa2ecb53980b1f5c0b Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Tue, 18 Apr 2017 13:57:58 +0200 Subject: [PATCH 14/31] cat-file: fix memory leak Discovered by Coverity. Signed-off-by: Johannes Schindelin --- builtin/cat-file.c | 1 + 1 file changed, 1 insertion(+) diff --git a/builtin/cat-file.c b/builtin/cat-file.c index 30383e9eb4..1dcfde3b7c 100644 --- a/builtin/cat-file.c +++ b/builtin/cat-file.c @@ -165,6 +165,7 @@ static int cat_one_file(int opt, const char *exp_type, const char *obj_name, die("git cat-file %s: bad file", obj_name); write_or_die(1, buf, size); + free(buf); return 0; } From 665a95f7e737fa8b02c9c20df74a4f81896c5bf4 Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Tue, 18 Apr 2017 14:02:51 +0200 Subject: [PATCH 15/31] checkout: fix memory leak Discovered via Coverity. Signed-off-by: Johannes Schindelin --- builtin/checkout.c | 1 + 1 file changed, 1 insertion(+) diff --git a/builtin/checkout.c b/builtin/checkout.c index 81f07c3ef2..fd273cdf2a 100644 --- a/builtin/checkout.c +++ b/builtin/checkout.c @@ -232,6 +232,7 @@ static int checkout_merged(int pos, const struct checkout *state) if (!ce) die(_("make_cache_entry failed for path '%s'"), path); status = checkout_entry(ce, state, NULL); + free(ce); return status; } From c1de0a778ef2a9be5711d395d2038d2c99466b82 Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Tue, 18 Apr 2017 14:04:52 +0200 Subject: [PATCH 16/31] split_commit_in_progress(): fix memory leak Reported via Coverity. Signed-off-by: Johannes Schindelin --- wt-status.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/wt-status.c b/wt-status.c index ff1ae80065..3484deaeee 100644 --- a/wt-status.c +++ b/wt-status.c @@ -1075,8 +1075,13 @@ static int split_commit_in_progress(struct wt_status *s) char *rebase_orig_head = read_line_from_git_path("rebase-merge/orig-head"); if (!head || !orig_head || !rebase_amend || !rebase_orig_head || - !s->branch || strcmp(s->branch, "HEAD")) + !s->branch || strcmp(s->branch, "HEAD")) { + free(head); + free(orig_head); + free(rebase_amend); + free(rebase_orig_head); return split_in_progress; + } if (!strcmp(rebase_amend, rebase_orig_head)) { if (strcmp(head, rebase_amend)) From 52b6bc73acfb3ea4e54751f7da6a7ee77d0d502c Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Tue, 18 Apr 2017 14:09:23 +0200 Subject: [PATCH 17/31] setup_bare_git_dir(): fix memory leak Reported by Coverity. Signed-off-by: Johannes Schindelin --- setup.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup.c b/setup.c index 72a5482c4e..dcee4c0f25 100644 --- a/setup.c +++ b/setup.c @@ -740,7 +740,7 @@ static const char *setup_bare_git_dir(struct strbuf *cwd, int offset, /* --work-tree is set without --git-dir; use discovered one */ if (getenv(GIT_WORK_TREE_ENVIRONMENT) || git_work_tree_cfg) { - const char *gitdir; + static const char *gitdir; gitdir = offset == cwd->len ? "." : xmemdupz(cwd->buf, offset); if (chdir(cwd->buf)) From 7a8ea2c461c7ea742cd95a2dfd800247713f24bf Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Tue, 18 Apr 2017 14:11:24 +0200 Subject: [PATCH 18/31] setup_discovered_git_dir(): fix memory leak Identified by Coverity. Signed-off-by: Johannes Schindelin --- setup.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/setup.c b/setup.c index dcee4c0f25..8e77e42a5d 100644 --- a/setup.c +++ b/setup.c @@ -697,11 +697,16 @@ static const char *setup_discovered_git_dir(const char *gitdir, /* --work-tree is set without --git-dir; use discovered one */ if (getenv(GIT_WORK_TREE_ENVIRONMENT) || git_work_tree_cfg) { + char *p = NULL; + const char *ret; + if (offset != cwd->len && !is_absolute_path(gitdir)) - gitdir = real_pathdup(gitdir, 1); + gitdir = p = real_pathdup(gitdir, 1); if (chdir(cwd->buf)) die_errno("Could not come back to cwd"); - return setup_explicit_git_dir(gitdir, cwd, nongit_ok); + ret = setup_explicit_git_dir(gitdir, cwd, nongit_ok); + free(p); + return ret; } /* #16.2, #17.2, #20.2, #21.2, #24, #25, #28, #29 (see t1510) */ From c867f5692f0c59c65b0fd6c75ba81c3a0256351c Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Wed, 19 Apr 2017 16:20:35 +0200 Subject: [PATCH 19/31] pack-redundant: plug memory leak Identified via Coverity. Signed-off-by: Johannes Schindelin --- builtin/pack-redundant.c | 1 + 1 file changed, 1 insertion(+) diff --git a/builtin/pack-redundant.c b/builtin/pack-redundant.c index 72c815844d..cb1df1c761 100644 --- a/builtin/pack-redundant.c +++ b/builtin/pack-redundant.c @@ -442,6 +442,7 @@ static void minimize(struct pack_list **min) /* return if there are no objects missing from the unique set */ if (missing->size == 0) { *min = unique; + free(missing); return; } From c7e0a2e8ec1754bf17de3ab4798b05c9382b81ff Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Wed, 19 Apr 2017 16:31:10 +0200 Subject: [PATCH 20/31] mktree: plug memory leaks reported by Coverity Signed-off-by: Johannes Schindelin --- builtin/mktree.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/builtin/mktree.c b/builtin/mktree.c index de9b40fc63..f0354bc971 100644 --- a/builtin/mktree.c +++ b/builtin/mktree.c @@ -72,7 +72,7 @@ static void mktree_line(char *buf, size_t len, int nul_term_line, int allow_miss unsigned mode; enum object_type mode_type; /* object type derived from mode */ enum object_type obj_type; /* object type derived from sha */ - char *path; + char *path, *p = NULL; unsigned char sha1[20]; ptr = buf; @@ -102,7 +102,7 @@ static void mktree_line(char *buf, size_t len, int nul_term_line, int allow_miss struct strbuf p_uq = STRBUF_INIT; if (unquote_c_style(&p_uq, path, NULL)) die("invalid quoting"); - path = strbuf_detach(&p_uq, NULL); + path = p = strbuf_detach(&p_uq, NULL); } /* @@ -136,6 +136,7 @@ static void mktree_line(char *buf, size_t len, int nul_term_line, int allow_miss } append_to_tree(mode, sha1, path); + free(p); } int cmd_mktree(int ac, const char **av, const char *prefix) From 297da394ed26cc130d4f79436c5c3a04517173c1 Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Wed, 19 Apr 2017 16:45:03 +0200 Subject: [PATCH 21/31] fast-export: avoid leaking memory in handle_tag() Reported by, you guessed it, Coverity. Signed-off-by: Johannes Schindelin --- builtin/fast-export.c | 1 + 1 file changed, 1 insertion(+) diff --git a/builtin/fast-export.c b/builtin/fast-export.c index bfa10f5124..933042f940 100644 --- a/builtin/fast-export.c +++ b/builtin/fast-export.c @@ -765,6 +765,7 @@ static void handle_tag(const char *name, struct tag *tag) (int)(tagger_end - tagger), tagger, tagger == tagger_end ? "" : "\n", (int)message_size, (int)message_size, message ? message : ""); + free(buf); } static struct commit *get_commit(struct rev_cmdline_entry *e, char *full_name) From 58a3b2b273cf24d8d1f5e4d6468eeae2c3901632 Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Wed, 19 Apr 2017 17:04:22 +0200 Subject: [PATCH 22/31] receive-pack: plug memory leak in update() Reported via Coverity. Signed-off-by: Johannes Schindelin --- builtin/receive-pack.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/builtin/receive-pack.c b/builtin/receive-pack.c index b618d52139..b184886345 100644 --- a/builtin/receive-pack.c +++ b/builtin/receive-pack.c @@ -984,7 +984,8 @@ static const char *update(struct command *cmd, struct shallow_info *si) { const char *name = cmd->ref_name; struct strbuf namespaced_name_buf = STRBUF_INIT; - const char *namespaced_name, *ret; + static char *namespaced_name; + const char *ret; unsigned char *old_sha1 = cmd->old_sha1; unsigned char *new_sha1 = cmd->new_sha1; @@ -995,6 +996,7 @@ static const char *update(struct command *cmd, struct shallow_info *si) } strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name); + free(namespaced_name); namespaced_name = strbuf_detach(&namespaced_name_buf, NULL); if (is_ref_checked_out(namespaced_name)) { From 9b4901d6f5d057a5513f69a54555fe1dbd340a2f Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Wed, 19 Apr 2017 17:16:34 +0200 Subject: [PATCH 23/31] line-log: avoid memory leak Discovered by Coverity. Signed-off-by: Johannes Schindelin --- line-log.c | 1 + 1 file changed, 1 insertion(+) diff --git a/line-log.c b/line-log.c index a23b910471..19d46e9ea2 100644 --- a/line-log.c +++ b/line-log.c @@ -1125,6 +1125,7 @@ static int process_ranges_ordinary_commit(struct rev_info *rev, struct commit *c changed = process_all_files(&parent_range, rev, &queue, range); if (parent) add_line_range(rev, parent, parent_range); + free(parent_range); return changed; } From 1d3003b2d75e1f9e35225c15f2d4f7d3d4c1d5a2 Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Fri, 21 Apr 2017 14:06:22 +0200 Subject: [PATCH 24/31] shallow: avoid memory leak Reported by Coverity. Signed-off-by: Johannes Schindelin --- shallow.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/shallow.c b/shallow.c index 11f7dde9d9..9b9e8128bf 100644 --- a/shallow.c +++ b/shallow.c @@ -473,11 +473,15 @@ static void paint_down(struct paint_info *info, const unsigned char *sha1, struct commit_list *head = NULL; int bitmap_nr = (info->nr_bits + 31) / 32; size_t bitmap_size = st_mult(sizeof(uint32_t), bitmap_nr); - uint32_t *tmp = xmalloc(bitmap_size); /* to be freed before return */ - uint32_t *bitmap = paint_alloc(info); struct commit *c = lookup_commit_reference_gently(sha1, 1); + uint32_t *tmp; /* to be freed before return */ + uint32_t *bitmap; + if (!c) return; + + tmp = xmalloc(bitmap_size); + bitmap = paint_alloc(info); memset(bitmap, 0, bitmap_size); bitmap[id / 32] |= (1U << (id % 32)); commit_list_insert(c, &head); From 2042ba35f60f4c1ef74965d0838eec1f116827fd Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Fri, 21 Apr 2017 14:15:13 +0200 Subject: [PATCH 25/31] add_reflog_for_walk: avoid memory leak We free()d the `log` buffer when dwim_log() returned 1, but not when it returned a larger value (which meant that it still allocated the buffer but we simply ignored it). Identified by Coverity. Signed-off-by: Johannes Schindelin --- reflog-walk.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/reflog-walk.c b/reflog-walk.c index a246af2767..089892bcc5 100644 --- a/reflog-walk.c +++ b/reflog-walk.c @@ -183,7 +183,10 @@ int add_reflog_for_walk(struct reflog_walk_info *info, if (!reflogs || reflogs->nr == 0) { unsigned char sha1[20]; char *b; - if (dwim_log(branch, strlen(branch), sha1, &b) == 1) { + int ret = dwim_log(branch, strlen(branch), sha1, &b); + if (ret > 1) + free(b); + else if (ret == 1) { if (reflogs) { free(reflogs->ref); free(reflogs); From 25dc863baf1fb4c7f467771d0cef536d5da320ea Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Fri, 21 Apr 2017 14:19:06 +0200 Subject: [PATCH 26/31] remote: plug memory leak in match_explicit() The `guess_ref()` returns an allocated buffer of which `make_linked_ref()` does not take custody (`alloc_ref()` makes a copy), therefore we need to release the buffer afterwards. Noticed via Coverity. Signed-off-by: Johannes Schindelin --- remote.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/remote.c b/remote.c index 9f83fe2c4c..e581de0a05 100644 --- a/remote.c +++ b/remote.c @@ -1191,9 +1191,10 @@ static int match_explicit(struct ref *src, struct ref *dst, else if (is_null_oid(&matched_src->new_oid)) error("unable to delete '%s': remote ref does not exist", dst_value); - else if ((dst_guess = guess_ref(dst_value, matched_src))) + else if ((dst_guess = guess_ref(dst_value, matched_src))) { matched_dst = make_linked_ref(dst_guess, dst_tail); - else + free(dst_guess); + } else error("unable to push to unqualified destination: %s\n" "The destination refspec neither matches an " "existing ref on the remote nor\n" From 272448d64ffe813cd4b85f98827bd610abe2155d Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Fri, 21 Apr 2017 14:22:49 +0200 Subject: [PATCH 27/31] name-rev: avoid leaking memory in the `deref` case When the `name_rev()` function is asked to dereference the tip name, it allocates memory. But when it turns out that another tip already described the commit better than the current one, we forgot to release the memory. Pointed out by Coverity. Signed-off-by: Johannes Schindelin --- builtin/name-rev.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/builtin/name-rev.c b/builtin/name-rev.c index cd89d48b65..09642e46d1 100644 --- a/builtin/name-rev.c +++ b/builtin/name-rev.c @@ -28,6 +28,7 @@ static void name_rev(struct commit *commit, struct rev_name *name = (struct rev_name *)commit->util; struct commit_list *parents; int parent_number = 1; + char *p = NULL; parse_commit(commit); @@ -35,7 +36,7 @@ static void name_rev(struct commit *commit, return; if (deref) { - tip_name = xstrfmt("%s^0", tip_name); + tip_name = p = xstrfmt("%s^0", tip_name); if (generation) die("generation: %d, but deref?", generation); @@ -53,8 +54,10 @@ copy_data: name->taggerdate = taggerdate; name->generation = generation; name->distance = distance; - } else + } else { + free(p); return; + } for (parents = commit->parents; parents; From 219dce87226df00e18399d8226da8e1e93852e04 Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Fri, 21 Apr 2017 14:34:47 +0200 Subject: [PATCH 28/31] show_worktree(): plug memory leak The buffer allocated by shorten_unambiguous_ref() needs to be released. Discovered by Coverity. Signed-off-by: Johannes Schindelin --- builtin/worktree.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/builtin/worktree.c b/builtin/worktree.c index 831fe058a5..6fd27d5cdd 100644 --- a/builtin/worktree.c +++ b/builtin/worktree.c @@ -408,9 +408,11 @@ static void show_worktree(struct worktree *wt, int path_maxlen, int abbrev_len) find_unique_abbrev(wt->head_sha1, DEFAULT_ABBREV)); if (wt->is_detached) strbuf_addstr(&sb, "(detached HEAD)"); - else if (wt->head_ref) - strbuf_addf(&sb, "[%s]", shorten_unambiguous_ref(wt->head_ref, 0)); - else + else if (wt->head_ref) { + char *ref = shorten_unambiguous_ref(wt->head_ref, 0); + strbuf_addf(&sb, "[%s]", ref); + free(ref); + } else strbuf_addstr(&sb, "(error)"); } printf("%s\n", sb.buf); From 6b88dd4e157586044ec16655cc37c8b32e4cbeed Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Fri, 21 Apr 2017 14:40:56 +0200 Subject: [PATCH 29/31] submodule_uses_worktrees(): plug memory leak There is really no reason why we would need to hold onto the allocated string longer than necessary. Reported by Coverity. Signed-off-by: Johannes Schindelin --- worktree.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/worktree.c b/worktree.c index fa7bc67a50..1ffacc5a92 100644 --- a/worktree.c +++ b/worktree.c @@ -396,6 +396,7 @@ int submodule_uses_worktrees(const char *path) /* The env would be set for the superproject. */ get_common_dir_noenv(&sb, submodule_gitdir); + free(submodule_gitdir); /* * The check below is only known to be good for repository format @@ -415,7 +416,6 @@ int submodule_uses_worktrees(const char *path) /* See if there is any file inside the worktrees directory. */ dir = opendir(sb.buf); strbuf_release(&sb); - free(submodule_gitdir); if (!dir) return 0; From a5208164e25584456324edeb650c0ef2fe2881c0 Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Fri, 21 Apr 2017 14:43:04 +0200 Subject: [PATCH 30/31] am: close input stream even in case of an error Reported via Coverity. Signed-off-by: Johannes Schindelin --- builtin/am.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/builtin/am.c b/builtin/am.c index a9c6d7088e..9bba6a0a4b 100644 --- a/builtin/am.c +++ b/builtin/am.c @@ -762,9 +762,11 @@ static int split_mail_conv(mail_conv_fn fn, struct am_state *state, mail = mkpath("%s/%0*d", state->dir, state->prec, i + 1); out = fopen(mail, "w"); - if (!out) + if (!out) { + fclose(in); return error_errno(_("could not open '%s' for writing"), mail); + } ret = fn(out, in, keep_cr); From f07be76f51ff55aa63542ba2a5b888042eb57aed Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Fri, 21 Apr 2017 14:53:58 +0200 Subject: [PATCH 31/31] handle_ssh_variant: plug memory leak The split_cmdline() function either assigns an allocated array to the argv parameter or NULL. In the first case, we have to free() it, in the latter it does no harm. Reported via Coverity. Signed-off-by: Johannes Schindelin --- connect.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/connect.c b/connect.c index 7f1f802396..a38e567976 100644 --- a/connect.c +++ b/connect.c @@ -716,8 +716,10 @@ static int handle_ssh_variant(const char *ssh_command, int is_cmdline, * any longer. */ free(ssh_argv); - } else + } else { + free(ssh_argv); return 0; + } } if (!strcasecmp(variant, "plink") ||