Patchwork [5,of,5,STABLE] manifest: fix leak on error return from lazymanifest_filtercopy()

login
register
mail settings
Submitter Yuya Nishihara
Date Sept. 5, 2018, 1:58 p.m.
Message ID <c922d17e33d542eaab1f.1536155907@mimosa>
Download mbox | patch
Permalink /patch/34340/
State Accepted
Headers show

Comments

Yuya Nishihara - Sept. 5, 2018, 1:58 p.m.
# HG changeset patch
# User Yuya Nishihara <yuya@tcha.org>
# Date 1536151784 -32400
#      Wed Sep 05 21:49:44 2018 +0900
# Branch stable
# Node ID c922d17e33d542eaab1fdfc49638d6441d159e48
# Parent  819cf6343fb821f3ef53768d722ab7990540f31f
manifest: fix leak on error return from lazymanifest_filtercopy()

Spotted by ASAN.

free(copy->lines) and Py_DECREF(copy->pydata) are replaced by Py_XDECREF(copy),
which should call lazymanifest_dealloc(). Freeing half-initialized copy->lines
is safe since copy->numlines holds a valid value.
via Mercurial-devel - Sept. 5, 2018, 4:02 p.m.
On Wed, Sep 5, 2018 at 7:05 AM Yuya Nishihara <yuya@tcha.org> wrote:

> # HG changeset patch
> # User Yuya Nishihara <yuya@tcha.org>
> # Date 1536151784 -32400
> #      Wed Sep 05 21:49:44 2018 +0900
> # Branch stable
> # Node ID c922d17e33d542eaab1fdfc49638d6441d159e48
> # Parent  819cf6343fb821f3ef53768d722ab7990540f31f
> manifest: fix leak on error return from lazymanifest_filtercopy()
>

Queued the series for stable. Thanks!

Patch

diff --git a/mercurial/cext/manifest.c b/mercurial/cext/manifest.c
--- a/mercurial/cext/manifest.c
+++ b/mercurial/cext/manifest.c
@@ -731,16 +731,14 @@  static lazymanifest *lazymanifest_filter
 		arglist = Py_BuildValue(PY23("(s)", "(y)"),
 					self->lines[i].start);
 		if (!arglist) {
-			return NULL;
+			goto bail;
 		}
 		result = PyObject_CallObject(matchfn, arglist);
 		Py_DECREF(arglist);
 		/* if the callback raised an exception, just let it
 		 * through and give up */
 		if (!result) {
-			free(copy->lines);
-			Py_DECREF(copy->pydata);
-			return NULL;
+			goto bail;
 		}
 		if (PyObject_IsTrue(result)) {
 			assert(!(self->lines[i].from_malloc));
@@ -752,6 +750,7 @@  static lazymanifest *lazymanifest_filter
 	return copy;
 nomem:
 	PyErr_NoMemory();
+bail:
 	Py_XDECREF(copy);
 	return NULL;
 }