[PATCH] Allocate msg only after fatal checks to avoid leaks

"Alex via GitGitGadget" <gitgitgadget@xxxxxxxxx> · Fri, 13 Jun 2025 19:32:21 +0000

From: jinyaoguo <guo846@xxxxxxxxxx>

In parse_reuse_arg, we previously called xmalloc and strbuf_init
before resolving the ref and reading the object, leading to a
leaked msg on die() paths. This change moves the allocation of
struct note_msg until after repo_get_oid and
repo_read_object_file succeed, ensuring no heap memory is held
when a fatal error is triggered.

Signed-off-by: jinyaoguo <guo846@xxxxxxxxxx>
---
    Allocate msg only after fatal checks to avoid leaks

Published-As: https://github.com/gitgitgadget/git/releases/tag/pr-git-1998%2Fmugitya03%2Fmlk-3-v1
Fetch-It-Via: git fetch https://github.com/gitgitgadget/git pr-git-1998/mugitya03/mlk-3-v1
Pull-Request: https://github.com/git/git/pull/1998

 builtin/notes.c | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/builtin/notes.c b/builtin/notes.c
index a3f433ca4c0..6df8a7998fb 100644
--- a/builtin/notes.c
+++ b/builtin/notes.c
@@ -308,7 +308,7 @@ static int parse_file_arg(const struct option *opt, const char *arg, int unset)
 static int parse_reuse_arg(const struct option *opt, const char *arg, int unset)
 {
 	struct note_data *d = opt->value;
-	struct note_msg *msg = xmalloc(sizeof(*msg));
+	struct note_msg *msg;
 	char *value;
 	struct object_id object;
 	enum object_type type;
@@ -316,17 +316,17 @@ static int parse_reuse_arg(const struct option *opt, const char *arg, int unset)
 
 	BUG_ON_OPT_NEG(unset);
 
-	strbuf_init(&msg->buf, 0);
 	if (repo_get_oid(the_repository, arg, &object))
 		die(_("failed to resolve '%s' as a valid ref."), arg);
 	if (!(value = repo_read_object_file(the_repository, &object, &type, &len)))
 		die(_("failed to read object '%s'."), arg);
-	if (type != OBJ_BLOB) {
-		strbuf_release(&msg->buf);
-		free(value);
-		free(msg);
-		die(_("cannot read note data from non-blob object '%s'."), arg);
-	}
+    if (type != OBJ_BLOB) {
+        free(value);
+        die(_("cannot read note data from non-blob object '%s'."), arg);
+    }
+
+    msg = xmalloc(sizeof(*msg));
+    strbuf_init(&msg->buf, 0);
 
 	strbuf_add(&msg->buf, value, len);
 	free(value);

base-commit: 9edff09aec9b5aaa3d5528129bb279a4d34cf5b3
-- 
gitgitgadget







