From: Jacob Keller <jacob.keller@xxxxxxxxx>
find_cfg_ent() allocates a struct reflog_expire_entry_option via
FLEX_ALLOC_MEM and inserts it into a linked list in the
reflog_expire_options structure. The entries in this list are never
freed, resulting in a leak in cmd_reflog_expire and the gc reflog expire
maintenance task:
Direct leak of 39 byte(s) in 1 object(s) allocated from:
#0 0x7ff975ee6883 in calloc (/lib64/libasan.so.8+0xe6883)
#1 0x0000010edada in xcalloc ../wrapper.c:154
#2 0x000000df0898 in find_cfg_ent ../reflog.c:28
#3 0x000000df0898 in reflog_expire_config ../reflog.c:70
#4 0x00000095c451 in configset_iter ../config.c:2116
#5 0x0000006d29e7 in git_config ../config.h:724
#6 0x0000006d29e7 in cmd_reflog_expire ../builtin/reflog.c:205
#7 0x0000006d504c in cmd_reflog ../builtin/reflog.c:419
#8 0x0000007e4054 in run_builtin ../git.c:480
#9 0x0000007e4054 in handle_builtin ../git.c:746
#10 0x0000007e8a35 in run_argv ../git.c:813
#11 0x0000007e8a35 in cmd_main ../git.c:953
#12 0x000000441e8f in main ../common-main.c:9
#13 0x7ff9754115f4 in __libc_start_call_main (/lib64/libc.so.6+0x35f4)
#14 0x7ff9754116a7 in __libc_start_main@@GLIBC_2.34 (/lib64/libc.so.6+0x36a7)
#15 0x000000444184 in _start (/home/jekeller/libexec/git-core/git+0x444184)
Close this leak by adding a reflog_clear_expire_config() function which
iterates the linked list and frees its elements. Call it upon exit of
cmd_reflog_expire() and reflog_expire_condition().
Signed-off-by: Jacob Keller <jacob.keller@xxxxxxxxx>
---
Changes in v3:
- Remove the incorrect call in reflog_expiry_cleanup()
- Add a call in reflog_expire_condition()
- Link to v2: https://lore.kernel.org/r/20250709-jk-fix-leak-reflog-expire-config-v2-1-f9af934be8c1@xxxxxxxxx
Changes in v2:
- Actually fix the leak properly. (Thanks Jeff for catching my brain fart!)
- Link to v1: https://lore.kernel.org/r/20250709-jk-fix-leak-reflog-expire-config-v1-1-34d5461cf8f5@xxxxxxxxx
---
reflog.h | 2 ++
builtin/gc.c | 1 +
builtin/reflog.c | 3 +++
reflog.c | 14 ++++++++++++++
4 files changed, 20 insertions(+)
diff --git a/reflog.h b/reflog.h
index 63bb56280f4e..74b3f3c4f0ac 100644
--- a/reflog.h
+++ b/reflog.h
@@ -34,6 +34,8 @@ struct reflog_expire_options {
int reflog_expire_config(const char *var, const char *value,
const struct config_context *ctx, void *cb);
+void reflog_clear_expire_config(struct reflog_expire_options *opts);
+
/*
* Adapt the options so that they apply to the given refname. This applies any
* per-reference reflog expiry configuration that may exist to the options.
diff --git a/builtin/gc.c b/builtin/gc.c
index 845876ff0286..37f543736599 100644
--- a/builtin/gc.c
+++ b/builtin/gc.c
@@ -346,6 +346,7 @@ static int reflog_expire_condition(struct gc_config *cfg UNUSED)
count_reflog_entries, &data);
reflog_expiry_cleanup(&data.policy);
+ reflog_clear_expire_config(&data.policy);
return data.count >= data.limit;
}
diff --git a/builtin/reflog.c b/builtin/reflog.c
index 3acaf3e32c27..d4da41aaea73 100644
--- a/builtin/reflog.c
+++ b/builtin/reflog.c
@@ -283,6 +283,9 @@ static int cmd_reflog_expire(int argc, const char **argv, const char *prefix,
&cb);
free(ref);
}
+
+ reflog_clear_expire_config(&opts);
+
return status;
}
diff --git a/reflog.c b/reflog.c
index 15d81ebea978..e2a2f3ad3e30 100644
--- a/reflog.c
+++ b/reflog.c
@@ -81,6 +81,20 @@ int reflog_expire_config(const char *var, const char *value,
return 0;
}
+void reflog_clear_expire_config(struct reflog_expire_options *opts)
+{
+ struct reflog_expire_entry_option *ent = opts->entries, *tmp;
+
+ while (ent) {
+ tmp = ent;
+ ent = ent->next;
+ free(tmp);
+ }
+
+ opts->entries = NULL;
+ opts->entries_tail = NULL;
+}
+
void reflog_expire_options_set_refname(struct reflog_expire_options *cb,
const char *ref)
{
---
base-commit: a30f80fde927d70950b3b4d1820813480968fb0d
change-id: 20250709-jk-fix-leak-reflog-expire-config-712ca6dc685a
Best regards,
--
Jacob Keller <jacob.keller@xxxxxxxxx>
