[PATCH 5 of 5 STABLE] manifest: fix leak on error return from lazymanifest_filtercopy()

Yuya Nishihara yuya at tcha.org
Wed Sep 5 09:58:27 EDT 2018


# HG changeset patch
# User Yuya Nishihara <yuya at tcha.org>
# Date 1536151784 -32400
#      Wed Sep 05 21:49:44 2018 +0900
# Branch stable
# Node ID c922d17e33d542eaab1fdfc49638d6441d159e48
# Parent  819cf6343fb821f3ef53768d722ab7990540f31f
manifest: fix leak on error return from lazymanifest_filtercopy()

Spotted by ASAN.

free(copy->lines) and Py_DECREF(copy->pydata) are replaced by Py_XDECREF(copy),
which should call lazymanifest_dealloc(). Freeing half-initialized copy->lines
is safe since copy->numlines holds a valid value.

diff --git a/mercurial/cext/manifest.c b/mercurial/cext/manifest.c
--- a/mercurial/cext/manifest.c
+++ b/mercurial/cext/manifest.c
@@ -731,16 +731,14 @@ static lazymanifest *lazymanifest_filter
 		arglist = Py_BuildValue(PY23("(s)", "(y)"),
 					self->lines[i].start);
 		if (!arglist) {
-			return NULL;
+			goto bail;
 		}
 		result = PyObject_CallObject(matchfn, arglist);
 		Py_DECREF(arglist);
 		/* if the callback raised an exception, just let it
 		 * through and give up */
 		if (!result) {
-			free(copy->lines);
-			Py_DECREF(copy->pydata);
-			return NULL;
+			goto bail;
 		}
 		if (PyObject_IsTrue(result)) {
 			assert(!(self->lines[i].from_malloc));
@@ -752,6 +750,7 @@ static lazymanifest *lazymanifest_filter
 	return copy;
 nomem:
 	PyErr_NoMemory();
+bail:
 	Py_XDECREF(copy);
 	return NULL;
 }


More information about the Mercurial-devel mailing list