From f046127b6682f98d41bb4d26164da7f1a4a8e8d0 Mon Sep 17 00:00:00 2001 From: Jeff King Date: Mon, 9 Sep 2024 19:19:51 -0400 Subject: ref-filter: fix leak when formatting %(push:remoteref) When we expand the %(upstream) or %(push) placeholders, we rely on remote.c's remote_ref_for_branch() to fill in the ":refname" argument. But that function has confusing memory ownership semantics: it may or may not return an allocated string, depending on whether we are in "upstream" mode or "push" mode. The caller in ref-filter.c always duplicates the result, meaning that we leak the original in the case of %(push:refname). To solve this, let's make the return value from remote_ref_for_branch() consistent, by always returning an allocated pointer. Note that the switch to returning a non-const pointer has a ripple effect inside the function, too. We were storing the "dst" result as a const pointer, too, even though it is always allocated! It is the return value from apply_refspecs(), which is always a non-const allocated string. And then on the caller side in ref-filter.c (and this is the only caller at all), we just need to avoid the extra duplication when the return value is non-NULL. This clears up one case that LSan finds in t6300, but there are more. Signed-off-by: Jeff King Signed-off-by: Junio C Hamano --- remote.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'remote.h') diff --git a/remote.h b/remote.h index b901b56746..a58713f20a 100644 --- a/remote.h +++ b/remote.h @@ -329,7 +329,7 @@ struct branch { struct branch *branch_get(const char *name); const char *remote_for_branch(struct branch *branch, int *explicit); const char *pushremote_for_branch(struct branch *branch, int *explicit); -const char *remote_ref_for_branch(struct branch *branch, int for_push); +char *remote_ref_for_branch(struct branch *branch, int for_push); /* returns true if the given branch has merge configuration given. */ int branch_has_merge_config(struct branch *branch); -- cgit v1.3-6-g1900