On Fri, Jun 13, 2014 at 11:44:28AM +0200, Michael J Gruber wrote:

> > Perhaps this is a sign that we need a "signature_check_clear()" helper?
> 
> ... or simply switch to language which has (or can overload) free for an
> object :)

I hear somebody has reimplemented git in pure javascript. ;P

> Do we have prior art for such helpers so that the new one would be
> analogous?

I was thinking of credential_clear, string_list_clear, etc. Literally
just:

  void signature_check_clear(struct signature_check *s)
  {
        free(s->gpg_output);
        free(s->gpg_status);
        free(s->signer);
        free(s->key);
  }

Your first commit fixed a leak on gpg_status.  Did it also need to handle
the "key" field there?

For some structs, we'd also do:

        memset(s, 0, sizeof(*s));

to get us back to a usable, initialized state so the struct can be
reused. However, check_commit_signature doesn't care if the struct is
initialized or not (i.e., there is no initialized state). Doing so does
help detect use-after-free conditions, though.

-Peff
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to