Re: [PATCH 1/1] ui-log: fix data corruption
On Wed, Oct 12, 2016 at 01:23:45PM +0200, Jason A. Donenfeld wrote: > So what's the verdict here? Do we have a double free or not? The current code is fine, providing we don't re-order it. The issue is that we free commit blobs while walking the log, so any attempt to use them after that without reloading the data goes through a null pointer. We should possibly change cgit_parse_commit() to use get_commit_buffer() rather than get_cached_commit_buffer(), which improves the usability of that function but hides potential inefficiency if we free the buffer and end up reloading it. The use of get_cached_commit_buffer() dates from an update in git.git which moved the buffer pointer out of struct commit, previously we just accessed commit->buffer here and relied on the buffer having been loaded previously. ___ CGit mailing list CGit@lists.zx2c4.com http://lists.zx2c4.com/mailman/listinfo/cgit
Re: [PATCH 1/1] ui-log: fix data corruption
So what's the verdict here? Do we have a double free or not? ___ CGit mailing list CGit@lists.zx2c4.com http://lists.zx2c4.com/mailman/listinfo/cgit
Re: [PATCH 1/1] ui-log: fix data corruption
John Keeping on Sun, 2016/10/09 12:26:
> On Fri, Oct 07, 2016 at 11:21:23PM +0200, Christian Hesse wrote:
> > "Jason A. Donenfeld" on Fri, 2016/10/07 21:43:
> > > Does this ever get freed, though?
> >
> > I ran cgit in valgrind with this patch applied. No changes in what is
> > lost - so looks like this is freed later on.
>
> It isn't lost because there's a global reference to it via the commit
> cache, but valgrind's "still reachable" statistic definitely grows as a
> result of this patch.
Ups, missed that.
> I don't think this is the cause of the underlying problem Sylvain
> reported. That's more likely to be the use of
> get_cached_commit_buffer() in cgit_parse_commit(). Shouldn't that be
> get_commit_buffer(), which uses the cached buffer if it's available?
I have to admit that I am not very familiar with the caching system. :-p
Just replacing that function has the desired effect, though. Calling
cgit_print_branches() after cgit_print_log() works without crash.
--
main(a){char*c=/*Schoene Gruesse */"B?IJj;MEH"
"CX:;",b;for(a/*Best regards my address:*/=0;b=c[a++];)
putchar(b-1/(/*Chriscc -ox -xc - && ./x*/b/42*2-3)*42);}
pgpdCI2lASqLg.pgp
Description: OpenPGP digital signature
___
CGit mailing list
CGit@lists.zx2c4.com
http://lists.zx2c4.com/mailman/listinfo/cgit
Re: [PATCH 1/1] ui-log: fix data corruption
On Fri, Oct 07, 2016 at 11:21:23PM +0200, Christian Hesse wrote: > "Jason A. Donenfeld" on Fri, 2016/10/07 21:43: > > Does this ever get freed, though? > > I ran cgit in valgrind with this patch applied. No changes in what is lost - > so looks like this is freed later on. It isn't lost because there's a global reference to it via the commit cache, but valgrind's "still reachable" statistic definitely grows as a result of this patch. I don't think this is the cause of the underlying problem Sylvain reported. That's more likely to be the use of get_cached_commit_buffer() in cgit_parse_commit(). Shouldn't that be get_commit_buffer(), which uses the cached buffer if it's available? Otherwise we must call libgit's parse_commit() before calling cgit_parse_commit(), which all seems a bit fragile. ___ CGit mailing list CGit@lists.zx2c4.com http://lists.zx2c4.com/mailman/listinfo/cgit
Re: [PATCH 1/1] ui-log: fix data corruption
Christian Hesse on Fri, 2016/10/07 23:21:
> "Jason A. Donenfeld" on Fri, 2016/10/07 21:43:
> > Does this ever get freed, though?
>
> I ran cgit in valgrind with this patch applied. No changes in what is lost -
> so looks like this is freed later on.
Another thought on this... The issue reported by Sylvain Rabot
shows that get_revision() can not get the same commit again. This is an
indication we do free something we should not touch, no?
--
main(a){char*c=/*Schoene Gruesse */"B?IJj;MEH"
"CX:;",b;for(a/*Best regards my address:*/=0;b=c[a++];)
putchar(b-1/(/*Chriscc -ox -xc - && ./x*/b/42*2-3)*42);}
pgpMNVnYN6qvb.pgp
Description: OpenPGP digital signature
___
CGit mailing list
CGit@lists.zx2c4.com
http://lists.zx2c4.com/mailman/listinfo/cgit
Re: [PATCH 1/1] ui-log: fix data corruption
"Jason A. Donenfeld" on Fri, 2016/10/07 21:43:
> Does this ever get freed, though?
I ran cgit in valgrind with this patch applied. No changes in what is lost -
so looks like this is freed later on.
BTW, we have some more places where get_revision() is called. Sometimes we
free the result (ui-atom, ui-log, ui-stats), sometimes we do not (ui-log,
ui-patch).
--
main(a){char*c=/*Schoene Gruesse */"B?IJj;MEH"
"CX:;",b;for(a/*Best regards my address:*/=0;b=c[a++];)
putchar(b-1/(/*Chriscc -ox -xc - && ./x*/b/42*2-3)*42);}
pgpIAPKyMNDvt.pgp
Description: OpenPGP digital signature
___
CGit mailing list
CGit@lists.zx2c4.com
http://lists.zx2c4.com/mailman/listinfo/cgit
Re: [PATCH 1/1] ui-log: fix data corruption
Does this ever get freed, though? ___ CGit mailing list CGit@lists.zx2c4.com http://lists.zx2c4.com/mailman/listinfo/cgit
