Re: [PATCH] fsmonitor: fix khash memory leak in do_handle_client

public inbox for git@vger.kernel.org 
 help / color / mirror / Atom feed

From: "René Scharfe" <l.s.r@web•de>
To: Paul Tarjan via GitGitGadget <gitgitgadget@gmail•com>,
	git@vger•kernel.org
Cc: Paul Tarjan <github@paulisageek•com>
Subject: Re: [PATCH] fsmonitor: fix khash memory leak in do_handle_client
Date: Wed, 31 Dec 2025 09:37:24 +0100	[thread overview]
Message-ID: <ebb877bb-c86f-4ca1-b7b7-b236fb95848e@web.de> (raw)
In-Reply-To: <pull.2148.git.git.1767098576384.gitgitgadget@gmail.com>

On 12/30/25 1:42 PM, Paul Tarjan via GitGitGadget wrote:
> From: Paul Tarjan <github@paulisageek•com>
> 
> The do_handle_client() function allocates a khash table to de-duplicate
> pathnames when responding to client requests. Two issues existed:
> 
> 1. kh_release_str() was used instead of kh_destroy_str(). The release
>    function only frees internal arrays (flags, keys, vals) but not the
>    struct itself (allocated by kh_init_str via xcalloc). This caused a
>    40-byte leak per request.
> 
> 2. The khash was freed mid-function rather than in the cleanup section,
>    so if the worker thread was interrupted before reaching that point
>    during daemon shutdown, the memory would leak.
> 
> Fix both issues by:
> - Initializing shown = NULL at declaration
> - Using kh_destroy_str() which handles NULL and frees both internal
>   arrays and the struct itself
> - Moving the cleanup to the cleanup section so it runs on all exit paths
> 
> Signed-off-by: Claude <claude@anthropic•com>
> ---
>     fsmonitor: fix khash memory leak in do_handle_client
>     
>     The do_handle_client() function allocates a khash table to de-duplicate
>     pathnames when responding to client requests. Two issues existed:
>     
>      1. kh_release_str() was used instead of kh_destroy_str(). The release
>         function only frees internal arrays (flags, keys, vals) but not the
>         struct itself (allocated by kh_init_str via xcalloc). This caused a
>         40-byte leak per request.

Makes sense.

>     
>      2. The khash was freed mid-function rather than in the cleanup section,
>         so if the worker thread was interrupted before reaching that point
>         during daemon shutdown, the memory would leak.

Really?  Would an interrupted thread even reach its cleanup section?

>     
>     Fix both issues by:
>     
>      * Initializing shown = NULL at declaration
>      * Using kh_destroy_str() which handles NULL and frees both internal
>        arrays and the struct itself
>      * Moving the cleanup to the cleanup section so it runs on all exit
>        paths
> 
> Published-As: https://github.com/gitgitgadget/git/releases/tag/pr-git-2148%2Fptarjan%2Fclaude%2Ffix-fsmonitor-hashmap-leak-gfDCU-v1
> Fetch-It-Via: git fetch https://github.com/gitgitgadget/git pr-git-2148/ptarjan/claude/fix-fsmonitor-hashmap-leak-gfDCU-v1
> Pull-Request: https://github.com/git/git/pull/2148
> 
>  builtin/fsmonitor--daemon.c | 5 ++---
>  1 file changed, 2 insertions(+), 3 deletions(-)
> 
> diff --git a/builtin/fsmonitor--daemon.c b/builtin/fsmonitor--daemon.c
> index 242c594646..bc4571938c 100644
> --- a/builtin/fsmonitor--daemon.c
> +++ b/builtin/fsmonitor--daemon.c
> @@ -671,7 +671,7 @@ static int do_handle_client(struct fsmonitor_daemon_state *state,
>  	const struct fsmonitor_batch *batch;
>  	struct fsmonitor_batch *remainder = NULL;
>  	intmax_t count = 0, duplicates = 0;
> -	kh_str_t *shown;
> +	kh_str_t *shown = NULL;
>  	int hash_ret;
>  	int do_trivial = 0;
>  	int do_flush = 0;
> @@ -909,8 +909,6 @@ static int do_handle_client(struct fsmonitor_daemon_state *state,
>  		total_response_len += payload.len;
>  	}
>  
> -	kh_release_str(shown);
> -
>  	pthread_mutex_lock(&state->main_lock);
>  
>  	if (token_data->client_ref_count > 0)
> @@ -954,6 +952,7 @@ static int do_handle_client(struct fsmonitor_daemon_state *state,
>  	trace2_data_intmax("fsmonitor", the_repository, "response/count/duplicates", duplicates);
>  
>  cleanup:
> +	kh_destroy_str(shown);
>  	strbuf_release(&response_token);
>  	strbuf_release(&requested_token_id);
>  	strbuf_release(&payload);
> 
> base-commit: 7c7698a654a7a0031f65b0ab0c1c4e438e95df60

next prev parent reply	other threads:[~2025-12-31  8:37 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-12-30 12:42 [PATCH] fsmonitor: fix khash memory leak in do_handle_client Paul Tarjan via GitGitGadget
2025-12-31  8:37 ` René Scharfe [this message]
2025-12-31 14:39 ` [PATCH v2] " Paul Tarjan via GitGitGadget
2026-01-01 23:14   ` Junio C Hamano
2026-01-02  1:24     ` Paul Tarjan
2026-01-04  2:19       ` Junio C Hamano

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=ebb877bb-c86f-4ca1-b7b7-b236fb95848e@web.de \
    --to=l.s.r@web$(echo .)de \
    --cc=git@vger$(echo .)kernel.org \
    --cc=gitgitgadget@gmail$(echo .)com \
    --cc=github@paulisageek$(echo .)com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox