From: Junio C Hamano <gitster@pobox•com>
To: Johannes Sixt <j6t@kdbg•org>
Cc: "Thomas Gummerer" <t.gummerer@gmail•com>,
git@vger•kernel.org, "Lars Schneider" <larsxschneider@gmail•com>,
"Ben Peart" <peartben@gmail•com>,
"Ben Peart" <benpeart@microsoft•com>,
"Jakub Narębski" <jnareb@gmail•com>
Subject: Re: [PATCH 3/3] sub-process: allocate argv on the heap
Date: Wed, 04 Oct 2017 13:59:31 +0900 [thread overview]
Message-ID: <xmqq7ewbecek.fsf@gitster.mtv.corp.google.com> (raw)
In-Reply-To: <85456f81-9e9f-d0e4-86f7-9f546691dee3@kdbg.org> (Johannes Sixt's message of "Tue, 3 Oct 2017 22:24:57 +0200")
Johannes Sixt <j6t@kdbg•org> writes:
> Am 03.10.2017 um 21:57 schrieb Thomas Gummerer:
>> diff --git a/sub-process.c b/sub-process.c
>> index 6dde5062be..4680af8193 100644
>> --- a/sub-process.c
>> +++ b/sub-process.c
>> @@ -77,7 +77,9 @@ int subprocess_start(struct hashmap *hashmap, struct subprocess_entry *entry, co
>> {
>> int err;
>> struct child_process *process;
>> - const char *argv[] = { cmd, NULL };
>> + const char **argv = xmalloc(2 * sizeof(char *));
>> + argv[0] = cmd;
>> + argv[1] = NULL;
>> entry->cmd = cmd;
>> process = &entry->process;
>>
>
> Perhaps this should become
>
> argv_array_push(&process->args, cmd);
>
> so that there is no new memory leak?
Sounds like a good idea (if I am not grossly mistaken as to what is
being suggested).
Here is what I am planning to queue.
-- >8 --
From: Johannes Sixt <j6t@kdbg•org>
Date: Tue, 3 Oct 2017 22:24:57 +0200
Subject: [PATCH] sub-process: use child_process.args instead of child_process.argv
Currently the argv is only allocated on the stack, and then assigned to
process->argv. When the start_subprocess function goes out of scope,
the local argv variable is eliminated from the stack, but the pointer is
still kept around in process->argv.
Much later when we try to access the same process->argv in
finish_command, this leads us to access a memory location that no longer
contains what we want. As argv0 is only used for printing errors, this
is not easily noticed in normal git operations. However when running
t0021-conversion.sh through valgrind, valgrind rightfully complains:
==21024== Invalid read of size 8
==21024== at 0x2ACF64: finish_command (run-command.c:869)
==21024== by 0x2D6B18: subprocess_exit_handler (sub-process.c:72)
==21024== by 0x2AB41E: cleanup_children (run-command.c:45)
==21024== by 0x2AB526: cleanup_children_on_exit (run-command.c:81)
==21024== by 0x54AD487: __run_exit_handlers (in /usr/lib/libc-2.26.so)
==21024== by 0x54AD4D9: exit (in /usr/lib/libc-2.26.so)
==21024== by 0x11A9EF: handle_builtin (git.c:550)
==21024== by 0x11ABCC: run_argv (git.c:602)
==21024== by 0x11AD8E: cmd_main (git.c:679)
==21024== by 0x1BF125: main (common-main.c:43)
==21024== Address 0x1ffeffec00 is on thread 1's stack
==21024== 1504 bytes below stack pointer
==21024==
These days, the child_process structure has its own args array, and
the standard way to set up its argv[] is to use that one, instead of
assigning to process->argv to point at an array that is outside.
Use that facility automatically fixes this issue.
Reported-by: Thomas Gummerer <t.gummerer@gmail•com>
Signed-off-by: Johannes Sixt <j6t@kdbg•org>
Signed-off-by: Junio C Hamano <gitster@pobox•com>
---
sub-process.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/sub-process.c b/sub-process.c
index fcc4832c14..648b3a3943 100644
--- a/sub-process.c
+++ b/sub-process.c
@@ -74,13 +74,12 @@ int subprocess_start(struct hashmap *hashmap, struct subprocess_entry *entry, co
{
int err;
struct child_process *process;
- const char *argv[] = { cmd, NULL };
entry->cmd = cmd;
process = &entry->process;
child_process_init(process);
- process->argv = argv;
+ argv_array_push(&process->args, cmd);
process->use_shell = 1;
process->in = -1;
process->out = -1;
--
2.14.2-889-gd2948f6aa6
next prev parent reply other threads:[~2017-10-04 4:59 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-10-03 19:57 [PATCH 0/3] fixes for running the test suite with --valgrind Thomas Gummerer
2017-10-03 19:57 ` [PATCH 1/3] path.c: fix uninitialized memory access Thomas Gummerer
2017-10-03 22:45 ` Jonathan Nieder
2017-10-03 23:30 ` Jeff King
2017-10-03 23:37 ` Jonathan Nieder
2017-10-04 4:47 ` Junio C Hamano
2017-10-04 5:21 ` Jeff King
2017-10-04 19:22 ` Thomas Gummerer
2017-10-04 19:36 ` Jonathan Nieder
2017-10-03 19:57 ` [PATCH 2/3] http-push: fix construction of hex value from path Thomas Gummerer
2017-10-03 22:53 ` Jonathan Nieder
2017-10-03 23:36 ` Jeff King
2017-10-04 4:48 ` Junio C Hamano
2017-10-04 5:20 ` Junio C Hamano
2017-10-04 5:26 ` Jeff King
2017-10-04 6:26 ` Junio C Hamano
2017-10-03 19:57 ` [PATCH 3/3] sub-process: allocate argv on the heap Thomas Gummerer
2017-10-03 20:24 ` Johannes Sixt
2017-10-04 4:59 ` Junio C Hamano [this message]
2017-10-04 5:32 ` Jeff King
2017-10-04 5:58 ` Johannes Sixt
2017-10-04 19:31 ` Thomas Gummerer
2017-10-03 20:25 ` Stefan Beller
2017-10-03 23:41 ` [PATCH 0/3] fixes for running the test suite with --valgrind Jeff King
2017-10-03 23:50 ` Jonathan Nieder
2017-10-03 23:54 ` Jeff King
2017-10-04 10:19 ` playing with MSan, was " Jeff King
2017-10-04 19:30 ` Thomas Gummerer
2017-10-05 3:46 ` lstat-ing delayed-filter output, was Re: playing with MSan Jeff King
2017-10-05 10:47 ` Lars Schneider
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=xmqq7ewbecek.fsf@gitster.mtv.corp.google.com \
--to=gitster@pobox$(echo .)com \
--cc=benpeart@microsoft$(echo .)com \
--cc=git@vger$(echo .)kernel.org \
--cc=j6t@kdbg$(echo .)org \
--cc=jnareb@gmail$(echo .)com \
--cc=larsxschneider@gmail$(echo .)com \
--cc=peartben@gmail$(echo .)com \
--cc=t.gummerer@gmail$(echo .)com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox