• Martin Ågren's avatar
    setup: fix memory leaks with `struct repository_format` · e8805af1
    Martin Ågren authored
    After we set up a `struct repository_format`, it owns various pieces of
    allocated memory. We then either use those members, because we decide we
    want to use the "candidate" repository format, or we discard the
    candidate / scratch space. In the first case, we transfer ownership of
    the memory to a few global variables. In the latter case, we just
    silently drop the struct and end up leaking memory.
    
    Introduce an initialization macro `REPOSITORY_FORMAT_INIT` and a
    function `clear_repository_format()`, to be used on each side of
    `read_repository_format()`. To have a clear and simple memory ownership,
    let all users of `struct repository_format` duplicate the strings that
    they take from it, rather than stealing the pointers.
    
    Call `clear_...()` at the start of `read_...()` instead of just zeroing
    the struct, since we sometimes enter the function multiple times. Thus,
    it is important to initialize the struct before calling `read_...()`, so
    document that. It's also important because we might not even call
    `read_...()` before we call `clear_...()`, see, e.g., builtin/init-db.c.
    
    Teach `read_...()` to clear the struct on error, so that it is reset to
    a safe state, and document this. (In `setup_git_directory_gently()`, we
    look at `repo_fmt.hash_algo` even if `repo_fmt.version` is -1, which we
    weren't actually supposed to do per the API. After this commit, that's
    ok.)
    
    We inherit the existing code's combining "error" and "no version found".
    Both are signalled through `version == -1` and now both cause us to
    clear any partial configuration we have picked up. For "extensions.*",
    that's fine, since they require a positive version number. For
    "core.bare" and "core.worktree", we're already verifying that we have a
    non-negative version number before using them.
    Signed-off-by: 's avatarMartin Ågren <martin.agren@gmail.com>
    Signed-off-by: 's avatarJunio C Hamano <gitster@pobox.com>
    e8805af1
worktree.c 13.2 KB