- From:
- Christian Weisgerber <naddy@mips.inka.de>
- Subject:
- Re: tog tree double free
- To:
- gameoftrees@openbsd.org
- Date:
- Sat, 10 Jul 2021 22:20:44 +0200
Download raw body.
Thread
tog tree double free
Download raw body.
tog tree double free
Stefan Sperling:
> I think it makes more sense to give control over the allocation to the
> open_tree_view() function, implying that the deallocation should only
> occur in close_tree_view(). This fixes the double-tree you've described.
Makes sense.
> Can you still get tog to misbehave with this patch?
That fixes the problem and I haven't found any new ones.
There's some cruft left over that you forgot:
--- tog.c.orig Sat Jul 10 21:41:08 2021
+++ tog.c Sat Jul 10 21:41:57 2021
@@ -6052,7 +6052,6 @@ browse_ref_tree(struct tog_view **new_view, int begin_
{
const struct got_error *err = NULL;
struct got_object_id *commit_id = NULL;
- struct got_tree_object *tree = NULL;
struct tog_view *tree_view;
*new_view = NULL;
@@ -6080,10 +6079,6 @@ browse_ref_tree(struct tog_view **new_view, int begin_
*new_view = tree_view;
done:
free(commit_id);
- if (err) {
- if (tree)
- got_object_tree_close(tree);
- }
return err;
}
static const struct got_error *
--
Christian "naddy" Weisgerber naddy@mips.inka.de
tog tree double free