fix double-free in gotadmin pack

From:: "Omar Polo" <op@omarpolo.com>
Subject:: Re: fix double-free in gotadmin pack
To:: Stefan Sperling <stsp@stsp.name>
Cc:: gameoftrees@openbsd.org
Date:: Tue, 24 Feb 2026 19:18:45 +0100

Download raw body.

Thread

2026-02-24 09:43 Stefan Sperling:
fix double-free in gotadmin pack
- 2026-02-24 18:18 Omar Polo:
  fix double-free in gotadmin pack

Stefan Sperling <stsp@stsp.name> wrote:
> Stopping gotadmin pack with Ctrl-C during the commit coloring phase
> can trigger a double free if coloring is offloaded to got-read-pack:
> 
> $ gotadmin pack -a -r /git/ports.git/
> 1844 commits colored^Cgotadmin(86432) in free(): double free 0x6d15cc5cf80
> 
> Fix below. ok?

nice catch, ok op@

>  fix a double-free on error in got_pack_paint_commits()
>  
>  Before heading out on error clear the qid pointer if we have not yet
>  removed qid from the list. Otherwise the error path will free the qid
>  while it is still on the list.
>  
>  Also garbage collect the qid0 pointer which has been unused for some time.
>  
> M  lib/pack_create_privsep.c  |  20+  16-
> 
> 1 file changed, 20 insertions(+), 16 deletions(-)
> 
> commit - d07cf78033793607c02ab0e8bcb66de1f4a02a6f
> commit + 18603fd0426083fc6d8d8398e420d22fdc5a2333
> blob - 311c7e65273b2764eabc6160b3675b91e1165e9f
> blob + bd9cc726a8d3d9d2ecd8381f3cedb0feb27ef0c9
> --- lib/pack_create_privsep.c
> +++ lib/pack_create_privsep.c
> [...]

2026-02-24 09:43 Stefan Sperling:
fix double-free in gotadmin pack
- 2026-02-24 18:18 Omar Polo:
  fix double-free in gotadmin pack