From: Christian Weisgerber <naddy@mips.inka.de>
Subject: Re: tog tree double free
To: gameoftrees@openbsd.org
Date: Sat, 10 Jul 2021 22:20:44 +0200

Stefan Sperling:

> I think it makes more sense to give control over the allocation to the
> open_tree_view() function, implying that the deallocation should only
> occur in close_tree_view(). This fixes the double-tree you've described.

Makes sense.

> Can you still get tog to misbehave with this patch?

That fixes the problem and I haven't found any new ones.

There's some cruft left over that you forgot:

--- tog.c.orig	Sat Jul 10 21:41:08 2021
+++ tog.c	Sat Jul 10 21:41:57 2021
@@ -6052,7 +6052,6 @@ browse_ref_tree(struct tog_view **new_view, int begin_
 {
 	const struct got_error *err = NULL;
 	struct got_object_id *commit_id = NULL;
-	struct got_tree_object *tree = NULL;
 	struct tog_view *tree_view;
 
 	*new_view = NULL;
@@ -6080,10 +6079,6 @@ browse_ref_tree(struct tog_view **new_view, int begin_
 	*new_view = tree_view;
 done:
 	free(commit_id);
-	if (err) {
-		if (tree)
-			got_object_tree_close(tree);
-	}
 	return err;
 }
 static const struct got_error *
-- 
Christian "naddy" Weisgerber                          naddy@mips.inka.de