Fix crash in free() when git_buf_grow() fails.

4b1018d2 · Jeff Hostetler · Carlos Martín Nieto · 56065c09 · 4b1018d2 · 4b1018d2
Commit 4b1018d2 authored Jan 08, 2015 by Jeff Hostetler Committed by Carlos Martín Nieto Jan 09, 2015
Hide whitespace changes
Inline Side-by-side

Showing with 33 additions and 1 deletions

src/buffer.c
+2 -1

tests/buf/oom.c
+31 -0

No files found.
--- a/src/buffer.c
+++ b/src/buffer.c
@@ -67,7 +67,8 @@ int git_buf_try_grow(
 	if (!new_ptr) {
 		if (mark_oom) {
-			if (buf->ptr) git__free(buf->ptr);
+			if (buf->ptr && (buf->ptr != git_buf__initbuf))
+				git__free(buf->ptr);
 			buf->ptr = git_buf__oom;
 		}
 		return -1;

--- a/tests/buf/oom.c
+++ b/tests/buf/oom.c
+#include "clar_libgit2.h"
+#include "buffer.h"
+#if defined(GIT_ARCH_64)
+#define TOOBIG 0xffffffffffffff00
+#else
+#define TOOBIG 0xffffff00
+#endif
+/**
+ * If we make a ridiculously large request the first time we
+ * actually allocate some space in the git_buf, the realloc()
+ * will fail.  And because the git_buf_grow() wrapper always
+ * sets mark_oom, the code in git_buf_try_grow() will free
+ * the internal buffer and set it to git_buf__oom.
+ * 
+ * We initialized the internal buffer to (the static variable)
+ * git_buf__initbuf.  The purpose of this test is to make sure
+ * that we don't try to free the static buffer.
+ */
+void test_buf_oom__grow(void)
+{
+	git_buf buf = GIT_BUF_INIT;
+	git_buf_clear(&buf);
+	cl_assert(git_buf_grow(&buf, TOOBIG) == -1);
+	cl_assert(git_buf_oom(&buf));
+	git_buf_free(&buf);
+}