Commit 3e8a17b01b30a5aca5e10ef6f02635111315724e

Patrick Steinhardt 2019-09-21T15:18:42

buffer: fix memory leak if unable to grow buffer If growing a buffer fails, we set its pointer to the static `git_buf__oom` structure. While we correctly free the old pointer if `git__malloc` returned an error, we do not free it if there was an integer overflow while calculating the new allocation size. Fix this issue by freeing the pointer to plug the memory leak.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
diff --git a/src/buffer.c b/src/buffer.c
index 51fb48a..8acf2ac 100644
--- a/src/buffer.c
+++ b/src/buffer.c
@@ -70,8 +70,11 @@ int git_buf_try_grow(
 	new_size = (new_size + 7) & ~7;
 
 	if (new_size < buf->size) {
-		if (mark_oom)
+		if (mark_oom) {
+			if (buf->ptr && buf->ptr != git_buf__initbuf)
+				git__free(buf->ptr);
 			buf->ptr = git_buf__oom;
+		}
 
 		git_error_set_oom();
 		return -1;