Web lists-archives.com

Re: [PATCH 1/3] midx: fix broken free() in close_midx()




"Derrick Stolee via GitGitGadget" <gitgitgadget@xxxxxxxxx> writes:

> From: Derrick Stolee <dstolee@xxxxxxxxxxxxx>
>
> When closing a multi-pack-index, we intend to close each pack-file
> and free the struct packed_git that represents it. However, this
> line was previously freeing the array of pointers, not the
> pointer itself. This leads to a double-free issue.
>
> Signed-off-by: Derrick Stolee <dstolee@xxxxxxxxxxxxx>
> ---
>  midx.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/midx.c b/midx.c
> index f3e8dbc108..999717b96f 100644
> --- a/midx.c
> +++ b/midx.c
> @@ -190,7 +190,7 @@ static void close_midx(struct multi_pack_index *m)
>  	for (i = 0; i < m->num_packs; i++) {
>  		if (m->packs[i]) {
>  			close_pack(m->packs[i]);
> -			free(m->packs);
> +			free(m->packs[i]);
>  		}
>  	}
>  	FREE_AND_NULL(m->packs);

Yup, kinda obvious when we view it with the post context.