Fix use-after-free when patch outlives diff

And added test that would trigger the bug in Valgrind.
libgit2 · Dec 18, 2014 · 1ddb55e · 1ddb55e
1 parent beff871
commit 1ddb55e
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 3 deletions.
diff --git a/src/diff.c b/src/diff.c
@@ -88,6 +88,7 @@ wrap_patch(git_patch *patch)
         git_patch_line_stats(NULL, &additions, &deletions, patch);
         py_patch->additions = additions;
         py_patch->deletions = deletions;
+        py_patch->patch = patch;
 
         hunk_amounts = git_patch_num_hunks(patch);
         py_patch->hunks = PyList_New(hunk_amounts);
@@ -129,7 +130,6 @@ wrap_patch(git_patch *patch)
             }
         }
     }
-    git_patch_free(patch);
 
     return (PyObject*) py_patch;
 }
@@ -153,8 +153,7 @@ Patch_dealloc(Patch *self)
     Py_CLEAR(self->hunks);
     Py_CLEAR(self->old_id);
     Py_CLEAR(self->new_id);
-    /* We do not have to free old_file_path and new_file_path, they will
-     * be freed by git_diff_list_free in Diff_dealloc */
+    git_patch_free(self->patch);
     PyObject_Del(self);
 }
 

diff --git a/src/types.h b/src/types.h
@@ -112,6 +112,7 @@ typedef struct {
     unsigned additions;
     unsigned deletions;
     unsigned flags;
+    git_patch* patch;
 } Patch;
 
 typedef struct {

diff --git a/test/test_diff.py b/test/test_diff.py
@@ -35,6 +35,7 @@
 from pygit2 import GIT_DIFF_IGNORE_WHITESPACE, GIT_DIFF_IGNORE_WHITESPACE_EOL
 from . import utils
 from itertools import chain
+import gc
 
 
 COMMIT_SHA1_1 = '5fe808e8953c12735680c257f56600cb0de44b10'
@@ -199,6 +200,21 @@ def get_context_for_lines(diff):
         self.assertAll(lambda x: commit_a.tree[x], entries)
         self.assertAll(lambda x: '+' == x, get_context_for_lines(diff_swaped))
 
+    def test_diff_free_diff_before_patch(self):
+        commit_a = self.repo[COMMIT_SHA1_1]
+        commit_b = self.repo[COMMIT_SHA1_2]
+        diff = commit_a.tree.diff_to_tree(commit_b.tree)
+        patch = diff[0]
+
+        # Free diff.
+        diff = None
+        gc.collect()
+
+        # If the underlying git_patch* is freed too early, the
+        # following reads will trigger errors in Valgrind.
+        self.assertEqual(patch.old_file_path, 'a')
+        self.assertEqual(patch.new_file_path, 'a')
+
     def test_diff_revparse(self):
         diff = self.repo.diff('HEAD', 'HEAD~6')
         self.assertEqual(type(diff), pygit2.Diff)