change: fix potential heap use-after-free

laumann

Jul 17, 2024, 3:24 PM

PYNIQ644Z3Y3ADNE642GCJUJLUQRYZKHZ7ERKVDVLRTBPZPHQWMQC

Dependencies

• [2] SMB3M6ES change: rework to make more testable
• [3] XDWQHPFD change: add cli option to do "raw" dump
• [4] 72V7NBNW change: use simple type aliases consistently
• [5] QSQNGA5K changestore: load changes on demand
• [6] NEORNIZE change: decode and print file moves
• [7] ZTDGWUGP add repository structure
• [8] 5D2IYPL7 change: introduce changestore, print deleted lines
• [9] EHVLRMEF change: add vertexeq, fix deleted lines duplication
• [10] P5CSMRVS change: fix sequence-point warning
• [11] ZS3UJEZU change: support version = 4 (noenc) format
• [12] RRYWNHFE change: pass verbose to print_atom()
• [13] YDQLW2ZO change: rework printing of patches - print Edit and Newvertex types
• [*] Q7TKZCJP Add initial support for reading the offsets from a (fixed) change

Change contents

• replacement in change.c at line 522
  [5.2010]→[4.598:673](∅→∅)
  − struct changestore *changes, struct atom *change, u8 *contents,

  − usize *n
  [5.2010]

  [5.2091]
  + struct changestore *changes, struct atom *change, u8 *contents, usize *n
• replacement in change.c at line 572
  [5.608]→[5.3360:3381](∅→∅),[5.3360]→[5.3360:3381](∅→∅),[5.3381]→[4.825:856](∅→∅),[4.856]→[5.3417:3425](∅→∅),[5.3417]→[5.3417:3425](∅→∅)
  − buf = xrealloc(

  − buf, sz + sizeof(u8) * z

  − );
  [5.608]

  [5.609]
  + buf = xrealloc(buf, sz + sizeof(u8) * z);
• replacement in change.c at line 689
  [5.609]→[4.1043:1103](∅→∅),[4.1103]→[5.674:687](∅→∅),[5.674]→[5.674:687](∅→∅)
  − struct changestore *changes, struct atom *a, u8 *contents,

  − int verbose
  [5.609]

  [5.687]
  + struct changestore *changes, struct atom *a, u8 *contents, int verbose
• replacement in change.c at line 756
  [5.2775]→[5.2775:2800](∅→∅),[5.2800]→[4.1215:1273](∅→∅),[4.1273]→[5.2864:2866](∅→∅),[5.2864]→[5.2864:2866](∅→∅)
  − read_filemetadata_noenc(

  − struct filemetadata *m, u8 *contents, usize contents_len

  − )
  [5.2775]

  [5.2866]
  + read_filemetadata_noenc(struct filemetadata *m, u8 *contents, usize contents_len)
• replacement in change.c at line 769
  [3.8]→[3.8:73](∅→∅)
  − print_raw_change(struct changestore *changes, struct change *ch)
  [3.8]

  [3.73]
  + print_raw_change(struct change *ch)
• replacement in change.c at line 1108
  [5.776]→[5.776:832](∅→∅)
  − * load a change by the given hash into the changestore
  [5.776]

  [5.832]
  + * Load a change by the given hash into the changestore.

  + *

  + * This function may realloc the underlying memory, so callers must

  + * ensure they are not holding any references to any changes.
• edit in change.c at line 1141
  [5.1324]

  [4.1542]
  + changefree(struct change *c)

  + {

  + hashedfree(&c->hashed);

  + if (c->contents)

  + free(c->contents);

  + }

  +

  + void
• edit in change.c at line 1161
  [4.1624]→[5.1575:1594](∅→∅),[5.1575]→[5.1575:1594](∅→∅)
  − struct change *c;
• replacement in change.c at line 1164
  [5.1661]→[5.1661:1757](∅→∅)
  − c = &s->entries[i].change;

  − hashedfree(&c->hashed);

  − if (c->contents)

  − free(c->contents);
  [5.1661]

  [5.1757]
  + changefree(&s->entries[i].change);
• replacement in change.c at line 1211
  [5.8253]→[5.8253:8278](∅→∅),[5.8278]→[4.1639:1649](∅→∅),[4.1649]→[5.8292:8293](∅→∅),[5.3556]→[5.8292:8293](∅→∅),[5.8292]→[5.8292:8293](∅→∅),[5.8293]→[5.513:560](∅→∅),[5.560]→[5.8329:8360](∅→∅),[5.2474]→[5.8329:8360](∅→∅),[5.8329]→[5.8329:8360](∅→∅)
  − struct changeentry *ch;

  − usize x;

  −

  − changestoreinit(&changestore, 4, repo->path);

  − ch = &changestore.entries[0];
  [5.8253]

  [5.8360]
  + struct change c = { 0 };

  + struct hash h = { 0 };
• replacement in change.c at line 1214
  [5.8361]→[2.15099:15160](∅→∅)
  − err = loadchange(&ch->change, &ch->hash, repo->path, hash);
  [5.8361]

  [5.8428]
  + err = loadchange(&c, &h, repo->path, hash);
• edit in change.c at line 1217
  [2.15179]→[2.15179:15180](∅→∅),[2.15180]→[5.0:26](∅→∅),[5.8452]→[5.0:26](∅→∅)
  −

  − changestore.len = x = 1;
• replacement in change.c at line 1218
  [5.8483]→[5.8483:8516](∅→∅)
  − changestore.entries[0].num = 1;
  [5.8483]

  [5.9129]
  + changestoreinit(&changestore, 4, repo->path);
• replacement in change.c at line 1221
  [3.814]→[3.814:861](∅→∅)
  − print_raw_change(&changestore, &ch->change);
  [3.814]

  [3.861]
  + print_raw_change(&c);
• replacement in change.c at line 1223
  [3.867]→[3.867:957](∅→∅)
  − print_change(

  − &changestore, &ch->change.hashed, ch->change.contents,

  − verbose

  − );
  [3.867]

  [5.9226]
  + print_change(&changestore, &c.hashed, c.contents, verbose);
• edit in change.c at line 1227
  [5.9270]

  [15.2983]
  + changefree(&c);

  +