patch_parse: reject patches with multiple old/new paths

pks-t · pks-t · commit 223e7e43efff · 2019-10-19T17:02:53.000+02:00
It's currently possible to have patches with multiple old path name
headers. As we didn't check for this case, this resulted in a memory
leak when overwriting the old old path with the new old path because we
simply discarded the old pointer.

Instead of fixing this by free'ing the old pointer, we should reject
such patches altogether. It doesn't make any sense for the "---" or
"+++" markers to occur multiple times within a patch n the first place.
This also implicitly fixes the memory leak.
diff --git a/src/patch_parse.c b/src/patch_parse.c
@@ -91,10 +91,14 @@ static int parse_header_path_buf(git_buf *path, git_patch_parse_ctx *ctx, size_t
 static int parse_header_path(char **out, git_patch_parse_ctx *ctx)
 {
 	git_buf path = GIT_BUF_INIT;
-	int error = parse_header_path_buf(&path, ctx, header_path_len(ctx));
+	int error;
 
+	if ((error = parse_header_path_buf(&path, ctx, header_path_len(ctx))) < 0)
+		goto out;
 	*out = git_buf_detach(&path);
 
+out:
+	git_buf_dispose(&path);
 	return error;
 }
 
@@ -104,6 +108,12 @@ static int parse_header_git_oldpath(
 	git_buf old_path = GIT_BUF_INIT;
 	int error;
 
+	if (patch->old_path) {
+		error = git_parse_err("patch contains duplicate old path at line %"PRIuZ,
+				      ctx->parse_ctx.line_num);
+		goto out;
+	}
+
 	if ((error = parse_header_path_buf(&old_path, ctx, ctx->parse_ctx.line_len - 1)) <  0)
 		goto out;
 
@@ -120,9 +130,14 @@ static int parse_header_git_newpath(
 	git_buf new_path = GIT_BUF_INIT;
 	int error;
 
-	if ((error = parse_header_path_buf(&new_path, ctx, ctx->parse_ctx.line_len - 1)) <  0)
+	if (patch->new_path) {
+		error = git_parse_err("patch contains duplicate new path at line %"PRIuZ,
+				      ctx->parse_ctx.line_num);
 		goto out;
+	}
 
+	if ((error = parse_header_path_buf(&new_path, ctx, ctx->parse_ctx.line_len - 1)) <  0)
+		goto out;
 	patch->new_path = git_buf_detach(&new_path);
 
 out:
diff --git a/tests/patch/parse.c b/tests/patch/parse.c
@@ -148,3 +148,9 @@ void test_patch_parse__lifetime_of_patch_does_not_depend_on_buffer(void)
 
 	git_patch_free(patch);
 }
+
+void test_patch_parse__memory_leak_on_multiple_paths(void)
+{
+	git_patch *patch;
+	cl_git_fail(git_patch_from_buffer(&patch, PATCH_MULTIPLE_OLD_PATHS, strlen(PATCH_MULTIPLE_OLD_PATHS), NULL));
+}
diff --git a/tests/patch/patch_common.h b/tests/patch/patch_common.h
@@ -905,3 +905,10 @@
 	"-b\n" \
 	"+bb\n" \
 	" c\n"
+
+#define PATCH_MULTIPLE_OLD_PATHS \
+	"diff --git  \n" \
+	"---  \n" \
+	"+++ \n" \
+	"index 0000..7DDb\n" \
+	"--- \n"

Original file line number	Diff line number	Diff line change
`@@ -148,3 +148,9 @@ void test_patch_parse__lifetime_of_patch_does_not_depend_on_buffer(void)`
`148`	`148`
`149`	`149`	`git_patch_free(patch);`
`150`	`150`	`}`
	`151`	`+`
	`152`	`+void test_patch_parse__memory_leak_on_multiple_paths(void)`
	`153`	`+{`
	`154`	`+ git_patch *patch;`
	`155`	`+ cl_git_fail(git_patch_from_buffer(&patch, PATCH_MULTIPLE_OLD_PATHS, strlen(PATCH_MULTIPLE_OLD_PATHS), NULL));`
	`156`	`+}`