From 18decad922884a69ea39c0332f7a94ce82cf99cc Mon Sep 17 00:00:00 2001 From: LorenzoPegorari Date: Mon, 1 Jun 2026 15:52:12 +0200 Subject: [PATCH] http: fix memory leak in fetch_and_setup_pack_index() Inside the function `fetch_and_setup_pack_index()`, when the pack obtained using `parse_pack_index()` fails to be verified by `verify_pack_index()`, the function returns without closing and freeing said pack. Fix this by calling `close_pack_index()` to munmap the index file for the leaking pack (which might have been mmapped by `fetch_pack_index()` or `verify_pack_index()`), and then free it, when the verification fails. Signed-off-by: LorenzoPegorari Signed-off-by: Junio C Hamano --- http.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/http.c b/http.c index 55dd856a27..d50a34e446 100644 --- a/http.c +++ b/http.c @@ -2614,11 +2614,13 @@ static int fetch_and_setup_pack_index(struct packfile_list *packs, } ret = verify_pack_index(new_pack); - if (!ret) - close_pack_index(new_pack); + + close_pack_index(new_pack); free(tmp_idx); - if (ret) + if (ret) { + free(new_pack); return -1; + } packfile_list_prepend(packs, new_pack); return 0;