From nobody Tue Apr 30 16:10:12 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zoho.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 149736958852390.01528510984087; Tue, 13 Jun 2017 08:59:48 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 01218C04BD28; Tue, 13 Jun 2017 15:59:46 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 218928C58F; Tue, 13 Jun 2017 15:59:45 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id C73171841C43; Tue, 13 Jun 2017 15:59:42 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id v5DFxfiE005895 for ; Tue, 13 Jun 2017 11:59:41 -0400 Received: by smtp.corp.redhat.com (Postfix) id 6343EA394B; Tue, 13 Jun 2017 15:59:41 +0000 (UTC) Received: from beluga.usersys.redhat.com (unknown [10.43.2.36]) by smtp.corp.redhat.com (Postfix) with ESMTP id B5722A3945; Tue, 13 Jun 2017 15:59:38 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 01218C04BD28 Authentication-Results: ext-mx07.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx07.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=libvir-list-bounces@redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com 01218C04BD28 From: Erik Skultety To: libvir-list@redhat.com Date: Tue, 13 Jun 2017 18:01:17 +0200 Message-Id: X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-loop: libvir-list@redhat.com Cc: Erik Skultety Subject: [libvirt] [PATCH] qemu: monitor: Fix a memory leak in qemuMonitorJSONAttachCharDevCommand X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.31]); Tue, 13 Jun 2017 15:59:46 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" With the current logic, we only free @tlsalias as part of the error label and would have to free it explicitly earlier in the code. Convert the error label to cleanup, so that we have only one sink, where we handle all frees. In order to do that we need to clear some JSON obj pointers down the success road to avoid SIGSEGV, since JSON object append operation consumes pointers. Signed-off-by: Erik Skultety --- src/qemu/qemu_monitor_json.c | 47 ++++++++++++++++++++++------------------= ---- 1 file changed, 23 insertions(+), 24 deletions(-) diff --git a/src/qemu/qemu_monitor_json.c b/src/qemu/qemu_monitor_json.c index f208dd05a..b8b73926f 100644 --- a/src/qemu/qemu_monitor_json.c +++ b/src/qemu/qemu_monitor_json.c @@ -6430,8 +6430,8 @@ static virJSONValuePtr qemuMonitorJSONAttachCharDevCommand(const char *chrID, const virDomainChrSourceDef *chr) { - virJSONValuePtr ret; - virJSONValuePtr backend; + virJSONValuePtr ret =3D NULL; + virJSONValuePtr backend =3D NULL; virJSONValuePtr data =3D NULL; virJSONValuePtr addr =3D NULL; const char *backend_type =3D NULL; @@ -6440,7 +6440,7 @@ qemuMonitorJSONAttachCharDevCommand(const char *chrID, if (!(backend =3D virJSONValueNewObject()) || !(data =3D virJSONValueNewObject())) { - goto error; + goto cleanup; } switch ((virDomainChrType) chr->type) { @@ -6456,14 +6456,14 @@ qemuMonitorJSONAttachCharDevCommand(const char *chr= ID, case VIR_DOMAIN_CHR_TYPE_FILE: backend_type =3D "file"; if (virJSONValueObjectAppendString(data, "out", chr->data.file.pat= h) < 0) - goto error; + goto cleanup; break; case VIR_DOMAIN_CHR_TYPE_DEV: backend_type =3D STRPREFIX(chrID, "parallel") ? "parallel" : "seri= al"; if (virJSONValueObjectAppendString(data, "device", chr->data.file.path) < 0) - goto error; + goto cleanup; break; case VIR_DOMAIN_CHR_TYPE_TCP: @@ -6472,21 +6472,20 @@ qemuMonitorJSONAttachCharDevCommand(const char *chr= ID, chr->data.tcp.service= ); if (!addr || virJSONValueObjectAppend(data, "addr", addr) < 0) - goto error; - addr =3D NULL; + goto cleanup; telnet =3D chr->data.tcp.protocol =3D=3D VIR_DOMAIN_CHR_TCP_PROTOC= OL_TELNET; if (virJSONValueObjectAppendBoolean(data, "wait", false) < 0 || virJSONValueObjectAppendBoolean(data, "telnet", telnet) < 0 || virJSONValueObjectAppendBoolean(data, "server", chr->data.tcp.= listen) < 0) - goto error; + goto cleanup; if (chr->data.tcp.tlscreds) { if (!(tlsalias =3D qemuAliasTLSObjFromSrcAlias(chrID))) - goto error; + goto cleanup; if (virJSONValueObjectAppendString(data, "tls-creds", tlsalias= ) < 0) - goto error; + goto cleanup; } break; @@ -6496,16 +6495,15 @@ qemuMonitorJSONAttachCharDevCommand(const char *chr= ID, chr->data.udp.connect= Service); if (!addr || virJSONValueObjectAppend(data, "remote", addr) < 0) - goto error; + goto cleanup; if (chr->data.udp.bindHost) { addr =3D qemuMonitorJSONBuildInetSocketAddress(chr->data.udp.b= indHost, chr->data.udp.bin= dService); if (!addr || virJSONValueObjectAppend(data, "local", addr) < 0) - goto error; + goto cleanup; } - addr =3D NULL; break; case VIR_DOMAIN_CHR_TYPE_UNIX: @@ -6514,12 +6512,11 @@ qemuMonitorJSONAttachCharDevCommand(const char *chr= ID, if (!addr || virJSONValueObjectAppend(data, "addr", addr) < 0) - goto error; - addr =3D NULL; + goto cleanup; if (virJSONValueObjectAppendBoolean(data, "wait", false) < 0 || virJSONValueObjectAppendBoolean(data, "server", chr->data.nix.= listen) < 0) - goto error; + goto cleanup; break; case VIR_DOMAIN_CHR_TYPE_SPICEVMC: @@ -6527,7 +6524,7 @@ qemuMonitorJSONAttachCharDevCommand(const char *chrID, if (virJSONValueObjectAppendString(data, "type", virDomainChrSpicevmcTypeToStrin= g(chr->data.spicevmc)) < 0) - goto error; + goto cleanup; break; case VIR_DOMAIN_CHR_TYPE_SPICEPORT: @@ -6544,28 +6541,30 @@ qemuMonitorJSONAttachCharDevCommand(const char *chr= ID, _("Hotplug unsupported for char device type '%d= '"), chr->type); } - goto error; + goto cleanup; } if (virJSONValueObjectAppendString(backend, "type", backend_type) < 0 = || virJSONValueObjectAppend(backend, "data", data) < 0) - goto error; - data =3D NULL; + goto cleanup; if (!(ret =3D qemuMonitorJSONMakeCommand("chardev-add", "s:id", chrID, "a:backend", backend, NULL))) - goto error; + goto cleanup; - return ret; + /* we must not free the following pointers as they've been collectively + * consumed by @ret, so clear them first + */ + addr =3D data =3D backend =3D NULL; - error: + cleanup: VIR_FREE(tlsalias); virJSONValueFree(addr); virJSONValueFree(data); virJSONValueFree(backend); - return NULL; + return ret; } -- 2.13.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list