qemu: fix potential memory leak

[libvirt] [PATCH] qemu: fix potential memory leak

Posted by Xu Yandong 4 years, 7 months ago

function virTypedParamsAddString may return -1 but alloc params,
so invoker should free it.

Signed-off-by: Xu Yandong <xuyandong2@huawei.com>
---
 src/qemu/qemu_driver.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 1e041a8bac..62ce7270ca 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -5312,6 +5312,8 @@ qemuDomainPinVcpuLive(virDomainObjPtr vm,
         goto cleanup;
 
     event = virDomainEventTunableNewFromObj(vm, eventParams, eventNparams);
+    eventParams = NULL;
+    eventNparams = 0;
 
     ret = 0;
 
@@ -5320,6 +5322,8 @@ qemuDomainPinVcpuLive(virDomainObjPtr vm,
     virCgroupFree(&cgroup_vcpu);
     VIR_FREE(str);
     virObjectEventStateQueue(driver->domainEventState, event);
+    if (eventParams)
+        virTypedParamsFree(eventParams, eventNparams);
     return ret;
 }
 
@@ -5527,6 +5531,8 @@ qemuDomainPinEmulator(virDomainPtr dom,
             goto endjob;
 
         event = virDomainEventTunableNewFromDom(dom, eventParams, eventNparams);
+        eventParams = NULL;
+        eventNparams = 0;
     }
 
     if (persistentDef) {
@@ -5548,6 +5554,8 @@ qemuDomainPinEmulator(virDomainPtr dom,
  cleanup:
     if (cgroup_emulator)
         virCgroupFree(&cgroup_emulator);
+    if (eventParams)
+        virTypedParamsFree(eventParams, eventNparams);
     virObjectEventStateQueue(driver->domainEventState, event);
     VIR_FREE(str);
     virBitmapFree(pcpumap);
@@ -6012,6 +6020,8 @@ qemuDomainPinIOThread(virDomainPtr dom,
             goto endjob;
 
         event = virDomainEventTunableNewFromDom(dom, eventParams, eventNparams);
+        eventParams = NULL;
+        eventNparams = 0;
     }
 
     if (persistentDef) {
@@ -6043,6 +6053,8 @@ qemuDomainPinIOThread(virDomainPtr dom,
  cleanup:
     if (cgroup_iothread)
         virCgroupFree(&cgroup_iothread);
+    if (eventParams)
+        virTypedParamsFree(eventParams, eventNparams);
     virObjectEventStateQueue(driver->domainEventState, event);
     VIR_FREE(str);
     virBitmapFree(pcpumap);
-- 
2.18.1

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH] qemu: fix potential memory leak

Posted by Daniel Henrique Barboza 4 years, 7 months ago


On 9/19/19 5:00 AM, Xu Yandong wrote:
> function virTypedParamsAddString may return -1 but alloc params,
> so invoker should free it.
>
> Signed-off-by: Xu Yandong <xuyandong2@huawei.com>
> ---
>   src/qemu/qemu_driver.c | 12 ++++++++++++
>   1 file changed, 12 insertions(+)
>
> diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
> index 1e041a8bac..62ce7270ca 100644
> --- a/src/qemu/qemu_driver.c
> +++ b/src/qemu/qemu_driver.c
> @@ -5312,6 +5312,8 @@ qemuDomainPinVcpuLive(virDomainObjPtr vm,
>           goto cleanup;
>   
>       event = virDomainEventTunableNewFromObj(vm, eventParams, eventNparams);
> +    eventParams = NULL;
> +    eventNparams = 0;

If I understood it right, you're doing these assignments to be able to
tell in the cleanup label if 'event' was populated, otherwise you can't
free eventParams.

You don't need to do that. You can simply test for event not being NULL
in the cleanup:

if (!event)
     virTypedParamsFree(eventParams, eventNparams);


This works because if event = NULL you either didn't reach the
virDomainEventTunableNewFromObj at all (which means that eventParams
should be freed if alloc'ed) or virDomainEvenTunableNewFromObj
returned NULL. If the later, the function will call virTypedParamsFree()
inside the 'error' label of the inner function virDomainEventTunableNew()
right before returning NULL, so no need to free eventParams again in
the cleanup too.


Same thing with the rest of the patch, given that
virDomainEventTunableNewFromDom behaves the same way if event = NULL.



Thanks,


DHB


>   
>       ret = 0;
>   
> @@ -5320,6 +5322,8 @@ qemuDomainPinVcpuLive(virDomainObjPtr vm,
>       virCgroupFree(&cgroup_vcpu);
>       VIR_FREE(str);
>       virObjectEventStateQueue(driver->domainEventState, event);
> +    if (eventParams)
> +        virTypedParamsFree(eventParams, eventNparams);
>       return ret;
>   }
>   
> @@ -5527,6 +5531,8 @@ qemuDomainPinEmulator(virDomainPtr dom,
>               goto endjob;
>   
>           event = virDomainEventTunableNewFromDom(dom, eventParams, eventNparams);
> +        eventParams = NULL;
> +        eventNparams = 0;
>       }
>   
>       if (persistentDef) {
> @@ -5548,6 +5554,8 @@ qemuDomainPinEmulator(virDomainPtr dom,
>    cleanup:
>       if (cgroup_emulator)
>           virCgroupFree(&cgroup_emulator);
> +    if (eventParams)
> +        virTypedParamsFree(eventParams, eventNparams);
>       virObjectEventStateQueue(driver->domainEventState, event);
>       VIR_FREE(str);
>       virBitmapFree(pcpumap);
> @@ -6012,6 +6020,8 @@ qemuDomainPinIOThread(virDomainPtr dom,
>               goto endjob;
>   
>           event = virDomainEventTunableNewFromDom(dom, eventParams, eventNparams);
> +        eventParams = NULL;
> +        eventNparams = 0;
>       }
>   
>       if (persistentDef) {
> @@ -6043,6 +6053,8 @@ qemuDomainPinIOThread(virDomainPtr dom,
>    cleanup:
>       if (cgroup_iothread)
>           virCgroupFree(&cgroup_iothread);
> +    if (eventParams)
> +        virTypedParamsFree(eventParams, eventNparams);
>       virObjectEventStateQueue(driver->domainEventState, event);
>       VIR_FREE(str);
>       virBitmapFree(pcpumap);

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list