1. Patchew
  2. Libvirt
  3. View series

[PATCH] hyperv: Avoid memleak in hypervDomainDefParsePhysicalDisk

Michal Privoznik via Devel posted 1 patch 2 days, 4 hours ago
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/libvirt tags/patchew/6f7f36c6b6421d3c31a657a3a496e5e90e96a386.1770384753.git.mprivozn@redhat.com
src/hyperv/hyperv_driver.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
[PATCH] hyperv: Avoid memleak in hypervDomainDefParsePhysicalDisk
Posted by Michal Privoznik via Devel 2 days, 4 hours ago 
From: Michal Privoznik <mprivozn@redhat.com>

When parsing a physical disk, the @hostResouce is escaped once
with the retval being stored into @hostEscaped. Then, it's
escaped again, but the retval is stored into the very same
variable, leading to a leak where intermediate value is lost.

256 bytes in 1 blocks are definitely lost in loss record 469 of 483
   at 0x49543A0: realloc (vg_replace_malloc.c:1804)
   by 0x516C251: g_realloc (in /usr/lib64/libglib-2.0.so.0.8400.4)
   by 0x518BB7E: g_string_expand (in /usr/lib64/libglib-2.0.so.0.8400.4)
   by 0x518BFF9: g_string_insert_len (in /usr/lib64/libglib-2.0.so.0.8400.4)
   by 0x4A58B5F: g_string_append_len_inline (gstring.h:247)
   by 0x4A58B5F: virBufferAdd (virbuffer.c:164)
   by 0x4AFDA71: virStringReplace (virstring.c:708)
   by 0x4DA4381: hypervDomainDefParsePhysicalDisk (hyperv_driver.c:1375)
   by 0x4DA4A18: hypervDomainDefParseStorage (hyperv_driver.c:1487)
   by 0x4DA9E31: hypervDomainGetXMLDesc (hyperv_driver.c:2761)
   by 0x4DFB3E5: virDomainGetXMLDesc (libvirt-domain.c:2898)
   by 0x406D39B: cmdDumpXML (virsh-domain.c:10787)
   by 0x40B13B1: vshCommandRun (vsh.c:1383)

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
 src/hyperv/hyperv_driver.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/hyperv/hyperv_driver.c b/src/hyperv/hyperv_driver.c
index 8dd56f39dc..203bbeb8a5 100644
--- a/src/hyperv/hyperv_driver.c
+++ b/src/hyperv/hyperv_driver.c
@@ -1351,6 +1351,7 @@ hypervDomainDefParsePhysicalDisk(hypervPrivate *priv,
     virDomainDiskDef *disk = NULL;
     char **hostResource = entry->data->HostResource.data;
     g_autofree char *hostEscaped = NULL;
+    g_autofree char *hostEscapedTwice = NULL;
     g_autofree char *driveNumberStr = NULL;
     g_auto(virBuffer) query = VIR_BUFFER_INITIALIZER;
     int addr = -1, ctrlr_idx = -1;
@@ -1373,12 +1374,12 @@ hypervDomainDefParsePhysicalDisk(hypervPrivate *priv,
 
     /* Query Msvm_DiskDrive for the DriveNumber */
     hostEscaped = virStringReplace(*hostResource, "\\\"", "\"");
-    hostEscaped = virStringReplace(hostEscaped, "\\", "\\\\");
+    hostEscapedTwice = virStringReplace(hostEscaped, "\\", "\\\\");
 
     /* quotes must be preserved, so virBufferEscapeSQL can't be used */
     virBufferAsprintf(&query,
                       MSVM_DISKDRIVE_WQL_SELECT "WHERE __PATH='%s'",
-                      hostEscaped);
+                      hostEscapedTwice);
 
     if (hypervGetWmiClass(Msvm_DiskDrive, &diskdrive) < 0)
         goto cleanup;
-- 
2.52.0
Re: [PATCH] hyperv: Avoid memleak in hypervDomainDefParsePhysicalDisk
Posted by Ján Tomko via Devel 2 days, 4 hours ago 
On a Friday in 2026, Michal Privoznik via Devel wrote:
>From: Michal Privoznik <mprivozn@redhat.com>
>
>When parsing a physical disk, the @hostResouce is escaped once
>with the retval being stored into @hostEscaped. Then, it's
>escaped again, but the retval is stored into the very same
>variable, leading to a leak where intermediate value is lost.
>
>256 bytes in 1 blocks are definitely lost in loss record 469 of 483
>   at 0x49543A0: realloc (vg_replace_malloc.c:1804)
>   by 0x516C251: g_realloc (in /usr/lib64/libglib-2.0.so.0.8400.4)
>   by 0x518BB7E: g_string_expand (in /usr/lib64/libglib-2.0.so.0.8400.4)
>   by 0x518BFF9: g_string_insert_len (in /usr/lib64/libglib-2.0.so.0.8400.4)
>   by 0x4A58B5F: g_string_append_len_inline (gstring.h:247)
>   by 0x4A58B5F: virBufferAdd (virbuffer.c:164)
>   by 0x4AFDA71: virStringReplace (virstring.c:708)
>   by 0x4DA4381: hypervDomainDefParsePhysicalDisk (hyperv_driver.c:1375)
>   by 0x4DA4A18: hypervDomainDefParseStorage (hyperv_driver.c:1487)
>   by 0x4DA9E31: hypervDomainGetXMLDesc (hyperv_driver.c:2761)
>   by 0x4DFB3E5: virDomainGetXMLDesc (libvirt-domain.c:2898)
>   by 0x406D39B: cmdDumpXML (virsh-domain.c:10787)
>   by 0x40B13B1: vshCommandRun (vsh.c:1383)
>
>Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
>---
> src/hyperv/hyperv_driver.c | 5 +++--
> 1 file changed, 3 insertions(+), 2 deletions(-)
>
>diff --git a/src/hyperv/hyperv_driver.c b/src/hyperv/hyperv_driver.c
>index 8dd56f39dc..203bbeb8a5 100644
>--- a/src/hyperv/hyperv_driver.c
>+++ b/src/hyperv/hyperv_driver.c
>@@ -1351,6 +1351,7 @@ hypervDomainDefParsePhysicalDisk(hypervPrivate *priv,
>     virDomainDiskDef *disk = NULL;
>     char **hostResource = entry->data->HostResource.data;
>     g_autofree char *hostEscaped = NULL;
>+    g_autofree char *hostEscapedTwice = NULL;
>     g_autofree char *driveNumberStr = NULL;
>     g_auto(virBuffer) query = VIR_BUFFER_INITIALIZER;
>     int addr = -1, ctrlr_idx = -1;
>@@ -1373,12 +1374,12 @@ hypervDomainDefParsePhysicalDisk(hypervPrivate *priv,
>
>     /* Query Msvm_DiskDrive for the DriveNumber */
>     hostEscaped = virStringReplace(*hostResource, "\\\"", "\"");
>-    hostEscaped = virStringReplace(hostEscaped, "\\", "\\\\");
>+    hostEscapedTwice = virStringReplace(hostEscaped, "\\", "\\\\");
>

Let's hope it does not escape for the third time.

>     /* quotes must be preserved, so virBufferEscapeSQL can't be used */
>     virBufferAsprintf(&query,
>                       MSVM_DISKDRIVE_WQL_SELECT "WHERE __PATH='%s'",
>-                      hostEscaped);
>+                      hostEscapedTwice);
>

Reviewed-by: Ján Tomko <jtomko@redhat.com>

Jano

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.