From nobody Sun Oct 5 01:49:21 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=pass(p=reject dis=none) header.from=lists.libvirt.org ARC-Seal: i=1; a=rsa-sha256; t=1757591015; cv=none; d=zohomail.com; s=zohoarc; b=gEv+JcnZlVyphdL6sLOs6DKln+L8dgiGFvr1iPKOkYj4cp4p8kQRlykF6UqqPh3Wkc3anlTBcykn/0ItCoc5DmUmeCJCt/bSEjVkPvF/Bp75X7cm+wtgbXLqknu0aYKPeEeupUvs+k6uscRsu6Sdd5HN7p8VBuuUCAygHUO93Xs= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1757591015; h=Content-Type:Content-Transfer-Encoding:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Owner:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Reply-To:References:Subject:Subject:To:To:Message-Id:Cc; bh=A9vCFUslg2kiISR+lJQgC4ymLlxG+lQPEOWtNxpe3sU=; b=ZkJ2aijRhaN9tmOcie1sRGUUux2+is9AvUivqhc5w7g2CHro2R7I/ewWokH9/Q1AFenGwyOx/y665uYUHOkY8wU46GJ5knfLs5DChdCs9+CgDSmv560SGH9mhH7D2ArfmHLKgY+SKxab+IeDcwFfxzs+8t/39+1c7W7UyjYN6s0= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1757591015320166.75453050346107; Thu, 11 Sep 2025 04:43:35 -0700 (PDT) Received: by lists.libvirt.org (Postfix, from userid 993) id 8B2D13F352; Thu, 11 Sep 2025 07:43:31 -0400 (EDT) Received: from [172.19.199.3] (lists.libvirt.org [8.43.85.245]) by lists.libvirt.org (Postfix) with ESMTP id 1264C41B84; Thu, 11 Sep 2025 07:41:39 -0400 (EDT) Received: by lists.libvirt.org (Postfix, from userid 993) id CAF6B41B56; Thu, 11 Sep 2025 07:41:27 -0400 (EDT) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (3072 bits) server-digest SHA256) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id 7025241B43 for ; Thu, 11 Sep 2025 07:41:26 -0400 (EDT) Received: from mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-668-Bko-TiR0PHWfMLWbjkOwqQ-1; Thu, 11 Sep 2025 07:41:24 -0400 Received: from mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.111]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id CE2411800592 for ; Thu, 11 Sep 2025 11:41:23 +0000 (UTC) Received: from localhost.localdomain (unknown [10.43.3.236]) by mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 297601800451 for ; Thu, 11 Sep 2025 11:41:22 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-1.5 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, MAILING_LIST_MULTI,RCVD_IN_DNSWL_LOW, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED,RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_PASS autolearn=unavailable autolearn_force=no version=4.0.1 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1757590886; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=A9vCFUslg2kiISR+lJQgC4ymLlxG+lQPEOWtNxpe3sU=; b=AniDuyCDcyoNTgR5meNllRyfcv+MA6UI3N9aLOWEve4KbXsqXgH4Wy5kzJfn8mCOwiVad/ HjnIWsVfLV80tcUVScta0GsPo24FrUTC7b4Y3d9ywwfLQk4o6aI/OeQ+KdAoSu2Afc7rz3 rUf/H9M0rVjcyHlC/0QEQtBqGAsxIS4= X-MC-Unique: Bko-TiR0PHWfMLWbjkOwqQ-1 X-Mimecast-MFC-AGG-ID: Bko-TiR0PHWfMLWbjkOwqQ_1757590883 To: devel@lists.libvirt.org Subject: [PATCH 1/2] ch: Avoid memory leak in virCHProcessEvents() Date: Thu, 11 Sep 2025 13:41:18 +0200 Message-ID: <80f6b5ae5a26fb1af50a5dc1df2250da7f7d996a.1757590801.git.mprivozn@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.111 X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: OgVzDTQEvmOabx47Ycu_FlmPFfC5dr7OfpU1eF3Z7yY_1757590883 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable Message-ID-Hash: K4J5DILPGCDA5LAY5QKZRKOXX6DJ3MQ5 X-Message-ID-Hash: K4J5DILPGCDA5LAY5QKZRKOXX6DJ3MQ5 X-MailFrom: mprivozn@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; header-match-devel.lists.libvirt.org-0; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.10 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: From: Michal Privoznik via Devel Reply-To: Michal Privoznik X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1757591015761116600 Content-Type: text/plain; charset="utf-8"; x-default="true" From: Michal Privoznik The aim of virCHProcessEvents() is to read data (in JSON format) from CH monitor and then process them. To parse incoming data virJSONValueFromString() is used. But the corresponding virJSONValue is freed only when processing of an even succeeds. If processing an event fails, then the memory is not freed leading to a memory leak. 334 (24 direct, 310 indirect) bytes in 1 blocks are definitely lost in loss= record 1,975 of 2,040 at 0x4919EF3: calloc (vg_replace_malloc.c:1675) by 0x4FEB249: g_malloc0 (in /usr/lib64/libglib-2.0.so.0.8400.3) by 0x4A66162: virJSONValueNewObject (virjson.c:533) by 0x4A67E74: virJSONValueFromJsonC (virjson.c:1413) by 0x4A681A5: virJSONValueFromString (virjson.c:1484) by 0xB8CD9D7: virCHProcessEvents (ch_events.c:179) by 0xB8CDCDC: virCHReadProcessEvents (ch_events.c:251) by 0xB8CDEBB: virCHEventHandlerLoop (ch_events.c:284) by 0x4AC1EB4: virThreadHelper (virthread.c:256) by 0x5441DE3: start_thread (in /usr/lib64/libc.so.6) by 0x54C25F3: clone (in /usr/lib64/libc.so.6) Signed-off-by: Michal Privoznik --- src/ch/ch_events.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/ch/ch_events.c b/src/ch/ch_events.c index be572dfde3..25c7ecf90a 100644 --- a/src/ch/ch_events.c +++ b/src/ch/ch_events.c @@ -152,7 +152,6 @@ virCHProcessEvents(virCHMonitor *mon) virDomainObj *vm =3D mon->vm; char *buf =3D mon->event_buffer.buffer; ssize_t sz =3D mon->event_buffer.buf_fill_sz; - virJSONValue *obj =3D NULL; int blocks =3D 0; size_t i =3D 0; char *json_start; @@ -168,6 +167,8 @@ virCHProcessEvents(virCHMonitor *mon) } else if (buf[i] =3D=3D '}' && blocks > 0) { blocks--; if (blocks =3D=3D 0) { + g_autoptr(virJSONValue) obj =3D NULL; + /* valid json document */ end_index =3D i; =20 @@ -182,7 +183,6 @@ virCHProcessEvents(virCHMonitor *mon) vm->def->name, json_start); return -1; } - virJSONValueFree(obj); } else { VIR_ERROR(_("%1$s: Invalid JSON event doc: %2$s"), vm->def->name, json_start); --=20 2.49.1