From nobody Sat May 18 17:16:00 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 216.205.24.124 as permitted sender) client-ip=216.205.24.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1607330997; cv=none;
	d=zohomail.com; s=zohoarc;
	b=nl84l+l7gvcOHyczVxnP5ShpX7SbJl0OqlaSudMTsCH8qBzDg+cwlCDATHpWfOO0ZRQoYtBPm6e2+nkFKW8Dxug4Lk6een6k6F3+WmnAkHAbSvv9qvViISNFUrvg0aAu/+EFKtnuV6Byg8TNO3hwOkq0GzNxfvZM15mLtH/kE6g=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1607330997;
 h=Content-Type:Content-Transfer-Encoding:Date:From:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Sender:Subject:To;
	bh=UkWB49BrtOm3li05NKb/8pTnMwUrsshgQAjX69M+4nE=;
	b=G57fLa9HHXvbROvVKeA4uCj7dX+L6qEEtkQawxS6sXfHT6QfejPnNYfFMwNOQGokdriZZ5tNDu0J1rcghxoOZVaED+BObeOsJiAOyarlWmujdfEkfFWcSFqrybkmAk6QXiGotSjY+cqsqHlRWob1IAT4tWn5HsjC2MxbpeIFvmw=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass header.from=<mprivozn@redhat.com> (p=none dis=none)
 header.from=<mprivozn@redhat.com>
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.zohomail.com
	with SMTPS id 1607330997289367.49941991962237;
 Mon, 7 Dec 2020 00:49:57 -0800 (PST)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-551-cGSmWU-QP2uoBJYy6WwGgg-1; Mon, 07 Dec 2020 03:49:52 -0500
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com
 [10.5.11.15])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 583BE192CC4B;
	Mon,  7 Dec 2020 08:49:46 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 980A25D6AD;
	Mon,  7 Dec 2020 08:49:45 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 92BAB180954D;
	Mon,  7 Dec 2020 08:49:44 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com
	[10.5.11.23])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 0B78nhVn011095 for <libvir-list@listman.util.phx.redhat.com>;
	Mon, 7 Dec 2020 03:49:43 -0500
Received: by smtp.corp.redhat.com (Postfix)
	id 7C4072BCC3; Mon,  7 Dec 2020 08:49:43 +0000 (UTC)
Received: from localhost.localdomain (unknown [10.40.193.18])
	by smtp.corp.redhat.com (Postfix) with ESMTP id F07362BCCF
	for <libvir-list@redhat.com>; Mon,  7 Dec 2020 08:49:39 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1607330996;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post;
	bh=UkWB49BrtOm3li05NKb/8pTnMwUrsshgQAjX69M+4nE=;
	b=ROPS4B/hyM+8oG8oWhgda6lRp+VrRmATJDxAgfhFoufHTxhL3AIENVHGaA0rDtLvcdBZbo
	bIjL5zJjkSZdBoNIm+LN7mtCk3MZjauXRT9alspWAockXfwlW7GFNIBHNKyqRHkb/T0W8S
	c1EZXAZBH+r/hwSnDxIecN6cbRuKXM8=
X-MC-Unique: cGSmWU-QP2uoBJYy6WwGgg-1
From: Michal Privoznik <mprivozn@redhat.com>
To: libvir-list@redhat.com
Subject: [PATCH] qemu_monitor_json: Don't leak "option" in
	qemuMonitorJSONGetCommandLineOptions()
Date: Mon,  7 Dec 2020 09:49:32 +0100
Message-Id: 
 <e5be05b635d48e23c6ae43739042e0bf175e7850.1607330972.git.mprivozn@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23
X-loop: libvir-list@redhat.com
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @redhat.com)
Content-Type: text/plain; charset="utf-8"

In recent commit of bf8bd93df0 (and friends) we switched the way
we process queried command line arguments: from string lists to
virJSONValue stored in a hash table. To achieve this
qemuMonitorJSONGetCommandLineOptions() helper was introduced
which executes the "query-command-line-options" monitor command
and then calls virJSONValueArrayForeachSteal() to process the
output. The array process function is also given
qemuMonitorJSONGetCommandLineOptionsWorker() as the callback
which is called over each item of the returned array. This
callback then steals "parameters" attribute of each array iteam
storing it in the hash table, but it leaves behind "option"
attribute (because it's g_strdup()-ed). After all of this, the
callback returns 0 which is a signal to the array processing
function that the callback took ownership of the array item. But
this is not true. While it removed "parameters" it did not take
the rest ("option" for instance). And therefore, it leads to a
memory leak:

 5,347 (1,656 direct, 3,691 indirect) bytes in 69 blocks are definitely los=
t in loss record 2,752 of 2,794
 at 0x483BEC5: calloc (vg_replace_malloc.c:760)
 by 0x4E25A10: g_malloc0 (in /usr/lib64/libglib-2.0.so.0.6400.5)
 by 0x4943317: virJSONValueNewObject (virjson.c:569)
 by 0x4945692: virJSONParserHandleStartMap (virjson.c:1768)
 by 0x5825A86: yajl_do_parse (in /usr/lib64/libyajl.so.2.1.0)
 by 0x4945BFA: virJSONValueFromString (virjson.c:1896)
 by 0xAF5C115: qemuMonitorJSONIOProcessLine (qemu_monitor_json.c:224)
 by 0xAF5C45E: qemuMonitorJSONIOProcess (qemu_monitor_json.c:279)
 by 0xAF4BB6C: qemuMonitorIOProcess (qemu_monitor.c:342)
 by 0xAF4C444: qemuMonitorIO (qemu_monitor.c:574)
 by 0x4FEF846: socket_source_dispatch (in /usr/lib64/libgio-2.0.so.0.6400.5)
 by 0x4E1F727: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.6400=
.5)

The callback must return 1 so that the array item is properly
freed.

Fixes: ebeff6cd57d07c89d42e191ed0085a9dd89835c5
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>=20
---
 src/qemu/qemu_monitor_json.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/qemu/qemu_monitor_json.c b/src/qemu/qemu_monitor_json.c
index 4db00e284a..8480338f46 100644
--- a/src/qemu/qemu_monitor_json.c
+++ b/src/qemu/qemu_monitor_json.c
@@ -6357,7 +6357,7 @@ qemuMonitorJSONGetCommandLineOptionsWorker(size_t pos=
 G_GNUC_UNUSED,
     g_hash_table_insert(options, g_strdup(name), parameters);
     parameters =3D NULL;
=20
-    return 0;
+    return 1;
 }
=20
=20
--=20
2.26.2