audio: release capture buffers

[Qemu-devel] [PATCH] audio: release capture buffers

Posted by Gerd Hoffmann 8 years, 9 months ago

AUD_add_capture() allocates two buffers which get never released.
Add the missing calls to AUD_del_capture().

Impact: Allows vnc clients to exhaust host memory by repeatly
starting and stopping audio capture.

Cc: P J P <ppandit@redhat.com>
Cc: Huawei PSIRT <PSIRT@huawei.com>
Reported-by: "Jiangxin (hunter, SCC)" <jiangxin1@huawei.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
 audio/audio.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/audio/audio.c b/audio/audio.c
index c8898d8422..beafed209b 100644
--- a/audio/audio.c
+++ b/audio/audio.c
@@ -2028,6 +2028,8 @@ void AUD_del_capture (CaptureVoiceOut *cap, void *cb_opaque)
                     sw = sw1;
                 }
                 QLIST_REMOVE (cap, entries);
+                g_free (cap->hw.mix_buf);
+                g_free (cap->buf);
                 g_free (cap);
             }
             return;
-- 
2.9.3

Re: [Qemu-devel] [PATCH] audio: release capture buffers

Posted by P J P 8 years, 9 months ago

+-- On Fri, 28 Apr 2017, Gerd Hoffmann wrote --+
| AUD_add_capture() allocates two buffers which get never released.

 which get never -> which are never ...

| Impact: Allows vnc clients to exhaust host memory by repeatly

 repeatly -> repeatedly


| diff --git a/audio/audio.c b/audio/audio.c
| index c8898d8422..beafed209b 100644
| --- a/audio/audio.c
| +++ b/audio/audio.c
| @@ -2028,6 +2028,8 @@ void AUD_del_capture (CaptureVoiceOut *cap, void *cb_opaque)
|                      sw = sw1;
|                  }
|                  QLIST_REMOVE (cap, entries);
| +                g_free (cap->hw.mix_buf);
| +                g_free (cap->buf);
|                  g_free (cap);
|              }
|              return;

Looks okay.
Reviewed-by: Prasad J Pandit <pjp@fedoraproject.org>


Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F

Re: [Qemu-devel] [PATCH] audio: release capture buffers

Posted by no-reply@patchew.org 8 years, 9 months ago

Hi,

This series seems to have some coding style problems. See output below for
more information:

Subject: [Qemu-devel] [PATCH] audio: release capture buffers
Message-id: 20170428075612.9997-1-kraxel@redhat.com
Type: series

=== TEST SCRIPT BEGIN ===
#!/bin/bash

BASE=base
n=1
total=$(git log --oneline $BASE.. | wc -l)
failed=0

# Useful git options
git config --local diff.renamelimit 0
git config --local diff.renames True

commits="$(git log --format=%H --reverse $BASE..)"
for c in $commits; do
    echo "Checking PATCH $n/$total: $(git log -n 1 --format=%s $c)..."
    if ! git show $c --format=email | ./scripts/checkpatch.pl --mailback -; then
        failed=1
        echo
    fi
    n=$((n+1))
done

exit $failed
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
Switched to a new branch 'test'
247c40c audio: release capture buffers

=== OUTPUT BEGIN ===
Checking PATCH 1/1: audio: release capture buffers...
ERROR: space prohibited between function name and open parenthesis '('
#26: FILE: audio/audio.c:2031:
+                g_free (cap->hw.mix_buf);

ERROR: space prohibited between function name and open parenthesis '('
#27: FILE: audio/audio.c:2032:
+                g_free (cap->buf);

total: 2 errors, 0 warnings, 8 lines checked

Your patch has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

=== OUTPUT END ===

Test command exited with code: 1


---
Email generated automatically by Patchew [http://patchew.org/].
Please send your feedback to patchew-devel@freelists.org