From nobody Tue Apr 7 17:56:07 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1773305605; cv=none; d=zohomail.com; s=zohoarc; b=U0iJKqPCWMTfSfuJIPnFKK0cIojUcyPiAy9gEMI397g7gi7JJNk8bleYIb/tSRopwL0l+UWm/nfkyAZvbeGdpsg6B+Do2vfI/fYsN8C5uli4NU1ztP83zM78t3dSm2PL1lOaxrzH1pzkbrEeWwHL4LppYIAzSQ4YrGhrP1K1i9k= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1773305605; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=m6ZZoAiPWb5a1hdPgHJXKg2H3qKBxJDoJj3D7ny13Ao=; b=Wwm1Se89ZlRdCem9FHxiGRNe4RyxJ3cR0C+Nrwy3soyHGQR24Mr3A8HrI5qlxWaNgpnMOO1h1wVOnaYW6oD1fZOrpF4e34AGTEaOxxtaTwIivf9nxwx3Pbl0boFZBWJCzAQUbL+FiLrM7KxTc250wgRtVofA8/JgfpQd/ZyZfDY= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1773305605843892.798942317406; Thu, 12 Mar 2026 01:53:25 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1w0bn6-0001r7-Rn; Thu, 12 Mar 2026 04:53:15 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1w0bmt-0001g0-W0 for qemu-devel@nongnu.org; Thu, 12 Mar 2026 04:53:00 -0400 Received: from mail-pf1-x430.google.com ([2607:f8b0:4864:20::430]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1w0bms-0004Xw-FP for qemu-devel@nongnu.org; Thu, 12 Mar 2026 04:52:59 -0400 Received: by mail-pf1-x430.google.com with SMTP id d2e1a72fcca58-829759ca646so447040b3a.2 for ; Thu, 12 Mar 2026 01:52:58 -0700 (PDT) Received: from trieu2-huynh-trieuhpn-ubuntu24.bee-live.svc.cluster.local ([27.122.242.65]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-82a0734039asm2649625b3a.41.2026.03.12.01.52.53 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 12 Mar 2026 01:52:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1773305577; x=1773910377; darn=nongnu.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=m6ZZoAiPWb5a1hdPgHJXKg2H3qKBxJDoJj3D7ny13Ao=; b=ckq/pWRPtJ1I85VF4WRmsbi0tNLqBJyyYmR1ohLYMKkfm17v18zfzeZFaEDDum8isv XRrdukXQcFcV5r4XUTzS/9U35IUF+MstF0IEYleUVD1B9z/ku5+Dj5tJGdv0cGANMG0l fqd3HUPHZTAgDzBwYuCFl1Uh5/nmr5JxTqrnue08BmuDe8eLpjYMbrA2kDWBAE0cIs34 f6E96J7GEfhdi11ZCt5jFu/IgdsiSnSAhKjSSipnf3pJ1PRXZxYIwpA5Lvkn0CbpqQwq fDlqbKVxrqEEOSaZDTw19Ox3ExMft+NP9U6QRxhUS+sbHHm/+8h93bnhN04As8F08+QN JBzA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1773305577; x=1773910377; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=m6ZZoAiPWb5a1hdPgHJXKg2H3qKBxJDoJj3D7ny13Ao=; b=gCdN7gQTzIZOxWG3LkhPHkN+VieqZZRfJh63lTVrtPnl7FTKAFQ2gSwEUs3oX7jdXJ +r1077xzdeDF6uOjJdhJqtIEsjhMJCqIfJeqav+nl3PeA6wuTLCbL64ZriP+uVvMsBK4 GIUR6VN1yl1OMwW9rxau2o4Ap/xdzjFRiHhvL3Y/XlNkdTjp2oCrfKL99BVWYLFIRlmz E8EDyDDctiChw9EHPIEsJJwBhEJa1Pac9ml6j6DnS84SF2Gv8QjZYKDO3eHU432aZ8Sa BKQWcH3nK4pdBnH0KLuOPBDerG7yGt5c8JsjfJO3gll9gGgMQU813T8lhPa3LZMCo0HB 2CAg== X-Gm-Message-State: AOJu0YzJpP048wQhRNYrBupG1uWdeGzjc5olIasmnFgtZK2OGaUgAnxF U+1xM8C1/ItZ/ouDpciw6yiLlciIwnLmzHB5mGrJpXdMxrocnIkTIQe0W+Aj7ukJAs8PVg== X-Gm-Gg: ATEYQzx8gjNAJwA+SB/EgdssVokA3jVVN1R5BbEeiPDEDr/vJ/YVHUQy+PZSBxpaX+f Fh0m4fxAeYTOwQr6z8zs0QuX5+NwDsdfVxl02ktk5Kx1gevWF+fuGxNE+OwC8+TXIk/xzHwEIzx tbkqGB+qO1bQfDkEsJYUl0S1TAS+miUqSHK5Iv/5fav031iEgS6lkytmp6sYtBoGrcM2K+iga4B HmDdWaKEHAyw5g+TFutKtKUFu4bNOX3f1wF2PfML6IiD2lyfrow4nBjsp9Il2kXeIGB7wi7qFcV Yz2W+U3KCcAPZBDzA+ZRDY1phWxcreas9hFw6SmXqz6SYawaWp13xouj0VX9xO9G8mkKgvZXJ6C pi1mh9P5ZhcP/6fcZdudIR4MaFKt7cxv/mwWBSiAy8UipHXv6MgHExRROV045cG/HHOVOEb9BEW OxAMxx0cQgbczZ/Jg9xXXSTuUOzF9IRYOoqYJ6MxCAqq0yQexaMIyEpO8sqCE9RGKR3Bu+sxGi6 cDTiaPmqg== X-Received: by 2002:a05:6a00:6d55:10b0:827:26e7:5c34 with SMTP id d2e1a72fcca58-829f729c2a2mr3835475b3a.61.1773305576858; Thu, 12 Mar 2026 01:52:56 -0700 (PDT) From: Trieu Huynh To: qemu-devel@nongnu.org Cc: kwolf@redhat.com, hreitz@redhat.com, qemu-block@nongnu.org, "trieu2.huynh" , Trieu Huynh Subject: [PATCH] block/curl: Fix Resource Leak in curl_header_cb Date: Thu, 12 Mar 2026 17:52:20 +0900 Message-ID: <20260312085220.194207-1-vikingtc4@gmail.com> X-Mailer: git-send-email 2.43.0 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2607:f8b0:4864:20::430; envelope-from=vikingtc4@gmail.com; helo=mail-pf1-x430.google.com X-Spam_score_int: 15 X-Spam_score: 1.5 X-Spam_bar: + X-Spam_report: (1.5 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_SBL_CSS=3.335, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @gmail.com) X-ZM-MESSAGEID: 1773305608008154100 Content-Type: text/plain; charset="utf-8" From: "trieu2.huynh" The function curl_header_cb uses g_autofree with g_strstrip(g_strndup(...)). However, g_strstrip may return a pointer that is an offset from the original allocated memory, causing g_autofree to attempt to free an invalid pointer or leak the original. Separate the allocation and the stripping to ensure the original pointer is correctly tracked and freed. Resolves: CID 1645633 Signed-off-by: Trieu Huynh --- block/curl.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/block/curl.c b/block/curl.c index 66aecfb20e..5b66c80704 100644 --- a/block/curl.c +++ b/block/curl.c @@ -208,7 +208,8 @@ static size_t curl_header_cb(void *ptr, size_t size, si= ze_t nmemb, void *opaque) { BDRVCURLState *s =3D opaque; size_t realsize =3D size * nmemb; - g_autofree char *header =3D g_strstrip(g_strndup(ptr, realsize)); + g_autofree char *header =3D g_strndup(ptr, realsize); + g_strstrip(header); char *val =3D strchr(header, ':'); =20 if (!val) { --=20 2.43.0