On 2014/8/28 4:54, John Ferlan wrote:
> Coverity found that on error paths, the 'arg' value wasn't be cleaned
> up. Followed the example in qemuAgentSetVCPUs() where upon successful call
> to qemuAgentCommand() the 'cpus' is set to NULL; otherwise, when cleanup
> occurs the free the memory for 'arg'
>
> Signed-off-by: John Ferlan <jferlan@xxxxxxxxxx>
> ---
> src/qemu/qemu_agent.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/src/qemu/qemu_agent.c b/src/qemu/qemu_agent.c
> index a10954a..fe38f6d 100644
> --- a/src/qemu/qemu_agent.c
> +++ b/src/qemu/qemu_agent.c
> @@ -1328,7 +1328,7 @@ int qemuAgentFSFreeze(qemuAgentPtr mon, const char **mountpoints,
> unsigned int nmountpoints)
> {
> int ret = -1;
> - virJSONValuePtr cmd, arg;
> + virJSONValuePtr cmd, arg = NULL;
> virJSONValuePtr reply = NULL;
>
> if (mountpoints && nmountpoints) {
> @@ -1343,7 +1343,8 @@ int qemuAgentFSFreeze(qemuAgentPtr mon, const char **mountpoints,
> }
>
> if (!cmd)
> - return -1;
> + goto cleanup;
> + arg = NULL;
Setting arg to NULL can also lead to memory leak.
It makes virJSONValueFree(arg) below invalid.
>
> if (qemuAgentCommand(mon, cmd, &reply, true,
> VIR_DOMAIN_QEMU_AGENT_COMMAND_BLOCK) < 0)
> @@ -1355,6 +1356,7 @@ int qemuAgentFSFreeze(qemuAgentPtr mon, const char **mountpoints,
> }
>
> cleanup:
> + virJSONValueFree(arg);
> virJSONValueFree(cmd);
> virJSONValueFree(reply);
> return ret;
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list