Re: [PATCH 06/19] qemu_agent: Resolve Coverity RESOURCE_LEAK

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 08/28/2014 04:40 AM, Wang Rui wrote:
> On 2014/8/28 4:54, John Ferlan wrote:
>> Coverity found that on error paths, the 'arg' value wasn't be cleaned
>> up. Followed the example in qemuAgentSetVCPUs() where upon successful call
>> to qemuAgentCommand() the 'cpus' is set to NULL; otherwise, when cleanup
>> occurs the free the memory for 'arg'
>>
>> Signed-off-by: John Ferlan <jferlan@xxxxxxxxxx>
>> ---
>>  src/qemu/qemu_agent.c | 6 ++++--
>>  1 file changed, 4 insertions(+), 2 deletions(-)
>>
>> diff --git a/src/qemu/qemu_agent.c b/src/qemu/qemu_agent.c
>> index a10954a..fe38f6d 100644
>> --- a/src/qemu/qemu_agent.c
>> +++ b/src/qemu/qemu_agent.c
>> @@ -1328,7 +1328,7 @@ int qemuAgentFSFreeze(qemuAgentPtr mon, const char **mountpoints,
>>                        unsigned int nmountpoints)
>>  {
>>      int ret = -1;
>> -    virJSONValuePtr cmd, arg;
>> +    virJSONValuePtr cmd, arg = NULL;
>>      virJSONValuePtr reply = NULL;
>>  
>>      if (mountpoints && nmountpoints) {
>> @@ -1343,7 +1343,8 @@ int qemuAgentFSFreeze(qemuAgentPtr mon, const char **mountpoints,
>>      }
>>  
>>      if (!cmd)
>> -        return -1;
>> +        goto cleanup;
>> +    arg = NULL;
> 
> Setting arg to NULL can also lead to memory leak.
> It makes virJSONValueFree(arg) below invalid.

If qemuAgentMakeCommand succeeds, the 'arg' array is now owned by 'cmd' and we
need to set it to NULL here to prevent double free.

ACK to the patch as-is.

Jan

Attachment: signature.asc
Description: OpenPGP digital signature

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list

[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]