On 08/28/2014 04:40 AM, Wang Rui wrote: > On 2014/8/28 4:54, John Ferlan wrote: >> Coverity found that on error paths, the 'arg' value wasn't be cleaned >> up. Followed the example in qemuAgentSetVCPUs() where upon successful call >> to qemuAgentCommand() the 'cpus' is set to NULL; otherwise, when cleanup >> occurs the free the memory for 'arg' >> >> Signed-off-by: John Ferlan <jferlan@xxxxxxxxxx> >> --- >> src/qemu/qemu_agent.c | 6 ++++-- >> 1 file changed, 4 insertions(+), 2 deletions(-) >> >> diff --git a/src/qemu/qemu_agent.c b/src/qemu/qemu_agent.c >> index a10954a..fe38f6d 100644 >> --- a/src/qemu/qemu_agent.c >> +++ b/src/qemu/qemu_agent.c >> @@ -1328,7 +1328,7 @@ int qemuAgentFSFreeze(qemuAgentPtr mon, const char **mountpoints, >> unsigned int nmountpoints) >> { >> int ret = -1; >> - virJSONValuePtr cmd, arg; >> + virJSONValuePtr cmd, arg = NULL; >> virJSONValuePtr reply = NULL; >> >> if (mountpoints && nmountpoints) { >> @@ -1343,7 +1343,8 @@ int qemuAgentFSFreeze(qemuAgentPtr mon, const char **mountpoints, >> } >> >> if (!cmd) >> - return -1; >> + goto cleanup; >> + arg = NULL; > > Setting arg to NULL can also lead to memory leak. > It makes virJSONValueFree(arg) below invalid. If qemuAgentMakeCommand succeeds, the 'arg' array is now owned by 'cmd' and we need to set it to NULL here to prevent double free. ACK to the patch as-is. Jan
Attachment:
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list