[PATCH 2/7] util: buf: Fix memory leak in virBufferEscapeN

Peter Krempa <pkrempa@xxxxxxxxxx> · Thu, 21 Feb 2019 16:50:15 +0100

The conversion to VIR_AUTOFREE of 'escapeList' introduced memory leak of
the copied item to be escaped:

==17517== 2 bytes in 1 blocks are definitely lost in loss record 1 of 32
==17517==    at 0x483880B: malloc (vg_replace_malloc.c:309)
==17517==    by 0x54D666D: strdup (in /usr/lib64/libc-2.28.so)
==17517==    by 0x497663E: virStrdup (virstring.c:956)
==17517==    by 0x497663E: virStrdup (virstring.c:945)
==17517==    by 0x48F8853: virBufferEscapeN (virbuffer.c:707)
==17517==    by 0x403C9D: testBufEscapeN (virbuftest.c:383)
==17517==    by 0x405FA8: virTestRun (testutils.c:174)
==17517==    by 0x403A70: mymain (virbuftest.c:517)
==17517==    by 0x406BC9: virTestMain (testutils.c:1097)
==17517==    by 0x5470412: (below main) (in /usr/lib64/libc-2.28.so)

[...] (all other have same backtrace as it happens in a loop)

Fix it by reverting all the VIR_AUTO nonsense in this function as there
is exactly one place where it's handled.

This effectively reverts commits:
d0a92a037123085398d4123472f59c71b436d485
96fbf6df90335c1f9315fc25162711fd632d4dab
d261ed2fb1df95f6c7698b9321a82078a7335112

Signed-off-by: Peter Krempa <pkrempa@xxxxxxxxxx>
---
 src/util/virbuffer.c | 24 +++++-------------------
 1 file changed, 5 insertions(+), 19 deletions(-)

diff --git a/src/util/virbuffer.c b/src/util/virbuffer.c
index 01d71f1b59..7399bdcdfe 100644
--- a/src/util/virbuffer.c
+++ b/src/util/virbuffer.c
@@ -643,26 +643,11 @@ virBufferEscape(virBufferPtr buf, char escape, const char *toescape,
 }


-typedef struct _virBufferEscapePair virBufferEscapePair;
-typedef virBufferEscapePair *virBufferEscapePairPtr;
-
-struct _virBufferEscapePair {
+struct virBufferEscapePair {
     char escape;
     char *toescape;
 };

-static void
-virBufferEscapePairFree(virBufferEscapePairPtr pair)
-{
-    if (!pair)
-        return;
-
-    VIR_FREE(pair->toescape);
-    VIR_FREE(pair);
-}
-
-VIR_DEFINE_AUTOPTR_FUNC(virBufferEscapePair, virBufferEscapePairFree);
-

 /**
  * virBufferEscapeN:
@@ -688,8 +673,8 @@ virBufferEscapeN(virBufferPtr buf,
     VIR_AUTOFREE(char *) escaped = NULL;
     char *out;
     const char *cur;
-    virBufferEscapePair escapeItem;
-    VIR_AUTOPTR(virBufferEscapePair) escapeList = NULL;
+    struct virBufferEscapePair escapeItem;
+    struct virBufferEscapePair *escapeList = NULL;
     size_t nescapeList = 0;
     va_list ap;

@@ -704,7 +689,7 @@ virBufferEscapeN(virBufferPtr buf,
     va_start(ap, str);

     while ((escapeItem.escape = va_arg(ap, int))) {
-        if (VIR_STRDUP(escapeItem.toescape, va_arg(ap, char *)) < 0) {
+        if (!(escapeItem.toescape = va_arg(ap, char *))) {
             virBufferSetError(buf, errno);
             goto cleanup;
         }
@@ -747,6 +732,7 @@ virBufferEscapeN(virBufferPtr buf,

  cleanup:
     va_end(ap);
+    VIR_FREE(escapeList);
 }


-- 
2.20.1





