On Tue, Jan 10, 2023 at 05:42:24AM -0500, Daniel P. Berrangé wrote:
The remote_*_args methods will generally borrow pointers passed in the caller, so should not be freed. On failure of the virTypedParamsSerialize method, however, xdr_free was being called. This is presumably because it was thought that the params may have been partially serialized and need cleaning up. This is incorrect, as virTypedParamsSerialize takes care to cleanup partially serialized data. This xdr_free call would lead to free'ing the borrowed cookie pointers, which would be a double free.
Which are marked g_autofree in the caller, yes. Some other places even mention that caller free()s those.
Signed-off-by: Daniel P. Berrangé <berrange@xxxxxxxxxx>
Reviewed-by: Martin Kletzander <mkletzan@xxxxxxxxxx> and SFF
Attachment:
signature.asc
Description: PGP signature
