If strdup("x509dname") or strdup("saslUsername") success, but strdup(x509dname) or strdup(saslUsername) failed, subject->nidentity is not the num elements of subject->identities, and we will leak some memory. --- src/qemu/qemu_process.c | 12 ++++++------ 1 files changed, 6 insertions(+), 6 deletions(-) diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c index e74e0f1..0d2ccdc 100644 --- a/src/qemu/qemu_process.c +++ b/src/qemu/qemu_process.c @@ -544,18 +544,18 @@ qemuProcessHandleGraphics(qemuMonitorPtr mon ATTRIBUTE_UNUSED, if (x509dname) { if (VIR_REALLOC_N(subject->identities, subject->nidentity+1) < 0) goto no_memory; - if (!(subject->identities[subject->nidentity].type = strdup("x509dname")) || - !(subject->identities[subject->nidentity].name = strdup(x509dname))) - goto no_memory; subject->nidentity++; + if (!(subject->identities[subject->nidentity-1].type = strdup("x509dname")) || + !(subject->identities[subject->nidentity-1].name = strdup(x509dname))) + goto no_memory; } if (saslUsername) { if (VIR_REALLOC_N(subject->identities, subject->nidentity+1) < 0) goto no_memory; - if (!(subject->identities[subject->nidentity].type = strdup("saslUsername")) || - !(subject->identities[subject->nidentity].name = strdup(saslUsername))) - goto no_memory; subject->nidentity++; + if (!(subject->identities[subject->nidentity-1].type = strdup("saslUsername")) || + !(subject->identities[subject->nidentity-1].name = strdup(saslUsername))) + goto no_memory; } virDomainObjLock(vm); -- 1.7.1 -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list