qemu-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH] 9pfs: fix potential host memory leak in v9fs_re


From: Greg Kurz
Subject: Re: [Qemu-devel] [PATCH] 9pfs: fix potential host memory leak in v9fs_read
Date: Tue, 27 Sep 2016 10:14:10 +0200

On Mon, 26 Sep 2016 21:42:26 -0700
Li Qiang <address@hidden> wrote:

> From: Li Qiang <address@hidden>
> 
> In 9pfs read dispatch function, it doesn't free two QEMUIOVector
> object thus causing potential memory leak. This patch avoid this.
> 

Good catch for the leak, but I'd prefer another fix. See below.

> Signed-off-by: Li Qiang <address@hidden>
> ---
>  hw/9pfs/9p.c | 4 ++++
>  1 file changed, 4 insertions(+)
> 
> diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
> index d960a2e..b1ff8e7 100644
> --- a/hw/9pfs/9p.c
> +++ b/hw/9pfs/9p.c
> @@ -1830,12 +1830,16 @@ static void v9fs_read(void *opaque)
>              } while (len == -EINTR && !pdu->cancelled);
>              if (len < 0) {
>                  /* IO error return the error */
> +                qemu_iovec_destroy(&qiov);
> +                qemu_iovec_destroy(&qiov_full);

We already have these lines at the end of the code block for
type P9_FID_FILE.

Let's introduce an out_free_iovec: label and...

>                  err = len;
>                  goto out;

goto out_free_iovec;

>              }
>          } while (count < max_count && len > 0);
>          err = pdu_marshal(pdu, offset, "d", count);
>          if (err < 0) {
> +            qemu_iovec_destroy(&qiov);
> +            qemu_iovec_destroy(&qiov_full);
>              goto out;

Same here.

>          }
>          err += offset + count;

As a valuable side effect, the error will be traced :)

Cheers.

--
Greg



reply via email to

[Prev in Thread] Current Thread [Next in Thread]