Re: [PATCH] qom-qmp-cmds: Fix another memory leak in qmp_object

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] qom-qmp-cmds: Fix another memory leak in qmp_object_add()

From:	Markus Armbruster
Subject:	Re: [PATCH] qom-qmp-cmds: Fix another memory leak in qmp_object_add()
Date:	Tue, 17 Mar 2020 11:47:53 +0100
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux)

"Chenqun (kuhn)" <address@hidden> writes:

>>-----Original Message-----
>>From: Qemu-devel [mailto:qemu-devel-
>>bounces+kuhn.chenqun=address@hidden] On Behalf Of Markus
>>Armbruster
>>Sent: Tuesday, March 17, 2020 5:23 PM
>>To: address@hidden
>>Cc: Kevin Wolf <address@hidden>; address@hidden;
>>address@hidden; address@hidden
>>Subject: [PATCH] qom-qmp-cmds: Fix another memory leak in
>>qmp_object_add()
>>
>>When user_creatable_add_type() fails, qmp_object_add() returns both its
>>error and the usual empty QDict success value.  The QMP core handles the
>>error, and ignores the success value, leaking it.  Exposed by qmp-cmd-test
>>case /x86_64/qmp/object-add-without-props, and duly reported both by
>>ASan and valgrind.
>>
>>To plug the leak, set the success value only on success.
>>
>>Fixes: 5f07c4d60d091320186e7b0edaf9ed2cc16b2d1e
>>Cc: Kevin Wolf <address@hidden>
>>Signed-off-by: Markus Armbruster <address@hidden>
>>---
> Hi,  Markus
>
>         Looks like the same patch that has been reported already here:
> https://lists.gnu.org/archive/html/qemu-devel/2020-03/msg03928.html

That patch has an additional hunk:

  diff --git a/hw/block/xen-block.c b/hw/block/xen-block.c
  index 3885464513..041866b846 100644
  --- a/hw/block/xen-block.c
  +++ b/hw/block/xen-block.c
  @@ -860,7 +860,7 @@ static XenBlockIOThread *xen_block_iothread_create(const 
  char *id,
       XenBlockIOThread *iothread = g_new(XenBlockIOThread, 1);
       Error *local_err = NULL;
       QDict *opts;
  -    QObject *ret_data;
  +    QObject *ret_data = NULL;

       iothread->id = g_strdup(id);

       opts = qdict_new();
       qdict_put_str(opts, "qom-type", TYPE_IOTHREAD);
       qdict_put_str(opts, "id", id);
       qmp_object_add(opts, &ret_data, &local_err);
       qobject_unref(opts);
       qobject_unref(ret_data);

       if (local_err) {
           error_propagate(errp, local_err);

           g_free(iothread->id);
           g_free(iothread);
           return NULL;
       }

       return iothread;

> Maybe we should initialize ret_data in xen-block to avoid a possible 
> uninitialized error ？

Yes, because xen_block_iothread_create() passes @ret_data to
qobject_unref() even after qmp_object_add() failed.

In short, Pan Nengyuan's patch is more complete.

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH] qom-qmp-cmds: Fix another memory leak in qmp_object_add(), Markus Armbruster, 2020/03/17
- Re: [PATCH] qom-qmp-cmds: Fix another memory leak in qmp_object_add(), Marc-André Lureau, 2020/03/17
- Re: [PATCH] qom-qmp-cmds: Fix another memory leak in qmp_object_add(), Daniel P . Berrangé, 2020/03/17
- RE: [PATCH] qom-qmp-cmds: Fix another memory leak in qmp_object_add(), Chenqun (kuhn), 2020/03/17
  - Re: [PATCH] qom-qmp-cmds: Fix another memory leak in qmp_object_add(), Markus Armbruster <=

Prev by Date: Re: [PATCH v2 6/8] target/ppc: allow ppc_cpu_do_system_reset to take an alternate vector
Next by Date: Re: [PATCH v3 2/2] net: tulip: add .can_recieve routine
Previous by thread: RE: [PATCH] qom-qmp-cmds: Fix another memory leak in qmp_object_add()
Next by thread: [PATCH] hd-geo-test: Clean up use of buf[] in create_qcow2_with_mbr()
Index(es):
- Date
- Thread