From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:34483)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <lcapitulino@redhat.com>) id 1WMJol-0003Qx-Li
	for qemu-devel@nongnu.org; Sat, 08 Mar 2014 11:09:48 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <lcapitulino@redhat.com>) id 1WMJog-0003pg-Rc
	for qemu-devel@nongnu.org; Sat, 08 Mar 2014 11:09:43 -0500
Received: from mx1.redhat.com ([209.132.183.28]:56771)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <lcapitulino@redhat.com>) id 1WMJog-0003pX-Ji
	for qemu-devel@nongnu.org; Sat, 08 Mar 2014 11:09:38 -0500
Date: Sat, 8 Mar 2014 11:09:33 -0500
From: Luiz Capitulino <lcapitulino@redhat.com>
Message-ID: <20140308110933.28374e9a@redhat.com>
In-Reply-To: <CAFEAcA85eJTo4s5qksAv_YkHwG+70BZ5x1KUBUM-gtkXPuhsXg@mail.gmail.com>
References: <CAFEAcA85eJTo4s5qksAv_YkHwG+70BZ5x1KUBUM-gtkXPuhsXg@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Subject: Re: [Qemu-devel] test-qmp-commands reads freed memory
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Peter Maydell <peter.maydell@linaro.org>
Cc: QEMU Developers <qemu-devel@nongnu.org>, Markus Armbruster <armbru@redhat.com>

On Sat, 8 Mar 2014 14:40:27 +0000
Peter Maydell <peter.maydell@linaro.org> wrote:

> The test-qmp-commands test binary seems to read from freed
> memory. This triggers the MacOSX malloc implementation's
> assertions. git bisect blames

Can you try the patch below? For the clang ones, I'll have to install it etc,
so it will take a bit longer.

I wonder how this didn't explode...

diff --git a/tests/test-qmp-commands.c b/tests/test-qmp-commands.c
index 8e62c2d..554e222 100644
--- a/tests/test-qmp-commands.c
+++ b/tests/test-qmp-commands.c
@@ -141,7 +141,7 @@ static void test_dispatch_cmd_io(void)
 
     ret3 = qobject_to_qint(test_qmp_dispatch(req));
     assert(qint_get_int(ret3) == 66);
-    QDECREF(ret);
+    QDECREF(ret3);
 
     QDECREF(req);
 }