From: Markus Armbruster <armbru@redhat.com>
To: <arei.gonglei@huawei.com>
Cc: qemu-trivial@nongnu.org, qemu-devel@nongnu.org, lcapitulino@redhat.com
Subject: Re: [Qemu-trivial] [Qemu-devel] [PATCH] monitor: Fix Resource leak
Date: Wed, 11 Feb 2015 14:00:03 +0100 [thread overview]
Message-ID: <87386c8uy4.fsf@blackfin.pond.sub.org> (raw)
In-Reply-To: <1423635971-9928-1-git-send-email-arei.gonglei@huawei.com> (arei gonglei's message of "Wed, 11 Feb 2015 14:26:11 +0800")
<arei.gonglei@huawei.com> writes:
> From: Gonglei <arei.gonglei@huawei.com>
>
> Coverity spot:
> qemu_using_spice allocates memory that is stored into err,
> but not freed before return.
>
> Cc:Markus Armbruster <armbru@redhat.com>
> Signed-off-by: Gonglei <arei.gonglei@huawei.com>
> ---
> monitor.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/monitor.c b/monitor.c
> index c3cc060..137d23f 100644
> --- a/monitor.c
> +++ b/monitor.c
> @@ -1095,12 +1095,13 @@ static int client_migrate_info(Monitor *mon, const QDict *qdict,
> const char *subject = qdict_get_try_str(qdict, "cert-subject");
> int port = qdict_get_try_int(qdict, "port", -1);
> int tls_port = qdict_get_try_int(qdict, "tls-port", -1);
> - Error *err;
> + Error *err = NULL;
> int ret;
>
> if (strcmp(protocol, "spice") == 0) {
> if (!qemu_using_spice(&err)) {
> qerror_report_err(err);
> + error_free(err);
> return -1;
> }
Your commit message is incomplete. The resource leak is real, but it's
the less serious bug here. The serious one is missing initialization of
err.
If using_spice, qemu_using_spice() returns true without touching err.
All fine.
Else, if err is null by chance, qemu_using_spice()'s error_set() creates
an error object and stores it in err. We leak it.
If err is not null, error_set() fails its assertion.
Broken in commit b25d81b by yours truly. Thanks for cleaning up my
mess!
Let's fix up the commit message:
monitor: Fix missing err = NULL in client_migrate_info()
When SPICE isn't used, we either fail an assertion in error_set(),
or leak an error object. Broken in commit b25d81b.
With such a fixup:
Reviewed-by: Markus Armbruster <armbru@redhat.com>
WARNING: multiple messages have this Message-ID (diff)
From: Markus Armbruster <armbru@redhat.com>
To: arei.gonglei@huawei.com
Cc: qemu-trivial@nongnu.org, qemu-devel@nongnu.org, lcapitulino@redhat.com
Subject: Re: [Qemu-devel] [PATCH] monitor: Fix Resource leak
Date: Wed, 11 Feb 2015 14:00:03 +0100 [thread overview]
Message-ID: <87386c8uy4.fsf@blackfin.pond.sub.org> (raw)
In-Reply-To: <1423635971-9928-1-git-send-email-arei.gonglei@huawei.com> (arei gonglei's message of "Wed, 11 Feb 2015 14:26:11 +0800")
<arei.gonglei@huawei.com> writes:
> From: Gonglei <arei.gonglei@huawei.com>
>
> Coverity spot:
> qemu_using_spice allocates memory that is stored into err,
> but not freed before return.
>
> Cc:Markus Armbruster <armbru@redhat.com>
> Signed-off-by: Gonglei <arei.gonglei@huawei.com>
> ---
> monitor.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/monitor.c b/monitor.c
> index c3cc060..137d23f 100644
> --- a/monitor.c
> +++ b/monitor.c
> @@ -1095,12 +1095,13 @@ static int client_migrate_info(Monitor *mon, const QDict *qdict,
> const char *subject = qdict_get_try_str(qdict, "cert-subject");
> int port = qdict_get_try_int(qdict, "port", -1);
> int tls_port = qdict_get_try_int(qdict, "tls-port", -1);
> - Error *err;
> + Error *err = NULL;
> int ret;
>
> if (strcmp(protocol, "spice") == 0) {
> if (!qemu_using_spice(&err)) {
> qerror_report_err(err);
> + error_free(err);
> return -1;
> }
Your commit message is incomplete. The resource leak is real, but it's
the less serious bug here. The serious one is missing initialization of
err.
If using_spice, qemu_using_spice() returns true without touching err.
All fine.
Else, if err is null by chance, qemu_using_spice()'s error_set() creates
an error object and stores it in err. We leak it.
If err is not null, error_set() fails its assertion.
Broken in commit b25d81b by yours truly. Thanks for cleaning up my
mess!
Let's fix up the commit message:
monitor: Fix missing err = NULL in client_migrate_info()
When SPICE isn't used, we either fail an assertion in error_set(),
or leak an error object. Broken in commit b25d81b.
With such a fixup:
Reviewed-by: Markus Armbruster <armbru@redhat.com>
next prev parent reply other threads:[~2015-02-11 13:00 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-02-11 6:26 [Qemu-trivial] [PATCH] monitor: Fix Resource leak arei.gonglei
2015-02-11 6:26 ` [Qemu-devel] " arei.gonglei
2015-02-11 13:00 ` Markus Armbruster [this message]
2015-02-11 13:00 ` Markus Armbruster
2015-02-12 1:04 ` [Qemu-trivial] " Gonglei
2015-02-12 1:04 ` Gonglei
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87386c8uy4.fsf@blackfin.pond.sub.org \
--to=armbru@redhat.com \
--cc=arei.gonglei@huawei.com \
--cc=lcapitulino@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=qemu-trivial@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.