From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:53163)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <mohan@in.ibm.com>) id 1UufIj-0002HZ-Ga
	for qemu-devel@nongnu.org; Thu, 04 Jul 2013 04:54:07 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <mohan@in.ibm.com>) id 1UufIh-0003ys-BV
	for qemu-devel@nongnu.org; Thu, 04 Jul 2013 04:54:05 -0400
Received: from e23smtp08.au.ibm.com ([202.81.31.141]:37075)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <mohan@in.ibm.com>) id 1UufIg-0003wn-Db
	for qemu-devel@nongnu.org; Thu, 04 Jul 2013 04:54:03 -0400
Received: from /spool/local
	by e23smtp08.au.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use
	Only! Violators will be prosecuted
	for <qemu-devel@nongnu.org> from <mohan@in.ibm.com>;
	Thu, 4 Jul 2013 18:50:59 +1000
Received: from d23relay04.au.ibm.com (d23relay04.au.ibm.com [9.190.234.120])
	by d23dlp02.au.ibm.com (Postfix) with ESMTP id 8F3902BB0051
	for <qemu-devel@nongnu.org>; Thu,  4 Jul 2013 18:53:47 +1000 (EST)
Received: from d23av01.au.ibm.com (d23av01.au.ibm.com [9.190.234.96])
	by d23relay04.au.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id
	r648ckIK52429044
	for <qemu-devel@nongnu.org>; Thu, 4 Jul 2013 18:38:47 +1000
Received: from d23av01.au.ibm.com (loopback [127.0.0.1])
	by d23av01.au.ibm.com (8.14.4/8.13.1/NCO v10.0 AVout) with ESMTP id
	r648rkur004139
	for <qemu-devel@nongnu.org>; Thu, 4 Jul 2013 18:53:46 +1000
From: "M. Mohan Kumar" <mohan@in.ibm.com>
In-Reply-To: <1371377676-18809-1-git-send-email-sw@weilnetz.de>
References: <1371377676-18809-1-git-send-email-sw@weilnetz.de>
Date: Thu, 04 Jul 2013 14:23:35 +0530
Message-ID: <87fvvubt9s.fsf@in.ibm.com>
MIME-Version: 1.0
Content-Type: text/plain
Subject: Re: [Qemu-devel] [PATCH] hw/9pfs: Fix potential memory leak and
	avoid reuse of freed memory
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Stefan Weil <sw@weilnetz.de>, "Aneesh Kumar K.V" <aneesh.kumar@linux.vnet.ibm.com>, Anthony Liguori <aliguori@us.ibm.com>
Cc: qemu-devel <qemu-devel@nongnu.org>

Stefan Weil <sw@weilnetz.de> writes:

> The leak was reported by cppcheck.
>
> Function proxy_init also calls g_free for ctx->fs_root.
> Avoid reuse of this memory by setting ctx->fs_root to NULL.
>
> Signed-off-by: Stefan Weil <sw@weilnetz.de>
Reviewed-by: M. Mohan Kumar <mohan@in.ibm.com>
> ---
>
> Hi,
>
> I'm not sure whether ctx->fs_root should also be freed in the error case.
> Please feel free to modify my patch if needed.
>
> Regards
> Stefan Weil
>
>  hw/9pfs/virtio-9p-proxy.c |    2 ++
>  1 file changed, 2 insertions(+)
>
> diff --git a/hw/9pfs/virtio-9p-proxy.c b/hw/9pfs/virtio-9p-proxy.c
> index 8ba2959..5f44bb7 100644
> --- a/hw/9pfs/virtio-9p-proxy.c
> +++ b/hw/9pfs/virtio-9p-proxy.c
> @@ -1153,10 +1153,12 @@ static int proxy_init(FsContext *ctx)
>          sock_id = atoi(ctx->fs_root);
>          if (sock_id < 0) {
>              fprintf(stderr, "socket descriptor not initialized\n");
> +            g_free(proxy);
>              return -1;
>          }
>      }
>      g_free(ctx->fs_root);
> +    ctx->fs_root = NULL;
>
>      proxy->in_iovec.iov_base  = g_malloc(PROXY_MAX_IO_SZ + PROXY_HDR_SZ);
>      proxy->in_iovec.iov_len   = PROXY_MAX_IO_SZ + PROXY_HDR_SZ;
> -- 
> 1.7.10.4