From: Markus Armbruster <armbru@redhat.com>
To: Eric Blake <eblake@redhat.com>
Cc: Jason Wang <jasowang@redhat.com>, qemu-devel@nongnu.org
Subject: Re: [PATCH v2 1/7 for-5.2?] net: Fix memory leak on error
Date: Mon, 16 Nov 2020 15:22:58 +0100 [thread overview]
Message-ID: <87pn4didod.fsf@dusky.pond.sub.org> (raw)
In-Reply-To: <20201113011340.463563-2-eblake@redhat.com> (Eric Blake's message of "Thu, 12 Nov 2020 19:13:34 -0600")
Eric Blake <eblake@redhat.com> writes:
> If qmp_query_rx_filter() encounters an error on a second iteration, it
> leaks the memory from the first.
>
> Fixes: 9083da1d4c
> Signed-off-by: Eric Blake <eblake@redhat.com>
> ---
> net/net.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/net/net.c b/net/net.c
> index 794c652282cb..eb65e110871a 100644
> --- a/net/net.c
> +++ b/net/net.c
> @@ -1213,6 +1213,7 @@ RxFilterInfoList *qmp_query_rx_filter(bool has_name, const char *name,
NetClientState *nc;
RxFilterInfoList *filter_list = NULL, *last_entry = NULL;
QTAILQ_FOREACH(nc, &net_clients, next) {
RxFilterInfoList *entry;
RxFilterInfo *info;
if (has_name && strcmp(nc->name, name) != 0) {
continue;
}
If @has_name and we get here more than once, then multiple @net_clients
have the same name. How can that be? We are not supposed to return
multiple replies with the same @name, are we?
/* only query rx-filter information of NIC */
> if (nc->info->type != NET_CLIENT_DRIVER_NIC) {
> if (has_name) {
> error_setg(errp, "net client(%s) isn't a NIC", name);
> + qapi_free_RxFilterInfoList(filter_list);
Unless multiple @net_clients are named @name, @filter_list is null,
isn't it?
> return NULL;
> }
> continue;
}
/* only query information on queue 0 since the info is per nic,
* not per queue
*/
if (nc->queue_index != 0)
continue;
if (nc->info->query_rx_filter) {
info = nc->info->query_rx_filter(nc);
entry = g_malloc0(sizeof(*entry));
entry->value = info;
if (!filter_list) {
filter_list = entry;
From now on, we must either return or free @filter_list.
} else {
last_entry->next = entry;
}
last_entry = entry;
> @@ -1238,6 +1239,7 @@ RxFilterInfoList *qmp_query_rx_filter(bool has_name, const char *name,
> } else if (has_name) {
> error_setg(errp, "net client(%s) doesn't support"
> " rx-filter querying", name);
> + qapi_free_RxFilterInfoList(filter_list);
Unless multiple @net_clients are named @name, @filter_list is null,
isn't it?
> return NULL;
> }
if (has_name) {
break;
}
}
I dislike this loop.
if (filter_list == NULL && has_name) {
error_setg(errp, "invalid net client name: %s", name);
}
return filter_list;
I should've strangled the optional @name parameter in the crib.
next prev parent reply other threads:[~2020-11-16 14:23 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-13 1:13 [PATCH v2 0/7] Common macros for QAPI list growth Eric Blake
2020-11-13 1:13 ` [PATCH v2 1/7 for-5.2?] net: Fix memory leak on error Eric Blake
2020-11-16 14:22 ` Markus Armbruster [this message]
2020-11-16 14:41 ` Eric Blake
2020-11-13 1:13 ` [PATCH v2 2/7] rocker: Revamp fp_port_get_info Eric Blake
2020-11-17 9:27 ` Markus Armbruster
2020-11-13 1:13 ` [PATCH v2 3/7] migration: Refactor migrate_cap_add Eric Blake
2020-11-17 9:45 ` Markus Armbruster
2020-11-13 1:13 ` [PATCH v2 4/7] qapi: Use QAPI_LIST_PREPEND() where possible Eric Blake
2020-11-17 10:20 ` Markus Armbruster
2020-11-17 11:45 ` Stefan Hajnoczi
2020-11-17 11:45 ` Stefan Hajnoczi
2020-11-13 1:13 ` [PATCH v2 5/7] qapi: Introduce QAPI_LIST_APPEND Eric Blake
2020-11-17 12:51 ` Markus Armbruster
2020-11-18 0:41 ` Eric Blake
2020-11-18 6:21 ` Markus Armbruster
2020-11-13 1:13 ` [PATCH v2 6/7] qapi: Use QAPI_LIST_APPEND in trivial cases Eric Blake
2020-11-13 1:13 ` Eric Blake
2020-11-13 1:13 ` [PATCH v2 7/7] qapi: More complex uses of QAPI_LIST_APPEND Eric Blake
2020-11-13 19:39 ` Dr. David Alan Gilbert
2020-11-16 13:27 ` Eric Blake
2020-11-19 8:50 ` Markus Armbruster
2020-12-04 22:54 ` Eric Blake
2020-11-19 9:28 ` [PATCH v2 0/7] Common macros for QAPI list growth Markus Armbruster
2020-12-19 9:43 ` Markus Armbruster
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87pn4didod.fsf@dusky.pond.sub.org \
--to=armbru@redhat.com \
--cc=eblake@redhat.com \
--cc=jasowang@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.