From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1MoNZh-0000Pd-38
	for qemu-devel@nongnu.org; Thu, 17 Sep 2009 16:27:29 -0400
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1MoNZc-0000OG-VL
	for qemu-devel@nongnu.org; Thu, 17 Sep 2009 16:27:28 -0400
Received: from [199.232.76.173] (port=43777 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1MoNZc-0000O5-Ls
	for qemu-devel@nongnu.org; Thu, 17 Sep 2009 16:27:24 -0400
Received: from mx1.redhat.com ([209.132.183.28]:6462)
	by monty-python.gnu.org with esmtp (Exim 4.60)
	(envelope-from <glommer@redhat.com>) id 1MoNZZ-0002zz-3E
	for qemu-devel@nongnu.org; Thu, 17 Sep 2009 16:27:22 -0400
From: Glauber Costa <glommer@redhat.com>
Date: Thu, 17 Sep 2009 16:53:39 -0400
Message-Id: <1253220819-2850-1-git-send-email-glommer@redhat.com>
Subject: [Qemu-devel] [PATCH] Correctly free nd structure
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org
Cc: aliguori@us.ibm.com

When we "free" a NICInfo structure, we can leak pointers, since we don't do
much more than setting used = 0.

We free() the model parameter, but we don't set it to NULL. This means that
a new user of this structure will see garbage in there. It was not noticed
before because reusing a NICInfo is not that common, but it can be, for
users of device pci hotplug.

A user hit it, described at https://bugzilla.redhat.com/show_bug.cgi?id=524022

This patch memset's the whole structure, guaranteeing that anyone reusing it
will see a fresh NICinfo. Also, we free some other strings that are currently
leaking.

This codebase is quite old, so this patch should feed all stable trees.

Signed-off-by: Glauber Costa <glommer@redhat.com>
---
 net.c |    9 +++++++--
 1 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/net.c b/net.c
index 340177e..a405895 100644
--- a/net.c
+++ b/net.c
@@ -2804,8 +2804,13 @@ void net_client_uninit(NICInfo *nd)
 {
     nd->vlan->nb_guest_devs--;
     nb_nics--;
-    nd->used = 0;
-    free((void *)nd->model);
+
+    qemu_free((void *)nd->model);
+    qemu_free((void *)nd->name);
+    qemu_free((void *)nd->devaddr);
+    qemu_free((void *)nd->id);
+
+    memset(nd, 0, sizeof(*nd));
 }
 
 static int net_host_check_device(const char *device)
-- 
1.6.2.2