From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1MocQM-0006Om-Ko for qemu-devel@nongnu.org; Fri, 18 Sep 2009 08:18:50 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1MocQH-0006Ms-Gu for qemu-devel@nongnu.org; Fri, 18 Sep 2009 08:18:50 -0400 Received: from [199.232.76.173] (port=48622 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1MocQH-0006Mm-BP for qemu-devel@nongnu.org; Fri, 18 Sep 2009 08:18:45 -0400 Received: from mx1.redhat.com ([209.132.183.28]:26100) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1MocQG-00021d-LY for qemu-devel@nongnu.org; Fri, 18 Sep 2009 08:18:45 -0400 Subject: Re: [Qemu-devel] [PATCH] Correctly free nd structure From: Mark McLoughlin In-Reply-To: <1253220819-2850-1-git-send-email-glommer@redhat.com> References: <1253220819-2850-1-git-send-email-glommer@redhat.com> Content-Type: text/plain Date: Fri, 18 Sep 2009 13:17:29 +0100 Message-Id: <1253276249.4156.17.camel@blaa> Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Reply-To: Mark McLoughlin List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Glauber Costa Cc: aliguori@us.ibm.com, qemu-devel@nongnu.org On Thu, 2009-09-17 at 16:53 -0400, Glauber Costa wrote: > When we "free" a NICInfo structure, we can leak pointers, since we don't do > much more than setting used = 0. > > We free() the model parameter, but we don't set it to NULL. This means that > a new user of this structure will see garbage in there. It was not noticed > before because reusing a NICInfo is not that common, but it can be, for > users of device pci hotplug. > > A user hit it, described at https://bugzilla.redhat.com/show_bug.cgi?id=524022 > > This patch memset's the whole structure, guaranteeing that anyone reusing it > will see a fresh NICinfo. Also, we free some other strings that are currently > leaking. > > This codebase is quite old, so this patch should feed all stable trees. > > Signed-off-by: Glauber Costa > --- > net.c | 9 +++++++-- > 1 files changed, 7 insertions(+), 2 deletions(-) > > diff --git a/net.c b/net.c > index 340177e..a405895 100644 > --- a/net.c > +++ b/net.c > @@ -2804,8 +2804,13 @@ void net_client_uninit(NICInfo *nd) > { > nd->vlan->nb_guest_devs--; > nb_nics--; > - nd->used = 0; > - free((void *)nd->model); > + > + qemu_free((void *)nd->model); > + qemu_free((void *)nd->name); > + qemu_free((void *)nd->devaddr); > + qemu_free((void *)nd->id); > + > + memset(nd, 0, sizeof(*nd)); > } > Looks good to me; my patch to port to QemuOpts actually zeros out the struct during init() What is the (void *) cast for, though? Thanks, Mark.