From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1Modzv-0002Z1-JZ for qemu-devel@nongnu.org; Fri, 18 Sep 2009 09:59:39 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1Modzo-0002W3-D2 for qemu-devel@nongnu.org; Fri, 18 Sep 2009 09:59:36 -0400 Received: from [199.232.76.173] (port=40669 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1Modzo-0002Vx-5L for qemu-devel@nongnu.org; Fri, 18 Sep 2009 09:59:32 -0400 Received: from mx1.redhat.com ([209.132.183.28]:10359) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1Modzn-0005xz-Hh for qemu-devel@nongnu.org; Fri, 18 Sep 2009 09:59:31 -0400 Subject: Re: [Qemu-devel] [PATCH] Correctly free nd structure From: Mark McLoughlin In-Reply-To: <20090918124454.GV7263@mothafucka.localdomain> References: <1253220819-2850-1-git-send-email-glommer@redhat.com> <1253276249.4156.17.camel@blaa> <20090918124454.GV7263@mothafucka.localdomain> Content-Type: text/plain Date: Fri, 18 Sep 2009 14:58:16 +0100 Message-Id: <1253282296.4156.19.camel@blaa> Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Reply-To: Mark McLoughlin List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Glauber Costa Cc: aliguori@us.ibm.com, qemu-devel@nongnu.org On Fri, 2009-09-18 at 09:44 -0300, Glauber Costa wrote: > On Fri, Sep 18, 2009 at 01:17:29PM +0100, Mark McLoughlin wrote: > > On Thu, 2009-09-17 at 16:53 -0400, Glauber Costa wrote: > > > When we "free" a NICInfo structure, we can leak pointers, since we don't do > > > much more than setting used = 0. > > > > > > We free() the model parameter, but we don't set it to NULL. This means that > > > a new user of this structure will see garbage in there. It was not noticed > > > before because reusing a NICInfo is not that common, but it can be, for > > > users of device pci hotplug. > > > > > > A user hit it, described at https://bugzilla.redhat.com/show_bug.cgi?id=524022 > > > > > > This patch memset's the whole structure, guaranteeing that anyone reusing it > > > will see a fresh NICinfo. Also, we free some other strings that are currently > > > leaking. > > > > > > This codebase is quite old, so this patch should feed all stable trees. > > > > > > Signed-off-by: Glauber Costa > > > --- > > > net.c | 9 +++++++-- > > > 1 files changed, 7 insertions(+), 2 deletions(-) > > > > > > diff --git a/net.c b/net.c > > > index 340177e..a405895 100644 > > > --- a/net.c > > > +++ b/net.c > > > @@ -2804,8 +2804,13 @@ void net_client_uninit(NICInfo *nd) > > > { > > > nd->vlan->nb_guest_devs--; > > > nb_nics--; > > > - nd->used = 0; > > > - free((void *)nd->model); > > > + > > > + qemu_free((void *)nd->model); > > > + qemu_free((void *)nd->name); > > > + qemu_free((void *)nd->devaddr); > > > + qemu_free((void *)nd->id); > > > + > > > + memset(nd, 0, sizeof(*nd)); > > > } > > > > > > > Looks good to me; my patch to port to QemuOpts actually zeros out the > > struct during init() > > > > What is the (void *) cast for, though? > 1) it was already there. > 2) those strings are marked as const, gcc whins if you remove the void cast. Ah, yes - I had noticed that. They shouldn't be marked as const, though Thanks, Mark.