From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1MqP2m-0003jn-6Q for qemu-devel@nongnu.org; Wed, 23 Sep 2009 06:25:52 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1MqP2f-0003fa-VO for qemu-devel@nongnu.org; Wed, 23 Sep 2009 06:25:50 -0400 Received: from [199.232.76.173] (port=37806 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1MqP2f-0003f2-At for qemu-devel@nongnu.org; Wed, 23 Sep 2009 06:25:45 -0400 Received: from mx1.redhat.com ([209.132.183.28]:18294) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1MqP2e-0001Ui-FQ for qemu-devel@nongnu.org; Wed, 23 Sep 2009 06:25:44 -0400 Received: from int-mx04.intmail.prod.int.phx2.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.17]) by mx1.redhat.com (8.13.8/8.13.8) with ESMTP id n8NAPhrA016512 for ; Wed, 23 Sep 2009 06:25:43 -0400 From: Mark McLoughlin Date: Wed, 23 Sep 2009 11:24:03 +0100 Message-Id: <1253701463-3134-5-git-send-email-markmc@redhat.com> In-Reply-To: <1253701463-3134-1-git-send-email-markmc@redhat.com> References: <1253701463-3134-1-git-send-email-markmc@redhat.com> Subject: [Qemu-devel] [PATCH 04/24] Correctly free nd structure List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org Cc: Mark McLoughlin , Glauber Costa From: Glauber Costa When we "free" a NICInfo structure, we can leak pointers, since we don't do much more than setting used = 0. We free() the model parameter, but we don't set it to NULL. This means that a new user of this structure will see garbage in there. It was not noticed before because reusing a NICInfo is not that common, but it can be, for users of device pci hotplug. A user hit it, described at https://bugzilla.redhat.com/524022 This patch memset's the whole structure, guaranteeing that anyone reusing it will see a fresh NICinfo. Also, we free some other strings that are currently leaking. This codebase is quite old, so this patch should feed all stable trees. Signed-off-by: Glauber Costa Signed-off-by: Mark McLoughlin --- net.c | 8 +++++++- 1 files changed, 7 insertions(+), 1 deletions(-) diff --git a/net.c b/net.c index d04b6bd..422ef4c 100644 --- a/net.c +++ b/net.c @@ -2434,6 +2434,7 @@ int net_client_init(Monitor *mon, const char *device, const char *p) goto out; } nd = &nd_table[idx]; + memset(nd, 0, sizeof(*nd)); macaddr = nd->macaddr; macaddr[0] = 0x52; macaddr[1] = 0x54; @@ -2803,8 +2804,13 @@ void net_client_uninit(NICInfo *nd) { nd->vlan->nb_guest_devs--; nb_nics--; - nd->used = 0; + qemu_free(nd->model); + qemu_free(nd->name); + qemu_free(nd->devaddr); + qemu_free(nd->id); + + nd->used = 0; } static int net_host_check_device(const char *device) -- 1.6.2.5