From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:33451)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <kraxel@redhat.com>) id 1Y0ssz-0006HK-AY
	for qemu-devel@nongnu.org; Tue, 16 Dec 2014 09:14:06 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <kraxel@redhat.com>) id 1Y0ssu-0004yH-F8
	for qemu-devel@nongnu.org; Tue, 16 Dec 2014 09:14:01 -0500
Received: from mx1.redhat.com ([209.132.183.28]:51727)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <kraxel@redhat.com>) id 1Y0ssu-0004y2-8F
	for qemu-devel@nongnu.org; Tue, 16 Dec 2014 09:13:56 -0500
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Tue, 16 Dec 2014 15:13:37 +0100
Message-Id: <1418739217-6561-7-git-send-email-kraxel@redhat.com>
In-Reply-To: <1418739217-6561-1-git-send-email-kraxel@redhat.com>
References: <1418739217-6561-1-git-send-email-kraxel@redhat.com>
Subject: [Qemu-devel] [PULL 6/6] spice: fix memory leak
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org
Cc: Gonglei <arei.gonglei@huawei.com>, Gerd Hoffmann <kraxel@redhat.com>, Anthony Liguori <aliguori@amazon.com>

From: Gonglei <arei.gonglei@huawei.com>

If errors happen for middle items of channel_list,
qmp_query_spice_channels() returns NULL, and the variable
cur_item going out of scope leaks the storage it points to.

The flag is a compatibility thing for older spice-server
versions. Meanwhile our minimum spice version requirement is
new enough that we should never ever see this error, and if we
do something went very seriously wrong. Let's using assert()
instead of returning NULL to avoid a memory leak.

Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
 ui/spice-core.c | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/ui/spice-core.c b/ui/spice-core.c
index 497670c..fe705c1 100644
--- a/ui/spice-core.c
+++ b/ui/spice-core.c
@@ -385,10 +385,7 @@ static SpiceChannelList *qmp_query_spice_channels(void)
         struct sockaddr *paddr;
         socklen_t plen;
 
-        if (!(item->info->flags & SPICE_CHANNEL_EVENT_FLAG_ADDR_EXT)) {
-            error_report("invalid channel event");
-            return NULL;
-        }
+        assert(item->info->flags & SPICE_CHANNEL_EVENT_FLAG_ADDR_EXT);
 
         chan = g_malloc0(sizeof(*chan));
         chan->value = g_malloc0(sizeof(*chan->value));
-- 
1.8.3.1