From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:49245) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bwQWz-0002Sx-ND for qemu-devel@nongnu.org; Tue, 18 Oct 2016 05:17:58 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bwQWw-0006ED-Js for qemu-devel@nongnu.org; Tue, 18 Oct 2016 05:17:57 -0400 Received: from mx1.redhat.com ([209.132.183.28]:53086) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1bwQWw-0006Dm-Em for qemu-devel@nongnu.org; Tue, 18 Oct 2016 05:17:54 -0400 From: Pino Toscano Date: Tue, 18 Oct 2016 11:17:47 +0200 Message-Id: <1476782267-2602-1-git-send-email-ptoscano@redhat.com> Subject: [Qemu-devel] [PATCH] qapi: fix memory leak in QmpOutputVisitor List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org Cc: armbru@redhat.com, mdroth@linux.vnet.ibm.com, ptoscano@redhat.com qmp_output_start_struct() and qmp_output_start_list() create a new QObject (QDict, QList) and push it to the stack of the QmpOutputVisitor, where it is saved as 'value'. When freeing the iterator in qmp_output_free(), these values are never freed properly. The simple solution is to qobject_decref() them. --- qapi/qmp-output-visitor.c | 1 + 1 file changed, 1 insertion(+) diff --git a/qapi/qmp-output-visitor.c b/qapi/qmp-output-visitor.c index 9e3b67c..eedf256 100644 --- a/qapi/qmp-output-visitor.c +++ b/qapi/qmp-output-visitor.c @@ -220,6 +220,7 @@ static void qmp_output_free(Visitor *v) while (!QSLIST_EMPTY(&qov->stack)) { e = QSLIST_FIRST(&qov->stack); QSLIST_REMOVE_HEAD(&qov->stack, node); + qobject_decref(e->value); g_free(e); } -- 2.7.4