[Qemu-devel] [PULL 11/20] qemu-img: Fix options leakage in img_rebase()

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

From: Max Reitz <mreitz@redhat.com>
To: qemu-block@nongnu.org
Cc: Kevin Wolf <kwolf@redhat.com>,
	Peter Maydell <peter.maydell@linaro.org>,
	qemu-devel@nongnu.org, Max Reitz <mreitz@redhat.com>
Subject: [Qemu-devel] [PULL 11/20] qemu-img: Fix options leakage in img_rebase()
Date: Fri, 14 Jun 2019 15:40:12 +0200	[thread overview]
Message-ID: <20190614134021.32486-12-mreitz@redhat.com> (raw)
In-Reply-To: <20190614134021.32486-1-mreitz@redhat.com>

img_rebase() can leak a QDict in two occasions.  Fix it.

Coverity: CID 1401416
Fixes: d16699b64671466b42079c45b89127aeea1ca565
Fixes: 330c72957196e0ae382abcaa97ebf4eb9bc8574f
Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-id: 20190528195338.12376-1-mreitz@redhat.com
Reviewed-by: John Snow <jsnow@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
---
 qemu-img.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/qemu-img.c b/qemu-img.c
index fd62e3ad5d..da14aea46a 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -3350,6 +3350,7 @@ static int img_rebase(int argc, char **argv)
                                                              out_baseimg,
                                                              &local_err);
             if (local_err) {
+                qobject_unref(options);
                 error_reportf_err(local_err,
                                   "Could not resolve backing filename: ");
                 ret = -1;
@@ -3362,7 +3363,9 @@ static int img_rebase(int argc, char **argv)
              */
             prefix_chain_bs = bdrv_find_backing_image(bs, out_real_path);
             if (prefix_chain_bs) {
+                qobject_unref(options);
                 g_free(out_real_path);
+
                 blk_new_backing = blk_new(qemu_get_aio_context(),
                                           BLK_PERM_CONSISTENT_READ,
                                           BLK_PERM_ALL);
-- 
2.21.0

next prev parent reply	other threads:[~2019-06-14 14:15 UTC|newest]

Thread overview: 22+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-06-14 13:40 [Qemu-devel] [PULL 00/20] Block patches Max Reitz
2019-06-14 13:40 ` [Qemu-devel] [PULL 01/20] blockdev-backup: don't check aio_context too early Max Reitz
2019-06-14 13:40 ` [Qemu-devel] [PULL 02/20] iotests.py: do not use infinite waits Max Reitz
2019-06-14 13:40 ` [Qemu-devel] [PULL 03/20] QEMUMachine: add events_wait method Max Reitz
2019-06-14 13:40 ` [Qemu-devel] [PULL 04/20] iotests.py: rewrite run_job to be pickier Max Reitz
2019-06-14 13:40 ` [Qemu-devel] [PULL 05/20] iotests: add iotest 256 for testing blockdev-backup across iothread contexts Max Reitz
2019-06-14 13:40 ` [Qemu-devel] [PULL 06/20] event_match: always match on None value Max Reitz
2019-06-14 13:40 ` [Qemu-devel] [PULL 07/20] iotests: Filter 175's allocation information Max Reitz
2019-06-14 13:40 ` [Qemu-devel] [PULL 08/20] iotests: Fix intermittent failure in 219 Max Reitz
2019-06-14 13:40 ` [Qemu-devel] [PULL 09/20] hw/block/fdc: floppy command FIFO memory initialization Max Reitz
2019-06-14 13:40 ` [Qemu-devel] [PULL 10/20] iotests: restrict 254 to support only qcow2 Max Reitz
2019-06-14 13:40 ` Max Reitz [this message]
2019-06-14 13:40 ` [Qemu-devel] [PULL 12/20] qapi/block-core: Overlays are not snapshots Max Reitz
2019-06-14 13:40 ` [Qemu-devel] [PULL 13/20] blockdev: " Max Reitz
2019-06-14 13:40 ` [Qemu-devel] [PULL 14/20] qemu-img: Move quiet into ImgConvertState Max Reitz
2019-06-14 13:40 ` [Qemu-devel] [PULL 15/20] qemu-img: Add salvaging mode to convert Max Reitz
2019-06-14 13:40 ` [Qemu-devel] [PULL 16/20] blkdebug: Add @iotype error option Max Reitz
2019-06-14 13:40 ` [Qemu-devel] [PULL 17/20] blkdebug: Add "none" event Max Reitz
2019-06-14 13:40 ` [Qemu-devel] [PULL 18/20] blkdebug: Inject errors on .bdrv_co_block_status() Max Reitz
2019-06-14 13:40 ` [Qemu-devel] [PULL 19/20] iotests: Test qemu-img convert --salvage Max Reitz
2019-06-14 13:40 ` [Qemu-devel] [PULL 20/20] iotests: Test qemu-img convert -C --salvage Max Reitz
2019-06-14 14:51 ` [Qemu-devel] [PULL 00/20] Block patches Peter Maydell

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:fd62e3ad5 dfblob:da14aea46 )
 OR (
bs:"[Qemu-devel] [PULL 11/20] qemu-img: Fix options leakage in img_rebase()" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190614134021.32486-12-mreitz@redhat.com \
    --to=mreitz@redhat.com \
    --cc=kwolf@redhat.com \
    --cc=peter.maydell@linaro.org \
    --cc=qemu-block@nongnu.org \
    --cc=qemu-devel@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).