From: Li Qiang <liq3ea@163.com>
To: kwolf@redhat.com, mreitz@redhat.com
Cc: Li Qiang <liq3ea@163.com>,
liq3ea@gmail.com, qemu-devel@nongnu.org, qemu-block@nongnu.org
Subject: [Qemu-devel] [PATCH] block: qcow2: free 'refcount_table' in error path
Date: Fri, 30 Aug 2019 19:04:32 -0700 [thread overview]
Message-ID: <20190831020432.61473-1-liq3ea@163.com> (raw)
Currently, when doing './check -qcow2 098'. We can get following
asan output:
qemu-img: Could not empty blkdebug:TEST_DIR/blkdebug.conf:TEST_DIR/t.IMGFMT: Input/output error
+
+=================================================================
+==60365==ERROR: LeakSanitizer: detected memory leaks
+
+Direct leak of 65536 byte(s) in 1 object(s) allocated from:
+ #0 0x7f3ed729fd38 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded38)
+ #1 0x56274517fe66 in make_completely_empty block/IMGFMT.c:4219
+ #2 0x562745180e51 in IMGFMT_make_empty block/IMGFMT.c:4313
+ #3 0x56274509b14e in img_commit /home/test/qemu5/qemu/qemu-img.c:1053
+ #4 0x5627450b4b74 in main /home/test/qemu5/qemu/qemu-img.c:5097
+ #5 0x7f3ed4f2fb96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)
This is because the logic of clean resource in 'make_completely_empty' is
wrong. The patch frees the 's->refcount_table' in error path.
Signed-off-by: Li Qiang <liq3ea@163.com>
---
block/qcow2.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/block/qcow2.c b/block/qcow2.c
index 7c5a4859f7..23fe713d4c 100644
--- a/block/qcow2.c
+++ b/block/qcow2.c
@@ -4243,7 +4243,7 @@ static int make_completely_empty(BlockDriverState *bs)
ret = bdrv_pwrite_sync(bs->file, s->cluster_size,
&rt_entry, sizeof(rt_entry));
if (ret < 0) {
- goto fail_broken_refcounts;
+ goto fail;
}
s->refcount_table[0] = 2 * s->cluster_size;
@@ -4252,7 +4252,7 @@ static int make_completely_empty(BlockDriverState *bs)
offset = qcow2_alloc_clusters(bs, 3 * s->cluster_size + l1_size2);
if (offset < 0) {
ret = offset;
- goto fail_broken_refcounts;
+ goto fail;
} else if (offset > 0) {
error_report("First cluster in emptied image is in use");
abort();
@@ -4274,6 +4274,9 @@ static int make_completely_empty(BlockDriverState *bs)
return 0;
+fail:
+ g_free(s->refcount_table);
+
fail_broken_refcounts:
/* The BDS is unusable at this point. If we wanted to make it usable, we
* would have to call qcow2_refcount_close(), qcow2_refcount_init(),
@@ -4283,8 +4286,6 @@ fail_broken_refcounts:
* that that sequence will fail as well. Therefore, just eject the BDS. */
bs->drv = NULL;
-fail:
- g_free(new_reftable);
return ret;
}
--
2.17.1
next reply other threads:[~2019-08-31 2:07 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-08-31 2:04 Li Qiang [this message]
2019-09-03 10:22 ` [Qemu-devel] [PATCH] block: qcow2: free 'refcount_table' in error path Kevin Wolf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190831020432.61473-1-liq3ea@163.com \
--to=liq3ea@163.com \
--cc=kwolf@redhat.com \
--cc=liq3ea@gmail.com \
--cc=mreitz@redhat.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).