From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:33854) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YX4k2-0001Se-Kq for qemu-devel@nongnu.org; Sun, 15 Mar 2015 05:21:51 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1YX4k1-00006i-Py for qemu-devel@nongnu.org; Sun, 15 Mar 2015 05:21:50 -0400 Sender: Paolo Bonzini Message-ID: <55054F1D.2080408@redhat.com> Date: Sun, 15 Mar 2015 10:21:33 +0100 From: Paolo Bonzini MIME-Version: 1.0 References: <1426326454-7216-1-git-send-email-zhaoshenglong@huawei.com> <55040865.8050908@weilnetz.de> In-Reply-To: <55040865.8050908@weilnetz.de> Content-Type: text/plain; charset=iso-8859-15 Content-Transfer-Encoding: 7bit Subject: Re: [Qemu-devel] [PATCH] hw/bt/sdp: Fix resource leak detect by coverity List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Stefan Weil , Shannon Zhao , qemu-devel@nongnu.org Cc: peter.maydell@linaro.org, hangaohuai@huawei.com, qemu-trivial@nongnu.org, mjt@tls.msk.ru, peter.huangpeng@huawei.com, shannon.zhao@linaro.org On 14/03/2015 11:07, Stefan Weil wrote: > > This fixes the memory leak, but I still don't understand what is done here. > data is allocated, then filled with values, now it is also deallocated. > But I'm missing the part where all those data is used. "data" escapes in record->attribute_list[record->attributes].pair. The bug is in bt_l2cap_sdp_close_ch which does an invalid free every time it frees the first sdp->service_list[i].attribute_list->pair (but the qsort could have moved it elsewhere in the list). The right fix is to do a separate malloc for each attribute, instead of a single one. In any case, it seems simpler to just leave this code aside. Paolo