From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from [140.186.70.92] (port=57042 helo=eggs.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1Q32ec-0006MO-Fh
	for qemu-devel@nongnu.org; Fri, 25 Mar 2011 04:46:00 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <uobergfe@redhat.com>) id 1Q32ea-0005qX-Tk
	for qemu-devel@nongnu.org; Fri, 25 Mar 2011 04:45:57 -0400
Received: from mx3-phx2.redhat.com ([209.132.183.24]:60908)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <uobergfe@redhat.com>) id 1Q32ea-0005pz-LR
	for qemu-devel@nongnu.org; Fri, 25 Mar 2011 04:45:56 -0400
Received: from mail03.corp.redhat.com (zmail07.collab.prod.int.phx2.redhat.com
	[10.5.5.47])
	by mx3-phx2.redhat.com (8.13.8/8.13.8) with ESMTP id p2P8js1q012653
	for <qemu-devel@nongnu.org>; Fri, 25 Mar 2011 04:45:54 -0400
Date: Fri, 25 Mar 2011 04:45:54 -0400 (EDT)
From: Ulrich Obergfell <uobergfe@redhat.com>
Message-ID: <963102742.505036.1301042754895.JavaMail.root@zmail07.collab.prod.int.phx2.redhat.com>
In-Reply-To: <942456759.505022.1301042552254.JavaMail.root@zmail07.collab.prod.int.phx2.redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Subject: [Qemu-devel] [PATCH v2] severe memory leak caused by broken
 palette_destroy() function
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org


This is version 2 of the patch that I originally posted in:

http://lists.gnu.org/archive/html/qemu-devel/2011-03/msg02063.html

[Sorry, I missed to include the keyword 'PATCH' in the subject
 of the original post.]

The following commit breaks the code of the function palette_destroy().

http://git.kernel.org/?p=virt/kvm/qemu-kvm.git;a=commit;h=e31e3694afef58ba191cbcc6875ec243e5971268

The broken code causes a severe memory leak of 'VncPalette' structures
because it never frees anything:

     70 void palette_destroy(VncPalette *palette)
     71 {
     72     if (palette == NULL) {
     73         qemu_free(palette);
     74     }
     75 }

Version 2 of the patch calls qemu_free() unconditionally.

Signed-off-by: Ulrich Obergfell <uobergfe@redhat.com>


diff -up ./ui/vnc-palette.c.orig0 ./ui/vnc-palette.c
--- ./ui/vnc-palette.c.orig0	2011-03-15 03:53:22.000000000 +0100
+++ ./ui/vnc-palette.c	2011-03-21 20:19:02.736948725 +0100
@@ -69,9 +69,7 @@ void palette_init(VncPalette *palette, s
 
 void palette_destroy(VncPalette *palette)
 {
-    if (palette == NULL) {
-        qemu_free(palette);
-    }
+    qemu_free(palette);
 }
 
 int palette_put(VncPalette *palette, uint32_t color)