From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from [140.186.70.92] (port=55071 helo=eggs.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1Q1eIx-0006gj-1O
	for qemu-devel@nongnu.org; Mon, 21 Mar 2011 08:33:52 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <stefanha@gmail.com>) id 1Q1eIv-0000mQ-FJ
	for qemu-devel@nongnu.org; Mon, 21 Mar 2011 08:33:50 -0400
Received: from mail-yw0-f45.google.com ([209.85.213.45]:48097)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <stefanha@gmail.com>) id 1Q1eIv-0000mB-Cf
	for qemu-devel@nongnu.org; Mon, 21 Mar 2011 08:33:49 -0400
Received: by ywl41 with SMTP id 41so2922026ywl.4
	for <qemu-devel@nongnu.org>; Mon, 21 Mar 2011 05:33:48 -0700 (PDT)
MIME-Version: 1.0
In-Reply-To: <732683382.437646.1300708339597.JavaMail.root@zmail07.collab.prod.int.phx2.redhat.com>
References: <649134907.437547.1300708075324.JavaMail.root@zmail07.collab.prod.int.phx2.redhat.com>
	<732683382.437646.1300708339597.JavaMail.root@zmail07.collab.prod.int.phx2.redhat.com>
Date: Mon, 21 Mar 2011 12:33:48 +0000
Message-ID: <AANLkTikFqbB7D6Dg5ZfBqhzBWXM8_9Owjyoyu1myBSru@mail.gmail.com>
Subject: Re: [Qemu-devel] vnc: severe memory leak caused by broken
	palette_destroy() function
From: Stefan Hajnoczi <stefanha@gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Ulrich Obergfell <uobergfe@redhat.com>
Cc: qemu-devel@nongnu.org

On Mon, Mar 21, 2011 at 11:52 AM, Ulrich Obergfell <uobergfe@redhat.com> wr=
ote:
>
> The following commit breaks the code of the function palette_destroy().
>
> http://git.kernel.org/?p=3Dvirt/kvm/qemu-kvm.git;a=3Dcommit;h=3De31e3694a=
fef58ba191cbcc6875ec243e5971268
>
> The broken code causes a severe memory leak of 'VncPalette' structures
> because it never frees anything:
>
> =A0 =A0 70 void palette_destroy(VncPalette *palette)
> =A0 =A0 71 {
> =A0 =A0 72 =A0 =A0 if (palette =3D=3D NULL) {
> =A0 =A0 73 =A0 =A0 =A0 =A0 qemu_free(palette);
> =A0 =A0 74 =A0 =A0 }
> =A0 =A0 75 }
>
> Calling qemu_free() unconditionally could be considered. However,
> the original code (prior to the aforementioned commit) returned
> immediately if 'palette' was NULL. In order to be closer to the
> original code, the proposed patch corrects the 'if' statement.
>
> Signed-off-by: Ulrich Obergfell <uobergfe@redhat.com>
>
>
> diff -up ./ui/vnc-palette.c.orig0 ./ui/vnc-palette.c
> --- ./ui/vnc-palette.c.orig0 =A0 =A02011-03-15 03:53:22.000000000 +0100
> +++ ./ui/vnc-palette.c =A02011-03-20 11:52:57.257560295 +0100
> @@ -69,7 +69,7 @@ void palette_init(VncPalette *palette, s
>
> =A0void palette_destroy(VncPalette *palette)
> =A0{
> - =A0 =A0if (palette =3D=3D NULL) {
> + =A0 =A0if (palette) {
> =A0 =A0 =A0 =A0 qemu_free(palette);
> =A0 =A0 }
> =A0}

Please drop the if (palette) check entirely because qemu_free(NULL) is
a nop.  There's no need to perform this check at all.

Stefan