Re: [Qemu-devel] [PATCH] Correctly free nd structure

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH] Correctly free nd structure

From:	Mark McLoughlin
Subject:	Re: [Qemu-devel] [PATCH] Correctly free nd structure
Date:	Fri, 18 Sep 2009 14:58:16 +0100

On Fri, 2009-09-18 at 09:44 -0300, Glauber Costa wrote:
> On Fri, Sep 18, 2009 at 01:17:29PM +0100, Mark McLoughlin wrote:
> > On Thu, 2009-09-17 at 16:53 -0400, Glauber Costa wrote:
> > > When we "free" a NICInfo structure, we can leak pointers, since we don't 
> > > do
> > > much more than setting used = 0.
> > > 
> > > We free() the model parameter, but we don't set it to NULL. This means 
> > > that
> > > a new user of this structure will see garbage in there. It was not noticed
> > > before because reusing a NICInfo is not that common, but it can be, for
> > > users of device pci hotplug.
> > > 
> > > A user hit it, described at 
> > > https://bugzilla.redhat.com/show_bug.cgi?id=524022
> > > 
> > > This patch memset's the whole structure, guaranteeing that anyone reusing 
> > > it
> > > will see a fresh NICinfo. Also, we free some other strings that are 
> > > currently
> > > leaking.
> > > 
> > > This codebase is quite old, so this patch should feed all stable trees.
> > > 
> > > Signed-off-by: Glauber Costa <address@hidden>
> > > ---
> > >  net.c |    9 +++++++--
> > >  1 files changed, 7 insertions(+), 2 deletions(-)
> > > 
> > > diff --git a/net.c b/net.c
> > > index 340177e..a405895 100644
> > > --- a/net.c
> > > +++ b/net.c
> > > @@ -2804,8 +2804,13 @@ void net_client_uninit(NICInfo *nd)
> > >  {
> > >      nd->vlan->nb_guest_devs--;
> > >      nb_nics--;
> > > -    nd->used = 0;
> > > -    free((void *)nd->model);
> > > +
> > > +    qemu_free((void *)nd->model);
> > > +    qemu_free((void *)nd->name);
> > > +    qemu_free((void *)nd->devaddr);
> > > +    qemu_free((void *)nd->id);
> > > +
> > > +    memset(nd, 0, sizeof(*nd));
> > >  }
> > >  
> > 
> > Looks good to me; my patch to port to QemuOpts actually zeros out the
> > struct during init()
> > 
> > What is the (void *) cast for, though?
> 1) it was already there.
> 2) those strings are marked as const, gcc whins if you remove the void cast.

Ah, yes - I had noticed that. They shouldn't be marked as const, though

Thanks,
Mark.

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [PATCH] Correctly free nd structure, Glauber Costa, 2009/09/17
- Re: [Qemu-devel] [PATCH] Correctly free nd structure, Mark McLoughlin, 2009/09/18
  - Re: [Qemu-devel] [PATCH] Correctly free nd structure, Glauber Costa, 2009/09/18
    - Re: [Qemu-devel] [PATCH] Correctly free nd structure, Mark McLoughlin <=

Prev by Date: Re: [Qemu-devel] [RFC][PATCH] File-backed memory maps
Next by Date: Re: [Qemu-devel] [PATCH 1/5] floppy: add drive properties.
Previous by thread: Re: [Qemu-devel] [PATCH] Correctly free nd structure
Next by thread: [Qemu-devel] [PATCH] offer right-ctrl as a grab option
Index(es):
- Date
- Thread