[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH 1/3] net/colo: fix memory double free error

From: Hailiang Zhang
Subject: Re: [Qemu-devel] [PATCH 1/3] net/colo: fix memory double free error
Date: Tue, 21 Feb 2017 11:06:29 +0800
User-agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.5.1

On 2017/2/21 10:25, Zhang Chen wrote:

On 02/20/2017 04:01 PM, zhanghailiang wrote:
The 'primary_list' and 'secondary_list' members of struct Connection
is not allocated through dynamically g_queue_new(), but we free it by using
g_queue_free(), which will lead to a double-free bug.

Signed-off-by: zhanghailiang <address@hidden>
   net/colo.c | 2 --
   1 file changed, 2 deletions(-)

diff --git a/net/colo.c b/net/colo.c
index 6a6eacd..7d5c423 100644
--- a/net/colo.c
+++ b/net/colo.c
@@ -147,9 +147,7 @@ void connection_destroy(void *opaque)
       Connection *conn = opaque;

       g_queue_foreach(&conn->primary_list, packet_destroy, NULL);
-    g_queue_free(&conn->primary_list);
       g_queue_foreach(&conn->secondary_list, packet_destroy, NULL);
-    g_queue_free(&conn->secondary_list);

I think we need use g_queue_clear () here.

Ha, you are right, my original modification will introduce memory leak.
Will fix in next version.

g_queue_clear (GQueue *queue);
Removes all the elements in queue . If queue elements contain
dynamically-allocated memory, they should be freed first.

Zhang Chen

       g_slice_free(Connection, conn);

reply via email to

[Prev in Thread] Current Thread [Next in Thread]