[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] [PULL 4/4] xen-block: stop leaking memory in xen_block_driv

From: Anthony PERARD
Subject: [Qemu-devel] [PULL 4/4] xen-block: stop leaking memory in xen_block_drive_create()
Date: Thu, 28 Feb 2019 17:34:39 +0000

From: Paul Durrant <address@hidden>

The locally allocated QDict-s need to be freed. ('file_layer' will be
freed implicitly since it is added as an object to 'driver_layer').

Spotted by Coverity: CID 1398649

While in the neighbourhood free 'driver' and 'filename' as soon as they are
added to the QDicts. Freeing after the 'done' label doesn't make that much
sense as, if the error path jumps to that label, the values would be NULL

This patch also makes that more obvious by taking the error path if
'params' is NULL and then asserting that both driver and filename are
non-NULL in the normal path.

Reported-by: Peter Maydell <address@hidden>
Signed-off-by: Paul Durrant <address@hidden>
Message-Id: <address@hidden>
Acked-by: Anthony PERARD <address@hidden>
Signed-off-by: Anthony PERARD <address@hidden>
 hw/block/xen-block.c | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/hw/block/xen-block.c b/hw/block/xen-block.c
index 37a456c207..70fc2455e8 100644
--- a/hw/block/xen-block.c
+++ b/hw/block/xen-block.c
@@ -743,12 +743,12 @@ static XenBlockDrive *xen_block_drive_create(const char 
-    }
-    if (!filename) {
-        error_setg(errp, "no filename");
+    } else {
+        error_setg(errp, "no params");
         goto done;
+    assert(filename);
     drive = g_new0(XenBlockDrive, 1);
@@ -758,6 +758,7 @@ static XenBlockDrive *xen_block_drive_create(const char *id,
     qdict_put_str(file_layer, "driver", "file");
     qdict_put_str(file_layer, "filename", filename);
+    g_free(filename);
     if (mode && *mode != 'w') {
         qdict_put_bool(file_layer, "read-only", true);
@@ -793,16 +794,17 @@ static XenBlockDrive *xen_block_drive_create(const char 
     driver_layer = qdict_new();
     qdict_put_str(driver_layer, "driver", driver);
+    g_free(driver);
     qdict_put_obj(driver_layer, "file", QOBJECT(file_layer));
     drive->node_name = xen_block_blockdev_add(drive->id, driver_layer,
-    g_free(driver);
-    g_free(filename);
+    qobject_unref(driver_layer);
     if (local_err) {
         error_propagate(errp, local_err);
         xen_block_drive_destroy(drive, NULL);
Anthony PERARD

reply via email to

[Prev in Thread] Current Thread [Next in Thread]