[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH] json: Fix a memleak in parse_pair()
From: |
Alex Chen |
Subject: |
[PATCH] json: Fix a memleak in parse_pair() |
Date: |
Wed, 11 Nov 2020 11:56:09 +0000 |
In qobject_type(), NULL is returned when the 'QObject' returned from
parse_value() is not of QString type,
and this 'QObject' memory will leaked.
So we need to first check whether the 'QObject' returned from parse_value() is
of QString type,
and if not, we free 'QObject' memory and return an error.
The memleak stack is as follows:
Direct leak of 32 byte(s) in 1 object(s) allocated from:
#0 0xfffe4b3c34fb in __interceptor_malloc (/lib64/libasan.so.4+0xd34fb)
#1 0xfffe4ae48aa3 in g_malloc (/lib64/libglib-2.0.so.0+0x58aa3)
#2 0xaaab3557d9f7 in qnum_from_int
/Images/source_org/qemu_master/qemu/qobject/qnum.c:25
#3 0xaaab35584d23 in parse_literal
/Images/source_org/qemu_master/qemu/qobject/json-parser.c:511
#4 0xaaab35584d23 in parse_value
/Images/source_org/qemu_master/qemu/qobject/json-parser.c:554
#5 0xaaab35583d77 in parse_pair
/Images/source_org/qemu_master/qemu/qobject/json-parser.c:270
#6 0xaaab355845db in parse_object
/Images/source_org/qemu_master/qemu/qobject/json-parser.c:327
#7 0xaaab355845db in parse_value
/Images/source_org/qemu_master/qemu/qobject/json-parser.c:546
#8 0xaaab35585b1b in json_parser_parse
/Images/source_org/qemu_master/qemu/qobject/json-parser.c:580
#9 0xaaab35583703 in json_message_process_token
/Images/source_org/qemu_master/qemu/qobject/json-streamer.c:92
#10 0xaaab355ddccf in json_lexer_feed_char
/Images/source_org/qemu_master/qemu/qobject/json-lexer.c:313
#11 0xaaab355de0eb in json_lexer_feed
/Images/source_org/qemu_master/qemu/qobject/json-lexer.c:350
#12 0xaaab354aff67 in tcp_chr_read
/Images/source_org/qemu_master/qemu/chardev/char-socket.c:525
#13 0xfffe4ae429db in g_main_context_dispatch
(/lib64/libglib-2.0.so.0+0x529db)
#14 0xfffe4ae42d8f (/lib64/libglib-2.0.so.0+0x52d8f)
#15 0xfffe4ae430df in g_main_loop_run (/lib64/libglib-2.0.so.0+0x530df)
#16 0xaaab34d70bff in iothread_run
/Images/source_org/qemu_master/qemu/iothread.c:82
#17 0xaaab3559d71b in qemu_thread_start
/Images/source_org/qemu_master/qemu/util/qemu-thread-posix.c:519
Fixes: 532fb5328473 ("qapi: Make more of qobject_to()")
Reported-by: Euler Robot <euler.robot@huawei.com>
Signed-off-by: Alex Chen <alex.chen@huawei.com>
Signed-off-by: Chen Qun <kuhn.chenqun@huawei.com>
---
qobject/json-parser.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/qobject/json-parser.c b/qobject/json-parser.c
index d083810d37..b37762a203 100644
--- a/qobject/json-parser.c
+++ b/qobject/json-parser.c
@@ -267,10 +267,13 @@ static int parse_pair(JSONParserContext *ctxt, QDict
*dict)
goto out;
}
- key = qobject_to(QString, parse_value(ctxt));
- if (!key) {
- parse_error(ctxt, peek, "key is not a string in object");
+ value = parse_value(ctxt);
+ if (!value || qobject_type(value) != QTYPE_QSTRING) {
+ qobject_unref(value);
+ parse_error(ctxt, peek, "value is not a string in object");
goto out;
+ } else {
+ key = qobject_to(QString, value);
}
token = parser_context_pop_token(ctxt);
--
2.19.1
- [PATCH] json: Fix a memleak in parse_pair(),
Alex Chen <=