diff mbox

hw/9pfs: Fix potential memory leak and avoid reuse of freed memory

Message ID 1371377676-18809-1-git-send-email-sw@weilnetz.de
State Accepted
Headers show

Commit Message

Stefan Weil June 16, 2013, 10:14 a.m. UTC 
The leak was reported by cppcheck.

Function proxy_init also calls g_free for ctx->fs_root.
Avoid reuse of this memory by setting ctx->fs_root to NULL.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
---

Hi,

I'm not sure whether ctx->fs_root should also be freed in the error case.
Please feel free to modify my patch if needed.

Regards
Stefan Weil

 hw/9pfs/virtio-9p-proxy.c |    2 ++
 1 file changed, 2 insertions(+)

Comments

Stefan Weil July 2, 2013, 8:34 p.m. UTC | #1 
Am 16.06.2013 12:14, schrieb Stefan Weil:
> The leak was reported by cppcheck.
>
> Function proxy_init also calls g_free for ctx->fs_root.
> Avoid reuse of this memory by setting ctx->fs_root to NULL.
>
> Signed-off-by: Stefan Weil <sw@weilnetz.de>
> ---
>
> Hi,
>
> I'm not sure whether ctx->fs_root should also be freed in the error case.
> Please feel free to modify my patch if needed.
>
> Regards
> Stefan Weil
>
>  hw/9pfs/virtio-9p-proxy.c |    2 ++
>  1 file changed, 2 insertions(+)
>
> diff --git a/hw/9pfs/virtio-9p-proxy.c b/hw/9pfs/virtio-9p-proxy.c
> index 8ba2959..5f44bb7 100644
> --- a/hw/9pfs/virtio-9p-proxy.c
> +++ b/hw/9pfs/virtio-9p-proxy.c
> @@ -1153,10 +1153,12 @@ static int proxy_init(FsContext *ctx)
>          sock_id = atoi(ctx->fs_root);
>          if (sock_id < 0) {
>              fprintf(stderr, "socket descriptor not initialized\n");
> +            g_free(proxy);
>              return -1;
>          }
>      }
>      g_free(ctx->fs_root);
> +    ctx->fs_root = NULL;
>  
>      proxy->in_iovec.iov_base  = g_malloc(PROXY_MAX_IO_SZ + PROXY_HDR_SZ);
>      proxy->in_iovec.iov_len   = PROXY_MAX_IO_SZ + PROXY_HDR_SZ;


Ping?
Mohan Kumar M July 4, 2013, 8:53 a.m. UTC | #2 
Stefan Weil <sw@weilnetz.de> writes:

> The leak was reported by cppcheck.
>
> Function proxy_init also calls g_free for ctx->fs_root.
> Avoid reuse of this memory by setting ctx->fs_root to NULL.
>
> Signed-off-by: Stefan Weil <sw@weilnetz.de>
Reviewed-by: M. Mohan Kumar <mohan@in.ibm.com>
> ---
>
> Hi,
>
> I'm not sure whether ctx->fs_root should also be freed in the error case.
> Please feel free to modify my patch if needed.
>
> Regards
> Stefan Weil
>
>  hw/9pfs/virtio-9p-proxy.c |    2 ++
>  1 file changed, 2 insertions(+)
>
> diff --git a/hw/9pfs/virtio-9p-proxy.c b/hw/9pfs/virtio-9p-proxy.c
> index 8ba2959..5f44bb7 100644
> --- a/hw/9pfs/virtio-9p-proxy.c
> +++ b/hw/9pfs/virtio-9p-proxy.c
> @@ -1153,10 +1153,12 @@ static int proxy_init(FsContext *ctx)
>          sock_id = atoi(ctx->fs_root);
>          if (sock_id < 0) {
>              fprintf(stderr, "socket descriptor not initialized\n");
> +            g_free(proxy);
>              return -1;
>          }
>      }
>      g_free(ctx->fs_root);
> +    ctx->fs_root = NULL;
>
>      proxy->in_iovec.iov_base  = g_malloc(PROXY_MAX_IO_SZ + PROXY_HDR_SZ);
>      proxy->in_iovec.iov_len   = PROXY_MAX_IO_SZ + PROXY_HDR_SZ;
> -- 
> 1.7.10.4
Stefan Weil July 19, 2013, 7:11 p.m. UTC | #3 
Am 04.07.2013 10:53, schrieb M. Mohan Kumar:
> Stefan Weil <sw@weilnetz.de> writes:
>
>> The leak was reported by cppcheck.
>>
>> Function proxy_init also calls g_free for ctx->fs_root.
>> Avoid reuse of this memory by setting ctx->fs_root to NULL.
>>
>> Signed-off-by: Stefan Weil <sw@weilnetz.de>
> Reviewed-by: M. Mohan Kumar <mohan@in.ibm.com>
>> ---
>>
>> Hi,
>>
>> I'm not sure whether ctx->fs_root should also be freed in the error case.
>> Please feel free to modify my patch if needed.
>>
>> Regards
>> Stefan Weil
>>
>>  hw/9pfs/virtio-9p-proxy.c |    2 ++
>>  1 file changed, 2 insertions(+)
>>
>> diff --git a/hw/9pfs/virtio-9p-proxy.c b/hw/9pfs/virtio-9p-proxy.c
>> index 8ba2959..5f44bb7 100644
>> --- a/hw/9pfs/virtio-9p-proxy.c
>> +++ b/hw/9pfs/virtio-9p-proxy.c
>> @@ -1153,10 +1153,12 @@ static int proxy_init(FsContext *ctx)
>>          sock_id = atoi(ctx->fs_root);
>>          if (sock_id < 0) {
>>              fprintf(stderr, "socket descriptor not initialized\n");
>> +            g_free(proxy);
>>              return -1;
>>          }
>>      }
>>      g_free(ctx->fs_root);
>> +    ctx->fs_root = NULL;
>>
>>      proxy->in_iovec.iov_base  = g_malloc(PROXY_MAX_IO_SZ + PROXY_HDR_SZ);
>>      proxy->in_iovec.iov_len   = PROXY_MAX_IO_SZ + PROXY_HDR_SZ;
>> -- 
>> 1.7.10.4


Please add this patch to the qemu-trivial queue:
http://patchwork.ozlabs.org/patch/251666/

Thanks,
Stefan
Michael Tokarev July 23, 2013, 5:09 p.m. UTC | #4 
19.07.2013 23:11, Stefan Weil wrote:
> Am 04.07.2013 10:53, schrieb M. Mohan Kumar:
>> Stefan Weil <sw@weilnetz.de> writes:
>>
>>> The leak was reported by cppcheck.
>>>
>>> Function proxy_init also calls g_free for ctx->fs_root.
>>> Avoid reuse of this memory by setting ctx->fs_root to NULL.
>>>
>>> Signed-off-by: Stefan Weil <sw@weilnetz.de>
>> Reviewed-by: M. Mohan Kumar <mohan@in.ibm.com>

Thanks, applied to the trivial patches queue.

/mjt
diff mbox

Patch

diff --git a/hw/9pfs/virtio-9p-proxy.c b/hw/9pfs/virtio-9p-proxy.c
index 8ba2959..5f44bb7 100644
--- a/hw/9pfs/virtio-9p-proxy.c
+++ b/hw/9pfs/virtio-9p-proxy.c
@@ -1153,10 +1153,12 @@  static int proxy_init(FsContext *ctx)
         sock_id = atoi(ctx->fs_root);
         if (sock_id < 0) {
             fprintf(stderr, "socket descriptor not initialized\n");
+            g_free(proxy);
             return -1;
         }
     }
     g_free(ctx->fs_root);
+    ctx->fs_root = NULL;
 
     proxy->in_iovec.iov_base  = g_malloc(PROXY_MAX_IO_SZ + PROXY_HDR_SZ);
     proxy->in_iovec.iov_len   = PROXY_MAX_IO_SZ + PROXY_HDR_SZ;