[4/8] qcow2-cluster: Fix memory leak in copy_sectors

Message ID	1401154805-11980-5-git-send-email-arei.gonglei@huawei.com
State	New
Headers	show Return-Path: <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org> From: <arei.gonglei@huawei.com> To: <qemu-devel@nongnu.org> Date: Tue, 27 May 2014 09:40:01 +0800 Message-ID: <1401154805-11980-5-git-send-email-arei.gonglei@huawei.com> In-Reply-To: <1401154805-11980-1-git-send-email-arei.gonglei@huawei.com> References: <1401154805-11980-1-git-send-email-arei.gonglei@huawei.com> MIME-Version: 1.0 Content-Type: text/plain Cc: kwolf@redhat.com, peter.crosthwaite@xilinx.com, weidong.huang@huawei.com, aliguori@amazon.com, mst@redhat.com, luonengjun@huawei.com, armbru@redhat.com, lcapitulino@redhat.com, qiaonuohan@cn.fujitsu.com, Gonglei <arei.gonglei@huawei.com>, av1474@comtv.ru, kraxel@redhat.com, stefanha@redhat.com, crobinso@redhat.com, pbonzini@redhat.com, lersek@redhat.com, afaerber@suse.de Subject: [Qemu-devel] [PATCH 4/8] qcow2-cluster: Fix memory leak in copy_sectors Precedence: list Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org

Message ID

1401154805-11980-5-git-send-email-arei.gonglei@huawei.com

State

New

Headers

From: <arei.gonglei@huawei.com>
To: <qemu-devel@nongnu.org>
Date: Tue, 27 May 2014 09:40:01 +0800
Message-ID: <1401154805-11980-5-git-send-email-arei.gonglei@huawei.com>
In-Reply-To: <1401154805-11980-1-git-send-email-arei.gonglei@huawei.com>
References: <1401154805-11980-1-git-send-email-arei.gonglei@huawei.com>
MIME-Version: 1.0
Content-Type: text/plain
Cc: kwolf@redhat.com, peter.crosthwaite@xilinx.com, weidong.huang@huawei.com,
	aliguori@amazon.com, mst@redhat.com, luonengjun@huawei.com,
	armbru@redhat.com, lcapitulino@redhat.com,
	qiaonuohan@cn.fujitsu.com, Gonglei <arei.gonglei@huawei.com>,
	av1474@comtv.ru, kraxel@redhat.com, stefanha@redhat.com,
	crobinso@redhat.com, pbonzini@redhat.com, lersek@redhat.com,
	afaerber@suse.de
Subject: [Qemu-devel] [PATCH 4/8] qcow2-cluster: Fix memory leak in
	copy_sectors
Precedence: list
Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org
Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org

Commit Message

Gonglei (Arei) May 27, 2014, 1:40 a.m. UTC

From: Gonglei <arei.gonglei@huawei.com>

Spotted by Coverity:

(3) Event alloc_fn:  Storage is returned from allocation function "qemu_blockalign(BlockDriverState *, size_t)". [details]
(4) Event var_assign:  Assigning: "iov.iov_base" = storage returned from "qemu_blockalign(bs, iov.iov_len)".
Also see events:  [leaked_storage]

375         iov.iov_base = qemu_blockalign(bs, iov.iov_len);
376
377         qemu_iovec_init_external(&qiov, &iov, 1);
378
379         BLKDBG_EVENT(bs->file, BLKDBG_COW_READ);
380
(5) Event cond_true:  Condition "!bs->drv", taking true branch

381         if (!bs->drv) {
(6) Event leaked_storage:  Variable "iov" going out of scope leaks the storage "iov.iov_base" points to.
Also see events:  [alloc_fn][var_assign]

382             return -ENOMEDIUM;
383         }

Signed-off-by: Gonglei <arei.gonglei@huawei.com>
---
 block/qcow2-cluster.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

Comments

Stefan Hajnoczi May 27, 2014, 11:33 a.m. UTC | #1

On Tue, May 27, 2014 at 09:40:01AM +0800, arei.gonglei@huawei.com wrote:
> From: Gonglei <arei.gonglei@huawei.com>
> 
> Spotted by Coverity:
> 
> (3) Event alloc_fn:  Storage is returned from allocation function "qemu_blockalign(BlockDriverState *, size_t)". [details]
> (4) Event var_assign:  Assigning: "iov.iov_base" = storage returned from "qemu_blockalign(bs, iov.iov_len)".
> Also see events:  [leaked_storage]
> 
> 375         iov.iov_base = qemu_blockalign(bs, iov.iov_len);
> 376
> 377         qemu_iovec_init_external(&qiov, &iov, 1);
> 378
> 379         BLKDBG_EVENT(bs->file, BLKDBG_COW_READ);
> 380
> (5) Event cond_true:  Condition "!bs->drv", taking true branch
> 
> 381         if (!bs->drv) {
> (6) Event leaked_storage:  Variable "iov" going out of scope leaks the storage "iov.iov_base" points to.
> Also see events:  [alloc_fn][var_assign]
> 
> 382             return -ENOMEDIUM;
> 383         }
> 
> Signed-off-by: Gonglei <arei.gonglei@huawei.com>
> ---
>  block/qcow2-cluster.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)

Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>

diff --git a/block/qcow2-cluster.c b/block/qcow2-cluster.c
index 76d2bcf..4208dc0 100644
--- a/block/qcow2-cluster.c
+++ b/block/qcow2-cluster.c
@@ -379,7 +379,8 @@  static int coroutine_fn copy_sectors(BlockDriverState *bs,
     BLKDBG_EVENT(bs->file, BLKDBG_COW_READ);
 
     if (!bs->drv) {
-        return -ENOMEDIUM;
+        ret = -ENOMEDIUM;
+        goto out;
     }
 
     /* Call .bdrv_co_readv() directly instead of using the public block-layer

[4/8] qcow2-cluster: Fix memory leak in copy_sectors

Commit Message

Comments

Patch