| Message ID | 57e9f8d8.a8059d0a.58e91.0d98@mx.google.com |
|---|---|
| State | New |
| Headers | show |
On Mon, 26 Sep 2016 21:42:26 -0700 Li Qiang <liq3ea@gmail.com> wrote: > From: Li Qiang <liqiang6-s@360.cn> > > In 9pfs read dispatch function, it doesn't free two QEMUIOVector > object thus causing potential memory leak. This patch avoid this. > Good catch for the leak, but I'd prefer another fix. See below. > Signed-off-by: Li Qiang <liqiang6-s@360.cn> > --- > hw/9pfs/9p.c | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c > index d960a2e..b1ff8e7 100644 > --- a/hw/9pfs/9p.c > +++ b/hw/9pfs/9p.c > @@ -1830,12 +1830,16 @@ static void v9fs_read(void *opaque) > } while (len == -EINTR && !pdu->cancelled); > if (len < 0) { > /* IO error return the error */ > + qemu_iovec_destroy(&qiov); > + qemu_iovec_destroy(&qiov_full); We already have these lines at the end of the code block for type P9_FID_FILE. Let's introduce an out_free_iovec: label and... > err = len; > goto out; goto out_free_iovec; > } > } while (count < max_count && len > 0); > err = pdu_marshal(pdu, offset, "d", count); > if (err < 0) { > + qemu_iovec_destroy(&qiov); > + qemu_iovec_destroy(&qiov_full); > goto out; Same here. > } > err += offset + count; As a valuable side effect, the error will be traced :) Cheers. -- Greg
diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c index d960a2e..b1ff8e7 100644 --- a/hw/9pfs/9p.c +++ b/hw/9pfs/9p.c @@ -1830,12 +1830,16 @@ static void v9fs_read(void *opaque) } while (len == -EINTR && !pdu->cancelled); if (len < 0) { /* IO error return the error */ + qemu_iovec_destroy(&qiov); + qemu_iovec_destroy(&qiov_full); err = len; goto out; } } while (count < max_count && len > 0); err = pdu_marshal(pdu, offset, "d", count); if (err < 0) { + qemu_iovec_destroy(&qiov); + qemu_iovec_destroy(&qiov_full); goto out; } err += offset + count;