From patchwork Mon Mar 21 11:52:19 2011 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ulrich Obergfell X-Patchwork-Id: 87753 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.gnu.org (lists.gnu.org [199.232.76.165]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by ozlabs.org (Postfix) with ESMTPS id EA919B6F44 for ; Mon, 21 Mar 2011 22:53:02 +1100 (EST) Received: from localhost ([127.0.0.1]:59917 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1Q1dfN-0000co-8o for incoming@patchwork.ozlabs.org; Mon, 21 Mar 2011 07:52:57 -0400 Received: from [140.186.70.92] (port=35831 helo=eggs.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1Q1dep-0000Zp-34 for qemu-devel@nongnu.org; Mon, 21 Mar 2011 07:52:23 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Q1den-0007l7-HF for qemu-devel@nongnu.org; Mon, 21 Mar 2011 07:52:22 -0400 Received: from mx3-phx2.redhat.com ([209.132.183.24]:48941) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Q1den-0007kv-8p for qemu-devel@nongnu.org; Mon, 21 Mar 2011 07:52:21 -0400 Received: from mail03.corp.redhat.com (zmail07.collab.prod.int.phx2.redhat.com [10.5.5.47]) by mx3-phx2.redhat.com (8.13.8/8.13.8) with ESMTP id p2LBqJgD021993 for ; Mon, 21 Mar 2011 07:52:19 -0400 Date: Mon, 21 Mar 2011 07:52:19 -0400 (EDT) From: Ulrich Obergfell To: qemu-devel@nongnu.org Message-ID: <732683382.437646.1300708339597.JavaMail.root@zmail07.collab.prod.int.phx2.redhat.com> In-Reply-To: <649134907.437547.1300708075324.JavaMail.root@zmail07.collab.prod.int.phx2.redhat.com> MIME-Version: 1.0 X-Originating-IP: [10.5.5.71] X-Mailer: Zimbra 6.0.9_GA_2686 (ZimbraWebClient - FF3.0 (Linux)/6.0.9_GA_2686) X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 209.132.183.24 Subject: [Qemu-devel] vnc: severe memory leak caused by broken palette_destroy() function X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org The following commit breaks the code of the function palette_destroy(). http://git.kernel.org/?p=virt/kvm/qemu-kvm.git;a=commit;h=e31e3694afef58ba191cbcc6875ec243e5971268 The broken code causes a severe memory leak of 'VncPalette' structures because it never frees anything: 70 void palette_destroy(VncPalette *palette) 71 { 72 if (palette == NULL) { 73 qemu_free(palette); 74 } 75 } Calling qemu_free() unconditionally could be considered. However, the original code (prior to the aforementioned commit) returned immediately if 'palette' was NULL. In order to be closer to the original code, the proposed patch corrects the 'if' statement. Signed-off-by: Ulrich Obergfell diff -up ./ui/vnc-palette.c.orig0 ./ui/vnc-palette.c --- ./ui/vnc-palette.c.orig0 2011-03-15 03:53:22.000000000 +0100 +++ ./ui/vnc-palette.c 2011-03-20 11:52:57.257560295 +0100 @@ -69,7 +69,7 @@ void palette_init(VncPalette *palette, s void palette_destroy(VncPalette *palette) { - if (palette == NULL) { + if (palette) { qemu_free(palette); } }