diff mbox

9pfs: fix memory leak in v9fs_write

Message ID 57fe330b.4685240a.25d2d.b26c@mx.google.com
State New
Headers show

Commit Message

Li Qiang Oct. 12, 2016, 12:56 p.m. UTC 
From: Li Qiang <liqiang6-s@360.cn>

If an error occurs when marshal the transfer length to the guest,
the v9fs_write doesn't free a IO vector, thus leading a memory leak.
This patch fix this.

Signed-off-by: Li Qiang <liqiang6-s@360.cn>
---
 fsdev/9p-iov-marshal.c | 2 +-
 hw/9pfs/9p.c           | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)
diff mbox

Patch

diff --git a/fsdev/9p-iov-marshal.c b/fsdev/9p-iov-marshal.c
index 663cad5..1d16f8d 100644
--- a/fsdev/9p-iov-marshal.c
+++ b/fsdev/9p-iov-marshal.c
@@ -125,7 +125,7 @@  ssize_t v9fs_iov_vunmarshal(struct iovec *out_sg, int out_num, size_t offset,
                 str->data = g_malloc(str->size + 1);
                 copied = v9fs_unpack(str->data, out_sg, out_num, offset,
                                      str->size);
-                if (copied > 0) {
+                if (copied >= 0) {
                     str->data[str->size] = 0;
                 } else {
                     v9fs_string_free(str);
diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
index 29f8b7a..76522e7 100644
--- a/hw/9pfs/9p.c
+++ b/hw/9pfs/9p.c
@@ -2090,7 +2090,7 @@  static void v9fs_write(void *opaque)
     offset = 7;
     err = pdu_marshal(pdu, offset, "d", total);
     if (err < 0) {
-        goto out;
+        goto out_qiov;
     }
     err += offset;
     trace_v9fs_write_return(pdu->tag, pdu->id, total, err);