From cd00c706955c80bea47b143d5619b11b1399c108 Mon Sep 17 00:00:00 2001 From: Michal Privoznik Date: Wed, 10 Sep 2025 10:21:48 +0200 Subject: [PATCH] ch: Avoid memory leak in virCHProcessEvents() MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit The aim of virCHProcessEvents() is to read data (in JSON format) from CH monitor and then process them. To parse incoming data virJSONValueFromString() is used. But the corresponding virJSONValue is freed only when processing of an even succeeds. If processing an event fails, then the memory is not freed leading to a memory leak. 334 (24 direct, 310 indirect) bytes in 1 blocks are definitely lost in loss record 1,975 of 2,040 at 0x4919EF3: calloc (vg_replace_malloc.c:1675) by 0x4FEB249: g_malloc0 (in /usr/lib64/libglib-2.0.so.0.8400.3) by 0x4A66162: virJSONValueNewObject (virjson.c:533) by 0x4A67E74: virJSONValueFromJsonC (virjson.c:1413) by 0x4A681A5: virJSONValueFromString (virjson.c:1484) by 0xB8CD9D7: virCHProcessEvents (ch_events.c:179) by 0xB8CDCDC: virCHReadProcessEvents (ch_events.c:251) by 0xB8CDEBB: virCHEventHandlerLoop (ch_events.c:284) by 0x4AC1EB4: virThreadHelper (virthread.c:256) by 0x5441DE3: start_thread (in /usr/lib64/libc.so.6) by 0x54C25F3: clone (in /usr/lib64/libc.so.6) Signed-off-by: Michal Privoznik Reviewed-by: Ján Tomko --- src/ch/ch_events.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/ch/ch_events.c b/src/ch/ch_events.c index be572dfde3..25c7ecf90a 100644 --- a/src/ch/ch_events.c +++ b/src/ch/ch_events.c @@ -152,7 +152,6 @@ virCHProcessEvents(virCHMonitor *mon) virDomainObj *vm = mon->vm; char *buf = mon->event_buffer.buffer; ssize_t sz = mon->event_buffer.buf_fill_sz; - virJSONValue *obj = NULL; int blocks = 0; size_t i = 0; char *json_start; @@ -168,6 +167,8 @@ virCHProcessEvents(virCHMonitor *mon) } else if (buf[i] == '}' && blocks > 0) { blocks--; if (blocks == 0) { + g_autoptr(virJSONValue) obj = NULL; + /* valid json document */ end_index = i; @@ -182,7 +183,6 @@ virCHProcessEvents(virCHMonitor *mon) vm->def->name, json_start); return -1; } - virJSONValueFree(obj); } else { VIR_ERROR(_("%1$s: Invalid JSON event doc: %2$s"), vm->def->name, json_start); -- 2.47.3