From: Michal Privoznik Date: Tue, 16 Feb 2021 10:27:56 +0000 (+0100) Subject: qemu: Move qemuAgentFSInfo array free into qemuDomainGetFSInfo() X-Git-Tag: v7.1.0-rc1~94 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=59c80e9fd0cc0d6ca9ca1ecddf1fa9173321027c;p=thirdparty%2Flibvirt.git qemu: Move qemuAgentFSInfo array free into qemuDomainGetFSInfo() When qemuDomainGetFSInfo() is called it calls qemuDomainGetFSInfoAgent() which executes 'guest-get-fsinfo' guest agent command, parses returned JSON and returns an array of qemuAgentFSInfo structures (well, pointers to those structs). Then it grabs a domain job and tries to do some matching of guest returned info against domain definition. This matching is done in virDomainFSInfoFormat() which also frees the array of qemuAgentFSInfo structures allocated earlier. But this is not just. If acquiring the domain job fails (or domain activeness check executed right after that fails) then virDomainFSInfoFormat() is not called, leaking the array of structs. Signed-off-by: Michal Privoznik Reviewed-by: Ján Tomko --- diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index f59f9e13ba..71c823abd0 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -18978,7 +18978,6 @@ virDomainFSInfoFormat(qemuAgentFSInfoPtr *agentinfo, cleanup: for (i = 0; i < nagentinfo; i++) { - qemuAgentFSInfoFree(agentinfo[i]); /* if there was an error, free any memory we've allocated for the * return value */ if (info_ret) @@ -18997,7 +18996,7 @@ qemuDomainGetFSInfo(virDomainPtr dom, virDomainObjPtr vm; qemuAgentFSInfoPtr *agentinfo = NULL; int ret = -1; - int nfs; + int nfs = 0; virCheckFlags(0, ret); @@ -19022,7 +19021,12 @@ qemuDomainGetFSInfo(virDomainPtr dom, qemuDomainObjEndJob(driver, vm); cleanup: - g_free(agentinfo); + if (agentinfo) { + size_t i; + for (i = 0; i < nfs; i++) + qemuAgentFSInfoFree(agentinfo[i]); + g_free(agentinfo); + } virDomainObjEndAPI(&vm); return ret; }