From: Eric Blake Date: Wed, 23 Jul 2014 04:18:07 +0000 (-0600) Subject: nwfilter: plug memory leak with firewall X-Git-Tag: v1.2.7-rc1~33 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ee70839bbf76e0033611fa99c23d8920c3d403f4;p=thirdparty%2Flibvirt.git nwfilter: plug memory leak with firewall Introduced in commit 70571ccc (v1.2.4). Caught by valgrind: ==9816== 170 (32 direct, 138 indirect) bytes in 1 blocks are definitely lost in loss record 646 of 821 ==9816== at 0x4A081D4: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==9816== by 0x50836FB: virAlloc (viralloc.c:144) ==9816== by 0x50AEC2B: virFirewallNew (virfirewall.c:204) ==9816== by 0x1E2308ED: ebiptablesDriverProbeStateMatch (nwfilter_ebiptables_driver.c:3715) ==9816== by 0x1E2309AD: ebiptablesDriverInit (nwfilter_ebiptables_driver.c:3742) * src/nwfilter/nwfilter_ebiptables_driver.c (ebiptablesDriverProbeStateMatch): Properly clean up. Signed-off-by: Eric Blake --- diff --git a/src/nwfilter/nwfilter_ebiptables_driver.c b/src/nwfilter/nwfilter_ebiptables_driver.c index 1701d628d1..d41133c1ce 100644 --- a/src/nwfilter/nwfilter_ebiptables_driver.c +++ b/src/nwfilter/nwfilter_ebiptables_driver.c @@ -3713,6 +3713,7 @@ ebiptablesDriverProbeStateMatch(void) { unsigned long version; virFirewallPtr fw = virFirewallNew(); + int ret = -1; virFirewallStartTransaction(fw, 0); virFirewallAddRuleFull(fw, VIR_FIREWALL_LAYER_IPV4, @@ -3720,7 +3721,7 @@ ebiptablesDriverProbeStateMatch(void) "--version", NULL); if (virFirewallApply(fw) < 0) - return -1; + goto cleanup; /* * since version 1.4.16 '-m state --state ...' will be converted to @@ -3729,7 +3730,10 @@ ebiptablesDriverProbeStateMatch(void) if (version >= 1 * 1000000 + 4 * 1000 + 16) newMatchState = true; - return 0; + ret = 0; + cleanup: + virFirewallFree(fw); + return ret; } static int