Plug leak in virCgroupMoveTask

We only break out of the while loop if *content is an empty string.
However the buffer has been allocated to BUFSIZ + 1 (8193 in my case),
but it gets overwritten in the next for iteration.

Move VIR_FREE right before we overwrite it to avoid the leak.

==5777== 16,386 bytes in 2 blocks are definitely lost in loss record 1,022 of 1,027
==5777==    by 0x5296E28: virReallocN (viralloc.c:184)
==5777==    by 0x52B0C66: virFileReadLimFD (virfile.c:1137)
==5777==    by 0x52B0E1A: virFileReadAll (virfile.c:1199)
==5777==    by 0x529B092: virCgroupGetValueStr (vircgroup.c:534)
==5777==    by 0x529AF64: virCgroupMoveTask (vircgroup.c:1079)

Introduced by 83e4c77.

https://bugzilla.redhat.com/show_bug.cgi?id=978352

diff --git a/src/util/vircgroup.c b/src/util/vircgroup.c
index a0ee3f74afa9d8f09d7ebaa75a142be9be96c90a..ae718592863da3d59542038ea3fa5505ce55378c 100644 (file)
--- a/src/util/vircgroup.c
+++ b/src/util/vircgroup.c
@@ -1076,6 +1076,7 @@ int virCgroupMoveTask(virCgroupPtr src_group, virCgroupPtr dest_group)
          * aware that it needs to move.  Therefore, we must iterate
          * until content is empty.  */
         while (1) {
+            VIR_FREE(content);
             rc = virCgroupGetValueStr(src_group, i, "tasks", &content);
             if (rc != 0)
                 return rc;
@@ -1085,8 +1086,6 @@ int virCgroupMoveTask(virCgroupPtr src_group, virCgroupPtr dest_group)
             rc = virCgroupAddTaskStrController(dest_group, content, i);
             if (rc != 0)
                 goto cleanup;
-
-            VIR_FREE(content);
         }
     }