From 59c80e9fd0cc0d6ca9ca1ecddf1fa9173321027c Mon Sep 17 00:00:00 2001 From: Michal Privoznik Date: Tue, 16 Feb 2021 11:27:56 +0100 Subject: [PATCH] qemu: Move qemuAgentFSInfo array free into qemuDomainGetFSInfo() MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit When qemuDomainGetFSInfo() is called it calls qemuDomainGetFSInfoAgent() which executes 'guest-get-fsinfo' guest agent command, parses returned JSON and returns an array of qemuAgentFSInfo structures (well, pointers to those structs). Then it grabs a domain job and tries to do some matching of guest returned info against domain definition. This matching is done in virDomainFSInfoFormat() which also frees the array of qemuAgentFSInfo structures allocated earlier. But this is not just. If acquiring the domain job fails (or domain activeness check executed right after that fails) then virDomainFSInfoFormat() is not called, leaking the array of structs. Signed-off-by: Michal Privoznik Reviewed-by: Ján Tomko --- src/qemu/qemu_driver.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index f59f9e13ba..71c823abd0 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -18978,7 +18978,6 @@ virDomainFSInfoFormat(qemuAgentFSInfoPtr *agentinfo, cleanup: for (i = 0; i < nagentinfo; i++) { - qemuAgentFSInfoFree(agentinfo[i]); /* if there was an error, free any memory we've allocated for the * return value */ if (info_ret) @@ -18997,7 +18996,7 @@ qemuDomainGetFSInfo(virDomainPtr dom, virDomainObjPtr vm; qemuAgentFSInfoPtr *agentinfo = NULL; int ret = -1; - int nfs; + int nfs = 0; virCheckFlags(0, ret); @@ -19022,7 +19021,12 @@ qemuDomainGetFSInfo(virDomainPtr dom, qemuDomainObjEndJob(driver, vm); cleanup: - g_free(agentinfo); + if (agentinfo) { + size_t i; + for (i = 0; i < nfs; i++) + qemuAgentFSInfoFree(agentinfo[i]); + g_free(agentinfo); + } virDomainObjEndAPI(&vm); return ret; } -- 2.39.5