[PULL 42/48] vl: fix leak of qdict_crumple return value

From: Paolo Bonzini <pbonzini@redhat.com>
To: qemu-devel@nongnu.org
Cc: Peter Maydell <peter.maydell@linaro.org>
Subject: [PULL 42/48] vl: fix leak of qdict_crumple return value
Date: Thu,  8 Jul 2021 17:17:42 +0200	[thread overview]
Message-ID: <20210708151748.408754-43-pbonzini@redhat.com> (raw)
In-Reply-To: <20210708151748.408754-1-pbonzini@redhat.com>

Coverity reports that qemu_parse_config_group is returning without
unrefing the "crumpled" dictionary in case its top level item is a
list.  But actually the contract with qemu_record_config_group is
the same as for qemu_parse_config_group itself: if those function
need to stash the dictionary they get, they have to take a reference
themselves (currently this is never the case for either function).
Therefore, just add an unconditional qobject_unref(crumpled) to
qemu_parse_config_group.

Reported-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 softmmu/vl.c | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/softmmu/vl.c b/softmmu/vl.c
index 2004d57108..4df1496101 100644
--- a/softmmu/vl.c
+++ b/softmmu/vl.c
@@ -2193,12 +2193,17 @@ static void qemu_parse_config_group(const char *group, QDict *qdict,
     if (!crumpled) {
         return;
     }
-    if (qobject_type(crumpled) != QTYPE_QDICT) {
-        assert(qobject_type(crumpled) == QTYPE_QLIST);
+    switch (qobject_type(crumpled)) {
+    case QTYPE_QDICT:
+        qemu_record_config_group(group, qobject_to(QDict, crumpled), false, errp);
+        break;
+    case QTYPE_QLIST:
         error_setg(errp, "Lists cannot be at top level of a configuration section");
-        return;
+        break;
+    default:
+        g_assert_not_reached();
     }
-    qemu_record_config_group(group, qobject_to(QDict, crumpled), false, errp);
+    qobject_unref(crumpled);
 }
 
 static void qemu_read_default_config_file(Error **errp)
-- 
2.31.1



