All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH v2 0/2] qemu-config: never call the callback after an error, fix leak
@ 2021-07-14 15:13 Paolo Bonzini
  2021-07-14 15:13 ` [PATCH v2 1/2] qemu-config: never call the callback after an error Paolo Bonzini
  2021-07-14 15:13 ` [PATCH v2 2/2] qemu-config: fix memory leak on ferror() Paolo Bonzini
  0 siblings, 2 replies; 3+ messages in thread
From: Paolo Bonzini @ 2021-07-14 15:13 UTC (permalink / raw)
  To: qemu-devel; +Cc: armbru

The second patch fixes a memory leak in qemu_config_foreach, reported by
Coverity.  The first is an issue in the same place that was found by
inspection of code in the surroundings of the leak.

Paolo

v1->v2: split in two, keep loc_pop the same

Paolo Bonzini (2):
  qemu-config: never call the callback after an error, fix leak
  qemu-config: fix memory leak on ferror()

 util/qemu-config.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

-- 
2.31.1



^ permalink raw reply	[flat|nested] 3+ messages in thread
* [PATCH v2 1/2] qemu-config: never call the callback after an error
  2021-07-14 15:13 [PATCH v2 0/2] qemu-config: never call the callback after an error, fix leak Paolo Bonzini
@ 2021-07-14 15:13 ` Paolo Bonzini
  2021-07-14 15:13 ` [PATCH v2 2/2] qemu-config: fix memory leak on ferror() Paolo Bonzini
  1 sibling, 0 replies; 3+ messages in thread
From: Paolo Bonzini @ 2021-07-14 15:13 UTC (permalink / raw)
  To: qemu-devel; +Cc: armbru

Ensure that the callback to qemu_config_foreach is never called upon
an error, by moving the invocation before the "out" label.

Cc: armbru@redhat.com
Fixes: 3770141139 ("qemu-config: parse configuration files to a QDict", 2021-06-04)
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 util/qemu-config.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/util/qemu-config.c b/util/qemu-config.c
index 84ee6dc4ea..7db810f1e0 100644
--- a/util/qemu-config.c
+++ b/util/qemu-config.c
@@ -417,12 +417,12 @@ static int qemu_config_foreach(FILE *fp, QEMUConfigCB *cb, void *opaque,
         return res;
     }
     res = count;
-out:
     if (qdict) {
         cb(group, qdict, opaque, errp);
-        qobject_unref(qdict);
     }
+out:
     loc_pop(&loc);
+    qobject_unref(qdict);
     return res;
 }
 
-- 
2.31.1




^ permalink raw reply related	[flat|nested] 3+ messages in thread
* [PATCH v2 2/2] qemu-config: fix memory leak on ferror()
  2021-07-14 15:13 [PATCH v2 0/2] qemu-config: never call the callback after an error, fix leak Paolo Bonzini
  2021-07-14 15:13 ` [PATCH v2 1/2] qemu-config: never call the callback after an error Paolo Bonzini
@ 2021-07-14 15:13 ` Paolo Bonzini
  1 sibling, 0 replies; 3+ messages in thread
From: Paolo Bonzini @ 2021-07-14 15:13 UTC (permalink / raw)
  To: qemu-devel; +Cc: Peter Maydell, armbru

The leak is basically impossible to reach, since the only common way
to get ferror(fp) is by passing a directory to -readconfig.  In that
case, the error occurs before qdict is set to anything non-NULL.
However, it's theoretically possible to get there after an EIO.

Cc: armbru@redhat.com
Reported-by: Peter Maydell <peter.maydell@linaro.org>
Fixes: f7544edcd3 ("qemu-config: add error propagation to qemu_config_parse", 2021-03-06)
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 util/qemu-config.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/util/qemu-config.c b/util/qemu-config.c
index 7db810f1e0..fdf6cd69fc 100644
--- a/util/qemu-config.c
+++ b/util/qemu-config.c
@@ -414,7 +414,7 @@ static int qemu_config_foreach(FILE *fp, QEMUConfigCB *cb, void *opaque,
     if (ferror(fp)) {
         loc_pop(&loc);
         error_setg_errno(errp, errno, "Cannot read config file");
-        return res;
+        goto out_no_loc;
     }
     res = count;
     if (qdict) {
@@ -422,6 +422,7 @@ static int qemu_config_foreach(FILE *fp, QEMUConfigCB *cb, void *opaque,
     }
 out:
     loc_pop(&loc);
+out_no_loc:
     qobject_unref(qdict);
     return res;
 }
-- 
2.31.1



^ permalink raw reply related	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-07-14 15:33 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-07-14 15:13 [PATCH v2 0/2] qemu-config: never call the callback after an error, fix leak Paolo Bonzini
2021-07-14 15:13 ` [PATCH v2 1/2] qemu-config: never call the callback after an error Paolo Bonzini
2021-07-14 15:13 ` [PATCH v2 2/2] qemu-config: fix memory leak on ferror() Paolo Bonzini

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.