* [Qemu-devel] [PATCH for-2.6] crypto: Avoid memory leak on failure
@ 2016-04-01 15:57 Eric Blake
2016-04-01 16:52 ` [Qemu-devel] [Qemu-block] " Max Reitz
0 siblings, 1 reply; 4+ messages in thread
From: Eric Blake @ 2016-04-01 15:57 UTC (permalink / raw)
To: qemu-devel; +Cc: Kevin Wolf, open list:Block layer core
Commit 7836857 introduced a memory leak due to invalid use of
Error vs. visit_type_end(). If visiting the intermediate
members fails, we clear the error and unconditionally use
visit_end_struct() on the same error object; but if that
cleanup succeeds, we then skip the qapi_free call.
Until a later patch adds visit_check_struct(), the only safe
approach is to use two separate error objects.
Signed-off-by: Eric Blake <eblake@redhat.com>
---
block/crypto.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/block/crypto.c b/block/crypto.c
index be34985..1903e84 100644
--- a/block/crypto.c
+++ b/block/crypto.c
@@ -196,6 +196,7 @@ block_crypto_open_opts_init(QCryptoBlockFormat format,
OptsVisitor *ov;
QCryptoBlockOpenOptions *ret = NULL;
Error *local_err = NULL;
+ Error *end_err = NULL;
ret = g_new0(QCryptoBlockOpenOptions, 1);
ret->format = format;
@@ -218,10 +219,9 @@ block_crypto_open_opts_init(QCryptoBlockFormat format,
error_setg(&local_err, "Unsupported block format %d", format);
break;
}
- error_propagate(errp, local_err);
- local_err = NULL;
- visit_end_struct(opts_get_visitor(ov), &local_err);
+ visit_end_struct(opts_get_visitor(ov), &end_err);
+ error_propagate(&local_err, end_err);
out:
if (local_err) {
@@ -242,6 +242,7 @@ block_crypto_create_opts_init(QCryptoBlockFormat format,
OptsVisitor *ov;
QCryptoBlockCreateOptions *ret = NULL;
Error *local_err = NULL;
+ Error *end_err = NULL;
ret = g_new0(QCryptoBlockCreateOptions, 1);
ret->format = format;
@@ -264,10 +265,9 @@ block_crypto_create_opts_init(QCryptoBlockFormat format,
error_setg(&local_err, "Unsupported block format %d", format);
break;
}
- error_propagate(errp, local_err);
- local_err = NULL;
- visit_end_struct(opts_get_visitor(ov), &local_err);
+ visit_end_struct(opts_get_visitor(ov), &end_err);
+ error_propagate(&local_err, end_err);
out:
if (local_err) {
--
2.5.5
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [Qemu-devel] [Qemu-block] [PATCH for-2.6] crypto: Avoid memory leak on failure
2016-04-01 15:57 [Qemu-devel] [PATCH for-2.6] crypto: Avoid memory leak on failure Eric Blake
@ 2016-04-01 16:52 ` Max Reitz
2016-04-07 15:14 ` Markus Armbruster
0 siblings, 1 reply; 4+ messages in thread
From: Max Reitz @ 2016-04-01 16:52 UTC (permalink / raw)
To: Eric Blake, qemu-devel; +Cc: Kevin Wolf, open list:Block layer core
[-- Attachment #1.1: Type: text/plain, Size: 1057 bytes --]
On 01.04.2016 17:57, Eric Blake wrote:
> Commit 7836857 introduced a memory leak due to invalid use of
> Error vs. visit_type_end(). If visiting the intermediate
> members fails, we clear the error and unconditionally use
> visit_end_struct() on the same error object; but if that
> cleanup succeeds, we then skip the qapi_free call.
It's not really a memleak. Due to skipping those conditional branches
after the "out" label, a non-null value will be returned. In order to
determine whether the function call failed, the callers of these
functions do not use the errp value but the return value. Therefore,
they will think the call succeeded when actually it did not.
>
> Until a later patch adds visit_check_struct(), the only safe
> approach is to use two separate error objects.
>
> Signed-off-by: Eric Blake <eblake@redhat.com>
> ---
> block/crypto.c | 12 ++++++------
> 1 file changed, 6 insertions(+), 6 deletions(-)
Anyway, thanks, applied to my block branch:
https://github.com/XanClic/qemu/commits/block
Max
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 473 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [Qemu-devel] [Qemu-block] [PATCH for-2.6] crypto: Avoid memory leak on failure
2016-04-01 16:52 ` [Qemu-devel] [Qemu-block] " Max Reitz
@ 2016-04-07 15:14 ` Markus Armbruster
2016-04-07 16:23 ` Eric Blake
0 siblings, 1 reply; 4+ messages in thread
From: Markus Armbruster @ 2016-04-07 15:14 UTC (permalink / raw)
To: Max Reitz; +Cc: Kevin Wolf, qemu-devel, open list:Block layer core
Max Reitz <mreitz@redhat.com> writes:
> On 01.04.2016 17:57, Eric Blake wrote:
>> Commit 7836857 introduced a memory leak due to invalid use of
>> Error vs. visit_type_end(). If visiting the intermediate
>> members fails, we clear the error and unconditionally use
>> visit_end_struct() on the same error object; but if that
>> cleanup succeeds, we then skip the qapi_free call.
>
> It's not really a memleak. Due to skipping those conditional branches
> after the "out" label, a non-null value will be returned. In order to
> determine whether the function call failed, the callers of these
> functions do not use the errp value but the return value. Therefore,
> they will think the call succeeded when actually it did not.
Please amend the commit message accordingly.
>>
>> Until a later patch adds visit_check_struct(), the only safe
>> approach is to use two separate error objects.
>>
>> Signed-off-by: Eric Blake <eblake@redhat.com>
>> ---
>> block/crypto.c | 12 ++++++------
>> 1 file changed, 6 insertions(+), 6 deletions(-)
>
> Anyway, thanks, applied to my block branch:
>
> https://github.com/XanClic/qemu/commits/block
>
> Max
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [Qemu-devel] [Qemu-block] [PATCH for-2.6] crypto: Avoid memory leak on failure
2016-04-07 15:14 ` Markus Armbruster
@ 2016-04-07 16:23 ` Eric Blake
0 siblings, 0 replies; 4+ messages in thread
From: Eric Blake @ 2016-04-07 16:23 UTC (permalink / raw)
To: Markus Armbruster, Max Reitz
Cc: Kevin Wolf, qemu-devel, open list:Block layer core
[-- Attachment #1: Type: text/plain, Size: 1324 bytes --]
On 04/07/2016 09:14 AM, Markus Armbruster wrote:
> Max Reitz <mreitz@redhat.com> writes:
>
>> On 01.04.2016 17:57, Eric Blake wrote:
>>> Commit 7836857 introduced a memory leak due to invalid use of
>>> Error vs. visit_type_end(). If visiting the intermediate
>>> members fails, we clear the error and unconditionally use
>>> visit_end_struct() on the same error object; but if that
>>> cleanup succeeds, we then skip the qapi_free call.
>>
>> It's not really a memleak. Due to skipping those conditional branches
>> after the "out" label, a non-null value will be returned. In order to
>> determine whether the function call failed, the callers of these
>> functions do not use the errp value but the return value. Therefore,
>> they will think the call succeeded when actually it did not.
>
> Please amend the commit message accordingly.
Too late; already merged as 95c3df5a. [And welcome back - hope you
don't mind the backlog...]
(Locally it looks like a memory leak; it is only the wider analysis that
shows that the caller is not leaking things, but where the bug then
shifts to being a potential for the caller to abort if it tries to set
an error into the already-set errp)
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 604 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2016-04-07 16:24 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-04-01 15:57 [Qemu-devel] [PATCH for-2.6] crypto: Avoid memory leak on failure Eric Blake
2016-04-01 16:52 ` [Qemu-devel] [Qemu-block] " Max Reitz
2016-04-07 15:14 ` Markus Armbruster
2016-04-07 16:23 ` Eric Blake
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.