[libvirt] [PATCH] qemuMonitorTextGetMemoryStats: plug a leak on an error path

Jim Meyering jim at meyering.net
Wed Jan 20 17:48:31 UTC 2010 

Coverity complained about a leak via this return -1
in qemu_monitor_text.c:

  int qemuMonitorTextGetMemoryStats(qemuMonitorPtr mon,
                                    virDomainMemoryStatPtr stats,
                                    unsigned int nr_stats)
  {
      char *reply = NULL;
      int ret = 0;
      char *offset;

      if (qemuMonitorCommand(mon, "info balloon", &reply) < 0) {
          qemudReportError(NULL, NULL, NULL, VIR_ERR_OPERATION_FAILED,
                           "%s", _("could not query memory balloon statistics"));
          return -1;
      }

That can happen because
qemuMonitorCommand calls
qemuMonitorCommandWithFd which calls
qemuMonitorCommandWithHandler, which does this:


218    ret = qemuMonitorSend(mon, &msg);
...
228  	    if (msg.rxBuffer) {
229  	        *reply = msg.rxBuffer;
230  	    } else {
231  	        *reply = strdup("");
232  	        if (!*reply) {
233  	            virReportOOMError(NULL);
234  	            return -1;
235  	        }
236  	    }
237
238  	    if (ret < 0)
239  	        virReportSystemError(NULL, msg.lastErrno,
240  	                             _("cannot send monitor command '%s'"), cmd);
241
242  	    return ret;
243  	}

That function breaks contract by failing to free *reply when it
returns a negative value.  Here's the fix:

>From 3b44df075f9d4330ec27d59eddaa0a32c20d7ac1 Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyering at redhat.com>
Date: Wed, 20 Jan 2010 18:24:47 +0100
Subject: [PATCH] qemuMonitorTextGetMemoryStats: plug a leak on an error path

* src/qemu/qemu_monitor_text.c (qemuMonitorCommandWithHandler):
Always free *reply, upon failure.
---
 src/qemu/qemu_monitor_text.c |    6 ++++--
 1 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/qemu/qemu_monitor_text.c b/src/qemu/qemu_monitor_text.c
index c3848b5..d921c7e 100644
--- a/src/qemu/qemu_monitor_text.c
+++ b/src/qemu/qemu_monitor_text.c
@@ -1,7 +1,7 @@
 /*
  * qemu_monitor_text.c: interaction with QEMU monitor console
  *
- * Copyright (C) 2006-2009 Red Hat, Inc.
+ * Copyright (C) 2006-2010 Red Hat, Inc.
  * Copyright (C) 2006 Daniel P. Berrange
  *
  * This library is free software; you can redistribute it and/or
@@ -235,9 +235,11 @@ qemuMonitorCommandWithHandler(qemuMonitorPtr mon,
         }
     }

-    if (ret < 0)
+    if (ret < 0) {
         virReportSystemError(NULL, msg.lastErrno,
                              _("cannot send monitor command '%s'"), cmd);
+        VIR_FREE(*reply);
+    }

     return ret;
 }
--
1.6.6.516.gb72f

More information about the libvir-list mailing list