[libvirt] [PATCH 11/17] Fix leak in qemuStringToArgvEnv upon OOM

[Daniel P. Berrange]

From: "Daniel P. Berrange" <berrange at redhat.com>

The 'qemuStringToArgvEnv' method splits up a string of command
line env/args to an 'arglist' array. It then copies env vars
to a 'progenv' array and args to a 'progargv' array. When
copyin the env vars, it NULL-ifies the element in 'arglist'
that is copied.

Upon OOM the 'virStringListFree' is called on progenv and
arglist. Unfortunately, because the elements in 'arglist'
related to env vars have been set to NULL, the call to
virStringListFree(arglist) doesn't free anything, even
though some non-NULL args vars still exist later in the
array.

To fix this leak, stop NULL-ifying the 'arglist' elements,
and change the cleanup code to only free elements in the
'arglist' array, not 'progenv'.

Signed-off-by: Daniel P. Berrange <berrange at redhat.com>
---
 src/qemu/qemu_command.c | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index fe53cf7..7029335 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -9724,10 +9724,8 @@ static int qemuStringToArgvEnv(const char *args,
     if (envend > 0) {
         if (VIR_REALLOC_N(progenv, envend+1) < 0)
             goto error;
-        for (i = 0; i < envend; i++) {
+        for (i = 0; i < envend; i++)
             progenv[i] = arglist[i];
-            arglist[i] = NULL;
-        }
         progenv[i] = NULL;
     }
 
@@ -9746,7 +9744,8 @@ static int qemuStringToArgvEnv(const char *args,
     return 0;
 
 error:
-    virStringFreeList(progenv);
+    VIR_FREE(progenv);
+    VIR_FREE(progargv);
     virStringFreeList(arglist);
     return -1;
 }
-- 
1.8.3.1