[libvirt] [PATCH 09/17] Fix leak in qemuParseCommandLineDisk on OOM

Fri Sep 27 16:12:56 UTC 2013

On Wed, Sep 25, 2013 at 3:21 AM, Daniel P. Berrange <berrange at redhat.com> wrote:
> On Tue, Sep 24, 2013 at 04:24:43PM -0500, Doug Goldstein wrote:
>> On Tue, Sep 24, 2013 at 11:03 AM, Daniel P. Berrange
>> <berrange at redhat.com> wrote:
>> > From: "Daniel P. Berrange" <berrange at redhat.com>
>> >
>> > If OOM occurs in qemuParseCommandLineDisk some intermediate
>> > variables will be leaked when parsing Sheepdog or RBD disks.
>> >
>> > Signed-off-by: Daniel P. Berrange <berrange at redhat.com>
>> > ---
>> >  src/qemu/qemu_command.c | 17 ++++++++++-------
>> >  1 file changed, 10 insertions(+), 7 deletions(-)
>> >
>> > diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
>> > index a82c5dd..f6a3aa2 100644
>> > --- a/src/qemu/qemu_command.c
>> > +++ b/src/qemu/qemu_command.c
>> > @@ -9935,8 +9935,10 @@ qemuParseCommandLineDisk(virDomainXMLOptionPtr xmlopt,
>> >                      if (VIR_STRDUP(def->src, p + strlen("rbd:")) < 0)
>> >                          goto error;
>> >                      /* old-style CEPH_ARGS env variable is parsed later */
>> > -                    if (!old_style_ceph_args && qemuParseRBDString(def) < 0)
>> > -                        goto cleanup;
>> > +                    if (!old_style_ceph_args && qemuParseRBDString(def) < 0) {
>> > +                        VIR_FREE(p);
>> > +                        goto error;
>> > +                    }
>> >
>> >                      VIR_FREE(p);
>> >                  } else if (STRPREFIX(def->src, "gluster:") ||
>> > @@ -9960,17 +9962,20 @@ qemuParseCommandLineDisk(virDomainXMLOptionPtr xmlopt,
>> >                      def->protocol = VIR_DOMAIN_DISK_PROTOCOL_SHEEPDOG;
>> >                      if (VIR_STRDUP(def->src, p + strlen("sheepdog:")) < 0)
>> >                          goto error;
>> > +                    VIR_FREE(p);
>> >
>> >                      /* def->src must be [vdiname] or [host]:[port]:[vdiname] */
>> >                      port = strchr(def->src, ':');
>> >                      if (port) {
>> > -                        *port++ = '\0';
>> > -                        vdi = strchr(port, ':');
>> > +                        *port = '\0';
>> > +                        vdi = strchr(port + 1, ':');
>> >                          if (!vdi) {
>> > +                            *port = ':';
>>
>> Is this bit necessary? Or is it for making the error message look better?
>
> Yep, we want to show the user their original full input, not the truncated
> one.

Ok. Makes sense. Just wanted to ask for clarification.

>
>>
>> >                              virReportError(VIR_ERR_INTERNAL_ERROR,
>> > -                                           _("cannot parse sheepdog filename '%s'"), p);
>> > +                                           _("cannot parse sheepdog filename '%s'"), def->src);
>> >                              goto error;
>
> Daniel
> --
> |: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
> |: http://libvirt.org              -o-             http://virt-manager.org :|
> |: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
> |: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|

-- 
Doug Goldstein