[libvirt] [PATCH 1/2] conf: Fix memory leak in graphics XML parser

Peter Krempa pkrempa at redhat.com
Mon Jun 20 13:36:59 UTC 2016 

When loading status XMLs with following graphics definition:

  <graphics type='spice' port='5900' autoport='yes' listen='127.0.0.1'>
    <listen type='address' address='127.0.0.1' fromConfig='1'/>
    <image compression='off'/>
  </graphics>

libvirtd would leak a few bytes:

10 bytes in 1 blocks are definitely lost in loss record 71 of 1,127
   at 0x4C2C000: malloc (vg_replace_malloc.c:299)
   by 0x6789298: xmlStrndup (in /usr/lib64/libxml2.so.2.9.4)
   by 0x552AB0A: virXMLPropString (virxml.c:479)
   by 0x5539536: virDomainGraphicsListensParseXML (domain_conf.c:11171)
   by 0x553DD5E: virDomainGraphicsDefParseXMLSpice (domain_conf.c:11414)
   by 0x553DD5E: virDomainGraphicsDefParseXML (domain_conf.c:11749)
   by 0x5566061: virDomainDefParseXML (domain_conf.c:16939)
   by 0x556953F: virDomainObjParseXML (domain_conf.c:17348)
   by 0x556953F: virDomainObjParseNode (domain_conf.c:17513)
   by 0x5569902: virDomainObjParseFile (domain_conf.c:17532)
   by 0x5571E02: virDomainObjListLoadStatus (virdomainobjlist.c:514)
   by 0x5571E02: virDomainObjListLoadAllConfigs (virdomainobjlist.c:596)
   by 0x26E0BDC8: qemuStateInitialize (qemu_driver.c:911)
   by 0x55B1FDB: virStateInitialize (libvirt.c:770)
   by 0x122039: daemonRunStateInit (libvirtd.c:960)
---
There might be some other for me invisible bug in the logic of handling of the
glisten definition which might make this disappear too, but I'm not really into
this code.

 src/conf/domain_conf.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index fb6f58d..0b642a1 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -11190,13 +11190,13 @@ virDomainGraphicsListensParseXML(virDomainGraphicsDefPtr def,
             newListen.type == VIR_DOMAIN_GRAPHICS_LISTEN_TYPE_SOCKET) {
             virDomainGraphicsListenDefClear(glisten);
             *glisten = newListen;
+            memset(&newListen, 0, sizeof(newListen));
         }
     }

     ret = 0;
  error:
-    if (ret < 0)
-        virDomainGraphicsListenDefClear(&newListen);
+    virDomainGraphicsListenDefClear(&newListen);
     VIR_FREE(listenNodes);
     VIR_FREE(socketPath);
     ctxt->node = save;
-- 
2.8.3

More information about the libvir-list mailing list