On 2014/8/28 4:54, John Ferlan wrote:
Coverity found that on error paths, the 'arg' value wasn't be cleaned up. Followed the example in qemuAgentSetVCPUs() where upon successful call to qemuAgentCommand() the 'cpus' is set to NULL; otherwise, when cleanup occurs the free the memory for 'arg'
Signed-off-by: John Ferlan <jferlan@redhat.com> --- src/qemu/qemu_agent.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/qemu/qemu_agent.c b/src/qemu/qemu_agent.c index a10954a..fe38f6d 100644 --- a/src/qemu/qemu_agent.c +++ b/src/qemu/qemu_agent.c @@ -1328,7 +1328,7 @@ int qemuAgentFSFreeze(qemuAgentPtr mon, const char **mountpoints, unsigned int nmountpoints) { int ret = -1; - virJSONValuePtr cmd, arg; + virJSONValuePtr cmd, arg = NULL; virJSONValuePtr reply = NULL;
if (mountpoints && nmountpoints) { @@ -1343,7 +1343,8 @@ int qemuAgentFSFreeze(qemuAgentPtr mon, const char **mountpoints, }
if (!cmd) - return -1; + goto cleanup; + arg = NULL;
Setting arg to NULL can also lead to memory leak. It makes virJSONValueFree(arg) below invalid.
if (qemuAgentCommand(mon, cmd, &reply, true, VIR_DOMAIN_QEMU_AGENT_COMMAND_BLOCK) < 0) @@ -1355,6 +1356,7 @@ int qemuAgentFSFreeze(qemuAgentPtr mon, const char **mountpoints, }
cleanup: + virJSONValueFree(arg); virJSONValueFree(cmd); virJSONValueFree(reply); return ret;