On Wed, Jun 03, 2020 at 06:42:10 -0400, John Ferlan wrote:
First time in a while - Coverity complained this morning
[...]
diff --git a/src/lxc/lxc_fuse.c b/src/lxc/lxc_fuse.c index e73b4d0690..c4223f4e06 100644 --- a/src/lxc/lxc_fuse.c +++ b/src/lxc/lxc_fuse.c @@ -326,10 +326,10 @@ int lxcSetupFuse(virLXCFusePtr *f, virDomainDefPtr def) *f = fuse;
^^ Event use_after_free: Using freed pointer "fuse". Also see events: [alias][freed_arg]
return ret; cleanup1: - VIR_FREE(fuse->mountpoint); + g_free(fuse->mountpoint); virMutexDestroy(&fuse->lock); cleanup2: - VIR_FREE(fuse); + g_free(fuse);
^^ Event freed_arg: "g_free" frees "fuse".
A fuse = NULL; here will make coverity happy, but not sure if that's standard any more... The VIR_FREE would have done thta for us IIRC.
The equivalent replacement for 'VIR_FREE' is 'g_clear_pointer(&ptr, g_free)' as actually done by VIR_FREE nowadays and not just g_free. The side effect of VIR_FREE, non-equivalence to g_free combined with the fact that g_clear_pointer is longer makes this a source of possible nasty bugs.