On Mon, Apr 14, 2025 at 15:02:35 +0300, Alexander Kuznetsov wrote:
If virNWFilterDefToInst returns -1, it has already called virNWFilterInstReset. Remove the additional call to prevent a double g_free
Found by Linux Verification Center (linuxtesting.org) with Svace.
Reported-by: Dmitry Fedin <d.fedin@fobos-nt.ru> Signed-off-by: Alexander Kuznetsov <kuznetsovam@altlinux.org> --- src/nwfilter/nwfilter_gentech_driver.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/src/nwfilter/nwfilter_gentech_driver.c b/src/nwfilter/nwfilter_gentech_driver.c index 41f270bb7c..f7a909bdc0 100644 --- a/src/nwfilter/nwfilter_gentech_driver.c +++ b/src/nwfilter/nwfilter_gentech_driver.c @@ -293,10 +293,8 @@ virNWFilterIncludeDefToRuleInst(virNWFilterDriverState *driver, tmpvars, useNewFilter, foundNewFilter, - inst) < 0) { - virNWFilterInstReset(inst); + inst) < 0) return -1;
While this fixes this case originally virNWFilterInstReset could be called multiple times. This was broken by commit bb4e0596d91, which replaced VIR_FREE (which clears pointers) to g_free which doesn't in code paths which do not free the cleared object. virNWFilterInstReset needs to use g_clear_pointer(..., g_free) instead.