[libvirt] [PATCH] qemuMonitorTextGetMemoryStats: plug a leak on an error path
Coverity complained about a leak via this return -1
in qemu_monitor_text.c:
int qemuMonitorTextGetMemoryStats(qemuMonitorPtr mon,
virDomainMemoryStatPtr stats,
unsigned int nr_stats)
{
char *reply = NULL;
int ret = 0;
char *offset;
if (qemuMonitorCommand(mon, "info balloon", &reply) < 0) {
qemudReportError(NULL, NULL, NULL, VIR_ERR_OPERATION_FAILED,
"%s", _("could not query memory balloon
statistics"));
return -1;
}
That can happen because
qemuMonitorCommand calls
qemuMonitorCommandWithFd which calls
qemuMonitorCommandWithHandler, which does this:
218 ret = qemuMonitorSend(mon, &msg);
...
228 if (msg.rxBuffer) {
229 *reply = msg.rxBuffer;
230 } else {
231 *reply = strdup("");
232 if (!*reply) {
233 virReportOOMError(NULL);
234 return -1;
235 }
236 }
237
238 if (ret < 0)
239 virReportSystemError(NULL, msg.lastErrno,
240 _("cannot send monitor command
'%s'"), cmd);
241
242 return ret;
243 }
That function breaks contract by failing to free *reply when it
returns a negative value. Here's the fix:
From 3b44df075f9d4330ec27d59eddaa0a32c20d7ac1 Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyering(a)redhat.com>
Date: Wed, 20 Jan 2010 18:24:47 +0100
Subject: [PATCH] qemuMonitorTextGetMemoryStats: plug a leak on an error path
* src/qemu/qemu_monitor_text.c (qemuMonitorCommandWithHandler):
Always free *reply, upon failure.
---
src/qemu/qemu_monitor_text.c | 6 ++++--
1 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/qemu/qemu_monitor_text.c b/src/qemu/qemu_monitor_text.c
index c3848b5..d921c7e 100644
--- a/src/qemu/qemu_monitor_text.c
+++ b/src/qemu/qemu_monitor_text.c
@@ -1,7 +1,7 @@
/*
* qemu_monitor_text.c: interaction with QEMU monitor console
*
- * Copyright (C) 2006-2009 Red Hat, Inc.
+ * Copyright (C) 2006-2010 Red Hat, Inc.
* Copyright (C) 2006 Daniel P. Berrange
*
* This library is free software; you can redistribute it and/or
@@ -235,9 +235,11 @@ qemuMonitorCommandWithHandler(qemuMonitorPtr mon,
}
}
- if (ret < 0)
+ if (ret < 0) {
virReportSystemError(NULL, msg.lastErrno,
_("cannot send monitor command '%s'"),
cmd);
+ VIR_FREE(*reply);
+ }
return ret;
}
--
1.6.6.516.gb72f