qemuMonitorGetIOThreads returns a NULL terminated list even when 0 iothreads are present. The caller didn't perform cleanup if there were 0 iothreads leaking the array. https://bugzilla.redhat.com/show_bug.cgi?id=1804548 Reported-by: Jing Yan <jiyan(a)redhat.com&gt; Signed-off-by: Peter Krempa <pkrempa(a)redhat.com&gt; --- src/qemu/qemu_driver.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index f686b858cf..39e1f044e0 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -21759,8 +21759,12 @@ qemuDomainGetStatsIOThread(virQEMUDriverPtr driver, if ((niothreads = qemuDomainGetIOThreadsMon(driver, dom, &iothreads)) < 0) return -1; - if (niothreads == 0) - return 0; + /* qemuDomainGetIOThreadsMon returns a NULL-terminated list, so we must free + * it even if it returns 0 */ + if (niothreads == 0) { + ret = 0; + goto cleanup; + } if (virTypedParamListAddUInt(params, niothreads, "iothread.count") < 0) goto cleanup; -- 2.24.1