If parsing "maxCpus" attribute of <machine/> element fails an error is printed but the corresponding string is not freed. While it is very unlikely to happen (parsed XML is not user provided and we are the ones generating it), it is possible. Instead of freeing the variable in the error path explicitly, let's declare it as g_autofree. And while I'm at it, let's bring it into the loop where it's used. Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com&gt; --- src/qemu/qemu_capabilities.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c index d41b4a4753..4a6ef2e383 100644 --- a/src/qemu/qemu_capabilities.c +++ b/src/qemu/qemu_capabilities.c @@ -4012,7 +4012,6 @@ virQEMUCapsLoadMachines(virQEMUCapsAccelPtr caps, { g_autofree char *xpath = g_strdup_printf("./machine[@type='%s']", typeStr); g_autofree xmlNodePtr *nodes = NULL; - char *str = NULL; size_t i; int n; @@ -4029,6 +4028,8 @@ virQEMUCapsLoadMachines(virQEMUCapsAccelPtr caps, caps->machineTypes = g_new0(virQEMUCapsMachineType, caps->nmachineTypes); for (i = 0; i < n; i++) { + g_autofree char *str = NULL; + if (!(caps->machineTypes[i].name = virXMLPropString(nodes[i], "name"))) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("missing machine name in QEMU capabilities cache")); -- 2.26.2

On Tue, Feb 09, 2021 at 04:42:38PM +0100, Michal Privoznik wrote: Doh, subtle bug Reviewed-by: Daniel P. Berrangé <berrange(a)redhat.com&gt; Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|