[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PULL 11/13] block/backup: fix memory leak in bdrv_backup_top_append()
From: |
Kevin Wolf |
Subject: |
[PULL 11/13] block/backup: fix memory leak in bdrv_backup_top_append() |
Date: |
Mon, 27 Jan 2020 18:55:57 +0100 |
From: Eiichi Tsukata <address@hidden>
bdrv_open_driver() allocates bs->opaque according to drv->instance_size.
There is no need to allocate it and overwrite opaque in
bdrv_backup_top_append().
Reproducer:
$ QTEST_QEMU_BINARY=./x86_64-softmmu/qemu-system-x86_64 valgrind -q
--leak-check=full tests/test-replication -p /replication/secondary/start
==29792== 24 bytes in 1 blocks are definitely lost in loss record 52 of 226
==29792== at 0x483AB1A: calloc (vg_replace_malloc.c:762)
==29792== by 0x4B07CE0: g_malloc0 (in /usr/lib64/libglib-2.0.so.0.6000.7)
==29792== by 0x12BAB9: bdrv_open_driver (block.c:1289)
==29792== by 0x12BEA9: bdrv_new_open_driver (block.c:1359)
==29792== by 0x1D15CB: bdrv_backup_top_append (backup-top.c:190)
==29792== by 0x1CC11A: backup_job_create (backup.c:439)
==29792== by 0x1CD542: replication_start (replication.c:544)
==29792== by 0x1401B9: replication_start_all (replication.c:52)
==29792== by 0x128B50: test_secondary_start (test-replication.c:427)
...
Fixes: 7df7868b9640 ("block: introduce backup-top filter driver")
Signed-off-by: Eiichi Tsukata <address@hidden>
Reviewed-by: Vladimir Sementsov-Ogievskiy <address@hidden>
Signed-off-by: Kevin Wolf <address@hidden>
---
block/backup-top.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/block/backup-top.c b/block/backup-top.c
index b8d863ff08..9aed2eb4c0 100644
--- a/block/backup-top.c
+++ b/block/backup-top.c
@@ -196,7 +196,7 @@ BlockDriverState *bdrv_backup_top_append(BlockDriverState
*source,
}
top->total_sectors = source->total_sectors;
- top->opaque = state = g_new0(BDRVBackupTopState, 1);
+ state = top->opaque;
bdrv_ref(target);
state->target = bdrv_attach_child(top, target, "target", &child_file,
errp);
--
2.20.1
- [PULL 00/13] Block layer patches, Kevin Wolf, 2020/01/27
- [PULL 01/13] iotests.py: Let wait_migration wait even more, Kevin Wolf, 2020/01/27
- [PULL 03/13] blockdev: fix coding style issues in drive_backup_prepare, Kevin Wolf, 2020/01/27
- [PULL 02/13] iotests: Add more "skip_if_unsupported" statements to the python tests, Kevin Wolf, 2020/01/27
- [PULL 05/13] blockdev: unify qmp_blockdev_backup and blockdev-backup transaction paths, Kevin Wolf, 2020/01/27
- [PULL 04/13] blockdev: unify qmp_drive_backup and drive-backup transaction paths, Kevin Wolf, 2020/01/27
- [PULL 11/13] block/backup: fix memory leak in bdrv_backup_top_append(),
Kevin Wolf <=
- [PULL 06/13] blockdev: honor bdrv_try_set_aio_context() context requirements, Kevin Wolf, 2020/01/27
- [PULL 09/13] blockdev: Return bs to the proper context on snapshot abort, Kevin Wolf, 2020/01/27
- [PULL 10/13] iotests: Test handling of AioContexts with some blockdev actions, Kevin Wolf, 2020/01/27
- [PULL 08/13] blockdev: Acquire AioContext on dirty bitmap functions, Kevin Wolf, 2020/01/27
- [PULL 07/13] block/backup-top: Don't acquire context while dropping top, Kevin Wolf, 2020/01/27
- [PULL 12/13] iscsi: Cap block count from GET LBA STATUS (CVE-2020-1711), Kevin Wolf, 2020/01/27
- [PULL 13/13] iscsi: Don't access non-existent scsi_lba_status_descriptor, Kevin Wolf, 2020/01/27
- Re: [PULL 00/13] Block layer patches, Peter Maydell, 2020/01/28