[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH 27/56] qapi: qapi-commands: fix possible leaks on vi
|
From: |
Michael Roth |
|
Subject: |
[Qemu-devel] [PATCH 27/56] qapi: qapi-commands: fix possible leaks on visitor dealloc |
|
Date: |
Tue, 13 Aug 2013 10:10:51 -0500 |
From: Luiz Capitulino <address@hidden>
In qmp-marshal.c the dealloc visitor calls use the same errp
pointer of the input visitor calls. This means that if any of
the input visitor calls fails, then the dealloc visitor will
return early, before freeing the object's memory.
Here's an example, consider this code:
int qmp_marshal_input_block_passwd(Monitor *mon, const QDict *qdict, QObject
**ret)
{
[...]
char * device = NULL;
char * password = NULL;
mi = qmp_input_visitor_new_strict(QOBJECT(args));
v = qmp_input_get_visitor(mi);
visit_type_str(v, &device, "device", errp);
visit_type_str(v, &password, "password", errp);
qmp_input_visitor_cleanup(mi);
if (error_is_set(errp)) {
goto out;
}
qmp_block_passwd(device, password, errp);
out:
md = qapi_dealloc_visitor_new();
v = qapi_dealloc_get_visitor(md);
visit_type_str(v, &device, "device", errp);
visit_type_str(v, &password, "password", errp);
qapi_dealloc_visitor_cleanup(md);
[...]
return 0;
}
Consider errp != NULL when the out label is reached, we're going
to leak device and password.
This patch fixes this by always passing errp=NULL for dealloc
visitors, meaning that we always try to free them regardless of
any previous failure. The above example would then be:
out:
md = qapi_dealloc_visitor_new();
v = qapi_dealloc_get_visitor(md);
visit_type_str(v, &device, "device", NULL);
visit_type_str(v, &password, "password", NULL);
qapi_dealloc_visitor_cleanup(md);
Signed-off-by: Luiz Capitulino <address@hidden>
Reviewed-by: Laszlo Ersek <address@hidden>
Reviewed-by: Michael Roth <address@hidden>
(cherry picked from commit 8f91ad8a1b4702966d91ea58cd90bbde1faea1b3)
Signed-off-by: Michael Roth <address@hidden>
---
scripts/qapi-commands.py | 17 ++++++++++-------
1 file changed, 10 insertions(+), 7 deletions(-)
diff --git a/scripts/qapi-commands.py b/scripts/qapi-commands.py
index e06332b..b12b696 100644
--- a/scripts/qapi-commands.py
+++ b/scripts/qapi-commands.py
@@ -128,12 +128,15 @@ bool has_%(argname)s = false;
def gen_visitor_input_block(args, obj, dealloc=False):
ret = ""
+ errparg = 'errp'
+
if len(args) == 0:
return ret
push_indent()
if dealloc:
+ errparg = 'NULL'
ret += mcgen('''
md = qapi_dealloc_visitor_new();
v = qapi_dealloc_get_visitor(md);
@@ -148,22 +151,22 @@ v = qmp_input_get_visitor(mi);
for argname, argtype, optional, structured in parse_args(args):
if optional:
ret += mcgen('''
-visit_start_optional(v, &has_%(c_name)s, "%(name)s", errp);
+visit_start_optional(v, &has_%(c_name)s, "%(name)s", %(errp)s);
if (has_%(c_name)s) {
''',
- c_name=c_var(argname), name=argname)
+ c_name=c_var(argname), name=argname, errp=errparg)
push_indent()
ret += mcgen('''
-%(visitor)s(v, &%(c_name)s, "%(name)s", errp);
+%(visitor)s(v, &%(c_name)s, "%(name)s", %(errp)s);
''',
c_name=c_var(argname), name=argname, argtype=argtype,
- visitor=type_visitor(argtype))
+ visitor=type_visitor(argtype), errp=errparg)
if optional:
pop_indent()
ret += mcgen('''
}
-visit_end_optional(v, errp);
-''')
+visit_end_optional(v, %(errp)s);
+''', errp=errparg)
if dealloc:
ret += mcgen('''
@@ -194,7 +197,7 @@ static void qmp_marshal_output_%(c_name)s(%(c_ret_type)s
ret_in, QObject **ret_o
}
qmp_output_visitor_cleanup(mo);
v = qapi_dealloc_get_visitor(md);
- %(visitor)s(v, &ret_in, "unused", errp);
+ %(visitor)s(v, &ret_in, "unused", NULL);
qapi_dealloc_visitor_cleanup(md);
}
''',
--
1.7.9.5
- [Qemu-devel] [PATCH 19/56] target-lm32: gen_intermediate_code_internal() should be inlined, (continued)
- [Qemu-devel] [PATCH 19/56] target-lm32: gen_intermediate_code_internal() should be inlined, Michael Roth, 2013/08/13
- [Qemu-devel] [PATCH 20/56] target-microblaze: gen_intermediate_code_internal() should be inlined, Michael Roth, 2013/08/13
- [Qemu-devel] [PATCH 18/56] target-cris: gen_intermediate_code_internal() should be inlined, Michael Roth, 2013/08/13
- [Qemu-devel] [PATCH 21/56] target-moxie: gen_intermediate_code_internal() should be inlined, Michael Roth, 2013/08/13
- [Qemu-devel] [PATCH 22/56] target-xtensa: gen_intermediate_code_internal() should be inlined, Michael Roth, 2013/08/13
- [Qemu-devel] [PATCH 23/56] block: fix bdrv_flush() ordering in bdrv_close(), Michael Roth, 2013/08/13
- [Qemu-devel] [PATCH 24/56] target-openrisc: Fix typename in openrisc_cpu_class_by_name(), Michael Roth, 2013/08/13
- [Qemu-devel] [PATCH 25/56] qom: Fix class cast of NULL classes, Michael Roth, 2013/08/13
- [Qemu-devel] [PATCH 29/56] iscsi: fix -ENOSPC in iscsi_create(), Michael Roth, 2013/08/13
- [Qemu-devel] [PATCH 26/56] seccomp: add the asynchronous I/O syscalls to the whitelist, Michael Roth, 2013/08/13
- [Qemu-devel] [PATCH 27/56] qapi: qapi-commands: fix possible leaks on visitor dealloc,
Michael Roth <=
- [Qemu-devel] [PATCH 30/56] iscsi: remove support for misaligned nb_sectors in aio_readv, Michael Roth, 2013/08/13
- [Qemu-devel] [PATCH 28/56] ahci: Fix FLUSH command, Michael Roth, 2013/08/13
- [Qemu-devel] [PATCH 31/56] iscsi: assert that sectors are aligned to LUN blocksize, Michael Roth, 2013/08/13
- [Qemu-devel] [PATCH 35/56] megasas: Legacy command line handling fix, Michael Roth, 2013/08/13
- [Qemu-devel] [PATCH 39/56] xhci: handle USB_RET_IOERROR, Michael Roth, 2013/08/13
- [Qemu-devel] [PATCH 34/56] cpus: Let vm_stop[_force_state]() always flush block devices, Michael Roth, 2013/08/13
- [Qemu-devel] [PATCH 42/56] virtio-console: Use exitfn for virtserialport, too, Michael Roth, 2013/08/13
- [Qemu-devel] [PATCH 40/56] qemu-char: Register ring buffer driver with correct name "ringbuf", Michael Roth, 2013/08/13
- [Qemu-devel] [PATCH 41/56] qapi: Rename ChardevBackend member "memory" to "ringbuf", Michael Roth, 2013/08/13
- [Qemu-devel] [PATCH 43/56] pci-bridge: update mappings for migration/restore, Michael Roth, 2013/08/13