| Message ID | 20200309092212.3249-1-pannengyuan@huawei.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | qom-qmp-cmds: fix two memleaks in qmp_object_add | expand |
On Mon, 9 Mar 2020 17:22:12 +0800 Pan Nengyuan <pannengyuan@huawei.com> wrote: > 'type/id' forgot to free in qmp_object_add, this patch fix that. > > The leak stack: > Direct leak of 84 byte(s) in 6 object(s) allocated from: > #0 0x7fe2a5ebf768 in __interceptor_malloc (/lib64/libasan.so.5+0xef768) > #1 0x7fe2a5044445 in g_malloc (/lib64/libglib-2.0.so.0+0x52445) > #2 0x7fe2a505dd92 in g_strdup (/lib64/libglib-2.0.so.0+0x6bd92) > #3 0x56344954e692 in qmp_object_add /mnt/sdb/qemu-new/qemu_test/qemu/qom/qom-qmp-cmds.c:258 > #4 0x563449960f5a in do_qmp_dispatch /mnt/sdb/qemu-new/qemu_test/qemu/qapi/qmp-dispatch.c:132 > #5 0x563449960f5a in qmp_dispatch /mnt/sdb/qemu-new/qemu_test/qemu/qapi/qmp-dispatch.c:175 > #6 0x563449498a30 in monitor_qmp_dispatch /mnt/sdb/qemu-new/qemu_test/qemu/monitor/qmp.c:145 > #7 0x56344949a64f in monitor_qmp_bh_dispatcher /mnt/sdb/qemu-new/qemu_test/qemu/monitor/qmp.c:234 > #8 0x563449a92a3a in aio_bh_call /mnt/sdb/qemu-new/qemu_test/qemu/util/async.c:136 > > Direct leak of 54 byte(s) in 6 object(s) allocated from: > #0 0x7fe2a5ebf768 in __interceptor_malloc (/lib64/libasan.so.5+0xef768) > #1 0x7fe2a5044445 in g_malloc (/lib64/libglib-2.0.so.0+0x52445) > #2 0x7fe2a505dd92 in g_strdup (/lib64/libglib-2.0.so.0+0x6bd92) > #3 0x56344954e6c4 in qmp_object_add /mnt/sdb/qemu-new/qemu_test/qemu/qom/qom-qmp-cmds.c:267 > #4 0x563449960f5a in do_qmp_dispatch /mnt/sdb/qemu-new/qemu_test/qemu/qapi/qmp-dispatch.c:132 > #5 0x563449960f5a in qmp_dispatch /mnt/sdb/qemu-new/qemu_test/qemu/qapi/qmp-dispatch.c:175 > #6 0x563449498a30 in monitor_qmp_dispatch /mnt/sdb/qemu-new/qemu_test/qemu/monitor/qmp.c:145 > #7 0x56344949a64f in monitor_qmp_bh_dispatcher /mnt/sdb/qemu-new/qemu_test/qemu/monitor/qmp.c:234 > #8 0x563449a92a3a in aio_bh_call /mnt/sdb/qemu-new/qemu_test/qemu/util/async.c:136 > > Fixes: 5f07c4d60d091320186e7b0edaf9ed2cc16b2d1e > Reported-by: Euler Robot <euler.robot@huawei.com> > Signed-off-by: Pan Nengyuan <pannengyuan@huawei.com> > --- > qom/qom-qmp-cmds.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/qom/qom-qmp-cmds.c b/qom/qom-qmp-cmds.c > index 49db926fcc..ac59ba1aa8 100644 > --- a/qom/qom-qmp-cmds.c > +++ b/qom/qom-qmp-cmds.c > @@ -247,8 +247,8 @@ void qmp_object_add(QDict *qdict, QObject **ret_data, Error **errp) > QDict *pdict; > Visitor *v; > Object *obj; > - const char *type; > - const char *id; > + g_autofree const char *type = NULL; > + g_autofree const char *id = NULL; not sure that's it's correct qdict_get_try_str() returns the reference to a string within the QDict, so caller who provided qdict should take care of freeing it. > > type = qdict_get_try_str(qdict, "qom-type"); > if (!type) {
Cc'ing Kevin in the hope of a review. Pan Nengyuan <pannengyuan@huawei.com> writes: > 'type/id' forgot to free in qmp_object_add, this patch fix that. > > The leak stack: > Direct leak of 84 byte(s) in 6 object(s) allocated from: > #0 0x7fe2a5ebf768 in __interceptor_malloc (/lib64/libasan.so.5+0xef768) > #1 0x7fe2a5044445 in g_malloc (/lib64/libglib-2.0.so.0+0x52445) > #2 0x7fe2a505dd92 in g_strdup (/lib64/libglib-2.0.so.0+0x6bd92) > #3 0x56344954e692 in qmp_object_add /mnt/sdb/qemu-new/qemu_test/qemu/qom/qom-qmp-cmds.c:258 > #4 0x563449960f5a in do_qmp_dispatch /mnt/sdb/qemu-new/qemu_test/qemu/qapi/qmp-dispatch.c:132 > #5 0x563449960f5a in qmp_dispatch /mnt/sdb/qemu-new/qemu_test/qemu/qapi/qmp-dispatch.c:175 > #6 0x563449498a30 in monitor_qmp_dispatch /mnt/sdb/qemu-new/qemu_test/qemu/monitor/qmp.c:145 > #7 0x56344949a64f in monitor_qmp_bh_dispatcher /mnt/sdb/qemu-new/qemu_test/qemu/monitor/qmp.c:234 > #8 0x563449a92a3a in aio_bh_call /mnt/sdb/qemu-new/qemu_test/qemu/util/async.c:136 > > Direct leak of 54 byte(s) in 6 object(s) allocated from: > #0 0x7fe2a5ebf768 in __interceptor_malloc (/lib64/libasan.so.5+0xef768) > #1 0x7fe2a5044445 in g_malloc (/lib64/libglib-2.0.so.0+0x52445) > #2 0x7fe2a505dd92 in g_strdup (/lib64/libglib-2.0.so.0+0x6bd92) > #3 0x56344954e6c4 in qmp_object_add /mnt/sdb/qemu-new/qemu_test/qemu/qom/qom-qmp-cmds.c:267 > #4 0x563449960f5a in do_qmp_dispatch /mnt/sdb/qemu-new/qemu_test/qemu/qapi/qmp-dispatch.c:132 > #5 0x563449960f5a in qmp_dispatch /mnt/sdb/qemu-new/qemu_test/qemu/qapi/qmp-dispatch.c:175 > #6 0x563449498a30 in monitor_qmp_dispatch /mnt/sdb/qemu-new/qemu_test/qemu/monitor/qmp.c:145 > #7 0x56344949a64f in monitor_qmp_bh_dispatcher /mnt/sdb/qemu-new/qemu_test/qemu/monitor/qmp.c:234 > #8 0x563449a92a3a in aio_bh_call /mnt/sdb/qemu-new/qemu_test/qemu/util/async.c:136 > > Fixes: 5f07c4d60d091320186e7b0edaf9ed2cc16b2d1e > Reported-by: Euler Robot <euler.robot@huawei.com> > Signed-off-by: Pan Nengyuan <pannengyuan@huawei.com> > --- > qom/qom-qmp-cmds.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/qom/qom-qmp-cmds.c b/qom/qom-qmp-cmds.c > index 49db926fcc..ac59ba1aa8 100644 > --- a/qom/qom-qmp-cmds.c > +++ b/qom/qom-qmp-cmds.c > @@ -247,8 +247,8 @@ void qmp_object_add(QDict *qdict, QObject **ret_data, Error **errp) > QDict *pdict; > Visitor *v; > Object *obj; > - const char *type; > - const char *id; > + g_autofree const char *type = NULL; > + g_autofree const char *id = NULL; > > type = qdict_get_try_str(qdict, "qom-type"); > if (!type) {
On Mon, Mar 09, 2020 at 10:51:45AM +0100, Igor Mammedov wrote: > On Mon, 9 Mar 2020 17:22:12 +0800 > Pan Nengyuan <pannengyuan@huawei.com> wrote: > > > 'type/id' forgot to free in qmp_object_add, this patch fix that. > > > > The leak stack: > > Direct leak of 84 byte(s) in 6 object(s) allocated from: > > #0 0x7fe2a5ebf768 in __interceptor_malloc (/lib64/libasan.so.5+0xef768) > > #1 0x7fe2a5044445 in g_malloc (/lib64/libglib-2.0.so.0+0x52445) > > #2 0x7fe2a505dd92 in g_strdup (/lib64/libglib-2.0.so.0+0x6bd92) > > #3 0x56344954e692 in qmp_object_add /mnt/sdb/qemu-new/qemu_test/qemu/qom/qom-qmp-cmds.c:258 > > #4 0x563449960f5a in do_qmp_dispatch /mnt/sdb/qemu-new/qemu_test/qemu/qapi/qmp-dispatch.c:132 > > #5 0x563449960f5a in qmp_dispatch /mnt/sdb/qemu-new/qemu_test/qemu/qapi/qmp-dispatch.c:175 > > #6 0x563449498a30 in monitor_qmp_dispatch /mnt/sdb/qemu-new/qemu_test/qemu/monitor/qmp.c:145 > > #7 0x56344949a64f in monitor_qmp_bh_dispatcher /mnt/sdb/qemu-new/qemu_test/qemu/monitor/qmp.c:234 > > #8 0x563449a92a3a in aio_bh_call /mnt/sdb/qemu-new/qemu_test/qemu/util/async.c:136 > > > > Direct leak of 54 byte(s) in 6 object(s) allocated from: > > #0 0x7fe2a5ebf768 in __interceptor_malloc (/lib64/libasan.so.5+0xef768) > > #1 0x7fe2a5044445 in g_malloc (/lib64/libglib-2.0.so.0+0x52445) > > #2 0x7fe2a505dd92 in g_strdup (/lib64/libglib-2.0.so.0+0x6bd92) > > #3 0x56344954e6c4 in qmp_object_add /mnt/sdb/qemu-new/qemu_test/qemu/qom/qom-qmp-cmds.c:267 > > #4 0x563449960f5a in do_qmp_dispatch /mnt/sdb/qemu-new/qemu_test/qemu/qapi/qmp-dispatch.c:132 > > #5 0x563449960f5a in qmp_dispatch /mnt/sdb/qemu-new/qemu_test/qemu/qapi/qmp-dispatch.c:175 > > #6 0x563449498a30 in monitor_qmp_dispatch /mnt/sdb/qemu-new/qemu_test/qemu/monitor/qmp.c:145 > > #7 0x56344949a64f in monitor_qmp_bh_dispatcher /mnt/sdb/qemu-new/qemu_test/qemu/monitor/qmp.c:234 > > #8 0x563449a92a3a in aio_bh_call /mnt/sdb/qemu-new/qemu_test/qemu/util/async.c:136 > > > > Fixes: 5f07c4d60d091320186e7b0edaf9ed2cc16b2d1e > > Reported-by: Euler Robot <euler.robot@huawei.com> > > Signed-off-by: Pan Nengyuan <pannengyuan@huawei.com> > > --- > > qom/qom-qmp-cmds.c | 4 ++-- > > 1 file changed, 2 insertions(+), 2 deletions(-) > > > > diff --git a/qom/qom-qmp-cmds.c b/qom/qom-qmp-cmds.c > > index 49db926fcc..ac59ba1aa8 100644 > > --- a/qom/qom-qmp-cmds.c > > +++ b/qom/qom-qmp-cmds.c > > @@ -247,8 +247,8 @@ void qmp_object_add(QDict *qdict, QObject **ret_data, Error **errp) > > QDict *pdict; > > Visitor *v; > > Object *obj; > > - const char *type; > > - const char *id; > > + g_autofree const char *type = NULL; > > + g_autofree const char *id = NULL; > > not sure that's it's correct > > qdict_get_try_str() returns the reference to a string within > the QDict, so caller who provided qdict should take care of > freeing it. This is correct, but two lines later we have "type = g_strdup(type)". IOW, the code is storing both a const and non-const string in the same variable which is gross. So there's definitely a leak, but this is also not the right way to fix it. To fix it, notice that g_strdup says "Duplicates a string. If str is NULL it returns NULL. The returned string should be freed with g_free() when no longer needed." IOW, instead of const char *type; type = qdict_get_try_str(qdict, "qom-type"); if (!type) { error_setg(errp, QERR_MISSING_PARAMETER, "qom-type"); return; } else { type = g_strdup(type); qdict_del(qdict, "qom-type"); } we want g_autofree char *type = NULL; type = g_strdup(qdict_get_try_str(qdict, "qom-type")); if (!type) { error_setg(errp, QERR_MISSING_PARAMETER, "qom-type"); return; } qdict_del(qdict, "qom-type"); > > type = qdict_get_try_str(qdict, "qom-type"); > > if (!type) { Regards, Daniel
On 3/9/2020 5:51 PM, Igor Mammedov wrote: > On Mon, 9 Mar 2020 17:22:12 +0800 > Pan Nengyuan <pannengyuan@huawei.com> wrote: > >> 'type/id' forgot to free in qmp_object_add, this patch fix that. >> >> The leak stack: >> Direct leak of 84 byte(s) in 6 object(s) allocated from: >> #0 0x7fe2a5ebf768 in __interceptor_malloc (/lib64/libasan.so.5+0xef768) >> #1 0x7fe2a5044445 in g_malloc (/lib64/libglib-2.0.so.0+0x52445) >> #2 0x7fe2a505dd92 in g_strdup (/lib64/libglib-2.0.so.0+0x6bd92) >> #3 0x56344954e692 in qmp_object_add /mnt/sdb/qemu-new/qemu_test/qemu/qom/qom-qmp-cmds.c:258 >> #4 0x563449960f5a in do_qmp_dispatch /mnt/sdb/qemu-new/qemu_test/qemu/qapi/qmp-dispatch.c:132 >> #5 0x563449960f5a in qmp_dispatch /mnt/sdb/qemu-new/qemu_test/qemu/qapi/qmp-dispatch.c:175 >> #6 0x563449498a30 in monitor_qmp_dispatch /mnt/sdb/qemu-new/qemu_test/qemu/monitor/qmp.c:145 >> #7 0x56344949a64f in monitor_qmp_bh_dispatcher /mnt/sdb/qemu-new/qemu_test/qemu/monitor/qmp.c:234 >> #8 0x563449a92a3a in aio_bh_call /mnt/sdb/qemu-new/qemu_test/qemu/util/async.c:136 >> >> Direct leak of 54 byte(s) in 6 object(s) allocated from: >> #0 0x7fe2a5ebf768 in __interceptor_malloc (/lib64/libasan.so.5+0xef768) >> #1 0x7fe2a5044445 in g_malloc (/lib64/libglib-2.0.so.0+0x52445) >> #2 0x7fe2a505dd92 in g_strdup (/lib64/libglib-2.0.so.0+0x6bd92) >> #3 0x56344954e6c4 in qmp_object_add /mnt/sdb/qemu-new/qemu_test/qemu/qom/qom-qmp-cmds.c:267 >> #4 0x563449960f5a in do_qmp_dispatch /mnt/sdb/qemu-new/qemu_test/qemu/qapi/qmp-dispatch.c:132 >> #5 0x563449960f5a in qmp_dispatch /mnt/sdb/qemu-new/qemu_test/qemu/qapi/qmp-dispatch.c:175 >> #6 0x563449498a30 in monitor_qmp_dispatch /mnt/sdb/qemu-new/qemu_test/qemu/monitor/qmp.c:145 >> #7 0x56344949a64f in monitor_qmp_bh_dispatcher /mnt/sdb/qemu-new/qemu_test/qemu/monitor/qmp.c:234 >> #8 0x563449a92a3a in aio_bh_call /mnt/sdb/qemu-new/qemu_test/qemu/util/async.c:136 >> >> Fixes: 5f07c4d60d091320186e7b0edaf9ed2cc16b2d1e >> Reported-by: Euler Robot <euler.robot@huawei.com> >> Signed-off-by: Pan Nengyuan <pannengyuan@huawei.com> >> --- >> qom/qom-qmp-cmds.c | 4 ++-- >> 1 file changed, 2 insertions(+), 2 deletions(-) >> >> diff --git a/qom/qom-qmp-cmds.c b/qom/qom-qmp-cmds.c >> index 49db926fcc..ac59ba1aa8 100644 >> --- a/qom/qom-qmp-cmds.c >> +++ b/qom/qom-qmp-cmds.c >> @@ -247,8 +247,8 @@ void qmp_object_add(QDict *qdict, QObject **ret_data, Error **errp) >> QDict *pdict; >> Visitor *v; >> Object *obj; >> - const char *type; >> - const char *id; >> + g_autofree const char *type = NULL; >> + g_autofree const char *id = NULL; > > not sure that's it's correct > > qdict_get_try_str() returns the reference to a string within > the QDict, so caller who provided qdict should take care of > freeing it. > >> >> type = qdict_get_try_str(qdict, "qom-type"); >> if (!type) { > type = qdict_get_try_str(qdict, "qom-type"); if (!type) { error_setg(errp, QERR_MISSING_PARAMETER, "qom-type"); return; } else { type = g_strdup(type); qdict_del(qdict, "qom-type"); } If type is not NULL, it will go to the else branch, type re-assign immediately. And it's aslo in the scope, so the string within the QDict will not be freed. > . >
On 3/9/2020 6:15 PM, Daniel P. Berrangé wrote: > On Mon, Mar 09, 2020 at 10:51:45AM +0100, Igor Mammedov wrote: >> On Mon, 9 Mar 2020 17:22:12 +0800 >> Pan Nengyuan <pannengyuan@huawei.com> wrote: >> >>> 'type/id' forgot to free in qmp_object_add, this patch fix that. >>> >>> The leak stack: >>> Direct leak of 84 byte(s) in 6 object(s) allocated from: >>> #0 0x7fe2a5ebf768 in __interceptor_malloc (/lib64/libasan.so.5+0xef768) >>> #1 0x7fe2a5044445 in g_malloc (/lib64/libglib-2.0.so.0+0x52445) >>> #2 0x7fe2a505dd92 in g_strdup (/lib64/libglib-2.0.so.0+0x6bd92) >>> #3 0x56344954e692 in qmp_object_add /mnt/sdb/qemu-new/qemu_test/qemu/qom/qom-qmp-cmds.c:258 >>> #4 0x563449960f5a in do_qmp_dispatch /mnt/sdb/qemu-new/qemu_test/qemu/qapi/qmp-dispatch.c:132 >>> #5 0x563449960f5a in qmp_dispatch /mnt/sdb/qemu-new/qemu_test/qemu/qapi/qmp-dispatch.c:175 >>> #6 0x563449498a30 in monitor_qmp_dispatch /mnt/sdb/qemu-new/qemu_test/qemu/monitor/qmp.c:145 >>> #7 0x56344949a64f in monitor_qmp_bh_dispatcher /mnt/sdb/qemu-new/qemu_test/qemu/monitor/qmp.c:234 >>> #8 0x563449a92a3a in aio_bh_call /mnt/sdb/qemu-new/qemu_test/qemu/util/async.c:136 >>> >>> Direct leak of 54 byte(s) in 6 object(s) allocated from: >>> #0 0x7fe2a5ebf768 in __interceptor_malloc (/lib64/libasan.so.5+0xef768) >>> #1 0x7fe2a5044445 in g_malloc (/lib64/libglib-2.0.so.0+0x52445) >>> #2 0x7fe2a505dd92 in g_strdup (/lib64/libglib-2.0.so.0+0x6bd92) >>> #3 0x56344954e6c4 in qmp_object_add /mnt/sdb/qemu-new/qemu_test/qemu/qom/qom-qmp-cmds.c:267 >>> #4 0x563449960f5a in do_qmp_dispatch /mnt/sdb/qemu-new/qemu_test/qemu/qapi/qmp-dispatch.c:132 >>> #5 0x563449960f5a in qmp_dispatch /mnt/sdb/qemu-new/qemu_test/qemu/qapi/qmp-dispatch.c:175 >>> #6 0x563449498a30 in monitor_qmp_dispatch /mnt/sdb/qemu-new/qemu_test/qemu/monitor/qmp.c:145 >>> #7 0x56344949a64f in monitor_qmp_bh_dispatcher /mnt/sdb/qemu-new/qemu_test/qemu/monitor/qmp.c:234 >>> #8 0x563449a92a3a in aio_bh_call /mnt/sdb/qemu-new/qemu_test/qemu/util/async.c:136 >>> >>> Fixes: 5f07c4d60d091320186e7b0edaf9ed2cc16b2d1e >>> Reported-by: Euler Robot <euler.robot@huawei.com> >>> Signed-off-by: Pan Nengyuan <pannengyuan@huawei.com> >>> --- >>> qom/qom-qmp-cmds.c | 4 ++-- >>> 1 file changed, 2 insertions(+), 2 deletions(-) >>> >>> diff --git a/qom/qom-qmp-cmds.c b/qom/qom-qmp-cmds.c >>> index 49db926fcc..ac59ba1aa8 100644 >>> --- a/qom/qom-qmp-cmds.c >>> +++ b/qom/qom-qmp-cmds.c >>> @@ -247,8 +247,8 @@ void qmp_object_add(QDict *qdict, QObject **ret_data, Error **errp) >>> QDict *pdict; >>> Visitor *v; >>> Object *obj; >>> - const char *type; >>> - const char *id; >>> + g_autofree const char *type = NULL; >>> + g_autofree const char *id = NULL; >> >> not sure that's it's correct >> >> qdict_get_try_str() returns the reference to a string within >> the QDict, so caller who provided qdict should take care of >> freeing it. > > This is correct, but two lines later we have "type = g_strdup(type)". > > IOW, the code is storing both a const and non-const string in the > same variable which is gross. > > So there's definitely a leak, but this is also not the right way > to fix it. > > To fix it, notice that g_strdup says > > "Duplicates a string. If str is NULL it returns NULL. The > returned string should be freed with g_free() when no longer > needed." > > IOW, instead of > > const char *type; > > type = qdict_get_try_str(qdict, "qom-type"); > if (!type) { > error_setg(errp, QERR_MISSING_PARAMETER, "qom-type"); > return; > } else { > type = g_strdup(type); > qdict_del(qdict, "qom-type"); > } > > we want > > g_autofree char *type = NULL; > > type = g_strdup(qdict_get_try_str(qdict, "qom-type")); > if (!type) { > error_setg(errp, QERR_MISSING_PARAMETER, "qom-type"); > return; > } > > qdict_del(qdict, "qom-type"); Good points. Looks very clear. Thanks. > >>> type = qdict_get_try_str(qdict, "qom-type"); >>> if (!type) { > > > > > Regards, > Daniel >
diff --git a/qom/qom-qmp-cmds.c b/qom/qom-qmp-cmds.c index 49db926fcc..ac59ba1aa8 100644 --- a/qom/qom-qmp-cmds.c +++ b/qom/qom-qmp-cmds.c @@ -247,8 +247,8 @@ void qmp_object_add(QDict *qdict, QObject **ret_data, Error **errp) QDict *pdict; Visitor *v; Object *obj; - const char *type; - const char *id; + g_autofree const char *type = NULL; + g_autofree const char *id = NULL; type = qdict_get_try_str(qdict, "qom-type"); if (!type) {
'type/id' forgot to free in qmp_object_add, this patch fix that. The leak stack: Direct leak of 84 byte(s) in 6 object(s) allocated from: #0 0x7fe2a5ebf768 in __interceptor_malloc (/lib64/libasan.so.5+0xef768) #1 0x7fe2a5044445 in g_malloc (/lib64/libglib-2.0.so.0+0x52445) #2 0x7fe2a505dd92 in g_strdup (/lib64/libglib-2.0.so.0+0x6bd92) #3 0x56344954e692 in qmp_object_add /mnt/sdb/qemu-new/qemu_test/qemu/qom/qom-qmp-cmds.c:258 #4 0x563449960f5a in do_qmp_dispatch /mnt/sdb/qemu-new/qemu_test/qemu/qapi/qmp-dispatch.c:132 #5 0x563449960f5a in qmp_dispatch /mnt/sdb/qemu-new/qemu_test/qemu/qapi/qmp-dispatch.c:175 #6 0x563449498a30 in monitor_qmp_dispatch /mnt/sdb/qemu-new/qemu_test/qemu/monitor/qmp.c:145 #7 0x56344949a64f in monitor_qmp_bh_dispatcher /mnt/sdb/qemu-new/qemu_test/qemu/monitor/qmp.c:234 #8 0x563449a92a3a in aio_bh_call /mnt/sdb/qemu-new/qemu_test/qemu/util/async.c:136 Direct leak of 54 byte(s) in 6 object(s) allocated from: #0 0x7fe2a5ebf768 in __interceptor_malloc (/lib64/libasan.so.5+0xef768) #1 0x7fe2a5044445 in g_malloc (/lib64/libglib-2.0.so.0+0x52445) #2 0x7fe2a505dd92 in g_strdup (/lib64/libglib-2.0.so.0+0x6bd92) #3 0x56344954e6c4 in qmp_object_add /mnt/sdb/qemu-new/qemu_test/qemu/qom/qom-qmp-cmds.c:267 #4 0x563449960f5a in do_qmp_dispatch /mnt/sdb/qemu-new/qemu_test/qemu/qapi/qmp-dispatch.c:132 #5 0x563449960f5a in qmp_dispatch /mnt/sdb/qemu-new/qemu_test/qemu/qapi/qmp-dispatch.c:175 #6 0x563449498a30 in monitor_qmp_dispatch /mnt/sdb/qemu-new/qemu_test/qemu/monitor/qmp.c:145 #7 0x56344949a64f in monitor_qmp_bh_dispatcher /mnt/sdb/qemu-new/qemu_test/qemu/monitor/qmp.c:234 #8 0x563449a92a3a in aio_bh_call /mnt/sdb/qemu-new/qemu_test/qemu/util/async.c:136 Fixes: 5f07c4d60d091320186e7b0edaf9ed2cc16b2d1e Reported-by: Euler Robot <euler.robot@huawei.com> Signed-off-by: Pan Nengyuan <pannengyuan@huawei.com> --- qom/qom-qmp-cmds.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)