Message ID | 20170428075612.9997-1-kraxel@redhat.com (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
+-- On Fri, 28 Apr 2017, Gerd Hoffmann wrote --+
| AUD_add_capture() allocates two buffers which get never released.
which get never -> which are never ...
| Impact: Allows vnc clients to exhaust host memory by repeatly
repeatly -> repeatedly
| diff --git a/audio/audio.c b/audio/audio.c
| index c8898d8422..beafed209b 100644
| --- a/audio/audio.c
| +++ b/audio/audio.c
| @@ -2028,6 +2028,8 @@ void AUD_del_capture (CaptureVoiceOut *cap, void *cb_opaque)
| sw = sw1;
| }
| QLIST_REMOVE (cap, entries);
| + g_free (cap->hw.mix_buf);
| + g_free (cap->buf);
| g_free (cap);
| }
| return;
Looks okay.
Reviewed-by: Prasad J Pandit <pjp@fedoraproject.org>
Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F
Hi, This series seems to have some coding style problems. See output below for more information: Subject: [Qemu-devel] [PATCH] audio: release capture buffers Message-id: 20170428075612.9997-1-kraxel@redhat.com Type: series === TEST SCRIPT BEGIN === #!/bin/bash BASE=base n=1 total=$(git log --oneline $BASE.. | wc -l) failed=0 # Useful git options git config --local diff.renamelimit 0 git config --local diff.renames True commits="$(git log --format=%H --reverse $BASE..)" for c in $commits; do echo "Checking PATCH $n/$total: $(git log -n 1 --format=%s $c)..." if ! git show $c --format=email | ./scripts/checkpatch.pl --mailback -; then failed=1 echo fi n=$((n+1)) done exit $failed === TEST SCRIPT END === Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384 Switched to a new branch 'test' 247c40c audio: release capture buffers === OUTPUT BEGIN === Checking PATCH 1/1: audio: release capture buffers... ERROR: space prohibited between function name and open parenthesis '(' #26: FILE: audio/audio.c:2031: + g_free (cap->hw.mix_buf); ERROR: space prohibited between function name and open parenthesis '(' #27: FILE: audio/audio.c:2032: + g_free (cap->buf); total: 2 errors, 0 warnings, 8 lines checked Your patch has style problems, please review. If any of these errors are false positives report them to the maintainer, see CHECKPATCH in MAINTAINERS. === OUTPUT END === Test command exited with code: 1 --- Email generated automatically by Patchew [http://patchew.org/]. Please send your feedback to patchew-devel@freelists.org
diff --git a/audio/audio.c b/audio/audio.c index c8898d8422..beafed209b 100644 --- a/audio/audio.c +++ b/audio/audio.c @@ -2028,6 +2028,8 @@ void AUD_del_capture (CaptureVoiceOut *cap, void *cb_opaque) sw = sw1; } QLIST_REMOVE (cap, entries); + g_free (cap->hw.mix_buf); + g_free (cap->buf); g_free (cap); } return;
AUD_add_capture() allocates two buffers which get never released. Add the missing calls to AUD_del_capture(). Impact: Allows vnc clients to exhaust host memory by repeatly starting and stopping audio capture. Cc: P J P <ppandit@redhat.com> Cc: Huawei PSIRT <PSIRT@huawei.com> Reported-by: "Jiangxin (hunter, SCC)" <jiangxin1@huawei.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> --- audio/audio.c | 2 ++ 1 file changed, 2 insertions(+)