diff mbox series

migration/rdma: fix a memleak on error path in rdma_start_incoming_migration

Message ID 20200420102727.17339-1-pannengyuan@huawei.com (mailing list archive)
State New, archived
Headers show
Series migration/rdma: fix a memleak on error path in rdma_start_incoming_migration | expand

Commit Message

Pan Nengyuan April 20, 2020, 10:27 a.m. UTC 
'rdma->host' is malloced in qemu_rdma_data_init, but forgot to free on the error
path in rdma_start_incoming_migration(), this patch fix that.

The leak stack:
Direct leak of 2 byte(s) in 1 object(s) allocated from:
    #0 0x7fb7add18ae8 in __interceptor_malloc (/lib64/libasan.so.5+0xefae8)
    #1 0x7fb7ad0df1d5 in g_malloc (/lib64/libglib-2.0.so.0+0x531d5)
    #2 0x7fb7ad0f8b32 in g_strdup (/lib64/libglib-2.0.so.0+0x6cb32)
    #3 0x55a0464a0f6f in qemu_rdma_data_init /mnt/sdb/qemu/migration/rdma.c:2647
    #4 0x55a0464b0e76 in rdma_start_incoming_migration /mnt/sdb/qemu/migration/rdma.c:4020
    #5 0x55a0463f898a in qemu_start_incoming_migration /mnt/sdb/qemu/migration/migration.c:365
    #6 0x55a0458c75d3 in qemu_init /mnt/sdb/qemu/softmmu/vl.c:4438
    #7 0x55a046a3d811 in main /mnt/sdb/qemu/softmmu/main.c:48
    #8 0x7fb7a8417872 in __libc_start_main (/lib64/libc.so.6+0x23872)
    #9 0x55a04536b26d in _start (/mnt/sdb/qemu/build/x86_64-softmmu/qemu-system-x86_64+0x286926d)

Reported-by: Euler Robot <euler.robot@huawei.com>
Signed-off-by: Pan Nengyuan <pannengyuan@huawei.com>
---
 migration/rdma.c | 1 +
 1 file changed, 1 insertion(+)

Comments

Pan Nengyuan April 20, 2020, 7:05 a.m. UTC | #1 
Correcting zhang hailiang's email.

On 4/20/2020 6:27 PM, Pan Nengyuan wrote:
> 'rdma->host' is malloced in qemu_rdma_data_init, but forgot to free on the error
> path in rdma_start_incoming_migration(), this patch fix that.
> 
> The leak stack:
> Direct leak of 2 byte(s) in 1 object(s) allocated from:
>     #0 0x7fb7add18ae8 in __interceptor_malloc (/lib64/libasan.so.5+0xefae8)
>     #1 0x7fb7ad0df1d5 in g_malloc (/lib64/libglib-2.0.so.0+0x531d5)
>     #2 0x7fb7ad0f8b32 in g_strdup (/lib64/libglib-2.0.so.0+0x6cb32)
>     #3 0x55a0464a0f6f in qemu_rdma_data_init /mnt/sdb/qemu/migration/rdma.c:2647
>     #4 0x55a0464b0e76 in rdma_start_incoming_migration /mnt/sdb/qemu/migration/rdma.c:4020
>     #5 0x55a0463f898a in qemu_start_incoming_migration /mnt/sdb/qemu/migration/migration.c:365
>     #6 0x55a0458c75d3 in qemu_init /mnt/sdb/qemu/softmmu/vl.c:4438
>     #7 0x55a046a3d811 in main /mnt/sdb/qemu/softmmu/main.c:48
>     #8 0x7fb7a8417872 in __libc_start_main (/lib64/libc.so.6+0x23872)
>     #9 0x55a04536b26d in _start (/mnt/sdb/qemu/build/x86_64-softmmu/qemu-system-x86_64+0x286926d)
> 
> Reported-by: Euler Robot <euler.robot@huawei.com>
> Signed-off-by: Pan Nengyuan <pannengyuan@huawei.com>
> ---
>  migration/rdma.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/migration/rdma.c b/migration/rdma.c
> index f61587891b..967fda5b0c 100644
> --- a/migration/rdma.c
> +++ b/migration/rdma.c
> @@ -4056,6 +4056,7 @@ void rdma_start_incoming_migration(const char *host_port, Error **errp)
>      return;
>  err:
>      error_propagate(errp, local_err);
> +    g_free(rdma->host);
>      g_free(rdma);
>      g_free(rdma_return_path);
>  }
>
Dr. David Alan Gilbert April 24, 2020, 9:46 a.m. UTC | #2 
* Pan Nengyuan (pannengyuan@huawei.com) wrote:
> 'rdma->host' is malloced in qemu_rdma_data_init, but forgot to free on the error
> path in rdma_start_incoming_migration(), this patch fix that.
> 
> The leak stack:
> Direct leak of 2 byte(s) in 1 object(s) allocated from:
>     #0 0x7fb7add18ae8 in __interceptor_malloc (/lib64/libasan.so.5+0xefae8)
>     #1 0x7fb7ad0df1d5 in g_malloc (/lib64/libglib-2.0.so.0+0x531d5)
>     #2 0x7fb7ad0f8b32 in g_strdup (/lib64/libglib-2.0.so.0+0x6cb32)
>     #3 0x55a0464a0f6f in qemu_rdma_data_init /mnt/sdb/qemu/migration/rdma.c:2647
>     #4 0x55a0464b0e76 in rdma_start_incoming_migration /mnt/sdb/qemu/migration/rdma.c:4020
>     #5 0x55a0463f898a in qemu_start_incoming_migration /mnt/sdb/qemu/migration/migration.c:365
>     #6 0x55a0458c75d3 in qemu_init /mnt/sdb/qemu/softmmu/vl.c:4438
>     #7 0x55a046a3d811 in main /mnt/sdb/qemu/softmmu/main.c:48
>     #8 0x7fb7a8417872 in __libc_start_main (/lib64/libc.so.6+0x23872)
>     #9 0x55a04536b26d in _start (/mnt/sdb/qemu/build/x86_64-softmmu/qemu-system-x86_64+0x286926d)
> 
> Reported-by: Euler Robot <euler.robot@huawei.com>
> Signed-off-by: Pan Nengyuan <pannengyuan@huawei.com>

Thanks,


Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>

> ---
>  migration/rdma.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/migration/rdma.c b/migration/rdma.c
> index f61587891b..967fda5b0c 100644
> --- a/migration/rdma.c
> +++ b/migration/rdma.c
> @@ -4056,6 +4056,7 @@ void rdma_start_incoming_migration(const char *host_port, Error **errp)
>      return;
>  err:
>      error_propagate(errp, local_err);
> +    g_free(rdma->host);
>      g_free(rdma);
>      g_free(rdma_return_path);
>  }
> -- 
> 2.18.2
> 
--
Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK
Pan Nengyuan May 8, 2020, 2:13 a.m. UTC | #3 
On 4/24/2020 5:46 PM, Dr. David Alan Gilbert wrote:
> * Pan Nengyuan (pannengyuan@huawei.com) wrote:
>> 'rdma->host' is malloced in qemu_rdma_data_init, but forgot to free on the error
>> path in rdma_start_incoming_migration(), this patch fix that.
>>
>> The leak stack:
>> Direct leak of 2 byte(s) in 1 object(s) allocated from:
>>     #0 0x7fb7add18ae8 in __interceptor_malloc (/lib64/libasan.so.5+0xefae8)
>>     #1 0x7fb7ad0df1d5 in g_malloc (/lib64/libglib-2.0.so.0+0x531d5)
>>     #2 0x7fb7ad0f8b32 in g_strdup (/lib64/libglib-2.0.so.0+0x6cb32)
>>     #3 0x55a0464a0f6f in qemu_rdma_data_init /mnt/sdb/qemu/migration/rdma.c:2647
>>     #4 0x55a0464b0e76 in rdma_start_incoming_migration /mnt/sdb/qemu/migration/rdma.c:4020
>>     #5 0x55a0463f898a in qemu_start_incoming_migration /mnt/sdb/qemu/migration/migration.c:365
>>     #6 0x55a0458c75d3 in qemu_init /mnt/sdb/qemu/softmmu/vl.c:4438
>>     #7 0x55a046a3d811 in main /mnt/sdb/qemu/softmmu/main.c:48
>>     #8 0x7fb7a8417872 in __libc_start_main (/lib64/libc.so.6+0x23872)
>>     #9 0x55a04536b26d in _start (/mnt/sdb/qemu/build/x86_64-softmmu/qemu-system-x86_64+0x286926d)
>>
>> Reported-by: Euler Robot <euler.robot@huawei.com>
>> Signed-off-by: Pan Nengyuan <pannengyuan@huawei.com>
> 
> Thanks,
> 
> 
> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
> 
>> ---
>>  migration/rdma.c | 1 +
>>  1 file changed, 1 insertion(+)
>>
>> diff --git a/migration/rdma.c b/migration/rdma.c
>> index f61587891b..967fda5b0c 100644
>> --- a/migration/rdma.c
>> +++ b/migration/rdma.c
>> @@ -4056,6 +4056,7 @@ void rdma_start_incoming_migration(const char *host_port, Error **errp)
>>      return;
>>  err:
>>      error_propagate(errp, local_err);
>> +    g_free(rdma->host);
>>      g_free(rdma);
>>      g_free(rdma_return_path);
>>  }
>> -- 
>> 2.18.2
>>

Oh, I'm sorry, this may cause a potential nullptr access when taking the first error branch in rdma_start_incoming_migration:

    rdma = qemu_rdma_data_init(host_port, &local_err);

    if (rdma == NULL) {
        goto err;
    }
    ...

Since it has applied, I will send a new patch to fix it.

> --
> Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK
> 
> .
>
diff mbox series

Patch

diff --git a/migration/rdma.c b/migration/rdma.c
index f61587891b..967fda5b0c 100644
--- a/migration/rdma.c
+++ b/migration/rdma.c
@@ -4056,6 +4056,7 @@  void rdma_start_incoming_migration(const char *host_port, Error **errp)
     return;
 err:
     error_propagate(errp, local_err);
+    g_free(rdma->host);
     g_free(rdma);
     g_free(rdma_return_path);
 }