File 0391-virtio-Fix-memory-leaks-reported-by.patch of Package qemu.8405
From b735a717b325c021b2c2cd9037092a8aa0852301 Mon Sep 17 00:00:00 2001
From: Stefan Weil <sw@weilnetz.de>
Date: Sat, 14 Mar 2015 11:45:18 +0100
Subject: [PATCH] virtio: Fix memory leaks reported by Coverity
All four leaks are similar, so fix them in one patch.
Success path was not doing memory free.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
(cherry picked from commit 4ed7b2c3a78f785a1bcbe575e08c379b166723e3)
[BR: Fix and/or infrastructure for BSC#1020427 CVE-2016-9602]
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
hw/9pfs/9p-local.c | 28 ++++++++--------------------
1 file changed, 8 insertions(+), 20 deletions(-)
diff --git a/hw/9pfs/9p-local.c b/hw/9pfs/9p-local.c
index c96fe14897..66a6c6c9af 100644
--- a/hw/9pfs/9p-local.c
+++ b/hw/9pfs/9p-local.c
@@ -734,7 +734,7 @@ static int local_mknod(FsContext *fs_ctx, V9fsPath *dir_path,
int err = -1;
int serrno = 0;
V9fsString fullname;
- char *buffer;
+ char *buffer = NULL;
v9fs_string_init(&fullname);
v9fs_string_sprintf(&fullname, "%s/%s", dir_path->data, name);
@@ -745,7 +745,6 @@ static int local_mknod(FsContext *fs_ctx, V9fsPath *dir_path,
buffer = rpath(fs_ctx, path);
err = mknod(buffer, SM_LOCAL_MODE_BITS|S_IFREG, 0);
if (err == -1) {
- g_free(buffer);
goto out;
}
err = local_set_xattr(buffer, credp);
@@ -758,7 +757,6 @@ static int local_mknod(FsContext *fs_ctx, V9fsPath *dir_path,
buffer = rpath(fs_ctx, path);
err = mknod(buffer, SM_LOCAL_MODE_BITS|S_IFREG, 0);
if (err == -1) {
- g_free(buffer);
goto out;
}
err = local_set_mapped_file_attr(fs_ctx, path, credp);
@@ -771,7 +769,6 @@ static int local_mknod(FsContext *fs_ctx, V9fsPath *dir_path,
buffer = rpath(fs_ctx, path);
err = mknod(buffer, credp->fc_mode, credp->fc_rdev);
if (err == -1) {
- g_free(buffer);
goto out;
}
err = local_post_create_passthrough(fs_ctx, path, credp);
@@ -785,8 +782,8 @@ static int local_mknod(FsContext *fs_ctx, V9fsPath *dir_path,
err_end:
remove(buffer);
errno = serrno;
- g_free(buffer);
out:
+ g_free(buffer);
v9fs_string_free(&fullname);
return err;
}
@@ -798,7 +795,7 @@ static int local_mkdir(FsContext *fs_ctx, V9fsPath *dir_path,
int err = -1;
int serrno = 0;
V9fsString fullname;
- char *buffer;
+ char *buffer = NULL;
v9fs_string_init(&fullname);
v9fs_string_sprintf(&fullname, "%s/%s", dir_path->data, name);
@@ -809,7 +806,6 @@ static int local_mkdir(FsContext *fs_ctx, V9fsPath *dir_path,
buffer = rpath(fs_ctx, path);
err = mkdir(buffer, SM_LOCAL_DIR_MODE_BITS);
if (err == -1) {
- g_free(buffer);
goto out;
}
credp->fc_mode = credp->fc_mode|S_IFDIR;
@@ -822,7 +818,6 @@ static int local_mkdir(FsContext *fs_ctx, V9fsPath *dir_path,
buffer = rpath(fs_ctx, path);
err = mkdir(buffer, SM_LOCAL_DIR_MODE_BITS);
if (err == -1) {
- g_free(buffer);
goto out;
}
credp->fc_mode = credp->fc_mode|S_IFDIR;
@@ -836,7 +831,6 @@ static int local_mkdir(FsContext *fs_ctx, V9fsPath *dir_path,
buffer = rpath(fs_ctx, path);
err = mkdir(buffer, credp->fc_mode);
if (err == -1) {
- g_free(buffer);
goto out;
}
err = local_post_create_passthrough(fs_ctx, path, credp);
@@ -850,8 +844,8 @@ static int local_mkdir(FsContext *fs_ctx, V9fsPath *dir_path,
err_end:
remove(buffer);
errno = serrno;
- g_free(buffer);
out:
+ g_free(buffer);
v9fs_string_free(&fullname);
return err;
}
@@ -905,7 +899,7 @@ static int local_open2(FsContext *fs_ctx, V9fsPath *dir_path, const char *name,
int err = -1;
int serrno = 0;
V9fsString fullname;
- char *buffer;
+ char *buffer = NULL;
/*
* Mark all the open to not follow symlinks
@@ -921,7 +915,6 @@ static int local_open2(FsContext *fs_ctx, V9fsPath *dir_path, const char *name,
buffer = rpath(fs_ctx, path);
fd = open(buffer, flags, SM_LOCAL_MODE_BITS);
if (fd == -1) {
- g_free(buffer);
err = fd;
goto out;
}
@@ -936,7 +929,6 @@ static int local_open2(FsContext *fs_ctx, V9fsPath *dir_path, const char *name,
buffer = rpath(fs_ctx, path);
fd = open(buffer, flags, SM_LOCAL_MODE_BITS);
if (fd == -1) {
- g_free(buffer);
err = fd;
goto out;
}
@@ -952,7 +944,6 @@ static int local_open2(FsContext *fs_ctx, V9fsPath *dir_path, const char *name,
buffer = rpath(fs_ctx, path);
fd = open(buffer, flags, credp->fc_mode);
if (fd == -1) {
- g_free(buffer);
err = fd;
goto out;
}
@@ -970,8 +961,8 @@ err_end:
close(fd);
remove(buffer);
errno = serrno;
- g_free(buffer);
out:
+ g_free(buffer);
v9fs_string_free(&fullname);
return err;
}
@@ -984,7 +975,7 @@ static int local_symlink(FsContext *fs_ctx, const char *oldpath,
int serrno = 0;
char *newpath;
V9fsString fullname;
- char *buffer;
+ char *buffer = NULL;
v9fs_string_init(&fullname);
v9fs_string_sprintf(&fullname, "%s/%s", dir_path->data, name);
@@ -997,7 +988,6 @@ static int local_symlink(FsContext *fs_ctx, const char *oldpath,
buffer = rpath(fs_ctx, newpath);
fd = open(buffer, O_CREAT|O_EXCL|O_RDWR|O_NOFOLLOW, SM_LOCAL_MODE_BITS);
if (fd == -1) {
- g_free(buffer);
err = fd;
goto out;
}
@@ -1027,7 +1017,6 @@ static int local_symlink(FsContext *fs_ctx, const char *oldpath,
buffer = rpath(fs_ctx, newpath);
fd = open(buffer, O_CREAT|O_EXCL|O_RDWR|O_NOFOLLOW, SM_LOCAL_MODE_BITS);
if (fd == -1) {
- g_free(buffer);
err = fd;
goto out;
}
@@ -1056,7 +1045,6 @@ static int local_symlink(FsContext *fs_ctx, const char *oldpath,
buffer = rpath(fs_ctx, newpath);
err = symlink(oldpath, buffer);
if (err) {
- g_free(buffer);
goto out;
}
err = lchown(buffer, credp->fc_uid, credp->fc_gid);
@@ -1077,8 +1065,8 @@ static int local_symlink(FsContext *fs_ctx, const char *oldpath,
err_end:
remove(buffer);
errno = serrno;
- g_free(buffer);
out:
+ g_free(buffer);
v9fs_string_free(&fullname);
return err;
}
