Blob Blame History Raw
From cb052b5df117e4d3d90fd0f7ee70d0e428d46250 Mon Sep 17 00:00:00 2001
From: "Eduardo Lima (Etrunko)" <etrunko@redhat.com>
Date: Tue, 22 Dec 2020 08:53:16 -0300
Subject: [PATCH] proxy: Fix error handling

Error returned by the task must be freed by the caller of the function.
This avoids a double-free scenario, as reported by valgrind:

Invalid free() / delete / delete[] / realloc()
   at 0x483A9F5: free (vg_replace_malloc.c:538)
   by 0x5A4C45C: g_free (in /usr/lib64/libglib-2.0.so.0.6600.3)
   by 0x5A6673F: g_slice_free1 (in /usr/lib64/libglib-2.0.so.0.6600.3)
   by 0x5A2CC09: g_clear_error (in /usr/lib64/libglib-2.0.so.0.6600.3)
   by 0x56F43B7: rest_call_async_set_error (ovirt-proxy.c:245)
   by 0x56F451A: call_async_cb (ovirt-proxy.c:265)
   by 0x571AFC3: ??? (in /usr/lib64/librest-0.7.so.0.0.0)
   by 0x5789593: ??? (in /usr/lib64/libsoup-2.4.so.1.11.0)
   by 0x5789B82: ??? (in /usr/lib64/libsoup-2.4.so.1.11.0)
   by 0x5789CD5: ??? (in /usr/lib64/libsoup-2.4.so.1.11.0)
   by 0x5A468AA: ??? (in /usr/lib64/libglib-2.0.so.0.6600.3)
   by 0x5A477EE: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.6600.3)
 Address 0x17d731b0 is 0 bytes inside a block of size 16 free'd
   at 0x483A9F5: free (vg_replace_malloc.c:538)
   by 0x5A4C45C: g_free (in /usr/lib64/libglib-2.0.so.0.6600.3)
   by 0x5A6673F: g_slice_free1 (in /usr/lib64/libglib-2.0.so.0.6600.3)
   by 0x5A2CC09: g_clear_error (in /usr/lib64/libglib-2.0.so.0.6600.3)
   by 0x43115A: ovirt_foreign_menu_iso_name_changed (remote-viewer-iso-list-dialog.c:358)
   by 0x587A349: ??? (in /usr/lib64/libgio-2.0.so.0.6600.3)
   by 0x587A58A: ??? (in /usr/lib64/libgio-2.0.so.0.6600.3)
   by 0x4302F7: iso_name_set_cb (ovirt-foreign-menu.c:423)
   by 0x587A349: ??? (in /usr/lib64/libgio-2.0.so.0.6600.3)
   by 0x587A58A: ??? (in /usr/lib64/libgio-2.0.so.0.6600.3)
   by 0x56F43AF: rest_call_async_set_error (ovirt-proxy.c:244)
   by 0x56F451A: call_async_cb (ovirt-proxy.c:265)
 Block was alloc'd at
   at 0x4839809: malloc (vg_replace_malloc.c:307)
   by 0x5A4F908: g_malloc (in /usr/lib64/libglib-2.0.so.0.6600.3)
   by 0x5A671C1: g_slice_alloc (in /usr/lib64/libglib-2.0.so.0.6600.3)
   by 0x5A33286: g_error_new_valist (in /usr/lib64/libglib-2.0.so.0.6600.3)
   by 0x5A3348E: g_set_error (in /usr/lib64/libglib-2.0.so.0.6600.3)
   by 0x56FB4D5: ovirt_utils_gerror_from_xml_fault (ovirt-utils.c:368)
   by 0x56F4356: rest_call_async_set_error (ovirt-proxy.c:242)
   by 0x56F451A: call_async_cb (ovirt-proxy.c:265)
   by 0x571AFC3: ??? (in /usr/lib64/librest-0.7.so.0.0.0)
   by 0x5789593: ??? (in /usr/lib64/libsoup-2.4.so.1.11.0)
   by 0x5789B82: ??? (in /usr/lib64/libsoup-2.4.so.1.11.0)
   by 0x5789CD5: ??? (in /usr/lib64/libsoup-2.4.so.1.11.0)

Signed-off-by: Eduardo Lima (Etrunko) <etrunko@redhat.com>
---
 govirt/ovirt-proxy.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/govirt/ovirt-proxy.c b/govirt/ovirt-proxy.c
index e2d2e5c..1cf1ebf 100644
--- a/govirt/ovirt-proxy.c
+++ b/govirt/ovirt-proxy.c
@@ -242,7 +242,6 @@ static void rest_call_async_set_error(RestProxyCall *call, GTask *task, const GE
     if (root != NULL && ovirt_utils_gerror_from_xml_fault(root, &local_error)) {
         g_debug("ovirt_rest_call_async(): %s", local_error->message);
         g_task_return_error(task, local_error);
-        g_clear_error(&local_error);
     } else {
         g_task_return_error(task, (GError *) error);
     }
@@ -272,7 +271,7 @@ call_async_cb(RestProxyCall *call, const GError *error,
                                               data->call_user_data,
                                               &call_error);
         if (call_error != NULL) {
-            rest_call_async_set_error(call, task, error);
+            rest_call_async_set_error(call, task, call_error);
             goto exit;
         }
     }
-- 
2.29.2