From 6add0a541a003a6ba45ddf5aa7412e2ded98dcac Mon Sep 17 00:00:00 2001

Message-Id: <6add0a541a003a6ba45ddf5aa7412e2ded98dcac@dist-git>

From: Michal Privoznik <mprivozn@redhat.com>

Date: Wed, 24 Aug 2016 16:10:57 -0400

Subject: [PATCH] qemuBuildCpuCommandLine: Don't leak @buf

https://bugzilla.redhat.com/show_bug.cgi?id=1097930

https://bugzilla.redhat.com/show_bug.cgi?id=1224341

Just like every other qemuBuild*CommandLine() function, this uses

a buffer to hold partial cmd line strings too. However, if

there's an error, the control jumps to 'cleanup' label leaving

the buffer behind and thus leaking it.

==2013== 1,006 bytes in 1 blocks are definitely lost in loss record 701 of 711

==2013==    at 0x4C29F80: malloc (vg_replace_malloc.c:296)

==2013==    by 0x4C2C32F: realloc (vg_replace_malloc.c:692)

==2013==    by 0xAD925A8: virReallocN (viralloc.c:245)

==2013==    by 0xAD95EA8: virBufferGrow (virbuffer.c:130)

==2013==    by 0xAD95F78: virBufferAdd (virbuffer.c:165)

==2013==    by 0x5097F5: qemuBuildCpuModelArgStr (qemu_command.c:6339)

==2013==    by 0x509CC3: qemuBuildCpuCommandLine (qemu_command.c:6437)

==2013==    by 0x51142C: qemuBuildCommandLine (qemu_command.c:9174)

==2013==    by 0x47CA3A: qemuProcessCreatePretendCmd (qemu_process.c:5546)

==2013==    by 0x433698: testCompareXMLToArgvFiles (qemuxml2argvtest.c:332)

==2013==    by 0x4339AC: testCompareXMLToArgvHelper (qemuxml2argvtest.c:413)

==2013==    by 0x446E7A: virTestRun (testutils.c:179)

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>

(cherry picked from commit 87df945240dcd9769d6fd6dbddfb2bb5601b349d)

---

 src/qemu/qemu_command.c | 1 +

 1 file changed, 1 insertion(+)

diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c

index 9832a6a..57b04ee 100644

--- a/src/qemu/qemu_command.c

+++ b/src/qemu/qemu_command.c

@@ -6841,6 +6841,7 @@ qemuBuildCpuCommandLine(virCommandPtr cmd,

  cleanup:

     VIR_FREE(cpu);

+    virBufferFreeAndReset(&buf;;

     return ret;

 }

-- 

2.10.0