From 6add0a541a003a6ba45ddf5aa7412e2ded98dcac Mon Sep 17 00:00:00 2001
Message-Id: <6add0a541a003a6ba45ddf5aa7412e2ded98dcac@dist-git>
From: Michal Privoznik <mprivozn@redhat.com>
Date: Wed, 24 Aug 2016 16:10:57 -0400
Subject: [PATCH] qemuBuildCpuCommandLine: Don't leak @buf

https://bugzilla.redhat.com/show_bug.cgi?id=1097930
https://bugzilla.redhat.com/show_bug.cgi?id=1224341

Just like every other qemuBuild*CommandLine() function, this uses
a buffer to hold partial cmd line strings too. However, if
there's an error, the control jumps to 'cleanup' label leaving
the buffer behind and thus leaking it.

==2013== 1,006 bytes in 1 blocks are definitely lost in loss record 701 of 711
==2013==    at 0x4C29F80: malloc (vg_replace_malloc.c:296)
==2013==    by 0x4C2C32F: realloc (vg_replace_malloc.c:692)
==2013==    by 0xAD925A8: virReallocN (viralloc.c:245)
==2013==    by 0xAD95EA8: virBufferGrow (virbuffer.c:130)
==2013==    by 0xAD95F78: virBufferAdd (virbuffer.c:165)
==2013==    by 0x5097F5: qemuBuildCpuModelArgStr (qemu_command.c:6339)
==2013==    by 0x509CC3: qemuBuildCpuCommandLine (qemu_command.c:6437)
==2013==    by 0x51142C: qemuBuildCommandLine (qemu_command.c:9174)
==2013==    by 0x47CA3A: qemuProcessCreatePretendCmd (qemu_process.c:5546)
==2013==    by 0x433698: testCompareXMLToArgvFiles (qemuxml2argvtest.c:332)
==2013==    by 0x4339AC: testCompareXMLToArgvHelper (qemuxml2argvtest.c:413)
==2013==    by 0x446E7A: virTestRun (testutils.c:179)

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
(cherry picked from commit 87df945240dcd9769d6fd6dbddfb2bb5601b349d)
---
 src/qemu/qemu_command.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 9832a6a..57b04ee 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -6841,6 +6841,7 @@ qemuBuildCpuCommandLine(virCommandPtr cmd,
 
  cleanup:
     VIR_FREE(cpu);
+    virBufferFreeAndReset(&buf);
     return ret;
 }
 
-- 
2.10.0