Commit a9796703 authored Sep 17, 2009 by Glauber Costa Committed by Anthony Liguori Oct 05, 2009

Correctly free nd structure

When we "free" a NICInfo structure, we can leak pointers, since we don't do
much more than setting used = 0.

We free() the model parameter, but we don't set it to NULL. This means that
a new user of this structure will see garbage in there. It was not noticed
before because reusing a NICInfo is not that common, but it can be, for
users of device pci hotplug.

A user hit it, described at https://bugzilla.redhat.com/show_bug.cgi?id=524022



This patch memset's the whole structure, guaranteeing that anyone reusing it
will see a fresh NICinfo. Also, we free some other strings that are currently
leaking.

This codebase is quite old, so this patch should feed all stable trees.

Signed-off-by: Glauber Costa <glommer@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>

parent e5bc201d

net.c

+7 −2

Original line number	Diff line number	Diff line
		@@ -2803,8 +2803,13 @@ void net_client_uninit(NICInfo *nd)
		{
		nd->vlan->nb_guest_devs--;
		nb_nics--;
		nd->used = 0;
		free((void *)nd->model);

		qemu_free((void *)nd->model);
		qemu_free((void *)nd->name);
		qemu_free((void *)nd->devaddr);
		qemu_free((void *)nd->id);

		memset(nd, 0, sizeof(*nd));
		}

		static int net_host_check_device(const char *device)