Commit be4d026f authored Apr 07, 2018 by Greg Kurz Committed by Cornelia Huck Apr 09, 2018

vfio-ccw: fix memory leaks in vfio_ccw_realize()



If the subchannel is already attached or if vfio_get_device() fails, the
code jumps to the 'out_device_err' label and doesn't free the string it
has just allocated.

The code should be reworked so that vcdev->vdev.name only gets set when
the device has been attached, and freed when it is about to be detached.
This could be achieved  with the addition of a vfio_ccw_get_device()
function that would be the counterpart of vfio_put_device(). But this is
a more elaborate cleanup that should be done in a follow-up. For now,
let's just add calls to g_free() on the buggy error paths.

Signed-off-by: Greg Kurz <groug@kaod.org>
Message-Id: <152311222681.203086.8874800175539040298.stgit@bahia>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>

parent c607bb8f

hw/vfio/ccw.c

+2 −0

Original line number	Diff line number	Diff line
		@@ -357,11 +357,13 @@ static void vfio_ccw_realize(DeviceState dev, Error *errp)
		if (strcmp(vbasedev->name, vcdev->vdev.name) == 0) {
		error_setg(&err, "vfio: subchannel %s has already been attached",
		vcdev->vdev.name);
		g_free(vcdev->vdev.name);
		goto out_device_err;
		}
		}

		if (vfio_get_device(group, cdev->mdevid, &vcdev->vdev, &err)) {
		g_free(vcdev->vdev.name);
		goto out_device_err;
		}