When qemuDomainGetFSInfo() is called it calls
qemuDomainGetFSInfoAgent() which executes 'guest-get-fsinfo'
guest agent command, parses returned JSON and returns an array of
qemuAgentFSInfo structures (well, pointers to those structs).
Then it grabs a domain job and tries to do some matching of guest
returned info against domain definition. This matching is done in
virDomainFSInfoFormat() which also frees the array of
qemuAgentFSInfo structures allocated earlier.
But this is not just. If acquiring the domain job fails (or
domain activeness check executed right after that fails) then
virDomainFSInfoFormat() is not called, leaking the array of
structs.
Signed-off-by: Michal Privoznik <mpriv...@redhat.com>
---
src/qemu/qemu_driver.c | 21 +++++++++++++--------
1 file changed, 13 insertions(+), 8 deletions(-)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index f59f9e13ba..d30cf75b73 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -18977,14 +18977,14 @@ virDomainFSInfoFormat(qemuAgentFSInfoPtr *agentinfo,
ret = nagentinfo;
cleanup:
- for (i = 0; i < nagentinfo; i++) {
- qemuAgentFSInfoFree(agentinfo[i]);
- /* if there was an error, free any memory we've allocated for the
- * return value */
- if (info_ret)
+ if (info_ret) {
+ for (i = 0; i < nagentinfo; i++) {
+ /* if there was an error, free any memory we've allocated for the
+ * return value */
virDomainFSInfoFree(info_ret[i]);
+ }
+ g_free(info_ret);
}
- g_free(info_ret);
return ret;
}
@@ -18997,7 +18997,7 @@ qemuDomainGetFSInfo(virDomainPtr dom,
virDomainObjPtr vm;
qemuAgentFSInfoPtr *agentinfo = NULL;
int ret = -1;
- int nfs;
+ int nfs = 0;
virCheckFlags(0, ret);
@@ -19022,7 +19022,12 @@ qemuDomainGetFSInfo(virDomainPtr dom,
qemuDomainObjEndJob(driver, vm);
cleanup:
- g_free(agentinfo);
+ if (agentinfo) {
+ size_t i;
+ for (i = 0; i < nfs; i++)
+ qemuAgentFSInfoFree(agentinfo[i]);
+ g_free(agentinfo);
+ }
virDomainObjEndAPI(&vm);
return ret;
}
--
2.26.2
