On Sun, Feb 25, 2024 at 02:54:01PM +0900, Akihiko Odaki wrote:
> exec_start_outgoing_migration() and exec_start_incoming_migration()
> leak argv because it uses g_steal_pointer() is used to pass argv
> qio_channel_command_new_spawn() while it does not free argv either.
>
> Removing g_steal_pointer() is not sufficient though because argv is
> typed g_auto(GStrv), which means the array of strings *and strings* will
> be freed. The strings are only borrowed from the caller of
> exec_start_outgoing_migration() and exec_start_incoming_migration() so
> freeing them result in double-free.
>
> Instead, type argv as g_autofree char **. This ensures only the array
> of strings will be freed and the strings won't be freed. Also, remove
> unnecessary casts according to the new type.
>
> Fixes: cbab4face57b ("migration: convert exec backend to accept
> MigrateAddress.")
> Signed-off-by: Akihiko Odaki <akihiko.od...@daynix.com>
Cc: qemu-stable <qemu-sta...@nongnu.org>
Reviewed-by: Peter Xu <pet...@redhat.com>
This should conflict with Steve's other series:
https://lore.kernel.org/r/1708638470-114846-1-git-send-email-steven.sist...@oracle.com
Considering this can be stable material, should be easier if we have the
other series rebased on top of this, even if that was sent first..
Steve, do you still plan to repost your series? Maybe you can review it &
pick this up into your series? Then whoever pick up your series will pick
up both (Markus will?)?
Thanks,
--
Peter Xu
