On 10/18/2016 06:22 AM, Pino Toscano wrote: > On Tuesday, 18 October 2016 06:13:30 CEST Eric Blake wrote: >> On 10/18/2016 04:17 AM, Pino Toscano wrote: >>> qmp_output_start_struct() and qmp_output_start_list() create a new >>> QObject (QDict, QList) and push it to the stack of the QmpOutputVisitor, >>> where it is saved as 'value'. When freeing the iterator in >>> qmp_output_free(), these values are never freed properly. >> >> Do any of the tests (perhaps run under valgrind) show this leak? If not, >> maybe we should enhance their coverage. > > Running a simple `qemu-img info file.qcow2` under valgrind was enough > for me to show the leak.
I'm still not reproducing it. :( > > In this case, another simple fix is needed to fully fix the leak: > http://lists.nongnu.org/archive/html/qemu-devel/2016-10/msg04023.html In fact, isn't that fix alone enough to fix the leak? The more I think about this patch (and the thread on v2), the more I think it is too prone to double-freeing things. >>> +++ b/qapi/qmp-output-visitor.c >>> @@ -220,6 +220,7 @@ static void qmp_output_free(Visitor *v) >>> while (!QSLIST_EMPTY(&qov->stack)) { >>> e = QSLIST_FIRST(&qov->stack); >>> QSLIST_REMOVE_HEAD(&qov->stack, node); >>> + qobject_decref(e->value); >>> g_free(e); >>> } >>> >>> >> >> > > -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature