[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH 3/7] Coverity: Fix resource leak in esx driver



2012/5/2 Osier Yang <jyang redhat com>:
> Error: RESOURCE_LEAK:
> /builddir/build/BUILD/libvirt-0.9.10/src/esx/esx_vi.c:1893: alloc_arg: Calling allocation function "esxVI_ObjectSpec_Alloc" on "objectSpec".
> /builddir/build/BUILD/libvirt-0.9.10/src/esx/esx_vi_types.generated.c:2065: alloc_arg: "esxVI_Alloc" allocates memory that is stored into "*ptrptr".
> /builddir/build/BUILD/libvirt-0.9.10/src/esx/esx_vi.c:1626: alloc_arg: "virAllocN" allocates memory that is stored into "*ptrptr".
> /builddir/build/BUILD/libvirt-0.9.10/src/util/memory.c:129: alloc_fn: Storage is returned from allocation function "calloc".
> /builddir/build/BUILD/libvirt-0.9.10/src/util/memory.c:129: var_assign: Assigning: "*((void **)ptrptr)" = "calloc(count, size)".
> /builddir/build/BUILD/libvirt-0.9.10/src/esx/esx_vi.c:2006: leaked_storage: Variable "objectSpec" going out of scope leaks the storage it points to.
>
> Error: RESOURCE_LEAK:
> /builddir/build/BUILD/libvirt-0.9.10/src/esx/esx_vi.c:1945: alloc_arg: Calling allocation function "esxVI_PropertySpec_Alloc" on "propertySpec".
> /builddir/build/BUILD/libvirt-0.9.10/src/esx/esx_vi_types.generated.c:2693: alloc_arg: "esxVI_Alloc" allocates memory that is stored into "*ptrptr".
> /builddir/build/BUILD/libvirt-0.9.10/src/esx/esx_vi.c:1626: alloc_arg: "virAllocN" allocates memory that is stored into "*ptrptr".
> /builddir/build/BUILD/libvirt-0.9.10/src/util/memory.c:129: alloc_fn: Storage is returned from allocation function "calloc".
> /builddir/build/BUILD/libvirt-0.9.10/src/util/memory.c:129: var_assign: Assigning: "*((void **)ptrptr)" = "calloc(count, size)".
> /builddir/build/BUILD/libvirt-0.9.10/src/esx/esx_vi.c:2006: leaked_storage: Variable "propertySpec" going out of scope leaks the storage it points to.
>
> Error: RESOURCE_LEAK:
> /builddir/build/BUILD/libvirt-0.9.10/src/esx/esx_vi.c:3913: alloc_arg: Calling allocation function "esxVI_ObjectSpec_Alloc" on "objectSpec".
> /builddir/build/BUILD/libvirt-0.9.10/src/esx/esx_vi_types.generated.c:2065: alloc_arg: "esxVI_Alloc" allocates memory that is stored into "*ptrptr".
> /builddir/build/BUILD/libvirt-0.9.10/src/esx/esx_vi.c:1626: alloc_arg: "virAllocN" allocates memory that is stored into "*ptrptr".
> /builddir/build/BUILD/libvirt-0.9.10/src/util/memory.c:129: alloc_fn: Storage is returned from allocation function "calloc".
> /builddir/build/BUILD/libvirt-0.9.10/src/util/memory.c:129: var_assign: Assigning: "*((void **)ptrptr)" = "calloc(count, size)".
> /builddir/build/BUILD/libvirt-0.9.10/src/esx/esx_vi.c:4075: leaked_storage: Variable "objectSpec" going out of scope leaks the storage it points to.
>
> Error: RESOURCE_LEAK:
> /builddir/build/BUILD/libvirt-0.9.10/src/esx/esx_vi.c:3920: alloc_arg: Calling allocation function "esxVI_PropertySpec_Alloc" on "propertySpec".
> /builddir/build/BUILD/libvirt-0.9.10/src/esx/esx_vi_types.generated.c:2693: alloc_arg: "esxVI_Alloc" allocates memory that is stored into "*ptrptr".
> /builddir/build/BUILD/libvirt-0.9.10/src/esx/esx_vi.c:1626: alloc_arg: "virAllocN" allocates memory that is stored into "*ptrptr".
> /builddir/build/BUILD/libvirt-0.9.10/src/util/memory.c:129: alloc_fn: Storage is returned from allocation function "calloc".
> /builddir/build/BUILD/libvirt-0.9.10/src/util/memory.c:129: var_assign: Assigning: "*((void **)ptrptr)" = "calloc(count, size)".
> /builddir/build/BUILD/libvirt-0.9.10/src/esx/esx_vi.c:4075: leaked_storage: Variable "propertySpec" going out of scope leaks the storage it points to.
> ---
>  src/esx/esx_vi.c |    4 ++++
>  1 files changed, 4 insertions(+), 0 deletions(-)
>
> diff --git a/src/esx/esx_vi.c b/src/esx/esx_vi.c
> index 42e0976..1c30e5a 100644
> --- a/src/esx/esx_vi.c
> +++ b/src/esx/esx_vi.c
> @@ -2001,6 +2001,8 @@ esxVI_LookupObjectContentByType(esxVI_Context *ctx,
>         propertySpec->pathSet = NULL;
>     }
>
> +    esxVI_ObjectSpec_Free(&objectSpec);
> +    esxVI_PropertySpec_Free(&propertySpec);
>     esxVI_PropertyFilterSpec_Free(&propertyFilterSpec);
>
>     return result;
> @@ -4066,6 +4068,8 @@ esxVI_WaitForTaskCompletion(esxVI_Context *ctx,
>         propertySpec->type = NULL;
>     }
>
> +    esxVI_ObjectSpec_Free(&objectSpec);
> +    esxVI_PropertySpec_Free(&propertySpec);
>     esxVI_PropertyFilterSpec_Free(&propertyFilterSpec);
>     esxVI_ManagedObjectReference_Free(&propertyFilter);
>     VIR_FREE(version);

NACK, Coverity is wrong here.

The following lines in esxVI_LookupObjectContentByType and
esxVI_WaitForTaskCompletion thransfer ownership of the objects to
another one that will free them.

esxVI_PropertySpec_AppendToList(&propertyFilterSpec->propSet, propertySpec)
esxVI_ObjectSpec_AppendToList(&propertyFilterSpec->objectSet, objectSpec)

So there is no leak in the common case here. Yes there is a
possibility in a certain error path to leak them, but your patch
creates a double-free in the common case. I'll post a patch later on
to fix the possible leak in the special error path.

-- 
Matthias Bolte
http://photron.blogspot.com


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]