[libvirt] [PATCH] nwfilter: plub memory leak with firewall

Eric Blake eblake at redhat.com
Wed Jul 23 04:19:54 UTC 2014


Introduced in commit 70571ccc. Caught by valgrind:

==9816== 170 (32 direct, 138 indirect) bytes in 1 blocks are definitely lost in loss record 646 of 821
==9816==    at 0x4A081D4: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==9816==    by 0x50836FB: virAlloc (viralloc.c:144)
==9816==    by 0x50AEC2B: virFirewallNew (virfirewall.c:204)
==9816==    by 0x1E2308ED: ebiptablesDriverProbeStateMatch (nwfilter_ebiptables_driver.c:3715)
==9816==    by 0x1E2309AD: ebiptablesDriverInit (nwfilter_ebiptables_driver.c:3742)

* src/nwfilter/nwfilter_ebiptables_driver.c
(ebiptablesDriverProbeStateMatch): Properly clean up.

Signed-off-by: Eric Blake <eblake at redhat.com>
---
 src/nwfilter/nwfilter_ebiptables_driver.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/nwfilter/nwfilter_ebiptables_driver.c b/src/nwfilter/nwfilter_ebiptables_driver.c
index 1701d62..d41133c 100644
--- a/src/nwfilter/nwfilter_ebiptables_driver.c
+++ b/src/nwfilter/nwfilter_ebiptables_driver.c
@@ -3713,6 +3713,7 @@ ebiptablesDriverProbeStateMatch(void)
 {
     unsigned long version;
     virFirewallPtr fw = virFirewallNew();
+    int ret = -1;

     virFirewallStartTransaction(fw, 0);
     virFirewallAddRuleFull(fw, VIR_FIREWALL_LAYER_IPV4,
@@ -3720,7 +3721,7 @@ ebiptablesDriverProbeStateMatch(void)
                            "--version", NULL);

     if (virFirewallApply(fw) < 0)
-        return -1;
+        goto cleanup;

     /*
      * since version 1.4.16 '-m state --state ...' will be converted to
@@ -3729,7 +3730,10 @@ ebiptablesDriverProbeStateMatch(void)
     if (version >= 1 * 1000000 + 4 * 1000 + 16)
         newMatchState = true;

-    return 0;
+    ret = 0;
+ cleanup:
+    virFirewallFree(fw);
+    return ret;
 }

 static int
-- 
1.9.3




More information about the libvir-list mailing list