[libvirt] [PATCH 2/3] qemuBuildSevCommandLine: fix buffer leak

Wed Jun 13 10:51:58 UTC 2018

The buffer is not freed anywhere. Nor in the error paths. Also
the usage virCommand with respect to buffer is very odd.

==2504== 1,100 bytes in 1 blocks are definitely lost in loss record 167 of 175
==2504==    at 0x4C2CE3F: malloc (vg_replace_malloc.c:298)
==2504==    by 0x4C2F1BF: realloc (vg_replace_malloc.c:785)
==2504==    by 0x5D32EE2: virReallocN (viralloc.c:245)
==2504==    by 0x5D37278: virBufferGrow (virbuffer.c:150)
==2504==    by 0x5D3783E: virBufferVasprintf (virbuffer.c:408)
==2504==    by 0x5D377A9: virBufferAsprintf (virbuffer.c:381)
==2504==    by 0x57017C1: qemuBuildSevCommandLine (qemu_command.c:9707)
==2504==    by 0x57030F7: qemuBuildCommandLine (qemu_command.c:10324)
==2504==    by 0x575FA48: qemuProcessCreatePretendCmd (qemu_process.c:6644)
==2504==    by 0x11351A: testCompareXMLToArgv (qemuxml2argvtest.c:564)
==2504==    by 0x1392F7: virTestRun (testutils.c:180)
==2504==    by 0x137895: mymain (qemuxml2argvtest.c:2900)

Signed-off-by: Michal Privoznik <mprivozn at redhat.com>
---
 src/qemu/qemu_command.c | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index a7f659308c..796831f79c 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -9697,6 +9697,7 @@ qemuBuildSevCommandLine(virDomainObjPtr vm, virCommandPtr cmd,
     virBuffer buf = VIR_BUFFER_INITIALIZER;
     qemuDomainObjPrivatePtr priv = vm->privateData;
     char *path = NULL;
+    int ret = -1;
 
     if (!sev)
         return 0;
@@ -9710,20 +9711,24 @@ qemuBuildSevCommandLine(virDomainObjPtr vm, virCommandPtr cmd,
 
     if (sev->dh_cert) {
         if (virAsprintf(&path, "%s/dh_cert.base64", priv->libDir) < 0)
-            return -1;
+            goto cleanup;
         virBufferAsprintf(&buf, ",dh-cert-file=%s", path);
         VIR_FREE(path);
     }
 
     if (sev->session) {
         if (virAsprintf(&path, "%s/session.base64", priv->libDir) < 0)
-            return -1;
+            goto cleanup;
         virBufferAsprintf(&buf, ",session-file=%s", path);
         VIR_FREE(path);
     }
 
-    virCommandAddArgList(cmd, "-object", virBufferContentAndReset(&buf), NULL);
-    return 0;
+    virCommandAddArg(cmd, "-object");
+    virCommandAddArgBuffer(cmd, &buf);
+    ret = 0;
+ cleanup:
+    virBufferFreeAndReset(&buf);
+    return ret;
 }
 
 static int
-- 
2.16.4


