packages/qemu
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
qemu/qga-Fix-memory-leak-when-output-stream-is-unused.patch
Jiabo Feng 80a22cff37 QEMU update to version 6.2.0-83(master) 
- hw/virtio/virtio-pmem: Replace impossible check by assertion
- tests: Fix printf format string in acpi-utils.c
- softmmu/dirtylimit: Add parameter check for hmp "set_vcpu_dirty_limit"
- disas/riscv: Fix the typo of inverted order of pmpaddr13 and pmpaddr14
- qga: Fix memory leak when output stream is unused
- ui/vnc-clipboard: fix infinite loop in inflate_buffer (CVE-2023-3255)
- target/i386: Add few security fix bits in ARCH_CAPABILITIES into SapphireRapids CPU model
- target/i386: Add new bit definitions of MSR_IA32_ARCH_CAPABILITIES
- target/i386: Allow MCDT_NO if host supports
- target/i386: Add support for MCDT_NO in CPUID enumeration
- target/i386: Export MSR_ARCH_CAPABILITIES bits to guests
- target/i386: add support for FB_CLEAR feature
- target/i386: add support for FLUSH_L1D feature
- crypto: remove shadowed 'ret' variable
- hw/i2c/pmbus_device: Fix modifying QOM class internals from instance
- hw/arm/xlnx-zynqmp: fix unsigned error when checking the RPUs number

Signed-off-by: Jiabo Feng <fengjiabo1@huawei.com>
2023-10-30 16:57:11 +08:00

57 lines
2.1 KiB
Diff
Raw Blame History

From 877d97f7e7b88c9cb8754bece152dc27a2a0f47a Mon Sep 17 00:00:00 2001
From: qihao <qihao_yewu@cmss.chinamobile.com>
Date: Mon, 16 Oct 2023 10:22:03 +0800
Subject: [PATCH] qga: Fix memory leak when output stream is unused
cheery-pick from d6f67b83b81bf49b5c62e77143ed39c020e51830
If capture-output is requested but one of the channels goes unused (eg.
we attempt to capture stderr but the command never writes to stderr), we
can leak memory.
guest_exec_output_watch() is (from what I understand) unconditionally
called for both streams if output capture is requested. The first call
will always pass the `p->size == p->length` check b/c both values are
0. Then GUEST_EXEC_IO_SIZE bytes will be allocated for the stream.
But when we reap the exited process there's a `gei->err.length > 0`
check to actually free the buffer. Which does not get run if the command
doesn't write to the stream.
Fix by making free() unconditional.
Reviewed-by: Konstantin Kostiuk <kkostiuk@redhat.com>
Signed-off-by: Daniel Xu <dxu@dxuuu.xyz>
Signed-off-by: Konstantin Kostiuk <kkostiuk@redhat.com>
Signed-off-by: qihao_yewu <qihao_yewu@cmss.chinamobile.com>
---
qga/commands.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/qga/commands.c b/qga/commands.c
index 80501e4a73..05f89725be 100644
--- a/qga/commands.c
+++ b/qga/commands.c
@@ -210,16 +210,16 @@ GuestExecStatus *qmp_guest_exec_status(int64_t pid, Error **errp)
if (gei->out.length > 0) {
ges->has_out_data = true;
ges->out_data = g_base64_encode(gei->out.data, gei->out.length);
- g_free(gei->out.data);
ges->has_out_truncated = gei->out.truncated;
}
+ g_free(gei->out.data);
if (gei->err.length > 0) {
ges->has_err_data = true;
ges->err_data = g_base64_encode(gei->err.data, gei->err.length);
- g_free(gei->err.data);
ges->has_err_truncated = gei->err.truncated;
}
+ g_free(gei->err.data);
QTAILQ_REMOVE(&guest_exec_state.processes, gei, next);
g_free(gei);
--
2.41.0.windows.1
Reference in New Issue View Git Blame Copy Permalink