|
 |
6e0c7aa |
From ff55e94d23ae94c8628b0115320157c763eb3e06 Mon Sep 17 00:00:00 2001
|
|
|
6e0c7aa |
From: Li Qiang <liqiang6-s@360.cn>
|
|
|
6e0c7aa |
Date: Mon, 17 Oct 2016 14:13:58 +0200
|
|
|
6e0c7aa |
Subject: [PATCH] 9pfs: fix memory leak in v9fs_xattrcreate
|
|
|
6e0c7aa |
|
|
|
6e0c7aa |
The 'fs.xattr.value' field in V9fsFidState object doesn't consider the
|
|
|
6e0c7aa |
situation that this field has been allocated previously. Every time, it
|
|
|
6e0c7aa |
will be allocated directly. This leads to a host memory leak issue if
|
|
|
6e0c7aa |
the client sends another Txattrcreate message with the same fid number
|
|
|
6e0c7aa |
before the fid from the previous time got clunked.
|
|
|
6e0c7aa |
|
|
|
6e0c7aa |
Signed-off-by: Li Qiang <liqiang6-s@360.cn>
|
|
|
6e0c7aa |
Reviewed-by: Greg Kurz <groug@kaod.org>
|
|
|
6e0c7aa |
[groug, updated the changelog to indicate how the leak can occur]
|
|
|
6e0c7aa |
Signed-off-by: Greg Kurz <groug@kaod.org>
|
|
|
6e0c7aa |
---
|
|
|
6e0c7aa |
hw/9pfs/9p.c | 1 +
|
|
|
6e0c7aa |
1 files changed, 1 insertions(+), 0 deletions(-)
|
|
|
6e0c7aa |
|
|
|
f8e0147 |
diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
|
|
|
6e0c7aa |
index bf23b01..66135cf 100644
|
|
|
f8e0147 |
--- a/hw/9pfs/9p.c
|
|
|
f8e0147 |
+++ b/hw/9pfs/9p.c
|
|
|
6e0c7aa |
@@ -3282,6 +3282,7 @@ static void coroutine_fn v9fs_xattrcreate(void *opaque)
|
|
|
6e0c7aa |
xattr_fidp->fs.xattr.flags = flags;
|
|
|
6e0c7aa |
v9fs_string_init(&xattr_fidp->fs.xattr.name);
|
|
|
6e0c7aa |
v9fs_string_copy(&xattr_fidp->fs.xattr.name, &name);
|
|
|
6e0c7aa |
+ g_free(xattr_fidp->fs.xattr.value);
|
|
|
6e0c7aa |
xattr_fidp->fs.xattr.value = g_malloc0(size);
|
|
|
6e0c7aa |
err = offset;
|
|
|
6e0c7aa |
put_fid(pdu, file_fidp);
|
|
|
6e0c7aa |
--
|
|
|
6e0c7aa |
1.7.0.4
|
|
|
6e0c7aa |
|