[PATCH 1/5] ch_process: Avoid memleak in chProcessAddNetworkDevice()

Fri, 07 Nov 2025 03:27:48 -0800 

From: Michal Privoznik <[email protected]>

The 'payload' variable inside of chProcessAddNetworkDevice() is
reused and thus the memory it points to just before its
repurpose is not freed. Avoid reusing g_autofree variables.

 128 bytes in 1 blocks are definitely lost in loss record 1,828 of 2,026
    at 0x491A120: realloc (vg_replace_malloc.c:1801)
    by 0x4FEC251: g_realloc (in /usr/lib64/libglib-2.0.so.0.8400.4)
    by 0x500BB7E: g_string_expand (in /usr/lib64/libglib-2.0.so.0.8400.4)
    by 0x500BBF0: g_string_sized_new (in /usr/lib64/libglib-2.0.so.0.8400.4)
    by 0x4A114C0: virBufferInitialize (virbuffer.c:121)
    by 0x4A11890: virBufferAdd (virbuffer.c:160)
    by 0x4A67344: virJSONValueToBuffer (virjson.c:1562)
    by 0x4A673DB: virJSONValueToString (virjson.c:1599)
    by 0xBC878AB: virCHMonitorBuildNetJson (ch_monitor.c:466)
    by 0xBC8D4A9: chProcessAddNetworkDevice (ch_process.c:688)
    by 0xBC8FCE2: chDomainAttachDeviceLive (ch_hotplug.c:78)
    by 0xBC900CA: chDomainAttachDeviceLiveAndUpdateConfig (ch_hotplug.c:174)

Signed-off-by: Michal Privoznik <[email protected]>
---
 src/ch/ch_process.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/ch/ch_process.c b/src/ch/ch_process.c
index a1f30f09e1..4ebb261805 100644
--- a/src/ch/ch_process.c
+++ b/src/ch/ch_process.c
@@ -637,6 +637,7 @@ chProcessAddNetworkDevice(virCHDriver *driver,
     g_auto(virBuffer) http_headers = VIR_BUFFER_INITIALIZER;
     g_autofree int *tapfds = NULL;
     g_autofree char *payload = NULL;
+    g_autofree char *netJSONPayload = NULL;
     g_autofree char *response = NULL;
     size_t tapfd_len;
     size_t payload_len;
@@ -685,15 +686,15 @@ chProcessAddNetworkDevice(virCHDriver *driver,
     }
 
     chAssignDeviceNetAlias(vmdef, net);
-    if (virCHMonitorBuildNetJson(net, &payload) < 0) {
+    if (virCHMonitorBuildNetJson(net, &netJSONPayload) < 0) {
         virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
                         _("Failed to build net json"));
         return -1;
     }
 
     virBufferAsprintf(&buf, "%s", virBufferCurrentContent(&http_headers));
-    virBufferAsprintf(&buf, "Content-Length: %zu\r\n\r\n", strlen(payload));
-    virBufferAsprintf(&buf, "%s", payload);
+    virBufferAsprintf(&buf, "Content-Length: %zu\r\n\r\n", 
strlen(netJSONPayload));
+    virBufferAddStr(&buf, netJSONPayload);
     payload_len = virBufferUse(&buf);
     payload = virBufferContentAndReset(&buf);
 
-- 
2.51.0

Reply via email to