[PATCH] Revert "esx: switch VIR_FREE->g_free in esx*Free*()"

Thu, 14 May 2026 06:57:31 -0700 

From: Martin Kletzander <[email protected]>

This reverts commit 443c79dd7f7d4051fc0084baaa6c56a55d2aace4.

Change from VIR_FREE() to g_free meant there is a possible double free
when there is an error during parsing because the parsing it done
directly into the parsedUri member of the esxPrivate, free'd when it
fails and then the caller calls free on it again.  Changing back to
VIR_FREE() means there is no double free and no crash.

Reproducible easily with `virsh -c esx://l?no_verify=2`.

Signed-off-by: Martin Kletzander <[email protected]>
---
 src/esx/esx_driver.c |  2 +-
 src/esx/esx_stream.c |  4 ++--
 src/esx/esx_util.c   | 13 +++++++------
 3 files changed, 10 insertions(+), 9 deletions(-)

diff --git a/src/esx/esx_driver.c b/src/esx/esx_driver.c
index 010c62b8e880..6ff0db48ac02 100644
--- a/src/esx/esx_driver.c
+++ b/src/esx/esx_driver.c
@@ -63,7 +63,7 @@ esxFreePrivate(esxPrivate **priv)
     esxUtil_FreeParsedUri(&(*priv)->parsedUri);
     virObjectUnref((*priv)->caps);
     virObjectUnref((*priv)->xmlopt);
-    g_free(*priv);
+    VIR_FREE(*priv);
 }
 
 
diff --git a/src/esx/esx_stream.c b/src/esx/esx_stream.c
index 143b2405ed49..c1dd80806feb 100644
--- a/src/esx/esx_stream.c
+++ b/src/esx/esx_stream.c
@@ -321,8 +321,8 @@ esxFreeStreamPrivate(esxStreamPrivate **priv)
         return;
 
     esxVI_CURL_Free(&(*priv)->curl);
-    g_free((*priv)->backlog);
-    g_free(*priv);
+    VIR_FREE((*priv)->backlog);
+    VIR_FREE(*priv);
 }
 
 static int
diff --git a/src/esx/esx_util.c b/src/esx/esx_util.c
index a6275babd542..1443ec3b9e46 100644
--- a/src/esx/esx_util.c
+++ b/src/esx/esx_util.c
@@ -165,13 +165,14 @@ esxUtil_FreeParsedUri(esxUtil_ParsedUri **parsedUri)
     if (!parsedUri || !(*parsedUri))
         return;
 
-    g_free((*parsedUri)->transport);
-    g_free((*parsedUri)->vCenter);
-    g_free((*parsedUri)->proxy_hostname);
-    g_free((*parsedUri)->path);
-    g_free((*parsedUri)->cacert);
 
-    g_free(*parsedUri);
+    VIR_FREE((*parsedUri)->transport);
+    VIR_FREE((*parsedUri)->vCenter);
+    VIR_FREE((*parsedUri)->proxy_hostname);
+    VIR_FREE((*parsedUri)->path);
+    VIR_FREE((*parsedUri)->cacert);
+
+    VIR_FREE(*parsedUri);
 }
 
 
-- 
2.54.0

Reply via email to