On 9 March 2018 at 16:19, Kevin Wolf <[email protected]> wrote:
> This adds the .bdrv_co_create driver callback to sheepdog, which enables
> image creation over QMP.
>
> Signed-off-by: Kevin Wolf <[email protected]>
> Reviewed-by: Max Reitz <[email protected]>
Hi; Coverity (CID 1390641) points out that the changes to
parse_redundancy_str() introduce a memory leak:
> -static int parse_redundancy_str(BDRVSheepdogState *s, const char *opt)
> +static SheepdogRedundancy *parse_redundancy_str(const char *opt)
> {
> - struct SheepdogRedundancy redundancy;
> + SheepdogRedundancy *redundancy;
> const char *n1, *n2;
> long copy, parity;
> char p[10];
> @@ -1947,26 +1970,27 @@ static int parse_redundancy_str(BDRVSheepdogState *s,
> const char *opt)
> n2 = strtok(NULL, ":");
>
> if (!n1) {
> - return -EINVAL;
> + return NULL;
> }
>
> ret = qemu_strtol(n1, NULL, 10, ©);
> if (ret < 0) {
> - return ret;
> + return NULL;
> }
>
> + redundancy = g_new0(SheepdogRedundancy, 1);
We now do a memory allocation here...
> if (!n2) {
> - redundancy = (SheepdogRedundancy) {
> + *redundancy = (SheepdogRedundancy) {
> .type = SHEEPDOG_REDUNDANCY_TYPE_FULL,
> .u.full.copies = copy,
> };
> } else {
> ret = qemu_strtol(n2, NULL, 10, &parity);
> if (ret < 0) {
> - return ret;
> + return NULL;
...but this error-exit path does not free it.
> }
>
> - redundancy = (SheepdogRedundancy) {
> + *redundancy = (SheepdogRedundancy) {
> .type = SHEEPDOG_REDUNDANCY_TYPE_ERASURE_CODED,
> .u.erasure_coded = {
> .data_strips = copy,
> @@ -1975,17 +1999,19 @@ static int parse_redundancy_str(BDRVSheepdogState *s,
> const char *opt)
> };
> }
>
> - return parse_redundancy(s, &redundancy);
> + return redundancy;
> }
thanks
-- PMM
