From: Li Qiang <liqiang...@360.cn>

If an error occurs when marshal the transfer length to the guest,
the v9fs_write doesn't free a IO vector, thus leading a memory leak.
This patch fix this.

Signed-off-by: Li Qiang <liqiang...@360.cn>
---
 fsdev/9p-iov-marshal.c | 2 +-
 hw/9pfs/9p.c           | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/fsdev/9p-iov-marshal.c b/fsdev/9p-iov-marshal.c
index 663cad5..1d16f8d 100644
--- a/fsdev/9p-iov-marshal.c
+++ b/fsdev/9p-iov-marshal.c
@@ -125,7 +125,7 @@ ssize_t v9fs_iov_vunmarshal(struct iovec *out_sg, int 
out_num, size_t offset,
                 str->data = g_malloc(str->size + 1);
                 copied = v9fs_unpack(str->data, out_sg, out_num, offset,
                                      str->size);
-                if (copied > 0) {
+                if (copied >= 0) {
                     str->data[str->size] = 0;
                 } else {
                     v9fs_string_free(str);
diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
index 29f8b7a..76522e7 100644
--- a/hw/9pfs/9p.c
+++ b/hw/9pfs/9p.c
@@ -2090,7 +2090,7 @@ static void v9fs_write(void *opaque)
     offset = 7;
     err = pdu_marshal(pdu, offset, "d", total);
     if (err < 0) {
-        goto out;
+        goto out_qiov;
     }
     err += offset;
     trace_v9fs_write_return(pdu->tag, pdu->id, total, err);
-- 
1.8.3.1


Reply via email to