On Thu, Jun 10, 2021 at 7:02 PM Daniel P. Berrangé <berra...@redhat.com>
wrote:
> On Thu, Jun 10, 2021 at 06:58:11PM +0300, Kostiantyn Kostiuk wrote:
> > The g_regex_match function creates match_info even if it
> > returns FALSE. So we should always call g_match_info_free.
> > A better solution is using g_autoptr for match_info variable.
> >
> > Signed-off-by: Kostiantyn Kostiuk <konstan...@daynix.com>
> > ---
> > qga/commands-win32.c | 3 +--
> > 1 file changed, 1 insertion(+), 2 deletions(-)
> >
> > diff --git a/qga/commands-win32.c b/qga/commands-win32.c
> > index 300b87c859..785a5cc6b2 100644
> > --- a/qga/commands-win32.c
> > +++ b/qga/commands-win32.c
> > @@ -2494,7 +2494,7 @@ GuestDeviceInfoList *qmp_guest_get_devices(Error
> **errp)
> > continue;
> > }
> > for (j = 0; hw_ids[j] != NULL; j++) {
> > - GMatchInfo *match_info;
> > + g_autoptr(GMatchInfo) match_info;
>
> This should be initialized to NULL otherwise...
>
> > GuestDeviceIdPCI *id;
> > if (!g_regex_match(device_pci_re, hw_ids[j], 0,
> &match_info)) {
> > continue;
>
> this continue will trigger freeing of unintialized memory
>
But we always call match_info, so match_info is always initialized.
The g_regex_match function creates match_info even if it returns FALSE.
>
> Essentially all g_auto* variables should be init to NULL
> at all times, even if it currently looks harmless.
>
> > @@ -2511,7 +2511,6 @@ GuestDeviceInfoList *qmp_guest_get_devices(Error
> **errp)
> > id->vendor_id = g_ascii_strtoull(vendor_id, NULL, 16);
> > id->device_id = g_ascii_strtoull(device_id, NULL, 16);
> >
> > - g_match_info_free(match_info);
> > break;
> > }
> > if (skip) {
>
> Regards,
> Daniel
> --
> |: https://berrange.com -o-
> https://www.flickr.com/photos/dberrange :|
> |: https://libvirt.org -o-
> https://fstop138.berrange.com :|
> |: https://entangle-photo.org -o-
> https://www.instagram.com/dberrange :|
>
>
Best wishes,
Kostiantyn Kostiuk
