[PATCH] json: Fix a memleak in parse

qemu-trivial

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH] json: Fix a memleak in parse_pair()

From:	Alex Chen
Subject:	[PATCH] json: Fix a memleak in parse_pair()
Date:	Wed, 11 Nov 2020 11:56:09 +0000

In qobject_type(), NULL is returned when the 'QObject' returned from 
parse_value() is not of QString type,
and this 'QObject' memory will leaked.
So we need to first check whether the 'QObject' returned from parse_value() is 
of QString type,
and if not, we free 'QObject' memory and return an error.

The memleak stack is as follows:
Direct leak of 32 byte(s) in 1 object(s) allocated from:
    #0 0xfffe4b3c34fb in __interceptor_malloc (/lib64/libasan.so.4+0xd34fb)
    #1 0xfffe4ae48aa3 in g_malloc (/lib64/libglib-2.0.so.0+0x58aa3)
    #2 0xaaab3557d9f7 in qnum_from_int 
/Images/source_org/qemu_master/qemu/qobject/qnum.c:25
    #3 0xaaab35584d23 in parse_literal 
/Images/source_org/qemu_master/qemu/qobject/json-parser.c:511
    #4 0xaaab35584d23 in parse_value 
/Images/source_org/qemu_master/qemu/qobject/json-parser.c:554
    #5 0xaaab35583d77 in parse_pair 
/Images/source_org/qemu_master/qemu/qobject/json-parser.c:270
    #6 0xaaab355845db in parse_object 
/Images/source_org/qemu_master/qemu/qobject/json-parser.c:327
    #7 0xaaab355845db in parse_value 
/Images/source_org/qemu_master/qemu/qobject/json-parser.c:546
    #8 0xaaab35585b1b in json_parser_parse 
/Images/source_org/qemu_master/qemu/qobject/json-parser.c:580
    #9 0xaaab35583703 in json_message_process_token 
/Images/source_org/qemu_master/qemu/qobject/json-streamer.c:92
    #10 0xaaab355ddccf in json_lexer_feed_char 
/Images/source_org/qemu_master/qemu/qobject/json-lexer.c:313
    #11 0xaaab355de0eb in json_lexer_feed 
/Images/source_org/qemu_master/qemu/qobject/json-lexer.c:350
    #12 0xaaab354aff67 in tcp_chr_read 
/Images/source_org/qemu_master/qemu/chardev/char-socket.c:525
    #13 0xfffe4ae429db in g_main_context_dispatch 
(/lib64/libglib-2.0.so.0+0x529db)
    #14 0xfffe4ae42d8f  (/lib64/libglib-2.0.so.0+0x52d8f)
    #15 0xfffe4ae430df in g_main_loop_run (/lib64/libglib-2.0.so.0+0x530df)
    #16 0xaaab34d70bff in iothread_run 
/Images/source_org/qemu_master/qemu/iothread.c:82
    #17 0xaaab3559d71b in qemu_thread_start 
/Images/source_org/qemu_master/qemu/util/qemu-thread-posix.c:519

Fixes: 532fb5328473 ("qapi: Make more of qobject_to()")
Reported-by: Euler Robot <euler.robot@huawei.com>
Signed-off-by: Alex Chen <alex.chen@huawei.com>
Signed-off-by: Chen Qun <kuhn.chenqun@huawei.com>
---
 qobject/json-parser.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/qobject/json-parser.c b/qobject/json-parser.c
index d083810d37..b37762a203 100644
--- a/qobject/json-parser.c
+++ b/qobject/json-parser.c
@@ -267,10 +267,13 @@ static int parse_pair(JSONParserContext *ctxt, QDict 
*dict)
         goto out;
     }
 
-    key = qobject_to(QString, parse_value(ctxt));
-    if (!key) {
-        parse_error(ctxt, peek, "key is not a string in object");
+    value = parse_value(ctxt);
+    if (!value || qobject_type(value) != QTYPE_QSTRING) {
+        qobject_unref(value);
+        parse_error(ctxt, peek, "value is not a string in object");
         goto out;
+    } else {
+        key = qobject_to(QString, value);
     }
 
     token = parser_context_pop_token(ctxt);
-- 
2.19.1

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH] json: Fix a memleak in parse_pair(), Alex Chen <=
- Re: [PATCH] json: Fix a memleak in parse_pair(), Markus Armbruster, 2020/11/12
  - Re: [PATCH] json: Fix a memleak in parse_pair(), Alex Chen, 2020/11/13

Prev by Date: Re: [PATCH] qtest: Fix bad printf format specifiers
Next by Date: Re: [PATCH] dev-uas: Fix a error of variable sized type not at end
Previous by thread: [PATCH 0/3] Fix LGPL information in the file headers
Next by thread: Re: [PATCH] json: Fix a memleak in parse_pair()
Index(es):
- Date
- Thread