From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-10.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,HTML_MESSAGE,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 16388C47094 for ; Thu, 10 Jun 2021 16:10:34 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 6F02460FE6 for ; Thu, 10 Jun 2021 16:10:33 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 6F02460FE6 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=daynix.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Received: from localhost ([::1]:53732 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lrNGK-0000uJ-CM for qemu-devel@archiver.kernel.org; Thu, 10 Jun 2021 12:10:32 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:37128) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lrNEk-0007jg-3g for qemu-devel@nongnu.org; Thu, 10 Jun 2021 12:08:54 -0400 Received: from mail-yb1-xb31.google.com ([2607:f8b0:4864:20::b31]:45696) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1lrNEe-0000Hh-6M for qemu-devel@nongnu.org; Thu, 10 Jun 2021 12:08:53 -0400 Received: by mail-yb1-xb31.google.com with SMTP id g38so25843ybi.12 for ; Thu, 10 Jun 2021 09:08:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=daynix-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=pt/TZ91+zLumDJ1F3jy2c5S3Fi+vFLnXjC8A5WA1q0o=; b=VybUse79xhfiedVnWLf953Q7OuTffy3PCLRHOuxE3zO1+bpYU3QsJ/+XeaFnw9n1m0 q68pDqjNylzVkIs8Ngu5cXpmx+vdKVcBN6TaPpuHHzK0+/ynOxxAOYmpWfd27wD+OD1b H8n0wNc/cd6gI6b4buVZAH2qOh0ddNWNOM4RvFNctplaljpHV73lo33u9n21ongUOsKh 8xdLdrRIbPUHXr8F5pBkOjIOCY2cQ1Mf8n2+MjB54ajGnpSljjmKW/g1i40kNS38aqN1 7GQBBVvAxdTM5/fAW93hEXjv98+XRIEw+r2V+Uh07nBX7j1uXKUG2bOIh2enGsYoF5FP Efvw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=pt/TZ91+zLumDJ1F3jy2c5S3Fi+vFLnXjC8A5WA1q0o=; b=EonLrcv8n4tSdZEoW6chfphf1mMf8aO1Qmh+FVOLOQQuogc5Rc1DKvemF+qCpkChrf 1rbk7bP6T4WC1AVD72v9kIknYU+ppMxuHlRaURdWRL8+mTALtS1VQ1IT8Jh7Zjmdi6MT QVmmCmG82NHGYHI9PcoNFtCmYqgmehO6dpMpsG++X29Uwap0egdJ17bEZ1gh/cBjPeKW /36bpVgK06cUjYFu4oh6ZVMMLg8PeSiLwg6bXorPI3sdFLRGOi7r36Ovlr5lU/NIAfU4 zhYpUc7Cz2663AVQbqdoi7rNASQWQusL/z3mIDiW44enUUIrDh1IAivn8CLhk8P0lxF6 co1Q== X-Gm-Message-State: AOAM530C3dOgske7CvOz5a/UcBTpqomg8GJTFHIqrRl77XCWSUpwWcxM 5epw13LmVo7hEmgCpUoScvtgcbW0wRBNkWdKU+lWtQ== X-Google-Smtp-Source: ABdhPJxM+TjZxlsSsV/Y4vH0gckThOrKam3z7dyPOyBaD+4wNIEbNZm6ZFHn8x4QqXM3giMc2b/29R4x4omIyYeyzik= X-Received: by 2002:a25:80d4:: with SMTP id c20mr8541680ybm.345.1623341327177; Thu, 10 Jun 2021 09:08:47 -0700 (PDT) MIME-Version: 1.0 References: <20210610155811.3313927-1-konstantin@daynix.com> In-Reply-To: From: Konstantin Kostiuk Date: Thu, 10 Jun 2021 19:08:36 +0300 Message-ID: Subject: Re: [PATCH v2] qga-win: Free GMatchInfo properly To: =?UTF-8?Q?Daniel_P=2E_Berrang=C3=A9?= Content-Type: multipart/alternative; boundary="00000000000027ed8105c46b9b20" Received-SPF: none client-ip=2607:f8b0:4864:20::b31; envelope-from=konstantin@daynix.com; helo=mail-yb1-xb31.google.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Developers , Michael Roth Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" --00000000000027ed8105c46b9b20 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Thu, Jun 10, 2021 at 7:02 PM Daniel P. Berrang=C3=A9 wrote: > On Thu, Jun 10, 2021 at 06:58:11PM +0300, Kostiantyn Kostiuk wrote: > > The g_regex_match function creates match_info even if it > > returns FALSE. So we should always call g_match_info_free. > > A better solution is using g_autoptr for match_info variable. > > > > Signed-off-by: Kostiantyn Kostiuk > > --- > > qga/commands-win32.c | 3 +-- > > 1 file changed, 1 insertion(+), 2 deletions(-) > > > > diff --git a/qga/commands-win32.c b/qga/commands-win32.c > > index 300b87c859..785a5cc6b2 100644 > > --- a/qga/commands-win32.c > > +++ b/qga/commands-win32.c > > @@ -2494,7 +2494,7 @@ GuestDeviceInfoList *qmp_guest_get_devices(Error > **errp) > > continue; > > } > > for (j =3D 0; hw_ids[j] !=3D NULL; j++) { > > - GMatchInfo *match_info; > > + g_autoptr(GMatchInfo) match_info; > > This should be initialized to NULL otherwise... > > > GuestDeviceIdPCI *id; > > if (!g_regex_match(device_pci_re, hw_ids[j], 0, > &match_info)) { > > continue; > > this continue will trigger freeing of unintialized memory > But we always call match_info, so match_info is always initialized. The g_regex_match function creates match_info even if it returns FALSE. > > Essentially all g_auto* variables should be init to NULL > at all times, even if it currently looks harmless. > > > @@ -2511,7 +2511,6 @@ GuestDeviceInfoList *qmp_guest_get_devices(Error > **errp) > > id->vendor_id =3D g_ascii_strtoull(vendor_id, NULL, 16); > > id->device_id =3D g_ascii_strtoull(device_id, NULL, 16); > > > > - g_match_info_free(match_info); > > break; > > } > > if (skip) { > > Regards, > Daniel > -- > |: https://berrange.com -o- > https://www.flickr.com/photos/dberrange :| > |: https://libvirt.org -o- > https://fstop138.berrange.com :| > |: https://entangle-photo.org -o- > https://www.instagram.com/dberrange :| > > Best wishes, Kostiantyn Kostiuk --00000000000027ed8105c46b9b20 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable

On Thu, Jun 10, 2021 at 7:02 PM Daniel P. Berrang=C3=A9 <berrange@redhat.com> wrote:
On Thu, Jun 10, 2021 = at 06:58:11PM +0300, Kostiantyn Kostiuk wrote:
> The g_regex_match function creates match_info even if it
> returns FALSE. So we should always call g_match_info_free.
> A better solution is using g_autoptr for match_info variable.
>
> Signed-off-by: Kostiantyn Kostiuk <konstantin@daynix.com>
> ---
>=C2=A0 qga/commands-win32.c | 3 +--
>=C2=A0 1 file changed, 1 insertion(+), 2 deletions(-)
>
> diff --git a/qga/commands-win32.c b/qga/commands-win32.c
> index 300b87c859..785a5cc6b2 100644
> --- a/qga/commands-win32.c
> +++ b/qga/commands-win32.c
> @@ -2494,7 +2494,7 @@ GuestDeviceInfoList *qmp_guest_get_devices(Error= **errp)
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 continue;
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 }
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 for (j =3D 0; hw_ids[j] !=3D NULL; j= ++) {
> -=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 GMatchInfo *match_info;
> +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 g_autoptr(GMatchInfo) match= _info;

This should be initialized to NULL otherwise...

>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 GuestDeviceIdPCI *id;<= br> >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 if (!g_regex_match(dev= ice_pci_re, hw_ids[j], 0, &match_info)) {
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 continue= ;

this continue will trigger freeing of unintialized memory
<= div>
But we always call match_info, so match_info is alw= ays=C2=A0initialized.
The g_regex_match = function creates match_info even if it returns FALSE.
=C2=A0

Essentially all g_auto* variables should be init to NULL
at all times, even if it currently looks harmless.

> @@ -2511,7 +2511,6 @@ GuestDeviceInfoList *qmp_guest_get_devices(Error= **errp)
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 id->vendor_id =3D g= _ascii_strtoull(vendor_id, NULL, 16);
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 id->device_id =3D g= _ascii_strtoull(device_id, NULL, 16);
>=C2=A0
> -=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 g_match_info_free(match_inf= o);
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 break;
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 }
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 if (skip) {

Regards,
Daniel
--
|: ht= tps://berrange.com=C2=A0 =C2=A0 =C2=A0 -o-=C2=A0 =C2=A0 h= ttps://www.flickr.com/photos/dberrange :|
|: htt= ps://libvirt.org=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0-o-=C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 https://fstop138.berrange.com :|
|: https://entangle-photo.org=C2=A0 =C2=A0 -o-=C2=A0 =C2=A0 = https://www.instagram.com/dberrange :|



Best wishes,
Ko= stiantyn Kostiuk
=C2=A0
--00000000000027ed8105c46b9b20--