From 35ccd197bbe27e671e36cd5072e48ce5ecae7b67 Mon Sep 17 00:00:00 2001
Message-Id: <35ccd197bbe27e671e36cd5072e48ce5ecae7b67.1368111914.git.minovotn@redhat.com>
In-Reply-To: <405603258af5154387bea676be1f904b6713f6ae.1368111913.git.minovotn@redhat.com>
References: <405603258af5154387bea676be1f904b6713f6ae.1368111913.git.minovotn@redhat.com>
From: Amit Shah <amit.shah@redhat.com>
Date: Wed, 24 Apr 2013 08:18:04 +0200
Subject: [PATCH 30/65] qemu-char: Plug memory leak on qemu_chr_open_pty()
 error path

RH-Author: Amit Shah <amit.shah@redhat.com>
Message-id: <1c5cbbe9d0ce0db46eea6a20226615886172086d.1366724981.git.amit.shah@redhat.com>
Patchwork-id: 50808
O-Subject: [RHEL6.5 qemu-kvm PATCH 30/65] qemu-char: Plug memory leak on qemu_chr_open_pty() error path
Bugzilla: 909059
RH-Acked-by: Hans de Goede <hdegoede@redhat.com>
RH-Acked-by: Gerd Hoffmann <kraxel@redhat.com>
RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>

From: Markus Armbruster <armbru@redhat.com>

Spotted by Coverity.

RHEL6: Also use g_free instead of qemu_free() since this patch uses
g_malloc functions.  This disparity existed upstream after this patch,
but was fixed after the conversion of qemu_malloc to glib functions
everywhere.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit a4e26048526d8d5b181f9a0a7d4f82b8441c5dfd)

Signed-off-by: Amit Shah <amit.shah@redhat.com>

Conflicts:
	qemu-char.c

Signed-off-by: Amit Shah <amit.shah@redhat.com>

use g_free in pty close
---
 qemu-char.c | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

Signed-off-by: Michal Novotny <minovotn@redhat.com>
---
 qemu-char.c | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/qemu-char.c b/qemu-char.c
index 4324b68..5726415 100644
--- a/qemu-char.c
+++ b/qemu-char.c
@@ -965,7 +965,7 @@ static void pty_chr_close(struct CharDriverState *chr)
     close(s->fd);
     qemu_del_timer(s->timer);
     qemu_free_timer(s->timer);
-    qemu_free(s);
+    g_free(s);
     qemu_chr_be_event(chr, CHR_EVENT_CLOSED);
 }
 
@@ -974,7 +974,7 @@ static CharDriverState *qemu_chr_open_pty(QemuOpts *opts)
     CharDriverState *chr;
     PtyCharDriver *s;
     struct termios tty;
-    int slave_fd, len;
+    int master_fd, slave_fd, len;
 #if defined(__OpenBSD__) || defined(__DragonFly__)
     char pty_name[PATH_MAX];
 #define q_ptsname(x) pty_name
@@ -983,10 +983,7 @@ static CharDriverState *qemu_chr_open_pty(QemuOpts *opts)
 #define q_ptsname(x) ptsname(x)
 #endif
 
-    chr = qemu_mallocz(sizeof(CharDriverState));
-    s = qemu_mallocz(sizeof(PtyCharDriver));
-
-    if (openpty(&s->fd, &slave_fd, pty_name, NULL, NULL) < 0) {
+    if (openpty(&master_fd, &slave_fd, pty_name, NULL, NULL) < 0) {
         return NULL;
     }
 
@@ -996,12 +993,15 @@ static CharDriverState *qemu_chr_open_pty(QemuOpts *opts)
     tcsetattr(slave_fd, TCSAFLUSH, &tty);
     close(slave_fd);
 
-    len = strlen(q_ptsname(s->fd)) + 5;
-    chr->filename = qemu_malloc(len);
-    snprintf(chr->filename, len, "pty:%s", q_ptsname(s->fd));
-    qemu_opt_set(opts, "path", q_ptsname(s->fd));
-    fprintf(stderr, "char device redirected to %s\n", q_ptsname(s->fd));
+    chr = g_malloc0(sizeof(CharDriverState));
+
+    len = strlen(q_ptsname(master_fd)) + 5;
+    chr->filename = g_malloc(len);
+    snprintf(chr->filename, len, "pty:%s", q_ptsname(master_fd));
+    qemu_opt_set(opts, "path", q_ptsname(master_fd));
+    fprintf(stderr, "char device redirected to %s\n", q_ptsname(master_fd));
 
+    s = g_malloc0(sizeof(PtyCharDriver));
     chr->opaque = s;
     chr->chr_write = pty_chr_write;
     chr->chr_update_read_handler = pty_chr_update_read_handler;
-- 
1.7.11.7