When we "free" a NICInfo structure, we can leak pointers, since we don't do
much more than setting used = 0.
We free() the model parameter, but we don't set it to NULL. This means that
a new user of this structure will see garbage in there. It was not noticed
before because reusing a NICInfo is not that common, but it can be, for
users of device pci hotplug.
A user hit it, described at https://bugzilla.redhat.com/show_bug.cgi?id=524022
This patch memset's the whole structure, guaranteeing that anyone reusing it
will see a fresh NICinfo. Also, we free some other strings that are currently
leaking.
This codebase is quite old, so this patch should feed all stable trees.
Signed-off-by: Glauber Costa <glommer@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
{
nd->vlan->nb_guest_devs--;
nb_nics--;
- nd->used = 0;
- free((void *)nd->model);
+
+ qemu_free((void *)nd->model);
+ qemu_free((void *)nd->name);
+ qemu_free((void *)nd->devaddr);
+ qemu_free((void *)nd->id);
+
+ memset(nd, 0, sizeof(*nd));
}
static int net_host_check_device(const char *device)