Red Hat Bugzilla – Bug 1180136
Memory leak when parsing invalid network XML
Last modified: 2015-03-05 02:48:45 EST
Description of problem: When parsing network XML with invalid //bridge/macTableManager attribute, libvirt leaks memory used to store the content of the attribute. Found by coverity: RESOURCE_LEAK: 39. src/conf/network_conf.c:2117: var_assign: Assigning: "tmp" = storage returned from "virXPathString("string(./bridge[1]/@macTableManager)", ctxt)". 41. src/conf/network_conf.c:2119: noescape: Resource "tmp" is not freed or pointed-to in "virNetworkBridgeMACTableManagerTypeFromString". 42. src/conf/network_conf.c:58:1: noescape: "virNetworkBridgeMACTableManagerTypeFromString(char const *)" does not free or save its pointer parameter "type". 44. src/conf/network_conf.c:2121: noescape: Resource "tmp" is not freed or pointed-to in "virReportErrorHelper". 47. src/conf/network_conf.c:2353: leaked_storage: Variable "tmp" going out of scope leaks the storage it points to. Upstream is not affected because of unrelated commit 3aa05241 which has not been backported. The memory leak was caused by a backport of 40961978 without noticing we don't have the change made by 3aa05241. Version-Release number of selected component (if applicable): libvirt-1.2.8-12.el7 How reproducible: 100% Steps to Reproduce: 1. "virsh net-define" on an XML with invalid value in //bridge/macTableManager
I can reproduce it using libvirt-1.2.8-12.el7.x86_64. # rpm -q libvirt libvirt-1.2.8-12.el7.x86_64 # cat bridge-net.xml <network> <name>br-net</name> <forward mode='bridge'/> <bridge name='br0' macTableManager='xxxxx'/> </network> # virsh net-define bridge-net.xml error: Failed to define network from bridge-net.xml error: XML error: Invalid macTableManager setting ' xxxxx' in network 'br-net' In another terminal, start valgrind # valgrind --leak-check=full --show-leak-kinds=all libvirtd ...... ==18771== LEAK SUMMARY: ==18771== definitely lost: 7 bytes in 1 blocks ==18771== indirectly lost: 0 bytes in 0 blocks ==18771== possibly lost: 0 bytes in 0 blocks ==18771== still reachable: 656,174 bytes in 8,246 blocks ==18771== suppressed: 0 bytes in 0 blocks ==18771== ==18771== For counts of detected and suppressed errors, rerun with: -v ==18771== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 2 from 2) ============================================================================== Upgrade libvirt to libvirt-1.2.8-13.el7.x86_64. Valgrind doesn't report memory leak. # rpm -q libvirt libvirt-1.2.8-13.el7.x86_64 # virsh net-define bridge-net.xml error: Failed to define network from bridge-net.xml error: XML error: Invalid macTableManager setting ' xxxxx' in network 'br-net' # valgrind --leak-check=full --show-leak-kinds=all libvirtd ...... ==19121== LEAK SUMMARY: ==19121== definitely lost: 0 bytes in 0 blocks ==19121== indirectly lost: 0 bytes in 0 blocks ==19121== possibly lost: 0 bytes in 0 blocks ==19121== still reachable: 656,030 bytes in 8,243 blocks ==19121== suppressed: 0 bytes in 0 blocks ==19121== ==19121== For counts of detected and suppressed errors, rerun with: -v ==19121== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 2 from 2)
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2015-0323.html