io/channel-tls: plug memory leakage on GSource

quic-mathbern · berrange · commit c3a2c84ae3c1 · 2023-03-14T13:41:21.000Z
This leakage can be seen through test-io-channel-tls: $ ../configure --target-list=aarch64-softmmu --enable-sanitizers $ make ./tests/unit/test-io-channel-tls $ ./tests/unit/test-io-channel-tls Indirect leak of 104 byte(s) in 1 object(s) allocated from: #0 0x7f81d1725808 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:144 #1 0x7f81d135ae98 in g_malloc (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x57e98) qemu#2 0x55616c5d4c1b in object_new_with_propv ../qom/object.c:795 qemu#3 0x55616c5d4a83 in object_new_with_props ../qom/object.c:768 qemu#4 0x55616c5c5415 in test_tls_creds_create ../tests/unit/test-io-channel-tls.c:70 qemu#5 0x55616c5c5a6b in test_io_channel_tls ../tests/unit/test-io-channel-tls.c:158 qemu#6 0x7f81d137d58d (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x7a58d) Indirect leak of 32 byte(s) in 1 object(s) allocated from: #0 0x7f81d1725a06 in __interceptor_calloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:153 #1 0x7f81d1472a20 in gnutls_dh_params_init (/lib/x86_64-linux-gnu/libgnutls.so.30+0x46a20) qemu#2 0x55616c6485ff in qcrypto_tls_creds_x509_load ../crypto/tlscredsx509.c:634 qemu#3 0x55616c648ba2 in qcrypto_tls_creds_x509_complete ../crypto/tlscredsx509.c:694 qemu#4 0x55616c5e1fea in user_creatable_complete ../qom/object_interfaces.c:28 qemu#5 0x55616c5d4c8c in object_new_with_propv ../qom/object.c:807 qemu#6 0x55616c5d4a83 in object_new_with_props ../qom/object.c:768 qemu#7 0x55616c5c5415 in test_tls_creds_create ../tests/unit/test-io-channel-tls.c:70 qemu#8 0x55616c5c5a6b in test_io_channel_tls ../tests/unit/test-io-channel-tls.c:158 qemu#9 0x7f81d137d58d (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x7a58d) ... SUMMARY: AddressSanitizer: 49143 byte(s) leaked in 184 allocation(s). The docs for `g_source_add_child_source(source, child_source)` says "source will hold a reference on child_source while child_source is attached to it." Therefore, we should unreference the child source at `qio_channel_tls_read_watch()` after attaching it to `source`. With this change, ./tests/unit/test-io-channel-tls shows no leakages. Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Matheus Tavares Bernardino <quic_mathbern@quicinc.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
diff --git a/io/channel-tls.c b/io/channel-tls.c
@@ -446,6 +446,7 @@ qio_channel_tls_read_watch(QIOChannelTLS *tioc, GSource *source)
     object_ref(OBJECT(tioc));
 
     g_source_add_child_source(source, child);
+    g_source_unref(child);
 }
 
 static GSource *qio_channel_tls_create_watch(QIOChannel *ioc,

Original file line number	Diff line number	Diff line change
`@@ -446,6 +446,7 @@ qio_channel_tls_read_watch(QIOChannelTLS tioc, GSource source)`
`446`	`446`	`object_ref(OBJECT(tioc));`
`447`	`447`
`448`	`448`	`g_source_add_child_source(source, child);`
	`449`	`+ g_source_unref(child);`
`449`	`450`	`}`
`450`	`451`
`451`	`452`	`static GSource qio_channel_tls_create_watch(QIOChannel ioc,`