From 03a63484a6978f68caff087bbaabcd1d383563af Mon Sep 17 00:00:00 2001 From: Jan Kiszka Date: Wed, 16 Jun 2010 00:38:33 +0200 Subject: [PATCH] monitor: Fix leakage during completion processing Given too many arguments or an invalid command, we were leaking the duplicated argument strings. Signed-off-by: Jan Kiszka Signed-off-by: Luiz Capitulino --- monitor.c | 23 +++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-) diff --git a/monitor.c b/monitor.c index 170b26971..42ae1546d 100644 --- a/monitor.c +++ b/monitor.c @@ -3882,8 +3882,9 @@ static void monitor_find_completion(const char *cmdline) next arg */ len = strlen(cmdline); if (len > 0 && qemu_isspace(cmdline[len - 1])) { - if (nb_args >= MAX_ARGS) - return; + if (nb_args >= MAX_ARGS) { + goto cleanup; + } args[nb_args++] = qemu_strdup(""); } if (nb_args <= 1) { @@ -3898,12 +3899,15 @@ static void monitor_find_completion(const char *cmdline) } } else { /* find the command */ - for(cmd = mon_cmds; cmd->name != NULL; cmd++) { - if (compare_cmd(args[0], cmd->name)) - goto found; + for (cmd = mon_cmds; cmd->name != NULL; cmd++) { + if (compare_cmd(args[0], cmd->name)) { + break; + } } - return; - found: + if (!cmd->name) { + goto cleanup; + } + ptype = next_arg_type(cmd->args_type); for(i = 0; i < nb_args - 2; i++) { if (*ptype != '\0') { @@ -3953,8 +3957,11 @@ static void monitor_find_completion(const char *cmdline) break; } } - for(i = 0; i < nb_args; i++) + +cleanup: + for (i = 0; i < nb_args; i++) { qemu_free(args[i]); + } } static int monitor_can_read(void *opaque)