From 838e37007cae48d32102e2f2addb2473138a98df Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Mon, 5 Jul 2021 19:17:38 +0200 Subject: [PATCH] vl: fix leak of qdict_crumple return value Coverity reports that qemu_parse_config_group is returning without unrefing the "crumpled" dictionary in case its top level item is a list. But actually the contract with qemu_record_config_group is the same as for qemu_parse_config_group itself: if those function need to stash the dictionary they get, they have to take a reference themselves (currently this is never the case for either function). Therefore, just add an unconditional qobject_unref(crumpled) to qemu_parse_config_group. Reported-by: Peter Maydell Signed-off-by: Paolo Bonzini --- softmmu/vl.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/softmmu/vl.c b/softmmu/vl.c index 2004d57108..4df1496101 100644 --- a/softmmu/vl.c +++ b/softmmu/vl.c @@ -2193,12 +2193,17 @@ static void qemu_parse_config_group(const char *group, QDict *qdict, if (!crumpled) { return; } - if (qobject_type(crumpled) != QTYPE_QDICT) { - assert(qobject_type(crumpled) == QTYPE_QLIST); + switch (qobject_type(crumpled)) { + case QTYPE_QDICT: + qemu_record_config_group(group, qobject_to(QDict, crumpled), false, errp); + break; + case QTYPE_QLIST: error_setg(errp, "Lists cannot be at top level of a configuration section"); - return; + break; + default: + g_assert_not_reached(); } - qemu_record_config_group(group, qobject_to(QDict, crumpled), false, errp); + qobject_unref(crumpled); } static void qemu_read_default_config_file(Error **errp)