From: Li Qiang <liqiang6-s@360.cn>

Date: Mon, 17 Oct 2016 14:13:58 +0200

Subject: [PATCH] 9pfs: fix memory leak in v9fs_xattrcreate

The 'fs.xattr.value' field in V9fsFidState object doesn't consider the

situation that this field has been allocated previously. Every time, it

will be allocated directly. This leads to a host memory leak issue if

the client sends another Txattrcreate message with the same fid number

before the fid from the previous time got clunked.

Signed-off-by: Li Qiang <liqiang6-s@360.cn>

Reviewed-by: Greg Kurz <groug@kaod.org>

[groug, updated the changelog to indicate how the leak can occur]

Signed-off-by: Greg Kurz <groug@kaod.org>

(cherry picked from commit ff55e94d23ae94c8628b0115320157c763eb3e06)

---

 hw/9pfs/9p.c | 1 +

 1 file changed, 1 insertion(+)

diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c

index 0735246..54e5ed4 100644

--- a/hw/9pfs/9p.c

+++ b/hw/9pfs/9p.c

@@ -3259,6 +3259,7 @@ static void v9fs_xattrcreate(void *opaque)

     xattr_fidp->fs.xattr.flags = flags;

     v9fs_string_init(&xattr_fidp->fs.xattr.name);

     v9fs_string_copy(&xattr_fidp->fs.xattr.name, &name);

+    g_free(xattr_fidp->fs.xattr.value);

     xattr_fidp->fs.xattr.value = g_malloc0(size);

     err = offset;

     put_fid(pdu, file_fidp);