[Spice-devel] [spice-gtk v1 1/2] spice-widget: fix leak of boxed type cursor-shape

Victor Toso victortoso at redhat.com
Wed Apr 4 12:19:59 UTC 2018


Hi,

On Wed, Apr 04, 2018 at 09:44:06AM +0300, Snir Sheriber wrote:
> Hi
> 
> On 04/03/2018 05:11 PM, Victor Toso wrote:
> > From: Victor Toso <me at victortoso.com>
> > 
> > Detected while testing valgrind on migration.
> > 
> > > malloc (vg_replace_malloc.c:299)
> > > g_malloc (in /usr/lib/libglib-2.0.so.0.5400.3)
> > > spice_cursor_shape_copy (channel-cursor.c:99)
> > > ??? (in /usr/lib/libgobject-2.0.so.0.5400.3)
> > > g_object_get_valist (in /usr/lib/libgobject-2.0.so.0.5400.3)
> > > g_object_get (in /usr/lib/libgobject-2.0.so.0.5400.3)
> > > cursor_set (spice-widget.c:2653)
> > > g_closure_invoke (in /usr/lib/libgobject-2.0.so.0.5400.3)
> > > ??? (in /usr/lib/libgobject-2.0.so.0.5400.3)
> > > g_signal_emit_valist (in /usr/lib/libgobject-2.0.so.0.5400.3)
> > > g_signal_emit (in /usr/lib/libgobject-2.0.so.0.5400.3)
> > > ??? (in /usr/lib/libgobject-2.0.so.0.5400.3)
> > Signed-off-by: Victor Toso <victortoso at redhat.com>
> > ---
> >   src/spice-widget.c | 4 ++++
> >   1 file changed, 4 insertions(+)
> > 
> > diff --git a/src/spice-widget.c b/src/spice-widget.c
> > index 1e7add4..b60ca2b 100644
> > --- a/src/spice-widget.c
> > +++ b/src/spice-widget.c
> > @@ -2653,6 +2653,9 @@ static void cursor_set(SpiceCursorChannel *channel,
> >       g_object_get(G_OBJECT(channel), "cursor", &cursor_shape, NULL);
> >       if (G_UNLIKELY(cursor_shape == NULL || cursor_shape->data == NULL)) {
> >           g_warn_if_reached();
> > +        if (cursor_shape != NULL) {
> > +            g_boxed_free(spice_cursor_shape_get_type(), cursor_shape);
> > +        }
> >           return;
> >       }
> > @@ -2693,6 +2696,7 @@ static void cursor_set(SpiceCursorChannel *channel,
> >       update_mouse_pointer(display);
> >       cursor_invalidate(display);
> > +    g_boxed_free(spice_cursor_shape_get_type(), cursor_shape);
> 
> Does the second patch is needed if you free it here?

There are two cursor_shape variables, one in cursor_set() and one
channel_new() (that calls the cursor_set()); each gets a copy for
the boxed structured and needs to be freed.

> (maybe it can be called a bit earlier)

Okay, I'll move it to be just after its last use in the function.

Thanks for the review,
        toso
> 
> Snir.
> 
> >   }
> >   static void cursor_hide(SpiceCursorChannel *channel, gpointer data)
> 
> _______________________________________________
> Spice-devel mailing list
> Spice-devel at lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/spice-devel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.freedesktop.org/archives/spice-devel/attachments/20180404/255bcd98/attachment.sig>


More information about the Spice-devel mailing list