From 69d4e746b3a899b90d2cbf422a3ce764cf51cfbe Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Wed, 12 Apr 2023 19:51:01 +0100 Subject: [PATCH] hw/xen: Fix double-free in xen_console store_con_info() Coverity spotted a double-free (CID 1508254); we g_string_free(path) and then for some reason immediately call free(path) too. We should just use g_autoptr() for it anyway, which simplifies the code a bit. Fixes: 7a8a749da7d3 ("hw/xen: Move xenstore_store_pv_console_info to xen_console.c") Signed-off-by: David Woodhouse Reviewed-by: Peter Maydell Signed-off-by: Peter Maydell --- hw/char/xen_console.c | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) diff --git a/hw/char/xen_console.c b/hw/char/xen_console.c index c7a19c0e7c..810dae3f44 100644 --- a/hw/char/xen_console.c +++ b/hw/char/xen_console.c @@ -178,8 +178,7 @@ static int store_con_info(struct XenConsole *con) Chardev *cs = qemu_chr_fe_get_driver(&con->chr); char *pts = NULL; char *dom_path; - GString *path; - int ret = -1; + g_autoptr(GString) path = NULL; /* Only continue if we're talking to a pty. */ if (!CHARDEV_IS_PTY(cs)) { @@ -204,15 +203,9 @@ static int store_con_info(struct XenConsole *con) if (xenstore_write_str(con->console, path->str, pts)) { fprintf(stderr, "xenstore_write_str for '%s' fail", path->str); - goto out; + return -1; } - ret = 0; - -out: - g_string_free(path, true); - free(path); - - return ret; + return 0; } static int con_init(struct XenLegacyDevice *xendev)