On Mon, Apr 14, 2025 at 15:02:35 +0300, Alexander Kuznetsov wrote:
> If virNWFilterDefToInst returns -1, it has already called virNWFilterInstReset.
> Remove the additional call to prevent a double g_free
>
> Found by Linux Verification Center (linuxtesting.org) with Svace.
>
> Reported-by: Dmitry Fedin <d.fedin@xxxxxxxxxxx>
> Signed-off-by: Alexander Kuznetsov <kuznetsovam@xxxxxxxxxxxx>
> ---
> src/nwfilter/nwfilter_gentech_driver.c | 4 +---
> 1 file changed, 1 insertion(+), 3 deletions(-)
>
> diff --git a/src/nwfilter/nwfilter_gentech_driver.c b/src/nwfilter/nwfilter_gentech_driver.c
> index 41f270bb7c..f7a909bdc0 100644
> --- a/src/nwfilter/nwfilter_gentech_driver.c
> +++ b/src/nwfilter/nwfilter_gentech_driver.c
> @@ -293,10 +293,8 @@ virNWFilterIncludeDefToRuleInst(virNWFilterDriverState *driver,
> tmpvars,
> useNewFilter,
> foundNewFilter,
> - inst) < 0) {
> - virNWFilterInstReset(inst);
> + inst) < 0)
> return -1;
While this fixes this case originally virNWFilterInstReset could be
called multiple times. This was broken by commit bb4e0596d91, which
replaced VIR_FREE (which clears pointers) to g_free which doesn't in
code paths which do not free the cleared object.
virNWFilterInstReset needs to use g_clear_pointer(..., g_free) instead.
