From 5bc8ecb8d1170f41d4c177c1cf0e87c54194a3a3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A1n=20Tomko?= <jtomko@redhat.com>
Date: Wed, 26 Jun 2013 14:55:27 +0200
Subject: [PATCH] Plug leak in virCgroupMoveTask

We only break out of the while loop if *content is an empty string.
However the buffer has been allocated to BUFSIZ + 1 (8193 in my case),
but it gets overwritten in the next for iteration.

Move VIR_FREE right before we overwrite it to avoid the leak.

==5777== 16,386 bytes in 2 blocks are definitely lost in loss record 1,022 of 1,027
==5777==    by 0x5296E28: virReallocN (viralloc.c:184)
==5777==    by 0x52B0C66: virFileReadLimFD (virfile.c:1137)
==5777==    by 0x52B0E1A: virFileReadAll (virfile.c:1199)
==5777==    by 0x529B092: virCgroupGetValueStr (vircgroup.c:534)
==5777==    by 0x529AF64: virCgroupMoveTask (vircgroup.c:1079)

Introduced by 83e4c77.

https://bugzilla.redhat.com/show_bug.cgi?id=978352
---
 src/util/vircgroup.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/src/util/vircgroup.c b/src/util/vircgroup.c
index a0ee3f74af..ae71859286 100644
--- a/src/util/vircgroup.c
+++ b/src/util/vircgroup.c
@@ -1076,6 +1076,7 @@ int virCgroupMoveTask(virCgroupPtr src_group, virCgroupPtr dest_group)
          * aware that it needs to move.  Therefore, we must iterate
          * until content is empty.  */
         while (1) {
+            VIR_FREE(content);
             rc = virCgroupGetValueStr(src_group, i, "tasks", &content);
             if (rc != 0)
                 return rc;
@@ -1085,8 +1086,6 @@ int virCgroupMoveTask(virCgroupPtr src_group, virCgroupPtr dest_group)
             rc = virCgroupAddTaskStrController(dest_group, content, i);
             if (rc != 0)
                 goto cleanup;
-
-            VIR_FREE(content);
         }
     }