From f41830680e40d3ec845cefd25419bd87414b9ccf Mon Sep 17 00:00:00 2001
From: "Daniel P. Berrange" <berrange@redhat.com>
Date: Wed, 6 Nov 2013 15:30:16 +0800
Subject: [PATCH] Fix mem leak in virQEMUCapsProbeQMPMachineTypes on OOM

The virQEMUCapsProbeQMPMachineTypes method iterates over machine
types copying them into the qemuCapsPtr object. It only updates
the qemuCaps->nmachinetypes value at the end though. So if OOM
occurs in the middle, the destructor of qemuCapsPtr will not
free the partially initialized machine types.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
---
 src/qemu/qemu_capabilities.c | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index 71a913b507..2712a4defd 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -2137,14 +2137,17 @@ virQEMUCapsProbeQMPMachineTypes(virQEMUCapsPtr qemuCaps,
         goto cleanup;
 
     for (i = 0; i < nmachines; i++) {
-        if (VIR_STRDUP(qemuCaps->machineAliases[i], machines[i]->alias) < 0 ||
-            VIR_STRDUP(qemuCaps->machineTypes[i], machines[i]->name) < 0)
+        qemuCaps->nmachineTypes++;
+        if (VIR_STRDUP(qemuCaps->machineAliases[qemuCaps->nmachineTypes -1],
+                       machines[i]->alias) < 0 ||
+            VIR_STRDUP(qemuCaps->machineTypes[qemuCaps->nmachineTypes - 1],
+                       machines[i]->name) < 0)
             goto cleanup;
         if (machines[i]->isDefault)
             defIdx = i;
-        qemuCaps->machineMaxCpus[i] = machines[i]->maxCpus;
+        qemuCaps->machineMaxCpus[qemuCaps->nmachineTypes - 1] =
+            machines[i]->maxCpus;
     }
-    qemuCaps->nmachineTypes = nmachines;
 
     if (defIdx)
         virQEMUCapsSetDefaultMachine(qemuCaps, defIdx);