On 1/13/21 10:54 PM, Vladimir Sementsov-Ogievskiy wrote: > 14.01.2021 01:10, Eric Blake wrote: >> On first glance, the loop in qmp_query_rx_filter() has early return >> paths that could leak any allocation of filter_list from a previous >> iteration. But on closer inspection, it is obvious that all of the >> early exits are guarded by has_name, and that the bulk of the loop >> body can be executed at most once if the user is filtering by name, >> thus, any early exit coincides with an empty list. Add asserts to >> make this obvious. > > A bit simpler (for me :) observation: > > But on closer inspection, it is obvious that all of the early exits are > guarded by has_name, and in case when has_name is true we leave the loop
s/in case// > (by break) immediately after allocation and assigning filter_list for > the first time. Replacing my wording with this touched-up sentence is fine with me, if Markus would like to tweak the queued commit to incorporate it. -- Eric Blake, Principal Software Engineer Red Hat, Inc. +1-919-301-3226 Virtualization: qemu.org | libvirt.org
