Memory leak at the virNetworkDefParse

Software environment

Operating system: Alt p10
Architecture: x86_64
kernel version: 6.1.132-un-def-alt1
libvirt version: ...9.5.0 - master (0c1a1f9fd4b3e94e4cecae14a1628ebfc9b9af3f)

Description of problem

When virXMLPropEnum fails (return -1), all allocated resources (including tagNodes) should be properly freed before returning an error.

https://gitlab.com/libvirt/libvirt/-/blob//0c1a1f9fd4b3e94e4cecae14a1628ebfc9b9af3f/src/conf/netdev_vlan_conf.c#L74

https://gitlab.com/libvirt/libvirt/-/blob//0c1a1f9fd4b3e94e4cecae14a1628ebfc9b9af3f/src/conf/netdev_vlan_conf.c#L123

Steps to reproduce

Configure libvirt with -Db_lundef=false -Db_sanitize=address -Dtests=enabled -Dgit_werror=disabled and build
Replace content of tests/networkxml2xmlin/direct-net.xml with <network><name>D</name><vlan><tag id='23' nativeMode='taggegedd'/></vlan></network>
Run networkxml2xmltest with env LSAN_OPTIONS="fast_unwind_on_malloc=0:malloc_context_size=30" and ASAN_OPTIONS="detect_leaks=1"

Additional information

==5739==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 8 byte(s) in 1 object(s) allocated from:
    #0 0x7ffff769ef9f in __interceptor_calloc (/usr/lib64/libasan.so.6+0xaef9f)
    #1 0x7ffff4b26670 in g_malloc0 (/lib64/libglib-2.0.so.0+0x5c670)
    #2 0x7ffff5beeee4 in virXPathNodeSet ../src/util/virxml.c:1011
    #3 0x7ffff5e11eb1 in virNetDevVlanParse ../src/conf/netdev_vlan_conf.c:44
    #4 0x7ffff5e24e60 in virNetworkDefParseXML ../src/conf/network_conf.c:1633
    #5 0x7ffff5e2e51e in virNetworkDefParse ../src/conf/network_conf.c:1965
    #6 0x5555555a3817 in testCompareXMLToXMLFiles ../tests/networkxml2xmltest.c:36
    #7 0x5555555a3817 in testCompareXMLToXMLHelper ../tests/networkxml2xmltest.c:91
    #8 0x5555555a523a in virTestRun ../tests/testutils.c:143
    #9 0x5555555a2389 in mymain ../tests/networkxml2xmltest.c:141
    #10 0x5555555a7dde in virTestMain ../tests/testutils.c:900
    #11 0x7ffff3dc6efc in __libc_start_main (/lib64/libc.so.6+0x27efc)
    #12 0x5555555a0cc9 in _start (/libvirt/build/tests/networkxml2xmltest+0x4ccc9)

Possible fix


         if ((rc = virXMLPropEnum(tagNodes[i], "nativeMode",
                                  virNativeVlanModeTypeFromString,
                                  VIR_XML_PROP_NONZERO, &nativeMode)) < 0)
-            return -1;
+            goto cleanup;

         if (rc == 1) {
             if (def->nativeMode != 0) {

Found by Linux Verification Center (portal.linuxtesting.ru) with libFuzzer.

Authors:

Artem Mukhin (amukhin@fobos-nt.ru)
S.Tereshin (s.tereshin@fobos-nt.ru)

Edited Oct 20, 2025 by Artem Mukhin