[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [qemu-xen-traditional stable-4.6] hw/ide: fix memory leak from qemu_allocate_irqs()

commit 18cb4bf3298c1ef21de1f320dda00152a3fa2453
Author:     Kaifeng Zhu <kaifeng.zhu@xxxxxxxxxx>
AuthorDate: Fri Mar 7 16:10:14 2014 +0000
Commit:     Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
CommitDate: Fri Oct 16 16:52:06 2015 +0100

    hw/ide: fix memory leak from qemu_allocate_irqs()
    
    qemu_allocate_irqs would return an array of irqs, not store the allocated
    array pointer, and subsequently leak it.
    
    Signed-off-by: Kaifeng Zhu <kaifeng.zhu@xxxxxxxxxx>
    (defects not identified by Coverity Scan)
    Reviewed-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
---
 hw/ide.c |    2 +-
 hw/irq.c |   18 +++++++++++++++++-
 hw/irq.h |    4 ++++
 3 files changed, 22 insertions(+), 2 deletions(-)

diff --git a/hw/ide.c b/hw/ide.c
index 3636611..4c30edd 100644
--- a/hw/ide.c
+++ b/hw/ide.c
@@ -4793,7 +4793,7 @@ struct pcmcia_card_s *dscm1xxxx_init(BlockDriverState 
*bdrv)
     md->card.cis = dscm1xxxx_cis;
     md->card.cis_len = sizeof(dscm1xxxx_cis);
 
-    ide_init2(md->ide, bdrv, 0, qemu_allocate_irqs(md_set_irq, md, 1)[0]);
+    ide_init2(md->ide, bdrv, 0, qemu_allocate_irq(md_set_irq, md));
     md->ide->is_cf = 1;
     md->ide->mdata_size = METADATA_SIZE;
     md->ide->mdata_storage = (uint8_t *) qemu_mallocz(METADATA_SIZE);
diff --git a/hw/irq.c b/hw/irq.c
index 7703f62..c7c4864 100644
--- a/hw/irq.c
+++ b/hw/irq.c
@@ -38,6 +38,22 @@ void qemu_set_irq(qemu_irq irq, int level)
     irq->handler(irq->opaque, irq->n, level);
 }
 
+qemu_irq qemu_allocate_irq(qemu_irq_handler handler, void *opaque)
+{
+    struct IRQState *irq;
+
+    irq = (struct IRQState *)qemu_mallocz(sizeof(struct IRQState));
+    irq->handler = handler;
+    irq->opaque = opaque;
+    irq->n = 0;
+    return irq;
+}
+
+void qemu_free_irq(qemu_irq irq)
+{
+    qemu_free(irq);
+}
+
 qemu_irq *qemu_allocate_irqs(qemu_irq_handler handler, void *opaque, int n)
 {
     qemu_irq *s;
@@ -73,5 +89,5 @@ qemu_irq qemu_irq_invert(qemu_irq irq)
 {
     /* The default state for IRQs is low, so raise the output now.  */
     qemu_irq_raise(irq);
-    return qemu_allocate_irqs(qemu_notirq, irq, 1)[0];
+    return qemu_allocate_irq(qemu_notirq, irq);
 }
diff --git a/hw/irq.h b/hw/irq.h
index 5daae44..da34ae3 100644
--- a/hw/irq.h
+++ b/hw/irq.h
@@ -25,6 +25,10 @@ static inline void qemu_irq_pulse(qemu_irq irq)
     qemu_set_irq(irq, 0);
 }
 
+/* Returns one IRQ.  */
+qemu_irq qemu_allocate_irq(qemu_irq_handler handler, void *opaque);
+void qemu_free_irq(qemu_irq irq);
+
 /* Returns an array of N IRQs.  */
 qemu_irq *qemu_allocate_irqs(qemu_irq_handler handler, void *opaque, int n);
 void qemu_free_irqs(qemu_irq *s);
--
generated by git-patchbot for /home/xen/git/qemu-xen-traditional.git#stable-4.6

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.