Xen project Mailing List

[Xen-devel] [PATCH 22/32] hw/ide: fix memory leak from qemu_allocate_irqs()

From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Date: Wed, 22 Apr 2015 16:08:35 +0100

Delivery-date: Wed, 22 Apr 2015 15:21:09 +0000

List-id: Xen developer discussion <xen-devel.lists.xen.org>

From: Kaifeng Zhu <kaifeng.zhu@xxxxxxxxxx> qemu_allocate_irqs would return an array of irqs, not store the allocated array pointer, and subsequently leak it. Signed-off-by: Kaifeng Zhu <kaifeng.zhu@xxxxxxxxxx> (defects not identified by Coverity Scan) Reviewed-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> --- hw/ide.c | 2 +- hw/irq.c | 18 +++++++++++++++++- hw/irq.h | 4 ++++ 3 files changed, 22 insertions(+), 2 deletions(-) diff --git a/hw/ide.c b/hw/ide.c index 83e3c70..f372b7b 100644 --- a/hw/ide.c +++ b/hw/ide.c @@ -4769,7 +4769,7 @@ struct pcmcia_card_s *dscm1xxxx_init(BlockDriverState *bdrv) md->card.cis = dscm1xxxx_cis; md->card.cis_len = sizeof(dscm1xxxx_cis); - ide_init2(md->ide, bdrv, 0, qemu_allocate_irqs(md_set_irq, md, 1)[0]); + ide_init2(md->ide, bdrv, 0, qemu_allocate_irq(md_set_irq, md)); md->ide->is_cf = 1; md->ide->mdata_size = METADATA_SIZE; md->ide->mdata_storage = (uint8_t *) qemu_mallocz(METADATA_SIZE); diff --git a/hw/irq.c b/hw/irq.c index 7703f62..c7c4864 100644 --- a/hw/irq.c +++ b/hw/irq.c @@ -38,6 +38,22 @@ void qemu_set_irq(qemu_irq irq, int level) irq->handler(irq->opaque, irq->n, level); } +qemu_irq qemu_allocate_irq(qemu_irq_handler handler, void *opaque) +{ + struct IRQState *irq; + + irq = (struct IRQState *)qemu_mallocz(sizeof(struct IRQState)); + irq->handler = handler; + irq->opaque = opaque; + irq->n = 0; + return irq; +} + +void qemu_free_irq(qemu_irq irq) +{ + qemu_free(irq); +} + qemu_irq *qemu_allocate_irqs(qemu_irq_handler handler, void *opaque, int n) { qemu_irq *s; @@ -73,5 +89,5 @@ qemu_irq qemu_irq_invert(qemu_irq irq) { /* The default state for IRQs is low, so raise the output now. */ qemu_irq_raise(irq); - return qemu_allocate_irqs(qemu_notirq, irq, 1)[0]; + return qemu_allocate_irq(qemu_notirq, irq); } diff --git a/hw/irq.h b/hw/irq.h index 5daae44..da34ae3 100644 --- a/hw/irq.h +++ b/hw/irq.h @@ -25,6 +25,10 @@ static inline void qemu_irq_pulse(qemu_irq irq) qemu_set_irq(irq, 0); } +/* Returns one IRQ. */ +qemu_irq qemu_allocate_irq(qemu_irq_handler handler, void *opaque); +void qemu_free_irq(qemu_irq irq); + /* Returns an array of N IRQs. */ qemu_irq *qemu_allocate_irqs(qemu_irq_handler handler, void *opaque, int n); void qemu_free_irqs(qemu_irq *s); -- 1.7.10.4 _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.