* [PATCH 0/2] nubus: a couple of Coverity fixes
@ 2021-10-02 12:30 Mark Cave-Ayland
2021-10-02 12:31 ` [PATCH 1/2] nubus.h: add ULL suffix to NUBUS_SUPER_SLOT_SIZE and NUBUS_SUPER_SLOT_SIZE Mark Cave-Ayland
2021-10-02 12:31 ` [PATCH 2/2] nubus-device: ensure that name is freed after use in nubus_device_realize() Mark Cave-Ayland
0 siblings, 2 replies; 6+ messages in thread
From: Mark Cave-Ayland @ 2021-10-02 12:30 UTC (permalink / raw)
To: peter.maydell, laurent, qemu-devel
These patches fix a couple of issues found by Coverity in the recent nubus
patchset as reported by Peter.
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Mark Cave-Ayland (2):
nubus.h: add ULL suffix to NUBUS_SUPER_SLOT_SIZE and
NUBUS_SUPER_SLOT_SIZE
nubus-device: ensure that name is freed after use in
nubus_device_realize()
hw/nubus/nubus-device.c | 1 +
include/hw/nubus/nubus.h | 4 ++--
2 files changed, 3 insertions(+), 2 deletions(-)
--
2.20.1
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH 1/2] nubus.h: add ULL suffix to NUBUS_SUPER_SLOT_SIZE and NUBUS_SUPER_SLOT_SIZE
2021-10-02 12:30 [PATCH 0/2] nubus: a couple of Coverity fixes Mark Cave-Ayland
@ 2021-10-02 12:31 ` Mark Cave-Ayland
2021-10-02 13:42 ` Philippe Mathieu-Daudé
2021-10-02 12:31 ` [PATCH 2/2] nubus-device: ensure that name is freed after use in nubus_device_realize() Mark Cave-Ayland
1 sibling, 1 reply; 6+ messages in thread
From: Mark Cave-Ayland @ 2021-10-02 12:31 UTC (permalink / raw)
To: peter.maydell, laurent, qemu-devel
Coverity thinks that the slot_offset multiplications in nubus_device_realize()
might overflow because the resulting hwaddr is 64-bit whilst the multiplication
is only done at 32-bits.
Add an explicit ULL suffix to NUBUS_SUPER_SLOT_SIZE and NUBUS_SUPER_SLOT_SIZE
to ensure that the multiplication is also done at 64-bits.
Fixes: Coverity CID 1464070
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
---
include/hw/nubus/nubus.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/include/hw/nubus/nubus.h b/include/hw/nubus/nubus.h
index b3b4d2eadb..677dd6e5a2 100644
--- a/include/hw/nubus/nubus.h
+++ b/include/hw/nubus/nubus.h
@@ -15,13 +15,13 @@
#include "qom/object.h"
#include "qemu/units.h"
-#define NUBUS_SUPER_SLOT_SIZE 0x10000000U
+#define NUBUS_SUPER_SLOT_SIZE 0x10000000ULL
#define NUBUS_SUPER_SLOT_NB 0xe
#define NUBUS_SLOT_BASE (NUBUS_SUPER_SLOT_SIZE * \
(NUBUS_SUPER_SLOT_NB + 1))
-#define NUBUS_SLOT_SIZE 0x01000000
+#define NUBUS_SLOT_SIZE 0x01000000ULL
#define NUBUS_FIRST_SLOT 0x0
#define NUBUS_LAST_SLOT 0xf
#define NUBUS_SLOT_NB (NUBUS_LAST_SLOT - NUBUS_FIRST_SLOT + 1)
--
2.20.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH 2/2] nubus-device: ensure that name is freed after use in nubus_device_realize()
2021-10-02 12:30 [PATCH 0/2] nubus: a couple of Coverity fixes Mark Cave-Ayland
2021-10-02 12:31 ` [PATCH 1/2] nubus.h: add ULL suffix to NUBUS_SUPER_SLOT_SIZE and NUBUS_SUPER_SLOT_SIZE Mark Cave-Ayland
@ 2021-10-02 12:31 ` Mark Cave-Ayland
2021-10-02 13:43 ` Philippe Mathieu-Daudé
2021-10-04 6:50 ` Laurent Vivier
1 sibling, 2 replies; 6+ messages in thread
From: Mark Cave-Ayland @ 2021-10-02 12:31 UTC (permalink / raw)
To: peter.maydell, laurent, qemu-devel
Coverity points out that there is memory leak because name is never freed after
use in nubus_device_realize().
Fixes: Coverity CID 1464062
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
---
hw/nubus/nubus-device.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/hw/nubus/nubus-device.c b/hw/nubus/nubus-device.c
index 0f1852f671..64f837e44d 100644
--- a/hw/nubus/nubus-device.c
+++ b/hw/nubus/nubus-device.c
@@ -78,6 +78,7 @@ static void nubus_device_realize(DeviceState *dev, Error **errp)
name = g_strdup_printf("nubus-slot-%x-declaration-rom", nd->slot);
memory_region_init_rom(&nd->decl_rom, OBJECT(dev), name, size,
&error_abort);
+ g_free(name);
ret = load_image_mr(path, &nd->decl_rom);
g_free(path);
if (ret < 0) {
--
2.20.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH 1/2] nubus.h: add ULL suffix to NUBUS_SUPER_SLOT_SIZE and NUBUS_SUPER_SLOT_SIZE
2021-10-02 12:31 ` [PATCH 1/2] nubus.h: add ULL suffix to NUBUS_SUPER_SLOT_SIZE and NUBUS_SUPER_SLOT_SIZE Mark Cave-Ayland
@ 2021-10-02 13:42 ` Philippe Mathieu-Daudé
0 siblings, 0 replies; 6+ messages in thread
From: Philippe Mathieu-Daudé @ 2021-10-02 13:42 UTC (permalink / raw)
To: Mark Cave-Ayland, peter.maydell, laurent, qemu-devel
On 10/2/21 14:31, Mark Cave-Ayland wrote:
> Coverity thinks that the slot_offset multiplications in nubus_device_realize()
> might overflow because the resulting hwaddr is 64-bit whilst the multiplication
> is only done at 32-bits.
>
> Add an explicit ULL suffix to NUBUS_SUPER_SLOT_SIZE and NUBUS_SUPER_SLOT_SIZE
> to ensure that the multiplication is also done at 64-bits.
>
> Fixes: Coverity CID 1464070
> Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
> ---
> include/hw/nubus/nubus.h | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 2/2] nubus-device: ensure that name is freed after use in nubus_device_realize()
2021-10-02 12:31 ` [PATCH 2/2] nubus-device: ensure that name is freed after use in nubus_device_realize() Mark Cave-Ayland
@ 2021-10-02 13:43 ` Philippe Mathieu-Daudé
2021-10-04 6:50 ` Laurent Vivier
1 sibling, 0 replies; 6+ messages in thread
From: Philippe Mathieu-Daudé @ 2021-10-02 13:43 UTC (permalink / raw)
To: Mark Cave-Ayland, peter.maydell, laurent, qemu-devel
On 10/2/21 14:31, Mark Cave-Ayland wrote:
> Coverity points out that there is memory leak because name is never freed after
> use in nubus_device_realize().
>
> Fixes: Coverity CID 1464062
> Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
> ---
> hw/nubus/nubus-device.c | 1 +
> 1 file changed, 1 insertion(+)
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 2/2] nubus-device: ensure that name is freed after use in nubus_device_realize()
2021-10-02 12:31 ` [PATCH 2/2] nubus-device: ensure that name is freed after use in nubus_device_realize() Mark Cave-Ayland
2021-10-02 13:43 ` Philippe Mathieu-Daudé
@ 2021-10-04 6:50 ` Laurent Vivier
1 sibling, 0 replies; 6+ messages in thread
From: Laurent Vivier @ 2021-10-04 6:50 UTC (permalink / raw)
To: Mark Cave-Ayland, peter.maydell, qemu-devel
Le 02/10/2021 à 14:31, Mark Cave-Ayland a écrit :
> Coverity points out that there is memory leak because name is never freed after
> use in nubus_device_realize().
>
> Fixes: Coverity CID 1464062
> Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
> ---
> hw/nubus/nubus-device.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/hw/nubus/nubus-device.c b/hw/nubus/nubus-device.c
> index 0f1852f671..64f837e44d 100644
> --- a/hw/nubus/nubus-device.c
> +++ b/hw/nubus/nubus-device.c
> @@ -78,6 +78,7 @@ static void nubus_device_realize(DeviceState *dev, Error **errp)
> name = g_strdup_printf("nubus-slot-%x-declaration-rom", nd->slot);
> memory_region_init_rom(&nd->decl_rom, OBJECT(dev), name, size,
> &error_abort);
> + g_free(name);
> ret = load_image_mr(path, &nd->decl_rom);
> g_free(path);
> if (ret < 0) {
>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2021-10-04 6:51 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-10-02 12:30 [PATCH 0/2] nubus: a couple of Coverity fixes Mark Cave-Ayland
2021-10-02 12:31 ` [PATCH 1/2] nubus.h: add ULL suffix to NUBUS_SUPER_SLOT_SIZE and NUBUS_SUPER_SLOT_SIZE Mark Cave-Ayland
2021-10-02 13:42 ` Philippe Mathieu-Daudé
2021-10-02 12:31 ` [PATCH 2/2] nubus-device: ensure that name is freed after use in nubus_device_realize() Mark Cave-Ayland
2021-10-02 13:43 ` Philippe Mathieu-Daudé
2021-10-04 6:50 ` Laurent Vivier
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.