* [PULL 0/2] Fixes 20200325 patches
@ 2020-03-25 10:58 Gerd Hoffmann
2020-03-25 10:58 ` [PULL 1/2] ui/input-linux: Do not ignore ioctl() return value Gerd Hoffmann
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Gerd Hoffmann @ 2020-03-25 10:58 UTC (permalink / raw)
To: qemu-devel; +Cc: Gerd Hoffmann
The following changes since commit 736cf607e40674776d752acc201f565723e86045:
Update version for v5.0.0-rc0 release (2020-03-24 17:50:00 +0000)
are available in the Git repository at:
git://git.kraxel.org/qemu tags/fixes-20200325-pull-request
for you to fetch changes up to 95fad99cb28e9970944b01fd7af452f6f9f37484:
hw/audio/fmopl: fix segmentation fault (2020-03-25 09:55:40 +0100)
----------------------------------------------------------------
fixes: input error handling & audio segfault
----------------------------------------------------------------
Philippe Mathieu-Daudé (1):
ui/input-linux: Do not ignore ioctl() return value
Volker Rümelin (1):
hw/audio/fmopl: fix segmentation fault
hw/audio/fmopl.c | 4 ++--
ui/input-linux.c | 29 +++++++++++++++++++++++++++--
2 files changed, 29 insertions(+), 4 deletions(-)
--
2.18.2
^ permalink raw reply [flat|nested] 4+ messages in thread
* [PULL 1/2] ui/input-linux: Do not ignore ioctl() return value
2020-03-25 10:58 [PULL 0/2] Fixes 20200325 patches Gerd Hoffmann
@ 2020-03-25 10:58 ` Gerd Hoffmann
2020-03-25 10:58 ` [PULL 2/2] hw/audio/fmopl: fix segmentation fault Gerd Hoffmann
2020-03-26 9:27 ` [PULL 0/2] Fixes 20200325 patches Peter Maydell
2 siblings, 0 replies; 4+ messages in thread
From: Gerd Hoffmann @ 2020-03-25 10:58 UTC (permalink / raw)
To: qemu-devel; +Cc: Philippe Mathieu-Daudé, Gerd Hoffmann
From: Philippe Mathieu-Daudé <philmd@redhat.com>
Fix warnings reported by Clang static code analyzer:
CC ui/input-linux.o
ui/input-linux.c:343:9: warning: Value stored to 'rc' is never read
rc = ioctl(il->fd, EVIOCGBIT(EV_REL, sizeof(relmap)), &relmap);
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ui/input-linux.c:351:9: warning: Value stored to 'rc' is never read
rc = ioctl(il->fd, EVIOCGBIT(EV_ABS, sizeof(absmap)), &absmap);
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ui/input-linux.c:354:13: warning: Value stored to 'rc' is never read
rc = ioctl(il->fd, EVIOCGABS(ABS_X), &absinfo);
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ui/input-linux.c:357:13: warning: Value stored to 'rc' is never read
rc = ioctl(il->fd, EVIOCGABS(ABS_Y), &absinfo);
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ui/input-linux.c:365:9: warning: Value stored to 'rc' is never read
rc = ioctl(il->fd, EVIOCGBIT(EV_KEY, sizeof(keymap)), keymap);
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ui/input-linux.c:366:9: warning: Value stored to 'rc' is never read
rc = ioctl(il->fd, EVIOCGKEY(sizeof(keystate)), keystate);
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Reported-by: Clang Static Analyzer
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
Message-id: 20200322161219.17757-1-philmd@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
ui/input-linux.c | 29 +++++++++++++++++++++++++++--
1 file changed, 27 insertions(+), 2 deletions(-)
diff --git a/ui/input-linux.c b/ui/input-linux.c
index a7b280b25b98..ef37b14d6f22 100644
--- a/ui/input-linux.c
+++ b/ui/input-linux.c
@@ -334,13 +334,15 @@ static void input_linux_complete(UserCreatable *uc, Error **errp)
rc = ioctl(il->fd, EVIOCGBIT(0, sizeof(evtmap)), &evtmap);
if (rc < 0) {
- error_setg(errp, "%s: failed to read event bits", il->evdev);
- goto err_close;
+ goto err_read_event_bits;
}
if (evtmap & (1 << EV_REL)) {
relmap = 0;
rc = ioctl(il->fd, EVIOCGBIT(EV_REL, sizeof(relmap)), &relmap);
+ if (rc < 0) {
+ goto err_read_event_bits;
+ }
if (relmap & (1 << REL_X)) {
il->has_rel_x = true;
}
@@ -349,12 +351,25 @@ static void input_linux_complete(UserCreatable *uc, Error **errp)
if (evtmap & (1 << EV_ABS)) {
absmap = 0;
rc = ioctl(il->fd, EVIOCGBIT(EV_ABS, sizeof(absmap)), &absmap);
+ if (rc < 0) {
+ goto err_read_event_bits;
+ }
if (absmap & (1 << ABS_X)) {
il->has_abs_x = true;
rc = ioctl(il->fd, EVIOCGABS(ABS_X), &absinfo);
+ if (rc < 0) {
+ error_setg(errp, "%s: failed to get get absolute X value",
+ il->evdev);
+ goto err_close;
+ }
il->abs_x_min = absinfo.minimum;
il->abs_x_max = absinfo.maximum;
rc = ioctl(il->fd, EVIOCGABS(ABS_Y), &absinfo);
+ if (rc < 0) {
+ error_setg(errp, "%s: failed to get get absolute Y value",
+ il->evdev);
+ goto err_close;
+ }
il->abs_y_min = absinfo.minimum;
il->abs_y_max = absinfo.maximum;
}
@@ -363,7 +378,14 @@ static void input_linux_complete(UserCreatable *uc, Error **errp)
if (evtmap & (1 << EV_KEY)) {
memset(keymap, 0, sizeof(keymap));
rc = ioctl(il->fd, EVIOCGBIT(EV_KEY, sizeof(keymap)), keymap);
+ if (rc < 0) {
+ goto err_read_event_bits;
+ }
rc = ioctl(il->fd, EVIOCGKEY(sizeof(keystate)), keystate);
+ if (rc < 0) {
+ error_setg(errp, "%s: failed to get global key state", il->evdev);
+ goto err_close;
+ }
for (i = 0; i < KEY_CNT; i++) {
if (keymap[i / 8] & (1 << (i % 8))) {
if (linux_is_button(i)) {
@@ -390,6 +412,9 @@ static void input_linux_complete(UserCreatable *uc, Error **errp)
il->initialized = true;
return;
+err_read_event_bits:
+ error_setg(errp, "%s: failed to read event bits", il->evdev);
+
err_close:
close(il->fd);
return;
--
2.18.2
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PULL 2/2] hw/audio/fmopl: fix segmentation fault
2020-03-25 10:58 [PULL 0/2] Fixes 20200325 patches Gerd Hoffmann
2020-03-25 10:58 ` [PULL 1/2] ui/input-linux: Do not ignore ioctl() return value Gerd Hoffmann
@ 2020-03-25 10:58 ` Gerd Hoffmann
2020-03-26 9:27 ` [PULL 0/2] Fixes 20200325 patches Peter Maydell
2 siblings, 0 replies; 4+ messages in thread
From: Gerd Hoffmann @ 2020-03-25 10:58 UTC (permalink / raw)
To: qemu-devel; +Cc: Volker Rümelin, Gerd Hoffmann
From: Volker Rümelin <vr_qemu@t-online.de>
Current code allocates the memory for ENV_CURVE too late. Move
allocation to OPLOpenTable() and deallocation to OPLCloseTable().
To reproduce the bug start qemu with -soundhw adlib.
Fixes 2eea51bd01 "hw/audio/fmopl: Move ENV_CURVE to .heap to save
32KiB of .bss"
Signed-off-by: Volker Rümelin <vr_qemu@t-online.de>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20200324061855.5951-1-vr_qemu@t-online.de
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
hw/audio/fmopl.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/hw/audio/fmopl.c b/hw/audio/fmopl.c
index 356d4dfbcaa6..8a71a569fab0 100644
--- a/hw/audio/fmopl.c
+++ b/hw/audio/fmopl.c
@@ -627,6 +627,7 @@ static int OPLOpenTable( void )
free(AMS_TABLE);
return 0;
}
+ ENV_CURVE = g_new(int32_t, 2 * EG_ENT + 1);
/* make total level table */
for (t = 0;t < EG_ENT-1 ;t++){
rate = ((1<<TL_BITS)-1)/pow(10,EG_STEP*t/20); /* dB -> voltage */
@@ -694,6 +695,7 @@ static int OPLOpenTable( void )
static void OPLCloseTable( void )
{
+ g_free(ENV_CURVE);
free(TL_TABLE);
free(SIN_TABLE);
free(AMS_TABLE);
@@ -1090,7 +1092,6 @@ FM_OPL *OPLCreate(int clock, int rate)
OPL->clock = clock;
OPL->rate = rate;
OPL->max_ch = max_ch;
- ENV_CURVE = g_new(int32_t, 2 * EG_ENT + 1);
/* init grobal tables */
OPL_initialize(OPL);
/* reset chip */
@@ -1128,7 +1129,6 @@ void OPLDestroy(FM_OPL *OPL)
#endif
OPL_UnLockTable();
free(OPL);
- g_free(ENV_CURVE);
}
/* ---------- Option handlers ---------- */
--
2.18.2
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PULL 0/2] Fixes 20200325 patches
2020-03-25 10:58 [PULL 0/2] Fixes 20200325 patches Gerd Hoffmann
2020-03-25 10:58 ` [PULL 1/2] ui/input-linux: Do not ignore ioctl() return value Gerd Hoffmann
2020-03-25 10:58 ` [PULL 2/2] hw/audio/fmopl: fix segmentation fault Gerd Hoffmann
@ 2020-03-26 9:27 ` Peter Maydell
2 siblings, 0 replies; 4+ messages in thread
From: Peter Maydell @ 2020-03-26 9:27 UTC (permalink / raw)
To: Gerd Hoffmann; +Cc: QEMU Developers
On Wed, 25 Mar 2020 at 11:05, Gerd Hoffmann <kraxel@redhat.com> wrote:
>
> The following changes since commit 736cf607e40674776d752acc201f565723e86045:
>
> Update version for v5.0.0-rc0 release (2020-03-24 17:50:00 +0000)
>
> are available in the Git repository at:
>
> git://git.kraxel.org/qemu tags/fixes-20200325-pull-request
>
> for you to fetch changes up to 95fad99cb28e9970944b01fd7af452f6f9f37484:
>
> hw/audio/fmopl: fix segmentation fault (2020-03-25 09:55:40 +0100)
>
> ----------------------------------------------------------------
> fixes: input error handling & audio segfault
>
> ----------------------------------------------------------------
Applied, thanks.
Please update the changelog at https://wiki.qemu.org/ChangeLog/5.0
for any user-visible changes.
-- PMM
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2020-03-26 9:28 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-03-25 10:58 [PULL 0/2] Fixes 20200325 patches Gerd Hoffmann
2020-03-25 10:58 ` [PULL 1/2] ui/input-linux: Do not ignore ioctl() return value Gerd Hoffmann
2020-03-25 10:58 ` [PULL 2/2] hw/audio/fmopl: fix segmentation fault Gerd Hoffmann
2020-03-26 9:27 ` [PULL 0/2] Fixes 20200325 patches Peter Maydell
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).