From: Gerd Hoffmann <kraxel@redhat.com>
To: qemu-devel@nongnu.org
Cc: Peter Maydell <peter.maydell@linaro.org>,
Gerd Hoffmann <kraxel@redhat.com>,
"Michael S. Tsirkin" <mst@redhat.com>
Subject: [Qemu-devel] [PULL 4/5] virtio-gpu: Fix memory leak in virtio_gpu_load()
Date: Wed, 11 Jan 2017 11:28:36 +0100 [thread overview]
Message-ID: <1484130518-18873-5-git-send-email-kraxel@redhat.com> (raw)
In-Reply-To: <1484130518-18873-1-git-send-email-kraxel@redhat.com>
From: Peter Maydell <peter.maydell@linaro.org>
Coverity points out that if we fail in the "creating resources"
loop in virtio_gpu_load() we will leak various resources (CID 1356431).
Failing a VM load is going to leave the simulation in a complete mess,
but we can tidy up to the point that a full system reset should
get us back to sanity.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1483969123-14839-3-git-send-email-peter.maydell@linaro.org
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
hw/display/virtio-gpu.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c
index c3cf47e..cef736c 100644
--- a/hw/display/virtio-gpu.c
+++ b/hw/display/virtio-gpu.c
@@ -1052,12 +1052,14 @@ static int virtio_gpu_load(QEMUFile *f, void *opaque, size_t size)
/* allocate */
pformat = get_pixman_format(res->format);
if (!pformat) {
+ g_free(res);
return -EINVAL;
}
res->image = pixman_image_create_bits(pformat,
res->width, res->height,
NULL, 0);
if (!res->image) {
+ g_free(res);
return -EINVAL;
}
@@ -1080,6 +1082,16 @@ static int virtio_gpu_load(QEMUFile *f, void *opaque, size_t size)
res->iov[i].iov_base =
cpu_physical_memory_map(res->addrs[i], &len, 1);
if (!res->iov[i].iov_base || len != res->iov[i].iov_len) {
+ /* Clean up the half-a-mapping we just created... */
+ if (res->iov[i].iov_base) {
+ cpu_physical_memory_unmap(res->iov[i].iov_base,
+ len, 0, 0);
+ }
+ /* ...and the mappings for previous loop iterations */
+ res->iov_cnt = i;
+ virtio_gpu_cleanup_mapping(res);
+ pixman_image_unref(res->image);
+ g_free(res);
return -EINVAL;
}
}
--
1.8.3.1
next prev parent reply other threads:[~2017-01-11 10:28 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-01-11 10:28 [Qemu-devel] [PULL 0/5] vga patch queue Gerd Hoffmann
2017-01-11 10:28 ` [Qemu-devel] [PULL 1/5] virtio-gpu: fix information leak in capset get dispatch Gerd Hoffmann
2017-01-11 10:28 ` [Qemu-devel] [PULL 2/5] display: cirrus: ignore source pitch value as needed in blit_is_unsafe Gerd Hoffmann
2017-01-11 10:28 ` [Qemu-devel] [PULL 3/5] virtio-gpu: Recalculate VirtIOGPU::hostmem on VM load Gerd Hoffmann
2017-01-11 10:28 ` Gerd Hoffmann [this message]
2017-01-11 10:28 ` [Qemu-devel] [PULL 5/5] virtio-gpu: tag as not hotpluggable Gerd Hoffmann
2017-01-12 18:29 ` [Qemu-devel] [PULL 0/5] vga patch queue Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1484130518-18873-5-git-send-email-kraxel@redhat.com \
--to=kraxel@redhat.com \
--cc=mst@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.