Re: [PATCH 3/3] hw/timer/slavio_timer: Free resources allocated in instance_init

Sat, 07 Mar 2026 03:41:21 -0800 

On 7/3/26 12:29, Peter Maydell wrote:

The slavio_timer device's instance_init function allocates memory for
TimerContext structs and a ptimer, but it never frees this memory, so
we will leak it if the QMP interface does introspection of this
device type, as reported by the clang address sanitizer:

Indirect leak of 4896 byte(s) in 17 object(s) allocated from:
     #0 0x5f2948d9b14d in calloc 
(/home/pm215/qemu/build/san/qemu-system-sparc+0xe0c14d) (BuildId: 
7210711bdf6f7fbd0b863bd2dfcc7c42c7175db1)
     #1 0x758584b11771 in g_malloc0 
(/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x63771) (BuildId: 
116e142b9b52c8a4dfd403e759e71ab8f95d8bb3)
     #2 0x5f2949097b8a in slavio_timer_init 
/home/pm215/qemu/build/san/../../hw/timer/slavio_timer.c:403:14
     #3 0x5f29495d790f in object_initialize_with_type 
/home/pm215/qemu/build/san/../../qom/object.c:570:5
     #4 0x5f29495d96ef in object_new_with_type 
/home/pm215/qemu/build/san/../../qom/object.c:774:5
     #5 0x5f2949a30a26 in qmp_device_list_properties 
/home/pm215/qemu/build/san/../../qom/qom-qmp-cmds.c:206:11

Indirect leak of 1632 byte(s) in 17 object(s) allocated from:
     #0 0x5f2948d9b14d in calloc 
(/home/pm215/qemu/build/san/qemu-system-sparc+0xe0c14d) (BuildId: 
7210711bdf6f7fbd0b863bd2dfcc7c42c7175db1)
     #1 0x758584b11771 in g_malloc0 
(/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x63771) (BuildId: 
116e142b9b52c8a4dfd403e759e71ab8f95d8bb3)
     #2 0x5f2948f7c65a in ptimer_init 
/home/pm215/qemu/build/san/../../hw/core/ptimer.c:464:9
     #3 0x5f2949097c1f in slavio_timer_init 
/home/pm215/qemu/build/san/../../hw/timer/slavio_timer.c:407:32
     #4 0x5f29495d790f in object_initialize_with_type 
/home/pm215/qemu/build/san/../../qom/object.c:570:5
     #5 0x5f29495d96ef in object_new_with_type 
/home/pm215/qemu/build/san/../../qom/object.c:774:5
     #6 0x5f2949a30a26 in qmp_device_list_properties 
/home/pm215/qemu/build/san/../../qom/qom-qmp-cmds.c:206:11

Avoid the TimerContext leaks by making them an array inside the
SLAVIO_TimerState struct instead of allocating a compile-time-fixed
number of them each individually with g_new0() and then throwing away
the pointer.

Avoid the ptimer() leak by calling ptimer_free in
instance_finalize().

Signed-off-by: Peter Maydell <[email protected]>
---
  hw/timer/slavio_timer.c | 25 ++++++++++++++++++-------
  1 file changed, 18 insertions(+), 7 deletions(-)


Reviewed-by: Philippe Mathieu-Daudé <[email protected]>

Reply via email to