[Xen-devel] [PATCH 22/32] hw/ide: fix memory leak from qemu_allocate_irqs()
From: Kaifeng Zhu kaifeng@citrix.com
qemu_allocate_irqs would return an array of irqs, not store the allocated
array pointer, and subsequently leak it.
Signed-off-by: Kaifeng Zhu kaifeng@citrix.com
(defects not identified by Coverity Scan)
Reviewed-by: Andrew Cooper andrew.coop...@citrix.com
---
hw/ide.c |2 +-
hw/irq.c | 18 +-
hw/irq.h |4
3 files changed, 22 insertions(+), 2 deletions(-)
diff --git a/hw/ide.c b/hw/ide.c
index 83e3c70..f372b7b 100644
--- a/hw/ide.c
+++ b/hw/ide.c
@@ -4769,7 +4769,7 @@ struct pcmcia_card_s *dscm1_init(BlockDriverState
*bdrv)
md-card.cis = dscm1_cis;
md-card.cis_len = sizeof(dscm1_cis);
-ide_init2(md-ide, bdrv, 0, qemu_allocate_irqs(md_set_irq, md, 1)[0]);
+ide_init2(md-ide, bdrv, 0, qemu_allocate_irq(md_set_irq, md));
md-ide-is_cf = 1;
md-ide-mdata_size = METADATA_SIZE;
md-ide-mdata_storage = (uint8_t *) qemu_mallocz(METADATA_SIZE);
diff --git a/hw/irq.c b/hw/irq.c
index 7703f62..c7c4864 100644
--- a/hw/irq.c
+++ b/hw/irq.c
@@ -38,6 +38,22 @@ void qemu_set_irq(qemu_irq irq, int level)
irq-handler(irq-opaque, irq-n, level);
}
+qemu_irq qemu_allocate_irq(qemu_irq_handler handler, void *opaque)
+{
+struct IRQState *irq;
+
+irq = (struct IRQState *)qemu_mallocz(sizeof(struct IRQState));
+irq-handler = handler;
+irq-opaque = opaque;
+irq-n = 0;
+return irq;
+}
+
+void qemu_free_irq(qemu_irq irq)
+{
+qemu_free(irq);
+}
+
qemu_irq *qemu_allocate_irqs(qemu_irq_handler handler, void *opaque, int n)
{
qemu_irq *s;
@@ -73,5 +89,5 @@ qemu_irq qemu_irq_invert(qemu_irq irq)
{
/* The default state for IRQs is low, so raise the output now. */
qemu_irq_raise(irq);
-return qemu_allocate_irqs(qemu_notirq, irq, 1)[0];
+return qemu_allocate_irq(qemu_notirq, irq);
}
diff --git a/hw/irq.h b/hw/irq.h
index 5daae44..da34ae3 100644
--- a/hw/irq.h
+++ b/hw/irq.h
@@ -25,6 +25,10 @@ static inline void qemu_irq_pulse(qemu_irq irq)
qemu_set_irq(irq, 0);
}
+/* Returns one IRQ. */
+qemu_irq qemu_allocate_irq(qemu_irq_handler handler, void *opaque);
+void qemu_free_irq(qemu_irq irq);
+
/* Returns an array of N IRQs. */
qemu_irq *qemu_allocate_irqs(qemu_irq_handler handler, void *opaque, int n);
void qemu_free_irqs(qemu_irq *s);
--
1.7.10.4
___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
[Xen-devel] [PATCH 22/32] hw/ide: fix memory leak from qemu_allocate_irqs()
From: Kaifeng Zhu kaifeng@citrix.com
qemu_allocate_irqs would return an array of irqs, not store the allocated
array pointer, and subsequently leak it.
Signed-off-by: Kaifeng Zhu kaifeng@citrix.com
(defects not identified by Coverity Scan)
Reviewed-by: Andrew Cooper andrew.coop...@citrix.com
---
hw/ide.c |2 +-
hw/irq.c | 18 +-
hw/irq.h |4
3 files changed, 22 insertions(+), 2 deletions(-)
diff --git a/hw/ide.c b/hw/ide.c
index 83e3c70..f372b7b 100644
--- a/hw/ide.c
+++ b/hw/ide.c
@@ -4769,7 +4769,7 @@ struct pcmcia_card_s *dscm1_init(BlockDriverState
*bdrv)
md-card.cis = dscm1_cis;
md-card.cis_len = sizeof(dscm1_cis);
-ide_init2(md-ide, bdrv, 0, qemu_allocate_irqs(md_set_irq, md, 1)[0]);
+ide_init2(md-ide, bdrv, 0, qemu_allocate_irq(md_set_irq, md));
md-ide-is_cf = 1;
md-ide-mdata_size = METADATA_SIZE;
md-ide-mdata_storage = (uint8_t *) qemu_mallocz(METADATA_SIZE);
diff --git a/hw/irq.c b/hw/irq.c
index 7703f62..c7c4864 100644
--- a/hw/irq.c
+++ b/hw/irq.c
@@ -38,6 +38,22 @@ void qemu_set_irq(qemu_irq irq, int level)
irq-handler(irq-opaque, irq-n, level);
}
+qemu_irq qemu_allocate_irq(qemu_irq_handler handler, void *opaque)
+{
+struct IRQState *irq;
+
+irq = (struct IRQState *)qemu_mallocz(sizeof(struct IRQState));
+irq-handler = handler;
+irq-opaque = opaque;
+irq-n = 0;
+return irq;
+}
+
+void qemu_free_irq(qemu_irq irq)
+{
+qemu_free(irq);
+}
+
qemu_irq *qemu_allocate_irqs(qemu_irq_handler handler, void *opaque, int n)
{
qemu_irq *s;
@@ -73,5 +89,5 @@ qemu_irq qemu_irq_invert(qemu_irq irq)
{
/* The default state for IRQs is low, so raise the output now. */
qemu_irq_raise(irq);
-return qemu_allocate_irqs(qemu_notirq, irq, 1)[0];
+return qemu_allocate_irq(qemu_notirq, irq);
}
diff --git a/hw/irq.h b/hw/irq.h
index 5daae44..da34ae3 100644
--- a/hw/irq.h
+++ b/hw/irq.h
@@ -25,6 +25,10 @@ static inline void qemu_irq_pulse(qemu_irq irq)
qemu_set_irq(irq, 0);
}
+/* Returns one IRQ. */
+qemu_irq qemu_allocate_irq(qemu_irq_handler handler, void *opaque);
+void qemu_free_irq(qemu_irq irq);
+
/* Returns an array of N IRQs. */
qemu_irq *qemu_allocate_irqs(qemu_irq_handler handler, void *opaque, int n);
void qemu_free_irqs(qemu_irq *s);
--
1.7.10.4
___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
