diff options
author | Philippe Mathieu-Daudé <philmd@redhat.com> | 2021-05-31 12:19:28 +0200 |
---|---|---|
committer | Gerd Hoffmann <kraxel@redhat.com> | 2021-07-22 13:31:51 +0200 |
commit | dc2deaba4852e3324a4558a8bd29c58ce3299699 (patch) | |
tree | 1621159c9d32c4946d6e75bbae77be331af65872 /hw/display/virtio-gpu.c | |
parent | e77c8b8b8e933414ef07dbed04e02973fccffeb0 (diff) | |
download | qemu-dc2deaba4852e3324a4558a8bd29c58ce3299699.zip qemu-dc2deaba4852e3324a4558a8bd29c58ce3299699.tar.gz qemu-dc2deaba4852e3324a4558a8bd29c58ce3299699.tar.bz2 |
hw/display/virtio-gpu: Fix memory leak (CID 1453811)
To avoid leaking memory on the error path, reorder the
code as:
- check the parameters first
- check resource already existing
- finally allocate memory
Reported-by: Coverity (CID 1453811: RESOURCE_LEAK)
Fixes: e0933d91b1c ("virtio-gpu: Add virtio_gpu_resource_create_blob")
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20210531101928.1662732-1-philmd@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Diffstat (limited to 'hw/display/virtio-gpu.c')
-rw-r--r-- | hw/display/virtio-gpu.c | 26 |
1 files changed, 10 insertions, 16 deletions
diff --git a/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c index 6b7f643..990e71f 100644 --- a/hw/display/virtio-gpu.c +++ b/hw/display/virtio-gpu.c @@ -340,37 +340,31 @@ static void virtio_gpu_resource_create_blob(VirtIOGPU *g, return; } - res = virtio_gpu_find_resource(g, cblob.resource_id); - if (res) { - qemu_log_mask(LOG_GUEST_ERROR, "%s: resource already exists %d\n", - __func__, cblob.resource_id); - cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_RESOURCE_ID; - return; - } - - res = g_new0(struct virtio_gpu_simple_resource, 1); - res->resource_id = cblob.resource_id; - res->blob_size = cblob.size; - if (cblob.blob_mem != VIRTIO_GPU_BLOB_MEM_GUEST && cblob.blob_flags != VIRTIO_GPU_BLOB_FLAG_USE_SHAREABLE) { qemu_log_mask(LOG_GUEST_ERROR, "%s: invalid memory type\n", __func__); cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER; - g_free(res); return; } - if (res->iov) { - cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC; + if (virtio_gpu_find_resource(g, cblob.resource_id)) { + qemu_log_mask(LOG_GUEST_ERROR, "%s: resource already exists %d\n", + __func__, cblob.resource_id); + cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_RESOURCE_ID; return; } + res = g_new0(struct virtio_gpu_simple_resource, 1); + res->resource_id = cblob.resource_id; + res->blob_size = cblob.size; + ret = virtio_gpu_create_mapping_iov(g, cblob.nr_entries, sizeof(cblob), cmd, &res->addrs, &res->iov, &res->iov_cnt); - if (ret != 0) { + if (ret != 0 || res->iov) { cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC; + g_free(res); return; } |