diff options
author | Peter Maydell <peter.maydell@linaro.org> | 2017-01-09 13:38:43 +0000 |
---|---|---|
committer | Gerd Hoffmann <kraxel@redhat.com> | 2017-01-11 09:19:05 +0100 |
commit | c84f0f25db2eaab101665ddb60c1ddf1decce76a (patch) | |
tree | ee75e73c50f4038ed59f8ac7b7d8a6794b5e4fd7 /hw/display | |
parent | 039aa5db0e7d9edb2bd807c2d4e09d8d7be4c9c4 (diff) | |
download | qemu-c84f0f25db2eaab101665ddb60c1ddf1decce76a.zip qemu-c84f0f25db2eaab101665ddb60c1ddf1decce76a.tar.gz qemu-c84f0f25db2eaab101665ddb60c1ddf1decce76a.tar.bz2 |
virtio-gpu: Fix memory leak in virtio_gpu_load()
Coverity points out that if we fail in the "creating resources"
loop in virtio_gpu_load() we will leak various resources (CID 1356431).
Failing a VM load is going to leave the simulation in a complete mess,
but we can tidy up to the point that a full system reset should
get us back to sanity.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1483969123-14839-3-git-send-email-peter.maydell@linaro.org
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Diffstat (limited to 'hw/display')
-rw-r--r-- | hw/display/virtio-gpu.c | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c index c3cf47e..cef736c 100644 --- a/hw/display/virtio-gpu.c +++ b/hw/display/virtio-gpu.c @@ -1052,12 +1052,14 @@ static int virtio_gpu_load(QEMUFile *f, void *opaque, size_t size) /* allocate */ pformat = get_pixman_format(res->format); if (!pformat) { + g_free(res); return -EINVAL; } res->image = pixman_image_create_bits(pformat, res->width, res->height, NULL, 0); if (!res->image) { + g_free(res); return -EINVAL; } @@ -1080,6 +1082,16 @@ static int virtio_gpu_load(QEMUFile *f, void *opaque, size_t size) res->iov[i].iov_base = cpu_physical_memory_map(res->addrs[i], &len, 1); if (!res->iov[i].iov_base || len != res->iov[i].iov_len) { + /* Clean up the half-a-mapping we just created... */ + if (res->iov[i].iov_base) { + cpu_physical_memory_unmap(res->iov[i].iov_base, + len, 0, 0); + } + /* ...and the mappings for previous loop iterations */ + res->iov_cnt = i; + virtio_gpu_cleanup_mapping(res); + pixman_image_unref(res->image); + g_free(res); return -EINVAL; } } |