diff options
author | Greg Kurz <groug@kaod.org> | 2018-04-07 16:43:46 +0200 |
---|---|---|
committer | Cornelia Huck <cohuck@redhat.com> | 2018-04-09 13:50:31 +0200 |
commit | be4d026f645eb31078e08d431c93a898b895024e (patch) | |
tree | 46d85c2e6148ebc63f78c62a7d57b9df5a2cc95a /hw | |
parent | c607bb8f8a6287704fdf06c78ee24d7443a6a8af (diff) | |
download | qemu-be4d026f645eb31078e08d431c93a898b895024e.zip qemu-be4d026f645eb31078e08d431c93a898b895024e.tar.gz qemu-be4d026f645eb31078e08d431c93a898b895024e.tar.bz2 |
vfio-ccw: fix memory leaks in vfio_ccw_realize()
If the subchannel is already attached or if vfio_get_device() fails, the
code jumps to the 'out_device_err' label and doesn't free the string it
has just allocated.
The code should be reworked so that vcdev->vdev.name only gets set when
the device has been attached, and freed when it is about to be detached.
This could be achieved with the addition of a vfio_ccw_get_device()
function that would be the counterpart of vfio_put_device(). But this is
a more elaborate cleanup that should be done in a follow-up. For now,
let's just add calls to g_free() on the buggy error paths.
Signed-off-by: Greg Kurz <groug@kaod.org>
Message-Id: <152311222681.203086.8874800175539040298.stgit@bahia>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
Diffstat (limited to 'hw')
-rw-r--r-- | hw/vfio/ccw.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/hw/vfio/ccw.c b/hw/vfio/ccw.c index 4e58557..fe34b50 100644 --- a/hw/vfio/ccw.c +++ b/hw/vfio/ccw.c @@ -357,11 +357,13 @@ static void vfio_ccw_realize(DeviceState *dev, Error **errp) if (strcmp(vbasedev->name, vcdev->vdev.name) == 0) { error_setg(&err, "vfio: subchannel %s has already been attached", vcdev->vdev.name); + g_free(vcdev->vdev.name); goto out_device_err; } } if (vfio_get_device(group, cdev->mdevid, &vcdev->vdev, &err)) { + g_free(vcdev->vdev.name); goto out_device_err; } |