diff options
author | Leon Alrae <leon.alrae@imgtec.com> | 2015-07-14 11:08:15 +0100 |
---|---|---|
committer | Leon Alrae <leon.alrae@imgtec.com> | 2015-07-15 14:07:25 +0100 |
commit | 26e7e982b267e71d40cd20e9e234fedef6770a90 (patch) | |
tree | fad74f2bf3bebc3365ebdfb7108c0c3d4582d2fa /target-mips/mips-semi.c | |
parent | 47ada0ad3431b39863918dc80386634693d317b5 (diff) | |
download | qemu-26e7e982b267e71d40cd20e9e234fedef6770a90.zip qemu-26e7e982b267e71d40cd20e9e234fedef6770a90.tar.gz qemu-26e7e982b267e71d40cd20e9e234fedef6770a90.tar.bz2 |
target-mips: fix resource leak reported by Coverity
UHI assert and link operations call lock_user_string() twice to obtain two
strings pointed by gpr[4] and gpr[5]. If the second lock_user_string()
fails, then the first one won't get freed. Fix this by introducing another
macro responsible for obtaining two strings and handling allocation
failure.
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Diffstat (limited to 'target-mips/mips-semi.c')
-rw-r--r-- | target-mips/mips-semi.c | 23 |
1 files changed, 19 insertions, 4 deletions
diff --git a/target-mips/mips-semi.c b/target-mips/mips-semi.c index 1162c76..5050940 100644 --- a/target-mips/mips-semi.c +++ b/target-mips/mips-semi.c @@ -220,6 +220,23 @@ static int copy_argn_to_target(CPUMIPSState *env, int arg_num, } \ } while (0) +#define GET_TARGET_STRINGS_2(p, addr, p2, addr2) \ + do { \ + p = lock_user_string(addr); \ + if (!p) { \ + gpr[2] = -1; \ + gpr[3] = EFAULT; \ + goto uhi_done; \ + } \ + p2 = lock_user_string(addr2); \ + if (!p2) { \ + unlock_user(p, addr, 0); \ + gpr[2] = -1; \ + gpr[3] = EFAULT; \ + goto uhi_done; \ + } \ + } while (0) + #define FREE_TARGET_STRING(p, gpr) \ do { \ unlock_user(p, gpr, 0); \ @@ -322,8 +339,7 @@ void helper_do_semihosting(CPUMIPSState *env) FREE_TARGET_STRING(p, gpr[4]); break; case UHI_assert: - GET_TARGET_STRING(p, gpr[4]); - GET_TARGET_STRING(p2, gpr[5]); + GET_TARGET_STRINGS_2(p, gpr[4], p2, gpr[5]); printf("assertion '"); printf("\"%s\"", p); printf("': file \"%s\", line %d\n", p2, (int)gpr[6]); @@ -341,8 +357,7 @@ void helper_do_semihosting(CPUMIPSState *env) break; #ifndef _WIN32 case UHI_link: - GET_TARGET_STRING(p, gpr[4]); - GET_TARGET_STRING(p2, gpr[5]); + GET_TARGET_STRINGS_2(p, gpr[4], p2, gpr[5]); gpr[2] = link(p, p2); gpr[3] = errno_mips(errno); FREE_TARGET_STRING(p2, gpr[5]); |