summary refs log tree commit diff stats
path: root/hw/display/virtio-gpu.c
diff options
context:
space:
mode:
authorPeter Maydell <peter.maydell@linaro.org>2017-01-09 13:38:43 +0000
committerGerd Hoffmann <kraxel@redhat.com>2017-01-11 09:19:05 +0100
commitc84f0f25db2eaab101665ddb60c1ddf1decce76a (patch)
treeee75e73c50f4038ed59f8ac7b7d8a6794b5e4fd7 /hw/display/virtio-gpu.c
parent039aa5db0e7d9edb2bd807c2d4e09d8d7be4c9c4 (diff)
downloadfocaccia-qemu-c84f0f25db2eaab101665ddb60c1ddf1decce76a.tar.gz
focaccia-qemu-c84f0f25db2eaab101665ddb60c1ddf1decce76a.zip
virtio-gpu: Fix memory leak in virtio_gpu_load()
Coverity points out that if we fail in the "creating resources"
loop in virtio_gpu_load() we will leak various resources (CID 1356431).
Failing a VM load is going to leave the simulation in a complete mess,
but we can tidy up to the point that a full system reset should
get us back to sanity.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1483969123-14839-3-git-send-email-peter.maydell@linaro.org
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Diffstat (limited to 'hw/display/virtio-gpu.c')
-rw-r--r--hw/display/virtio-gpu.c12
1 files changed, 12 insertions, 0 deletions
diff --git a/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c
index c3cf47e57f..cef736cebf 100644
--- a/hw/display/virtio-gpu.c
+++ b/hw/display/virtio-gpu.c
@@ -1052,12 +1052,14 @@ static int virtio_gpu_load(QEMUFile *f, void *opaque, size_t size)
         /* allocate */
         pformat = get_pixman_format(res->format);
         if (!pformat) {
+            g_free(res);
             return -EINVAL;
         }
         res->image = pixman_image_create_bits(pformat,
                                               res->width, res->height,
                                               NULL, 0);
         if (!res->image) {
+            g_free(res);
             return -EINVAL;
         }
 
@@ -1080,6 +1082,16 @@ static int virtio_gpu_load(QEMUFile *f, void *opaque, size_t size)
             res->iov[i].iov_base =
                 cpu_physical_memory_map(res->addrs[i], &len, 1);
             if (!res->iov[i].iov_base || len != res->iov[i].iov_len) {
+                /* Clean up the half-a-mapping we just created... */
+                if (res->iov[i].iov_base) {
+                    cpu_physical_memory_unmap(res->iov[i].iov_base,
+                                              len, 0, 0);
+                }
+                /* ...and the mappings for previous loop iterations */
+                res->iov_cnt = i;
+                virtio_gpu_cleanup_mapping(res);
+                pixman_image_unref(res->image);
+                g_free(res);
                 return -EINVAL;
             }
         }