From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([208.118.235.92]:57222)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <jim@meyering.net>) id 1SUecR-0006I6-L6
	for qemu-devel@nongnu.org; Wed, 16 May 2012 09:50:32 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <jim@meyering.net>) id 1SUecM-0007rs-VS
	for qemu-devel@nongnu.org; Wed, 16 May 2012 09:50:23 -0400
Received: from mx.meyering.net ([88.168.87.75]:37817)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <jim@meyering.net>) id 1SUecM-0007r4-Of
	for qemu-devel@nongnu.org; Wed, 16 May 2012 09:50:18 -0400
From: Jim Meyering <jim@meyering.net>
In-Reply-To: <CAFEAcA8QxrKvzXyCyn867OJP=iCXchGHWBiiy7f4KPUEbzarRw@mail.gmail.com>
	(Peter Maydell's message of "Wed, 16 May 2012 14:21:31 +0100")
References: <1337173681-25891-1-git-send-email-jim@meyering.net>
	<1337173681-25891-4-git-send-email-jim@meyering.net>
	<CAFEAcA8QxrKvzXyCyn867OJP=iCXchGHWBiiy7f4KPUEbzarRw@mail.gmail.com>
Date: Wed, 16 May 2012 15:50:15 +0200
Message-ID: <8762bwxmjs.fsf@rho.meyering.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
Subject: Re: [Qemu-devel] [PATCH 3/6] linux-user: do_msgrcv: don't leak
	host_mb upon TARGET_EFAULT failure
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Peter Maydell <peter.maydell@linaro.org>
Cc: Riku Voipio <riku.voipio@iki.fi>, qemu-devel@nongnu.org

Peter Maydell wrote:

> On 16 May 2012 14:07, Jim Meyering <jim@meyering.net> wrote:
>> From: Jim Meyering <meyering@redhat.com>
>>
>>
>> Signed-off-by: Jim Meyering <meyering@redhat.com>
>> ---
>> =A0linux-user/syscall.c | 1 +
>> =A01 file changed, 1 insertion(+)
>>
>> diff --git a/linux-user/syscall.c b/linux-user/syscall.c
>> index 20d2a74..bdf8ce0 100644
>> --- a/linux-user/syscall.c
>> +++ b/linux-user/syscall.c
>> @@ -2814,6 +2814,7 @@ static inline abi_long do_msgrcv(int msqid, abi_lo=
ng msgp,
>> =A0end:
>> =A0 =A0 if (target_mb)
>> =A0 =A0 =A0 =A0 unlock_user_struct(target_mb, msgp, 1);
>> + =A0 =A0free(host_mb);
>> =A0 =A0 return ret;
>> =A0}
>
> This will cause us to free() host_mb twice in the normal-return case.

Good catch.  Thanks.
V2 corrects that.