From: Kevin Wolf <kwolf@redhat.com>
To: anthony@codemonkey.ws
Cc: kwolf@redhat.com, qemu-devel@nongnu.org
Subject: [Qemu-devel] [PATCH 09/24] block/vvfat: Fix potential memory leaks and other memory errors
Date: Fri, 14 Oct 2011 18:49:04 +0200 [thread overview]
Message-ID: <1318610959-17971-10-git-send-email-kwolf@redhat.com> (raw)
In-Reply-To: <1318610959-17971-1-git-send-email-kwolf@redhat.com>
From: Stefan Weil <weil@mail.berlios.de>
cppcheck reported memory leaks and mismatched g_malloc() with free()
instead of g_free().
Fix these errors.
Cc: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
block/vvfat.c | 51 ++++++++++++++++++++++++++++++---------------------
1 files changed, 30 insertions(+), 21 deletions(-)
diff --git a/block/vvfat.c b/block/vvfat.c
index f567c9a..f45939d 100644
--- a/block/vvfat.c
+++ b/block/vvfat.c
@@ -86,8 +86,7 @@ static inline void array_init(array_t* array,unsigned int item_size)
static inline void array_free(array_t* array)
{
- if(array->pointer)
- free(array->pointer);
+ g_free(array->pointer);
array->size=array->next=0;
}
@@ -169,7 +168,7 @@ static inline int array_roll(array_t* array,int index_to,int index_from,int coun
memcpy(to,buf,is*count);
- free(buf);
+ g_free(buf);
return 0;
}
@@ -732,7 +731,7 @@ static int read_directory(BDRVVVFATState* s, int mapping_index)
snprintf(buffer,length,"%s/%s",dirname,entry->d_name);
if(stat(buffer,&st)<0) {
- free(buffer);
+ g_free(buffer);
continue;
}
@@ -755,7 +754,7 @@ static int read_directory(BDRVVVFATState* s, int mapping_index)
direntry->begin=0; /* do that later */
if (st.st_size > 0x7fffffff) {
fprintf(stderr, "File %s is larger than 2GB\n", buffer);
- free(buffer);
+ g_free(buffer);
closedir(dir);
return -2;
}
@@ -1375,7 +1374,7 @@ DLOG(fprintf(stderr, "clear_commits (%d commits)\n", s->commits.next));
assert(commit->path || commit->action == ACTION_WRITEOUT);
if (commit->action != ACTION_WRITEOUT) {
assert(commit->path);
- free(commit->path);
+ g_free(commit->path);
} else
assert(commit->path == NULL);
}
@@ -1782,7 +1781,7 @@ DLOG(fprintf(stderr, "read cluster %d (sector %d)\n", (int)cluster_num, (int)clu
if (subret) {
fprintf(stderr, "Error fetching direntries\n");
fail:
- free(cluster);
+ g_free(cluster);
return 0;
}
@@ -1850,7 +1849,7 @@ DLOG(fprintf(stderr, "check direntry %d:\n", i); print_direntry(direntries + i))
cluster_num = modified_fat_get(s, cluster_num);
} while(!fat_eof(s, cluster_num));
- free(cluster);
+ g_free(cluster);
return ret;
}
@@ -1995,8 +1994,9 @@ static int remove_mapping(BDRVVVFATState* s, int mapping_index)
mapping_t* first_mapping = array_get(&(s->mapping), 0);
/* free mapping */
- if (mapping->first_mapping_index < 0)
- free(mapping->path);
+ if (mapping->first_mapping_index < 0) {
+ g_free(mapping->path);
+ }
/* remove from s->mapping */
array_remove(&(s->mapping), mapping_index);
@@ -2232,11 +2232,15 @@ static int commit_one_file(BDRVVVFATState* s,
if (fd < 0) {
fprintf(stderr, "Could not open %s... (%s, %d)\n", mapping->path,
strerror(errno), errno);
+ g_free(cluster);
return fd;
}
- if (offset > 0)
- if (lseek(fd, offset, SEEK_SET) != offset)
- return -3;
+ if (offset > 0) {
+ if (lseek(fd, offset, SEEK_SET) != offset) {
+ g_free(cluster);
+ return -3;
+ }
+ }
while (offset < size) {
uint32_t c1;
@@ -2252,11 +2256,15 @@ static int commit_one_file(BDRVVVFATState* s,
ret = vvfat_read(s->bs, cluster2sector(s, c),
(uint8_t*)cluster, (rest_size + 0x1ff) / 0x200);
- if (ret < 0)
- return ret;
+ if (ret < 0) {
+ g_free(cluster);
+ return ret;
+ }
- if (write(fd, cluster, rest_size) < 0)
- return -2;
+ if (write(fd, cluster, rest_size) < 0) {
+ g_free(cluster);
+ return -2;
+ }
offset += rest_size;
c = c1;
@@ -2265,9 +2273,11 @@ static int commit_one_file(BDRVVVFATState* s,
if (ftruncate(fd, size)) {
perror("ftruncate()");
close(fd);
+ g_free(cluster);
return -4;
}
close(fd);
+ g_free(cluster);
return commit_mappings(s, first_cluster, dir_index);
}
@@ -2399,7 +2409,7 @@ static int handle_renames_and_mkdirs(BDRVVVFATState* s)
}
}
- free(old_path);
+ g_free(old_path);
array_remove(&(s->commits), i);
continue;
} else if (commit->action == ACTION_MKDIR) {
@@ -2775,7 +2785,7 @@ static int write_target_commit(BlockDriverState *bs, int64_t sector_num,
static void write_target_close(BlockDriverState *bs) {
BDRVVVFATState* s = *((BDRVVVFATState**) bs->opaque);
bdrv_delete(s->qcow);
- free(s->qcow_filename);
+ g_free(s->qcow_filename);
}
static BlockDriver vvfat_write_target = {
@@ -2836,8 +2846,7 @@ static void vvfat_close(BlockDriverState *bs)
array_free(&(s->fat));
array_free(&(s->directory));
array_free(&(s->mapping));
- if(s->cluster_buffer)
- free(s->cluster_buffer);
+ g_free(s->cluster_buffer);
}
static BlockDriver bdrv_vvfat = {
--
1.7.6.4
next prev parent reply other threads:[~2011-10-14 16:46 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-10-14 16:48 [Qemu-devel] [PULL 00/24] Block patches Kevin Wolf
2011-10-14 16:48 ` [Qemu-devel] [PATCH 01/24] block: allow resizing of images residing on host devices Kevin Wolf
2011-10-14 16:48 ` [Qemu-devel] [PATCH 02/24] linux-aio: Fix laio_submit error handling Kevin Wolf
2011-10-14 16:48 ` [Qemu-devel] [PATCH 03/24] block: Keep track of devices' I/O status Kevin Wolf
2011-10-14 16:48 ` [Qemu-devel] [PATCH 04/24] virtio: Support " Kevin Wolf
2011-10-14 16:49 ` [Qemu-devel] [PATCH 05/24] ide: " Kevin Wolf
2011-10-14 16:49 ` [Qemu-devel] [PATCH 06/24] scsi: " Kevin Wolf
2011-10-14 16:49 ` [Qemu-devel] [PATCH 07/24] QMP: query-status: Add 'io-status' key Kevin Wolf
2011-10-14 16:49 ` [Qemu-devel] [PATCH 08/24] HMP: Print 'io-status' information Kevin Wolf
2011-10-14 16:49 ` Kevin Wolf [this message]
2011-10-14 16:49 ` [Qemu-devel] [PATCH 10/24] block/vvfat: Remove unused code Kevin Wolf
2011-10-14 16:49 ` [Qemu-devel] [PATCH 11/24] vvfat: Fix potential buffer overflow Kevin Wolf
2011-10-14 16:49 ` [Qemu-devel] [PATCH 12/24] block: directly invoke .bdrv_aio_*() in bdrv_co_io_em() Kevin Wolf
2011-10-14 16:49 ` [Qemu-devel] [PATCH 13/24] block: directly invoke .bdrv_* from emulation functions Kevin Wolf
2011-10-14 16:49 ` [Qemu-devel] [PATCH 14/24] block: split out bdrv_co_do_readv() and bdrv_co_do_writev() Kevin Wolf
2011-10-14 16:49 ` [Qemu-devel] [PATCH 15/24] block: switch bdrv_read()/bdrv_write() to coroutines Kevin Wolf
2011-10-24 15:12 ` Pierre Riteau
2011-10-14 16:49 ` [Qemu-devel] [PATCH 16/24] block: switch bdrv_aio_readv() " Kevin Wolf
2011-10-14 16:49 ` [Qemu-devel] [PATCH 17/24] block: mark blocks dirty on coroutine write completion Kevin Wolf
2011-10-14 16:49 ` [Qemu-devel] [PATCH 18/24] block: switch bdrv_aio_writev() to coroutines Kevin Wolf
2011-10-14 16:49 ` [Qemu-devel] [PATCH 19/24] linux-aio: Allow reads beyond the end of growable images Kevin Wolf
2011-10-14 16:49 ` [Qemu-devel] [PATCH 20/24] block: drop emulation functions that use coroutines Kevin Wolf
2011-10-14 16:49 ` [Qemu-devel] [PATCH 21/24] raw-posix: remove bdrv_read()/bdrv_write() Kevin Wolf
2011-10-14 16:49 ` [Qemu-devel] [PATCH 22/24] block: use coroutine interface for raw format Kevin Wolf
2011-10-14 16:49 ` [Qemu-devel] [PATCH 23/24] block: drop .bdrv_read()/.bdrv_write() emulation Kevin Wolf
2011-10-14 16:49 ` [Qemu-devel] [PATCH 24/24] block: drop bdrv_has_async_rw() Kevin Wolf
2011-10-14 17:48 ` [Qemu-devel] [PULL 00/24] Block patches Anthony Liguori
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1318610959-17971-10-git-send-email-kwolf@redhat.com \
--to=kwolf@redhat.com \
--cc=anthony@codemonkey.ws \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).