From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:51699) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XXRVf-0002FH-J4 for qemu-devel@nongnu.org; Fri, 26 Sep 2014 05:08:24 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1XXRVW-0002XC-J0 for qemu-devel@nongnu.org; Fri, 26 Sep 2014 05:08:15 -0400 Received: from e23smtp06.au.ibm.com ([202.81.31.148]:46450) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XXRVV-0002Vx-UL for qemu-devel@nongnu.org; Fri, 26 Sep 2014 05:08:06 -0400 Received: from /spool/local by e23smtp06.au.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Fri, 26 Sep 2014 19:07:55 +1000 Received: from d23relay05.au.ibm.com (d23relay05.au.ibm.com [9.190.235.152]) by d23dlp01.au.ibm.com (Postfix) with ESMTP id AB05E2CE802D for ; Fri, 26 Sep 2014 19:07:53 +1000 (EST) Received: from d23av01.au.ibm.com (d23av01.au.ibm.com [9.190.234.96]) by d23relay05.au.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id s8Q8hgVu2949438 for ; Fri, 26 Sep 2014 18:43:43 +1000 Received: from d23av01.au.ibm.com (localhost [127.0.0.1]) by d23av01.au.ibm.com (8.14.4/8.14.4/NCO v10.0 AVout) with ESMTP id s8Q97q44025319 for ; Fri, 26 Sep 2014 19:07:52 +1000 From: Bharata B Rao Date: Fri, 26 Sep 2014 14:37:38 +0530 Message-Id: <1411722458-21569-3-git-send-email-bharata@linux.vnet.ibm.com> In-Reply-To: <1411722458-21569-1-git-send-email-bharata@linux.vnet.ibm.com> References: <1411722458-21569-1-git-send-email-bharata@linux.vnet.ibm.com> Subject: [Qemu-devel] [RFC PATCH v0 2/2] target-ppc: Fix an invalid free in opcode table handling code. List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org Cc: agraf@suse.de, Bharata B Rao Opcode table has direct, indirect and double indirect handlers, but ppc_cpu_unrealizefn() frees direct handlers which are never allocated and never frees double indirect handlers. Signed-off-by: Bharata B Rao --- target-ppc/translate_init.c | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/target-ppc/translate_init.c b/target-ppc/translate_init.c index 358a2a7..30f09b9 100644 --- a/target-ppc/translate_init.c +++ b/target-ppc/translate_init.c @@ -9091,11 +9091,24 @@ static void ppc_cpu_unrealizefn(DeviceState *dev, Error **errp) { PowerPCCPU *cpu = POWERPC_CPU(dev); CPUPPCState *env = &cpu->env; - int i; + opc_handler_t **table; + int i, j; for (i = 0; i < PPC_CPU_OPCODES_LEN; i++) { - if (env->opcodes[i] != &invalid_handler) { - g_free(env->opcodes[i]); + if (env->opcodes[i] == &invalid_handler) { + continue; + } + if (is_indirect_opcode(env->opcodes[i])) { + table = ind_table(env->opcodes[i]); + for (j = 0; j < PPC_CPU_INDIRECT_OPCODES_LEN; j++) { + if (table[j] != &invalid_handler && + is_indirect_opcode(table[j])) { + g_free((opc_handler_t *)((uintptr_t)table[j] & + ~PPC_INDIRECT)); + } + } + g_free((opc_handler_t *)((uintptr_t)env->opcodes[i] & + ~PPC_INDIRECT)); } } } -- 1.7.11.7