From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:49576) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aVcUd-0001ST-1H for qemu-devel@nongnu.org; Tue, 16 Feb 2016 05:04:27 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1aVcUY-0008K8-Vo for qemu-devel@nongnu.org; Tue, 16 Feb 2016 05:04:26 -0500 Received: from mx1.redhat.com ([209.132.183.28]:47533) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aVcUY-0008Jt-Qk for qemu-devel@nongnu.org; Tue, 16 Feb 2016 05:04:22 -0500 From: P J P Date: Tue, 16 Feb 2016 15:34:14 +0530 Message-Id: <1455617054-8481-1-git-send-email-ppandit@redhat.com> Subject: [Qemu-devel] [PATCH] usb: ohci avoid multiple eof timers List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Qemu Developers Cc: Zuozhi Fzz , Gerd Hoffmann , Prasad J Pandit From: Prasad J Pandit When transitioning an OHCI controller to the OHCI_USB_OPERATIONAL state, it creates an eof timer object in 'ohci_bus_start'. It does not check if one already exists. This results in memory leakage and null dereference issue. Add a check to avoid it. Reported-by: Zuozhi Fzz Signed-off-by: Prasad J Pandit --- hw/usb/hcd-ohci.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/hw/usb/hcd-ohci.c b/hw/usb/hcd-ohci.c index 7d65818..15f0b44 100644 --- a/hw/usb/hcd-ohci.c +++ b/hw/usb/hcd-ohci.c @@ -1331,11 +1331,11 @@ static void ohci_frame_boundary(void *opaque) */ static int ohci_bus_start(OHCIState *ohci) { - ohci->eof_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, - ohci_frame_boundary, - ohci); - - if (ohci->eof_timer == NULL) { + if (!ohci->eof_timer) { + ohci->eof_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, + ohci_frame_boundary, ohci); + } + if (!ohci->eof_timer) { trace_usb_ohci_bus_eof_timer_failed(ohci->name); ohci_die(ohci); return 0; -- 2.5.0