[Qemu-devel] [PATCH for 3.0] sam460ex: Correct use after free error

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

* [Qemu-devel] [PATCH for 3.0] sam460ex: Correct use after free error
@ 2018-07-15 20:47 BALATON Zoltan
  2018-07-15 22:19 ` Philippe Mathieu-Daudé
  2018-07-16  1:18 ` David Gibson
  0 siblings, 2 replies; 3+ messages in thread
From: BALATON Zoltan @ 2018-07-15 20:47 UTC (permalink / raw)
  To: qemu-devel, qemu-ppc; +Cc: David Gibson, Paolo Bonzini

Commit 51b0d834c changed error handling to report file name in error
message but forgot to move freeing it after usage. Noticed by Coverity.

Fixes: CID 1394217
Reported-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
---
 hw/ppc/sam460ex.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/hw/ppc/sam460ex.c b/hw/ppc/sam460ex.c
index e2b7028..0999efc 100644
--- a/hw/ppc/sam460ex.c
+++ b/hw/ppc/sam460ex.c
@@ -269,11 +269,12 @@ static int sam460ex_load_device_tree(hwaddr addr,
         exit(1);
     }
     fdt = load_device_tree(filename, &fdt_size);
-    g_free(filename);
     if (!fdt) {
         error_report("Couldn't load dtb file `%s'", filename);
+        g_free(filename);
         exit(1);
     }
+    g_free(filename);
 
     /* Manipulate device tree in memory. */
 
-- 
2.7.6

^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [Qemu-devel] [PATCH for 3.0] sam460ex: Correct use after free error
  2018-07-15 20:47 [Qemu-devel] [PATCH for 3.0] sam460ex: Correct use after free error BALATON Zoltan
@ 2018-07-15 22:19 ` Philippe Mathieu-Daudé
  2018-07-16  1:18 ` David Gibson
  1 sibling, 0 replies; 3+ messages in thread
From: Philippe Mathieu-Daudé @ 2018-07-15 22:19 UTC (permalink / raw)
  To: BALATON Zoltan, qemu-devel, qemu-ppc; +Cc: Paolo Bonzini, David Gibson

On 07/15/2018 05:47 PM, BALATON Zoltan wrote:
> Commit 51b0d834c changed error handling to report file name in error
> message but forgot to move freeing it after usage. Noticed by Coverity.
> 
> Fixes: CID 1394217
> Reported-by: Paolo Bonzini <pbonzini@redhat.com>
> Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>

Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>

> ---
>  hw/ppc/sam460ex.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/hw/ppc/sam460ex.c b/hw/ppc/sam460ex.c
> index e2b7028..0999efc 100644
> --- a/hw/ppc/sam460ex.c
> +++ b/hw/ppc/sam460ex.c
> @@ -269,11 +269,12 @@ static int sam460ex_load_device_tree(hwaddr addr,
>          exit(1);
>      }
>      fdt = load_device_tree(filename, &fdt_size);
> -    g_free(filename);
>      if (!fdt) {
>          error_report("Couldn't load dtb file `%s'", filename);
> +        g_free(filename);
>          exit(1);
>      }
> +    g_free(filename);
>  
>      /* Manipulate device tree in memory. */
>  
> 

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [Qemu-devel] [PATCH for 3.0] sam460ex: Correct use after free error
  2018-07-15 20:47 [Qemu-devel] [PATCH for 3.0] sam460ex: Correct use after free error BALATON Zoltan
  2018-07-15 22:19 ` Philippe Mathieu-Daudé
@ 2018-07-16  1:18 ` David Gibson
  1 sibling, 0 replies; 3+ messages in thread
From: David Gibson @ 2018-07-16  1:18 UTC (permalink / raw)
  To: BALATON Zoltan; +Cc: qemu-devel, qemu-ppc, Paolo Bonzini

[-- Attachment #1: Type: text/plain, Size: 1227 bytes --]

On Sun, Jul 15, 2018 at 10:47:26PM +0200, BALATON Zoltan wrote:
> Commit 51b0d834c changed error handling to report file name in error
> message but forgot to move freeing it after usage. Noticed by Coverity.
> 
> Fixes: CID 1394217
> Reported-by: Paolo Bonzini <pbonzini@redhat.com>
> Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>

Applied to ppc-for-3.0, thanks.

> ---
>  hw/ppc/sam460ex.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/hw/ppc/sam460ex.c b/hw/ppc/sam460ex.c
> index e2b7028..0999efc 100644
> --- a/hw/ppc/sam460ex.c
> +++ b/hw/ppc/sam460ex.c
> @@ -269,11 +269,12 @@ static int sam460ex_load_device_tree(hwaddr addr,
>          exit(1);
>      }
>      fdt = load_device_tree(filename, &fdt_size);
> -    g_free(filename);
>      if (!fdt) {
>          error_report("Couldn't load dtb file `%s'", filename);
> +        g_free(filename);
>          exit(1);
>      }
> +    g_free(filename);
>  
>      /* Manipulate device tree in memory. */
>  

-- 
David Gibson			| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au	| minimalist, thank you.  NOT _the_ _other_
				| _way_ _around_!
http://www.ozlabs.org/~dgibson

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2018-07-16  1:19 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-07-15 20:47 [Qemu-devel] [PATCH for 3.0] sam460ex: Correct use after free error BALATON Zoltan
2018-07-15 22:19 ` Philippe Mathieu-Daudé
2018-07-16  1:18 ` David Gibson

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).