From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1FabV4-00007W-G2
	for qemu-devel@nongnu.org; Mon, 01 May 2006 12:43:54 -0400
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1FabV2-000075-SB
	for qemu-devel@nongnu.org; Mon, 01 May 2006 12:43:54 -0400
Received: from [199.232.76.173] (helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1FabV2-000070-Mh
	for qemu-devel@nongnu.org; Mon, 01 May 2006 12:43:52 -0400
Received: from [64.233.182.188] (helo=nproxy.gmail.com)
	by monty-python.gnu.org with esmtp (Exim 4.52) id 1FabYt-0006aE-9k
	for qemu-devel@nongnu.org; Mon, 01 May 2006 12:47:51 -0400
Received: by nproxy.gmail.com with SMTP id c31so2050283nfb
	for <qemu-devel@nongnu.org>; Mon, 01 May 2006 09:43:50 -0700 (PDT)
Message-ID: <44563ADA.2040501@gmail.com>
Date: Mon, 01 May 2006 18:44:10 +0200
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="------------010707040100080300030804"
From: Dirk Behme <dirk.behme@googlemail.com>
Subject: [Qemu-devel] [PATCH] Fix memory leaks in ELF loader
Reply-To: qemu-devel@nongnu.org
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org

This is a multi-part message in MIME format.
--------------010707040100080300030804
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit


Fix memory leaks in ELF loader.

Regards

Dirk


--------------010707040100080300030804
Content-Type: text/plain;
 name="qemu-elf-loader.txt"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="qemu-elf-loader.txt"

--- elf_ops.h_orig	2006-05-01 09:01:47.000000000 +0200
+++ elf_ops.h	2006-05-01 09:09:34.000000000 +0200
@@ -148,7 +148,7 @@ int glue(load_elf, SZ)(int fd, int64_t v
     uint8_t *data = NULL;
 
     if (read(fd, &ehdr, sizeof(ehdr)) != sizeof(ehdr))
-        goto fail;
+        goto fail1;
     if (must_swab) {
         glue(bswap_ehdr, SZ)(&ehdr);
     }
@@ -162,9 +162,9 @@ int glue(load_elf, SZ)(int fd, int64_t v
     lseek(fd, ehdr.e_phoff, SEEK_SET);
     phdr = qemu_mallocz(size);
     if (!phdr)
-        goto fail;
+        goto fail2;
     if (read(fd, phdr, size) != size)
-        goto fail;
+        goto fail2;
     if (must_swab) {
         for(i = 0; i < ehdr.e_phnum; i++) {
             ph = &phdr[i];
@@ -181,9 +181,9 @@ int glue(load_elf, SZ)(int fd, int64_t v
             data = qemu_mallocz(mem_size);
             if (ph->p_filesz > 0) {
                 if (lseek(fd, ph->p_offset, SEEK_SET) < 0)
-                    goto fail;
+                    goto fail3;
                 if (read(fd, data, ph->p_filesz) != ph->p_filesz)
-                    goto fail;
+                    goto fail3;
             }
             addr = ph->p_vaddr + virt_to_phys_addend;
 
@@ -195,10 +195,13 @@ int glue(load_elf, SZ)(int fd, int64_t v
             data = NULL;
         }
     }
+    qemu_free(phdr);
     return total_size;
- fail:
+ fail3:
     qemu_free(data);
+ fail2:
     qemu_free(phdr);
+ fail1:
     return -1;
 }
 



--------------010707040100080300030804--