From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:47453)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <arei.gonglei@huawei.com>) id 1ZDVjN-00089l-R6
	for qemu-devel@nongnu.org; Fri, 10 Jul 2015 06:40:37 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <arei.gonglei@huawei.com>) id 1ZDVjM-0004lA-O3
	for qemu-devel@nongnu.org; Fri, 10 Jul 2015 06:40:33 -0400
Message-ID: <559FA0EF.2060503@huawei.com>
Date: Fri, 10 Jul 2015 18:39:43 +0800
From: Gonglei <arei.gonglei@huawei.com>
MIME-Version: 1.0
References: <1436489490-236-1-git-send-email-arei.gonglei@huawei.com>
	<1436489490-236-5-git-send-email-arei.gonglei@huawei.com>
	<559F9050.5080402@imgtec.com>
In-Reply-To: <559F9050.5080402@imgtec.com>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 7bit
Subject: Re: [Qemu-devel] [PATCH 4/4] vl.c: fix memory leak
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Leon Alrae <leon.alrae@imgtec.com>, qemu-devel@nongnu.org
Cc: qemu-trivial@nongnu.org, pbonzini@redhat.com

On 2015/7/10 17:28, Leon Alrae wrote:
> On 10/07/2015 01:51, arei.gonglei@huawei.com wrote:
>> From: Gonglei <arei.gonglei@huawei.com>
>>
>> Failing to save or free storage allocated
>> by "g_strdup(cmd)" leaks it. Let's use a
>> variable to storage it.
>>
>> Signed-off-by: Gonglei <arei.gonglei@huawei.com>
>> ---
>>  vl.c | 5 ++++-
>>  1 file changed, 4 insertions(+), 1 deletion(-)
>>
>> diff --git a/vl.c b/vl.c
>> index 3f269dc..399e816 100644
>> --- a/vl.c
>> +++ b/vl.c
>> @@ -1326,16 +1326,19 @@ static int add_semihosting_arg(void *opaque,
>>  static inline void semihosting_arg_fallback(const char *file, const char *cmd)
>>  {
>>      char *cmd_token;
>> +    char *cmd_str;
>>  
>>      /* argv[0] */
>>      add_semihosting_arg(&semihosting, "arg", file, NULL);
>>  
>> +    cmd_str = g_strdup(cmd);
>>      /* split -append and initialize argv[1..n] */
>> -    cmd_token = strtok(g_strdup(cmd), " ");
>> +    cmd_token = strtok(cmd_str, " ");
>>      while (cmd_token) {
>>          add_semihosting_arg(&semihosting, "arg", cmd_token, NULL);
>>          cmd_token = strtok(NULL, " ");
>>      }
>> +    g_free(cmd_str);
>>  }
>>  
>>  /***********************************************************/
>>
> 
> I don't think this is correct as there's no leak here. This duplicated string
> is modified (i.e. split into tokens) and each pointer to the beginning of a
> token is saved in the global semihosting.argv[] array which is used later in
> target semihosting code. It shouldn't be freed.
> 
Yep, I look over the logic, and you are right. :)
False positive report. NACK please.

Thanks,
-Gonglei