* [PATCH] hw/scsi/lsi53c895a: fix memory leak in lsi_scsi_realize()
@ 2025-03-28 3:21 Zheng Huang
2025-03-28 18:04 ` Philippe Mathieu-Daudé
2025-03-31 11:20 ` Philippe Mathieu-Daudé
0 siblings, 2 replies; 3+ messages in thread
From: Zheng Huang @ 2025-03-28 3:21 UTC (permalink / raw)
To: qemu-devel
Hi,
This patch addresses a memory leak bug in the usages of `timer_del()`.
The issue arisesfrom the incorrect use of the ambiguous timer API
`timer_del()`, which does not free the timer object. The LeakSanitizer
report this issue during fuzzing. The correct API `timer_free()` freed
the timer object instead.
=================================================================
==2586273==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 48 byte(s) in 1 object(s) allocated from:
#0 0x55f2afd89879 in calloc /home/runner/work/llvm-project/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:75:3
#1 0x7f443b93ac50 in g_malloc0 (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x5ec50) (BuildId: 224ac2a88b72bc8e2fe8566ee28fae789fc69241)
#2 0x55f2b053962e in timer_new /root/qemu/include/qemu/timer.h:542:12
#3 0x55f2b0514771 in timer_new_us /root/qemu/include/qemu/timer.h:582:12
#4 0x55f2b0514288 in lsi_scsi_realize /root/qemu/build-fuzz/../hw/scsi/lsi53c895a.c:2350:24
#5 0x55f2b0452d26 in pci_qdev_realize /root/qemu/build-fuzz/../hw/pci/pci.c:2174:9
Signed-off-by: Zheng Huang <hz1624917200@outlook.com>
---
hw/scsi/lsi53c895a.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/scsi/lsi53c895a.c b/hw/scsi/lsi53c895a.c
index d85e384ad6..6689ebba25 100644
--- a/hw/scsi/lsi53c895a.c
+++ b/hw/scsi/lsi53c895a.c
@@ -2372,7 +2372,7 @@ static void lsi_scsi_exit(PCIDevice *dev)
LSIState *s = LSI53C895A(dev);
address_space_destroy(&s->pci_io_as);
- timer_del(s->scripts_timer);
+ timer_free(s->scripts_timer);
}
static void lsi_class_init(ObjectClass *klass, void *data)
--
2.34.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] hw/scsi/lsi53c895a: fix memory leak in lsi_scsi_realize()
2025-03-28 3:21 [PATCH] hw/scsi/lsi53c895a: fix memory leak in lsi_scsi_realize() Zheng Huang
@ 2025-03-28 18:04 ` Philippe Mathieu-Daudé
2025-03-31 11:20 ` Philippe Mathieu-Daudé
1 sibling, 0 replies; 3+ messages in thread
From: Philippe Mathieu-Daudé @ 2025-03-28 18:04 UTC (permalink / raw)
To: Zheng Huang, qemu-devel
On 28/3/25 04:21, Zheng Huang wrote:
> Hi,
> This patch addresses a memory leak bug in the usages of `timer_del()`.
> The issue arisesfrom the incorrect use of the ambiguous timer API
> `timer_del()`, which does not free the timer object. The LeakSanitizer
> report this issue during fuzzing. The correct API `timer_free()` freed
> the timer object instead.
>
> =================================================================
> ==2586273==ERROR: LeakSanitizer: detected memory leaks
>
> Direct leak of 48 byte(s) in 1 object(s) allocated from:
> #0 0x55f2afd89879 in calloc /home/runner/work/llvm-project/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:75:3
> #1 0x7f443b93ac50 in g_malloc0 (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x5ec50) (BuildId: 224ac2a88b72bc8e2fe8566ee28fae789fc69241)
> #2 0x55f2b053962e in timer_new /root/qemu/include/qemu/timer.h:542:12
> #3 0x55f2b0514771 in timer_new_us /root/qemu/include/qemu/timer.h:582:12
> #4 0x55f2b0514288 in lsi_scsi_realize /root/qemu/build-fuzz/../hw/scsi/lsi53c895a.c:2350:24
> #5 0x55f2b0452d26 in pci_qdev_realize /root/qemu/build-fuzz/../hw/pci/pci.c:2174:9
>
>
> Signed-off-by: Zheng Huang <hz1624917200@outlook.com>
>
> ---
> hw/scsi/lsi53c895a.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] hw/scsi/lsi53c895a: fix memory leak in lsi_scsi_realize()
2025-03-28 3:21 [PATCH] hw/scsi/lsi53c895a: fix memory leak in lsi_scsi_realize() Zheng Huang
2025-03-28 18:04 ` Philippe Mathieu-Daudé
@ 2025-03-31 11:20 ` Philippe Mathieu-Daudé
1 sibling, 0 replies; 3+ messages in thread
From: Philippe Mathieu-Daudé @ 2025-03-31 11:20 UTC (permalink / raw)
To: Zheng Huang, qemu-devel
On 28/3/25 04:21, Zheng Huang wrote:
> Hi,
> This patch addresses a memory leak bug in the usages of `timer_del()`.
> The issue arisesfrom the incorrect use of the ambiguous timer API
> `timer_del()`, which does not free the timer object. The LeakSanitizer
> report this issue during fuzzing. The correct API `timer_free()` freed
> the timer object instead.
>
> =================================================================
> ==2586273==ERROR: LeakSanitizer: detected memory leaks
>
> Direct leak of 48 byte(s) in 1 object(s) allocated from:
> #0 0x55f2afd89879 in calloc /home/runner/work/llvm-project/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:75:3
> #1 0x7f443b93ac50 in g_malloc0 (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x5ec50) (BuildId: 224ac2a88b72bc8e2fe8566ee28fae789fc69241)
> #2 0x55f2b053962e in timer_new /root/qemu/include/qemu/timer.h:542:12
> #3 0x55f2b0514771 in timer_new_us /root/qemu/include/qemu/timer.h:582:12
> #4 0x55f2b0514288 in lsi_scsi_realize /root/qemu/build-fuzz/../hw/scsi/lsi53c895a.c:2350:24
> #5 0x55f2b0452d26 in pci_qdev_realize /root/qemu/build-fuzz/../hw/pci/pci.c:2174:9
>
>
> Signed-off-by: Zheng Huang <hz1624917200@outlook.com>
>
> ---
> hw/scsi/lsi53c895a.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
Queued to hw-misc, thanks!
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2025-03-31 11:21 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-03-28 3:21 [PATCH] hw/scsi/lsi53c895a: fix memory leak in lsi_scsi_realize() Zheng Huang
2025-03-28 18:04 ` Philippe Mathieu-Daudé
2025-03-31 11:20 ` Philippe Mathieu-Daudé
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).