[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] bugfix: irq: Avoid covering object refcount of qemu_irq
|
From: |
zhukeqian |
|
Subject: |
Re: [PATCH] bugfix: irq: Avoid covering object refcount of qemu_irq |
|
Date: |
Tue, 28 Jul 2020 09:29:50 +0800 |
|
User-agent: |
Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.7.1 |
Hi Qiang,
On 2020/7/27 22:37, Li Qiang wrote:
> Keqian Zhu <zhukeqian1@huawei.com> 于2020年7月27日周一 下午9:03写道:
>>
>> Avoid covering object refcount of qemu_irq, otherwise it may causes
>> memory leak.
>
> Any reproducer?
>
In mainline Qemu. this function is only used in qtest. One of our internal
self-developed module also use this function. The memory leak is reported
by ASAN.
Thanks,
Keqian
> Thanks,
> Li Qiang
>
>>
>> Signed-off-by: Keqian Zhu <zhukeqian1@huawei.com>
>> ---
>> hw/core/irq.c | 4 +++-
>> 1 file changed, 3 insertions(+), 1 deletion(-)
>>
>> diff --git a/hw/core/irq.c b/hw/core/irq.c
>> index fb3045b912..59af4dfc74 100644
>> --- a/hw/core/irq.c
>> +++ b/hw/core/irq.c
>> @@ -125,7 +125,9 @@ void qemu_irq_intercept_in(qemu_irq *gpio_in,
>> qemu_irq_handler handler, int n)
>> int i;
>> qemu_irq *old_irqs = qemu_allocate_irqs(NULL, NULL, n);
>> for (i = 0; i < n; i++) {
>> - *old_irqs[i] = *gpio_in[i];
>> + old_irqs[i]->handler = gpio_in[i]->handler;
>> + old_irqs[i]->opaque = gpio_in[i]->opaque;
>> +
>> gpio_in[i]->handler = handler;
>> gpio_in[i]->opaque = &old_irqs[i];
>> }
>> --
>> 2.19.1
>>
> .
>