[Qemu-commits] [qemu/qemu] 5bbebf: libcacard: fix resource leak

qemu-commits
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-commits] [qemu/qemu] 5bbebf: libcacard: fix resource leak

From:	GitHub
Subject:	[Qemu-commits] [qemu/qemu] 5bbebf: libcacard: fix resource leak
Date:	Mon, 17 Nov 2014 11:30:07 -0800
  Branch: refs/heads/master
  Home:   https://github.com/qemu/qemu
  Commit: 5bbebf622897a59db5da4c468e737bfec4d71280
      
https://github.com/qemu/qemu/commit/5bbebf622897a59db5da4c468e737bfec4d71280
  Author: zhanghailiang <address@hidden>
  Date:   2014-11-14 (Fri, 14 Nov 2014)

  Changed paths:
    M libcacard/vscclient.c

  Log Message:
  -----------
  libcacard: fix resource leak

In function connect_to_qemu(), getaddrinfo() will allocate memory
that is stored into server, it should be freed by using freeaddrinfo()
before connect_to_qemu() return.

Cc: address@hidden
Reviewed-by: Markus Armbruster <address@hidden>
Signed-off-by: zhanghailiang <address@hidden>
Signed-off-by: Paolo Bonzini <address@hidden>


  Commit: 77374582ab961af2c5e702f767f52179d5f7676c
      
https://github.com/qemu/qemu/commit/77374582ab961af2c5e702f767f52179d5f7676c
  Author: zhanghailiang <address@hidden>
  Date:   2014-11-14 (Fri, 14 Nov 2014)

  Changed paths:
    M net/l2tpv3.c

  Log Message:
  -----------
  l2tpv3: fix possible double free

freeaddrinfo(result) does not assign result = NULL, after frees it.
There will be a double free when it goes error case.
It is reported by covertiy.

Reviewed-by: Gonglei <address@hidden>
Cc: address@hidden
Signed-off-by: zhanghailiang <address@hidden>
Signed-off-by: Paolo Bonzini <address@hidden>


  Commit: d4754a953196516b16beef707dcdfdb35c2eec6e
      
https://github.com/qemu/qemu/commit/d4754a953196516b16beef707dcdfdb35c2eec6e
  Author: Gonglei <address@hidden>
  Date:   2014-11-17 (Mon, 17 Nov 2014)

  Changed paths:
    M net/l2tpv3.c

  Log Message:
  -----------
  l2tpv3: fix fd leak

In this false branch, fd will leak when it is zero.
Change the testing condition.

Signed-off-by: Gonglei <address@hidden>
[Fix net_l2tpv3_cleanup as well. - Paolo]
Signed-off-by: Paolo Bonzini <address@hidden>


  Commit: 77e205a52856adffdd5db70449a8604aa9f66e74
      
https://github.com/qemu/qemu/commit/77e205a52856adffdd5db70449a8604aa9f66e74
  Author: Gonglei <address@hidden>
  Date:   2014-11-17 (Mon, 17 Nov 2014)

  Changed paths:
    M hw/mips/mips_mipssim.c

  Log Message:
  -----------
  mips_mipssim: fix use-after-free for filename

May pass freed pointer filename as an argument to error_report.

Signed-off-by: Gonglei <address@hidden>
Signed-off-by: Paolo Bonzini <address@hidden>


  Commit: 1def74548d8013949c7d4704420d4fdd5fb85268
      
https://github.com/qemu/qemu/commit/1def74548d8013949c7d4704420d4fdd5fb85268
  Author: Gonglei <address@hidden>
  Date:   2014-11-17 (Mon, 17 Nov 2014)

  Changed paths:
    M qga/main.c

  Log Message:
  -----------
  qga: fix false negative argument passing

Function send_response(s, &qdict->base) returns a negative number
when any failures occured. But strerror()'s parameter cannot be
negative. Let's change the testing condition and pass '-ret' to
strerr().

Signed-off-by: Gonglei <address@hidden>
Signed-off-by: Paolo Bonzini <address@hidden>


  Commit: ddd2eab72fbd383a56f439bf278c6d647abd4f54
      
https://github.com/qemu/qemu/commit/ddd2eab72fbd383a56f439bf278c6d647abd4f54
  Author: Gonglei <address@hidden>
  Date:   2014-11-17 (Mon, 17 Nov 2014)

  Changed paths:
    M hw/core/loader.c

  Log Message:
  -----------
  loader: fix NEGATIVE_RETURNS

lseek will return -1 on error, g_malloc0(size) and read(,,size)
paramenters cannot be negative. We should add a check for return
value of lseek().

Signed-off-by: Gonglei <address@hidden>
Signed-off-by: Paolo Bonzini <address@hidden>


  Commit: 720fdd6fa92df9041316e94816ab7e56abaed4e9
      
https://github.com/qemu/qemu/commit/720fdd6fa92df9041316e94816ab7e56abaed4e9
  Author: Gonglei <address@hidden>
  Date:   2014-11-17 (Mon, 17 Nov 2014)

  Changed paths:
    M hw/block/nvme.c

  Log Message:
  -----------
  nvme: remove superfluous check

Operands don't affect result (CONSTANT_EXPRESSION_RESULT)
((n->bar.aqa >> AQA_ASQS_SHIFT) & AQA_ASQS_MASK) > 4095
is always false regardless of the values of its operands.
This occurs as the logical second operand of '||'.

Signed-off-by: Gonglei <address@hidden>
Signed-off-by: Paolo Bonzini <address@hidden>


  Commit: 6cfcd864a468eb7bd3da20a5462b5af1791581d3
      
https://github.com/qemu/qemu/commit/6cfcd864a468eb7bd3da20a5462b5af1791581d3
  Author: Gonglei <address@hidden>
  Date:   2014-11-17 (Mon, 17 Nov 2014)

  Changed paths:
    M util/acl.c

  Log Message:
  -----------
  acl: fix memory leak

If 'i != index' for all acl->entries, variable
entry leaks the storage it points to.

Signed-off-by: Gonglei <address@hidden>
Signed-off-by: Paolo Bonzini <address@hidden>


  Commit: 86d10328a019b19838de3f7964a9da16af3a5073
      
https://github.com/qemu/qemu/commit/86d10328a019b19838de3f7964a9da16af3a5073
  Author: Gonglei <address@hidden>
  Date:   2014-11-17 (Mon, 17 Nov 2014)

  Changed paths:
    M qemu-char.c

  Log Message:
  -----------
  qemu-char: fix MISSING_COMMA

Signed-off-by: Gonglei <address@hidden>
Signed-off-by: Paolo Bonzini <address@hidden>


  Commit: 0e8b439ae57ee3c46fb95e1775ea038d34496346
      
https://github.com/qemu/qemu/commit/0e8b439ae57ee3c46fb95e1775ea038d34496346
  Author: Gonglei <address@hidden>
  Date:   2014-11-17 (Mon, 17 Nov 2014)

  Changed paths:
    M hw/pci/shpc.c

  Log Message:
  -----------
  shpc: fix error propaagation

Signed-off-by: Gonglei <address@hidden>
Signed-off-by: Paolo Bonzini <address@hidden>


  Commit: fae38221e78fc9f847965f6d18b359b8044df348
      
https://github.com/qemu/qemu/commit/fae38221e78fc9f847965f6d18b359b8044df348
  Author: zhanghailiang <address@hidden>
  Date:   2014-11-17 (Mon, 17 Nov 2014)

  Changed paths:
    M target-cris/translate.c

  Log Message:
  -----------
  target-cris/translate.c: fix out of bounds read

In function t_gen_mov_TN_preg and t_gen_mov_preg_TN, The begin check about the
validity of in-parameter 'r' is useless. We still access cpu_PR[r] in the
follow code if it is invalid. Which will be an out-of-bounds read error.

Fix it by using assert() to ensure it is valid before using it.

Signed-off-by: zhanghailiang <address@hidden>
Signed-off-by: Paolo Bonzini <address@hidden>


  Commit: a9be76576e375a994bbcea0a5eb2a3852969de0e
      
https://github.com/qemu/qemu/commit/a9be76576e375a994bbcea0a5eb2a3852969de0e
  Author: Paolo Bonzini <address@hidden>
  Date:   2014-11-17 (Mon, 17 Nov 2014)

  Changed paths:
    M hw/usb/hcd-musb.c

  Log Message:
  -----------
  hcd-musb: fix dereference null return value

usb_ep_get and usb_handle_packet can deal with a NULL device, but we have
to avoid dereferencing NULL pointers when building the id.

Thanks to Gonglei for an initial stab at fixing this.

Signed-off-by: Paolo Bonzini <address@hidden>


  Commit: 1aba4be97eb01b650d146c7f01dc961d55da62ab
      
https://github.com/qemu/qemu/commit/1aba4be97eb01b650d146c7f01dc961d55da62ab
  Author: Peter Maydell <address@hidden>
  Date:   2014-11-17 (Mon, 17 Nov 2014)

  Changed paths:
    M hw/block/nvme.c
    M hw/core/loader.c
    M hw/mips/mips_mipssim.c
    M hw/pci/shpc.c
    M hw/usb/hcd-musb.c
    M libcacard/vscclient.c
    M net/l2tpv3.c
    M qemu-char.c
    M qga/main.c
    M target-cris/translate.c
    M util/acl.c

  Log Message:
  -----------
  Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging

A smattering of fixes for problems that Coverity reported.

# gpg: Signature made Mon 17 Nov 2014 17:03:25 GMT using RSA key ID 78C7AE83
# gpg: Good signature from "Paolo Bonzini <address@hidden>"
# gpg:                 aka "Paolo Bonzini <address@hidden>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4  E2F7 7E15 100C CD36 69B1
#      Subkey fingerprint: F133 3857 4B66 2389 866C  7682 BFFB D25F 78C7 AE83

* remotes/bonzini/tags/for-upstream:
  hcd-musb: fix dereference null return value
  target-cris/translate.c: fix out of bounds read
  shpc: fix error propaagation
  qemu-char: fix MISSING_COMMA
  acl: fix memory leak
  nvme: remove superfluous check
  loader: fix NEGATIVE_RETURNS
  qga: fix false negative argument passing
  mips_mipssim: fix use-after-free for filename
  l2tpv3: fix fd leak
  l2tpv3: fix possible double free
  libcacard: fix resource leak

Signed-off-by: Peter Maydell <address@hidden>


Compare: https://github.com/qemu/qemu/compare/d8edf52a5184...1aba4be97eb0
[Prev in Thread]
Current Thread
[Next in Thread]
[Qemu-commits] [qemu/qemu] 5bbebf: libcacard: fix resource leak, GitHub <=
Prev by Date: [Qemu-commits] [qemu/qemu] 35fb5b: Update OpenBIOS images
Next by Date: [Qemu-commits] [qemu/qemu] d6be29: target-arm: handle address translations that start...
Previous by thread: [Qemu-commits] [qemu/qemu] 35fb5b: Update OpenBIOS images
Next by thread: [Qemu-commits] [qemu/qemu] d6be29: target-arm: handle address translations that start...
Index(es):
- Date
- Thread