From c84f0f25db2eaab101665ddb60c1ddf1decce76a Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Mon, 9 Jan 2017 13:38:43 +0000 Subject: [PATCH] virtio-gpu: Fix memory leak in virtio_gpu_load() Coverity points out that if we fail in the "creating resources" loop in virtio_gpu_load() we will leak various resources (CID 1356431). Failing a VM load is going to leave the simulation in a complete mess, but we can tidy up to the point that a full system reset should get us back to sanity. Signed-off-by: Peter Maydell Message-id: 1483969123-14839-3-git-send-email-peter.maydell@linaro.org Signed-off-by: Gerd Hoffmann --- hw/display/virtio-gpu.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c index c3cf47e57f..cef736cebf 100644 --- a/hw/display/virtio-gpu.c +++ b/hw/display/virtio-gpu.c @@ -1052,12 +1052,14 @@ static int virtio_gpu_load(QEMUFile *f, void *opaque, size_t size) /* allocate */ pformat = get_pixman_format(res->format); if (!pformat) { + g_free(res); return -EINVAL; } res->image = pixman_image_create_bits(pformat, res->width, res->height, NULL, 0); if (!res->image) { + g_free(res); return -EINVAL; } @@ -1080,6 +1082,16 @@ static int virtio_gpu_load(QEMUFile *f, void *opaque, size_t size) res->iov[i].iov_base = cpu_physical_memory_map(res->addrs[i], &len, 1); if (!res->iov[i].iov_base || len != res->iov[i].iov_len) { + /* Clean up the half-a-mapping we just created... */ + if (res->iov[i].iov_base) { + cpu_physical_memory_unmap(res->iov[i].iov_base, + len, 0, 0); + } + /* ...and the mappings for previous loop iterations */ + res->iov_cnt = i; + virtio_gpu_cleanup_mapping(res); + pixman_image_unref(res->image); + g_free(res); return -EINVAL; } }