[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [RFC PATCH v0 2/2] target-ppc: Fix an invalid free in opcod
|
From: |
Bharata B Rao |
|
Subject: |
[Qemu-devel] [RFC PATCH v0 2/2] target-ppc: Fix an invalid free in opcode table handling code. |
|
Date: |
Fri, 26 Sep 2014 14:37:38 +0530 |
Opcode table has direct, indirect and double indirect handlers, but
ppc_cpu_unrealizefn() frees direct handlers which are never allocated
and never frees double indirect handlers.
Signed-off-by: Bharata B Rao <address@hidden>
---
target-ppc/translate_init.c | 19 ++++++++++++++++---
1 file changed, 16 insertions(+), 3 deletions(-)
diff --git a/target-ppc/translate_init.c b/target-ppc/translate_init.c
index 358a2a7..30f09b9 100644
--- a/target-ppc/translate_init.c
+++ b/target-ppc/translate_init.c
@@ -9091,11 +9091,24 @@ static void ppc_cpu_unrealizefn(DeviceState *dev, Error
**errp)
{
PowerPCCPU *cpu = POWERPC_CPU(dev);
CPUPPCState *env = &cpu->env;
- int i;
+ opc_handler_t **table;
+ int i, j;
for (i = 0; i < PPC_CPU_OPCODES_LEN; i++) {
- if (env->opcodes[i] != &invalid_handler) {
- g_free(env->opcodes[i]);
+ if (env->opcodes[i] == &invalid_handler) {
+ continue;
+ }
+ if (is_indirect_opcode(env->opcodes[i])) {
+ table = ind_table(env->opcodes[i]);
+ for (j = 0; j < PPC_CPU_INDIRECT_OPCODES_LEN; j++) {
+ if (table[j] != &invalid_handler &&
+ is_indirect_opcode(table[j])) {
+ g_free((opc_handler_t *)((uintptr_t)table[j] &
+ ~PPC_INDIRECT));
+ }
+ }
+ g_free((opc_handler_t *)((uintptr_t)env->opcodes[i] &
+ ~PPC_INDIRECT));
}
}
}
--
1.7.11.7