qemu-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v1 2/2] Fixes: Coverity CID 1558831


From: Philippe Mathieu-Daudé
Subject: Re: [PATCH v1 2/2] Fixes: Coverity CID 1558831
Date: Wed, 7 Aug 2024 22:12:48 +0200
User-agent: Mozilla Thunderbird

Back at this patch since Cédric asked me to look at it.

On 6/8/24 15:48, Chalapathi V wrote:
In this commit the following coverity scan defect has been fixed
CID 1558831:  Resource leaks  (RESOURCE_LEAK)
   Variable "rsp_payload" going out of scope leaks the storage it
   points to.

Signed-off-by: Chalapathi V <chalapathi.v@linux.ibm.com>
---
  hw/ssi/pnv_spi.c | 1 +
  1 file changed, 1 insertion(+)

diff --git a/hw/ssi/pnv_spi.c b/hw/ssi/pnv_spi.c
index a33f682897..dbe06df224 100644
--- a/hw/ssi/pnv_spi.c
+++ b/hw/ssi/pnv_spi.c
@@ -237,6 +237,7 @@ static void transfer(PnvSpi *s, PnvXferBuffer *payload)
      }
      if (rsp_payload != NULL) {
          spi_response(s, s->N1_bits, rsp_payload);
+        pnv_spi_xfer_buffer_free(rsp_payload);
      }
  }

Or bigger patch but simpler logic:

-- >8 --
diff --git a/hw/ssi/pnv_spi.c b/hw/ssi/pnv_spi.c
index c1297ab733..aaedba84af 100644
--- a/hw/ssi/pnv_spi.c
+++ b/hw/ssi/pnv_spi.c
@@ -217,6 +217,9 @@ static void transfer(PnvSpi *s, PnvXferBuffer *payload)
     PnvXferBuffer *rsp_payload = NULL;

     rsp_payload = pnv_spi_xfer_buffer_new();
+    if (!rsp_payload) {
+        return;
+    }
for (int offset = 0; offset < payload->len; offset += s->transfer_len) {
         tx = 0;
         for (int i = 0; i < s->transfer_len; i++) {
@@ -235,9 +238,8 @@ static void transfer(PnvSpi *s, PnvXferBuffer *payload)
                     (rx >> (8 * (s->transfer_len - 1) - i * 8)) & 0xFF;
         }
     }
-    if (rsp_payload != NULL) {
-        spi_response(s, s->N1_bits, rsp_payload);
-    }
+    spi_response(s, s->N1_bits, rsp_payload);
+    pnv_spi_xfer_buffer_free(rsp_payload);
 }

---

I note few things is odd here:

1/ pnv_spi_xfer_buffer_new() uses the GLib g_malloc0() call
   while pnv_spi_xfer_buffer_free() uses plan free().

2/ pnv_spi_xfer_buffer_free() frees payload->data so doesn't
   match pnv_spi_xfer_buffer_new().

This is a bit disappointing.




reply via email to

[Prev in Thread] Current Thread [Next in Thread]