From patchwork Wed Sep 28 06:57:02 2011
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: ajia@redhat.com
X-Patchwork-Id: 116705
Return-Path: <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from lists.gnu.org (lists.gnu.org [140.186.70.17])
	(using TLSv1 with cipher AES256-SHA (256/256 bits))
	(Client did not present a certificate)
	by ozlabs.org (Postfix) with ESMTPS id 8D7EEB6F7D
	for <incoming@patchwork.ozlabs.org>;
	Wed, 28 Sep 2011 16:57:31 +1000 (EST)
Received: from localhost ([::1]:39286 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71) (envelope-from
	<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>)
	id 1R8o58-0007ID-BV
	for incoming@patchwork.ozlabs.org; Wed, 28 Sep 2011 02:57:26 -0400
Received: from eggs.gnu.org ([140.186.70.92]:36803)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ajia@redhat.com>) id 1R8o52-0007GG-6Y
	for qemu-devel@nongnu.org; Wed, 28 Sep 2011 02:57:21 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <ajia@redhat.com>) id 1R8o51-0006AA-1G
	for qemu-devel@nongnu.org; Wed, 28 Sep 2011 02:57:20 -0400
Received: from mx1.redhat.com ([209.132.183.28]:55849)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ajia@redhat.com>) id 1R8o50-0006A4-Mx
	for qemu-devel@nongnu.org; Wed, 28 Sep 2011 02:57:18 -0400
Received: from int-mx09.intmail.prod.int.phx2.redhat.com
	(int-mx09.intmail.prod.int.phx2.redhat.com [10.5.11.22])
	by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id p8S6vIaD013471
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK)
	for <qemu-devel@nongnu.org>; Wed, 28 Sep 2011 02:57:18 -0400
Received: from localhost.localdomain.com ([10.66.4.201])
	by int-mx09.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with
	ESMTP id p8S6v0GO014005; Wed, 28 Sep 2011 02:57:16 -0400
From: ajia@redhat.com
To: qemu-devel@nongnu.org
Date: Wed, 28 Sep 2011 14:57:02 +0800
Message-Id: <1317193022-13504-2-git-send-email-ajia@redhat.com>
In-Reply-To: <1317193022-13504-1-git-send-email-ajia@redhat.com>
References: <1317193022-13504-1-git-send-email-ajia@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.22
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 3)
X-Received-From: 209.132.183.28
Cc: Alex Jia <ajia@redhat.com>
Subject: [Qemu-devel] [PATCH] linux-user: fix memory leak in failure path
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: </archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org
Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org

From: Alex Jia <ajia@redhat.com>

Haven't released memory of 'array' and 'host_mb' in failure paths.

Signed-off-by: Alex Jia <ajia@redhat.com>
---
 linux-user/syscall.c |    6 ++++--
 1 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 7735008..922c2a0 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -2523,8 +2523,10 @@ static inline abi_long do_semctl(int semid, int semnum, int cmd,
 	case GETALL:
 	case SETALL:
             err = target_to_host_semarray(semid, &array, target_su.array);
-            if (err)
+            if (err) {
+                free(array);
                 return err;
+            }
             arg.array = array;
             ret = get_errno(semctl(semid, semnum, cmd, arg));
             err = host_to_target_semarray(semid, target_su.array, &array);
@@ -2779,9 +2781,9 @@ static inline abi_long do_msgrcv(int msqid, abi_long msgp,
     }
 
     target_mb->mtype = tswapl(host_mb->mtype);
-    free(host_mb);
 
 end:
+    free(host_mb);
     if (target_mb)
         unlock_user_struct(target_mb, msgp, 1);
     return ret;