From patchwork Mon Mar 16 14:15:02 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Gabriel L. Somlo" X-Patchwork-Id: 450588 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 2DB00140077 for ; Tue, 17 Mar 2015 01:17:55 +1100 (AEDT) Received: from localhost ([::1]:49582 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YXVq5-0001WQ-Ak for incoming@patchwork.ozlabs.org; Mon, 16 Mar 2015 10:17:53 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:34877) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YXVne-00056u-0p for qemu-devel@nongnu.org; Mon, 16 Mar 2015 10:15:28 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1YXVnT-0003Fo-8g for qemu-devel@nongnu.org; Mon, 16 Mar 2015 10:15:21 -0400 Received: from relay-05.andrew.cmu.edu ([128.2.157.12]:47909 helo=relay.andrew.cmu.edu) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YXVnT-0003Ey-4r for qemu-devel@nongnu.org; Mon, 16 Mar 2015 10:15:11 -0400 Received: from HEDWIG.ini.cmu.edu (HEDWIG.INI.CMU.EDU [128.2.16.51]) by relay.andrew.cmu.edu (8.14.7/8.14.7) with ESMTP id t2GEF5u6008182; Mon, 16 Mar 2015 10:15:06 -0400 From: "Gabriel L. Somlo" To: qemu-devel@nongnu.org Date: Mon, 16 Mar 2015 10:15:02 -0400 Message-Id: <1426515305-17766-4-git-send-email-somlo@cmu.edu> X-Mailer: git-send-email 2.1.0 In-Reply-To: <1426515305-17766-1-git-send-email-somlo@cmu.edu> References: <1426515305-17766-1-git-send-email-somlo@cmu.edu> X-Scanned-By: MIMEDefang 2.74 on 128.2.157.12 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.4.x X-Received-From: 128.2.157.12 Cc: matt.fleming@intel.com, rjones@redhat.com, jordan.l.justen@intel.com, gleb@cloudius-systems.com, mdroth@linux.vnet.ibm.com, gsomlo@gmail.com, kraxel@redhat.com, pbonzini@redhat.com, lersek@redhat.com Subject: [Qemu-devel] [PATCH 3/6] fw_cfg: assertion to detect memory leak when adding new data blob X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Currently, fw_cfg_add_bytes_read_callback() does not deal with the possibility that the data pointer at the requested key position has previously been set, and assumes it will be called exactly once for each key value. This patch introduces an assertion to codify this assumption, and insure the data pointer about to be set is NULL at the time the function is called, which will prevent the inadvertent leaking of data blobs by erroneous multiple calls using the same key value. Signed-off-by: Gabriel Somlo --- hw/nvram/fw_cfg.c | 1 + 1 file changed, 1 insertion(+) diff --git a/hw/nvram/fw_cfg.c b/hw/nvram/fw_cfg.c index 86090f3..5501a97 100644 --- a/hw/nvram/fw_cfg.c +++ b/hw/nvram/fw_cfg.c @@ -399,6 +399,7 @@ static void fw_cfg_add_bytes_read_callback(FWCfgState *s, uint16_t key, key &= FW_CFG_ENTRY_MASK; assert(key < FW_CFG_MAX_ENTRY && len < UINT32_MAX); + assert(s->entries[arch][key].data == NULL); /* prevent memory leak */ s->entries[arch][key].data = data; s->entries[arch][key].len = (uint32_t)len;