virtio-gpu: Fix memory leak in virtio_gpu_load()

Coverity points out that if we fail in the "creating resources" loop in virtio_gpu_load() we will leak various resources (CID 1356431). Failing a VM load is going to leave the simulation in a complete mess, but we can tidy up to the point that a full system reset should get us back to sanity. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1483969123-14839-3-git-send-email-peter.maydell@linaro.org Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
author: Peter Maydell <peter.maydell@linaro.org> 2017-01-09 13:38:43 +0000
committer: Gerd Hoffmann <kraxel@redhat.com> 2017-01-11 09:19:05 +0100
commit: c84f0f25db2eaab101665ddb60c1ddf1decce76a (patch)
tree: ee75e73c50f4038ed59f8ac7b7d8a6794b5e4fd7 /hw/display/virtio-gpu.c
parent: 039aa5db0e7d9edb2bd807c2d4e09d8d7be4c9c4 (diff)
1 files changed, 12 insertions, 0 deletions
diff --git a/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c
index c3cf47e57f..cef736cebf 100644
--- a/hw/display/virtio-gpu.c
+++ b/hw/display/virtio-gpu.c
@@ -1052,12 +1052,14 @@ static int virtio_gpu_load(QEMUFile *f, void *opaque, size_t size)
         /* allocate */
         pformat = get_pixman_format(res->format);
         if (!pformat) {
+            g_free(res);
             return -EINVAL;
         }
         res->image = pixman_image_create_bits(pformat,
                                               res->width, res->height,
                                               NULL, 0);
         if (!res->image) {
+            g_free(res);
             return -EINVAL;
         }
 
@@ -1080,6 +1082,16 @@ static int virtio_gpu_load(QEMUFile *f, void *opaque, size_t size)
             res->iov[i].iov_base =
                 cpu_physical_memory_map(res->addrs[i], &len, 1);
             if (!res->iov[i].iov_base || len != res->iov[i].iov_len) {
+                /* Clean up the half-a-mapping we just created... */
+                if (res->iov[i].iov_base) {
+                    cpu_physical_memory_unmap(res->iov[i].iov_base,
+                                              len, 0, 0);
+                }
+                /* ...and the mappings for previous loop iterations */
+                res->iov_cnt = i;
+                virtio_gpu_cleanup_mapping(res);
+                pixman_image_unref(res->image);
+                g_free(res);
                 return -EINVAL;
             }
         }
author	Peter Maydell <peter.maydell@linaro.org>	2017-01-09 13:38:43 +0000
committer	Gerd Hoffmann <kraxel@redhat.com>	2017-01-11 09:19:05 +0100
commit	c84f0f25db2eaab101665ddb60c1ddf1decce76a (patch)
tree	ee75e73c50f4038ed59f8ac7b7d8a6794b5e4fd7 /hw/display/virtio-gpu.c
parent	039aa5db0e7d9edb2bd807c2d4e09d8d7be4c9c4 (diff)