hw/scsi/lsi53c895a: fix memory leak in lsi_scsi_realize()

Message ID	73cd69f9-ff9b-4cd4-b8aa-265f9d6067b9@gmail.com (mailing list archive)
State	New
Headers	show Return-Path: <qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org> Message-ID: <73cd69f9-ff9b-4cd4-b8aa-265f9d6067b9@gmail.com> Date: Fri, 28 Mar 2025 11:21:49 +0800 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird From: Zheng Huang <hz1624917200@gmail.com> Subject: [PATCH] hw/scsi/lsi53c895a: fix memory leak in lsi_scsi_realize() To: qemu-devel@nongnu.org Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Received-SPF: pass client-ip=2607:f8b0:4864:20::632; envelope-from=hz1624917200@gmail.com; helo=mail-pl1-x632.google.com X-Spam_score_int: -17 X-Spam_score: -1.8 X-Spam_bar: - X-Spam_report: (-1.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action Precedence: list Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org
Series	hw/scsi/lsi53c895a: fix memory leak in lsi_scsi_realize() \| expand hw/scsi/lsi53c895a: fix memory leak in lsi_scsi_realize()

Message ID

73cd69f9-ff9b-4cd4-b8aa-265f9d6067b9@gmail.com (mailing list archive)

State

New

Headers

Message-ID: <73cd69f9-ff9b-4cd4-b8aa-265f9d6067b9@gmail.com>
Date: Fri, 28 Mar 2025 11:21:49 +0800
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
From: Zheng Huang <hz1624917200@gmail.com>
Subject: [PATCH] hw/scsi/lsi53c895a: fix memory leak in lsi_scsi_realize()
To: qemu-devel@nongnu.org
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Received-SPF: pass client-ip=2607:f8b0:4864:20::632;
 envelope-from=hz1624917200@gmail.com; helo=mail-pl1-x632.google.com
X-Spam_score_int: -17
X-Spam_score: -1.8
X-Spam_bar: -
X-Spam_report: (-1.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001,
 RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org
Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org

Series

hw/scsi/lsi53c895a: fix memory leak in lsi_scsi_realize() | expand

Commit Message

Zheng Huang March 28, 2025, 3:21 a.m. UTC

Hi,
This patch addresses a memory leak bug in the usages of `timer_del()`.
The issue arisesfrom the incorrect use of the ambiguous timer API 
`timer_del()`, which does not free the timer object. The LeakSanitizer
report this issue during fuzzing. The correct API `timer_free()` freed
the timer object instead.

=================================================================
==2586273==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 48 byte(s) in 1 object(s) allocated from:
    #0 0x55f2afd89879 in calloc /home/runner/work/llvm-project/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:75:3
    #1 0x7f443b93ac50 in g_malloc0 (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x5ec50) (BuildId: 224ac2a88b72bc8e2fe8566ee28fae789fc69241)
    #2 0x55f2b053962e in timer_new /root/qemu/include/qemu/timer.h:542:12
    #3 0x55f2b0514771 in timer_new_us /root/qemu/include/qemu/timer.h:582:12
    #4 0x55f2b0514288 in lsi_scsi_realize /root/qemu/build-fuzz/../hw/scsi/lsi53c895a.c:2350:24
    #5 0x55f2b0452d26 in pci_qdev_realize /root/qemu/build-fuzz/../hw/pci/pci.c:2174:9


Signed-off-by: Zheng Huang <hz1624917200@outlook.com>

---
 hw/scsi/lsi53c895a.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Philippe Mathieu-Daudé March 28, 2025, 6:04 p.m. UTC | #1

On 28/3/25 04:21, Zheng Huang wrote:
> Hi,
> This patch addresses a memory leak bug in the usages of `timer_del()`.
> The issue arisesfrom the incorrect use of the ambiguous timer API
> `timer_del()`, which does not free the timer object. The LeakSanitizer
> report this issue during fuzzing. The correct API `timer_free()` freed
> the timer object instead.
> 
> =================================================================
> ==2586273==ERROR: LeakSanitizer: detected memory leaks
> 
> Direct leak of 48 byte(s) in 1 object(s) allocated from:
>      #0 0x55f2afd89879 in calloc /home/runner/work/llvm-project/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:75:3
>      #1 0x7f443b93ac50 in g_malloc0 (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x5ec50) (BuildId: 224ac2a88b72bc8e2fe8566ee28fae789fc69241)
>      #2 0x55f2b053962e in timer_new /root/qemu/include/qemu/timer.h:542:12
>      #3 0x55f2b0514771 in timer_new_us /root/qemu/include/qemu/timer.h:582:12
>      #4 0x55f2b0514288 in lsi_scsi_realize /root/qemu/build-fuzz/../hw/scsi/lsi53c895a.c:2350:24
>      #5 0x55f2b0452d26 in pci_qdev_realize /root/qemu/build-fuzz/../hw/pci/pci.c:2174:9
> 
> 
> Signed-off-by: Zheng Huang <hz1624917200@outlook.com>
> 
> ---
>   hw/scsi/lsi53c895a.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>

Philippe Mathieu-Daudé March 31, 2025, 11:20 a.m. UTC | #2

On 28/3/25 04:21, Zheng Huang wrote:
> Hi,
> This patch addresses a memory leak bug in the usages of `timer_del()`.
> The issue arisesfrom the incorrect use of the ambiguous timer API
> `timer_del()`, which does not free the timer object. The LeakSanitizer
> report this issue during fuzzing. The correct API `timer_free()` freed
> the timer object instead.
> 
> =================================================================
> ==2586273==ERROR: LeakSanitizer: detected memory leaks
> 
> Direct leak of 48 byte(s) in 1 object(s) allocated from:
>      #0 0x55f2afd89879 in calloc /home/runner/work/llvm-project/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:75:3
>      #1 0x7f443b93ac50 in g_malloc0 (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x5ec50) (BuildId: 224ac2a88b72bc8e2fe8566ee28fae789fc69241)
>      #2 0x55f2b053962e in timer_new /root/qemu/include/qemu/timer.h:542:12
>      #3 0x55f2b0514771 in timer_new_us /root/qemu/include/qemu/timer.h:582:12
>      #4 0x55f2b0514288 in lsi_scsi_realize /root/qemu/build-fuzz/../hw/scsi/lsi53c895a.c:2350:24
>      #5 0x55f2b0452d26 in pci_qdev_realize /root/qemu/build-fuzz/../hw/pci/pci.c:2174:9
> 
> 
> Signed-off-by: Zheng Huang <hz1624917200@outlook.com>
> 
> ---
>   hw/scsi/lsi53c895a.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)

Queued to hw-misc, thanks!

diff --git a/hw/scsi/lsi53c895a.c b/hw/scsi/lsi53c895a.c
index d85e384ad6..6689ebba25 100644
--- a/hw/scsi/lsi53c895a.c
+++ b/hw/scsi/lsi53c895a.c
@@ -2372,7 +2372,7 @@  static void lsi_scsi_exit(PCIDevice *dev)
     LSIState *s = LSI53C895A(dev);
 
     address_space_destroy(&s->pci_io_as);
-    timer_del(s->scripts_timer);
+    timer_free(s->scripts_timer);
 }
 
 static void lsi_class_init(ObjectClass *klass, void *data)

hw/scsi/lsi53c895a: fix memory leak in lsi_scsi_realize()

Commit Message

Comments

Patch