On 8/13/21 5:17 PM, Peter Maydell wrote:
> On Tue, 10 Aug 2021 at 05:40, David Gibson <da...@gibson.dropbear.id.au>
> wrote:
>>
>> On Mon, Aug 09, 2021 at 10:57:00AM +0100, Peter Maydell wrote:
>>>
>>> Cleanest fix would be to declare 'path' and 'host' as
>>> g_autofree char *path = NULL;
>>> g_autofree char *host = NULL;
>>> and then you can remove all the manual g_free(path) and g_free(host) calls.
>>
>> Thanks for the report. I've committed the fix (I hope) below to ppc-for-6.1:
>>
>> From 70ae61b510dc571c407b28c46498cae60e60ca66 Mon Sep 17 00:00:00 2001
>> From: David Gibson <da...@gibson.dropbear.id.au>
>> Date: Tue, 10 Aug 2021 14:28:19 +1000
>> Subject: [PATCH] spapr_pci: Fix leak in spapr_phb_vfio_get_loc_code() with
>> g_autofree
>>
>> This uses g_autofree to simplify logic in spapr_phb_vfio_get_loc_code(),
>> in the process fixing a leak in one of the paths. I'm told this fixes
>> Coverity error CID 1460454
>>
>> Reported-by: Peter Maydell <peter.mayd...@linaro.org>
>> Fixes: 16b0ea1d852 ("spapr_pci: populate ibm,loc-code")
>> Signed-off-by: David Gibson <da...@gibson.dropbear.id.au>
>> ---
>> hw/ppc/spapr_pci.c | 17 ++++++-----------
>> 1 file changed, 6 insertions(+), 11 deletions(-)
>>
>> diff --git a/hw/ppc/spapr_pci.c b/hw/ppc/spapr_pci.c
>> index 7a725855f9..13d806f390 100644
>> --- a/hw/ppc/spapr_pci.c
>> +++ b/hw/ppc/spapr_pci.c
>> @@ -782,33 +782,28 @@ static AddressSpace *spapr_pci_dma_iommu(PCIBus *bus,
>> void *opaque, int devfn)
>>
>> static char *spapr_phb_vfio_get_loc_code(SpaprPhbState *sphb, PCIDevice
>> *pdev)
>> {
>> - char *path = NULL, *buf = NULL, *host = NULL;
>> + g_autofree char *path = NULL;
>> + g_autofree char *host = NULL;
>> + char *buf = NULL;
>>
>> /* Get the PCI VFIO host id */
>> host = object_property_get_str(OBJECT(pdev), "host", NULL);
>> if (!host) {
>> - goto err_out;
>> + return NULL;
>> }
>>
>> /* Construct the path of the file that will give us the DT location */
>> path = g_strdup_printf("/sys/bus/pci/devices/%s/devspec", host);
>> - g_free(host);
>> if (!g_file_get_contents(path, &buf, NULL, NULL)) {
>> - goto err_out;
>> + return NULL;
>> }
>> - g_free(path);
>>
>> /* Construct and read from host device tree the loc-code */
>> path = g_strdup_printf("/proc/device-tree%s/ibm,loc-code", buf);
>> - g_free(buf);
>
> This deletion doesn't look right -- 'buf' is not autofree
> (and shouldn't be, since we're returning it).
Oops, good catch!
> If you want to delete this 'g_free' you need to make the
> first g_file_get_contents() use a separate char* variable from
> the variable we use to return the eventual result data buffer;
> then you can make that new variable be g_autofree.
>
>> if (!g_file_get_contents(path, &buf, NULL, NULL)) {
>> - goto err_out;
>> + return NULL;
>> }
>> return buf;
>> -
>> -err_out:
>> - g_free(path);
>> - return NULL;
>> }
>
> thanks
> -- PMM
>
