From 1f63f8c20a4cb7b752981ef07b2614bbea828b30 Mon Sep 17 00:00:00 2001 From: AlexChen Date: Wed, 26 Aug 2020 18:15:53 +0800 Subject: [PATCH 1/8] elf2dmp: Fix memory leak on main() error paths The 'kdgb' is allocating memory in get_kdbg(), but it is not freed in both fill_header() and fill_context() failed branches, fix it. Signed-off-by: AlexChen Reviewed-by: Li Qiang Reviewed-by: Viktor Prutyanov Reviewed-by: Thomas Huth Message-Id: <5F463659.8080101@huawei.com> Signed-off-by: Laurent Vivier (cherry-picked from commit 885538fdc9) --- contrib/elf2dmp/main.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/contrib/elf2dmp/main.c b/contrib/elf2dmp/main.c index 9a2dbc2902..ac746e49e0 100644 --- a/contrib/elf2dmp/main.c +++ b/contrib/elf2dmp/main.c @@ -568,12 +568,12 @@ int main(int argc, char *argv[]) if (fill_header(&header, &ps, &vs, KdDebuggerDataBlock, kdbg, KdVersionBlock, qemu_elf.state_nr)) { err = 1; - goto out_pdb; + goto out_kdbg; } if (fill_context(kdbg, &vs, &qemu_elf)) { err = 1; - goto out_pdb; + goto out_kdbg; } if (write_dump(&ps, &header, argv[2])) { -- Gitee From 0aa003cd0e117cb160da7d4b6e50630bf2fedfd6 Mon Sep 17 00:00:00 2001 From: AlexChen Date: Mon, 19 Oct 2020 20:12:02 +0800 Subject: [PATCH 2/8] io: Don't use '#' flag of printf format MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Reviewed-by: Philippe Mathieu-Daudé Signed-off-by: AlexChen Signed-off-by: Daniel P. Berrangé (cherry-picked from commit 77b7829e75) --- io/channel-websock.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/io/channel-websock.c b/io/channel-websock.c index fc36d44eba..d48a929e49 100644 --- a/io/channel-websock.c +++ b/io/channel-websock.c @@ -734,7 +734,7 @@ static int qio_channel_websock_decode_header(QIOChannelWebsock *ioc, opcode != QIO_CHANNEL_WEBSOCK_OPCODE_CLOSE && opcode != QIO_CHANNEL_WEBSOCK_OPCODE_PING && opcode != QIO_CHANNEL_WEBSOCK_OPCODE_PONG) { - error_setg(errp, "unsupported opcode: %#04x; only binary, close, " + error_setg(errp, "unsupported opcode: 0x%04x; only binary, close, " "ping, and pong websocket frames are supported", opcode); qio_channel_websock_write_close( ioc, QIO_CHANNEL_WEBSOCK_STATUS_INVALID_DATA , -- Gitee From 38697076a98034a078c2411234b8979cf3cec6da Mon Sep 17 00:00:00 2001 From: AlexChen Date: Mon, 2 Nov 2020 16:52:17 +0000 Subject: [PATCH 3/8] hw/display/omap_lcdc: Fix potential NULL pointer dereference In omap_lcd_interrupts(), the pointer omap_lcd is dereferinced before being check if it is valid, which may lead to NULL pointer dereference. So move the assignment to surface after checking that the omap_lcd is valid and move surface_bits_per_pixel(surface) to after the surface assignment. Reported-by: Euler Robot Signed-off-by: AlexChen Message-id: 5F9CDB8A.9000001@huawei.com Reviewed-by: Peter Maydell Signed-off-by: Peter Maydell (cherry-picked from commit 0080edc45e) --- hw/display/omap_lcdc.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/hw/display/omap_lcdc.c b/hw/display/omap_lcdc.c index 07a5effe04..13ab73ec61 100644 --- a/hw/display/omap_lcdc.c +++ b/hw/display/omap_lcdc.c @@ -77,14 +77,18 @@ static void omap_lcd_interrupts(struct omap_lcd_panel_s *s) static void omap_update_display(void *opaque) { struct omap_lcd_panel_s *omap_lcd = (struct omap_lcd_panel_s *) opaque; - DisplaySurface *surface = qemu_console_surface(omap_lcd->con); + DisplaySurface *surface; draw_line_func draw_line; int size, height, first, last; int width, linesize, step, bpp, frame_offset; hwaddr frame_base; - if (!omap_lcd || omap_lcd->plm == 1 || !omap_lcd->enable || - !surface_bits_per_pixel(surface)) { + if (!omap_lcd || omap_lcd->plm == 1 || !omap_lcd->enable) { + return; + } + + surface = qemu_console_surface(omap_lcd->con); + if (!surface_bits_per_pixel(surface)) { return; } -- Gitee From b47d7ad29bc7f30d4ea3fdb0ef86942468416b79 Mon Sep 17 00:00:00 2001 From: AlexChen Date: Mon, 2 Nov 2020 16:52:17 +0000 Subject: [PATCH 4/8] hw/display/exynos4210_fimd: Fix potential NULL pointer dereference MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit In exynos4210_fimd_update(), the pointer s is dereferinced before being check if it is valid, which may lead to NULL pointer dereference. So move the assignment to global_width after checking that the s is valid. Reported-by: Euler Robot Signed-off-by: Alex Chen Reviewed-by: Philippe Mathieu-Daudé Message-id: 5F9F8D88.9030102@huawei.com Signed-off-by: Peter Maydell (cherry-picked from commit 18520fa465) --- hw/display/exynos4210_fimd.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/hw/display/exynos4210_fimd.c b/hw/display/exynos4210_fimd.c index 61f7408b1c..85b0ebf23a 100644 --- a/hw/display/exynos4210_fimd.c +++ b/hw/display/exynos4210_fimd.c @@ -1271,12 +1271,14 @@ static void exynos4210_fimd_update(void *opaque) bool blend = false; uint8_t *host_fb_addr; bool is_dirty = false; - const int global_width = (s->vidtcon[2] & FIMD_VIDTCON2_SIZE_MASK) + 1; + int global_width; if (!s || !s->console || !s->enabled || surface_bits_per_pixel(qemu_console_surface(s->console)) == 0) { return; } + + global_width = (s->vidtcon[2] & FIMD_VIDTCON2_SIZE_MASK) + 1; exynos4210_update_resolution(s); surface = qemu_console_surface(s->console); -- Gitee From c9a4e85610bffe1803648c431e4cff4539a42323 Mon Sep 17 00:00:00 2001 From: AlexChen Date: Tue, 3 Nov 2020 17:42:56 +0800 Subject: [PATCH 5/8] block/vvfat: Fix bad printf format specifiers We should use printf format specifier "%u" instead of "%d" for argument of type "unsigned int". In addition, fix two error format problems found by checkpatch.pl: ERROR: space required after that ',' (ctx:VxV) + fprintf(stderr,"%s attributes=0x%02x begin=%u size=%d\n", ^ ERROR: line over 90 characters + fprintf(stderr, "%d, %s (%u, %d)\n", i, commit->path ? commit->path : "(null)", commit->param.rename.cluster, commit->action); Reported-by: Euler Robot Signed-off-by: Alex Chen Message-Id: <5FA12620.6030705@huawei.com> Signed-off-by: Kevin Wolf (cherry-picked from commit c9eb2f3e38) --- block/vvfat.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/block/vvfat.c b/block/vvfat.c index f6c28805dd..5dc8d6eb4c 100644 --- a/block/vvfat.c +++ b/block/vvfat.c @@ -1453,7 +1453,7 @@ static void print_direntry(const direntry_t* direntry) for(i=0;i<11;i++) ADD_CHAR(direntry->name[i]); buffer[j] = 0; - fprintf(stderr,"%s attributes=0x%02x begin=%d size=%d\n", + fprintf(stderr, "%s attributes=0x%02x begin=%u size=%u\n", buffer, direntry->attributes, begin_of_direntry(direntry),le32_to_cpu(direntry->size)); @@ -1462,7 +1462,7 @@ static void print_direntry(const direntry_t* direntry) static void print_mapping(const mapping_t* mapping) { - fprintf(stderr, "mapping (%p): begin, end = %d, %d, dir_index = %d, " + fprintf(stderr, "mapping (%p): begin, end = %u, %u, dir_index = %u, " "first_mapping_index = %d, name = %s, mode = 0x%x, " , mapping, mapping->begin, mapping->end, mapping->dir_index, mapping->first_mapping_index, mapping->path, mapping->mode); @@ -1470,7 +1470,7 @@ static void print_mapping(const mapping_t* mapping) if (mapping->mode & MODE_DIRECTORY) fprintf(stderr, "parent_mapping_index = %d, first_dir_index = %d\n", mapping->info.dir.parent_mapping_index, mapping->info.dir.first_dir_index); else - fprintf(stderr, "offset = %d\n", mapping->info.file.offset); + fprintf(stderr, "offset = %u\n", mapping->info.file.offset); } #endif @@ -1604,7 +1604,7 @@ typedef struct commit_t { static void clear_commits(BDRVVVFATState* s) { int i; -DLOG(fprintf(stderr, "clear_commits (%d commits)\n", s->commits.next)); +DLOG(fprintf(stderr, "clear_commits (%u commits)\n", s->commits.next)); for (i = 0; i < s->commits.next; i++) { commit_t* commit = array_get(&(s->commits), i); assert(commit->path || commit->action == ACTION_WRITEOUT); @@ -2660,7 +2660,9 @@ static int handle_renames_and_mkdirs(BDRVVVFATState* s) fprintf(stderr, "handle_renames\n"); for (i = 0; i < s->commits.next; i++) { commit_t* commit = array_get(&(s->commits), i); - fprintf(stderr, "%d, %s (%d, %d)\n", i, commit->path ? commit->path : "(null)", commit->param.rename.cluster, commit->action); + fprintf(stderr, "%d, %s (%u, %d)\n", i, + commit->path ? commit->path : "(null)", + commit->param.rename.cluster, commit->action); } #endif -- Gitee From b353d059bddf4b211c2560e7c123f874ed5c8cf6 Mon Sep 17 00:00:00 2001 From: AlexChen Date: Wed, 21 Oct 2020 17:12:52 +0800 Subject: [PATCH 6/8] block: Remove unused include The "qemu-common.h" include is not used, remove it. Reported-by: Euler Robot Signed-off-by: AlexChen Message-Id: <5F8FFB94.3030209@huawei.com> Signed-off-by: Max Reitz (cherry-picked from commit 3d86af858e) --- block/dmg-lzfse.c | 1 - 1 file changed, 1 deletion(-) diff --git a/block/dmg-lzfse.c b/block/dmg-lzfse.c index 19d25bc646..6798cf4fbf 100644 --- a/block/dmg-lzfse.c +++ b/block/dmg-lzfse.c @@ -22,7 +22,6 @@ * THE SOFTWARE. */ #include "qemu/osdep.h" -#include "qemu-common.h" #include "dmg.h" #include -- Gitee From 073457a45eaccd2beac3c94c53a449b8f683501e Mon Sep 17 00:00:00 2001 From: AlexChen Date: Wed, 4 Nov 2020 18:22:45 +0800 Subject: [PATCH 7/8] ssi: Fix bad printf format specifiers We should use printf format specifier "%u" instead of "%d" for argument of type "unsigned int". Reported-by: Euler Robot Signed-off-by: Alex Chen Reviewed-by: Alistair Francis Message-id: 5FA280F5.8060902@huawei.com Signed-off-by: Peter Maydell (cherry-picked from commit 9df0a97298) --- hw/ssi/imx_spi.c | 2 +- hw/ssi/xilinx_spi.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/hw/ssi/imx_spi.c b/hw/ssi/imx_spi.c index 5cec9b5d05..0b3052bdf9 100644 --- a/hw/ssi/imx_spi.c +++ b/hw/ssi/imx_spi.c @@ -52,7 +52,7 @@ static const char *imx_spi_reg_name(uint32_t reg) case ECSPI_MSGDATA: return "ECSPI_MSGDATA"; default: - sprintf(unknown, "%d ?", reg); + sprintf(unknown, "%u ?", reg); return unknown; } } diff --git a/hw/ssi/xilinx_spi.c b/hw/ssi/xilinx_spi.c index 1379cb164b..d2b69d027a 100644 --- a/hw/ssi/xilinx_spi.c +++ b/hw/ssi/xilinx_spi.c @@ -139,7 +139,7 @@ static void xlx_spi_update_irq(XilinxSPI *s) irq chain unless things really changed. */ if (pending != s->irqline) { s->irqline = pending; - DB_PRINT("irq_change of state %d ISR:%x IER:%X\n", + DB_PRINT("irq_change of state %u ISR:%x IER:%X\n", pending, s->regs[R_IPISR], s->regs[R_IPIER]); qemu_set_irq(s->irq, pending); } -- Gitee From cb6048ace290e770b0ec1a6011209192541d3e8a Mon Sep 17 00:00:00 2001 From: AlexChen Date: Fri, 30 Oct 2020 10:46:55 +0800 Subject: [PATCH 8/8] net/l2tpv3: Remove redundant check in net_init_l2tpv3() The result has been checked to be NULL before, it cannot be NULL here, so the check is redundant. Remove it. Reported-by: Euler Robot Signed-off-by: AlexChen Signed-off-by: Jason Wang (cherry-picked from commit d949fe64b0) --- net/l2tpv3.c | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/net/l2tpv3.c b/net/l2tpv3.c index 55fea17c0f..e4d4218db6 100644 --- a/net/l2tpv3.c +++ b/net/l2tpv3.c @@ -655,9 +655,8 @@ int net_init_l2tpv3(const Netdev *netdev, error_setg(errp, "could not bind socket err=%i", errno); goto outerr; } - if (result) { - freeaddrinfo(result); - } + + freeaddrinfo(result); memset(&hints, 0, sizeof(hints)); @@ -686,9 +685,7 @@ int net_init_l2tpv3(const Netdev *netdev, memcpy(s->dgram_dst, result->ai_addr, result->ai_addrlen); s->dst_size = result->ai_addrlen; - if (result) { - freeaddrinfo(result); - } + freeaddrinfo(result); if (l2tpv3->has_counter && l2tpv3->counter) { s->has_counter = true; -- Gitee