849f452f3d
- block: Parse filenames only when explicitly requested (CVE-2024-4467) - iotests/270: Don't store data-file with json: prefix in image (CVE-2024-4467) - iotests/244: Don't store data-file with protocol in image (CVE-2024-4467) - qcow2: Don't open data_file with BDRV_O_NO_IO (CVE-2024-4467) - migration/dirtyrate: Fix segmentation fault - target/hexagon: idef-parser fix leak of init_list Signed-off-by: Jiabo Feng <fengjiabo1@huawei.com>
51 lines
2.0 KiB
Diff
51 lines
2.0 KiB
Diff
From c36b2fb64446013ce8ded7f6bca5787795a17de1 Mon Sep 17 00:00:00 2001
|
|
From: qihao <qihao_yewu@cmss.chinamobile.com>
|
|
Date: Thu, 13 Jun 2024 10:31:49 +0800
|
|
Subject: [PATCH] target/hexagon: idef-parser fix leak of init_list cheery-pick
|
|
from 95408ad8e24c4364086f185285039e89927dad6c
|
|
|
|
gen_inst_init_args() is called for instructions using a predicate as an
|
|
rvalue. Upon first call, the list of arguments which might need
|
|
initialization init_list is freed to indicate that they have been
|
|
processed. For instructions without an rvalue predicate,
|
|
gen_inst_init_args() isn't called and init_list will never be freed.
|
|
|
|
Free init_list from free_instruction() if it hasn't already been freed.
|
|
A comment in free_instruction is also updated.
|
|
|
|
Signed-off-by: Anton Johansson <anjo@rev.ng>
|
|
Reviewed-by: Taylor Simpson <ltaylorsimpson@gmail.com>
|
|
Reviewed-by: Brian Cain <bcain@quicinc.com>
|
|
Message-Id: <20240523125901.27797-4-anjo@rev.ng>
|
|
Signed-off-by: Brian Cain <bcain@quicinc.com>
|
|
Signed-off-by: qihao_yewu <qihao_yewu@cmss.chinamobile.com>
|
|
---
|
|
target/hexagon/idef-parser/parser-helpers.c | 9 ++++++++-
|
|
1 file changed, 8 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/target/hexagon/idef-parser/parser-helpers.c b/target/hexagon/idef-parser/parser-helpers.c
|
|
index 4af020933a..a83099de6b 100644
|
|
--- a/target/hexagon/idef-parser/parser-helpers.c
|
|
+++ b/target/hexagon/idef-parser/parser-helpers.c
|
|
@@ -2123,9 +2123,16 @@ void free_instruction(Context *c)
|
|
g_string_free(g_array_index(c->inst.strings, GString*, i), TRUE);
|
|
}
|
|
g_array_free(c->inst.strings, TRUE);
|
|
+ /*
|
|
+ * Free list of arguments that might need initialization, if they haven't
|
|
+ * already been freed.
|
|
+ */
|
|
+ if (c->inst.init_list) {
|
|
+ g_array_free(c->inst.init_list, TRUE);
|
|
+ }
|
|
/* Free INAME token value */
|
|
g_string_free(c->inst.name, TRUE);
|
|
- /* Free variables and registers */
|
|
+ /* Free declared TCGv variables */
|
|
g_array_free(c->inst.allocated, TRUE);
|
|
/* Initialize instruction-specific portion of the context */
|
|
memset(&(c->inst), 0, sizeof(Inst));
|
|
--
|
|
2.41.0.windows.1
|
|
|