From nobody Wed Jul 16 12:36:00 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1486251485452332.36702126818227; Sat, 4 Feb 2017 15:38:05 -0800 (PST) Received: from localhost ([::1]:41221 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ca9u8-0002VH-9g for importer@patchew.org; Sat, 04 Feb 2017 18:38:04 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:40799) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ca9qN-0000Dx-Ui for qemu-devel@nongnu.org; Sat, 04 Feb 2017 18:34:14 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ca9qI-0000xK-Im for qemu-devel@nongnu.org; Sat, 04 Feb 2017 18:34:11 -0500 Received: from orth.archaic.org.uk ([2001:8b0:1d0::2]:48428) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1ca9qI-0000ww-BP for qemu-devel@nongnu.org; Sat, 04 Feb 2017 18:34:06 -0500 Received: from mnementh.archaic.org.uk ([81.2.115.146]) by orth.archaic.org.uk with esmtp (Exim 4.84_2) (envelope-from ) id 1ca9Rb-0003Uv-CX; Sat, 04 Feb 2017 23:08:35 +0000 Received: from pm215 by mnementh.archaic.org.uk with local (Exim 4.84_2) (envelope-from ) id 1ca9Rb-0001Rh-BS; Sat, 04 Feb 2017 23:08:35 +0000 From: Peter Maydell To: qemu-devel@nongnu.org Date: Sat, 4 Feb 2017 23:08:34 +0000 Message-Id: <1486249715-5513-3-git-send-email-peter.maydell@linaro.org> X-Mailer: git-send-email 2.1.4 In-Reply-To: <1486249715-5513-1-git-send-email-peter.maydell@linaro.org> References: <1486249715-5513-1-git-send-email-peter.maydell@linaro.org> X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:8b0:1d0::2 Subject: [Qemu-devel] [PATCH 2/3] slirp: Convert mbufs to use g_malloc() and g_free() X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Samuel Thibault , Jan Kiszka , patches@linaro.org Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" The mbuf code currently doesn't check the result of doing a malloc() or realloc() of its data (spotted by Coverity, CID 1238946). Since the m_inc() API assumes that extending an mbuf must succeed, just convert to g_malloc() and g_free(). Signed-off-by: Peter Maydell Reviewed-by: Philippe Mathieu-Daud=C3=A9 --- slirp/mbuf.c | 30 ++++++++++++++---------------- 1 file changed, 14 insertions(+), 16 deletions(-) diff --git a/slirp/mbuf.c b/slirp/mbuf.c index 7eddc21..5ff2455 100644 --- a/slirp/mbuf.c +++ b/slirp/mbuf.c @@ -10,7 +10,7 @@ * FreeBSD. They are fixed size, determined by the MTU, * so that one whole packet can fit. Mbuf's cannot be * chained together. If there's more data than the mbuf - * could hold, an external malloced buffer is pointed to + * could hold, an external g_malloced buffer is pointed to * by m_ext (and the data pointers) and M_EXT is set in * the flags */ @@ -41,26 +41,26 @@ void m_cleanup(Slirp *slirp) while ((struct quehead *) m !=3D &slirp->m_usedlist) { next =3D m->m_next; if (m->m_flags & M_EXT) { - free(m->m_ext); + g_free(m->m_ext); } - free(m); + g_free(m); m =3D next; } m =3D (struct mbuf *) slirp->m_freelist.qh_link; while ((struct quehead *) m !=3D &slirp->m_freelist) { next =3D m->m_next; - free(m); + g_free(m); m =3D next; } } =20 /* * Get an mbuf from the free list, if there are none - * malloc one + * allocate one * * Because fragmentation can occur if we alloc new mbufs and * free old mbufs, we mark all mbufs above mbuf_thresh as M_DOFREE, - * which tells m_free to actually free() it + * which tells m_free to actually g_free() it */ struct mbuf * m_get(Slirp *slirp) @@ -71,8 +71,7 @@ m_get(Slirp *slirp) DEBUG_CALL("m_get"); =20 if (slirp->m_freelist.qh_link =3D=3D &slirp->m_freelist) { - m =3D (struct mbuf *)malloc(SLIRP_MSIZE); - if (m =3D=3D NULL) goto end_error; + m =3D g_malloc(SLIRP_MSIZE); slirp->mbuf_alloced++; if (slirp->mbuf_alloced > MBUF_THRESH) flags =3D M_DOFREE; @@ -94,7 +93,6 @@ m_get(Slirp *slirp) m->m_prevpkt =3D NULL; m->resolution_requested =3D false; m->expiration_date =3D (uint64_t)-1; -end_error: DEBUG_ARG("m =3D %p", m); return m; } @@ -112,15 +110,15 @@ m_free(struct mbuf *m) remque(m); =20 /* If it's M_EXT, free() it */ - if (m->m_flags & M_EXT) - free(m->m_ext); - + if (m->m_flags & M_EXT) { + g_free(m->m_ext); + } /* * Either free() it or put it on the free list */ if (m->m_flags & M_DOFREE) { m->slirp->mbuf_alloced--; - free(m); + g_free(m); } else if ((m->m_flags & M_FREELIST) =3D=3D 0) { insque(m,&m->slirp->m_freelist); m->m_flags =3D M_FREELIST; /* Clobber other flags */ @@ -130,7 +128,7 @@ m_free(struct mbuf *m) =20 /* * Copy data from one mbuf to the end of - * the other.. if result is too big for one mbuf, malloc() + * the other.. if result is too big for one mbuf, allocate * an M_EXT data segment */ void @@ -160,12 +158,12 @@ m_inc(struct mbuf *m, int size) =20 if (m->m_flags & M_EXT) { datasize =3D m->m_data - m->m_ext; - m->m_ext =3D (char *)realloc(m->m_ext,size); + m->m_ext =3D g_realloc(m->m_ext, size); m->m_data =3D m->m_ext + datasize; } else { char *dat; datasize =3D m->m_data - m->m_dat; - dat =3D (char *)malloc(size); + dat =3D g_malloc(size); memcpy(dat, m->m_dat, m->m_size); =20 m->m_ext =3D dat; --=20 2.1.4