1. 10 11月, 2015 35 次提交
  2. 09 11月, 2015 5 次提交
    • P
      hw/timer/hpet.c: Avoid signed integer overflow which results in bugs on OSX · d17008bc
      Peter Maydell 提交于
      Signed integer overflow in C is undefined behaviour, and the compiler
      is at liberty to assume it can never happen and optimize accordingly.
      In particular, the subtractions in hpet_time_after() and hpet_time_after64()
      were causing OSX clang to optimize the code such that it was prone to
      hangs and complaints about the main loop stalling (presumably because
      we were spending all our time trying to service very high frequency
      HPET timer callbacks). The clang sanitizer confirms the UB:
      
      hw/timer/hpet.c:119:26: runtime error: signed integer overflow: -2146967296 - 2147003978 cannot be represented in type 'int'
      
      Fix this by doing the subtraction as an unsigned operation and then
      converting to signed for the comparison.
      Reported-by: NAaron Elkins <threcius@yahoo.com>
      Cc: qemu-stable@nongnu.org
      Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
      Message-id: 1447080991-24995-1-git-send-email-peter.maydell@linaro.org
      d17008bc
    • E
      qapi: Simplify non-error testing in test-qmp-* · 3f66f764
      Eric Blake 提交于
      By using &error_abort, we can avoid a local err variable in
      situations where we expect success.  It also has the nice
      effect that if the test breaks, the error message from
      error_abort tends to be nicer than that of g_assert().
      
      This patch has an additional bonus of fixing several call sites that
      were passing &err to two different functions without checking it in
      between.  In general that is unsafe practice; because if the first
      function sets an error, the second function could abort() if it tries to
      set a different error. We got away with it because we were asserting
      that err was NULL through the entire chain, but switching to
      &error_abort avoids the questionable practice up front.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      Message-Id: <1446791754-23823-7-git-send-email-eblake@redhat.com>
      Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
      3f66f764
    • E
      qapi: Plug leaks in test-qmp-* · b18f1141
      Eric Blake 提交于
      Make valgrind happy with the current state of the tests, so that
      it is easier to see if future patches introduce new memory problems
      without being drowned in noise.  Many of the leaks were due to
      calling a second init without tearing down the data from an earlier
      visit.  But since teardown is already idempotent, and we already
      register teardown as part of input_visitor_test_add(), it is nicer
      to just make init() safe to call multiple times than it is to have
      to make all tests call teardown.
      
      Another common leak was forgetting to clean up an error object,
      after testing that an error was raised.
      
      Another leak was in test_visitor_in_struct_nested(), failing to
      clean the base member of UserDefTwo.  Cleaning that up left
      check_and_free_str() as dead code (since using the qapi_free_*
      takes care of recursion, and we don't want double frees).
      
      A final leak was in test_visitor_out_any(), which was reassigning
      the qobj local variable to a subset of the overall structure
      needing freeing; it did not result in a use-after-free, but
      was not cleaning up all the qdict.
      
      test-qmp-event and test-qmp-commands were already clean.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      Message-Id: <1446791754-23823-6-git-send-email-eblake@redhat.com>
      Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
      b18f1141
    • E
      qapi: Share test_init code in test-qmp-input* · 0920a171
      Eric Blake 提交于
      Rather than duplicate the body of two functions just to
      decide between qobject_from_jsonv() and qobject_from_json(),
      exploit the fact that qobject_from_jsonv() intentionally
      takes 'va_list *' instead of the more common 'va_list', and
      that qobject_from_json() just calls qobject_from_jsonv(,NULL).
      For each file, our two existing init functions then become
      thin wrappers around a new internal function, and future
      updates to initialization don't have to be duplicated.
      Suggested-by: NMarkus Armbruster <armbru@redhat.com>
      Signed-off-by: NEric Blake <eblake@redhat.com>
      Message-Id: <1446791754-23823-5-git-send-email-eblake@redhat.com>
      [Two old comment typos fixed]
      Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
      0920a171
    • E
      qobject: Protect against use-after-free in qobject_decref() · cc9f60d4
      Eric Blake 提交于
      Adding an assertion to qobject_decref() will ensure that a
      programming error causing use-after-free will result in
      immediate failure (provided no other thread has started
      using the memory) instead of silently attempting to wrap
      refcnt around and leaving the problem to potentially bite
      later at a harder point to diagnose.
      Suggested-by: NMarkus Armbruster <armbru@redhat.com>
      Signed-off-by: NEric Blake <eblake@redhat.com>
      Message-Id: <1446791754-23823-4-git-send-email-eblake@redhat.com>
      Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
      cc9f60d4