| Message ID | 20200401094759.5835-6-alex.bennee@linaro.org |
|---|---|
| State | Superseded |
| Headers | show |
| Series | A selection of sanitiser fixes | expand |
On Wed, Apr 1, 2020 at 2:48 AM Alex Bennée <alex.bennee@linaro.org> wrote: > > Dynamically allocating a new structure within the DisasContext can > potentially leak as we can longjmp out of the translation loop (see > test_phys_mem). The proper fix would be to use static allocation > within the DisasContext but as the Xtensa translator imports it's code > from elsewhere I leave that as an exercise for the maintainer. > > Signed-off-by: Alex Bennée <alex.bennee@linaro.org> > Cc: Max Filippov <jcmvbkbc@gmail.com> > --- > target/xtensa/translate.c | 5 +++++ > 1 file changed, 5 insertions(+) Acked-by: Max Filippov <jcmvbkbc@gmail.com> -- Thanks. -- Max
diff --git a/target/xtensa/translate.c b/target/xtensa/translate.c index 8aa972cafdf..37f65b1f030 100644 --- a/target/xtensa/translate.c +++ b/target/xtensa/translate.c @@ -1174,6 +1174,11 @@ static void xtensa_tr_init_disas_context(DisasContextBase *dcbase, dc->callinc = ((tb_flags & XTENSA_TBFLAG_CALLINC_MASK) >> XTENSA_TBFLAG_CALLINC_SHIFT); + /* + * FIXME: This will leak when a failed instruction load or similar + * event causes us to longjump out of the translation loop and + * hence not clean-up in xtensa_tr_tb_stop + */ if (dc->config->isa) { dc->insnbuf = xtensa_insnbuf_alloc(dc->config->isa); dc->slotbuf = xtensa_insnbuf_alloc(dc->config->isa);
Dynamically allocating a new structure within the DisasContext can potentially leak as we can longjmp out of the translation loop (see test_phys_mem). The proper fix would be to use static allocation within the DisasContext but as the Xtensa translator imports it's code from elsewhere I leave that as an exercise for the maintainer. Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Cc: Max Filippov <jcmvbkbc@gmail.com> --- target/xtensa/translate.c | 5 +++++ 1 file changed, 5 insertions(+) -- 2.20.1