From 112c37a6a6e4e0b607fd4514dffe402c69506cf8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Sun, 22 Mar 2020 17:12:19 +0100 Subject: [PATCH 1/2] ui/input-linux: Do not ignore ioctl() return value MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fix warnings reported by Clang static code analyzer: CC ui/input-linux.o ui/input-linux.c:343:9: warning: Value stored to 'rc' is never read rc = ioctl(il->fd, EVIOCGBIT(EV_REL, sizeof(relmap)), &relmap); ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ui/input-linux.c:351:9: warning: Value stored to 'rc' is never read rc = ioctl(il->fd, EVIOCGBIT(EV_ABS, sizeof(absmap)), &absmap); ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ui/input-linux.c:354:13: warning: Value stored to 'rc' is never read rc = ioctl(il->fd, EVIOCGABS(ABS_X), &absinfo); ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ui/input-linux.c:357:13: warning: Value stored to 'rc' is never read rc = ioctl(il->fd, EVIOCGABS(ABS_Y), &absinfo); ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ui/input-linux.c:365:9: warning: Value stored to 'rc' is never read rc = ioctl(il->fd, EVIOCGBIT(EV_KEY, sizeof(keymap)), keymap); ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ui/input-linux.c:366:9: warning: Value stored to 'rc' is never read rc = ioctl(il->fd, EVIOCGKEY(sizeof(keystate)), keystate); ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Reported-by: Clang Static Analyzer Signed-off-by: Philippe Mathieu-Daudé Reviewed-by: Darren Kenny Message-id: 20200322161219.17757-1-philmd@redhat.com Signed-off-by: Gerd Hoffmann --- ui/input-linux.c | 29 +++++++++++++++++++++++++++-- 1 file changed, 27 insertions(+), 2 deletions(-) diff --git a/ui/input-linux.c b/ui/input-linux.c index a7b280b25b..ef37b14d6f 100644 --- a/ui/input-linux.c +++ b/ui/input-linux.c @@ -334,13 +334,15 @@ static void input_linux_complete(UserCreatable *uc, Error **errp) rc = ioctl(il->fd, EVIOCGBIT(0, sizeof(evtmap)), &evtmap); if (rc < 0) { - error_setg(errp, "%s: failed to read event bits", il->evdev); - goto err_close; + goto err_read_event_bits; } if (evtmap & (1 << EV_REL)) { relmap = 0; rc = ioctl(il->fd, EVIOCGBIT(EV_REL, sizeof(relmap)), &relmap); + if (rc < 0) { + goto err_read_event_bits; + } if (relmap & (1 << REL_X)) { il->has_rel_x = true; } @@ -349,12 +351,25 @@ static void input_linux_complete(UserCreatable *uc, Error **errp) if (evtmap & (1 << EV_ABS)) { absmap = 0; rc = ioctl(il->fd, EVIOCGBIT(EV_ABS, sizeof(absmap)), &absmap); + if (rc < 0) { + goto err_read_event_bits; + } if (absmap & (1 << ABS_X)) { il->has_abs_x = true; rc = ioctl(il->fd, EVIOCGABS(ABS_X), &absinfo); + if (rc < 0) { + error_setg(errp, "%s: failed to get get absolute X value", + il->evdev); + goto err_close; + } il->abs_x_min = absinfo.minimum; il->abs_x_max = absinfo.maximum; rc = ioctl(il->fd, EVIOCGABS(ABS_Y), &absinfo); + if (rc < 0) { + error_setg(errp, "%s: failed to get get absolute Y value", + il->evdev); + goto err_close; + } il->abs_y_min = absinfo.minimum; il->abs_y_max = absinfo.maximum; } @@ -363,7 +378,14 @@ static void input_linux_complete(UserCreatable *uc, Error **errp) if (evtmap & (1 << EV_KEY)) { memset(keymap, 0, sizeof(keymap)); rc = ioctl(il->fd, EVIOCGBIT(EV_KEY, sizeof(keymap)), keymap); + if (rc < 0) { + goto err_read_event_bits; + } rc = ioctl(il->fd, EVIOCGKEY(sizeof(keystate)), keystate); + if (rc < 0) { + error_setg(errp, "%s: failed to get global key state", il->evdev); + goto err_close; + } for (i = 0; i < KEY_CNT; i++) { if (keymap[i / 8] & (1 << (i % 8))) { if (linux_is_button(i)) { @@ -390,6 +412,9 @@ static void input_linux_complete(UserCreatable *uc, Error **errp) il->initialized = true; return; +err_read_event_bits: + error_setg(errp, "%s: failed to read event bits", il->evdev); + err_close: close(il->fd); return; From 95fad99cb28e9970944b01fd7af452f6f9f37484 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Volker=20R=C3=BCmelin?= Date: Tue, 24 Mar 2020 07:18:55 +0100 Subject: [PATCH 2/2] hw/audio/fmopl: fix segmentation fault MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Current code allocates the memory for ENV_CURVE too late. Move allocation to OPLOpenTable() and deallocation to OPLCloseTable(). To reproduce the bug start qemu with -soundhw adlib. Fixes 2eea51bd01 "hw/audio/fmopl: Move ENV_CURVE to .heap to save 32KiB of .bss" Signed-off-by: Volker Rümelin Reviewed-by: Philippe Mathieu-Daudé Message-id: 20200324061855.5951-1-vr_qemu@t-online.de Signed-off-by: Gerd Hoffmann --- hw/audio/fmopl.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hw/audio/fmopl.c b/hw/audio/fmopl.c index 356d4dfbca..8a71a569fa 100644 --- a/hw/audio/fmopl.c +++ b/hw/audio/fmopl.c @@ -627,6 +627,7 @@ static int OPLOpenTable( void ) free(AMS_TABLE); return 0; } + ENV_CURVE = g_new(int32_t, 2 * EG_ENT + 1); /* make total level table */ for (t = 0;t < EG_ENT-1 ;t++){ rate = ((1< voltage */ @@ -694,6 +695,7 @@ static int OPLOpenTable( void ) static void OPLCloseTable( void ) { + g_free(ENV_CURVE); free(TL_TABLE); free(SIN_TABLE); free(AMS_TABLE); @@ -1090,7 +1092,6 @@ FM_OPL *OPLCreate(int clock, int rate) OPL->clock = clock; OPL->rate = rate; OPL->max_ch = max_ch; - ENV_CURVE = g_new(int32_t, 2 * EG_ENT + 1); /* init grobal tables */ OPL_initialize(OPL); /* reset chip */ @@ -1128,7 +1129,6 @@ void OPLDestroy(FM_OPL *OPL) #endif OPL_UnLockTable(); free(OPL); - g_free(ENV_CURVE); } /* ---------- Option handlers ---------- */