From 0a0a490c805fadc7191489277e77fbf9688b39ab Mon Sep 17 00:00:00 2001 From: jiangdongxu Date: Thu, 10 Feb 2022 21:32:37 +0800 Subject: [PATCH] bugfix: fix some illegal memory access and memory leak Signed-off-by: yuxiating Signed-off-by: jiangdongxu --- contrib/elf2dmp/main.c | 1 + hw/display/cirrus_vga.c | 2 +- util/range.c | 1 + 3 files changed, 3 insertions(+), 1 deletion(-) diff --git a/contrib/elf2dmp/main.c b/contrib/elf2dmp/main.c index 20b477d582..3f0d1eb709 100644 --- a/contrib/elf2dmp/main.c +++ b/contrib/elf2dmp/main.c @@ -125,6 +125,7 @@ static KDDEBUGGER_DATA64 *get_kdbg(uint64_t KernBase, struct pdb_reader *pdb, if (va_space_rw(vs, KdDebuggerDataBlock, kdbg, kdbg_hdr.Size, 0)) { eprintf("Failed to extract entire KDBG\n"); + free(kdbg); return NULL; } diff --git a/hw/display/cirrus_vga.c b/hw/display/cirrus_vga.c index fdca6ca659..c66ed801ef 100644 --- a/hw/display/cirrus_vga.c +++ b/hw/display/cirrus_vga.c @@ -834,7 +834,7 @@ static void cirrus_bitblt_cputovideo_next(CirrusVGAState * s) word alignment, so we keep them for the next line */ /* XXX: keep alignment to speed up transfer */ end_ptr = s->cirrus_bltbuf + s->cirrus_blt_srcpitch; - copy_count = s->cirrus_srcptr_end - end_ptr; + copy_count = MIN(s->cirrus_srcptr_end - end_ptr, CIRRUS_BLTBUFSIZE); memmove(s->cirrus_bltbuf, end_ptr, copy_count); s->cirrus_srcptr = s->cirrus_bltbuf + copy_count; s->cirrus_srcptr_end = s->cirrus_bltbuf + s->cirrus_blt_srcpitch; diff --git a/util/range.c b/util/range.c index 098d9d2dc0..83d1a6c302 100644 --- a/util/range.c +++ b/util/range.c @@ -65,6 +65,7 @@ GList *range_list_insert(GList *list, Range *data) range_extend(l->data, l->next->data); g_free(l->next->data); new_l = g_list_delete_link(list, l->next); + l->next = NULL; assert(new_l == list); } -- 2.27.0