[PATCH] hw/scsi/esp: fix assertion error in fifo8_push

ch issues earlier, avoiding crashes due to corrupted state. Signed-off-by: Zheng Huang --- hw/scsi/esp.c | 6 ++ 1 file changed, 6 insertions(+) diff --git a/hw/scsi/esp.c b/hw/scsi/esp.c index ac841dc32e..ba77017087 100644 --- a/hw/scsi/esp.c +++ b/hw/scsi/esp.c @@ -1350,11 +1350,17 @@ s

[PATCH] hw/net/e1000: fix stack-buffer-overflow in e1000_receive_iov

Over- DE: "\367\000\000\000"-"\367\000\000\000"-; base unit: 73073e74323b544b02c32575b90178286fdc5cf2 artifact_prefix='./'; Test unit written to ./crash-321d2d6e2808c22fc962819fcb073f126c51f179 Fuzzing e1000-82544gc exited with code 1 Signed-off-by: Zheng Huang ---

Re: [PATCH] hw/audio/cs4231a: fix assertion error in isa_bus_get_irq

Hi Philippe, On 2025/5/9 19:28, Philippe Mathieu-Daudé wrote: > Hi Zheng, > > On 9/5/25 13:15, Zheng Huang wrote: >> This patch fixes an assertion error in isa_bus_get_irq() in >> /hw/isa/isa-bus.c by adding a constraint to the irq property. > > Can you provide a

[PATCH v2] hw/audio/cs4231a: fix assertion error in isa_bus_get_irq

This patch fixes an assertion error in isa_bus_get_irq() in /hw/isa/isa-bus.c by adding a constraint to the irq property. Patch v1 misused ISA_NUM_IRQS, pls ignore that. Signed-off-by: Zheng Huang --- hw/audio/cs4231a.c | 4 1 file changed, 4 insertions(+) diff --git a/hw/audio/cs4231a.c

[PATCH] hw/audio/cs4231a: fix assertion error in isa_bus_get_irq

This patch fixes an assertion error in isa_bus_get_irq() in /hw/isa/isa-bus.c by adding a constraint to the irq property. Signed-off-by: Zheng Huang --- hw/audio/cs4231a.c | 4 1 file changed, 4 insertions(+) diff --git a/hw/audio/cs4231a.c b/hw/audio/cs4231a.c index 5a9be80ba3

[PATCH] hw/9pfs: add cleanup operation for 9p-synth

. Signed-off-by: Zheng Huang --- hw/9pfs/9p-synth.c | 28 1 file changed, 28 insertions(+) diff --git a/hw/9pfs/9p-synth.c b/hw/9pfs/9p-synth.c index 2abaf3a291..ead8b9e3be 100644 --- a/hw/9pfs/9p-synth.c +++ b/hw/9pfs/9p-synth.c @@ -24,6 +24,7 @@ #include "

[PATCH] hw/ufs: free irq on exit

Hi, This patch fixes a memory leak bug in `ufs_init_pci()`. `u->irq` is not freed in `ufs_exit()`. Signed-off-by: Zheng Huang --- hw/ufs/ufs.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/hw/ufs/ufs.c b/hw/ufs/ufs.c index 1ccd6f88b6..e80e065fea 100644 --- a/hw/ufs/ufs.c +++ b/hw/

[PATCH] hw/sd/sdhci: free irq on exit

Hi, This patch fixes a memory leak bug in `sdhci_pci_realize()`. `s->irq` is not freed in `sdhci_pci_exit()`. Signed-off-by: Zheng Huang --- hw/sd/sdhci-pci.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hw/sd/sdhci-pci.c b/hw/sd/sdhci-pci.c index 5268c0dee5..f5296d58ca 100644 --

[PATCH] hw/net/rocker: fix assertion error while hotunplugging

r_unuse(PCIDevice *dev, unsigned vector) >{ >assert(vector < dev->msix_entries_nr); >if (!dev->msix_entry_used[vector]) { >// ... > msix_clr_pending(dev, vector); >} Signed-off-by: Zheng Huang --- hw/net/rocker/rocker.c | 2 +- 1 file changed, 1 inserti

[PATCH] hw/scsi/lsi53c895a: fix memory leak in lsi_scsi_realize()

:582:12 #4 0x55f2b0514288 in lsi_scsi_realize /root/qemu/build-fuzz/../hw/scsi/lsi53c895a.c:2350:24 #5 0x55f2b0452d26 in pci_qdev_realize /root/qemu/build-fuzz/../hw/pci/pci.c:2174:9 Signed-off-by: Zheng Huang --- hw/scsi/lsi53c895a.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion

Re: Re: [PATCH] hw/net/e1000: fix memory leak in timer_del()

Hello Prasad, 在 2025/3/27 20:40, Prasad Pandit wrote: >> @@ -360,13 +360,13 @@ e1000e_intrmgr_fire_all_timers(E1000ECore *core) >> int i; >> >> if (core->itr.running) { >> -timer_del(core->itr.timer); >> +timer_free(core->itr.timer); >> e1000e_intrmgr_on_throttli

[PATCH] hw/net/e1000: fix memory leak in timer_del()

object instead. In addition, I'd like to ask for a way to fix all 100+ wrong usages. In my opinion, the best way to fix this is to hide to `timer_del()` API and eliminate all usages of it. ps: Sorry for the mistake in subject of the previous mail. Signed-off-by: Zheng Huang --- hw/net/e1

[PATCH] hw/net/virtio-net: fix memory leak in timer_del()

object instead. In addition, I'd like to ask for a way to fix all 100+ wrong usages. In my opinion, the best way to fix this is to hide to `timer_del()` API and eliminate all usages of it. Signed-off-by: Zheng Huang --- hw/net/e1000.c | 6 +++--- hw/net/e1000e_core.c | 8 2

[PATCH] hw/net/virtio-net: fix memory leak in timer_del()

object instead. Also I'd like to ask for a way to fix all 100+ wrong usages. In my opinion, the best way to fix this is to hide to `timer_del()` API and eliminate all usages of it. Signed-off-by: Zheng Huang --- hw/net/virtio-net.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)

[PATCH] hw/timer/hpet: fix memory leak in hpet_del_timer()

introduced 4 years ago, but the usage in isue dates back 12 years, which led to this problem. Also I'd like to ask for a way to fix all 100+ wrong usages. In my opinion, the best way to fix this is to hide to `timer_del()` API and eliminate all usages of it. Signed-off-by: Zheng Huang --- hw/

Re: [PATCH] virtio-pci: fix memory leak from device realization failure

Hi Philippe, On 2025/2/28 17:24, Philippe Mathieu-Daudé wrote: > Hi Zheng, > > On 28/2/25 06:03, Zheng Huang wrote: >> This commit adds failback routine for `virtio_pci_realize` to >> fix the memory leak of an address space and the virtio-net device object. >> If th

Re: [PATCH] virtio-pci: fix memory leak from device realization failure

Hi Philippe, On 2025/2/28 17:24, Philippe Mathieu-Daudé wrote: > Hi Zheng, > > On 28/2/25 06:03, Zheng Huang wrote: >> This commit adds failback routine for `virtio_pci_realize` to >> fix the memory leak of an address space and the virtio-net device object. >> If th

[PATCH] virtio-pci: fix memory leak from device realization failure

: Zheng Huang --- hw/virtio/virtio-pci.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c index c773a9130c..4b0d8cd90a 100644 --- a/hw/virtio/virtio-pci.c +++ b/hw/virtio/virtio-pci.c @@ -2266,6 +2266,9 @@ static void virtio_pci_realize