target-ppc: Fix an invalid free in opcode table handling code.

Opcode table has direct, indirect and double indirect handlers, but
ppc_cpu_unrealizefn() frees direct handlers which are never allocated
and never frees double indirect handlers.

Signed-off-by: Bharata B Rao <bharata@linux.vnet.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
This commit is contained in:
Bharata B Rao 2014-09-26 14:37:38 +05:30 committed by Alexander Graf
parent 54ff58bb10
commit 81f194dd69

View File

@ -9132,11 +9132,24 @@ static void ppc_cpu_unrealizefn(DeviceState *dev, Error **errp)
{ {
PowerPCCPU *cpu = POWERPC_CPU(dev); PowerPCCPU *cpu = POWERPC_CPU(dev);
CPUPPCState *env = &cpu->env; CPUPPCState *env = &cpu->env;
int i; opc_handler_t **table;
int i, j;
for (i = 0; i < PPC_CPU_OPCODES_LEN; i++) { for (i = 0; i < PPC_CPU_OPCODES_LEN; i++) {
if (env->opcodes[i] != &invalid_handler) { if (env->opcodes[i] == &invalid_handler) {
g_free(env->opcodes[i]); continue;
}
if (is_indirect_opcode(env->opcodes[i])) {
table = ind_table(env->opcodes[i]);
for (j = 0; j < PPC_CPU_INDIRECT_OPCODES_LEN; j++) {
if (table[j] != &invalid_handler &&
is_indirect_opcode(table[j])) {
g_free((opc_handler_t *)((uintptr_t)table[j] &
~PPC_INDIRECT));
}
}
g_free((opc_handler_t *)((uintptr_t)env->opcodes[i] &
~PPC_INDIRECT));
} }
} }
} }