A memory leak bug in function mips64_jit_tcb_translate #288
Description
Hi,
We found a memory leak bug in function mips64_jit_tcb_translate, but currently have no idea how to fix it.
The function tc_alloc will create and return a TC descriptor to its caller function.
In function mips64_jit_tcb_translate, the pointer tc allocated at line 7 is not freed before the function returns NULL at line 307 and line 316.
static cpu_tc_t *mips64_jit_tcb_translate(cpu_mips_t *cpu,cpu_tb_t *tb)
{
struct mips64_insn_tag *tag;
cpu_tc_t *tc;
/* The page is not shared, we have to compile it */
tc = tc_alloc(cpu->gen,tb->vaddr,tb->exec_state);
if (tc == NULL)
return NULL;
tc->target_code = tb->target_code;
tc->trans_pos = 0;
/* Emit native code for each instruction */
while(tc->trans_pos < MIPS_INSN_PER_PAGE)
{
if (unlikely(!(tag = mips64_jit_fetch_and_emit(cpu,tc,0)))) {
cpu_log(cpu->gen,"JIT",
"unable to fetch instruction (VA=0x%8.8llx,exec_state=%u).\n",
tb->vaddr,tb->exec_state);
return NULL; // tc not freed here
}
#if DEBUG_BLOCK_COMPILE
cpu_log(cpu->gen,"JIT","Page 0x%8.8llx: emitted tag 0x%8.8x/0x%8.8x\n",
tb->vaddr,tag->mask,tag->value);
#endif
if (mips64_jit_tcb_adjust_buffer(cpu,tc) == -1)
return NULL; // tc not freed here
}
mips64_jit_tcb_add_end(tc);
mips64_jit_tcb_apply_patches(cpu,tc);
tc_free_patches(tc);
tc->target_code = NULL;
return tc;
}We tried to add tc_free before the return statements, but we found tc_free is a static function. Could you please have a look at this bug?