From 89d94c040453d6dd80e116f3c87d87a808745211 Mon Sep 17 00:00:00 2001
From: Matheus Tavares Bernardino <quic_mathbern@quicinc.com>
Date: Wed, 18 Sep 2024 12:43:34 -0300
Subject: [PATCH] hw: fix memory leak in IRQState allocation

At e72a7f65c1 (hw: Move declaration of IRQState to header and add init
function, 2024-06-29), we've changed qemu_allocate_irq() to use a
combination of g_new() + object_initialize() instead of
IRQ(object_new()). The latter sets obj->free, so that that the memory is
properly cleaned when the object is finalized, but the former doesn't.

Fixes: e72a7f65c1 (hw: Move declaration of IRQState to header and add init function)
Signed-off-by: Matheus Tavares Bernardino <quic_mathbern@quicinc.com>
Reviewed-by: BALATON Zoltan <balaton@eik.bme.hu>
Reviewed-by: Brian Cain <bcain@quicinc.com>
Message-id: 1723deb603afec3fa69a75970cef9aac62d57d62.1726674185.git.quic_mathbern@quicinc.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/core/irq.c | 19 +++++++++++--------
 1 file changed, 11 insertions(+), 8 deletions(-)

diff --git a/hw/core/irq.c b/hw/core/irq.c
index db95ffc18f..7d5b0038c1 100644
--- a/hw/core/irq.c
+++ b/hw/core/irq.c
@@ -34,15 +34,21 @@ void qemu_set_irq(qemu_irq irq, int level)
     irq->handler(irq->opaque, irq->n, level);
 }
 
-void qemu_init_irq(IRQState *irq, qemu_irq_handler handler, void *opaque,
-                   int n)
+static void init_irq_fields(IRQState *irq, qemu_irq_handler handler,
+                            void *opaque, int n)
 {
-    object_initialize(irq, sizeof(*irq), TYPE_IRQ);
     irq->handler = handler;
     irq->opaque = opaque;
     irq->n = n;
 }
 
+void qemu_init_irq(IRQState *irq, qemu_irq_handler handler, void *opaque,
+                   int n)
+{
+    object_initialize(irq, sizeof(*irq), TYPE_IRQ);
+    init_irq_fields(irq, handler, opaque, n);
+}
+
 qemu_irq *qemu_extend_irqs(qemu_irq *old, int n_old, qemu_irq_handler handler,
                            void *opaque, int n)
 {
@@ -66,11 +72,8 @@ qemu_irq *qemu_allocate_irqs(qemu_irq_handler handler, void *opaque, int n)
 
 qemu_irq qemu_allocate_irq(qemu_irq_handler handler, void *opaque, int n)
 {
-    IRQState *irq;
-
-    irq = g_new(IRQState, 1);
-    qemu_init_irq(irq, handler, opaque, n);
-
+    IRQState *irq = IRQ(object_new(TYPE_IRQ));
+    init_irq_fields(irq, handler, opaque, n);
     return irq;
 }
 
-- 
2.30.2