OvmfPkg/X86QemuLoadImageLib: plug cmdline blob leak on success

When QemuLoadKernelImage() ends successfully, the command-line blob is
not freed, even though it is not used elsewhere (its content is already
copied to KernelLoadedImage->LoadOptions).  The memory leak bug was
introduced in commit 7c47d89003a6 ("OvmfPkg: implement QEMU loader
library for X86 with legacy fallback", 2020-03-05).

Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Tobin Feldman-Fitzthum <tobin@linux.ibm.com>
Reported-by: Laszlo Ersek <lersek@redhat.com>
Fixes: 7c47d89003a6f8f7f6f0ce8ca7d3e87c630d14cc
Signed-off-by: Dov Murik <dovmurik@linux.ibm.com>
Message-Id: <20210628105110.379951-3-dovmurik@linux.ibm.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>

diff --git a/OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.c b/OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.c
index 1177582ab05134080b68a7d09cee475f5e754c90..6b1e7e64901474f6e0385b75860eef7a7aaa9d33 100644 (file)
--- a/OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.c
+++ b/OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.c
@@ -446,14 +446,16 @@ QemuLoadKernelImage (
   }\r
 \r
   *ImageHandle = KernelImageHandle;\r
-  return EFI_SUCCESS;\r
+  Status = EFI_SUCCESS;\r
 \r
 FreeCommandLine:\r
   if (CommandLineSize > 0) {\r
     FreePool (CommandLine);\r
   }\r
 UnloadImage:\r
-  gBS->UnloadImage (KernelImageHandle);\r
+  if (EFI_ERROR (Status)) {\r
+    gBS->UnloadImage (KernelImageHandle);\r
+  }\r
 \r
   return Status;\r
 }\r