Commit 48ca224250 for qemu.org

commit 48ca224250444150f21cbded5745a0e36703b5e7
Author: Zheng Huang <hz1624917200@gmail.com>
Date:   Fri Mar 28 11:21:49 2025 +0800

    hw/scsi/lsi53c895a: fix memory leak in lsi_scsi_realize()

    Address a memory leak bug in the usages of timer_del().

    The issue arises from the incorrect use of the ambiguous timer API
    timer_del(), which does not free the timer object. The LeakSanitizer
    report this issue during fuzzing. The correct API timer_free() freed
    the timer object instead.

    =================================================================
    ==2586273==ERROR: LeakSanitizer: detected memory leaks

    Direct leak of 48 byte(s) in 1 object(s) allocated from:
        #0 0x55f2afd89879 in calloc /llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:75:3
        #1 0x7f443b93ac50 in g_malloc0 (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x5ec50)
        #2 0x55f2b053962e in timer_new include/qemu/timer.h:542:12
        #3 0x55f2b0514771 in timer_new_us include/qemu/timer.h:582:12
        #4 0x55f2b0514288 in lsi_scsi_realize hw/scsi/lsi53c895a.c:2350:24
        #5 0x55f2b0452d26 in pci_qdev_realize hw/pci/pci.c:2174:9

    Signed-off-by: Zheng Huang <hz1624917200@outlook.com>
    Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
    Message-ID: <73cd69f9-ff9b-4cd4-b8aa-265f9d6067b9@gmail.com>
    Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>

diff --git a/hw/scsi/lsi53c895a.c b/hw/scsi/lsi53c895a.c
index d85e384ad6..6689ebba25 100644
--- a/hw/scsi/lsi53c895a.c
+++ b/hw/scsi/lsi53c895a.c
@@ -2372,7 +2372,7 @@ static void lsi_scsi_exit(PCIDevice *dev)
     LSIState *s = LSI53C895A(dev);

     address_space_destroy(&s->pci_io_as);
-    timer_del(s->scripts_timer);
+    timer_free(s->scripts_timer);
 }

 static void lsi_class_init(ObjectClass *klass, void *data)