Snapshot use after free (#2125)

* memory snapshots fix use after free on flatview copy

When restoring a snapshot with memory the flatview must be restored
before the memory reagions are filtered. Because the
AddressSpaceDispatcher also has pointer to the MemoryRegions and on copy
they need to be cleared. The memory_filter_subregions function frees
MemoryRegions which are not used at the time of the snapshot.

* fix some memleaks in tests

These tests has forgott to call uc_close(uc), which lead to memory
leaks. Found by the LeakSanitizer.

* memory snapshots correct clean up container memory regions

* Fix further stackoverflow in tests

---------

Co-authored-by: mio <mio@lazym.io>

qemu/softmmu/memory.c

@@ -28,6 +28,7 @@
 
 void memory_region_transaction_begin(void);
 static void memory_region_transaction_commit(MemoryRegion *mr);
+static void memory_region_destructor_container(MemoryRegion *mr);
 
 typedef struct AddrRange AddrRange;
 
@@ -87,6 +88,7 @@ static void make_contained(struct uc_struct *uc, MemoryRegion *current)
     hwaddr addr = current->addr;
     MemoryRegion *container = g_new(MemoryRegion, 1);
     memory_region_init(uc, container, int128_get64(current->size));
+    container->destructor = memory_region_destructor_container;
     memory_region_del_subregion(uc->system_memory, current);
     memory_region_add_subregion_overlap(container, 0, current, current->priority);
     memory_region_add_subregion(uc->system_memory, addr, container);
@@ -1091,6 +1093,11 @@ static void memory_region_destructor_ram(MemoryRegion *mr)
     qemu_ram_free(mr->uc, mr->ram_block);
 }
 
+static void memory_region_destructor_container(MemoryRegion *mr)
+{
+    memory_region_filter_subregions(mr, 0);
+}
+
 void memory_region_init(struct uc_struct *uc,
                         MemoryRegion *mr,
                         uint64_t size)