do not free MemoryRegion in memory_unmap() because it will be unref later in memory_region_unref(). this fixes issue #202

qemu/memory.c

@@ -49,6 +49,7 @@ void memory_unmap(struct uc_struct *uc, MemoryRegion *mr)
 {
     int i;
     target_ulong addr;
+
     // Make sure all pages associated with the MemoryRegion are flushed
     // Only need to do this if we are in a running state
     if (uc->current_cpu) {
@@ -67,8 +68,6 @@ void memory_unmap(struct uc_struct *uc, MemoryRegion *mr)
             break;
         }
     }
-
-    g_free(mr);
 }
 
 int memory_free(struct uc_struct *uc)

qemu/qom/object.c

@@ -697,7 +697,7 @@ void object_ref(Object *obj)
     if (!obj) {
         return;
     }
-     atomic_inc(&obj->ref);
+    atomic_inc(&obj->ref);
 }
 
 void object_unref(struct uc_struct *uc, Object *obj)

uc.c

@@ -793,6 +793,7 @@ uc_err uc_mem_unmap(struct uc_struct *uc, uint64_t address, size_t size)
         len = MIN(size - count, mr->end - addr);
         if (!split_region(uc, mr, addr, len, true))
             return UC_ERR_NOMEM;
+
         // if we can retrieve the mapping, then no splitting took place
         // so unmap here
         mr = memory_mapping(uc, addr);
@@ -801,6 +802,7 @@ uc_err uc_mem_unmap(struct uc_struct *uc, uint64_t address, size_t size)
         count += len;
         addr += len;
     }
+
     return UC_ERR_OK;
 }