diff --git a/qemu/target/arm/cpu.c b/qemu/target/arm/cpu.c
index 8e9f97db..31f98123 100644
--- a/qemu/target/arm/cpu.c
+++ b/qemu/target/arm/cpu.c
@@ -505,6 +505,20 @@ static inline void unset_feature(CPUARMState *env, int feature)
 
 #define ARM_CPUS_PER_CLUSTER 8
 
+static void cpreg_hashtable_data_destroy(gpointer data)
+{
+    /*
+     * Destroy function for cpu->cp_regs hashtable data entries.
+     * We must free the name string because it was g_strdup()ed in
+     * add_cpreg_to_hashtable(). It's OK to cast away the 'const'
+     * from r->name because we know we definitely allocated it.
+     */
+    ARMCPRegInfo *r = data;
+
+    g_free((void *)r->name);
+    g_free(r);
+}
+
 static void arm_cpu_initfn(struct uc_struct *uc, Object *obj, void *opaque)
 {
     CPUState *cs = CPU(obj);
@@ -514,7 +528,7 @@ static void arm_cpu_initfn(struct uc_struct *uc, Object *obj, void *opaque)
     cs->env_ptr = &cpu->env;
     cpu_exec_init(cs, &error_abort, opaque);
     cpu->cp_regs = g_hash_table_new_full(g_int_hash, g_int_equal,
-                                         g_free, g_free);
+                                         g_free, cpreg_hashtable_data_destroy);
 
     QLIST_INIT(&cpu->pre_el_change_hooks);
     QLIST_INIT(&cpu->el_change_hooks);