[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [xen stable-4.16] libs/guest: Fix leak on realloc failure in backup_ptes()
commit 25d103f2eb59f021cce61f07a0bf0bfa696b4416 Author: Edwin Török <edwin.torok@xxxxxxxxx> AuthorDate: Fri Mar 3 08:17:23 2023 +0100 Commit: Jan Beulich <jbeulich@xxxxxxxx> CommitDate: Fri Mar 3 08:17:23 2023 +0100 libs/guest: Fix leak on realloc failure in backup_ptes() From `man 2 realloc`: If realloc() fails, the original block is left untouched; it is not freed or moved. Found using GCC -fanalyzer: | 184 | backup->entries = realloc(backup->entries, | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | | | | | (91) when â??reallocâ?? fails | | | (92) â??old_ptes.entriesâ?? leaks here; was allocated at (44) | | (90) ...to here Signed-off-by: Edwin Török <edwin.torok@xxxxxxxxx> Acked-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> master commit: 275d13184cfa52ebe4336ed66526ce93716adbe0 master date: 2023-02-27 15:51:23 +0000 --- tools/libs/guest/xg_offline_page.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/tools/libs/guest/xg_offline_page.c b/tools/libs/guest/xg_offline_page.c index cfe0e2d537..c42b973363 100644 --- a/tools/libs/guest/xg_offline_page.c +++ b/tools/libs/guest/xg_offline_page.c @@ -181,10 +181,16 @@ static int backup_ptes(xen_pfn_t table_mfn, int offset, if (backup->max == backup->cur) { - backup->entries = realloc(backup->entries, - backup->max * 2 * sizeof(struct pte_backup_entry)); + void *orig = backup->entries; + + backup->entries = realloc( + orig, backup->max * 2 * sizeof(struct pte_backup_entry)); + if (backup->entries == NULL) + { + free(orig); return -1; + } else backup->max *= 2; } -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |