[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[xen stable-4.16] tools/libs/guest: assist gcc13's realloc analyzer

commit de80f09e7dc76bf4760aec413e804888f153bd48
Author:     Olaf Hering <olaf@xxxxxxxxx>
AuthorDate: Tue May 23 15:01:53 2023 +0200
Commit:     Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Tue May 23 15:01:53 2023 +0200

    tools/libs/guest: assist gcc13's realloc analyzer
    
    gcc13 fails to track the allocated memory in backup_ptes:
    
    xg_offline_page.c: In function 'backup_ptes':
    xg_offline_page.c:191:13: error: pointer 'orig' may be used after 'realloc' 
[-Werror=use-after-free]
      191 |             free(orig);
    
    Assist the analyzer by slightly rearranging the code:
    In case realloc succeeds, the previous allocation is either extended
    or released internally. In case realloc fails, the previous allocation
    is left unchanged. Return an error in this case, the caller will
    release the currently allocated memory in its error path.
    
    http://bugzilla.suse.com/show_bug.cgi?id=1210570
    
    Signed-off-by: Olaf Hering <olaf@xxxxxxxxx>
    Reviewed-by: Juergen Gross <jgross@xxxxxxxx>
    Compile-tested-by: Jason Andryuk <jandryuk@xxxxxxxxx>
    Acked-by: Jan Beulich <jbeulich@xxxxxxxx>
    master commit: 99a9c3d7141063ae3f357892c6181cfa3be8a280
    master date: 2023-05-03 15:06:41 +0200
---
 tools/libs/guest/xg_offline_page.c | 16 ++++++----------
 1 file changed, 6 insertions(+), 10 deletions(-)

diff --git a/tools/libs/guest/xg_offline_page.c 
b/tools/libs/guest/xg_offline_page.c
index c42b973363..43bbb5c051 100644
--- a/tools/libs/guest/xg_offline_page.c
+++ b/tools/libs/guest/xg_offline_page.c
@@ -181,18 +181,14 @@ static int backup_ptes(xen_pfn_t table_mfn, int offset,
 
     if (backup->max == backup->cur)
     {
-        void *orig = backup->entries;
+        void *entries = realloc(backup->entries, backup->max * 2 *
+                                sizeof(struct pte_backup_entry));
 
-        backup->entries = realloc(
-            orig, backup->max * 2 * sizeof(struct pte_backup_entry));
-
-        if (backup->entries == NULL)
-        {
-            free(orig);
+        if (entries == NULL)
             return -1;
-        }
-        else
-            backup->max *= 2;
+
+        backup->entries = entries;
+        backup->max *= 2;
     }
 
     backup->entries[backup->cur].table_mfn = table_mfn;
--
generated by git-patchbot for /home/xen/git/xen.git#stable-4.16

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.